Category: Litigation

September 9, 2016 Litigation, Privacy

No liability for cable company that retained customer information in violation of law

Court essentially holds “no harm, no foul” in case involving violation of federal privacy statute. The case fails to provide an incentive for “privacy by design”.

Can a company that is obligated by law to destroy information about its former customers be held liable under that law if, after the contract with the customer ends, the company does not destroy the information as required? A recent decision from the United States Court of Appeals for the Eighth Circuit (which is located in St. Louis) gives some insight into that issue. The case is called Braitberg v. Charter Communications, Inc., — F.3d —, 2016 WL 4698283 (8th Cir., Sep. 8, 2016).

12493182714_859e827fe6_z

Plaintiff filed a lawsuit against his former cable company after he learned that the company held on to his personally identifiable information, including his social security number, years after he had terminated his cable service. The cable company was obligated under the federal Cable Communications Policy Act to “destroy personally identifiable information if the information is no longer necessary for the purpose for which it was collected.”

The lower court dismissed the lawsuit on the basis that plaintiff had not properly demonstrated that he had standing to bring the lawsuit. Plaintiff appealed to the Eighth Circuit. On review, the court of appeals affirmed the dismissal of the lawsuit.

The appellate court’s decision was informed by the recent Supreme Court decision in Spokeo, Inc. v. Robins, 136 S.Ct. 1540 (S.Ct. 2016), which addressed, among other things, the question of whether a plaintiff asserting violation of a privacy statute has standing to sue.

As a general matter, Article III of the Constitution limits the jurisdiction of the federal courts to actual “cases or controversies”. A party invoking federal jurisdiction must show, among other things, that the alleged injury is both “concrete and particularized” and “actual or imminent, not conjectural or hypothetical”.

In this case, the Court of Appeals found that plaintiff had not alleged an injury in fact as required under Article III and the Spokeo decision. His complaint asserted merely “a bare procedural violation, divorced from any concrete harm.”

The court’s opinion goes on to provide some examples of when the violation of a privacy statute would give rise to standing. It does this by noting certain things that plaintiff did not allege. He did not, for example allege that defendant had disclosed information to a third party, that any other party accessed the data, or that defendant used the information in any way after the termination of the agreement. Simply stated, he identified no material risk of harm from the retention. This speculative or hypothetical risk was insufficient for him to bring the lawsuit.

One unfortunate side effect of this decision is that it does little to encourage the implementation of “privacy by design” in the development of online platforms. As we have discussed before, various interests, including the federal government, have encouraged companies to develop systems in a way that only keeps data around for as long as it is needed. The federal courts’ unwillingness to recognize liability in situations where data is indeed kept around longer than necessary, even in violation of the law, does not provide an incentive for the utilization of privacy by design practices.

Braitberg v. Charter Communications, Inc., — F.3d —, 2016 WL 4698283 (8th Cir., Sep. 8, 2016)

Photo courtesy Flickr user Justin Hall under this Creative Commons license.

Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

August 5, 2015 Computer Crime, Litigation, Privacy

Facebook hacking victim’s CFAA and SCA claims not barred by statutes of limitation

Knowledge that email account had been hacked did not start the statutes of limitation clock ticking for Computer Fraud and Abuse Act and Stored Communications Act claims based on alleged related hacking of Facebook account occurring several months later.

Plaintiff sued her ex-boyfriend in federal court for allegedly accessing her Facebook and Aol email accounts. She brought claims under the Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (“CFAA”), and the Stored Communications Act, 18 U.S.C. § 2701, et seq. (“SCA”).

Both the CFAA and the SCA have two-year statutes of limitation. Defendant moved to dismiss, arguing that the limitation periods had expired.

The district court granted the motion to dismiss, but plaintiff sought review with the Second Circuit Court of Appeals. On appeal, the court affirmed the dismissal as to the email account, but reversed and remanded as to the Facebook account.

In August 2011, plaintiff discovered that someone had altered her Aol email account password. Later that month someone used her email account to send lewd and derogatory sexually-themed messages about her to people in her contact list. A few months later, similar things happened with her Facebook account — she discovered she could not log in in February 2012, and in March 2012 someone publicly posted sexually-themed messages using her account. She figured out it was her (now married) ex-boyfriend and filed suit.

