electronic discovery – Attorney Evan Brown

October 14, 2020 Anonymity

How do you identify an anonymous hacker?

An unknown person allegedly hacked plaintiff’s information systems and temporarily rendered plaintiff’s email system inoperable. Not knowing who to sue, plaintiff sued a number of “John Doe” defendants under the Computer Fraud and Abuse Act and the Stored Communications Act. It was yet to identify the anonymous hacker.

But that was as far as plaintiff could go without the court’s help. Since plaintiff did not know the real names of the defendants, it could not serve the complaint on them. To learn defendants’ identities, plaintiff sought permission from the court to seek expedited discovery.

Early discovery to identify an anonymous hacker

Under the rules of procedure, a party may not start serving discovery requests (including subpoenas) until the plaintiff and defendant have held their Rule 26(f) conference. But the parties cannot hold that conference unless their identities are known. So, in circumstances where “good cause” exits, courts will allow plaintiffs to send subpoenas before the Rule 26(f) conference.

In this case, plaintiff asked for permission to send a subpoena to the internet service provider associated with the IP address used to hack plaintiff’s system.

When is there good cause to grant early discovery?

The court found good cause to permit limited discovery prior to the Rule 26(f) conference. Without information from the ISP, plaintiff could not amend its complaint to name the appropriate defendant, let alone effectuate service of that pleading.

The court recognized that the subscriber whose information was on file with the internet service provider may not be personally responsible for the allegedly wrongful access. But he or she may have information that would assist in identifying the alleged bad actor. The court found, therefore, that the subscriber’s identity was relevant and discoverable under the broad scope of applicable rules.

The court’s order allowing expedited discovery contained certain important limitations, to curb against potentially expansive and intrusive discovery. It permitted plaintiff to serve a subpoena on the internet service provider. But plaintiff could only seek the name and address of the subscriber associated with the IP address used to access plaintiff’s systems.

Re: Gaaays In Spaaace v. John Does (1-10) et al., 2020 WL 6042289 (D.N.J. October 13, 2020)

Evan Brown, nondisclosure agreements Evan Brown is a technology and intellectual property attorney in Chicago. This content originally appeared on evan.law.

March 7, 2019 Anonymity

Court allows blockchain platform to send subpoena seeking info about hacker

Plaintiff provides a blockchain asset trading platform and claimed that a hacker broke in and transferred 330,000 Tether and 100 Ether to a Bittrex account. Though Bittrex told plaintiff it had identified the relevant Bittrex account holder, it would not disclose the identity to plaintiff without a court order.

So plaintiff filed suit against the John Doe hacker for conversion, violation of the federal Computer Fraud and Abuse Act, and under Washington state law. Since it could not serve the complaint on the Doe defendant without knowing his identity, plaintiff sought permission from the court to take early discovery from Bittrex. The court granted the motion.

The court permitted plaintiff to send a subpoena to Bittrex requesting the name of the Doe defendant. Federal Rule of Civil Procedure 26(d) bars parties from seeking “discovery from any source before the parties have conferred as required by Rule 26(f), except in a proceeding exempted from initial disclosure under Rule 26(a)(1)(B), or when authorized by these rules, by stipulation, or by court order.” Fed. R. Civ. P. 26(d)(1). In determining whether to permit expedited discovery, the court required plaintiff to demonstrate that “good cause” existed to deviate from the standard pretrial schedule.

In the Ninth Circuit, a court evaluating whether a plaintiff establishes good cause to learn the identity of Doe defendants through early discovery examines whether the plaintiff (1) identifies the Doe defendant with sufficient specificity that the Court can determine that the defendant is a real person who can be sued in federal court, (2) recounts the steps taken to locate and identify the defendant, (3) demonstrates that the action can withstand a motion to dismiss, and (4) proves that the discovery is likely to lead to identifying information that will permit service of process. This test is often associated with the case of Columbia Ins. Co. v. seescandy.com, 185 F.R.D. 573, 578–80 (N.D. Cal. 1999).

In this case, the court found that good cause supported plaintiff’s request for leave to take expedited discovery to ascertain sufficient identifying information about the Doe defendant. Plaintiff had provided evidence that appeared to trace the allegedly stolen funds to an account on Bittrex, and plaintiff’s conversation with Bittrex indicated that Doe’s identity as the account holder was likely already known or ascertainable. The court also found that plaintiff’s request seeking identifying information related to Doe was reasonably likely to lead to the production of information that would permit plaintiff to serve process.

