July 27, 2011 Computer Crime

Computer Fraud and Abuse Act case against hard drive destroying director goes forward

Deloitte & Touche LLP v. Carlson, 2011 WL 2923865 (N.D. Ill. July 18, 2011)

Defendant had risen to the level of Director of a large consulting and professional services firm. (There is some irony here – this case involves the destruction of electronic data, and defendant had been in charge of the firm’s security and privacy practice.)

After defendant left the firm to join a competitor, he returned his work-issued laptop with the old hard drive having been replaced by a new blank one. Defendant had destroyed the old hard drive because it had personal data on it such as tax returns and account information.

The firm sued, putting forth a number of claims, including violation of the Computer Fraud and Abuse Act (CFAA). Defendant moved to dismiss for failure to state a claim upon which relief can be granted. The court denied the motion.

Defendant argued that the CFAA claim should fail because plaintiff had not adequately pled that the destruction of the hard drive was done “without authorization.” The court rejected this argument.

The court looked to Int’l Airport Centers LLC v. Citrin, 440 F.3d 418 (7th Cir. 2006) for guidance on the question of whether defendant’s alleged conduct was “without authorization.” Int’l Airport Centers held that an employee acts without authorization as contemplated under the CFAA if he or she breaches a duty of loyalty to the employer prior to the alleged data destruction.

In this case, plaintiff alleged that defendant began soliciting another employee to leave before defendant left, and that defendant allegedly destroyed the data to cover his tracks. On these facts, the court found the “without authorization” element to be adequately pled.

June 21, 2011 Litigation

Prosecutor’s Facebook postings did not warrant overturning conviction

State v. Usee, 2011 WL 2437271 (Minn. App. June 20, 2011)

A jury convicted defendant of attempted murder and other violent crimes. He asked the court for a Schwartz hearing (which is what they call these things in Minnesota) to evaluate whether a posting by the prosecutor on her public Facebook page improperly influenced the jury. According to affidavits that defendant submitted to the court, the prosecutor made the culturally insensitive remark that she was keeping the streets safe from Somalis.

The trial court denied the motion for a Schwartz hearing. Defendant sought review. On appeal, the court affirmed the denial of the motion.

It held that there was no evidence that the Facebook posting led to any jury misconduct. The jurors had been instructed not to research the case. (And we all know that jurors take those instructions seriously, right?) Any harm to defendant’s interests, the court found, would merely be speculative.

June 20, 2011 Computer Crime, Privacy

Court upholds criminal intimidation conviction over threats to distribute sexually explicit photo

State v. Noll, 2011 WL 2418895 (Ind. App. June 14, 2011) (Not selected for publication)

Defendant used a sexually explicit photo of the victim in an attempt to gain leverage in an intra-family dispute. She handed an envelope containing the photo to the victim, and indicated she would begin distributing the photo if certain demands were not met.

Defendant was convicted of intimidation under Indiana law. She sought review of her conviction. On appeal, the court affirmed.

One of the arguments that defendant made on appeal was that there was no intimidation because distribution of the photo to persons such as the victim’s husband or co-workers would not subject her to hatred, contempt, disgrace or ridicule as required by the Indiana statute. Defendant pointed out that the victim had posted the sexually explicit photo of herself at issue on the web five years earlier. So in essence, defendant argued, further distribution would do the victim no harm.

The court rejected this argument, finding:

The fact that [victim] already publicized the material herself certainly merits consideration, but is not alone determinative because publicizing material to a particular audience does not necessarily mean that further, targeted, publication would not lead to hatred, contempt, disgrace, or ridicule. In other words, we consider [victim’s] posting of these photographs online in the past as it might mitigate reputational consequences of [defendant] mailing the photographs to others. Although internet websites are of an unusually public and long-lasting nature, we also recognize that making an obscure set of photographs available online is qualitatively different in nature from directly mailing the same photographs as hard-copies addressed to a particular individual or company. [Victim’s] husband or employer could have discovered [victim’s] prior internet posting of the photographs, but a direct mailing is certain to reach them.

The court similarly rejected defendant’s argument that because the victim had posted the photo on the web before, she had no reasonable expectation of privacy in the photo and thus could not be the subject of intimidation. The court disagreed with the analogy to the Fourth Amendment expectation of privacy because in this case, the privacy interest was the victim’s, not the defendant’s. So use of such an analogy might “misdirect [the court] from the determinative issue of whether she would be exposed to reputational consequences.”

