Court allows Microsoft to unmask unknown Comcast users accused of infringement

A federal court in Washington state has given the green light for Microsoft to subpoena records from Comcast to discover the identity of the person or persons associated with an IP address used to activate thousands of unauthorized copies of Microsoft software.

Statue_of_Anonymus_(Budapest,_2013)

Generally, in federal court litigation, a party cannot serve discovery requests or subpoenas until after the plaintiff and defendant have conferred (in a Rule 26(f) conference). But when the plaintiff does not know the identity of the defendant, there is a bootstrapping problem – discovery needs to be taken to find out the defendant with whom to conduct the conference. In situations like this, the plaintiff seeking to unmask an unknown defendant will file its complaint against one or more “John Does,” then ask the court for leave to serve discovery prior to the Rule 26(f) conference.

That is what happened in this case. It is a common tactic used by parties legitimately seeking to enforce intellectual property, as well as parties that may be considered copyright trolls. See, e.g., this early bittorrent case from 2011.

Microsoft filed its complaint and also filed a motion for leave to take discovery prior to the Rule 26(f) conference. Finding that good cause existed for the early discovery, the court granted the motion.

It held that

(1) Microsoft had associated the John Doe Defendants with specific acts of activating unauthorized software using product keys that were known to have been stolen from Microsoft, and had been used more times than were authorized for the particular software,

(2) Microsoft had adequately described the steps it took in an effort to locate and identify the John Doe defendants, specifically by utilizing its “cyberforensics” technology to analyze product key activation data, identifying patterns and characteristics which indicate software piracy,

(3) Microsoft had pleaded the essential elements to state a claim for copyright and trademark infringement, and

(4) the information proposed to be sought through a subpoena appeared likely to lead to identifying information that would allow Microsoft to serve the defendants with the lawsuit.

Microsoft Corp. v. John Does 1-10, 2017 WL 4958047 (W.D. Wash., November 1, 2017)

Image courtesy Dmitrij Rodionov under Creative Commons Attribution-Share Alike 3.0 Unported license. Licensed granted hereby under same terms.

Email privacy is weak even with court oversight

Huntington Ingalls Inc. v. Doe, 2012 WL 5897483 (N.D. Cal. November 21, 2012)

A federal court in California has allowed a party to subpoena Google to learn the identity of a Gmail account owner, even though that owner did nothing to involve himself in the dispute.

A contractor that plaintiff hired accidentally emailed “property” belonging to plaintiff to the wrong email address. (The court’s opinion is not clear on the nature of this “property,” but we are safe in assuming it was some sort of proprietary information.) Plaintiff sent messages to the Gmail account seeking return of the property, but the unknown account owner did not respond.

Plaintiff filed suit in federal court against the anonymous account holder (John Doe) seeking declaratory and injunctive relief (i.e., to get the property back). Since plaintiff did not know Doe’s identity, it sought expedited discovery so that it could subpoena Google for the identifying information.

email

The court granted the motion for leave to send the subpoenas. It found that:

  • without the subpoena, plaintiff would have no other way to obtain “this most basic information”
  • the subpoena was the exclusive means available to plaintiff to protect its property interest
  • plaintiff’s proposed procedure guarded Doe’s due process rights by requiring Google to give Doe notice of the subpoena and an opportunity to object

The court’s opinion shows how any privacy interest in one’s email account information is tenuous at best. In this situation, the target of the unmasking efforts was, as they say, minding his own business, not doing anything to inject himself into any dispute.

Moreover, unlike many previous cases in which courts have required the party seeking discovery of an anonymous party’s identity to put forth facts showing it has a good case, there was no claim here that Doe did anything wrong. Instead, it was the sender’s mistake. One could find it unsettling to know that other peoples’ errors could cause a court to order his or her identity to be publicly revealed.

Photo courtesy Flickr user Bart Heird under this Creative Commons license.

Court deals blow to anonymous Bittorrent defendants’ efforts to challenge subpoenas

West Coast Productions v. Does 1 – 5,829, — F.Supp.2d —, 2011 WL 2292239 (D.D.C. June 10, 2011)

The judge in one of the well-known mass copyright cases filed by Dunlap, Grubb & Weaver a/k/a U.S. Copyright Group (West Coast Productions v. Does 1 – 5,829) has issued an order denying motions to quash filed by several of the unnamed defendants. Plaintiff had served subpoenas on the ISPs associated with the IP addresses allegedly involved in Bittorrent activity, seeking to learn the identity of those account holders.

