Archived Pages

Sunday, June 27, 2021

Disputed allegations in malicious prosecution suits against Apple raise data protection issues

Apple Store Osaka (Sébastien Bertrand CC BY 2.0)
A case of identity theft, now the subject of lawsuits against Apple and a security contractor, SIS, in three jurisdictions, seems to have raised an alarm about data protection.  But the case might be more complicated, as the defendants have accused the plaintiff of false pleadings.

Plaintiff Ousmane Bah was a 17-year-old Bronx honors student and permanent resident alien applying for citizenship at times relevant to the complaints.  An acquaintance of Bah's acquired Bah's temporary New York driving learner's permit (ID); it is disputed what Bah knew about the acquisition.

The ID did not have a photo, and the biographical data did not match the acquaintance's in all particulars, such as height.  Nevertheless, when the acquaintance was, according to the complaints, apprehended trying to shoplift from Apple stores in New York, New Jersey, and Massachusetts, he was misidentified as Bah.  Bah was criminally charged, subject to arrest warrants, and repeatedly compelled to defend himself.  The case does not directly implicate the known risk of race discrimination in facial recognition algorithms.  But in Bah’s version of events, Apple's use of facial recognition technology to identify the perpetrator in subsequent incidents gave police a false confidence that the suspect was Bah.

Apple and SIS have filed for Rule 11 sanctions in New Jersey and characterize the complaint in that jurisdiction as fiction.  They rely on discovered communication between Bah and the acquaintance to allege that Bah knew well that he was being impersonated, and that misidentification resulted from the acquaintance’s deliberate deception, not from error on the part of Apple or SIS. 

Media have been quick to seize on the allegations in the initial complaint, which does resonate with extant privacy issues in public policy.  If the plaintiff’s allegations are complete and accurate, then the case speaks to Americans’ lack of comprehensive data protection law.  A data protection regulation like Europe’s, generally speaking, would shift the burdens of fair and accurate identification to the defendants, rather than a victim of identity theft, time and again.

Moreover, if the plaintiff’s allegations are complete and accurate, the case has unpleasant overtones in race and socioeconomic equality.  A mismatch of data between the false ID and the acquaintance's appearance prompts concern that “black” was all the retailer needed to see, and one must worry whether persons of limited means can afford to defend themselves against false charges and wrongful arrest, not to mention the collateral effects of publication of misidentification to third parties, such as employers and creditors.

Bah claims defamation and malicious prosecution.  The complaints at least allege evidence in support of actual malice, which Apple and SIS deny.  Malicious prosecution is usually a claim made against public officials in tandem with civil rights violations, but the tort is viable against private parties who initiate criminal proceedings on false pretenses.  Whether the plaintiff’s allegations hold up, I do not know.  The counter-allegations of Apple and SIS in seeking sanctions in the New Jersey case are biting.

The cases are:

  • Bah v. Apple Inc., No. 1:19-cv-03539-PKC (S.D.N.Y. filed Apr. 22, 2019) (Court Listener);
  • Bah v. Apple Inc., No. 2:20-cv-15018-MCA-MAH (D.N.J. filed Oct. 27, 2020) (Court Listener); and
  • Bah v. Apple Inc., No. 1:21-cv-10897-RGS (D. Mass. filed May 28, 2021) (Court Listener).
Bah is represented in the New York case by UMass Law alumnus Subhan Tariq, '13.  My thanks to Steven Zoni, '13, for bringing this case to my attention.

No comments:

Post a Comment