madison
Home / News & Blogs

Virginia backs off demands for Facebook data

Declan McCullagh CBSNews.com | September 15, 2009 8:59 AM PDT

Summary

The state of Virginia has backed away from its attempts to force Facebook to divulge the complete contents of a user's account to settle a dispute over workers' compensation.

Topics

Facebook, Virginia, Colgan Air Inc., Benefits, Policies And Procedures, Human Resources, privacy, Declan McCullagh CBSNews.com
The state of Virginia has backed away from its attempts to force Facebook to divulge the complete contents of a user's account to settle a dispute over workers' compensation, narrowly avoiding what promised to be a high-profile privacy battle in federal court.

On Monday, the Virginia's Workers Compensation Commission said it was no longer going to levy a $200-a-day fine on the social-networking site for refusing to comply with a subpoena from an airline that previously employed a flight attendant named Shana Hensley.

Facebook had objected to the June 4 subpoena from Colgan Air--the Manassas, Va.-based company that operates under the names United Express, US Airways Express, and Continental Connection--on privacy grounds. It said federal law prohibits divulging user data in response to a subpoena, and promised to "further litigate this issue by seeking, among other things, an injunction from the federal courts."

In principle, this isn't a novel concept: employers and insurance companies have long used private investigators to ferret out fraud and show that someone who claims to be a virtual cripple actually participates in waterskiing competitions.

Because social-networking sites offer such information-rich glimpses into a person's private life, insurers and employers have begun eyeing them. A personal injury lawyer in Elmira, N.Y., noted in July that an accident victim claiming to be severely injured was, thanks to Facebook, revealed to be playing in soccer games. An article last week in Business Insurance said that social-networking sites revealed exaggerated claims of injuries from a judo instructor, a bowler, and a rodeo bronco rider.

In the Colgan Air case, Facebook says it's happy that privacy rights prevailed. "We're pleased with the outcome and that our users' information will be protected," said Facebook spokesman Barry Schnitt.

Colgan Air, which is owned by the publicly traded Pinnacle Airlines, initially paid Hensley's disability benefits that were related to a back injury while on the job (she was diagnosed with a herniated disc that did not want surgery). After about 18 months, however, Colgan Air claimed that Hensley was not cooperating with its efforts to find her a desk job and appears to have concluded that Hensley's holiday vacation photos posted on her Facebook account would demonstrate that any back problems were not severe.

The airline's June 4 subpoena from Virginia attorney Charles Midkiff (PDF) demands "all documents, electronic or otherwise, related directly or indirectly, to all activities, writings, photos, comments, e-mails, and/or postings" on Hensley's Facebook account.

Six days later, Facebook responded, saying that the request must come from a California court, and that it was "overly broad" because the federal Electronic Communications Privacy Act (ECPA) protects the privacy of user accounts. Midkiff, the airline's lawyer, replied by requesting a "contempt citation against Facebook" from the Virginia's Workers Compensation Commission.

Randolph Tabb, a deputy worker's compensation commissioner, granted it. On August 28, Tabb held Facebook in contempt for "a failure to comply" and ordered a $200-a-day fine "until such time as compliance is satisfied by the production of said documentation."

Facebook's response to Tabb sent last week says that "users such as Ms. Hensley rely on Facebook to protect their data and vigorously enforce the privacy decisions they make on Facebook." It adds: "Courts have interpreted the ECPA to prohibit services such as Facebook from producing a non-consenting subscriber's communications even when those communications are sought pursuant to a court order or subpoena."

Put another way: unless you change your mind, we'll see you in federal court.

It worked. Tabb backed down, reversing his previous ruling and fine, and claimed that Facebook should have made the full scope of its objections clear earlier.

James Szablewicz, Virginia's chief deputy worker's compensation commissioner, said in an interview on Monday that he didn't know of any other case involving Facebook that his colleagues have faced. "I think it's a pretty good chance that this is a case of first impression for us," he said.

Privacy advocates applauded Monday's decision, likening it to Google's mostly successful effort to fend off a subpoena from the Justice Department three years ago. Jim Dempsey, a vice president of the Center for Democracy and Technology, said: "Too often, lawyers in civil cases are turning to service providers like Facebook, AOL, and Google with fishing requests. The law is clear--service providers cannot turn over content in civil cases."

Kevin Bankston, a senior staff attorney at the Electronic Frontier Foundation, said the principles are similar to the one involving Apple Computer's efforts to unmask product leakers (the case is O'Grady v. Superior Court). "We were very glad to see that the rule of law we helped to establish in the O'Grady case is being used to ensure that Facebook content is not disclosed in violation of federal privacy statutes."

There's an ironic ending to this story. Julie Heiden, a Virginia personal injury lawyer representing the former flight attendant, Shana Hensley, said in an interview on Monday that the subpoena won't be necessary after all.

"We agreed to sign a release," Heiden said, meaning a document that authorizes Facebook to disclose the contents of Hensley's account to her former employer. "Shana has executed the release...She has nothing to hide."

Update 9/15/2009: Colgan Air spokesman Joe Williams says: "As you might expect, we do not comment on pending litigation."

This article was originally posted on CBSNews.com.

Talkback Most Recent of 18 Talkback(s)

  • Minor nitpick..but VA is a Commonwealth...NT
    NT
    ZDNet Gravatar
    JT82
    15th Sep 2009
  • I am not a fan of people who claim to be injured that are not.
    I am not saying she is lieing or they are being overly burdensome with proof requirements. I think if they just spent the dough to watch her at her house, they would get their answer sooner than a court date.