The ruling is potentially troubling because the court refused to even consider the arguments presented by those anonymous parties who did not reveal their identity in connection with the motion to quash. Such an approach undermines, and indeed comes close to refusing altogether to recognize any privacy interest that a person may have concerning his or her ISP account information.

The court observed that the Federal Rules of Civil Procedure require that a party must identify himself or herself in the papers filed with the court. In some situations, however, a court may grant a “rare dispensation” of anonymity after taking into account the risk of unfairness to the party seeking anonymity as well as the general presumption of openness in judicial proceedings.

In this case, the court noted that other courts had “uniformly held that the privacy interest in [ISP account] information is minimal and not significant enough to warrant the special dispensation of anonymous filing.”

Absent from the court’s analysis was the potential for harm to defendants who were the subject of these subpoenas but might have the ability to demonstrate (anonymously) that they were not involved. In cases involving adult content, in particular, the harm of being publicly associated with that content — even if the association turns out to be in error — is one that should not be disregarded in this way. Moreover, taking away the ability of an anonymous defendant to challenge his unmasking will encourage extortionate-like behavior on the part of copyright plaintiffs hoping to extract a settlement early in the case. If writing a check is the only way to keep from having to turn one’s name over (and this case pretty much establishes that rule), then more settlements should be expected.

The court went on to reject the arguments in favor of motions to quash filed by John Does who had provided their contact information to the court. The court found that it was premature to rule on any objections based on a lack of personal jurisdiction because the defendants filing the motions had not actually been named as a party. And the court rejected the arguments that the defendants were improperly joined into the action, noting the allegations in the complaint that the IP addresses were involved in a single Bittorrent swarm.

Evan Brown is a Chicago-based attorney practicing technology and intellectual property law. Send email to ebrown@internetcases.com, call (630) 362-7237, follow on Twitter at @internetcases, and be sure to like Internet Cases on Facebook.

District judge stays magistrate’s order requiring identification of anonymous defendants

This is a post by Jonathan Rogers. Jon is a licensed attorney in California, with a focus on technology and entertainment law. You can reach him by email at jon@jonarogers.com or follow him on Twitter at @jonarogers.

Faconnable USA Corp. v. Doe, Slip Copy, 2011 WL 2173736 (D.Colo., Jun 2, 2011)

Faconnable issued a subpoena duces tecum to Skybeam, an Internet Service Provider, requesting identifying information about the users associated with two different IP addresses. A magistrate judge denied Skybeam’s motion for protective order, and required Skybeam to provide the requested information. Skybeam sought review of the denial of the protective order with the district court, asking for a stay of the magistrate’s order requiring the disclosure of the information. The court granted the motion to stay.

The court looked at four factors to determine whether it was appropriate to issue a stay against providing the information.

  • the likelihood of success on appeal (to the district judge)
  • the threat of irreparable harm if the stay or injunction is not granted
  • the absence of harm to opposing parties if the stay or injunction is granted
  • any risk of harm to the public interest

The court noted that if the last three factors are in a moving party’s favor, the first factor of likelihood of success is given less importance.

The court determined that if the stay were denied, the ISP would have to disclose the Does’ identities, which could impact their First Amendment interests to speak anonymously. However, if the stay were allowed, the ISP could preserve the information for production later, the only harm being a possible delay for Faconnable’s suit.

The court found that, on balance, the risk of losing First Amendment freedoms was a greater harm than delayed litigation.

Texas supreme court says identities of anonymous bloggers should not be disclosed

In re Does, — S.W.3d —, 2011 WL 1447544 (Texas, April 15, 2011)

The issue of anonymity is a hot topic in internet law. The question of whether an internet user known only by an IP address or username or website name should be identified arises fairly often in the early stages of internet defamation and certain copyright infringement cases. For example, the issue is a big one in the numerous copyright cases that have been brought recently against BitTorrent users who get subpoenas after being accused of trading copyrighted works online.

The supreme court of Texas has issued an opinion that protects the anonymity of a couple of bloggers who were accused of defamation, copyright infringement and invasion of privacy by another blogger. The court ordered that a subpoena served on Google (who hosted the Blogger accounts in question) be quashed.

