Court scales back Zynga’s attempts to learn about anonymous Mafia Wars infringers

Zynga Game Network Inc. v. Williams, 2010 WL 2077191 (N.D.Cal. May 20, 2010)

Zynga (you know, the creator of Farmville and Mafia Wars) has filed a federal lawsuit against the operators of websites that sell virtual currency and goods for use in Mafia Wars. These websites allegedly give rise to infringement of the Mafia Wars trademark and the sale of these virtual things is in violation of the game’s terms of service.

In federal court, you can’t start the discovery process until the parties have met to discuss certain issues (this is called a Rule 26(f) conference). But there’s an obvious chicken and egg problem in cases like this that have anonymous defendants — how do you confer with a defendant you don’t know? You’re kind of stuck if you can’t take discovery to learn who he is.

Fortunately the court can allow discovery to happen before the Rule 26(f) conference when there is good cause.

So Zynga has argued that there is good cause to allow it to serve subpoenas on Godaddy (the registrant for the MAFIAWARSDIRECT.COM, MWBLACKMARKET.COM, and MWFEXPRESS.COM domain names) and PayPal, who apparently facilitated the purchase of virtual goods.

The court agreed that Zynga should get to serve the subpoenas. But it found that the subpoenas as proposed were too broad. For example, Zynga sought all billing and account records, server logs, website content, contact information, transaction histories and correspondence for the persons or entities that purchased services from the offending sites. The court held that the limited discovery appropriate for Zynga at the early stage would only allow it to get identifying information for the site owners.

Reblog this post [with Zemanta]

Anonymous sender of beer pong email gets to remain unknown

A.Z. v. Doe, 2010 WL 816647 (N.J. Super. App. Div. March 8, 2010)

What's not to love about beer pong?

Even if you do just a cursory review of cases that deal with online anonymity, you are bound to come across a 2001 New Jersey case called Dendrite v. Doe. That case sets out a four part analysis a court should undertake when a defamation plaintiff seeks an order to unmask an Internet user who posted the offending content anonymously.

Under Dendrite, a court that is asked by a defamation plaintiff to unmask an anonymous speaker must:

  • require the plaintiff to try to notify the unknown Doe speaker that he or she is the subject the unmasking efforts, and give him or her a reasonable opportunity to oppose the application;
  • require the plaintiff to identify and set forth the exact statements purportedly made by each anonymous poster that plaintiff alleges constitutes actionable speech;
  • require the plaintiff to produce sufficient evidence supporting each element of its cause of action, on a prima facie basis; and
  • balance the defendant’s First Amendment right of anonymous free speech against the strength of the prima facie case presented and the necessity for the disclosure.

The state appellate court in New Jersey recently had occasion to revisit the Dendrite analysis in a case called A.Z. v. Doe. It found that a defamation plaintiff was not entitled to learn the identity of a person who anonymously sent an email that had content and attached photos that allegedly defamed plaintiff. The court found that plaintiff failed to meet the third factor in the Dendrite analysis, i.e., failed to present a prima facie case of defamation.

Beer pong is not for honor students

Someone took pictures of plaintiff playing beer pong at a party and posted them on Facebook. That’s all in good fun, except that plaintiff was a minor and belonged to her high school’s “Cool Kids & Heroes” program. Kids get into that program by making good grades and promising to refrain from bad behavior.

A purported “concerned parent” set up a Gmail account (anonymously) and sent an email to the faculty advisor for the Cool Kids & Heroes program. The email had photos attached showing several of the program’s kids doing things they shouldn’t be doing like drinking and smoking pot. In all fairness it should be noted that the picture of plaintiff only showed her playing beer pong — it didn’t actually show her drinking or smoking, though there were cups and beer cans on the table in front of her.

The faculty advisor forwarded the email and images on to school administrators, and the school also notified the police. But law enforcement apparently took no further action.

Plaintiff filed a defamation lawsuit against the anonymous sender of the email and sent a subpoena to Google to find out the IP address from which the message was sent. Google notified plaintiff that it came from an Optimum Online IP address. So plaintiff sent a subpoena to Optimum Online for the identifying information. The ISP notified its customer Doe, and Doe moved to quash the subpoena.

The trial court granted the motion to quash, concluding that plaintiff failed to meet the fourth Dendrite factor (dealing with the First Amendment). Plaintiff sought review with the appellate court, which affirmed but on different grounds.

Why the defamation claim failed

The appellate court agreed that the motion to quash should be granted (that is, that the anonymous sender of the email message should not be identified). But the appellate court’s reasoning differed. It didn’t even need to get to the fourth Dendrite factor, because it held that plaintiff didn’t meet the third factor (didn’t present a prima facie defamation case).

