Published August 08, 2014 19:17

Lawyers cite customer privacy for details in cases in which company is accused of spying on its customers

R. Robin McDonald, Daily Report
August 8, 2014

Former customers who are suing Aaron's Inc. and its franchises claim that when the rental company installed remotely activated secret spyware on its rental computers, company employees had few, if any, concerns about the privacy of the customers whose screen shots, webcam photos and computer keystroke logs they intercepted and recorded. But—in the name of customer privacy—the lawyers defending the suits are seeking to limit public access to the litigation by asking for broad restrictions on the use of discovery in the cases.

In pleadings potential class action suits against Aaron's and its franchises in federal court in Pennsylvania and in Atlanta, lawyers defending the rental company or its franchises have attempted to dramatically expand protective orders that plaintiffs' lawyer Andrea Hirsch of Herman Gerel in Atlanta said originally were intended to shield from public scrutiny personal information such as passwords and bank account, credit card and Social Security numbers.

Attorneys on both sides of the litigation have agreed that personal identifying information should remain confidential. But in court pleadings in the Pennsylvania case they fought bitterly over what, if anything else, should be filed under seal and available only to the lawyers in the case.

In that case, a protective order issued by the magistrate judge—over defense lawyers' objections—allows plaintiffs' lawyers to disclose information they obtained from Aaron's or its franchisees to other customers who had rented or bought computers containing the spyware, even if the information snagged by the secret software belonged to a non-renter (such as a friend or relative) who was using the computer at the time the spyware was activated.

In a motion now pending in one of two Atlanta cases stemming from the spyware allegations, attorneys representing Aaron's franchise SEI/Aaron's Inc. are asking U.S. District Chief Judge Thomas Thrash Jr.—to whom both Atlanta cases have been assigned—to do what the Pennsylvania court would not. They want to bar rental customers from reviewing any information captured surreptitiously by spyware on their rental computers unless they can prove they owned or authored the information in question.

They also are asking that any information that the franchise turns over to Hirsch and her cocounsel during discovery to be used only in the Atlanta suit and barred from use in any other case.

"Many if not all of the SEI computers at issue had more than one user and it may not be appropriate to show every image to the customer simply because his name is on the lease," SEI lawyers contend. "Rather, images or data should be disclosed only to the original source of the information or person who was using the computer at the time the information was captured. Otherwise, plaintiffs' counsel could inadvertently create the very type of disclosures that their lawsuits purport to remedy."

SEI/Aaron's lawyers have also sought to shield company business plans, sales or marketing information, confidential technical "know-how," and all other "sensitive proprietary, commercial and financial information that would be competitively harmful if made public," including materials in the custody of parent company Aaron's Inc. and the bankrupt company that designed the spyware.

Thrash said in a July scheduling order that any party wishing to file documents under seal must first present a motion or a consent order to the court and that the court clerk is not authorized to accept any document to file that has been designated as under seal without an order from the court. He has not yet ruled on the SEI/Aaron's protective order request.

Hirsch said that in the class action privacy case against Aaron's and its franchises that is pending in federal court in Pennsylvania, she and her cocounsel "fought tooth and nail" on behalf of the lead plaintiffs—a couple whose rental computer had included the secret spyware software—and succeeded in keeping defense attorneys from throwing a blanket of confidentiality over the entire case.

Now, she said, attorneys defending Aaron's franchisee SEI in Atlanta are trying the same tactic. "They wanted everything locked down and didn't want it to be used in any other case," she said.

Alston & Bird attorneys Spencer Pryor and Kristine Brown, who are representing Aaron's in the Pennsylvania litigation, could not be reached for comment. Burke Noble, an attorney at Drew, Eckl & Farnham who is defending SEI/Aaron's Inc. in the Atlanta case, also could not be reached.

But in a brief filed in the Pennsylvania case, Aaron's lawyers laid out their objections to the Pennsylvania protective order as not restrictive enough. They said they were not trying to hide information from the proposed class of customers who rented or bought computers containing the spyware software, stating: "Aaron's is simply asking for proper protections for what plaintiffs claim is incredibly sensitive information."

