From Casetext: Smarter Legal Research

Sartori v. Schrodt

United States District Court, N.D. Florida, Pensacola Division.
Nov 25, 2019
424 F. Supp. 3d 1121 (N.D. Fla. 2019)

Summary

granting defendant summary judgment on the plaintiff's SCA claim and noting that "most courts have held (and I agree) that the SCA doesn't reach and protect undeleted emails that have already been delivered and opened by the intended recipient" because those emails "are no longer 'in electronic storage'"

Summary of this case from Thornton v. Thornton

Opinion

Case No.: 3:18cv204-RV/HTC

2019-11-25

Jason SARTORI, Plaintiff, v. Julie SCHRODT, Defendant.

Michael Stanski, Law Office of Michael Stanski, Jacksonville, FL, for Plaintiff. Larry Arthur Matthews, Raymond Francis Higgins, III, Matthews & Higgins LLC, Pensacola, FL, for Defendant.


Michael Stanski, Law Office of Michael Stanski, Jacksonville, FL, for Plaintiff.

Larry Arthur Matthews, Raymond Francis Higgins, III, Matthews & Higgins LLC, Pensacola, FL, for Defendant.

ORDER

ROGER VINSON, Senior United States District Judge

The plaintiff, Jason Sartori, filed this lawsuit against his ex-wife, Julie Schrodt, alleging violations of the Computer Fraud and Abuse Act, 18 U.S.C. §§ 1030, et seq. (CFAA); the Stored Communications Act, 18 U.S.C. §§ 2701, et seq. (SCA); and his privacy rights under Florida law. The state law claims were dismissed at the pleading stage, and the case proceeded to discovery. Discovery is now closed, and Schrodt has filed a motion for summary judgment on the remaining federal claims (doc. 34) (Def. Mot.). Sartori has filed a response in opposition to the motion (Pl. Resp.), and Schrodt has filed a reply to the response (Def. Reply).

I. Standard of Review

Summary judgment is appropriate if all the pleadings, discovery, affidavits, and disclosure materials on file show that there is no genuine disputed issue of material fact, and the movant is entitled to judgment as a matter of law. Fed. R. Civ. P. 56(a), (c). The plain language of Rule 56(c) mandates the entry of summary judgment, after adequate time for discovery and upon motion, against any party who fails to make a showing sufficient to prove the existence of an element essential to that party's case, and on which that party will bear the burden of proof at trial. Celotex Corp. v. Catrett , 477 U.S. 317, 322, 106 S.Ct. 2548, 91 L.Ed.2d 265 (1986).

Summary judgment is inappropriate if a reasonable factfinder evaluating all of the evidence could draw more than one inference from the facts, and if that inference raises a genuine issue of material fact. See, e.g., Allen v. Board of Public Educ. for Bibb County , 495 F.3d 1306, 1315 (11th Cir. 2007) (citations omitted). An issue of fact is "material" if it might affect the outcome of the case under the governing law. See Anderson v. Liberty Lobby , 477 U.S. 242, 248, 106 S.Ct. 2505, 91 L.Ed.2d 202 (1986). It is "genuine" if the record, viewed as a whole, could lead a reasonable factfinder to return a verdict for the non-movant. Id.

In considering a motion for summary judgment, the record must be construed in a light most favorable to the non-movant; all reasonable inferences are drawn in his favor; and his evidence must be believed. See, e.g., Allen , 495 F.3d at 1315. However, statements by counsel made in memoranda are not evidence. See Green v. School Bd. of Hillsborough Cty., Fla. , 25 F.3d 974, 979 (11th Cir. 1994) ; United States v. Smith , 918 F.2d 1551, 1562 (11th Cir. 1990). It follows that attorney arguments alone cannot preclude summary judgment. See Rich v. Dollar , 841 F.2d 1558, 1565 & n.5 (11th Cir. 1988) (reversing denial of summary judgment for defendant where the district court relied on "assertions in the memorandum prepared by Rich's counsel rather than upon the factual showing submitted under oath by Rich"); accord Smith v. Housing Auth. of City of Prichard , 2007 WL 735553, at *6 n.14 (S.D. Ala. 2007) ("These assertions [by the plaintiff in opposition to summary judgment] are unaccompanied by citations to the record, and lack support therein. Of course, mere unsupported representations of counsel do not constitute evidence that may be considered on summary judgment.") (quoting Nieves v. Univ. of Puerto Rico , 7 F.3d 270, 276 n.9 (1st Cir. 1993) ("Factual assertions by counsel in motion papers, memoranda, briefs, or other such self-serving documents, are generally insufficient to establish the existence of a genuine issue of material fact at summary judgment."); Bowden ex rel. Bowden v. Wal-Mart Stores , 124 F. Supp. 2d 1228, 1236 (M.D. Ala. 2000) ("opinions, allegations, and conclusory statements of counsel do not substitute for evidence" on summary judgment)).

Thus, a party opposing summary judgment must point to specific portions in the record where evidence of a genuine disputed issue of fact can be found. See, e.g. , Fed. R. Civ. P. 56(c)(1)(A) (party asserting a fact as genuinely disputed must support the assertion by "citing to particular parts of materials in the record, including depositions, documents, electronically stored information, affidavits or declarations, stipulations (including those made for the purposes of the motion only), admissions, interrogatory answers, or other materials"); N.D. Fla. Loc. R. 56.1(F) (stating that a party opposing summary judgment "must include pinpoint citations to the record evidence" to show that there is a genuine disputed issue of fact).