ZG TOP Technology Co., Ltd. v. John Doe, 2019 WL 917418 (W.D. Wash., February 25, 2019)

February 6, 2014 Electronic Discovery, Evidence

Another court puts an end to a social media discovery fishing expedition

Plaintiff sued a construction company and certain municipal authorities for negligence and loss of parental consortium after her toddler son was seriously injured in front of a construction site. Defendants sought broad discovery from plaintiff’s Facebook account, to which plaintiff objected in part. But the trial court required plaintiff to answer the discovery. So plaintiff sought review with the appellate court. On appeal, the court overturned the trial court.

It held that defendants’ discovery requests were overbroad and compelled the production of personal information that was not relevant to plaintiff’s claims.

Defendants had sought copies of postings on plaintiff’s Facebook account dealing with:

Any counseling or psychological care obtained by plaintiff before or after the accident
Relationships with [her injured son] or her other children, both prior to, and following, the accident
Relationships with all of plaintiff’s children, “boyfriends, husbands, and/or significant others,” both prior to, and following the accident
Mental health, stress complaints, alcohol use or other substance use, both prior to and after, the accident
Any lawsuits filed after the accident by plaintiff

The court observed that one of the defendants’ arguments to the trial court essentially conceded it was on a fishing expedition. The attorney stated, “These are all things that we would like to look under the hood, so to speak, and figure out whether that’s even a theory worth exploring.” And the magistrate judge in the trial court (though ordering the discovery to be had) acknowledged that “95 percent, or 99 percent of this may not be relevant,” and expressed some misgivings at the possibility that large amounts of material might have to be reviewed in camera.

Finding that the trial court order departed “from the essential requirements of the law” because it was overbroad and required the production of irrelevant personal information, the court quashed the discovery requests.

Root v. Balfour Beatty Const. LLC, — So.3d —, 2014 WL 444005 (Fla.App. 2 Dist. February 5, 2014)

January 20, 2014 Electronic Discovery

Bullied student did not have to hand over all of his social media content in lawsuit against school district

A student sued the school district in which he attended high school for failing to protect him against bullying. The school district served discovery requests on the student seeking electronic copies of everything he did on social media during the time period of the alleged bullying. When the student refused to produce all of his social media content, the school district moved to compel.

The court held that the student did not have to produce all of his social media content, but had to produce any materials that revealed, referred, or related to any “emotion, feeling, or mental state.” The court looked to the case of E.E.O.C. v. Simply Storage Management, LLC, 270 F.R.D. 430 (S.D.Ind.2010) to find that the mere fact that the student had social communications was not probative of any mental or emotional state. Rather, the school district would be entitled to discover whatever communications were relevant to the claims or defenses in the matter.

In the social media discovery context, this meant something less than the student’s entire social media history:

To be sure, anything that a person says or does might in some theoretical sense be reflective of her emotional state. But that is hardly a justification for requiring the production of every thought she may have reduced to writing or, indeed, the deposition of everyone she may have talked to.

Despite this attempt by the court at limitation, one is left to wonder whether the scope of the court’s order — requiring production of materials that revealed, referred, or related to any “emotion, feeling, or mental state” — is so vague as to be of no real help. Scarcely anyone’s casual social media content (let alone the content of the typical teenager) contains material that is void of emotion, feeling or mental state. Tweets, comments, status updates and wall postings drip with pride, humor, loneliness, angst, and the rest of the spectrum of human sentiment.

D.O.H. ex rel. Haddad v. Lake Central School Corp., 2014 WL 174675 (N.D.Ind. January 15, 2014)

Evan Brown is a Chicago attorney helping businesses and individuals identify and manage issues dealing with technology development, copyright, trademarks, software licensing and many other matters involving the internet and new media. Call him at (630) 362-7237 or email ebrown@internetcases.com

November 19, 2012 Electronic Discovery, Litigation, Privacy

Trial court erred in ordering defendant to turn over his iPhone in ediscovery dispute

AllianceBernstein L.P. v. Atha, — N.Y.S.2d —, 2012 WL 5519060 (N.Y.A.D. 1 Dept., November 15, 2012)

Plaintiff sued its former employee for breach of contract alleging he took client contact information on his iPhone when he left the job. The trial court ordered defendant to turn the iPhone over to plaintiff’s counsel so plaintiff could obtain the allegedly retained information.