The district court dismissed the claims because it found plaintiff first discovered facts giving rise to the claims in August 2011, but did not file suit until more than two years later, in January 2014. The Court of Appeals agreed with the district court as to the email account. She had enough facts in 2011 to know her Aol account had been compromised, and waited too long to file suit over that. But that was not the case with the Facebook account. The district court had concluded plaintiff knew in 2011 that her “computer” had been compromised. The Court of Appeals observed that the lower court failed to properly recognize the nuance concerning which computer systems were being accessed without authorization. Unauthorized access to the Facebook server gave rise to the claims relating to the Facebook account. The 2011 knowledge about her email being hacked did not bear on whether she knew her Facebook account would be compromised. The court observed:

We take judicial notice of the fact that it is not uncommon for one person to hold several or many Internet accounts, possibly with several or many different usernames and passwords, less than all of which may be compromised at any one time. At least on the facts as alleged by the plaintiff, it does not follow from the fact that the plaintiff discovered that one such account — AOL e-mail — had been compromised that she thereby had a reasonable opportunity to discover, or should be expected to have discovered, that another of her accounts — Facebook — might similarly have become compromised.

The decision gives us an opportunity to think about how users’ interests in having their data kept secure from third party access attaches to devices and systems that may be quite remote from where the user is located. The typical victim of a hack or data breach these days is not going to be the owner of the server that is compromised. Instead, the incident will typically involve the compromising of a system somewhere else that is hosting the user’s information or communications. This decision from the Second Circuit recognizes that reality, and contributes to the reasonable opportunity for redress in those situations.

Sewell v. Bernardin, — F.3d —, 2015 WL 4619519 (2nd Cir. August 4, 2015)

Evan Brown is an attorney in Chicago helping clients manage issues involving technology and new media.

May 8, 2015 Copyright, Litigation

Court will not order seizure of domain name in copyright infringement case

Plaintiffs – the owners of the copyright in photographs – sued defendants for copyright infringement over the unauthorized publication of photos on one of the business defendant’s websites that used the domain name <4umf.com>. The court awarded judgment and damages in plaintiffs’ favor when the business defendant defaulted.

Even after having received two extensions of time from the court, though, plaintifsf had not yet served the summons and complaint upon one of the individual defendants. The court ordered plaintiffs to show cause why the action should not be dismissed against that defendant for failure to serve him. In response, plaintiffs stated that despite diligent efforts, they could not identify or locate the individual plaintiff. So it asked the court – via a “motion to seize domain name” – to order the turnover of the <4umf.com> domain name for the purpose of uncovering the defendant’s true identity.

The court denied the motion. It found that plaintiffs had failed to demonstrate why the court should exercise auhority over the domain name as property subject to the court’s control and authority. It rejected plaintiffs’ attempts to liken the situation to other cases in which courts had ordered the seizure of domain names in trademark actions for over disputed domain names. “[S]eizures under the former circumstances were contemplated by the [Anticybersquatting Consumer Protection Act] to combat ‘cybersquatting.'”

The court also noted that seizure of copyrighted materials is a permissible remedy under the Copyright Act and has been granted by certain courts in some circumstances. But in this case, plaintiffs did not seek seizure pursuant to the Copyright Act § 503, nor did they seek impoundment or seizure in their complaint or motion for default. Plaintiffs sought only damages and attorneys’ fees, which the Court awarded.

Further, the court noted that plaintiffs were not seeking to reclaim their copyrighted material by seizing the six infringing photos, but rather the entirety of the domain name. The court was sympathetic – although plaintiffs may have had difficulty locating defendants and enforcing the default judgment, plaintiffs had not demonstrated why that entitled them to seizure of the whole domain name, or how seizing the domain name would facilitate identification or location of defendants or collection on the judgment. Even if seizure were appropriate at this late stage, it the court found that to be an overly broad remedy for the violations here.

