“Self Help” Discovery in Someone Else’s Dropbox is Held to be Sanctionable

Maryland Supreme Court Rejects Proposed Sanctions Rule Paralleling Fed.R.Civ.P. 37(e)
November 3, 2023
Don’t “Game” Answering to Interrogatories – Problem Can Be Avoided Using Court Forms
November 12, 2023

“A trial-level judge in New York has sanctioned [attorneys’ name deleted] for ‘rummaging’ through the Dropbox of its litigation opponent after a third-party vendor accidentally revealed the link in discovery.” D. Cassens Weiss, Unauthorized ‘rummaging’ through opponent’s Dropbox leads to sanction against this law firm (abajournal.com)(Oct. 9, 2023); see also M. Laus, New York Judge Sanctions Robins Kaplan Over Dropbox Access | JDJournal (Oct. 10, 2023); J. Lundin, Court Sanctions Litigant for Accessing Inadvertently Produced Dropbox Link – Lundin PLLC (Oct. 22, 2023).

Due to “surreptitiously and repeatedly” accessing Dropbox files made available through a link, a litigant and its counsel were ordered to pay $156,000 and return the information that they had improperly obtained. Id. The ABA article reports that:

The Dropbox link [sent to defendant] provided live access to [plaintiff] Pursuit’s cloud-based corporate file directory. [The reviewing law firm] said it[1] didn’t review a directory called “Legal,” but [Justice] Cohen said the law firm shouldn’t have reviewed anything.

The situation “should have raised professional alarm bells—loud ones,” [Justice] Cohen said.

Cohen called the review of Pursuit’s documents “something more akin to corporate espionage.” Instead of stopping the review and making sure that its client did the same, [the attorney] “went on the offensive and threatened to use the information gleaned during its clandestine review for litigation advantage,” [Justice] Cohen said.

In fact, after completing that review, defense counsel wrote a letter stating that all privileges had been waived and the files would be used in deposition and public filings.  Defendant demanded dismissal of the lawsuit.

Ms. Weiss reported that the reviewing attorney “told Law360 and Reuters in an email statement that all the documents referenced in the letter were later produced in discovery.” In fact, Justice Cohen wrote that 92% of the same documents were produced in discovery and defendant did not seek to use the remaining 8%.

Ms. Weiss reports that defense counsel “also said he did not review anything protected by attorney-client privilege.”  Justice Cohen’s opinion states:

Defendants’ counsel represented at the hearing that “I opened the Legal file enough to learn that I shouldn’t look at it. I stopped looking at them. But, Your Honor, the issue here is what did I do afterwards. I preserved the information and I let them know. Yes, it took a week because I’m very busy, but I let them know that”…. Counsel further observed that “when I saw where I was, without waiving my work product privilege, believe me, I was incredibly careful about what I was doing”….

Defense counsel told Ms. Weiss that an appeal will be noted.

The decision is Pursuit Credit Special Opportunity Fund, L.P. v. Krunchcash, LLC, 2023 NY Slip Op. 33448(U) (Sup. Ct. N.Y. Co. Oct. 4, 2023)(unreported)(Cohen, J.).

In the opinion, the court wrote that: “This motion presents novel questions about litigation counsel’s obligations when she or he comes into possession, through non-party discovery, of a DropBox link that provides live access to an opposing party’s cloud-based corporate file directory.”  The opinion stated: “The parties have not cited (and the Court has not found) any precedent or guidance that directly addresses this vexing and concerning fact pattern.” It added that it had not found “or been directed to guidance covering the precise fact pattern presented in this case – counsel using a hyperlink that permits unauthorized review of a litigation adversary’s live electronically-stored corporate files.”

Justice Cohen’s decision is well written, well researched, and well-reasoned.  The court emphasized that it was addressing “unproduced electronic documents.” [italics in original].  It wrote that”[w]hat makes this situation different, in the Court’s view, is that Plaintiff’s corporate file directory was not ‘produced” at all (although some of the documents contained within that directory ultimately were to be produced).”

The Pursuit Special court viewed the documents as confidential. That was not disputed.  It wrote that “privilege has not been asserted with respect to the documents that have been inadvertently produced….”

In my view, one factor that was central to Justice Cohen’s analysis was that – because this was “unproduced” material – counsel was short-circuiting the discovery process.  The court wrote: “It should have been apparent to counsel that repeatedly accessing Pursuit’s live files via a DropBox link was outside the scope of the discovery process.”  It added that, even if the link should not have been produced, “that does not provide a license for opposing counsel to conduct an unauthorized remote search of Pursuit’s active electronically stored corporate files.”  The decision states that “counsel’s attempt to use documents obtained through an unauthorized search of Pursuit’s computer files to obtain litigation advantage constitutes, in the Court’s view, a ‘breach of the orderly disclosure scheme set forth in CPLR article 31.’”

Justice Cohen reviewed Harleysville Ins. Co. v. Holding Funeral Home, Inc., 2017 WL 4368617 (W.D. Va. Oct. 2, 2017), which involved an insurance coverage dispute in which the issue was whether a fire had been deliberately set.  He concluded that, although the facts differed, the Harleysville decision supports his conclusion that defense counsel “should have acted differently….” To that point, the Justice specifically criticized the “rummaging” through the linked files – which was beyond the scope of discovery – and then weaponizing the fruits of the poisonous tree.