Texas rules of procedure (Rule 202) allow a petitioner to take depositions before a lawsuit is filed in order to investigate a potential claim. The petitioner in this case filed such an action, and Google agreed to turn over the information about the anonymous Blogger users.

But the anonymous bloggers objected, and moved to quash the deposition subpoena, arguing that the findings required for the discovery to be taken had not been made.

The trial court was required to find that:

(1) allowing the petitioner to take the requested depositions may prevent a failure or delay of justice in an anticipated suit; or

(2) the likely benefit of allowing the petitioner to take the requested deposition to investigate a potential claim outweighs the burden or expense of the procedure.

Neither of these findings were made. Petitioner had tried to argue that the findings were not necessary because he had gotten the agreement of Google to turn over the information.

But the court saw how that missed the point. It held that without the required findings, the discovery could not be taken in the face of objections brought by other interested parties (the parties whose identities were at risk of being revealed).

While many courts have evaluated this kind of question using a first amendment analysis (i.e., is the John Doe’s interest in speaking anonymously outweighed by the plaintiff’s right to seek redress), the court in this case looked to more general concerns of avoiding litigation abuse. Citing to a law review article by Professor Hoffman, the court observed that there is “cause for concern about insufficient judicial attention to petitions to take presuit discovery” and that “judges should maintain an active oversight role to ensure that [such discovery is] not misused”.

Court leaves thousands of BitTorrent copyright infringement defendants joined in single action

Call of the Wild Movie v. Does 1 – 1,062 — F.Supp.2d —, 2011 WL 996786 (D.D.C. March 22, 2011)

One of the craziest things about the copyright infringement lawsuits that have been brought against BitTorrent users accused of trading movies over the internet is the vast number of John Doe defendants that are usually lumped into one case. After the plaintiff copyright owners file a complaint for infringement — sometimes against thousands of anonymous defendants — they ask the court for leave to take expedited discovery. Then the movie companies serve subpoenas on the John Does’ internet service providers, asking the ISPs to disclose the identities of their customers associated with particular IP addresses.

Prosecuting a case against thousands of copyright infringement defendants is an enormous task, both for the plaintiffs’ attorneys as well as the ISPs who must respond to the subpoenas. Having so many defendants risks making the case unmanageable. So one may question whether it is appropriate under the Federal Rules of Civil Procedure to have so many unknown defendants all in the same case. In the nomenclature of civil litigation, the question is whether the joinder of all the defendants in one action is appropriate.

In three of the BitTorrent copyright cases pending in federal court in Washington DC brought by the US Copyright Group on behalf of a handful of independent film makers, groups like the Electronic Frontier Foundation, the ACLU and others argued improper joinder. These organizations filed amicus briefs in the cases of Call of the Wild Movie v. Does 1 – 1,062, Maverick Entertainment v. Does 1 – 4,350, and Donkeyball Movie v. Does 1 – 171, arguing that joining all the defendants in one action violated Rule 20 of the Federal Rules of Civil Procedure. The court rejected these arguments, finding that joinder was proper, at least in such early stages of the litigation where the defendants had not yet been identified.

The court considered three factors when answering the question of proper joinder: (1) whether the claims arose from the same transaction or occurrence or series of transactions or occurrences, (2) whether the legal and factual questions are common to all defendants, (3) and whether joinder would cause prejudice to any party or needless delay.

Same transaction or occurrence

The court observed that claims against joined parties must be “logically related,” and that this is a flexible test, with courts seeking the broadest possible scope of action. The court held that the claims against the BitTorrent users were logically related, based on plaintiffs’ allegations that the BitTorrent protocol makes every downloader of a file also an uploader, and accordingly, every user who has a copy of the infringing file on the network must necessarily be a source of download for that infringing file. This is an interesting finding, in that the strength of plaintiffs’ allegations were based on how BitTorrent works.

Common legal and factual questions

As for this second factor, the court found that the legal and factual questions were common because the parties would be litigating the same copyright claims, and all of the claims related to the use of BitTorrent.

