Blog

September 1, 2011 Uncategorized

Court won’t let marijuana activist change his legal name to njweedman.com

In re Robert Edward Forchion, Jr., 2011 WL 3834929, (Cal.App. 2 Dist. August 31, 2011)

A long time marijuana activist (who now self-identifies as a “marijuana capitalist”) asked a California court to legally change his name to match the domain name of his website — njweedman.com. The court denied the request.

The court gave three reasons why it would not allow the name change:

  • A name change would last indefinitely, but a domain name could expire or be lost. Therafter, people might be confused.
  • The name change would associate the petitioner’s legal name with a website that advocates illegal activities, and that should not be allowed.
  • The petitioner tried to change his name in New Jersey back in 2001 but failed. The California court, looking to principles of “comity,” went along with the New Jersey Court.

At least we know Sunshine Megatron is not as controversial.

August 31, 2011 Privacy

Sexy MySpace photos stay out of evidence

Webb v. Jessamine County Fiscal Court, 2011 WL 3652751 (E.D. Ky. August 19, 2011)

Plaintiff filed a civil rights lawsuit against the local jail and other governmnet officials after she gave birth while incarcerated. She claimed, among other things, that the jail’s failure to get her proper medical care before and during the delivery caused her extreme humiliation, mental anguish and emotional distress.

The defendants tried an extremely bizarre and highly questionable tactic — they sought to use provocative photos purportedly copied from plaintiff’s MySpace profile, to demonatrate that it is “less probable that [plaintiff] would experience humiliation and mental anguish by being in a jail cell while delivering a baby.” Defendants claimed that the photos were “of such a nature that a reasonable person would be embarrassed if such photographs were placed in public view.”

In other words, defendants argued that because plaintiff would post photos like that of herself online, she did not have the dignity to be free from being ignored or called a child and a liar during labor.

The court granted plaintiff’s motion in limine, excluding the photos from evidence. It found that the photos were irrelevant:

Although the appearance of provocative photos online may cause some humiliation, it bears no relation at all to the extreme humiliation and mental anguish a woman forced to go through labor on her own in a jail cell would bring.

The court also found that the defendants had not properly authenticated the photos, i.e., had not provided enough supporting evidence to show that they actually were of plaintiff. The photos that the defendants offered bore “no indicia of authenticity, such as a web address or a photo of these images on the public MySpace account from which Defendants claim they originated.”

August 29, 2011 Privacy

Using remote tracking software to find stolen laptop may have violated federal wiretap statute

Clements-Jeffrey v. City of Springfield, Ohio, 2011 WL 3678397 (S.D. Ohio August 22, 2011) [PDF copy of opinion]

Services that help track down stolen laptops and other lost mobile hardware are indispensable. Consider, for example, the year-long saga of Jeff Blakeman who used MobileMe to help recover his MacBook Pro that a TSA agent stole from checked luggage. Or how Joshua Kaufman used the remote recovery application Hidden to snap pics of the creepy dude who made off with his MacBook.

It is hard to not rejoice when one reads stories about laptop thieves being brought to justice. And we generally feel no pangs of conscience over whether the apprehended criminal had any privacy rights that were violated when he was being monitored with the software.

But what if the person being tracked did not steal the device, and did not know that it was stolen? Do we then care about whether the remote tracking process violated that person’s privacy? If so, how should that privacy right stack up against the theft victim’s right to get his or her property back?

A recent case from Ohio shows how the privacy right of the innocent user can constrain the rightful owner from using all means of what we might call “remote self help.” The court applied the Electronic Communications Privacy Act (“ECPA”) in a way that should cause users and purveyors of theft recovery services to reevaluate their methodologies.

Hot communications using hot property

The facts of the case were salacious and embarassing. Plaintiff bought a non-functioning laptop for $60 from one of her students (she was a substitute teacher at an “alternative” high school). After she got the computer working, she used it to have sexually explicit communications with her out-of-state boyfriend — they even got naked in front of their webcams with one another.

As it turns out, however, the student who sold plaintiff the laptop had stolen it. The teacher claimed she did not know it was purloined. The original, rightful owner of the laptop had installed Absolute Software’s LoJack for Laptops on the device. After it was stolen, and after it had made its way into plaintiff’s hands, Absolute began its work of locating the machine and gathering information about its whereabouts and its user.

In this process, one of Absolute’s employees obtained real-time access to what was happening on the stolen computer. He was able to collect keystrokes of the sexually explicit communications, and gather three screen shots of plaintiff and her boyfriend, both naked, fooling around on the webcam.

Absolute turned the information — including the X-rated screen shots — over to the police. Plaintiff was arrested and handcuffed. The criminal court dismissed the case against her.