BWP Media USA, Inc. v. NV Media Group, Inc., 2015 WL 2152679 (S.D.N.Y. May 6, 2015)

April 30, 2014 Contracts, Litigation

In software dispute, court enforces forum selection clause and transfers case from California to Michigan

Though parties often think of forum selection clauses as throwaway “boilerplate” language, a recent case demonstrates the influence such a clause can have on where litigation takes place.

Plaintiff sued defendant in California for fraud and other claims relating to the alleged defective performance of electronic medical records software. Defendant moved to transfer the matter to federal court in Michigan, based on a forum selection clause in the agreement that provided, in relevant part, that “[a]ny and all litigation arising from or relating to this Agreement will be filed and prosecuted before any court of competent subject matter jurisdiction in the State of Michigan.” Plaintiff objected to the motion, arguing that enforcement would violate California public policy in a number of ways. The court rejected plaintiff’s arguments and granted the motion to transfer.

Plaintiff argued that transfer would go against California’s public policy against unfair business practices, and would also be against the policy of incentivizing medical providers to adopt electronic medical records systems. The court rejected these arguments because plaintiff’s motion dealt with venue, i.e., where the lawsuit would occur, not which substantive law would apply. Given that the potential existed for the federal court in Michigan to consider whether California law should apply, transferring the case would not cut against public policy.

The court further rejected plaintiff’s argument that the forum selection clause was unconscionable, given that plaintiff did not dispute that she read the clause, and was a sophisticated party. Moreover, citing to language of the Supreme Court on the issue, the court refused to consider arguments about the parties’ private interests. “When parties agree to a forum-selection clause, they waive the right to challenge the preselected forum as inconvenient or less convenient for themselves or their witnesses, or for their pursuit of the litigation.”

East Bay Women’s Health, Inc. v. gloStream, Inc., 2014 WL 1618382 (N.D.Cal. April 21, 2014)

Evan Brown is an attorney in Chicago, advising clients on matters dealing with technology, the internet and new media. Follow him on Twitter @internetcases

Related:

[This is a cross post from the InfoLawGroup blog.]

January 30, 2014 Copyright, Evidence, Litigation

Does publication on the web give rise to “access” in copyright infringement analysis?

2003lookbackPlaintiff sued defendant for copyright infringement. Defendant moved for judgment on the pleadings (which is essentially the same thing as a motion to dismiss for failure to state a claim except it is after defendant files an answer). Defendant asserted that plaintiff had not pled copyright infringement because under the Seventh Circuit’s “substantial similarity” test to demonstrate infringement, plaintiff had not pled defendant had “access” to the allegedly infringed work.

The court rejected defendant’s argument and denied the motion for judgment on the pleadings on this issue.

In some copyright infringement cases, a plaintiff may not have direct evidence that the defendant committed infringement. In those situations, a finder of fact may infer that infringement has occurred when it is shown that:

  • the defendant had access to the copyrighted work; and
  • the accused work is substantially similar to the copyrighted work.

In this case, defendant argued it never had access to plaintiff’s designs that it was alleged to have infringed. But the court considered the online publication, 11 years ago, of plaintiff’s designs, to find access for purposes of the motion for judgment on the pleadings:

With regard to online publication, in 2003, [plaintiff] first published the [allegedly infringed work] at [its website]. The Internet already was widely used and accessible at that time. Because the non-movant is entitled to reasonable favorable inferences in evaluating a motion for judgment on the pleadings, the online publication is enough to establish access for purposes of denying [defendant’s] motion for judgment on the pleadings.

The court’s decision provides no meaningful analysis as to why publication on the web gives rise to access. It states the finding above in such a conclusory manner as if to indicate it sets forth some per se rule. But one is left to wonder whether other factual nuance would change the answer to the inquiry: What if publication were in 1993 rather than 2003, at a time when many, many fewer people were on the web? What if the publication were behind a paywall for which defendant had no authorization to pass? What if defendant pled it did not utilize the web for this sort of information, or, even more compellingly, not at all?

