TORONTO - Lawyers representing former Ashley Madison users who are suing the company for last summer's data breach can't use leaked internal emails and documents to make their case, a Missouri judge has ruled.
In an April 29 order, judge John Ross ruled in favour of a motion from Ashley Madison parent company Avid Life Media Inc.'s lawyers, who argued that citing the leaked documents would be unethical and harmful to users whose privacy was breached. Ross also prohibited plaintiffs' counsel from referring to media reports quoting the leaked documents.
"However distasteful it may be that some of the email communications between Avid and its counsel may show wrongful or inappropriate conduct, the Court cannot and will not allow Plaintiffs to take advantage of the work of hackers to access documents outside the context of formal discovery," Ross wrote in the order. "To do so would taint these proceedings and, if left unremedied, potentially undermine the integrity of the judicial process."
Last summer, hackers dumped Ashley Madison's user database online, exposing the personal information of people who had signed up in search of an affair. In a separate leak, they also released the contents of then-chief executive Noel Biderman's email account, which contained sensitive internal documents and correspondence.
Michael Crystal, a class action lawyer at Spiteri & Ursulak LLP who specializes in privacy and data breaches, said this issue has yet to be tested in court in Canada. In the U.S., the order sets an important precedent that will make it more difficult for the victims of corporate data breaches to seek redress, he said.
"It is a game-changer," he said. "It penalizes those who suffered a privacy breach."
Lawyers for the plaintiffs will have to rely on documents they can obtain through discovery to support their lawsuit, which they hope to certify as a class action. That means emails between Avid Life Media executives and the company's lawyers released by the hackers will almost certainly be excluded under solicitor-client privilege.
Those emails include correspondence between Biderman and lawyers about how to avoid legal trouble over the computer-generated messages sent to male Ashley Madison users, which were meant to make them think they were talking to a woman interested in a tryst so they would spend more money on the site. They also include internal discussion of corporate data security.
Avid Life's lawyers argued the emails and documents were stolen, making it unethical and unfair for the plaintiffs' lawyers to use them to build their case. Three former Ashley Madison users who are not part of the proposed class action filed a memorandum in support of the defendants' motion, arguing it would encourage further dissemination of their personal information if the judge ruled the hacked data and documents are part of the public domain.
Lawyers for the plaintiffs responded by arguing the documents and media reports quoting them are already freely available to anyone with an Internet connection. "Plaintiffs and their attorneys, who played no role in obtaining or publishing the documents, are entitled to rely on this public information in preparing their pleadings," they wrote.
The order was the second blow to the plaintiffs in less than a month. On April 6, Ross ruled that former Ashley Madison users who want to participate in the lawsuit must use their real names.
Avid Life Media, its lead lawyers, and the lead lawyers for the plaintiffs in the lawsuit did not respond to requests for comment.