But plaintiff (and her boyfriend) sued. They brought several claims against the police for violation of their constitutional rights, and claims against Absolute for, among other things, violation of the ECPA. Absolute moved for summary judgment on the ECPA claim but the court denied the motion. The court found that Absolute could not show, as a matter of law, that it should not be liable for the interception of the explicit communications.

Legitimate privacy expectation, even on a stolen computer

Subject to certain exceptions, the ECPA prohibits one from surreptitiously intercepting or disclosing the contents of any wire, oral or electronic communications of another. The defendants first argued that plaintiff could not put forward a valid ECPA claim because she did not have a legitimate expectation of privacy in these communications.

The court rejected this argument, finding that plaintiff’s belief as to her privacy was reasonable both subjectively and objectively. She felt safe enough to engage in the explicit communications (subjective belief), and she demonstrated that she had no reason to suspect the laptop was stolen (objective belief). Had she known or had reason to know it was stolen, her claim of privacy would have been subordinated to the possessory interest of the owner. (As an aside, there was some interesting evidentiary wrangling that went on a few weeks ago about defendants’ expert witnesses opining on internet privacy. Read more about that at Bow Tie Law.)

Public policy did not come to the rescue

Absolute next argued that certain exceptions to liability for violation of the ECPA should protect it. The court rejected each of these arguments. It found that the exception for those acting “under color of law” to track down “computer trespassers” did not apply, because Absolute was a private entity, not one acting under color of law. The court also rejected Absolute’s argument that it could divulge the intercepted contents as a provider of an electronic communications service. The court found that Absolute did not provide an “electronic communications service to the public” as defined by the ECPA.

So Absolute was left with one final argument, namely, that public policy should shield it from liability for the unauthorized interception and disclosure of the keystrokes and screen shots. Absolute argued that the legal owner of the stolen laptop should be able to take steps to locate and recover that property, and that the rights of the property owner must trump those of a thief.

The court declined to implement such a per se rule, noting that:

It is one thing to cause a stolen computer to report its IP address or its geographical location in an effort to track it down. It is something entirely different to violate federal wiretapping laws by intercepting the electronic communications of the person using the stolen laptop.

In so many words, the court was saying that Absolute went too far in collecting the contents of the communications being made on the stolen computer. Had the information collection stopped at IP addresses and other non-content information, the remote tracking efforts may not have run afoul of the ECPA.

August 11, 2011 Computer Crime, Privacy

Court sides with college accused of snooping on student’s email

Reichert v. Elizabethtown College, 2011 WL 3438318 (E.D.Pa. August 5, 2011)

Plaintiff’s threatening behavior toward certain faculty members of his college led the administration to monitor plaintiff’s school-issued email account. Plaintiff’s lawsuit against the school included claims for violation of the Electronic Communications Privacy Act (ECPA), the Stored Communications Act (SCA), and common law invasion of privacy.

The college moved to dismiss these claims and the court granted the motion.

The court found that the ECPA claim failed because plaintiff did not allege the interception of the email messages was contemporaneous with the messages’ transmission. As for the SCA claim, the court noted that the statute protects electronic communications providers from liability for searches of their own systems which are used to provide the service. The school provided the service, so it could not be liable for monitoring its own system. And as for invasion of privacy, the court found that plaintiff had failed to allege the mental distress required to sustain such a claim.

July 27, 2011 Computer Crime

Computer Fraud and Abuse Act case against hard drive destroying director goes forward

Deloitte & Touche LLP v. Carlson, 2011 WL 2923865 (N.D. Ill. July 18, 2011)

Defendant had risen to the level of Director of a large consulting and professional services firm. (There is some irony here – this case involves the destruction of electronic data, and defendant had been in charge of the firm’s security and privacy practice.)

After defendant left the firm to join a competitor, he returned his work-issued laptop with the old hard drive having been replaced by a new blank one. Defendant had destroyed the old hard drive because it had personal data on it such as tax returns and account information.

The firm sued, putting forth a number of claims, including violation of the Computer Fraud and Abuse Act (CFAA). Defendant moved to dismiss for failure to state a claim upon which relief can be granted. The court denied the motion.

Defendant argued that the CFAA claim should fail because plaintiff had not adequately pled that the destruction of the hard drive was done “without authorization.” The court rejected this argument.

The court looked to Int’l Airport Centers LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006) for guidance on the question of whether defendant’s alleged conduct was “without authorization.” Int’l Airport Centers held that an employee acts without authorization as contemplated under the CFAA if he or she breaches a duty of loyalty to the employer prior to the alleged data destruction.

In this case, plaintiff alleged that defendant began soliciting another employee to leave before defendant left, and that defendant allegedly destroyed the data to cover his tracks. On these facts, the court found the “without authorization” element to be adequately pled.