Defendant sought review of the discovery order. On appeal, the court reversed and remanded.

The appellate court found that the lower court’s order that defendant turn over his iPhone was beyond the scope of plaintiff’s request and was too broad for the needs of the case. Ordering production of defendant’s iPhone (which, the court observed, has built-in applications and internet access) “was tantamount to ordering the production of his computer.” The iPhone would disclose irrelevant information that might include privileged communications or confidential information.

So the court ordered that the phone and a record of the device’s contents be delivered to the court for an in camera review to determine what, if any information contained on the phone was responsive to plaintiff’s discovery request.

November 15, 2012 Electronic Discovery, Privacy

Court orders in camera review of injured plaintiff’s Facebook content

Richards v. Hertz Corp., — N.Y.S.2d —, 2012 WL 5503841 (N.Y.A.D. 2 Dept. November 14, 2012)

Plaintiff sued defendant for personal injury. Defendant saw a photo plaintiff had publicly posted on Facebook of herself skiing. When defendant requested plaintiff to turn over the rest of her Facebook content (presumably to find other like-pictures which would undermine plaintiff’s case), plaintiff sought a protective order. The trial court granted the motion for protective order, but required plaintiff to turn over every photo she had posted to Facebook of herself engaged in a “sporting activity”.

Defendants appealed the entry of the protective order. On review, the appellate court reversed and remanded, finding that defendants had made a showing that at least some of the discovery sought would result in the disclosure of relevant or potentially relevant evidence.

But due to the “likely presence” of private and irrelevant information in plaintiff’s account, the court ordered the information be turned over to the judge for an in camera review prior to disclosure to defendants.

Whether the plaintiff effectively preserved her Facebook account information may be an issue here. The facts go back to 2009. One is left to wonder whether and to what extent plaintiff has not gone back and deleted information from her account which would bear on the nature and extent of her injuries. It goes to show that social media discovery disputes can take on a number of nuances.

Photo courtesy Flickr user decafinata under this Creative Commons license.

January 17, 2012 Anonymity, Copyright, Electronic Discovery, Evidence

No deposition of account holder allowed until he is named as defendant in BitTorrent copyright case

Hard Drive Productions, Inc. v. Doe, 2012 WL 90412 (E.D. Cal. July 11, 2012)

In a mass copyright infringement suit, plaintiff served a subpoena on an internet service provider and got the identifying information for the account holder suspected of trading a copy of a movie via BitTorrent. The account holder was uncooperative with plaintiff’s offers to settle, and denied downloading the file.

Instead of simply naming the identified account holder as a defendant in the case and proceeding with ordinary discovery, plaintiff asked the court for leave to take “expedited discovery,” namely, to depose the account holder to learn about:

the account holder’s involvement with the alleged distribution
his computers and network setup
his technical savvy
other users who may have had access to the computers or network

The court denied plaintiff’s request for leave to engage in the expedited discovery. It found that unlike other copyright cases in which anonymous infringers were identified, the efforts in this case “went far beyond seeking to identify a Doe defendant.” Instead, the court observed, it would be “a full-on deposition during which [the account holder] who plaintiff admits is likely not represented by counsel, may unwarily incriminate himself on the record before he has even been named as a defendant and served with process.”

June 11, 2011 Electronic Discovery, Trademarks, Unfair Competition

Court allows discovery of competitor’s keyword purchases

Scooter Store, Inc. v. Spinlife.com, LLC, 2011 WL 2160462 (S.D. Ohio June 1, 2011)

The Scooter Store and a related company sued a competitor for trademark infringement and other causes of action for unfair competition based in part on the competitor’s purchase of keywords such as “scooter store” and “your scooter store” to trigger sponsored advertisements on the web. Defendant moved for summary judgment and also moved for a protective order that would prevent it from having to turn over information to plaintiffs concerning defendant’s purchase of the keywords. The court denied the motion for protective order.

Defendant argued that it should not have to turn over the information because plaintiffs’ trademark claims based on those keywords were without merit, as the words are generic terms for the goods and services plaintiffs provide. Defendant also asserted a need to protect the commercially sensitive nature of information about its keyword purchases.

