A Missouri judge is making it very hard to sue Ashley Madison over last year's massive data breach. First, the U.S. district court judge ruled that breach victims couldn't sue the company anonymously, meaning that their names will go into the public record as users of the infidelity dating website. Now, that same judge has ruled that plaintiffs cannot use hacked data to build their case against the company. So Ashley Madison is legally protected, for now, from the secrets exposed in the hack of its client records and corporate email.
Ashley Madison's parent company Avid Life Media faced a rush of John Doe lawsuits after the hack that exposed the identity of millions of its users. In the Missouri suit, 42 plaintiffs filed under pseudonyms alleging that Ashley Madison failed to “adequately secure” users’ personal and financial information. When a hacking group named “Impact Team” leaked the identities of users last summer, it revealed that the site had been lax on security and had retained records of users who had paid the company for a permanent deletion of their accounts.
Avid Life Media asked that its leaked documents be kept under wraps during court proceedings because they had been criminally obtained. U.S. District Judge John A. Ross sided with the company, even though the wide distribution of those documents online is the very thing users argue turned their lives to turmoil.
“The fact that the content of some of Avid's internal documents … has been to some extent placed on the internet and reported in news articles does not change the nature of the documents. They remain stolen documents,” the judge wrote in an April 29 ruling.
The plaintiffs had argued that the documents were no longer confidential, because they are widely distributed on the internet. This was the same argument Google used when fighting for the right to use emails exposed in the Sony Pictures hack in a legal battle with the MPAA—and while Google was barred from using the hacked documents themselves in the case, which is ongoing, the company has cited press articles that reference the documents in their filings.
In the Ashley Madison decision, the judge found that even news articles referencing the leak were off limits. While journalists were protected under the First Amendment in publishing the stolen information online, he wrote, attorneys involved in private litigation had differing ethical responsibilities.
“The fact that plaintiffs intend to use only news articles quoting from the original documents as opposed to the original documents themselves is, in the court's view, a distinction without a difference,” Judge Ross wrote. “The quality and nature of the information remains the same. It is stolen information and cannot form the basis for a good faith belief of evidentiary support for a pleading.”
Users suing Ashley Madison also argued that omitting those documents from evidence gave Ashley Madison an unfair advantage—and an ability to potentially hide the very misconduct that users are suing over.
The silver lining to this cloud is that the documents revealed in the hack could come out during the case's discovery process. “Regardless of whether some of the documents at issue may be ultimately discoverable, Avid has, and has always had, the right to keep its own documents until met with proper discovery requests or ordered to disclose them by the court," wrote the judge.
So to get the hacked documents admitted in court, the plaintiffs will need to ask Ashley Madison to produce them. Luckily, the plaintiffs have a very good idea of the smoking gun documents it should request.