In Harleysville, an insurer’s investigator uploaded a video to Box, a cloud storage platform.  The investigator sent a link to an insurance bureau in an email marked as “privileged.”  Then, the investigator uploaded a claims file with privileged information to the same Box folder.  He sent a link to the insurance bureau and counsel, not realizing that it was the same link as the prior one and that it linked to the now privileged documents.

Later, the insured served a subpoena on the insurance bureau, and that entity produced the investigator’s email and link.  The link now pointed to both the original unprivileged data and the subsequent data marked as “privileged.” The court explained what happened next:

Insureds’ counsel downloaded and reviewed the Claims File. During their review, Insureds’ counsel noted that certain documents were marked as “Confidential” and “Attorney-Client Privileged.” Upon discovering these documents, they contacted the Virginia State Bar’s ethics hotline for advice as to how to proceed, as well as conducted research of their own. Insureds’ counsel, incorrectly assuming that Harleysville had used the Box Folder to share the [privileged] Claims File with NICB, came to the conclusion that any attorney-client and work-product privileges had been waived by Harleysville and continued their review of the file. Insureds’ counsel neither notified Harleysville’s counsel that they were in possession of the Claims File nor sought this court’s ruling on the issue of waiver.

Not surprisingly, in Harleysville the insurer later discovered the production of its privileged documents and moved to disqualify the insured’s counsel.  The court wrote: “Upon my in camera review of the Claims File, I find that it did, in fact, contain clearly privileged material…. Insureds’ counsel have conceded that they reviewed the entire Claims File and that they shared the Claims File with counsel for both sides in the related criminal case.”

In pertinent part, after finding that the disclosure was inadvertent, the court wrote:  “Insureds’ counsel did not conduct themselves appropriately, and there is evidence to support Harleysville’s assertion that they ‘attempted in bad faith to conceal [their] access of the [Box Folder] and procurement of [the Claims File],”’….”  While denying the disqualification request, the Harleysville court imposed sanctions precluding the use of certain evidence.

Justice Cohen correctly concluded that Harleysville supported His Honor’s decision in Pursuit Special.

Several other decisions “demonstrate that surreptitious ‘self-help’ to obtain evidence from an opponent outside of the discovery process, even if it occurs prior to commencement of an action, is – at a minimum – imprudent.”  “Civil Vigilantism” – Sanctions for Surreptitious “Self-Help” Investigation.

For example, in Glynn v. EDO Corp., 2010 WL 3294347 (D. Md. Aug. 20, 2010), the late Judge J. Frederick Motz addressed a situation where a friendly current employee of a defendant-employer was surreptitiously sending the employer’s information to a former employee who was suing that employer.  Judge Motz wrote that the Court need not decide whether the improperly obtained documents were “proprietary, confidential, or protected by the attorney-client or work product privileges.”

Instead, Judge Motz stated that “it was inappropriate for [plaintiff and plaintiff’s lawyer] to surreptitiously acquire these internal [employer] documents outside of the normal discovery channels. It was not for [plaintiff and plaintiff’s lawyer] to unilaterally decide whether the documentation [that the current employee] was tunneling to them from [the employer’s] computers was proprietary, confidential, or privileged. Rather, those decisions are best resolved through the formal discovery process.”  Accord Harleysville, 2017 WL 4368617, at *13 (litigant should not usurp the court’s role by making a unilateral determination).

The distinction between legitimate investigation and improper “corporate espionage” is generally pretty clear.

However, there may be some times – not present in Pursuit Special or Harleysville – where it is not clear.  In those circumstances, Pursuit Special and Harleysville suggest caution and seeking a ruling from the court before unilaterally acting.  The Hon. Peter Messitte wrote that “in an area of law and ethics whose contours can only be described as blurry,” the “issue is not whether counsel incorrectly interpreted unsettled law, but whether [counsel] displayed an inappropriate disregard for the unsettled nature of that law….”  Camden v. State of Md., 910 F. Supp. 1115, 1124 (D. Md. 1996)(citation omitted; superseded on other grounds); accord Harleysville, 2017 WL 4368617,*11 (when there is no explicit guidance, lawyer should act in a way that promotes confidence and integrity of profession), *14 (“err on the side of caution”)

In other words, when an ethical issue is gray, additional caution is prudent.[2]

This blog was initially posted on  Electronic Discovery Reference Model and  JD Supra.


[1] The word “it” may have significance because, in a footnote, the New York court wrote that it was not clear whether the client had accessed the “Legal” file.  Dropbox contained folders marked “Legal,” “Tax,” and “Financials.”  The court wrote that: “Among other things, they included privileged documents, tax documents, personal identifying information of investors, and Pursuit’s ESI collection at the direction of counsel of an entire email box.”

[2] One issue – not addressed in this blog – was whether the litigant had violated an “attorneys’ eyes only” designation.  The court held that there was insufficient evidence to show a violation.  The court also distinguished “modern attachment” or “hyperlink” cases. See generally  “Modern Attachments” or “Pointers”- What is a Document? (Part IV) and “Modern Attachments,” ESI Protocols, & Second Chances