The court rejected defendant’s arguments, ordering that the discovery be allowed. It held that “whether or not [p]laintiffs’ claims involving these terms survive summary judgment [] has no bearing on whether the discovery [p]laintiffs seek is relevant, particularly viewed in light of a party’s broad rights to discovery under Rule 26.” As for protecting the sensitivity of the information, the court found that such interests could be protected through the process of designating the information confidential, and handled accordingly by the receiving party.

June 6, 2011 Electronic Discovery

Court shifts half of cost of forensic search to producing party in ediscovery case

[This is a post by Jonathan Rogers. Jon is a licensed attorney in California, with a focus on technology and entertainment law. You can reach him by email at jon@jonarogers.com or follow him on Twitter at @jonarogers.]

IWOI, LLC v. Monaco Coach Corporation, N.D. Ill. May 24, 2011

Plaintiff sued claiming breach of warranty and violations of certain state laws against consumer fraud stemming the sale of a motor coach. Plaintiff sought permission to search defendants’ hard drives to locate critical email which appeared to be missing from the original discovery production. Defendants contended that the email was not “reasonably accessible” under Federal Rule of Civil Procedure 26(b)(2)(B) and, therefore, they were under no obligation to produce it.

The court specified that the burden was on the party responding to discovery to identify whether there may be materials responsive to discovery requests that are stored on its system, but because of burden or cost are not reasonably accessible. However, that party cannot simply provide documents which are easily obtained and then assert that they have produced everything that is responsive to the request. If other relevant and responsive documents exist (or may exist), the party must say so and then say why those documents cannot or should not be produced.

Here, the defendants submitted only materials that were quickly accessible on employees’ desktops and made no effort to look further, even when they became aware that there was a possibility that there may be missing documents. A forensic expert asserted that he found the critical email in two separate locations on the computer network: on a local hard drive in an orphaned, but not deleted, storage file and also on a network hard drive that had been manually backed up. The expert concluded that a native Microsoft windows search of defendants’ computers would have uncovered the email and could be undertaken by an individual with no advanced computer knowledge.

The Court did not find the failure to produce the document to be a deliberate act by defendants, but that the document could have been found with minimal effort. It recognized that plaintiff (and the court) expended additional time and effort and incurred significant additional expenses searching for this document. Therefore, the court shifted half of the cost of the electronic discovery search to defendants.

April 16, 2011 Anonymity, Defamation, Litigation

Texas supreme court says identities of anonymous bloggers should not be disclosed

In re Does, — S.W.3d —, 2011 WL 1447544 (Texas, April 15, 2011)

The issue of anonymity is a hot topic in internet law. The question of whether an internet user known only by an IP address or username or website name should be identified arises fairly often in the early stages of internet defamation and certain copyright infringement cases. For example, the issue is a big one in the numerous copyright cases that have been brought recently against BitTorrent users who get subpoenas after being accused of trading copyrighted works online.

The supreme court of Texas has issued an opinion that protects the anonymity of a couple of bloggers who were accused of defamation, copyright infringement and invasion of privacy by another blogger. The court ordered that a subpoena served on Google (who hosted the Blogger accounts in question) be quashed.

Texas rules of procedure (Rule 202) allow a petitioner to take depositions before a lawsuit is filed in order to investigate a potential claim. The petitioner in this case filed such an action, and Google agreed to turn over the information about the anonymous Blogger users.

But the anonymous bloggers objected, and moved to quash the deposition subpoena, arguing that the findings required for the discovery to be taken had not been made.

The trial court was required to find that:

(1) allowing the petitioner to take the requested depositions may prevent a failure or delay of justice in an anticipated suit; or

(2) the likely benefit of allowing the petitioner to take the requested deposition to investigate a potential claim outweighs the burden or expense of the procedure.

Neither of these findings were made. Petitioner had tried to argue that the findings were not necessary because he had gotten the agreement of Google to turn over the information.

But the court saw how that missed the point. It held that without the required findings, the discovery could not be taken in the face of objections brought by other interested parties (the parties whose identities were at risk of being revealed).

While many courts have evaluated this kind of question using a first amendment analysis (i.e., is the John Doe’s interest in speaking anonymously outweighed by the plaintiff’s right to seek redress), the court in this case looked to more general concerns of avoiding litigation abuse. Citing to a law review article by Professor Hoffman, the court observed that there is “cause for concern about insufficient judicial attention to petitions to take presuit discovery” and that “judges should maintain an active oversight role to ensure that [such discovery is] not misused”.