The big problem with plaintiff’s defamation claim came from the requirement that the statement alleged to be defamatory (in this case, that plaintiff had broken the law) needed to be “false.” The court found five reasons why this element had not been met:

  • Plaintiff submitted no evidence (like an affidavit) that she wasn’t drinking the night the photo was taken.
  • Plaintiff submitted no evidence that law enforcement actually concluded to take no further action. Plaintiff argued their lack of action showed she didn’t break the law.
  • Even if there was evidence that law enforcement decided to take no action, that would not have been relevant to the truth of the question of whether plaintiff was drinking. That would only go to show that law enforcement decided not to do anything.
  • The photograph attached to the email showing plaintiff playing beer pong would lead one to conclude that she was in “possession” of the alcohol on the table, and that was a violation of the law.
  • Doe submitted other photos from Facebook in connection with the motion to quash which showed plaintiff actually holding a beer.

So the court never got to the question of the First Amendment and how it related to the anonymous email sender’s right to speak. The court concluded that because plaintiff had not put forth a prima facie case of defamation, the anonymous speaker should stay unknown.

Beer pong photo courtesy Flickr user elisfanclub under this Creative Commons license.

Manganese dendrites in limestone photo courtesy Flickr user Arenamontanus under this Creative Commons license.

Court allows Wal-Mart to subpoena Facebook and MySpace

Ledbetter v. Wal-Mart Stores, Inc., 2009 WL 1067018 (D.Colo. April 21, 2009)

A couple of electricians were severely burned when the electrical system they were working on in an Aurora, Colorado Wal-Mart shorted out. They sued Wal-Mart over their injuries. One of the plaintiffs’ wives brought a claim for loss of consortium.

During discovery, Wal-Mart sent subpoenas to Facebook, MySpace and Meetup.com seeking information about the plaintiffs. The plaintiffs filed a motion for protective order which would have prevented the social networking sites from providing the requested information. The plaintiffs claimed that the information should be protected by the physician-patient privilege or, as for the loss of consortium claim, the spousal privilege. The court denied the motion and allowed the subpoenas.

The court held that an earlier protective order entered in the case (to which the parties had agreed) protected the confidentiality of the information. And the plaintiffs had put the purported confidential facts, i.e., the extent of the injuries and the nature of the consortium, at issue by bringing the suit. Moreover, the information sought by the subpoenas was reasonably calculated to lead to the discovery of admissible evidence and was relevant to the issues in the case.

It’s worth noting that the court might have had other reasons to deny the motion for protective order that it did not mention. A privilege of confidentiality is usually destroyed when it is disclosed to a third party. How could information on Facebook or MySpace still be secret? Unless Wal-Mart was only seeking private messages sent either between the spouses or one of the plaintiffs and a doctor, it would seem that most everything these sites would have would not be confidential in the first place.

Expedited electronic discovery includes subpoena to ISP and imaging of defendants’ hard drives

Allcare Dental Management, LLC v. Zrinyi, No. 08-407, 2008 WL 4649131 (D. Idaho October 20, 2008)

Plaintiffs filed a defamation lawsuit against some known defendants as well as some anonymous John Doe defendants in federal court over statements posted to Complaintsboard.com. The plaintiffs did not know the names or contact information of the Doe defendants, so they needed to get that information from the Does’ Internet service provider.  But the ISP would not turn that information over without a subpoena because of the restrictions of the Cable Communications Policy Act, 47 U.S.C. § 501 et seq. [More on the CCPA.]

Under Federal Rule of Civil Procedure 26(d)(1), a party generally may not seek discovery in a case until the parties have had a Rule 26(f) conference to discuss such things as discovery. Because of the Rule 26(d)(1) requirement, the plaintiffs found themselves in a catch-22 of sorts: how could they know with whom to have the Rule 26(f) conference if they did not know the defendants’ identity.

So the plaintiffs’ filed a motion with the court to allow a subpoena to issue to the ISP prior to the Rule 26(f) conference. Finding that there was good cause for the expedited discovery, the court granted the motion. It found that the subpoena was needed to ascertain the identities of the unknown defendants. [More on Doe subpoenas.] Furthermore, it was important to act sooner than later, because ISPs retain data for only a limited time.

The Plaintiffs also contended that that the known defendants would likely delete relevant information from their computer hard drives before the parties could engage in the ordinary process of discovery. So the plaintiffs’ motion also sought an order requiring the known defendants to turn over their computers to have their hard drives copied.

The court granted this part of the motion as well, ordering the known defendants to turn their computers over to the plaintiffs’ retained forensics professional immediately. The forensics professional was to make the copies of the hard drives and place those copies with the court clerk, not to be accessed or reviewed until stipulation of the parties or further order from the court.

Subpoena to university in P2P case must give time to notify parents

UMG Recordings, Inc. v. Doe, No. 08-3999, 2008 WL 4104207 (N.D.Cal. September 4, 2008)

Plaintiff record companies, using Media Sentry, found the IP address of a John Doe file-sharing defendant, and filed suit against Doe in federal court for copyright infringement. As in any case where a defendant is known only by his or her IP address, the record companies needed some discovery to ascertain the name and physical address matching that IP address. But the federal rules of procedure say that without a court order, a party cannot seek discovery until the parties have conferred pursuant to Fed. R. Civ. P. 26(f).

So the record companies sought the court order allowing them to issue a subpoena to Doe’s Internet service provider prior to the 26(f) conference. The court granted the order, but with a caveat.