II. Background

The following facts come primarily from Schrodt's sworn affidavit (doc. 35 Ex. 1) (Def. Aff.); excerpts from her deposition (docs. 39 Ex. 1 and 40-1) (Def. Dep.); and excerpts from Sartori's deposition (docs. 35 Ex. 4 and 40-2) (Pl. Dep.). Except where noted, Sartori has not contradicted any of these facts with evidence of his own, so they are taken as undisputed. At all times relevant, Sartori was an Army officer and member of the 7th Special Forces Group (the Green Berets) at Eglin Air Force Base, Florida. He was married to Schrodt, and they had three young children. In 2011, Sartori bought a Toshiba laptop computer and kept it at their marital home. Although he would usually take the laptop with him when he went on deployment, it wasn't his personal work computer. Indeed, he testified that he "absolutely" never used it for work ("I had government systems to do that") [Pl. Dep. at 44-45], and he never told Schrodt that she couldn't use it. See id. at 28 ("Q: ... [Y]ou never told your wife, hey, I don't want you using my Toshiba computer, did you? A: No."). In fact, when Sartori was home from deployment, the computer was often kept in the parties' bedroom or spare room with the understanding that Schrodt could use it as needed. See Def. Aff. at ¶ 8; see also Def. Dep. at 112 (testifying that she would use the computer to get directions, look at bank information, or if she "needed to download something"). Because Sartori has not cited evidence to the contrary in his opposition to summary judgment [see Pl. Resp.], it is undisputed that the parties had joint and mutual access to the computer when he was home from deployment.

On or about April 1, 2016, Sartori came home from a three-month deployment. See Def. Aff. at ¶ 5. Shortly after his return, on April 5, 2016, Schrodt logged onto the computer while it was in their bedroom, and she opened the "Skype" program. Id. at ¶¶ 6, 8. Skype is an internet service that allows users to communicate with each other by voice, video, or instant messages. Schrodt logged onto the Skype account by using sign-on credentials that she had created while Sartori was out of the country on a prior occasion. Id. at ¶¶ 6-7. She testified: "I personally set up this Skype account, and used the same login credentials (GoGators!) my then-husband and I typically used in other family computer accounts." Id. ; accord Pl. Dep. at 44 (wherein Sartori acknowledged "I was physically located in Iraq" when Schrodt set up the Skype account).

Although Schrodt personally set up the Skype account (with the same password and sign-on credentials that they used for other "family computer accounts"), the record indicates that she never used the account until she opened it on April 5th; Sartori was the only person who used it prior to that date.

When she logged onto the Skype account, Schrodt discovered sexually explicit photos and transcripts of inappropriate conversations between Sartori and a number of female contacts, some of whom served with him in the Army. See Def. Aff. at ¶ 9. The photos and conversations made clear that Sartori had been having multiple affairs with various woman from 2012 and continuing up to that day. Id. at ¶ 10. Schrodt read and printed out a copy of the Skype transcripts. Id. at ¶¶ 9-11.

In addition to reading and printing out the transcripts, Schrodt sent a message to one of the women while she was logged into the Skype account on April 5th. Specifically, she sent the woman a picture of their three children and wrote: "Thanks to you, these three boys' lives as they know it is ruined." See Def. Dep. at 89.

After she viewed and printed the Skype transcripts—but while she was still on the computer—Schrodt went to the web-based email client "Gmail.com" and saw that Sartori had not signed out of his email account. See Def. Aff. at ¶ 12. Because he was still signed into his account, that meant all of his emails—which are usually password-protected—"popped up" and were accessible without a password. Id. ; Def. Dep. at 38 ("I just typed in Gmail and [his emails] came up.... When I typed in Gmail.com, that is what popped up because that particular account had never been logged out of."). Schrodt proceeded to read the emails, at least eight of which were titled "Skype." See Pl. Resp. at 2. Importantly, Sartori had already opened all the emails. See Def. Aff. at ¶ 13. There is no claim that Sartori downloaded any of the emails onto the computer itself; rather, it appears he kept them on the Gmail web-based server after they were opened. The emails contained more evidence of his sexual affairs and, also, potential misconduct and violations of military civil and criminal law or regulations. Id. at ¶ 17.

At deposition, Schrodt couldn't remember if any of the emails had not been opened. See Def. Dep. at 76. However, she subsequently testified by affidavit that they all had been opened. See Def. Aff. at ¶ 13. Sartori has not cited any evidence to contradict her affidavit on this point (nor challenge that later testimony as a "sham"), so I consider it undisputed that all the emails had been opened.

The next day, April 6, 2016, Schrodt hired a divorce lawyer and began divorce proceedings. See Def. Aff. at ¶ 14. She provided her lawyer with a copy of the Skype transcripts at that time. Id. On April 7, 2016, she confronted Sartori and told him what she had found on the laptop, handed him copies of the Skype transcripts, and told him that she was filing for divorce. Id. at ¶ 15. At or around this time, they had a physical altercation and Sartori allegedly battered her (doc. 35 Ex. 2 at 2 n.2). He was arrested and charged in Florida state court with several counts of domestic violence, but those charges were eventually dismissed (nolle prosequi). Id.

Despite learning that Schrodt had accessed the Skype account and his personal Gmail account on April 5th, Sartori made no effort to change the passwords or log-on information to those accounts. See Def. Aff. at ¶ 16. In fact, he testified at deposition that after she accessed the accounts the first time and learned of his affairs, he didn't change the passwords or block her from the accounts because he wasn't concerned (or "worried") about her accessing them again:

Q: ... [W]hen did you change your password after [Schrodt accessed your Gmail account]?

A: I don't know if I did.

Q: Weren't you worried about—

A: No.

Q: You weren't worried about any additional access or anything like that?

A: No.

Q: Okay. How about the Skype?

A: No.

Q: Weren't worried about it at all?

A: No.

Q: About her changing it, altering it?

A: Nothing to hide. The cat is already out of the bag.

Pl. Dep. at 48-49.

On May 6, 2016, Schrodt accessed Sartori's Gmail account a second time and downloaded the emails and pictures that she had seen on April 5th. See Def. Aff. at 17. Because Schrodt testified at deposition that she didn't know Sartori's Gmail password [Def. Dep. at 42-43]—and he hasn't argued otherwise—she was presumably able to access to his emails on May 6th because he had again failed to sign out of his account. Schrodt subsequently gave copies of the emails and pictures to her divorce attorney. See Def. Aff. at ¶ 19.

On August 29, 2016, upon request from the Army, Schrodt and her attorney met with members of Sartori's unit [Def. Aff. at ¶ 20], including his Deputy Commander, Colonel Robert Connell. During the course of that meeting, Schrodt was told that the Army had opened an official Article 15 investigation into Sartori regarding his sexual affairs with coworkers. Id. Notably, it appears that Schrodt wasn't the cause or reason for the Article 15 investigation. Rather, the investigation began when a member of his Special Forces Group, Sergeant Katrina Sofaly, told a commanding officer that Sartori had been engaged in a sexual relationship with the Group Secretary, Jennifer O'Brien (doc. 35 Ex. 2 at 1-2).

A few months before filing this lawsuit, Sartori filed a separate litigation against the Army, alleging violations of the Freedom of Information Act and Privacy Act. See Jason Sartori v. United States Army , 3:17cv679-TKW/EMT. In support of his complaint in that case (doc. 13-1), he attached a news article titled "Dick Pic Six: The 7th Special Forces Group Sex and Blackmail Network. " The article discusses Sartori's affair with O'Brien and allegations that he had physically assaulted her, in addition to claims that she had slept with and was blackmailing a number of officers in the Special Forces Unit. Id.

During the August 29th meeting, Schrodt provided the Army with copies of the Skype transcripts and Gmail documents. See Def. Aff. at ¶ 21. Schrodt contends in her affidavit that she did so only after and because the Army asked for anything that might help its official investigation. See id. at ¶ 20. However, Sartori has filed excerpts from Col. Connell's deposition where he suggested that she did so on her own (doc. 39 Ex. 2 at 11). Specifically, Col. Connell testified that Schrodt came into the meeting with a binder of documents and said: "My husband's been cheating on me multiple times. I've had enough. I have this package of evidence I would like to turn over to you." Id. On summary judgment, I must (and do) accept Col. Connell's statement as true.

As a result of the Article 15 investigation, it was recommended that Sartori be dishonorably discharged from the Army, and he was subsequently tried before a court martial on several counts of domestic violence (the same charges that were previously dismissed in state court). The documents that Schrodt got from the computer were not used in the court martial. Sartori was found guilty of domestic violence and sentenced to 10 years in prison and discharge from the Army. He is currently incarcerated.

According to media reports, Sartori was charged with battering and shoving Schrodt, as well as "brandishing a loaded weapon in front of his young son and strangling his wife while she held their infant in her arms." Meghann Myers, Former Green Beret Sentenced to 10 Years in Domestic Abuse Court-Martial , Army Times, Jan. 30, 2019, available at: https://www.armytimes.com/news/ your-army/2019/01/30/former-green-beret-sentenced-to-10-years-in-domestic-abuse-court-martial/. He was ultimately convicted of five counts of assault and two counts of child endangerment. Id.

On January 31, 2018, Sartori brought this civil action against Schrodt. As it has been winnowed down, the operative complaint contains five counts—three under the CFAA, and two under the SCA. As for the CFAA counts, he alleges that she violated the statute by using the computer itself (Count 1); by accessing his Gmail account on both April 5th and May 6th (Count 2); and by accessing the Skype account (Count 3). As for the SCA counts, he alleges that she violated the statute by accessing his Gmail account both times (Count 6), and by accessing the Skype account (Count 7). Schrodt now moves for summary judgment on each count.

III. Discussion

At the outset—and before I even discuss the two federal statutes themselves—I can dispose of several claims very quickly and with very little discussion. Specifically, as just noted, Sartori alleges in Counts 1, 3, and 7 that Schrodt violated federal law by using the computer and by accessing the Skype account. Those claims have no merit. The undisputed evidence on summary judgment establishes that (1) the computer was kept in common parts of the marital residence where it could be (and in fact was) used by both husband and wife, and thus (2) it was jointly-owned marital property that the parties had mutual access and authority to use. Schrodt didn't violate federal law by using the laptop computer itself. And she also didn't violate the law by logging onto and accessing the Skype account. Again, she was the person who created the password and log-on credentials for that particular account, and she used the same password and log-on credentials that she had used for other family accounts. As there is no genuine disputed issue of material fact on those claims, summary judgment is appropriate for Counts 1, 3, and 7.

Sartori points out that "[m]ere knowledge of Mr. Sartori's passwords is not enough to grant authorization just as holding keys to a building does not authorize access." See Pl. Resp. at 11. That may be true as a general statement, but the analogy doesn't hold here. Schrodt didn't merely "know" the password to the Skype account; she actually created and set it up. And she used the same log-on credentials and password that she used to set up other family computer accounts. The suggestion that she violated federal law by logging onto an account using a password and sign-in credentials that she had previously created as if it were a family account—even though Sartori was the only one who used it—is unsupported by law or common sense.

That brings us to the claims in Counts 2 and 6 that Schrodt violated the CFAA and SCA, respectively, when she accessed his Gmail account on April 5th and May 6th. Whether Schrodt violated federal law when she accessed his Gmail account on April 5th will be addressed in Sections III(A) and (B) below. Whether she violated the law when she accessed his account the second time on May 6th is a question I can answer here: No, she didn't. As has been discussed, Sartori testified that after Schrodt first accessed his Gmail account on April 5th, he wasn't concerned about her having "any additional access or anything like that"—he wasn't "worried about it at all"—because at that point "the cat [was] already out of the bag." Therefore, Schrodt at the very least had implied consent to access his Gmail account on May 6th. In light of the foregoing, the only issue that remains to be considered is whether Schrodt violated the CFAA and SCA when she went to Gmail.com on April 5th, saw that Sartori was still logged into his account, and read emails that he had previously opened and retained on Gmail's web-based server.