Skyline Design, Inc. v. McGrory Glass, Inc., 2014 WL 258564 (N.D.Ill. January 23, 2014)

January 27, 2014 Litigation, Miscellaneous

Judge who sent Facebook friend request to wife in pending divorce proceeding should have been disqualified

facebook-friend-request-446x298While a divorce case was pending, the judge overseeing the case sent the wife a Facebook friend request. The wife did not accept the request. Thereafter, the judge entered a final judgment that was more favorable to the husband. After the wife found out about other cases in which the judge had reached out to litigants through social media, she filed a motion to disqualify the judge. The judge refused to disqualify herself.

The wife sought review with the appellate court. On appeal, the court reversed and remanded, holding that the judge should have disqualified herself:

The “friend” request placed the litigant between the proverbial rock and a hard place: either engage in improper ex parte communications with the judge presiding over the case or risk offending the judge by not accepting the “friend” request.

Moreover, the court found the problem of friending a party in a pending case “of far more concern” than a judge’s Facebook friendship with a lawyer. Forbidding judges and counsel to be Facebook friends, especially in smaller counties with tight-knit legal communities, would be unworkable. But with a friend request from the judge, a party has a “well founded fear” of not receiving a fair and impartial trial.

Chace v. Loisel, — So.3d —, 2014 WL 258620 (Fla.App. 5 Dist. January 24, 2014)

September 25, 2013 Copyright, DMCA, Litigation

Court refuses to help author who was victim of alleged bogus DMCA takedown notices

Author and her publisher disagreed on the content of two of the author’s new books. (As an aside, this author is very prolific — she alleges that she publishes a new book every two weeks!) So rather than deal with publisher, author self-published the works on Amazon. Publisher sent DMCA takedown notices to Amazon, with which Amazon complied. Author sued publisher under Section 512(f) of the DMCA, which provides penalties against senders of DMCA takedown notices that knowingly materially misrepresent claims of infringement. She sought a temporary restraining order (TRO), asking the court to instruct publisher to tell Amazon to make the works available.

The court denied the TRO motion. It found that author had failed to show she would suffer irreparable harm if the works were not put back on the market. In the court’s view, author failed to show how a temporary delay in sales would affect her reputation or goodwill.

The case presents an interesting issue concerning a party’s right to send a DMCA takedown notice. Author alleges that her agreement with publisher provided she owns the copyright in her works, and that publisher merely has a right of first refusal to publish any “sequels” to her previous works. So if what author is saying is true, that publisher does not have a copyright interest in the books but merely a contract interest, she stands a good chance, ultimately, on her 512(f) claim.

Flynn v. Siren-BookStrand, Inc., 2013 WL 5315959 (September 20, 2013)

July 25, 2013 Copyright, Litigation

Court slaps Prenda client with more than $20,000 in defendant’s costs and attorney’s fees

AF Holdings, represented by infamous copyright trolls Prenda Law, voluntarily withdrew its copyright infringement claims against the defendant, an alleged BitTorrent infringer. Defendant sought to recover his costs and attorney’s fees pursuant to the Copyright Act, which provides that:

In any civil action under this title, the court in its discretion may allow the recovery of full costs by or against any party other than the United States or an officer thereof. Except as otherwise provided by this title, the court may also award a reasonable attorney’s fee to the prevailing party as part of the costs.

The court found that all factors for an award of costs and attorney’s fees weighed in defendant’s favor:

  • Degree of success: There was no dispute that defendant completely prevailed in the case.
  • Frivolousness/Objective Unreasonableness: Plaintiff’s case was frivolous and objectively unreasonable in that it never presented any evidence (although it had the opportunity to do so) to support its claim that it had standing to assert a claim for copyright infringement. Moreover, the court found that plaintiff did not do a proper investigation to determine defendant was the one in the household who committed the alleged infringement. Instead, it simply alleged that he fit the best demographic of one who would infringe.
  • Motivation: The court found that it did not appear plaintiff was motivated to protect the copyright at issue, but merely to coerce settlements.
  • Compensation/Deterrence: The court awarded fees as a deterrent to copyright trolls everywhere: other persons or entities that might contemplate a similar business model that is not intended to protect copyrighted work but instead designed to generate revenues through suits and coerced settlements.
  • Furthering the Purpose of the Copyright Act: The primary objective of the Copyright Act is to encourage the production of original literary, artistic, and musical expression for the good of the public. But here, the court found, plaintiff had not acted to protect original expression but rather to capitalize on coerced settlements.

