Remember to Check Your Settings: The Perils of Family Sharing Plans

This quote is very appropriate in the context of the dissolution of a marriage and accompanying family law issues. Everything seems to be going great in one’s marriage, with their children, and their financial status. Then it all disappears in the blink of an eye. All of a sudden, the marriage shatters, and life is now completely upside down. The last thing on your client’s mind is checking their family sharing plan settings while planning all the legal, financial, and personal ramifications of a divorce. Failure to button up your client’s electronic settings and passwords is perilous and can really have adverse effects on your representation.

Imagine if text messages or photos regarding your client’s new love interest pop up for all shared users of the parties’ family sharing plan, or if the opposing party is able to track all movements of your client at the click of a button.

This would be a disaster for your client and would make an already stressful situation much more difficult to manage. The information could be used in litigation, could ruin the chance of successfully achieving your client’s goals, and could make any semblance of a relationship between the parties much more difficult to achieve. The disclosure of this type of information to the opposing party could also make the chances of success at mediation or other forms of alternative dispute resolution slim. Most, if not all, jurisdictions have provided their attorneys with guidance to counsel their clients on the issues of technology and properly securing their electronic information.

Advisory Opinions

The North Carolina State Bar specifically addressed a lawyer’s duties in discussing the ramifications and necessary safeguarding of social media in Formal Ethics Opinion 5, adopted on July 17, 2015. This Opinion “rules a lawyer must advise a civil litigation client about the legal ramifications of the client’s postings on social media as necessary to represent the client competently.” Rule 1.1 of the North Carolina Rules of Professional Conduct, just as codified in Rule 1.1 of the American Bar Association’s Rules of Professional Conduct, requires lawyers to provide competent representation to a client.

Comment [8] to Rule 1.1 specifically states that a lawyer “should keep abreast of changes in the law and its practice, including the benefits and risks associated with the technology relevant to the lawyer’s practice.” “Relevant technology” includes social media. As stated in an opinion of the New Hampshire Bar Association, N.H. Bar Ass’n Op. 2012-13/05, “counsel has a general duty to be aware of social media as a source of potentially useful information in litigation, to be competent to obtain that information directly or through an agent, and to know how to make effective use of that information in litigation.”

In the context of family law, nearly all your client’s postings will likely be deemed relevant and material. A lawyer must advise their client of the legal ramifications of all electronic and social media postings, as well as the necessity of safeguarding the client’s accounts. Lawyers may advise clients to set to private or change security settings to the highest level of restricted access. N.C. Bar Ass’n Formal Op. 5 (July 17, 2015); NYCLA Ethics Op. 745 (July 2, 2013); Pa. Bar Ass’n Formal Op. 2014-300 (Sept. 30, 2014).

What Is Family Sharing?

Family sharing is a feature that allows up to usually six family members to share access to their online services, photos, and downloads for backup in the cloud. Depending on your settings, a family sharing plan could allow access to apps, music, movies, shows, books, locations, and photos for each family member in the family sharing plan. The organizer of the family sharing plan, an adult, invites the family members to join the sharing plan. When family members join, they get access to the other members’ subscriptions and content that is eligible for sharing. The organizer of the group typically enables everything that is shared among the group. If you are not the organizer, you are likely not in control of what can and cannot be shared.

Family sharing is often a “no-brainer” because it often offers considerable savings by allowing up to six family members to share app purchases, subscriptions, photos, and cloud storage. As a result, if your marriage is secure and you are using family sharing to share family photos and purchases, family sharing is a great thing. Other added benefits to family sharing are reports about how much time members of the plan spend on screen time and location settings. This sounds like an incredible way to organize your family, share memories, and save money.

However, an active family sharing plan with all permissions granted would not be great for concealing lawyer visits and screen time usage and could be harmful if your client’s photographs or downloads pop up on the shared plan.

The Law Regarding the Interception of Electronic Communications—Electronic Communications Privacy Act of 1986 (ECPA), 18 U.S.C. § § 2510–2523

The Electronic Communications Privacy Act and the Stored Wire Electronic Communications Act are commonly referred to together as the Electronic Communications and Privacy Act of (ECPA) of 1986. The ECPA updated the Federal Wiretap Act of 1968, which addressed interception of conversations using “hard” telephone lines but did not apply to interception of computer and other digital and electronic communications. Several subsequent pieces of legislation, including the USA PATRIOT Act of 2001, clarify and update the ECPA to keep pace with the evolution of new communication technologies, and transmission and storage methods.

Under the ECPA, there was the creation of civil and criminal penalties for any person who intentionally

• intercepts, uses, or discloses any wire or oral communication by using any electronic, mechanical, or other device, or
• without authority accesses a wire or electronic communication while in storage.

While there are penalties for intentional violation of any these two provisions of the ECPA, the interception of electronic communications is distinguished from accessing electronic communications that are in storage. Stiffer penalties were intended and provided by law under the ECPA.

How Does the ECPA Define Interception and Storage?

