Blog

February 8, 2011 Electronic Discovery, Privacy, Uncategorized

Facebook user had standing to challenge subpoena seeking his profile information

Mancuso v. Florida Metropolitan University, Inc., 2011 WL 310726 (S.D. Fla. January 28, 2011 )

Plaintiff sued his former employer seeking back overtime wages. In preparing its defense of the case, the employer sent supboenas to Facebook and Myspace seeking information about plaintiff’s use of those platforms. (The employer probably wanted to subtract the amount of time plaintiff spent messing around online from his claim of back pay.) Plaintiff moved to quash the subpoenas, claiming that his accounts contained confidential and privileged information. The court denied the motion as to these social networking accounts, but did so kind of on a technicality. The subpoenas were issued out of federal district courts in California, and since this court (in Florida) did not have jurisdiction over the issuance of those subpoenas, it had to deny the motion to quash.

But there was some interesting discussion that took place in getting to this analysis that is worth noting. Generally, a party does not have standing to challenge a subpoena served on a non-party, unless that party has a personal right or privilege with respect to the subject matter of the materials subpoenaed. The employer argued that plaintiff did not have standing to challenge the subpoenas in the first place.

The court disagreed, looking to the case of Crispin v. Christian Audiger, Inc. 717 F.Supp.2d 965 (C.D. Cal. 2010), in which that court explained:

[A]n individual has a personal right in information in his or her profile and inbox on a social networking site and his or her webmail inbox in the same way that an individual has a personal right in employment and banking records. As with bank and employment records, this personal right is sufficient to confer standing to move to quash a subpoena seeking such information.

This almost sounds like an individual has a privacy right in his or her social media information. But the p-word is absent from this analysis. So from this case we know there is a right to challenge subpoenas directed at intermediaries with information. We’re just not given much to go on as to why such a subpoena should be quashed.

February 3, 2011 Anonymity

Federal court applies Seescandy.com test to unmask anonymous defendants in copyright and privacy case

Liberty Media Holdings, LLC. v. Does 1-59, 2011 WL 292128 (S.D. Cal., January 25, 2011)

Plaintiff porn company sued 59 anonymous defendants it knew only by IP address for violation of the Stored Communications Act (SCA), the Computer Fraud and Abuse Act (CFAA) and for copyright infringement. Since plaintiff did not know who the defendants were, it had to jump through a few hoops to find out their names.

The court rewarded such hoop-jumping by ordering that the defendants’ identities be turned over.

Hoop #1 – The Cable Communications Policy Act of 1984

A subpoena to the defendants’ internet service providers would reveal the needed information. But these ISPs, being governed by the Cable Communications Policy Act of 1984, could not turn over their subscribers’ information without a court order. (See 47 USC 515(c)(2)(B))

Hoop #2 – Discovery prior to the Rule 26(f) conference

What’s more, a plaintiff cannot start conducting discovery (and a subpoena is a discovery tool) until after it has had the initial conference with the defendant (the Rule 26(f) conference). But how can a plaintiff confer with a defendant it does not know? There is a bootstrapping problem here. The court has to step in and issue an order allowing the discovery be had.

Hoop #3 – Balancing injury versus right to anonymous speech

And getting that court order is a bit problematic and nuanced when one is dealing with anonymous defendants. The courts recognize the conflict between a need to provide injured plaintiffs with a forum in which they may seek redress for grievances, and the right of John Doe defendants to use the internet anonymously or pseudonymously when appropriate.

So judges apply a balancing test to weigh these interests. Different courts apply different tests. Some apply a very demanding standard, requiring plaintiffs to present enough facts to withstand a hypothetical motion for summary judgment. Other cases require a lesser burden be carried, looking merely to whether the complaint would survive a motion to dismiss. That’s the standard the court applied in this case.

The Seescandy.com standard

It looked to the 1999 case of Columbia Ins. Co. v. Seescandy.com, 185 F.R.D. 573, 577 (N.D.Cal.1999) which articulated the following test:

  • First, the plaintiff should identify the missing party with sufficient specificity such that the Court can determine that (the) defendant is a real person or entity that could be sued in federal court …
  • Second, the (plaintiff) should identify all previous steps taken to locate the elusive defendant …
  • Third, Plaintiff should establish to the Court’s satisfaction that plaintiff’s suit against (the) defendant could withstand a motion to dismiss … Plaintiff must make some showing that an act giving rise to civil liability actually occurred and that the discovery is aimed at revealing specific identifying features of the person or entity who committed the act.