As to this issue, Lazette v. Kulmatycki , 949 F. Supp. 2d 748 (N.D. Ohio 2013), is instructive. In that case, a former employee brought an action against her former supervisor, alleging violations of the SCA and state privacy law when he accessed her personal emails that she had left behind on a company-issued blackberry after she had separated from employment. The supervisor argued, inter alia , that he had implied consent to read the emails because the plaintiff negligently failed to delete her account when she returned the blackberry. The district court noted (as many courts have held) that implied consent could apply in such a context. See id. at 757 (citing Williams v. Poulos , 11 F.3d 271, 281 (1st Cir. 1993) ). However, the district court held that it didn't apply to the facts of that case because: "Negligence is ... not the same as approval, much less authorization. There is a difference between someone who fails to leave the door locked when going out and one who leaves it open knowing someone [would] be stopping by." Id. The district court held that the facts of Lazette were the former; but the facts here are the latter. On April 7, 2016, Sartori knew that Schrodt had accessed the Skype account and his private Gmail email account; knew that she had already printed the Skype transcripts; and knew that she had hired an attorney and was filing for divorce. With that knowledge, he had every reason to believe that she would access the accounts again and no reason to believe that she wouldn't. And yet he testified at deposition that he didn't change the passwords (nor did he even log out of his Gmail account!) because he wasn't "worried" about additional access since his affairs had already been discovered, so there was no reason to try and block her from his Gmail. His failure to do so isn't analogous to negligently leaving a door open; it is much more akin to leaving the door open knowing that someone would be stopping by.

Preliminarily, I recognize that there is case law supporting the general position that a spouse may potentially violate the CFAA and SCA when he or she accesses the other spouse's email account. See, e.g., Vista Marketing LLC v. Burkett , 812 F.3d 954 (11th Cir. 2016) (wife violated SCA by accessing husband's email account); Stirling Int'l Realty Inc. v. Soderstrom , 2015 WL 2354803 (M.D. Fla. 2015) (husband stated claim against wife under both the SCA and CFAA for accessing his email account); accord V.M. Wills & L. Parvis, The Changing American Family and the Law: When Do I Become A Spy , 42 Md. B.J. 20, 22 (2009) (noting that "intentionally accessing a spouse's online email account, such as ... Google's gmail, and obtaining copies of the spouse's email messages without authorization are examples of prohibited activity [under the CFAA and SCA]").

However, what if (as in this case, and in contrast to the above cases) access to the email account wasn't obtained by using the other spouse's password or passcode but, rather, because the spouse had failed to sign out of his account on a jointly-owned laptop computer, which left his emails open to anyone who had access to the computer itself? Schrodt argues that the federal statutes were not intended to reach and apply to a situation like the one at issue here. See generally Def. Mot. at 16-19; accord Def. Reply at 5 (although Sartori "may regret not hiding the content of [the Gmail account] where she had no access, ... her activity is not illegal or culpable under the CFAA or SCA"); see also id. at 2-3 ("Can Plaintiff really argue that he forbade his wife from looking at his open emails or going to a Skype account she created on a jointly owned computer to which they both had access when he was not deployed? If so, there is no record evidence to support such an absurd dynamic in a marital relationship"). I have to agree. It has been noted (at least with respect to the SCA):

To illustrate the contrast, the wife in Vista Marketing was separated from her husband when she used his password to gain remote access to his emails from her own personal computer.

In the context of one spouse looking at the other spouse's private emails, the case law indicates liability will not attach under the SCA unless the inquisitive spouse does something to overcome an effort to maintain privacy in those communications, such as using the spouse's password without authorization , or using a digital device against the owner's express wishes. In contrast, a Gmail account that is unprotected by a password and accessible on the family's home computer would appear to be accessible to the other spouse just as the files on the hard drive. Accordingly, if one spouse leaves the Gmail account unprotected by a password and it is readable by the other spouse on the home computer that they share, such access would not appear to violate the SCA even if the spouse's reading of the email is not specifically authorized because there was no express prohibition or unauthorized use.

D.H. Tennant & M.G. McCartney, Forensic Examination of Digital Devices in Civil Litigation: The Legal, Ethical and Technical Traps , 24 No. 1 Prof. Law. 13, 25 (2016) (emphasis supplied) (citing cases). Nevertheless, I will assume that the statutes can be violated even if a password isn't used, and I will address the merits of Sartori's CFAA and SCA claims. Cf. Potter v. Havlicek , 2007 WL 539534 (S.D. Ohio 2007) (finding in preliminary injunction context that husband could be held liable for reading wife's emails that were accessible because she used a "remember me" feature that stored her password on the family home computer so she wouldn't have to retype it each time).

A. CFAA

To recover under the CFAA, Sartori must prove that Schrodt: (1) intentionally accessed a computer, (2) without authorization or in excess of her authorization, (3) obtained information thereon, and (4) caused him to suffer a loss of at least $5,000.00. 18 U.S.C. 1030(a)(2)(C), (c)(4)(A)(i)(I) ; see also Brown Jordan Int'l v. Carmicle , 846 F.3d 1167, 1173 (11th Cir. 2017). Sartori argues (and I will accept as true for purposes of this motion) that "computer" is given a broad application under the law and that it reaches more than actual physical computers; it also reaches online accounts. See Pl. Resp. at 8-9.

For purposes of this analysis, I will also accept and assume arguendo that if a person intentionally opens and reads a spouse's email without authorization (even if it was not password-protected) that constitutes obtaining information from a protected "computer" under the CFAA. Nevertheless, to prevail under the statute, the plaintiff must have sustained a loss of at least $5,000. In her motion to dismiss, Schrodt argued that Sartori had not sustained a loss in that amount. This is what I had to say about the argument at that time:

The defendant argues that plaintiff has not stated a claim for the requisite loss. The plaintiff responds that he suffered a loss from the defendant's "cyber attack" insofar as he incurred additional and unnecessary litigation costs during the divorce proceedings, and that (because of his position with the Army Special Forces) he had to hire an expert to assess the risk of the defendant's "data breach" to ensure that he and his unit were not left vulnerable. While the CFAA claims may not survive summary judgment —depending on what the evidence actually shows—I conclude that the plaintiff has stated a plausible claim for relief under the statute at this preliminary stage of the case. Brown Jordan , 846 F.3d at 1173-74 (holding that "loss" under CFAA may include "reasonable costs incurred in connection with ... responding to a violation [and] assessing the damage done").