June 21, 2011 Litigation

Prosecutor’s Facebook postings did not warrant overturning conviction

State v. Usee, 2011 WL 2437271 (Minn. App. June 20, 2011)

A jury convicted defendant of attempted murder and other violent crimes. He asked the court for a Schwartz hearing (which is what they call these things in Minnesota) to evaluate whether a posting by the prosecutor on her public Facebook page improperly influenced the jury. According to affidavits that defendant submitted to the court, the prosecutor made the culturally insensitive remark that she was keeping the streets safe from Somalis.

The trial court denied the motion for a Schwartz hearing. Defendant sought review. On appeal, the court affirmed the denial of the motion.

It held that there was no evidence that the Facebook posting led to any jury misconduct. The jurors had been instructed not to research the case. (And we all know that jurors take those instructions seriously, right?) Any harm to defendant’s interests, the court found, would merely be speculative.

June 20, 2011 Computer Crime, Privacy

Court upholds criminal intimidation conviction over threats to distribute sexually explicit photo

State v. Noll, 2011 WL 2418895 (Ind. App. June 14, 2011) (Not selected for publication)

Defendant used a sexually explicit photo of the victim in an attempt to gain leverage in an intra-family dispute. She handed an envelope containing the photo to the victim, and indicated she would begin distributing the photo if certain demands were not met.

Defendant was convicted of intimidation under Indiana law. She sought review of her conviction. On appeal, the court affirmed.

One of the arguments that defendant made on appeal was that there was no intimidation because distribution of the photo to persons such as the victim’s husband or co-workers would not subject her to hatred, contempt, disgrace or ridicule as required by the Indiana statute. Defendant pointed out that the victim had posted the sexually explicit photo of herself at issue on the web five years earlier. So in essence, defendant argued, further distribution would do the victim no harm.

The court rejected this argument, finding:

The fact that [victim] already publicized the material herself certainly merits consideration, but is not alone determinative because publicizing material to a particular audience does not necessarily mean that further, targeted, publication would not lead to hatred, contempt, disgrace, or ridicule. In other words, we consider [victim’s] posting of these photographs online in the past as it might mitigate reputational consequences of [defendant] mailing the photographs to others. Although internet websites are of an unusually public and long-lasting nature, we also recognize that making an obscure set of photographs available online is qualitatively different in nature from directly mailing the same photographs as hard-copies addressed to a particular individual or company. [Victim’s] husband or employer could have discovered [victim’s] prior internet posting of the photographs, but a direct mailing is certain to reach them.

The court similarly rejected defendant’s argument that because the victim had posted the photo on the web before, she had no reasonable expectation of privacy in the photo and thus could not be the subject of intimidation. The court disagreed with the analogy to the Fourth Amendment expectation of privacy because in this case, the privacy interest was the victim’s, not the defendant’s. So use of such an analogy might “misdirect [the court] from the determinative issue of whether she would be exposed to reputational consequences.”

June 16, 2011 Evidence, Trademarks, Unfair Competition

Customer reviews on social media provide important evidence in trademark dispute

Chipotle Mexican Grill, Inc. v. Chipotles Grill of Jonesboro, Inc., 2011 WL 2292357 (E.D. Ark. June 9, 2011)

The awesome burrito place Chipotle sued another restaurant that called itself Chipotles for trademark infringement. Plaintiff sought a preliminary injunction. The court granted the motion.

One of the most important factors in the court’s decision to grant injunctive relief was the plaintiff’s showing that it will likely succeed on the merits of the case. In a trademark infringement action, that analysis takes the form of the likelihood of confusion analysis.

Among the factors that a court should consider in determining whether there is a likelihood of confusion is whether there has been any actual confusion among members of the consuming public. In this case, the court found that the evidence plaintiff submitted of actual confusion was “substantial.”

In addition to a number of emails that customers had sent to plaintiff, the court looked to a couple of customer review sites — urbanspoon.com and Yahoo’s associatedcontent.com — each of which contained customer reviews that erroneously linked plaintiff and defendant. The court found this to constitute actual confusion, which could not be remedied even through reasonable care on the part of the consumers.

The case gives a good example of how companies (and their competitors) should be aware of how their brands appear in social media. Evidence of actual confusion is a powerful tool for a trademark plaintiff (and a potentially damning one for a trademark defendant). Smart companies will ensure they remain aware of how their marks and overall brand identity are being put forth, even off the beaten path on the web.

Evan Brown is a Chicago-based attorney practicing technology and intellectual property law. Send email to ebrown@internetcases.com, call (630) 362-7237, or follow on Twitter at @internetcases.