June 16, 2011 Evidence, Trademarks, Unfair Competition

Customer reviews on social media provide important evidence in trademark dispute

Chipotle Mexican Grill, Inc. v. Chipotles Grill of Jonesboro, Inc., 2011 WL 2292357 (E.D. Ark. June 9, 2011)

The awesome burrito place Chipotle sued another restaurant that called itself Chipotles for trademark infringement. Plaintiff sought a preliminary injunction. The court granted the motion.

One of the most important factors in the court’s decision to grant injunctive relief was the plaintiff’s showing that it will likely succeed on the merits of the case. In a trademark infringement action, that analysis takes the form of the likelihood of confusion analysis.

Among the factors that a court should consider in determining whether there is a likelihood of confusion is whether there has been any actual confusion among members of the consuming public. In this case, the court found that the evidence plaintiff submitted of actual confusion was “substantial.”

In addition to a number of emails that customers had sent to plaintiff, the court looked to a couple of customer review sites — urbanspoon.com and Yahoo’s associatedcontent.com — each of which contained customer reviews that erroneously linked plaintiff and defendant. The court found this to constitute actual confusion, which could not be remedied even through reasonable care on the part of the consumers.

The case gives a good example of how companies (and their competitors) should be aware of how their brands appear in social media. Evidence of actual confusion is a powerful tool for a trademark plaintiff (and a potentially damning one for a trademark defendant). Smart companies will ensure they remain aware of how their marks and overall brand identity are being put forth, even off the beaten path on the web.

Evan Brown is a Chicago-based attorney practicing technology and intellectual property law. Send email to ebrown@internetcases.com, call (630) 362-7237, or follow on Twitter at @internetcases.

June 15, 2011 Computer Crime

Violent posts on social media profile determined to be threats

This is a post by Jonathan Rogers. Jon is a licensed attorney in California, with a focus on technology and entertainment law. You can reach him by email at jon@jonarogers.com or follow him on Twitter at @jonarogers.

Holcomb v. Com., — S.E.2d —, 2011 WL 2183100 (Va.App., Jun 07, 2011)

Appellant challenged his conviction over posts he made to MySpace on his profile page, arguing that they did not constitute the knowing communications of a threat. He argued that MySpace posts were not the type of communication contemplated by the statute, and his postings did not constitute a threat. Appellant posted violent original lyrics which were clearly about his child’s mother.

Appellant had been convicted under a provision of Virginia law that provides:

Code § 18.2–60(A)(1):

Any person who knowingly communicates, in a writing, including an electronically transmitted communication producing a visual or electronic message, a threat to kill or do bodily injury to a person, regarding that person or any member of his family, and the threat places such person in reasonable apprehension of death or bodily injury to himself or his family member, is guilty of a Class 6 felony.

Appellant argued that he did not knowingly communicate the posts within the meaning of the statute because he posted them through his profile, which was available for anyone to view, as opposed to a communication aimed directly at the victim. The court found that there was no requirement that a threat be communicated directly to the intended victim. It instead focused on the fact that an “electronically transmitted communication” produced a “visual or electronic message” that could be viewed by anyone accessing the MySpace profile. It was enough that the victim was able to identify herself based on the references in his posts and that the appellant knew the victim had access to the profile. In fact, the court found, he knew she had viewed it previously.

Appellant’s second argument was that the posts were not threats under the statute. He argued they were lyrics which he had a history of writing and posting on his profile. The court disagreed, finding that because of specific references to the victim, and the unusual subject matter of the lyrics, the post contained statements that would place the victim in “reasonable apprehension of death or bodily injury.” The court pointed to actions taken by the victim, including moving in with her parents, and her testimony that she felt scared after seeing the postings.

The court found the online postings to MySpace where threats which placed apprehension in the victim. So the court upheld the convictions.

June 14, 2011 Copyright, Electronic Discovery, Privacy

Court deals blow to anonymous Bittorrent defendants’ efforts to challenge subpoenas

West Coast Productions v. Does 1 – 5,829, — F.Supp.2d —, 2011 WL 2292239 (D.D.C. June 10, 2011)

The judge in one of the well-known mass copyright cases filed by Dunlap, Grubb & Weaver a/k/a U.S. Copyright Group (West Coast Productions v. Does 1 – 5,829) has issued an order denying motions to quash filed by several of the unnamed defendants. Plaintiff had served subpoenas on the ISPs associated with the IP addresses allegedly involved in Bittorrent activity, seeking to learn the identity of those account holders.