(doc. 15 at 3-4) (emphasis supplied). In his opposition to summary judgment, Sartori makes the same argument that he made in response to Schrodt's motion to dismiss. That is, he contends that he suffered loss in two specific ways: (1) additional litigation costs during the divorce proceedings, and (2) "remediation" of his computer system. See Pl. Resp. at 11. That argument was sufficient to avoid dismissal, but—as I said at the time—it isn't sufficient to avoid summary judgment unless there is actual evidence to support the claimed loss. Sartori has not cited any evidence in the record to support his loss claim; it's all attorney argument. Id. at 11-13 (arguing loss with no citation to any record evidence). And, even the attorney argument is unpersuasive.

First, as for the increased litigation costs during the divorce, it is important to note that by the time Schrodt read Sartori's Gmail emails on April 5th, she had already learned about his extramarital affairs through the Skype transcripts. Thus, it is hard to see how—and Sartori doesn't specifically argue that—accessing his Gmail account per se led to increased divorce expenditures. Indeed, because she already knew about the affairs and had the Skype transcripts, any costs incurred in the divorce case would have presumably been incurred anyway, even if Schrodt had stopped after accessing the Skype account and never accessed his Gmail account at all.

As for having to "remediate" his computer system, his attorney's argument on this point is directly inconsistent with Sartori's own deposition testimony. His counsel contends—once again, without citation to evidence—that Sartori was forced to retain professional services to analyze Schrodt's "hack," "data breach," and "cyber strike" to be sure that the exposed data wouldn't leave his Special Forces Unit "venerable" [sic ]. See Pl. Resp. at 11-13. This was done, according to counsel, to "assess whether the genie could be put back in the bottle." Id.

However, as previously quoted, Sartori testified that he never used the Toshiba laptop computer for work. And he further testified that once Schrodt had accessed the Skype and Gmail accounts on April 5th, he wasn't concerned about her having "any additional access" to those accounts because he had "nothing to hide." Pl. Dep. at 48-49. In other words, the only thing Sartori was worried about was Schrodt discovering his extramarital affairs, and once she did so he no longer cared about her accessing the computer and online accounts.

Thus, although Sartori's attorney argues on summary judgment that Sartori had to hire professionals to assess any possible threats to his Special Forces Unit and see if "the genie could be put back in the bottle ," his own testimony clearly shows that he didn't use the computer for work and wasn't concerned about her having additional access to the two accounts because "the cat [was] already out of the bag. " Competing metaphors aside, there is no actual evidence of any loss here at all, let alone $5,000 worth.

It also bears noting that Sartori went on to concede at deposition that he retained the services of the computer expert solely to "support [this] lawsuit." Pl. Dep. at 49. Specifically, he testified that he hired the expert—and paid him $3,000—only to find out "when [Schrodt] got onto the computer so we could provide digital forensic evidence to the Court." Id. This led to the following exchange:

Q: Okay. So you didn't hire anybody [because] hey, I'm worried about this or worried about that? The reason you hired the expert is for purposes of this lawsuit, proving your lawsuit; fair statement?

A: Fair statement.

Id. Obviously, the money that Sartori spent to hire a computer expert to substantiate this civil action is not a "loss" contemplated by the statute.

Accordingly, there is no genuine disputed issue of material fact as to the CFAA claim and summary judgment is thus appropriate on Count 2.

B. SCA

Prior to 1986, federal law provided no protection for stored communications in remote computer operations and large data banks that stored emails. Garcia v. City of Laredo , 702 F.3d 788, 791 (5th Cir. 2012). "In response, Congress passed the SCA as part of the Electronic Communications Privacy Act to protect potential intrusions on individual privacy that the Fourth Amendment did not address." Id. (citation omitted). The SCA makes it unlawful to intentionally access without authorization (or exceed authorization of) a facility through which an electronic communication service (ECS) is provided and to obtain access "to a wire or electronic communication while it is in electronic storage. " 18 U.S.C. § 2701(a) (emphasis supplied). "Electronic storage" is defined as:

(A) any temporary, intermediate storage of a wire or electronic communication

incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication.

Id. § 2510(17) (emphasis supplied).

In contrast to the CFAA, the SCA does not require the plaintiff to prove a loss. A prevailing plaintiff may be awarded equitable relief and actual damages; statutory damages; punitive damages; or just attorney fees and costs. See, e.g., Van Alstyne v. Electronic Scriptorium, Ltd. , 560 F.3d 199 (4th Cir. 2009).

The question with respect to Count 6 ultimately comes down to: did the emails that Schrodt accessed on April 5th (which Sartori had already opened and kept on the Gmail web-based server) constitute "electronic storage" under either the "temporary, intermediate storage" or "backup protection" definition?

(i) Were the Emails in "Temporary, Intermediate Storage"?

The answer to this first question is easy: No. The clear weight of case law holds that once an email has been delivered and opened by the intended recipient, the email is not in "temporary, intermediate storage ... incidental to the electronic transmission thereof." Levin v. ImpactOffice LLC , 2017 WL 2937938, at *3 (D. Md. 2017) (noting the first definition of "electronic storage" in § 2510(17)(A) is "generally understood to cover email messages that are stored on a server before they have been delivered to, or retrieved by, the recipient," and following "the weight of authority that deems ‘temporary, intermediate’ storage status under § 2510(17)(A) to end when the emails have been delivered and opened by the recipient") (collecting cases, including United States v. Councilman , 418 F.3d 67, 81 (1st Cir. 2005) (en banc) ("The first category [in § 2510(17)(A) ] ... refers to temporary storage, such as when a message sits in an e-mail user's mailbox after transmission but before the user has retrieved the message from the mail server."); Theofel v. Farey-Jones , 359 F.3d 1066, 1075 (9th Cir. 2004) (collecting cases holding that emails are in "temporary, intermediate storage" when they are stored on an internet service provider's server and are "not yet delivered" to the recipient); Fraser v. Nationwide Mut. Ins. Co. , 352 F.3d 107, 114 (3d Cir. 2003) (finding an email that had been successfully sent and received was not in temporary, intermediate storage); United States v. Cioni , 649 F.3d 276, 286 (4th Cir. 2011) (noting in dicta in criminal case that "access to unopened e-mails is a requirement for proving a violation of 18 U.S.C. § 2701(a)")); see also In re DoubleClick, Inc. Privacy Litig. , 154 F. Supp. 2d 497, 512 (S.D.N.Y. 2001) (looking to legislative history and holding that "temporary, intermediate" storage for purposes of § 2510(17)(A) only applies to "electronic communications stored for a limited time in the middle of a transmission, i.e., when an electronic communication service temporarily stores a communication while waiting to deliver it") (citation and quotation marks omitted).