The evidence showed that Doe was a student at the University of California, Santa Cruz. Under the Family Educational Rights and Privacy Act at 20 U.S.C. § 1232g, a college generally cannot disclose “any personally identifiable information in education records other than directory information.” There’s an exception to that rule when the college is answering a lawfully issued subpoena, provided that “parents and the students are notified of all such … subpoenas in advance of the compliance therewith by the educational institution or agency.”

The court granted the record companies’ motion for leave to serve the subpoena prior to the Rule 26(f) conference, but required that the subpoena’s return date “be reasonably calculated to permit the University to notify John Doe and John Doe’s parents if it chooses prior to responding to the subpoena.”

Anonymous defendants to be unmasked in Computer Fraud and Abuse Act case

Kimberlite Corp. v. Does 1-20, No. 08-2147, 2008 WL 2264485 (N.D. Cal. June 2, 2008)

Plaintiff Kimberlite sued a number of anonymous John Doe defendants after it learned that its network and email system had been unlawfully accessed. A few days after filing suit for violation of the Computer Fraud and Abuse Act (CFAA) and trespass to chattels under state law, Kimberlite served a subpoena on AT&T, the owner of the IP address from which the unauthorized access originated, seeking to discover who was responsible.

One of the John Doe defendants, pro se, wrote a letter to the court which the court treated as a motion to quash the subpoena. The court denied the motion.

Doe argued that Kimberlite had failed to state a claim under the CFAA. The court rejected that argument, observing that Kimberlite had adequately alleged and had provided preliminary evidence of a CFAA violation. (Doe had not challenged the sufficiency of the trespass to chattels claim.) Kimberlite’s computers were “protected” computers under the CFAA because they were used in interstate and foreign commerce. They were password protected and accessed without authorization by someone from the subject IP address. Kimberlite succeeded in alleging the threshold amount of CFAA damages ($5,000) through an employee declaration describing over 100 hours of investigation and repair following the intrusions.

Doe also argued that Kimberlite had not demonstrated a need to obtain the information that outweighed Doe’s privacy rights under the Cable Communication Policy Act (CCPA). That act prohibits cable operators from disclosing subscriber information unless certain criteria are met.

The court rejected the CCPA argument first by expressing serious doubt that AT&T, as an Internet service provider was a “cable operator” and thus subject to the CCPA. Even if the CCPA did apply, the court found Kimberlite had demonstrated a compelling need for the information sought. It had adequately set forth a cause of action, so discovery of the anonymous parties was proper.

Anonymous alleged infringer identified with little substantive inquiry into infringement claim

[In re Subpoena Issued Pursuant to the Digital Millennium Copyrigt Act to: 43SB.com, No. 07- 6236, 2007 WL 4335441 (D. Idaho, December 7, 2007).]

When the general counsel for Melaleuca, Inc. saw some negative content someone had posted about the company on the Web site 43rdstateblues.com, he sent a cease and desist letter demanding the content be removed. The letter, however, did not accomplish its intended purpose. Instead, the site owner posted the entire letter.

Melaleuca did not give up, but just adapted its strategy. It served a DMCA subpoena [see 17 U.S.C. §512(h)] on the site, seeking to identify the person who posted the letter “so that [Melaleuca] might seek redress for copyright infringement.” Melaleuca claimed that its copyright rights in the letter were infringed when it was posted online. (Claiming copyright in cease and desist letters is not a new tactic.  See, e.g., here and here.) 

The website moved to quash the subpoena, asserting, among other things, that the letter was not subject to copyright protection, and that the failure by Melaleuca to establish a prima facie case of copyright ownership was fatal to the subpoena.

The court denied the motion to quash. The Web site had argued that Melaleuca could not own a copyright in the letter, according to 17 U.S.C. 102(b)’s exclusion of “any idea, procedure, process, system, method of operation, concept, principle or discovery” form copyright protection. But the court rejected that argument.

Declining to “go into an in-depth analysis of the merits of a copyright infringement claim in determining whether to quash [the] subpoena,” the court found that Melaleuca’s copyright registration in the letter was sufficient to establish ownership of a valid copyright.  As for alleged copying, the court found that posting of the entire letter was sufficient.

There are a couple of interesting observations to be made from this decision.  First, unlike cases in which plaintiffs seek to uncover the identity of anonymous defendants accused of defamation [see here], this court gave – relatively speaking – little inquiry into the merits of the plaintiff’s case.  Perhaps it felt that such an analysis was not necessary given that the Copyright Office had already determined copyrightable subject matter to exist (when it issued the registration certificate).

A second interesting question arises when one considers how the court might have ruled had the defendant asserted fair use as a basis for the motion to quash. (Doesn’t it seem like posting a cease and desist letter on the Internet, ostensibly for eliciting public ridicule, is a transformative use?) Given the fact intensive inquiry of a fair use analysis, the court would have probably reached the same conclusion, if anything to put off the factfinding until later.  But would a court do that in other cases where the offending, anonymous use is more obviously fair?     

Scroll to top