plaintiffs cannot use hacked data to build their case against the extramarital cheating site Ashley Madison and its parent company, Avid Life Media. The ruling comes roughly three weeks after U.S. District Judge John A. Ross found plaintiffs must proceed under their own names, that they will not be able to use pseudonyms.
Last summer's hack of Ashley Madison data produced a flurry of federal lawsuits, including several brought by Birmingham law firm Heninger Garrison Davis. The class-action complaints have been consolidated at U.S. District Court in St. Louis, with Ross (who was nominated to the bench by President Barack Obama in 2010) overseeing the case.
So far, Ross has ruled in Ashley Madison's favor on a couple of key issues. Writes Kristen V. Brown, a reporter at Fusion:
A Missouri judge is making it very hard to sue Ashley Madison over last year’s massive data breach. First, the U.S. district court judge ruled that breach victims couldn’t sue the company anonymously, meaning that their names will go into the public record as users of the infidelity dating website. Now, that same judge has ruled that plaintiffs cannot use hacked data to build their case against the company. So Ashley Madison is legally protected, for now, from the secrets exposed in the hack of its client records and corporate email.
Ashley Madison’s parent company Avid Life Media faced a rush of John Doe lawsuits after the hack that exposed the identity of millions of its users. In the Missouri suit, 42 plaintiffs filed under pseudonyms alleging that Ashley Madison failed to “adequately secure” users’ personal and financial information. When a hacking group named “Impact Team” leaked the identities of users last summer, it revealed that the site had been lax on security and had retained records of users who had paid the company for a permanent deletion of their accounts.
Avid Life Media asked that its leaked documents be kept under wraps during court proceedings because they had been criminally obtained. U.S. District Judge John A. Ross sided with the company, even though the wide distribution of those documents online is the very thing users argue turned their lives to turmoil.
What was Ross' reasoning? Writes Brown:
“The fact that the content of some of Avid’s internal documents … has been to some extent placed on the internet and reported in news articles does not change the nature of the documents. They remain stolen documents,” the judge wrote in an April 29 ruling.
The plaintiffs had argued that the documents were no longer confidential, because they are widely distributed on the internet. This was the same argument Google used when fighting for the right to use emails exposed in the Sony Pictures hack in a legal battle with the MPAA—and while Google was barred from using the hacked documents themselves in the case, which is ongoing, the company has cited press articles that reference the documents in their filings
Ross went on to find that lawyers and journalists have very different obligations in how they handle the case:
In the Ashley Madison decision, the judge found that even news articles referencing the leak were off limits. While journalists were protected under the First Amendment in publishing the stolen information online, he wrote, attorneys involved in private litigation had differing ethical responsibilities.
|Judge John A. Ross
It's not all bad news for plaintiffs in the case, as Brown notes:
The silver lining to this cloud is that the documents revealed in the hack could come out during the case’s discovery process. “Regardless of whether some of the documents at issue may be ultimately discoverable, Avid has, and has always had, the right to keep its own documents until met with proper discovery requests or ordered to disclose them by the court,” wrote the judge.
So to get the hacked documents admitted in court, the plaintiffs will need to ask Ashley Madison to produce them. Luckily, the plaintiffs have a very good idea of the smoking gun documents it should request.