Perhaps recognizing the case law discussed above, Sartori doesn't even argue that the emails in this case satisfy the "temporary, intermediate storage" definition in the statute. See generally Pl. Resp. He instead limits his argument to the second "for purposes of backup protection" definition. See id. at 15-16.

(ii) Were the Emails in "Storage for Purposes of Backup Protection"?

The answer to this question is more difficult. See, e.g., Murphy v. Spring , 58 F. Supp. 3d 1241, 1270 (N.D. Okla. 2014) (observing that courts generally agree that § 2510(17)(A) doesn't extend to email messages that have already been delivered and opened, but noting that courts have disagreed on whether delivered and opened emails retained on a web-based service like Gmail "are covered by § 2510(17)(B)") (citing cases). The Eleventh Circuit has twice had the opportunity to weigh in on this issue, but it has twice refused to " ‘wade into the discussion.’ " See Brown Jordan , 846 F.3d at 1175 (quoting Vista Marketing , 812 F.3d at 963 (doing same)). Although there is no binding circuit precedent, it appears that a clear majority of courts have held that emails opened by the intended recipient (but kept on a web-based server like Gmail) do not meet the second definition of "electronic storage" either.

For example, consider United States v. Weaver , 636 F. Supp. 2d 769 (C.D. Ill. 2009). The district court there noted that the emails at issue in that case had already been opened, and thus "they are not in temporary, intermediate storage incidental to electronic transmission." See id. at 771. That left the "question ... whether the emails are in storage ‘for purposes of backup protection.’ " Id. In deciding that question, the district court began by citing the Ninth Circuit's decision in Theofel, supra (which is a case that Sartori relies upon here). The Weaver court quoted Theofel as saying:

"An obvious purpose for storing a message on an ISP's [internet service provider] server after delivery is to provide a second copy of the message in the event that the user needs to download it again—if, for example, the message is accidentally erased from the user's own computer. The ISP copy of the message functions as a "backup" for the user. Notably, nothing in the Act requires that the backup protection be for the benefit of the ISP rather than the user. Storage under these circumstances thus literally falls within the statutory definition."

Id. at 771-72 (quoting Theofel , 359 F.3d at 1070 ). The Ninth Circuit held that once a user receives an email, any version of that email on the ISP's server is a "copy" that is being stored for backup until the user's version " ‘expires in the normal course.’ " Id. (quoting Theofel , 359 F.3d at 1070 ). The district court in Weaver continued:

The Ninth Circuit's reasoning here relies on the assumption that users download emails from an ISP's server to their own computers. That is how many email systems work, but a Hotmail account is "web-based" and "remote." Fischer v. Mt. Olive Lutheran Church, Inc. , 207 F. Supp. 2d 914, 917 (W.D. Wis. 2002). Hotmail users can access their email over the web from any computer, and they do not automatically download their messages to their own computers as non-web-based email service users do. See James X. Dempsey, Digital Search & Seizure: Standards for Government Access to Communications and Associated Data , 970 PLI/Pat 687, 707 (2009). Instead, if Hotmail users save a message, they generally leave it on the Hotmail server and return to Hotmail via the web to access it on subsequent occasions. Id.

The distinction between web-based email and other email systems makes Theofel largely inapplicable here. As the Ninth Circuit acknowledged in Theofel itself, "A remote computing service might be the only place a user stores his messages; in that case, the messages are not stored for backup purposes." Theofel , 359 F.3d at 1070. Users of web-based email systems, such as Hotmail, default to saving their messages only on the remote system. A Hotmail user can opt to connect an email program, such as Microsoft Outlook, to his or her Hotmail account and through it download messages onto a personal computer, but that is not the default method of using Hotmail.

Thus, unless a Hotmail user varies from default use, the remote computing service is the only place he or she stores messages, and Microsoft is not storing that user's opened messages for backup purposes.... In the case of web-based email systems, Theofel generally is distinguishable.

Id. at 772. The district court then went on to say that to the extent Theofel couldn't be distinguished on the foregoing basis, it was unpersuasive and could not be "squared with legislative history and other provisions of the Act." Id. at 772-73. The court thus held that "[p]reviously opened emails stored by Microsoft for Hotmail users are not in electronic storage" for "backup protection" under § 2510(17)(B). Id. at 773.

As the Weaver court stated:

In the past, particularly at the time when [the SCA] was written, many email users accessed their email by downloading it onto their personal computers. That process often resulted in the deletion of the email from the computers of the service provider. Now, many users' email, especially their private as opposed to business email—including email that has been read but which still has value to the user—sits on a third party server accessible via the Web.

Weaver , 636 F. Supp. 2d at 772 n.2 (citation omitted). Gmail functions the same way as Hotmail in this regard. See, e.g. , Laura W. Morgan, Marital Cybertorts: The Limits of Privacy in the Family Computer , 20 J. Am. Acad. Matrim. Law. 231, 231 n.2 (2007) (noting that web-based email clients like " ‘Gmail, Hotmail, and Yahoo email’ " are where an email will remain " ‘stored at the server and not deleted after it is read.’ ") (citation omitted).