“Interception” is defined by the ECPA as the “aural or other acquisition of the contents of any wire, electronic or oral communication through the use of any electronic, mechanical of other device.” Storage is defined by statute as “any temporary, immediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and any storage of such communication by an electronic communication service for purposes of backup protection of such communication.”

The ECPA does apply to traditional telephone conversations, but in terms of the exposure of information regarding a family sharing plan, the types of communications to consider are text messages, photo sharing, location services, and other forms of electronic postings using one’s mobile device.

Does the ECPA Apply to Information Received from Your Client’s Family Sharing Plan?

Consent is perhaps the important factor to consider when evaluating whether the ECPA applies to a client’s information obtained by the opposing party. If your client has given consent to being a member of a family sharing plan, any information obtained will most likely be fair game and admissible at trial. The reason is that the ECPA only prohibits unauthorized use, disclosure, or interception. If your client has given their spouse passwords or allowed their spouse access to their electronic/social network accounts, then the court will be the arbiter as to whether your client has given consent to have their spouse access and authorization to the content of their accounts. This is a risky proposition and can easily be avoided by having your client change their passwords, revoke password authorization, and remove themselves from their family sharing plan.

During a marriage, it is not uncommon for spouses to provide access to their accounts and give authorization for viewing and sharing information in their respective electronic accounts. Explicit authorization is not necessary from your client if they have routinely given blanket access to their account passwords to their spouse. Anything that is found during any of these searches is often fair game and will be admissible and not actionable under the ECPA. While there are certain nuances to consent, and that issue must be determined on a case-by-case basis, it is better practice to secure and change these passwords, permissions, and authorizations to avoid disclosure of sensitive information.

Bottom line, the ECPA only applies to intentional interception and/or unauthorized access to your client’s electronic communications. It would be difficult to imagine a scenario where the information from a family sharing plan that is obtained by an opposing party would not be used in the manner as the recipient sees fit. Blanket permissions and consents to electronic information could become a big problem because of all the information that is shared on a wide-open family sharing plan. The amount of information available would certainly be driven by the organizer of the family sharing plan. If the organizer is the opposing party, good luck!

Information obtained from family sharing plans is likely always going to be fair game under the ECPA. The best and safest way that your client may protect themselves from an unintended disclosure is to remove all settings that allow sharing/disclosures under their family sharing plan. Unless the party is a minor, the user under the family sharing plan has a specific user ID and may elect to make the necessary changes to remove the sharing of information from their device to other family members under the family sharing plan. Once this is done, it would take intentional actions on the part of the opposing party to acquire new passwords and to bypass necessary permissions for access to sensitive information. If the opposing party uses these means to obtain your client’s information, then the ECPA and criminal and civil penalties could apply from this type of conduct.

What Kind of Criminal and Civil Penalties Are Possible for Violation of the ECPA?

A violation of the ECPA may lead to civil and criminal penalties. The amounts of civil damages can vary based on the type of conduct. Civil damages can add up quickly because continuous violations may accrue daily; therefore, these amounts can multiply quickly. Attorney fees are recoverable from resulting violations of the ECPA, which are often high in prosecuting these types of matters.

Perhaps most importantly in the civil area, punitive damages are available to the victim if the behavior around the violation is especially malicious. This can often be the case, especially when the victim has specifically taken steps to safeguard their information. Also, any information obtained from a violation of the ECPA is inadmissible in court and cannot be used against the victim in court. Even viewing or listening to material obtained in violation of the ECPA could subject that person to liability under the ECPA, even if they had nothing to do with the illegal obtaining of the information.

Finally, the criminal penalties are quite harsh under the ECPA. Each violation of the ECPA may lead a court to impose a term of imprisonment for up to five years. Criminal exposure is significant because when a violation of the ECPA occurs, it is often multiple acts. If this sounds particularly awful, there are state laws that criminalize the illegal interception, use, and disclosure of protected communications under that state’s statutes. While the elements and penalties of state violations vary, they most likely will be severe.

Where Does All of This Leave Us?

As shared above, family sharing plans can be a treasure trove of information that can adversely affect your client’s case. It is incumbent, and frankly required, that lawyers warn their clients of the dangers of these information sharing plans. Your client needs to check their settings, passwords, and protections to ensure they do not inadvertently share information to their spouse.

Some helpful tips to share with your client are as follows:

• Remove yourself, or at least the sharing of your information, from the family sharing plan;
• Change and create new passwords for all of your electronic accounts;
• Download your content out of shared accounts;
• Do a security sweep for any type of surveillance apps;
• Stop using jointly shared accounts and make sure to secure any sensitive information;
• Disable location sharing on your devices; and
• Stay off social media!

New technologies and family sharing plans are often a great resource, and utilization is a smart decision for families. However, once there is marital trouble on the horizon and things start to heat up, your client must be mindful and take all necessary steps to secure their communications. Properly advising your client of the perils of their family sharing plan could be a winning strategy for their case.