In this case, the court found that each of these criteria had been met across the board.

It found that plaintiff had identified the defendants as best it could. Plaintiff provided the court with the unique IP addresses assigned to each defendant and the ISP that provided each defendant with internet access. Further, the requested discovery was necessary for plaintiff to determine the names and addresses of each defendant who performed the allegedly illegal and infringing acts.

The only information plaintiff had regarding the defendants was their IP addresses and their ISPs. Therefore, there were no other measures plaintiff could have taken to identify the defendants other than to obtain their identifying information from their ISPs.

And the court found the allegations supporting each of the claims were sufficient to survive a motion to dismiss.

As to the SCA, the complaint alleged that defendants intentionally accessed plaintiff’s web servers, which are facilities where electronic communication services are provided, defendants had no right to access the copyrighted materials on plaintiff’s website, and defendants obtained access to these electronic communications while these communications were in electronic storage.

On the CFAA claim, the complaint alleged that defendants unlawfully and without authorization entered into plaintiff’s computer server, which was used in interstate commerce, where plaintiff’s copyrighted materials were contained, stole plaintiff’s copyrighted materials, valued in excess of $15,000, and as a result of such conduct, caused plaintiff to suffer damage. Based on these facts, 18 USC 1030(g) authorized plaintiff’s civil action.

And as for copyright infringement, plaintiff alleged that it is the owner of the copyrights for certain motion pictures, which were accessed, reproduced, distributed and publicly displayed by defendants. Also, plaintiff alleged that defendants, without authorization, intentionally accessed, reproduced and distributed plaintiff’s copyrighted works onto their local hard drives or other storage devices.

January 22, 2011 Privacy

College must reinstate nursing student who posted placenta picture on Facebook

Byrnes v. Johnson County Community College, 2011 WL 166715 (D. Kan., January 19, 2011)

Plaintiff nursing student and some of her classmates attended a clinical OB/GYN course at the local hospital in Olathe, Kansas last November. They got permission from their instructor to photograph themselves with a placenta. Plaintiff posted the photo on Facebook. She got expelled from school. Yes, I know you want to see the photo. Here it is.

So she sued the college for violation of her due process rights and sought an injunction ordering that she be reinstated. The court granted the motion.

The court found that the appeal process that the college provided to plaintiff was in no way a fair and unbiased opportunity for her to fully present her case before a neutral and unbiased arbitrator.

The instructor had granted permission for plaintiff to take the picture — and may have consented to its publication on Facebook — but plaintiff did not get an adequate chance to make that argument. The court observed that “photos are taken to be viewed,” and that “by giving the students permission to take the photos, which [the instructor] admitted, it was reasonable to anticipate that the photos would be shown to others.”

Also relevant in the analysis was the absence of any apparent privacy right implicated by showing the placenta. Nothing in the photo showed any patient identification, nor were any of the nursing students able to testify that they knew the patient’s identity. The court found it irrelevant that the placenta appeared to be “fresh,” rejecting the defendants’ implications that that would somehow indicate who the patient was.

Because plaintiff had shown a likelihood of success on her due process argument, and had met the other requirements for the injunction (such as a showing of irreparable harm if not reinstated), the court granted the order that plaintiff be permitted to take last semester’s final exams and permitted to go back to class.

January 13, 2011 Litigation

Tweet by friend of husband of jury foreperson did not taint jury trial

U.S. v. Forde, 2011 WL 63831 (4th Cir. January 10, 2011)

Defendant was convicted of bankruptcy fraud and some other similar crimes. One of his arguments on appeal was that the trial court judge erred by not holding a hearing to investigate alleged juror impropriety. The jury foreperson’s husband’s friend had posted the following tweet during the trial:

assume: suppose to be the case, without proof; presume: suppose that something is the case on the basis of probability.

The appellate court rejected the defendant’s argument. It held that the duty to investigate juror impropriety arises only when the party alleging misconduct makes and adequate showing of extrinsic influence to overcome the presumption of jury impartiality. “In other words, there must be something more than mere speculation.”

The court found that “the string of possibilities” about the tweet — i.e., that the foreperson possibly talked to her husband, who possibly talked to his friend, who possibly took to Twitter in response to what the husband possibly told him — was nothing but speculation and thus fell far short of establishing reasonable grounds for investigation.