Numerous cases are in accord. See, e.g., Lazette v. Kulmatycki , 949 F. Supp. 2d 748, 758 (N.D. Ohio 2013) ("Emails which an intended recipient has opened may, when not deleted, be ‘stored,’ in common parlance. But in light of the restriction of ‘storage’ in § 2510(17)(B) solely for ‘backup protection,’ emails which the intended recipient has opened, but not deleted (and which remain available for later re-opening) are not being kept ‘for the purposes of backup protection."); see also id. at 758 & n.13 (citing cases and noting "several courts have agreed that only emails awaiting opening by the intended recipient are within this definition;" further noting that "courts taking a contrary view, and concluding that § 2510(17)(B) ‘backup storage’ includes opened, undeleted emails, are in a minority and involve, in my view, a strained reading of that provision"); Crispin v. Christian Audigier, Inc. , 717 F. Supp. 2d 965, 987 (C.D. Cal. 2010) (citing Weaver with approval and applying it to web-based email messages that were already delivered and opened by the intended recipient); Jennings v. Jennings , 401 S.C. 1, 7, 736 S.E.2d 242 (2012) (wherein the Supreme Court of South Carolina held in suit brought by a husband against his wife for reading emails to his girlfriend: "We decline to hold that retaining an opened email constitutes storing it for backup protection under the [SCA]. The ordinary meaning of the word ‘backup’ is ‘one that serves as a substitute or support.’ ... Thus, Congress's use of ‘backup’ necessarily presupposes the existence of another copy to which this e-mail would serve as a substitute or support. We see no reason to deviate from the plain, everyday meaning of the word ‘backup,’ and conclude that as the single copy of the communication, Jennings’ e-mails could not have been stored for backup protection."); accord Matter of Warrant to Search Certain Email Account Controlled and Maintained by Microsoft Corp. , 829 F.3d 197, 227 n.4 (2d Cir. 2016) (collecting cases and noting "the majority view is that, once the user of an entirely web-based email service (such as [Gmail] ) opens an email he has received, that email is no longer ‘in electronic storage’ on an electronic communication service") (Lynch, J., concurring).

To the extent the Ninth Circuit held otherwise in Theofel , that case has been the subject of widespread criticism. See, e.g., Anzaldua v. Northeast Ambulance & Fire Protection Dist. , 793 F.3d 822, 841-42 (8th Cir. 2015) (citing various critics and courts that "openly disagree with Theofel's reasoning," including, inter alia, Lazette and Jennings, supra , and Orin S. Kerr, A User's Guide to the Stored Communications Act, and A Legislator's Guide to Amending It , 72 Geo. Wash. L. Rev. 1208, 1217 (2004) ); United States v. Warshak , 631 F.3d 266, 291 (6th Cir. 2010) (noting criticism). In arguing that "the Ninth Circuit's analysis in Theofel is quite implausible and hard to square with the statutory text," Professor Kerr—a leading SCA commentator—has explained that:

An understanding of the structure of the SCA indicates that the backup provision of the definition of electronic storage, see id. § 2510(17)(B), exists only to ensure that the government cannot make an end-run around the privacy-protecting ECS rules by attempting to access backup copies of unopened e-mails made by the ISP for its administrative purposes. ISPs regularly generate backup copies of their servers in the event of a server crash or other problem, and they often store these copies for the long term. Section 2510(17)(B) provides that backup copies of unopened e-mails are protected by the ECS rules even though they are not themselves incident to transmission; without this provision, copies of unopened e-mails generated by this universal ISP practice would be unprotected by the SCA.

There are many statutory signals that support this reading. Several were raised by the United States as amicus and rejected by the Theofel court, See Theofel , 359 F.3d at 1076-77, but a host of other arguments remain. I think the most obvious statutory signal is the text of 18 U.S.C. § 2704, entitled "Backup Preservation." See 18 U.S.C. § 2704 (2000). Section 2704 makes clear that the SCA uses the phrase "backup copy" in a very technical way to mean a copy made by the service provider for administrative purposes. See id. The statutory focus on backup copies in the SCA was likely inspired by the 1985 Office of Technology Assessment report that had helped inspire the passage of the SCA. See Office of Tech. Assessment, Federal Government Information Technology: Electronic Surveillance and Civil Liberties (1985). The report highlighted the special privacy threats raised by backup copies, which the report referred to as copies "[r]etained by the [e]lectronic [m]ail [c]ompany for [a]dministrative [p]urposes." Id. at 50.

Kerr, A User's Guide , 72 Geo. Wash. L. Rev. at 1217 n.61.

It thus appears that most courts have held (and I agree) that the SCA doesn't reach and protect undeleted emails that have already been delivered and opened by the intended recipient. In that situation—which is what we have here—the emails are no longer "in electronic storage." Summary judgment is appropriate on Count 6 as well. IV. Conclusion

Sartori contends in his opposition to summary judgment that no federal Court of Appeal has held that an already-delivered and opened email retained on the server is not "in electronic storage" for "purposes of backup protection" under § 2510(17)(B). See Pl. Resp. at 15. That may be true. However, many courts (including a number of district courts and the South Carolina Supreme Court) and commentators (including Professor Kerr) have strongly and explicitly disagreed with the Ninth Circuit that held otherwise in Theofel. At least two circuits—the Eighth Circuit in Anzaldua and the Sixth Circuit in Warshak —have noted that Theofel has been criticized, but they were able to avoid directly addressing the issue, as did the Eleventh Circuit in both Brown Jordan and Vista Marketing. When and if the Eleventh Circuit is finally required to "wade into the discussion," I believe it will follow the majority and not follow Theofel. Indeed, although it is speculation, it is not unreasonable to infer that the Eighth, Sixth, and Eleventh Circuits avoided the issue in the foregoing cases because they were able to resolve the appeals on other grounds and thereby avoid creating a circuit split. See, e.g., United States v. Philip Morris USA, Inc. , 396 F.3d 1190, 1201 (D.C. Cir. 2005) (noting that "we avoid creating circuit splits when possible "); United States v. Alexander , 287 F.3d 811, 820 (9th Cir. 2002) ("Absent a strong reason to do so, we will not create a direct conflict with other circuits."); Chrysler Credit Corp. v. Country Chrysler Inc. , 928 F.2d 1509, 1521 (10th Cir. 1991) ("Splitting the circuits always is something we approach with trepidation."); accord United States v. Games–Perez , 695 F.3d 1104, 1115 (10th Cir. 2012) (Murphy, J., concurring in denial of rehearing en banc) ("[T]he circuits have historically been loath to create a split where none exists .... The avoidance of unnecessary circuit splits furthers the legitimacy of the judiciary and reduces friction flowing from the application of different rules to similarly situated individuals based solely on their geographic location.").