Prejudice or needless delay

The court said some intriguing things about the interests of the parties in making its findings on this factor. For one, it said that leaving all the defendants joined in the same action would benefit them all, in that they would be able to see the defenses that other defendants were making. The court also expressed concern in favor of the efficiencies afforded the plaintiffs in filing these mass lawsuits. The plaintiff movie studios have been criticized for filing suit against large numbers of defendants in one action rather than separate suits against each defendant (and thereby having to pay only one filing fee to start the action versus several thousand filing fees). The court saw this question squarely in favor of plaintiff. It found that forcing plaintiffs to administer multiple actions, and having to pay the filing fees in all those actions “would certainly not be in the ‘interests of convenience and judicial economy,’ or ‘secure the just, speedy and inexpensive determination of the action.'”

Facebook user had standing to challenge subpoena seeking his profile information

Mancuso v. Florida Metropolitan University, Inc., 2011 WL 310726 (S.D. Fla. January 28, 2011 )

Plaintiff sued his former employer seeking back overtime wages. In preparing its defense of the case, the employer sent supboenas to Facebook and Myspace seeking information about plaintiff’s use of those platforms. (The employer probably wanted to subtract the amount of time plaintiff spent messing around online from his claim of back pay.) Plaintiff moved to quash the subpoenas, claiming that his accounts contained confidential and privileged information. The court denied the motion as to these social networking accounts, but did so kind of on a technicality. The subpoenas were issued out of federal district courts in California, and since this court (in Florida) did not have jurisdiction over the issuance of those subpoenas, it had to deny the motion to quash.

But there was some interesting discussion that took place in getting to this analysis that is worth noting. Generally, a party does not have standing to challenge a subpoena served on a non-party, unless that party has a personal right or privilege with respect to the subject matter of the materials subpoenaed. The employer argued that plaintiff did not have standing to challenge the subpoenas in the first place.

The court disagreed, looking to the case of Crispin v. Christian Audiger, Inc. 717 F.Supp.2d 965 (C.D. Cal. 2010), in which that court explained:

[A]n individual has a personal right in information in his or her profile and inbox on a social networking site and his or her webmail inbox in the same way that an individual has a personal right in employment and banking records. As with bank and employment records, this personal right is sufficient to confer standing to move to quash a subpoena seeking such information.

This almost sounds like an individual has a privacy right in his or her social media information. But the p-word is absent from this analysis. So from this case we know there is a right to challenge subpoenas directed at intermediaries with information. We’re just not given much to go on as to why such a subpoena should be quashed.

Federal court applies Seescandy.com test to unmask anonymous defendants in copyright and privacy case

Liberty Media Holdings, LLC. v. Does 1-59, 2011 WL 292128 (S.D. Cal., January 25, 2011)

Plaintiff porn company sued 59 anonymous defendants it knew only by IP address for violation of the Stored Communications Act (SCA), the Computer Fraud and Abuse Act (CFAA) and for copyright infringement. Since plaintiff did not know who the defendants were, it had to jump through a few hoops to find out their names.

The court rewarded such hoop-jumping by ordering that the defendants’ identities be turned over.

Hoop #1 – The Cable Communications Policy Act of 1984

A subpoena to the defendants’ internet service providers would reveal the needed information. But these ISPs, being governed by the Cable Communications Policy Act of 1984, could not turn over their subscribers’ information without a court order. (See 47 USC 515(c)(2)(B))

Hoop #2 – Discovery prior to the Rule 26(f) conference

What’s more, a plaintiff cannot start conducting discovery (and a subpoena is a discovery tool) until after it has had the initial conference with the defendant (the Rule 26(f) conference). But how can a plaintiff confer with a defendant it does not know? There is a bootstrapping problem here. The court has to step in and issue an order allowing the discovery be had.

Hoop #3 – Balancing injury versus right to anonymous speech

And getting that court order is a bit problematic and nuanced when one is dealing with anonymous defendants. The courts recognize the conflict between a need to provide injured plaintiffs with a forum in which they may seek redress for grievances, and the right of John Doe defendants to use the internet anonymously or pseudonymously when appropriate.

So judges apply a balancing test to weigh these interests. Different courts apply different tests. Some apply a very demanding standard, requiring plaintiffs to present enough facts to withstand a hypothetical motion for summary judgment. Other cases require a lesser burden be carried, looking merely to whether the complaint would survive a motion to dismiss. That’s the standard the court applied in this case.