December 28, 2010 Defamation

Seventh Circuit: Website operator does not have to obey injunction in defamation case

Blockowicz v. Williams, No. 10-1167, (7th Cir. December 27, 2010)

Plaintiffs got an injunction that ordered defendants to remove defamatory content from the web that defendants had posted. When the defendants did not comply with the injunction, plaintiffs asked the court to enforce the injunction against Ripoffreport.com, the website on which some of the defamatory content appeared.

The lower court refused to extend the injunction to cover Ripoffreport. Plaintiffs sought review with the Seventh Circuit. On appeal, the court affirmed the refusal to enforce the injunction.

It held that plaintiffs had failed to show that Ripoffreport was in active concert or participation with the defendants. Absent this collaboration, the website was outside the court’s ability to control.

December 15, 2010 Anonymity, Privacy

Publishing child sex abuse victim’s name on the web was not a privacy violation

Doe v. Fankhauser, 2010 WL 4702295 (N.D. Ohio, November 30, 2010)

County clerk immune from law suit over posting court document on government website.

Plaintiff Jane Doe was the victim of physical and sexual abuse when she was a minor. In the criminal case against the perpetrator, Doe’s name was redacted, and she and her family were allegedly assured that her name would not be publicly disclosed. But someone in the county clerk’s website scanned some documents from the criminal case that had Doe’s name in them and posted those electronic documents on the county’s website, making them publicly available.

So Doe sued the county clerk for violation of Doe’s constitutional due process rights and for common law invasion of privacy. The clerk moved to dismiss. The court granted the motion.

The court found that the clerk was protected by judicial immunity. Judges and court personnel who perform judicial and quasi-judicial functions are absolutely immune from suits for damages arising out of the performance of official judicial acts. In this case, the court found that the clerk’s actions in permitting the documents to be scanned and posted required a type of judgment closely related to the judicial process and therefore deserving of immunity.

Interestingly, the court held that the clerk was entitled to immunity from suit regardless of how careless she may have been. There was no loss of immunity merely because a mistake was made and the original document, without redaction, was made available to the public. “Where there is immunity, it applies even in the face of allegations of bad faith, malice, or reckless indifference.”

Makes you feel confident that the government is watching out for your privacy, doesn’t it?

December 12, 2010 Trademarks

Court enters injunction against use of Twitter accounts in trademark case

Black Sheep Television, Ltd. v. Town of Islip, 2010 WL 4961669 (E.D.N.Y., December 6, 2010)

The Long Island Macarthur Airport is in a dispute with a company over that company’s alleged cybersquatting and the creation of websites that apparently a number of people have confused with the airport’s official marketing efforts. That company has also registered some Twitter accounts with usernames that incorporate the airport’s trademarks.

The airport has alleged trademark infringement and other similar claims against the company, and moved for a preliminary injunction. The court granted the motion, ordering (among other things) the Twitter accounts to remain in the ownership, custody, and control of the airport throughout the pendency of the litigation.

[Download the opinion]

December 9, 2010 Uncategorized

Wikileaks, decentralized distribution, and the lack of meaningful remedies for unauthorized disclosure

Apart from the difficult question of liability — that is, whether Julian Assange should hang for his actions — the decentralized nature of the distribution methods of Wikileaks content gives us a meaningful opportunity to consider the remedies that should be imposed upon an actor like Wikileaks in those cases in which liability should attach. To do this we can set aside for the time being the more essential question of whether Wikileaks is good or bad. (I have come to think that question may be about as answerable as whether God exists or whether abortion is right.)

It is erroneous to think that Wikileaks should be less culpable merely because it does not have the capacity to be blocked. Wikileaks is not just a website with documents hosted on one server. More cleverly, Wikileaks made its content available via the Bittorrent protocol, which ensures that the information is as widely distributed as possible given today’s reasonably available technology. Attempts to completely block the content would be futile, because so many computers on the network that contain the distributed files (millions?) can work together to ensure that the content remains available.

By seeing to it that the content was available via Bittorrent, Wikileaks knowingly facilitated the decentralized distribution. To say that Wikileaks is not an evildoer because it is without power to undo the harm it caused is an exemplar of the principle behind the old saying that a defendant accused of killing his parents should not be shown leniency because he is now an orphan.