In his opposition to summary judgment, Sartori uses very strong and sinister-sounding language to describe Schrodt's actions in this case. He repeatedly states that she "hacked" into his private computer and personal online accounts to carry out a "cyber strike," and that she then used her "plunder" and "ill gotten loot for her own ends." See generally Pl. Resp. at 2-6, 12-13.

In fact, according to the undisputed evidence in this case, Schrodt logged onto a shared marital computer that she had authority to use; opened a Skype account that she had personally created; and discovered evidence that her husband had been having multiple affairs with numerous women, including women who worked with him in the Army. She then typed "Gmail.com" into the computer's internet browser. Because he was still logged into his Gmail account, his emails "popped up"—eight of which were titled "Skype"—and she read them. She later accessed his Gmail account a second time (because he had once again failed to log out of his account), and she downloaded the emails and gave them to her divorce attorney and to the Army for use in an official investigation. Even construing all the evidence in a light most favorable to Sartori, as I must do on summary judgment, it's not accurate to characterize what Schrodt did as hacking into a private computer to carry out a cyber strike and obtain loot and plunder for her own ends. Regardless of how her actions are characterized, there are no genuine disputed issues of material fact and summary judgment is clearly appropriate. Indeed, this case (which involves a man suing his ex-wife for money damages while he is in prison for assaulting her and while she is presumably the primary (if not sole) financial support for their three young children) calls to mind the words of Elihu Root: " ‘About half of the practice of a decent lawyer is telling would-be clients that they are damned fools and should stop.’ " Hill v. Norfolk and Western Railway Co. , 814 F.2d 1192, 1202 (7th Cir. 1987) (quoting 1 Jessup, Elihu Root 133 (1938)).

Most people would be justifiably surprised to learn that reading the email messages in that factual situation would even arguably violate federal law.

"Loot" and "plunder" generally refer to stolen things of value, like goods or money. See, e.g. , American Heritage Dictionary (5th ed) at 1036, 1356. It is difficult to see how the Skype transcripts and Gmail emails had "value" to Schrodt, at least in the general understanding of that term. In fact, Sartori filed evidence in opposition to summary judgment which shows that, if anything, it actually cost her to use the transcripts and emails. Specifically, as earlier noted, Sartori filed excerpts from Col. Connell's deposition where the Deputy Commander described the August 29th meeting with Schrodt and her divorce attorney. Col. Connell testified that when Schrodt first tried to give him the packet containing the transcripts and emails he told her:

I said, okay, look, if you want to give it to us, we'll take it, but here's a couple of things that you need to know. And I kind of laid out everything.

I said, if everything in this is true, then your husband will probably be thrown out of the Army, he'll lose his Special Forces tab. He'll probably be thrown out of the Army with a poor characterization of service, so nonhonorable characterization of service. This will result in a reduction of chances or opportunities of getting a job post Army career. The other thing is you will lose your benefits. He will not be eligible for retirement because the amount of time—I think it was 13 years that he was in at the time—there will be no benefits for your children. There will be no benefits for you. You will effectively be out of the Army.

* * *

... And then I finished up with, if you still want to give it to me, you can.

(doc. 39 Ex. 2 at 11-13) (emphasis supplied). Despite his cautionary warning, Schrodt handed him the packet and walked out. See id. at 13. Whatever else one might say about what Schrodt did, it is simply inaccurate to describe it as computer hacking for loot and plunder.

For the reasons stated above, the defendant's motion for summary judgment (doc. 34) is GRANTED. The Clerk shall enter a judgment in favor of the defendant, along with taxable costs, and close this case.

In addition to seeking final judgment and an award of taxable costs, Schrodt makes a passing request at the end of her motion for "attorneys' fees pursuant to 18 U.S.C. § 2707(b)(3)." Def. Mot. at 19. That statutory provision states that a person aggrieved by a violation of the SCA may bring a civil action and recover, inter alia , reasonable attorney's fee. It does not state that a prevailing defendant is entitled to recover her fees under the statute. Thus, Schrodt's request for attorney fees is denied.

DONE and ORDERED this 25th day of November 2019

Nevertheless, even if Schrodt didn't have implied consent to access Sartori's Gmail account on May 6th, the discussion and analysis in the text above regarding her April 5th access would apply equally to that subsequent access.


Summaries of

Sartori v. Schrodt

United States District Court, N.D. Florida, Pensacola Division.
Nov 25, 2019
424 F. Supp. 3d 1121 (N.D. Fla. 2019)

granting defendant summary judgment on the plaintiff's SCA claim and noting that "most courts have held (and I agree) that the SCA doesn't reach and protect undeleted emails that have already been delivered and opened by the intended recipient" because those emails "are no longer 'in electronic storage'"

Summary of this case from Thornton v. Thornton
Case details for

Sartori v. Schrodt

Case Details

Full title:Jason SARTORI, Plaintiff, v. Julie SCHRODT, Defendant.

Court:United States District Court, N.D. Florida, Pensacola Division.

Date published: Nov 25, 2019

Citations

424 F. Supp. 3d 1121 (N.D. Fla. 2019)

Citing Cases

The Republic of Gam. v. Facebook, Inc.

"Although there is no binding circuit precedent, it appears that a clear majority of courts have held that…

Providence Title Co. v. Truly Title, Inc.

Although there is no binding precedent on this issue, this Court agrees with the “clear majority of courts…