June 15, 2011 Computer Crime

Violent posts on social media profile determined to be threats

This is a post by Jonathan Rogers. Jon is a licensed attorney in California, with a focus on technology and entertainment law. You can reach him by email at jon@jonarogers.com or follow him on Twitter at @jonarogers.

Holcomb v. Com., — S.E.2d —, 2011 WL 2183100 (Va.App., Jun 07, 2011)

Appellant challenged his conviction over posts he made to MySpace on his profile page, arguing that they did not constitute the knowing communications of a threat. He argued that MySpace posts were not the type of communication contemplated by the statute, and his postings did not constitute a threat. Appellant posted violent original lyrics which were clearly about his child’s mother.

Appellant had been convicted under a provision of Virginia law that provides:

Code § 18.2–60(A)(1):

Any person who knowingly communicates, in a writing, including an electronically transmitted communication producing a visual or electronic message, a threat to kill or do bodily injury to a person, regarding that person or any member of his family, and the threat places such person in reasonable apprehension of death or bodily injury to himself or his family member, is guilty of a Class 6 felony.

Appellant argued that he did not knowingly communicate the posts within the meaning of the statute because he posted them through his profile, which was available for anyone to view, as opposed to a communication aimed directly at the victim. The court found that there was no requirement that a threat be communicated directly to the intended victim. It instead focused on the fact that an “electronically transmitted communication” produced a “visual or electronic message” that could be viewed by anyone accessing the MySpace profile. It was enough that the victim was able to identify herself based on the references in his posts and that the appellant knew the victim had access to the profile. In fact, the court found, he knew she had viewed it previously.

Appellant’s second argument was that the posts were not threats under the statute. He argued they were lyrics which he had a history of writing and posting on his profile. The court disagreed, finding that because of specific references to the victim, and the unusual subject matter of the lyrics, the post contained statements that would place the victim in “reasonable apprehension of death or bodily injury.” The court pointed to actions taken by the victim, including moving in with her parents, and her testimony that she felt scared after seeing the postings.

The court found the online postings to MySpace where threats which placed apprehension in the victim. So the court upheld the convictions.

June 14, 2011 Copyright, Electronic Discovery, Privacy

Court deals blow to anonymous Bittorrent defendants’ efforts to challenge subpoenas

West Coast Productions v. Does 1 – 5,829, — F.Supp.2d —, 2011 WL 2292239 (D.D.C. June 10, 2011)

The judge in one of the well-known mass copyright cases filed by Dunlap, Grubb & Weaver a/k/a U.S. Copyright Group (West Coast Productions v. Does 1 – 5,829) has issued an order denying motions to quash filed by several of the unnamed defendants. Plaintiff had served subpoenas on the ISPs associated with the IP addresses allegedly involved in Bittorrent activity, seeking to learn the identity of those account holders.

The ruling is potentially troubling because the court refused to even consider the arguments presented by those anonymous parties who did not reveal their identity in connection with the motion to quash. Such an approach undermines, and indeed comes close to refusing altogether to recognize any privacy interest that a person may have concerning his or her ISP account information.

The court observed that the Federal Rules of Civil Procedure require that a party must identify himself or herself in the papers filed with the court. In some situations, however, a court may grant a “rare dispensation” of anonymity after taking into account the risk of unfairness to the party seeking anonymity as well as the general presumption of openness in judicial proceedings.

In this case, the court noted that other courts had “uniformly held that the privacy interest in [ISP account] information is minimal and not significant enough to warrant the special dispensation of anonymous filing.”

Absent from the court’s analysis was the potential for harm to defendants who were the subject of these subpoenas but might have the ability to demonstrate (anonymously) that they were not involved. In cases involving adult content, in particular, the harm of being publicly associated with that content — even if the association turns out to be in error — is one that should not be disregarded in this way. Moreover, taking away the ability of an anonymous defendant to challenge his unmasking will encourage extortionate-like behavior on the part of copyright plaintiffs hoping to extract a settlement early in the case. If writing a check is the only way to keep from having to turn one’s name over (and this case pretty much establishes that rule), then more settlements should be expected.

The court went on to reject the arguments in favor of motions to quash filed by John Does who had provided their contact information to the court. The court found that it was premature to rule on any objections based on a lack of personal jurisdiction because the defendants filing the motions had not actually been named as a party. And the court rejected the arguments that the defendants were improperly joined into the action, noting the allegations in the complaint that the IP addresses were involved in a single Bittorrent swarm.

Evan Brown is a Chicago-based attorney practicing technology and intellectual property law. Send email to ebrown@internetcases.com, call (630) 362-7237, follow on Twitter at @internetcases, and be sure to like Internet Cases on Facebook.

Scroll to top