Hirsch said that if defense lawyers succeed in securing the sweeping protective order they have requested in Atlanta, they would bar her and her colleagues from using information obtained during the Atlanta litigation in any other case involving the Aaron's spyware, forcing her and her cocounsel to relitigate discovery issues in every case brought by an Aaron's customer who may have been spied on.

Last October, the U.S. Federal Trade Commission and Aaron's reached an agreement that bars the company from installing spyware to gather consumer information from its rental computers or to track the location of those computers without the express consent of its customers at the time of rental.

But the federal suits contend that Aaron's has elected not to notify any customers who had rented or bought computers containing the spyware or alert them as to whether the spyware had been activated while those computers were in use.

In a brief opposing the more expansive protective order in the SEI/Aaron's case in Atlanta, Hirsch said there appeared to be little legitimate basis for SEI's position "other than to discourage future related lawsuits against SEI by perpetuating the cover-up of SEI's bad conduct, and by making the discovery process across the board as burdensome and costly as possible."

"Virtually none of the SEI customers who were spied upon by SEI know that they were harmed," Hirsch continued. "And SEI wants to keep it that way. SEI has refused to tell those customer-victims that their confidential and personal information has been compromised (which would permit those victims to protect themselves by changing passwords, monitoring credit, etc.). SEI's litigation strategy is to cover up its conduct by preventing class members from even learning they were spied upon. … SEI should not be permitted to use a protective order to shield it from future litigation and liability."

"If we learned about someone who was spied on," Hirsch told the Daily Report this week, "they didn't want us to be able to contact them, even though that was the only way for them to know they were harmed. They just wanted to use the protective order to shield them from future litigation."

In a Pennsylvania filing, Aaron's lawyers said as much. "The risk that plaintiffs' counsel will attempt to use this information to 'stir up' litigation and 'drum up' new plaintiffs is not speculative because they are already doing so," they said. "Within the last few months these same attorneys have filed three additional lawsuits, two of which include class definitions that overlap and compete with the very class plaintiffs seek to certify here."

Frederick Whalen, one of four plaintiffs in one of the two Atlanta spyware cases, would not have known that Aaron's had spied on his computer activities and would have had no reason to sue, if his name had not been among those customers who were identified in a federal suit against Aaron's in Pennsylvania as having rented spyware-infected computers, Hirsch said.

Neither would two Colorado attorneys—Michael Peterson and Matthew Lyons—who also sued Aaron's, as well as its Colorado franchisee, in federal court in Atlanta. They claimed that the companies used spyware to remotely capture more than 4,700 screen shots and nearly 2,500 keystroke entries, much of it privileged information associated with attorney work product or clients, between 2010 and 2011.

According to court documents in the Atlanta and Pennsylvania suits, Aaron's and its franchises since 2007 have spied on their computer rental and lease-to-buy customers using a software program known as PC Rental Agent that was embedded in Aaron's computers.

If customers were late paying their rental fees, company or franchise employees would activate the spyware and use it as a way of attempting to collect late payments.

According to the Pennsylvania complaint, an Aaron's franchisee used the spyware to photograph lead plaintiff Brian Byrd via the computer's webcam. Then a representative of the rental franchise went to the customer's home, telling him that he owed rental fees and showing him a photo taken by the webcam of the customer as he sat at the computer playing Internet poker.

Byrd had bought the computer as part of a lease-to-buy agreement with Aaron's and had paid the bill in full, according to the complaint.

Hirsch has estimated that Aaron's has culled more than 500,000 images, emails, keystrokes and documents from computers either rented or purchased by its customers using the spyware. The Pennsylvania suit alleges that webcams activated by the spyware also have snapped photos of children, individuals who were not fully clothed and computer users engaged in sexual activities within camera range. All, according to the suits, constitute an invasion of privacy and computer trespass.

Back to all news