The ruling is potentially troubling because the court refused to even consider the arguments presented by those anonymous parties who did not reveal their identity in connection with the motion to quash. Such an approach undermines, and indeed comes close to refusing altogether to recognize any privacy interest that a person may have concerning his or her ISP account information.

The court observed that the Federal Rules of Civil Procedure require that a party must identify himself or herself in the papers filed with the court. In some situations, however, a court may grant a “rare dispensation” of anonymity after taking into account the risk of unfairness to the party seeking anonymity as well as the general presumption of openness in judicial proceedings.

In this case, the court noted that other courts had “uniformly held that the privacy interest in [ISP account] information is minimal and not significant enough to warrant the special dispensation of anonymous filing.”

Absent from the court’s analysis was the potential for harm to defendants who were the subject of these subpoenas but might have the ability to demonstrate (anonymously) that they were not involved. In cases involving adult content, in particular, the harm of being publicly associated with that content — even if the association turns out to be in error — is one that should not be disregarded in this way. Moreover, taking away the ability of an anonymous defendant to challenge his unmasking will encourage extortionate-like behavior on the part of copyright plaintiffs hoping to extract a settlement early in the case. If writing a check is the only way to keep from having to turn one’s name over (and this case pretty much establishes that rule), then more settlements should be expected.

The court went on to reject the arguments in favor of motions to quash filed by John Does who had provided their contact information to the court. The court found that it was premature to rule on any objections based on a lack of personal jurisdiction because the defendants filing the motions had not actually been named as a party. And the court rejected the arguments that the defendants were improperly joined into the action, noting the allegations in the complaint that the IP addresses were involved in a single Bittorrent swarm.

Evan Brown is a Chicago-based attorney practicing technology and intellectual property law. Send email to ebrown@internetcases.com, call (630) 362-7237, follow on Twitter at @internetcases, and be sure to like Internet Cases on Facebook.

June 12, 2011 Anonymity, First Amendment

District judge stays magistrate’s order requiring identification of anonymous defendants

This is a post by Jonathan Rogers. Jon is a licensed attorney in California, with a focus on technology and entertainment law. You can reach him by email at jon@jonarogers.com or follow him on Twitter at @jonarogers.

Faconnable USA Corp. v. Doe, Slip Copy, 2011 WL 2173736 (D.Colo., Jun 2, 2011)

Faconnable issued a subpoena duces tecum to Skybeam, an Internet Service Provider, requesting identifying information about the users associated with two different IP addresses. A magistrate judge denied Skybeam’s motion for protective order, and required Skybeam to provide the requested information. Skybeam sought review of the denial of the protective order with the district court, asking for a stay of the magistrate’s order requiring the disclosure of the information. The court granted the motion to stay.

The court looked at four factors to determine whether it was appropriate to issue a stay against providing the information.

  • the likelihood of success on appeal (to the district judge)
  • the threat of irreparable harm if the stay or injunction is not granted
  • the absence of harm to opposing parties if the stay or injunction is granted
  • any risk of harm to the public interest

The court noted that if the last three factors are in a moving party’s favor, the first factor of likelihood of success is given less importance.

The court determined that if the stay were denied, the ISP would have to disclose the Does’ identities, which could impact their First Amendment interests to speak anonymously. However, if the stay were allowed, the ISP could preserve the information for production later, the only harm being a possible delay for Faconnable’s suit.

The court found that, on balance, the risk of losing First Amendment freedoms was a greater harm than delayed litigation.

June 11, 2011 Electronic Discovery, Trademarks, Unfair Competition

Court allows discovery of competitor’s keyword purchases

Scooter Store, Inc. v. Spinlife.com, LLC, 2011 WL 2160462 (S.D. Ohio June 1, 2011)

The Scooter Store and a related company sued a competitor for trademark infringement and other causes of action for unfair competition based in part on the competitor’s purchase of keywords such as “scooter store” and “your scooter store” to trigger sponsored advertisements on the web. Defendant moved for summary judgment and also moved for a protective order that would prevent it from having to turn over information to plaintiffs concerning defendant’s purchase of the keywords. The court denied the motion for protective order.

Defendant argued that it should not have to turn over the information because plaintiffs’ trademark claims based on those keywords were without merit, as the words are generic terms for the goods and services plaintiffs provide. Defendant also asserted a need to protect the commercially sensitive nature of information about its keyword purchases.

The court rejected defendant’s arguments, ordering that the discovery be allowed. It held that “whether or not [p]laintiffs’ claims involving these terms survive summary judgment [] has no bearing on whether the discovery [p]laintiffs seek is relevant, particularly viewed in light of a party’s broad rights to discovery under Rule 26.” As for protecting the sensitivity of the information, the court found that such interests could be protected through the process of designating the information confidential, and handled accordingly by the receiving party.

June 6, 2011 Electronic Discovery

Court shifts half of cost of forensic search to producing party in ediscovery case

[This is a post by Jonathan Rogers. Jon is a licensed attorney in California, with a focus on technology and entertainment law. You can reach him by email at jon@jonarogers.com or follow him on Twitter at @jonarogers.]

IWOI, LLC v. Monaco Coach Corporation, N.D. Ill. May 24, 2011

Plaintiff sued claiming breach of warranty and violations of certain state laws against consumer fraud stemming the sale of a motor coach. Plaintiff sought permission to search defendants’ hard drives to locate critical email which appeared to be missing from the original discovery production. Defendants contended that the email was not “reasonably accessible” under Federal Rule of Civil Procedure 26(b)(2)(B) and, therefore, they were under no obligation to produce it.

The court specified that the burden was on the party responding to discovery to identify whether there may be materials responsive to discovery requests that are stored on its system, but because of burden or cost are not reasonably accessible. However, that party cannot simply provide documents which are easily obtained and then assert that they have produced everything that is responsive to the request. If other relevant and responsive documents exist (or may exist), the party must say so and then say why those documents cannot or should not be produced.

Here, the defendants submitted only materials that were quickly accessible on employees’ desktops and made no effort to look further, even when they became aware that there was a possibility that there may be missing documents. A forensic expert asserted that he found the critical email in two separate locations on the computer network: on a local hard drive in an orphaned, but not deleted, storage file and also on a network hard drive that had been manually backed up. The expert concluded that a native Microsoft windows search of defendants’ computers would have uncovered the email and could be undertaken by an individual with no advanced computer knowledge.

The Court did not find the failure to produce the document to be a deliberate act by defendants, but that the document could have been found with minimal effort. It recognized that plaintiff (and the court) expended additional time and effort and incurred significant additional expenses searching for this document. Therefore, the court shifted half of the cost of the electronic discovery search to defendants.

June 4, 2011 Privacy

Court dismisses class action against MySpace for violation of the Stored Communications Act

Hubbard v. MySpace, 2011 WL 2149456 (S.D.N.Y. June 1, 2011)

Plaintiff, who sued on behalf himself and others similarly situated, claimed that MySpace improperly turned over account information and private messages to law enforcement, even though there was a search warrant. Plaintiff claimed this violated the Stored Communications Act, 18 USC 2701 et seq.

MySpace moved to dismiss. The court granted the motion.

The version of the Stored Communications Act in effect at the time of the alleged wrongful disclosure in this case provided that a search warrant seeking the information must issue from a federal court “with jurisdiction over the offense under investigation,” or be “an equivalent State warrant.”

Plaintiff argued that the warrant sent to MySpace was not sufficient under the SCA (and should have been ignored) because (1) the state magistrate did not have jurisdiction to hear the felony that the cops were investigating plaintiff for, and (2) the magistrate did not have the power to issue search warrants across state lines.

The court rejected both of these arguments. In determining the warrant to be “an equivalent State warrant,” it looked to the way federal magistrates issue warrants in SCA cases. It held that the phrase “jurisdiction over the offense under investigation” refers to the power to issue warrants, not to the power to ultimately try the case. And the court looked to the legislative history around the Patriot Act amendments to conclude that SCA investigations give magistrate judges special powers to direct search warrants across state lines, because having to require cooperation with the courts in which an ISP actually exists might allow enough time for a terrorist to get away or strike again.

This case is worth noting for the wide scope the court establishes for valid search warrants under the SCA. It is also worth noting that the SCA has since been amended to make the scope more clearly this broad. 

Scroll to top