Right of ‘Informational Privacy’ Upheld In NJ
By Mary Pat Gallagher
In a case of first impression under New Jersey law, an appeals court has held that Internet subscribers have a reasonable expectation of privacy, allowing a challenge to a subpoena that led to an indictment for computer-related theft.
The ruling, handed down on Jan. 22, is grounded on the New Jersey Constitution’s implied right of privacy and on precedents the court termed “highly protective” of that right, even as to data in third parties’ hands.
The court, in State v. Reid, A-3424-05 (available at www.judiciary.state.nj.us/opinions/a3424-05.pdf), upheld a trial judge’s suppression of information subpoenaed from Comcast Corp. that allowed police to identify and arrest Shirley Reid for allegedly accessing her employer’s computer system and im-properly altering information.
The ruling was part of the growing body of New Jersey case law recognizing a right to what the panel termed “informational privacy,” which the court defined as “the ability to control the acquisition or release of information about oneself” or “to control the terms under which personal information is acquired, disclosed, and used.”
The right encompasses “any information, no matter how trivial, that can be traced or linked to an identifiable individual,” including “assigned information” such as name, address and Social Security Number and “generated information” such as financial or credit card records, medical records and phone logs, wrote Appellate Division Judge Harvey Weissbard, joined by Howard Kestin and Ronald Graves.
Reid, “by her use of an anonymous ISP address … or ‘screen name’ … manifested an intention to keep her identity publicly anonymous” said the court.
Earlier New Jersey courts had recognized a privacy interest in bank records, long distance telephone records and electrical usage records, all of which “reveal much about the personal affairs of the account holder, entitling those records to protection from unfettered government intrusion,” said Weissbard.
Weissbard took note that the federal courts do not recognize a right to privacy for Internet subscriber information under the U.S. Constitution’s Fourth Amendment.
There was no New Jersey case directly on point but the panel distinguished a 2003 state Supreme Court ruling that touched on the issue, State v. Evers, 175 N.J. 355.
The Evers Court declined to protect information held by VA-based America Online concerning the Internet account of a New Jersey resident being sought by California law enforcement.
While acknowledging that Evers could be read to deny a right to privacy, the Reid court distinguished Evers because the identifying information there was sought by out-of-state authorities, beyond the power of New Jersey courts.
Facts of Reid
On Aug. 27, 2004, Timothy Wilson, the owner of Jersey Diesel, walked into the Lower Township police station, complaining that someone had altered a password for suppliers on the company’s computer system and changed the shipping address to a nonexistent location.
He suspected Reid, who had been out on disability and quarreled with him right before about being placed on light duty. In addition, Reid was the only one who knew the company password and ID, Wilson told the police.
Wilson learned that the changes were made by someone with a Comcast Internet provider address, but Comcast refused to release information without a subpoena.
Ten days later, on Sept. 7, at the request of the police, municipal court administrator Elizabeth Byrne faxed Comcast a subpoena commanding the company to come to the police department that same day with any and all information it had about IP address 18.104.22.168 on the morning of Aug. 24, 2004.
On Sept. 16, Comcast provided information that implicated Reid, who was subsequently arrested and indicted under N.J.S.A. 2C:20-25b, which makes it a second-degree crime to alter or destroy computerized data without authorization.
Cape May Superior Court Judge Carmen Alvarez granted Reid’s motion to suppress, finding she had a reasonable expectation of privacy in her Comcast subscriber information and that the subpoena was “unauthorized in its entirety.”
The appeals court said the subpoena was invalid for several reasons, but Reid would not have been able to challenge it unless she had a privacy interest in maintaining her online anonymity.
The court found multiple flaws. The subpoena was not issued in connection with any judicial proceeding, and there was no grand jury or other body in session on the return date before which the subpoena was returnable. Also, the municipal court had no jurisdiction over the indictable offense alleged against Reid, said the court.
Keeping NJ in Forefront
Privacy expert Grayson Barber, a Princeton solo practitioner, calls the decision “terrific” and consistent with the 1967 U.S. Supreme Court case of Katz v. U.S., 389 U.S. 347, a wiretapping case where a person making a telephone call from a telephone booth on the streets of Los Angeles was found to have a reasonable expectation of privacy.
The Reid ruling once again places New Jersey on the leading edge of guarding Internet anonymity.
A 2001 appeals court ruling, Dendrite International v. Doe, 342 N.J. Super. 134, set out procedural protections for anonymous Internet posters.
Dendrite International was suing for defamation and other claims over alleged harm caused by postings on a Yahoo! Finance bulletin board that criticized it.
The court held that before Dendrite could subpoena information about the posters, it had to make out a prima facie case, which would then be weighed against the First Amendment right to speak anonymously. The company also had to try to give prior notice of the subpoena and an opportunity to oppose it.
Mary Pat Gallagher writes for Internet Law & Strategy’s ALM affiliate, the New Jersey Law Journal.