The real relevance of the decentralized distribution and unable-to-block-ness of Wikileaks lies in measuring the culpability for the original act of releasing the information. Here is the central thesis: to the extent generally available methods of information distribution like Bittorrent become further decentralized, the potential for that distribution to have effect becomes correspondingly greater.

Whether this correlation (i.e., greater effect potential in proportion to extent of decentralization) is good or bad depends on the nature of the information being distributed. Obviously, when the released information is harmful, the effect will be bad, and vice versa. A really, really decentralized release of information that, like Wikileaks content cannot be blocked, and which has a harmful effect from being disclosed, causes harm which truly is irreparable. Deleting, returning, or blocking further distribution of the information is impossible.

So what is to be done when harmful information is released in an ultra-distributed, unblockable way? Money damages will rarely do the trick. But what kind of equitable remedy will work? No type of injunction will have any effect in reducing the amount of information that has escaped into the wild, never to be redomesticated in even the slightest sense (since its perpetual propagation is assured through technologies like Bittorrent). How can we meaningfully deal with this problem uniquely occasioned by the digital age? What do you suggest?

December 9, 2010 Anonymity

Court allows early discovery to reveal identity of anonymous libel defendant

[This is a guest post by attorney Caroline Belich. Caroline is a Chicago native, former Michigan State volleyball player, and recent admitee to the California bar with particular interest in the First Amendment.]

Zoosk Inc. v. Does, 2010 WL 5115670 (N.D. Cal. December 9, 2011)

The U.S. District Court for the Northern District of California recently issued an order allowing an internet service provider (ISP) to release an anonymous subscriber’s personal account information. Plaintiff Zoosk is an online social dating network. A Doe defendant created a profile and displayed nude pictures on the site, describing herself as an adult entertainer. After plaintiff permanently blocked the account for violating its terms of use policy, someone set up a Twitter account and posted some allegedly defamatory statements about plaintiff.

After filing a complaint alleging libel per se, Plaintiff asked for leave to take limited early discovery from two ISPs (Comcast and Time Warner Cable) to discover the identity of the Doe defendants. Under the Cable Communications Policy Act, a cable operator may disclose personal identifying information of a subscriber pursuant to a court order authorizing the disclosure. And pursuant to FRCP 26(f), a court may authorize early discovery before the Rule 26(f) conference if the plaintiff shows good cause.

Here the District Court granted the motion, finding that plaintiff showed good cause. First, plaintiff identified the potential Doe defendants with sufficient specificity by determining eight email addresses were using the Twitter account. And plaintiff was able to show how it discovered the emails using publicly-available information. Also, plaintiff’s claims were pleaded with enough particularity to withstand a motion to dismiss. Finally, early discovery was likely to lead to discovery of Doe defendants’ identities so process could be served, because both ISPs had personal information for the eight email addresses involved. As a result, the information these defendant-subscribers provided to Comcast and Time Warner for the sole purpose of using their internet services could also be used to identify them in this defamation claim.

December 7, 2010 Privacy

Credit card receipt shown on computer screen not “printed” for purposes of FACTA

Kelleher v. Eaglerider, Inc., 2010 WL 4684037 (N.D.Ill., Nov. 10 2010)

The Fair and Accurate Credit Transactions Act of 2003 (FACTA) prohibits any “person that accepts credit cards or debit cards for the transaction of business” from “print[ing] more than the last 5 digits of the card number or the expiration date upon any receipt provided to the cardholder at the point of the sale or transaction.” 15 U.S.C. § 1681 c(g)(1). The prohibition applies only to receipts that are “electronically printed.” Id. § 1681 c(g)(2).

Plaintiffs used the web to book reservations to rent motorcycles from defendant. At the end of the reservation process, the plaintiffs allegedly saw on their computer screens their credit cards’ expiration dates. So they sued under FACTA.

Defendant moved for summary judgment. The court granted the motion.

The court looked to the recent Seventh Circuit case of Shlahtichman v. 1-800 Contacts, Inc., which it found to resolve the present dispute. In Shlahtichman, the court considered whether an email confirmation of a purchase, showing the credit card’s expiration date, was “electroncially printed” under FACTA. It answered the question in the negative, finding that “when one refers to a printed receipt, what springs to mind is a tangible document.” FACTA’s language, “as a whole clearly shows that the statute contemplates transactions where receipts are physically printed using electronic point of sale devices like electronic cash registers or dial-up terminals.”

Scroll to top