Facebook Hijacking Case Revived by 2nd Circuit


     MANHATTAN (CN) – In a case involving sex, cyberbullying and the statute of limitations, a schoolteacher filed her lawsuit just in time to accuse of her ex-boyfriend of taking over her Facebook account to post obscene messages, the Second Circuit ruled on Tuesday.
     The court warned in its opinion that the case demonstrates the “troubling” predicament of victims of hacking who are unable to learn the identity of their attackers within two years.
     Last year, schoolteacher Chantay Sewell filed a $350,000 lawsuit accusing her ex-boyfriend Phil Bernardin of hacking into her AOL and Facebook accounts to barrage her friends and family with sexually explicit slander.
     The Brooklyn Federal Court case bore all the hallmarks of salacious tabloid fodder.
     The New York Post reported that the defendant, Phil Bernardin, was a dean of a Queens public school with a lengthy acting career that boasted a credit on “Sesame Street,” and court papers accused him of sending “malicious statements” to Sewell’s loved ones about her supposed “sexually transmitted diseases and sexual activities.”
     Beneath the surface, a more arcane legal dispute brewed that would create a new precedent of interpreting the Computer Fraud and Abuse Act and Stored Communications Act.
     Both laws have a two-year statute of limitations.
     Sewell said she tried to trace the electronic fingerprints of her intruder after finding she was locked out of her AOL account on Aug. 1, 2011, and again when she noticed a password change on her Facebook account on Feb. 24, 2012.
     Her lawyer Harvey Mars said in a phone interview that she sought the identities through a subpoena of Verizon Internet records.
     Sewell easily met the two-year window in her lawsuit against her ex-boyfriend’s wife Tara Bernardin in early 2013.
     While that case ended in a settlement, Sewell’s separate lawsuit against Phil Bernardin hit a bump with U.S. District Judge Arthur Spatt, who ruled last year that she filed the case too late.
     On Tuesday, the Second Circuit agreed this was true as to the AOL accounts, but not the later Facebook intrusion.
     Writing for a unanimous three-judge panel, Circuit Judge Robert Sack acknowledged that the laws’ speedy statute of limitations could present “troubling consequences in some situations.”
     “Even after a prospective plaintiff discovers that an account has been hacked, the investigation necessary to uncover the hacker’s identity may be substantial,” the opinion stated. “In many cases, we suspect that it might take more than two years. But it would appear that if a plaintiff cannot discover the hacker’s identity within two years of the date she discovers the damage or violation, her claims under the CFAA and SCA will be untimely.”
     Sewell’s lawyer Mars called this window a “very draconian time frame” in a phone interview.
     “Two years is a very, very short amount of time,” he said. “If they are unaware of who the hacker is, they still have to initiate a lawsuit.”
     Still, Mars said that he and his client were “ecstatic” that the appellate court treated the intrusions separately.
     “What I’m happy about is that the Second Circuit, within those constraints, applied it in a liberal way,” he said.
     In his ruling, Sack called the statute of limitation issues involved in the case a “matter of first impression in this circuit.”
     Echoing this, Mars noted that his client’s lawsuit is “a leading case now.”
     Bernardin’s attorney did not immediately respond to a request for comment.

%d bloggers like this: