November 27, 2012 Litigation, Privacy

Email privacy is weak even with court oversight

Huntington Ingalls Inc. v. Doe, 2012 WL 5897483 (N.D. Cal. November 21, 2012)

A federal court in California has allowed a party to subpoena Google to learn the identity of a Gmail account owner, even though that owner did nothing to involve himself in the dispute.

A contractor that plaintiff hired accidentally emailed “property” belonging to plaintiff to the wrong email address. (The court’s opinion is not clear on the nature of this “property,” but we are safe in assuming it was some sort of proprietary information.) Plaintiff sent messages to the Gmail account seeking return of the property, but the unknown account owner did not respond.

Plaintiff filed suit in federal court against the anonymous account holder (John Doe) seeking declaratory and injunctive relief (i.e., to get the property back). Since plaintiff did not know Doe’s identity, it sought expedited discovery so that it could subpoena Google for the identifying information.

email

The court granted the motion for leave to send the subpoenas. It found that:

  • without the subpoena, plaintiff would have no other way to obtain “this most basic information”
  • the subpoena was the exclusive means available to plaintiff to protect its property interest
  • plaintiff’s proposed procedure guarded Doe’s due process rights by requiring Google to give Doe notice of the subpoena and an opportunity to object

The court’s opinion shows how any privacy interest in one’s email account information is tenuous at best. In this situation, the target of the unmasking efforts was, as they say, minding his own business, not doing anything to inject himself into any dispute.

Moreover, unlike many previous cases in which courts have required the party seeking discovery of an anonymous party’s identity to put forth facts showing it has a good case, there was no claim here that Doe did anything wrong. Instead, it was the sender’s mistake. One could find it unsettling to know that other peoples’ errors could cause a court to order his or her identity to be publicly revealed.

Photo courtesy Flickr user Bart Heird under this Creative Commons license.

November 21, 2012 Computer Crime, Electronic Discovery

Court allows expedited discovery to identify website hijackers

Indigital Solutions, LLC v. Mohammed, 2012 WL 5825824 (S.D.Tex. November 15, 2012)

Plaintiffs alleged that one or more unknown defendants used malware to gain access to plaintiffs’ email account, web hosting account and domain registration account. From a message in plaintiffs’ email account, the defendants acquired an image of one of the plaintiff’s signature, which defendants used to forge a domain name transfer agreement. Plaintiffs sued under the Computer Fraud and Abuse Act and other theories. They sought leave to take expedited discovery to learn the identity of the unknown defendants. The court granted the motion.

The court found that plaintiffs had made a prima facie showing of harm by setting forth a valid claim under the Computer Fraud and Abuse Act. The discovery request was specific, in that they sought third party subpoenas to specified recipients seeking particular information. All alternative means of discovering the defendants had been exhausted, and the case could not move forward without the information. And the court found no privacy interest on the part of the defendants to be at stake, especially given the evidence that the defendants were not U.S. citizens, thus not subject to any First Amendment interest in anonymity.

November 20, 2012 Employment

Facebook activity did not support claim that employee solicited former employer’s clients

About the Author: Evan Brown is a Chicago technology and intellectual property attorney. Need assistance? Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases.

Invidia, LLC v. DiFonzo, 2012 WL 5576406 (Mass.Super. October 22, 2012)

Defendant hairstylist signed an employment agreement with plaintiff that restricted her from soliciting any of plaintiff’s clients or customers for 2 years. Four days after she quit plaintiff’s salon, her new employer announced on Facebook that defendant had come on board as a stylist. One of defendant’s former clients left a comment to that post about looking forward to an upcoming appointment.

stylist

Either before or after she left plaintiff’s employ (the opinion is not clear about this), defendant had become Facebook friends with at least 8 of the customers she served while working for plaintiff.

Plaintiff sued for breach of contract and sought a preliminary injunction. The court denied the motion, in part because plaintiff failed to show evidence that defendant had violated the nonsolicitation provision.

The court found that it did not constitute solicitation of plaintiff’s customers to post a notice on Facebook that defendant was beginning work at a new salon. The court said it would have viewed it differently had plaintiff contacted a client to tell her that she was moving to a new salon, but there was no evidence of any such contact.

As for having clients as Facebook friends, the court noted that:

[O]ne can be Facebook friends with others without soliciting those friends to change hair salons, and [plaintiff] has presented no evidence of any communications, through Facebook or otherwise, in which [defendant] has suggested to these Facebook friends that they should take their business to her chair at [her new employer].

See also, TEKsystems, Inc. v. Hammernick.

Photo courtesy Flickr user planetc1 under this Creative Commons license

November 19, 2012 Electronic Discovery, Litigation, Privacy

Trial court erred in ordering defendant to turn over his iPhone in ediscovery dispute

AllianceBernstein L.P. v. Atha, — N.Y.S.2d —, 2012 WL 5519060 (N.Y.A.D. 1 Dept., November 15, 2012)

Plaintiff sued its former employee for breach of contract alleging he took client contact information on his iPhone when he left the job. The trial court ordered defendant to turn the iPhone over to plaintiff’s counsel so plaintiff could obtain the allegedly retained information.

Defendant sought review of the discovery order. On appeal, the court reversed and remanded.

The appellate court found that the lower court’s order that defendant turn over his iPhone was beyond the scope of plaintiff’s request and was too broad for the needs of the case. Ordering production of defendant’s iPhone (which, the court observed, has built-in applications and internet access) “was tantamount to ordering the production of his computer.” The iPhone would disclose irrelevant information that might include privileged communications or confidential information.

So the court ordered that the phone and a record of the device’s contents be delivered to the court for an in camera review to determine what, if any information contained on the phone was responsive to plaintiff’s discovery request.

November 17, 2012 First Amendment, Privacy

Court won’t ban Gawker from posting Hulk Hogan sex tape

Bollea v. Gawker Media, LLC, 2012 WL 5509624 (M.D.Fla. November 14, 2012)

A few years ago someone surreptitiously filmed Hulk Hogan cavorting in bed with a woman not his wife. Gawker got a copy through an anonymous source and posted a minute of excerpts on gawker.com. (I’m not linking to it but it’s easily accessible. Just be warned, it’s extremely NSFW.)

Hulk sued in federal court alleging various invasion of privacy claims. He sought a preliminary injunction against Gawker continuing to make the video available. The court denied the motion, finding such an injunction to be an unconstitutional prior restraint on Gawker’s free speech right.

Gawker conceded that Hulk had a right of privacy in the contents of the tape, but argued that Gawker’s First Amendment rights outweighed the privacy interest.

The court found that Hulk failed to satisfy his heavy burden to overcome the presumption that a preliminary injunction would be an unconstitutional prior restraint under the First Amendment. Hulk’s public persona, including the publicity he and his family derived from his reality show, his own book describing an affair he had during his marriage, prior reports by other parties of the existence and content of the tape, and Hulk’s own public discussion of issues relating to his marriage, sex life, and the tape all demonstrated, in the court’s view, that the tape was a subject of general interest and concern to the community.

And he failed to show that he would suffer irreparable harm from the publication. The court’s decision on this point was based in part on the fact that mere embarassment was not enough to satisfy the irreparable harm standard. Moreover, the court found this to be a case where the “cat is out of the bag,” so it was not apparent that a preliminary injunction would do anything to help.

November 15, 2012 Electronic Discovery, Privacy

Court orders in camera review of injured plaintiff’s Facebook content

Richards v. Hertz Corp., — N.Y.S.2d —, 2012 WL 5503841 (N.Y.A.D. 2 Dept. November 14, 2012)

Plaintiff sued defendant for personal injury. Defendant saw a photo plaintiff had publicly posted on Facebook of herself skiing. When defendant requested plaintiff to turn over the rest of her Facebook content (presumably to find other like-pictures which would undermine plaintiff’s case), plaintiff sought a protective order. The trial court granted the motion for protective order, but required plaintiff to turn over every photo she had posted to Facebook of herself engaged in a “sporting activity”.

woman skiing

Defendants appealed the entry of the protective order. On review, the appellate court reversed and remanded, finding that defendants had made a showing that at least some of the discovery sought would result in the disclosure of relevant or potentially relevant evidence.

But due to the “likely presence” of private and irrelevant information in plaintiff’s account, the court ordered the information be turned over to the judge for an in camera review prior to disclosure to defendants.

Whether the plaintiff effectively preserved her Facebook account information may be an issue here. The facts go back to 2009. One is left to wonder whether and to what extent plaintiff has not gone back and deleted information from her account which would bear on the nature and extent of her injuries. It goes to show that social media discovery disputes can take on a number of nuances.

Photo courtesy Flickr user decafinata under this Creative Commons license.

October 30, 2012 Copyright, DMCA

Court rules against Ripoff Report in copyright case

Xcentric Ventures, LLC v. Mediolex Ltd., 2012 WL 5269403 (D.Ariz. October 24, 2012)

Plaintiff Xcentric Ventures provides the infamous Ripoff Report, a website where consumers can go to defame complain about businesses they have dealt with. Defendant ComplaintsBoard.com is a similar kind of website.

Ripoff Report’s Terms of Service provide that users grant Ripoff Report an exclusive license in the content they post to the site. Based on this right, Xcentric sued various defendants associated with ComplaintsBoard for “encourag[ing] and permit[ing] consumers to post content that has been exclusively licensed to Xcentric.”

Defendants moved to dismiss the copyright infringement claim, asserting they were protected by the safe harbor provision of the Digital Millennium Copyright Act (“DMCA”). The court granted the motion to dismiss, but not because of the DMCA.

DMCA Analysis

The safe harbor provision of the DMCA states that a “service provider shall not be liable for monetary relief” if all of the following requirements are met:

(1) it does not have actual knowledge that the material on its network is infringing;

(2) it is not aware of facts or circumstances that would make the infringing activity apparent;and

(3) upon obtaining knowledge or awareness of such infringing activity, it acts expeditiously to remove or disable access to the copyrighted material.

In this case, Xcentric alleged that defendants actively “encouraged and permitted” copyright infringement by ComplaintsBoard users. The court held that this allegation, if taken as true, could be sufficient to preclude defendants from taking advantage of the DMCA’s safe harbor provisions.

But the court went on to hold that Xcentric had failed to state a copyright claim on which relief may be granted.

Secondary Liability Insufficiently Pled

Xcentric did not allege that defendants directly infringed copyright. Instead, it alleged that by encouraging and permitting users to copy and republish material, ComplaintsBoard was engaged in secondary infringement — either vicarious or contributory infringement.

To state a claim for contributory copyright infringement, Xcentric had to plead that ComplaintsBoard had knowledge of the infringing activity and induced, caused, or materially contributed to the infringing conduct of its users. The court found that Xcentric had not alleged any facts that would lead to a reasonable inference that defendants knew of their users’ republishing Xcentric’s copyrighted content or that defendants had induced, caused, or materially contributed to such republication.

To successfully plead vicarious infringement, Xcentric had to show that defendants had the right and ability to supervise the infringing activity and also had a direct financial interest in those activities. The court found that Xcentric had not put forward enought facts to show that defendants had the right and ability to supervise the infringing activity.

October 24, 2012 Computer Crime, Privacy

Class action against Path faces uphill climb

Hernandez v. Path, Inc., 2012 WL 5194120 (N.D.Cal. October 19, 2012)

uphill path

Earlier this year plaintiff filed a class action lawsuit against photo app provider Path, alleging ten claims relating to Path’s alleged surreptitious collecting of mobile device address books and installation of tracking software. Path moved to dismiss the lawsuit for lack of standing and for failure to state a claim. The court held that plaintiff had standing to pursue the case, but dismissed some of the claims.

Standing

The court found that alleged depletion of “two to three seconds of battery capacity” was de minimus and thus not sufficient to support the injury-in-fact plaintiff was required to show. Citing to the fairly recent case of Krottner v. Starbucks, the court found that the hypothetical threat of future harm due to a security risk to plaintiff’s personal information was insufficient to confer standing. The only basis on which the court found there to be a sufficient claim of injury to support standing was the (hard to believe) claim by plaintiff that he would have to spend $12,500 to pay a professional to remove the Path app and related data from his phone.

The Dismissed Claims

The court dismissed for failure to state a claim (with leave to amend) plaintiff’s claims under the Electronic Communications Privacy Act (ECPA), Stored Communications Act (SCA), California wiretapping statute, state common law privacy, conversion and trespass.

ECPA and California Wiretapping Statute Claim. The court dismissed the ECPA and California Wiretapping Statute claims, finding that the complaint did not allege that Path intercepted any communication contemporaneous with its transmission. At best (from plaintiff’s perspective), it appears that Path gathered information on social networking sites after it was transmitted. And the uploading of the address books does not appear to have qualified as a communication under these statutes.

SCA Claim. The SCA claim failed “on multiple fronts.” Plaintiff was not a provider of electronic communication services and his iPhone was not a facility through which such service was provided. So Path’s alleged access did not come within the prohibition of the SCA. Moreover, the address books were not communications to which the SCA applied, because they were not in “electronic storage” as defined by the SCA, namely, being in temporary, intermediate storage incidental to their electronic transmission. (We see a similar issue in the recent Jennings case from South Carolina.)

State Common Law Privacy. This claim would have required plaintiff to show (1) public disclosure (2) of private facts (3) which would be offensive and objectionable to the reasonable person and (4) which is not of legitimate public concern. The court found there was no public disclosure, only Path’s storage of data on its servers.

Conversion. Under California law, to be successful on a claim of conversion, plaintiff would have had to plead and prove “ownership or right to possession of property, wrongful disposition of the property right and damages.” The court dismissed this claim because plaintiff pled only that Path copied the data, not dispossessing him of it. (As an aside, it’s this very point that underscores my common admonition to copyright maximalists that infringement is not “theft,” because theft involves dispossession. End of digression.)

Trespass. The California common law action of trespass in the computer context requires a plaintiff to show that (1) defendant intentionally and without authorization interfered with plaintiff’s possessory interest in a computer system; and (2) defendant’s unauthorized use proximately resulted in damage to plaintiff. The tort “does not encompass … an electronic communication that neither damages the recipient computer system nor impairs its functioning.” Intel v. Hamidi, 30 Cal.4th 1342 (Cal. 2003). In this case, plaintiff did not allege that the functioning of his mobile device was significantly impaired to the degree that would enable him to plead the elements of a trespass. The court found that any depletion of his mobile device’s finite resources was a de minimis injury. (See the standing analysis above.)

The Remaining Claims

The claims for violations of the California Computer Crime Law, Californa’s Unfair Competition Law (Section 17200), negligence and unjust enrichment remain in the case.

California Computer Crime Law. Based on the limited briefing, the court could not conclude as a matter of law whether Path’s alleged conduct fell outside this statute. The question remains whether providing the app which plaintiff voluntarily downloaded and installed on his iPhone provided undisclosed software code that surreptitiously transferred plaintiff’s data.

Californa’s Unfair Competition Law. This statute prohibits “any unlawful, unfair or fraudulent business act or practice.” The court found that the conduct alleged in the complaint, if true, constituted an unlawful or unfair act or practice within the meaning of the statute. It found that plaintiff had failed to allege any fraudulent practice, but since plaintiff met the first two prongs (unlawfulness and unfairness), the claim survived.

Negligence. Plaintiff alleged that Path owed a duty to plaintiff to protect his personal information and data property and take reasonable steps to protect him from the wrongful taking of such information and the wrongful invasion of privacy. Path allegedly breached this duty by, among other things, accessing and uploading data from plaintiff’s phone, storing that data in an unsecure manner, and transmitting the data to third parties. Path relied on In re iPhone Application Litigation to argue it had no duty to plaintiff. In that decision, Judge Koh held that plaintiffs had not yet adequately pled or identified a legal duty on the part of Apple to protect users’ personal information from third-party app developers. This case was different because Path was a third party developer. Despite the existence of a duty, plaintiff’s claims of damages (here’s the $12,500 repair bill issue again) will likely face substantial challenges as the case progresses.

Unjust Enrichment. Path argued that unjust enrichment was not a cause of action under California law. The court cited to cases suggesting that California law does indeed recognize such a claim and kept in in this case.

Photo credit Flickr user stormwarning under this Creative Commons license.

October 18, 2012 First Amendment

Eighth Circuit rules against students’ free speech claim over offensive website

S.J.W. v. Lee’s Summit R-7 School District, No. 12-1727 (8th Cir. October 17, 2012)

Plaintiffs (twin brothers) created a blog that contained offensive, racist and sexually explicit content targeting their high school classmates by name. The school district suspended the brothers for 180 days. Plaintiffs got a preliminary injunction against the suspension, and the school district sought review with the Eighth Circuit. On appeal, the court reversed, and ordered that the suspension should not have been halted by the injunction.

students talking

The court held that under the Tinker analysis (Tinker is the leading case from the Supreme Court dealing with student free speech), the blog posts could reasonably have been expected to reach the school or impact the environment. Paired with the considerable disturbance and disruption at school because of the content, the court found that the lower court improperly held that the plaintiffs would have a successful First Amendment argument.

Moreover, the appellate court held that the plaintiffs had not shown irreparable harm from their suspension. They were able to enroll at another local accredited school, and the harm to their future music careers from not being able to try out for band was merely speculative.

Photo courtesy Flickr user davitydave under this Creative Commons license.

Scroll to top