Metropolitan News-Enterprise


Monday, April 29, 2019


Page 1


Ninth Circuit:

Insurers’ Alleged Hacking Didn’t Violate Federal Legislation

Opinion Says Stored Communications Act Does Not Apply to Unauthorized Downloading of Litigation Files Which Law Offices Stored on Third-Party Computer System


By a MetNews Staff Writer


The Ninth U.S. Circuit Court of Appeals on Friday affirmed the dismissal with prejudice of two putative class actions in which it was claimed that Cypress Insurance Company and others have hacked into thousands of litigation files of claimants who have brought workers’ compensation actions which they are defending.

The files of plaintiffs were allegedly plucked from the website HQ Sign-Up Services (“HQSU”) where they were stored by law firms. Clients and support staff had authorized access to those files; defendants Cypress Insurance Company, Berkshire Hathaway Homestate Companies, and Zenith Insurance Company did not.

They allegedly sneaked into the system and downloaded the files to aid them in litigation. That, the plaintiffs alleged, violated the federal Stored Communications Act (“SCA”)—a proposition the trial judge—District Court Judge Andrew J. Guilford of the Central District of California—rejected, as did the Ninth Circuit. 

Widespread Activity

In an action brought in 2015 by Hector Casillas, “on behalf of himself and others similarly situated,” the complaint alleges:

“Defendants are presently known to have hacked tens of thousands of litigation files, including approximately five thousand (5000) files belonging to the law firm of Reyes & Barsoum, LLP, a major California worker’s compensation law firm.”

The complaint in a 2016 action in which Adela Gonzalez is the named plaintiff averred:

“The hacking defendants are presently known to have hacked in excess of 32,000 litigation files.”

The two cases were consolidated on March 1 for the purpose of argument.

Stored Communications Act

The hacking, it was contended by the plaintiffs, breached the SCA which provides that anyone who “intentionally accesses without authorization a facility through which an electronic communication service is provided” is subject to a fine and/or imprisonment. It defines an electronic communication service (“ECS”) as “any service which provides to users thereof the ability to send or receive wire or electronic communications.”

HQSU, the appeals court declared Friday, does not meet that definition of an ECS. In a memorandum decision, a three-judge panel explained:

“When Congress enacted the SCA, it stated that one of the Act’s primary purposes was to protect email communication, noting that a primary example of an ECS was an email service in which ‘messages are typed into a computer terminal, and then a recipient computer…’….

“In the ensuing years, we have held that websites and services that permit users to communicate directly with one another are considered ECS providers. For instance, an email provider is ‘undisputedly’ an ECS provider….

“Plaintiffs allege that ‘HQSU’s website, database and servers were used by Plaintiff[s] and [their] counsel to send electronic communications among themselves by uploading and downloading documents, as well as by appending notes to those documents.’ However, taking this allegation as true, it is evident that HQSU does not permit users to communicate directly with each other.”

Bulletin Board

The plaintiffs also contended that HQSU is a bulletin board. The opinion responds:

“Although an electronic bulletin board is an example of an ECS…,the definition of an electronic bulletin board is more specific than Plaintiffs suggest. The plain meaning of a bulletin board requires that a posting be readily viewable by an intended audience. Plaintiffs do not allege that their comments or the documents stored by HQSU were immediately viewable by anyone with access to the file. Thus, HQSU is not an electronic bulletin board.”

At oral argument in Pasadena on March 7, Long Beach attorney James Robert Noblin of Green and Noblin told Senior Judge Raymond C. Fisher and Judge Jacqueline Hong-Ngoc Nguyen that the defendants’ conduct was “outrageous” and was “the cyber equivalent of breaking into the office of opposing counsel and copying the litigation file there.”


Ninth Circuit Senior Judge Raymond C. Fisher and Judge Jacqueline Hong-Ngoc Nguyen hear arguments on March 7 in a case in which plaintiffs in two dismissed actions claim three insurers hacked into a computer system and copied files placed there by law firms. The issue was whether the Stored Communications Act applies to the conduct alleged. A memorandum opinion, filed Friday, says the act does not apply because the computer system did not enable lawyers and clients to communicate through it directly.


Direct Communication

Under questioning as to the lack of direct communication via the system between lawyers and clients, Noblin argued that “they were communicating with each other” through uploading and downloading files and appending comments.

Deborah L. Stein of Gibson, Dunn & Crutcher, representing the defendants, said that what matters is that “there is no ability for a user to send a communication to another user” through the system. She said the system provided what the Ninth Circuit has described as a “virtual filing cabinet.”

Fisher, 79, was replaced on the panel by Chief Judge Sidney Thomas, through a random assignment. Signing the opinion, in addition to Nguyen and Thomas, was Judge Ronald Lee Gilman of the Sixth Circuit, sitting by designation.

The case is Casillas v. Cypress Insurance Company, 17-56065.


Copyright 2019, Metropolitan News Company