The Seescandy.com standard

It looked to the 1999 case of Columbia Ins. Co. v. Seescandy.com, 185 F.R.D. 573, 577 (N.D.Cal.1999) which articulated the following test:

  • First, the plaintiff should identify the missing party with sufficient specificity such that the Court can determine that (the) defendant is a real person or entity that could be sued in federal court …
  • Second, the (plaintiff) should identify all previous steps taken to locate the elusive defendant …
  • Third, Plaintiff should establish to the Court’s satisfaction that plaintiff’s suit against (the) defendant could withstand a motion to dismiss … Plaintiff must make some showing that an act giving rise to civil liability actually occurred and that the discovery is aimed at revealing specific identifying features of the person or entity who committed the act.

In this case, the court found that each of these criteria had been met across the board.

It found that plaintiff had identified the defendants as best it could. Plaintiff provided the court with the unique IP addresses assigned to each defendant and the ISP that provided each defendant with internet access. Further, the requested discovery was necessary for plaintiff to determine the names and addresses of each defendant who performed the allegedly illegal and infringing acts.

The only information plaintiff had regarding the defendants was their IP addresses and their ISPs. Therefore, there were no other measures plaintiff could have taken to identify the defendants other than to obtain their identifying information from their ISPs.

And the court found the allegations supporting each of the claims were sufficient to survive a motion to dismiss.

As to the SCA, the complaint alleged that defendants intentionally accessed plaintiff’s web servers, which are facilities where electronic communication services are provided, defendants had no right to access the copyrighted materials on plaintiff’s website, and defendants obtained access to these electronic communications while these communications were in electronic storage.

On the CFAA claim, the complaint alleged that defendants unlawfully and without authorization entered into plaintiff’s computer server, which was used in interstate commerce, where plaintiff’s copyrighted materials were contained, stole plaintiff’s copyrighted materials, valued in excess of $15,000, and as a result of such conduct, caused plaintiff to suffer damage. Based on these facts, 18 USC 1030(g) authorized plaintiff’s civil action.

And as for copyright infringement, plaintiff alleged that it is the owner of the copyrights for certain motion pictures, which were accessed, reproduced, distributed and publicly displayed by defendants. Also, plaintiff alleged that defendants, without authorization, intentionally accessed, reproduced and distributed plaintiff’s copyrighted works onto their local hard drives or other storage devices.

Another massive porn Bittorrent copyright lawsuit in the Northern District of Illinois

MCGIP, LLC v. Does 1-1,164, No. 10-7675 (N.D.Ill., filed December 2, 2010) [Download Complaint]

Filing of copyright infringement complaint will be precursor to more subpoenas seeking to identify unknown file-sharing defendants.

Another porn company has filed a copyright lawsuit against hundreds of anonymous John Doe defendants who allegedly used the Bittorrent protocol to trade plaintiffs’ copyrighted movies. So ISPs around the country should expect another wave of subpoenas sent to unmask these unknown file sharers. The works allegedly infringed in this case include provocative titles such as “Girlfriend Lost a Bet” and “Iraq Care Package.”

Interestingly, this complaint — unlike the complaints in similar Bittorrent porn copyright cases — contains a paragraph that tries to explain why over a thousand defendants should be joined in one lawsuit:

Joinder is appropriate because, on information and belief, each Defendant was contemporaneously engaged in a coordinated effort with the other Defendants to reproduce and distribute Plaintiff’s copyrighted works to each other and hundreds of third parties via the BitTorrent protocol.

This language appears to be an attempt to head-off arguments like those made by EFF and others in some of the other massive copyright infringement actions against scores of anonymous defendants.

Enhanced by Zemanta

Stored Communications Act protects Yahoo email account from subpoena

Chasten v. Franklin, 2010 WL 4065606 (N.D.Cal. October 14, 2010)

Plaintiff sued some corrections officers at the prison where her inmate son was killed. She learned in a deposition that one of the defendants had a Yahoo email account. So she sent a subpoena to Yahoo seeking all the email messages sent from that account during a period of more than two years.

Defendant moved to quash the subpoena, arguing that disclosure of the email messages would violate his rights under the Stored Communications Act (SCA). The court granted the motion to quash.

Subject to certain specifically-enumerated exceptions, the SCA (at 18 U.S.C. 2702(a) and (b)) essentially prohibits providers of electronic communication or remote computing services to the public from knowingly divulging the contents of their customers’ electronic communications or the records relating to their customers. The court found that no such exception applied in this case. Citing to Theofel v. Farey-Jones, it held that compliance with the subpoena would be an invasion of the specific interests that the SCA seeks to protect.

Scroll to top