How do you identify an anonymous hacker?

An unknown person allegedly hacked plaintiff’s information systems and temporarily rendered plaintiff’s email system inoperable. Not knowing who to sue, plaintiff sued a number of “John Doe” defendants under the Computer Fraud and Abuse Act and the Stored Communications Act. It was yet to identify the anonymous hacker.

But that was as far as plaintiff could go without the court’s help. Since plaintiff did not know the real names of the defendants, it could not serve the complaint on them. To learn defendants’ identities, plaintiff sought permission from the court to seek expedited discovery.

Early discovery to identify an anonymous hacker

Under the rules of procedure, a party may not start serving discovery requests (including subpoenas) until the plaintiff and defendant have held their Rule 26(f) conference. But the parties cannot hold that conference unless their identities are known. So, in circumstances where “good cause” exits, courts will allow plaintiffs to send subpoenas before the Rule 26(f) conference.

In this case, plaintiff asked for permission to send a subpoena to the internet service provider associated with the IP address used to hack plaintiff’s system.

When is there good cause to grant early discovery?

The court found good cause to permit limited discovery prior to the Rule 26(f) conference. Without information from the ISP, plaintiff could not amend its complaint to name the appropriate defendant, let alone effectuate service of that pleading.

The court recognized that the subscriber whose information was on file with the internet service provider may not be personally responsible for the allegedly wrongful access. But he or she may have information that would assist in identifying the alleged bad actor. The court found, therefore, that the subscriber’s identity was relevant and discoverable under the broad scope of applicable rules.

The court’s order allowing expedited discovery contained certain important limitations, to curb against potentially expansive and intrusive discovery. It permitted plaintiff to serve a subpoena on the internet service provider. But plaintiff could only seek the name and address of the subscriber associated with the IP address used to access plaintiff’s systems.

Re: Gaaays In Spaaace v. John Does (1-10) et al., 2020 WL 6042289 (D.N.J. October 13, 2020)

See also: Finding out who infringed copyright – identifying infringers

Evan Brown, nondisclosure agreementsEvan Brown is a technology and intellectual property attorney in Chicago. This content originally appeared on evan.law.

2 Comments

  1. […] In the case of Re: Gaaays In Spaaace v. John Does (1-10) et al., 2020 WL 6042289 (D.N.J. October 13, 2020) the Court made an order allowing expedited discovery against an internet service provider to obtain the IP address used to hack the plaintiff’s system.  There was a comment on the case on Evan Brown’s blog. […]

  2. […] Re: Gaaays In Spaaace v. John Does (1-10) et al., 2020 WL 6042289 (D.N.J. October 13, 2020). The Court made an order allowing expedited discovery against an internet service provider to obtain the IP address used to hack the plaintiff’s system.  There was a comment on the case on Evan Brown’s blog. […]

Comments are closed.

Scroll to top