Based on these factors, and after considering the number of hours spent and the hourly rate of defendant’s counsel, the court ordered plaintiff to pay $19,420.38 in attorney’s fees and $3,111.55 in costs (mainly for electronic discovery and deposition costs). Copyright trolls be warned.

AF Holdings LLC v. Navasca, 2013 WL 3815677 (N.D.Cal. July 22, 2013)

May 22, 2013 Ethics, Litigation

Judge who was Facebook friends with victim’s father did not have to recuse himself

Case provides valuable guidance to judges on how to responsibly handle social media connections and communications.

Judge sent defendant to prison for assaulting defendant’s girlfriend. Defendant appealed his sentence claiming, among other things, that the judge was not impartial, given that the judge was Facebook friends with the girlfriend-victim’s father, and that the two of them had communicated through Facebook’s private message feature. The appellate court held that the judge did not err by not recusing himself.

The appellate court found that no rule prohibited the judge from being Facebook friends with the victim’s father. And the judge followed the proper procedure concerning the private message by:

  • discontinuing reading it once he realized it pertained to the case
  • warning the victim’s father not to communicate ex parte in that manner
  • printing the message out and placing it in the case file
  • notifying counsel for the parties

Moreover, the private message was not adverse to defendant, but actually asked for leniency. On these facts, the court found an insufficient showing of bias to find reversible error.

Youkers v. State, — S.W.3d —, 2013 WL 2077196 (Tex.App. May 15, 2013)

May 8, 2013 Copyright, Litigation

Are courts wising up to BitTorrent copyright trolls?

BitTorrent copyright trolling continues despite Prenda Law’s self-implosion. But there is hope that courts are coming to their senses.

Earlier this week Judge Wright issued a Hulk smash order lambasting the tactics of notorious copyright troll Prenda Law and finding, among other things, that the firms’ attorneys’ “suffer from a form of moral turpitude unbecoming an officer of the court.”

Though Prenda Law’s copyright trolling days may be numbered, it is still too early to announce the death of BitTorrent copyright trolling. Copyright plaintiffs are still filing lawsuits against swarms of anonymous accused infringers, and courts are still allowing those plaintiffs to seek early discovery of John Does’ names.

But there is reason to believe that courts are recognizing the trolls’ disingenuous efforts to join scores of unknown defendants in a single action. Last week, a federal court in Ohio (in Voltage Pictures, LLC v. Does 1-43, 2013 WL 1874862) expressly recognized the concern that some production companies have been “misusing the subpoena powers of the court, seeking the identities of the Doe defendants solely to facilitate demand letters and coerce settlements, rather than ultimately serve process and litigate the claims.” Likewise, the court recognized that other BitTorrent plaintiffs have abused the joinder rules to avoid the payment of thousands of dollars in filing fees that would be required if the actions were brought separately.

So the court issued an ominous warning. Though it found that at this preliminary stage it was appropriate to join all 43 accused swarm participants in a single action, the court noted that “[s]hould [it] find that plaintiff has abused the process of joinder, the individual John Doe defendants may be entitled to — in addition to a severance — sanctions from plaintiff, under [the applicable rule or statute] or the Court’s inherent powers.” The court went on to warn that “[w]hile the Court will not automatically hold plaintiff responsible for the alleged abuses of others in its industry, it will not hesitate to impose sanctions where warranted.”

Though it has taken several years of abusive and extortion-like litigation brought by BitTorrent copyright trolls, we may be entering an era where courts will be more willing to require these trolls to show the courage of their convictions. No doubt we have Prenda Law and its possibly-unlawful tactics to thank mostly for this crackdown. Prenda had a good thing going (from its perspective, of course). Too bad it did not abide by the timeless maxim, “pigs get fed, hogs get slaughtered.”

Scroll to top