    Lazy private investigators.
    ZDNet Gravatar
    Been_Done_Before
    15th Sep 2009
  • Im not a fan of governments being nosey and invading peoples privacy.
    There are other ways to get this information rather than invade the privacy of an individual. However, if there is reasonable suspicion that she is "lying" about her injuries - then I wouldnt construe this as an invasion of privacy more so than an investigation of fraud.
    ZDNet Gravatar
    JT82
    15th Sep 2009
  • RE: Virginia backs off demands for Facebook data
    I think the federal laws are good. The privacy of the individual is in the Bill of Rights for good reason.
    ZDNet Gravatar
    MReedB
    15th Sep 2009
  • Getting tired of the "wrong state" dodge.
    Bottom line here should be, does Facebook do business (have users) in Virginia. If so then they should be forced to follow the laws of Virginia. Sort of the same thing as how everyone says US companies have to follow EU laws to do business there.
    ZDNet Gravatar
    No_Ax_to_Grind
    15th Sep 2009
  • I disagree
    You can't compare the EU to the USA, two different entities entirely. I won't get into a long dissertation spelling out the the differences but suffice it to say that the 50 states of the US are (mostly) autonomous in nature and each have their own laws and regulations and these laws and regulations can vary widely from state to state. That's just one of the reasons there are Federal laws that must be adhered to above and beyond state laws.

    Facebook could not possibly follow all state laws, rules and regulations because of that variance, so Federal law and to a point, California law applies in the case of an American based request as stated in the article.

    BTW, Facebook is global in nature, not just unique to the USA. How say you to that?

    ZDNet Gravatar
    bandersnatch42vt
    16th Sep 2009
  • Facebook already ran afoul of that situation
    Facebook ran afoul of Canada's privacy laws by retaining and selling peoples information after they had quit the service. They were ordered to solve the issue or close down in Canada. Facebook agreed to the changes and is applying those changes to all accounts worldwide. When a user ceases to be a
    Facebook member, they must destroy the records and can not sell the information.
    ZDNet Gravatar
    Rndmacts
    18th Sep 2009
  • Actually
    If a company does business in a certain state, they HAVE TO FOLLOW THAT STATE'S LAW. It does net matter if they are a local, interstate, or global company.

    Other businesses that do business in multiple states and countries have no problems following the laws of each individual state they do business in - as does facebook. And why would CALIFORNIA law be applicable in VIRGINIA?
    ZDNet Gravatar
    Pete "athynz" Athens
    8th Oct 2009
  • This is a totally ridiculous
    argument. Even if the facebook user didn't sign a terms of use agreement, you argument is totally ridiculous. Having customers in a state/commonwealth is not a reason to force facebook to follow their laws. Facebook has customers in EVERY state. Using your lame argument, they should follow every state's laws. So what if the laws conflict?

    Example - does a magazine publisher have to publish separate issues just to satisfy the laws of a particular state? No they don't.
    ZDNet Gravatar
    sackbut
    16th Sep 2009
  • Not true
    The internet is a while other animal. Companies in the other countries only have to follow laws of other companies if they physically do business there. Online business is not enough, and it shouldn't be. Anyone can do online business anywhere. I don't have a need to subscribe to porn, but there are plenty of those sites. From what you say, a court in the middle east should be allowed to close a site because it violates the laws of its land. That would never work. Based on the way the US is set up, states (commonwealths) are their own entity. The feds are there for dispute resolution between them. One state does not have to honor something from another state. Have you read anything about gay marriage lately? Only a couple states allow it. Only like one more recognizes it.
    ZDNet Gravatar
    jcoop757@...
    16th Sep 2009
  • RE: Virginia backs off demands for Facebook data
    Which conglomerate owns Facebook? Virginia should realize that a little bit of "grease" gets the wheels rolling - they've done it many times before... wink
    ZDNet Gravatar
    ZDnet Reader 43
    16th Sep 2009
  • RE: Virginia backs off demands for Facebook data
    Oh wait, Facebook's privately owned. That's why they were able to resist VA's demands, no taint of megacorporate rule-bending...
    ZDNet Gravatar
    ZDnet Reader 43
    16th Sep 2009
  • RE: Virginia backs off demands for Facebook data
    I would tend to believe that the arguement of social-networking sites such as Facebook, Twitter and the like would not be admissable in court on the basis of the "accused" not being read their rights and that any discoveries would be considered self incriminating before the fact.

    Would not be a good day for the legal system thats for sure.

    On the other side... don't put anything on the internet that you are going to have to answer for. If you give one of these posers permission as a "friend" to view your stuff... shame on you!!
    ZDNet Gravatar
    kfortner51
    16th Sep 2009
  • not quite
    If you are dumb enough to put incriminating evidence out in public, there is no need to have read you your rights to use the evidence against you. That's like having a gun sitting on the dashboard of your car and not expecting the police to do anything about it. If it's out in public, expect someone to use it against you. That is why the right to privacy is so important and you should not be so quick to give up that right.
    ZDNet Gravatar
    Al_nyc
    17th Sep 2009
  • RE: Virginia backs off demands...
    I feel that this stupid bureaucrat, Randolph Tabb, exceeded his authority. Unfortunately, there is little consequences for that. He might just claim: "I am only doing my job". Right

    Somewhere, the line needs to be drawn with politicians and bureaucrats that go too far. Our UK readers all too well have their own dilemma, with innocent people still being added to a DNA database, because to police are "still waiting for clarification" of a ruling that told them to stop that practice (of people NOT convicted of a crime).

    IMHO, there have to be consequences for these people who exceed their authority, and the punishment meted out needs to be severe. Like this guy Tabb, I think that he should have his fingers whacked by a hardwood baton (aka 'nightstick'). One way to make sure he "gets the message".
    ZDNet Gravatar
    fatman65535
    16th Sep 2009
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity