No reasonable expectation of privacy in Internet subscriber information

Court dismisses civil suit against city and police officers for obtaining information about AOL subscriber without warrant.

Plaintiff Freedman used his AOL e-mail account to anonymously send a message to two other residents of his Connecticut town. The message contained the statement “The end is near,” and the recipients interpreted this as a threat to their safety. They immediately filed a police report.

A Detective Young and an Officer Bensey drafted an affidavit and application for a search warrant to seek information that would help them identify who sent the complained-of e-mail. Without submitting the paperwork to the state’s attorney’s office or a judge, Young faxed it to AOL’s legal department. A week later, AOL provided Freedman’s name, address, phone numbers, and various pieces of information relating to his account with AOL, including his screen names. No charges were ever filed.

Angry that his subscriber information had been released, Freedman filed suit against AOL, the City of Bridgeport, Detective Young, and Officer Bensey. (The case against AOL was transferred to federal court in Virginia.) Freedman argued, among other things, that the release of his account information was an intrusion into his privacy that violated his Fourth Amendment rights.

The defendants moved for summary judgment, arguing that Freedman’s Fourth Amendment rights could not have been violated, because he did not have a reasonable expectation of privacy in his subscriber information. The court agreed, and granted the motion for summary judgment on this issue.

Freedman was unable to show that any expectation of privacy he had regarding his subscriber information was objectively reasonable. The court pointed to three different reasons why one would not reasonably expect his or her subscriber information to be private for Fourth Amendment purposes.

First, by signing up for service, a subscriber knowingly discloses information to the ISP, which is accessed and used by the ISP to provide services. Second, AOL’s terms of service provided that AOL would release subscriber information “in special cases such as a physical threat to [its customer] or others.” Such a provision was especially relevant given the underlying facts of this case. Third, the Electronic Communications Privacy Act, 18 U.S.C. §2510 et seq. provides that subscriber information can be divulged in situations where the risk of physical injury justifies its release.

Given these factors, one should not reasonably believe that his or her subscriber information would be private for Fourth Amendment purposes. With no reasonable expectation of privacy, Freedman’s Fourth Amendment claim was without merit.

Freedman v. America Online, et al., 2005 WL 1899381 (D.Conn., August 9, 2005).

Supreme Court nominee John Roberts and the law of the Internet

John Roberts, President Bush’s nominee for the Supreme Court has only been on the bench since 2003, when he was appointed to the U.S. Court of Appeals for the District of Columbia Circuit. In that time, it does not appear that Judge Roberts authored any opinions dealing squarely with what most would consider “Internet law.”

Roberts was on the panel of judges (but not the author of the opinion) in the case of Recording Indus. Assn. of America, Inc. v. Verizon, 351 F.3d 1229 (D.C.Cir., 2003), which garnered a significant amount of attention upon its pronouncement. In that case, the Court of Appeals reversed the decision of the district court which had denied Verizon’s motion to quash subpoenas issued by the RIAA. The RIAA had issued such subpoenas pursuant to the Digital Millenium Copyright Act (“DMCA”), seeking to learn the identity of accused file sharers.

The court held that under the DMCA, a subpoena could issue only to Internet service providers that actually stored infringing material on their servers. Because Verizon was acting as a mere “conduit” for data transferred between Internet users, the subpoenas should not have issued.

Of course, the Grokster opinion has changed the overall landscape of potential liability for copyright infringement over peer-to-peer networks. The author of this weblog will defer to more knowledgeable sources rather than speculate on how a Supreme Court Justice Roberts would rule on such a matter.

Presence of encryption software relevant evidence in criminal conviction

Anyone who tracks court decisions related to the Internet knows that criminal cases involving improper conduct with a minor are quite common, and generally have little or no legal significance. A recent decision of the Court of Appeals of Minnesota in the case of State v. Levie, however, is worth noting in that the decision affirmed a controversial evidentiary ruling. The trial court judge had allowed into evidence the mere fact that the defendant had the encryption software PGP installed on his computer. The judge had determined that the presence of the software was relevant evidence to show that the defendant had engaged in improper conduct with a minor.

The decision is puzzling for a couple of different reasons. The forensic report prepared by the police revealed that nothing on the defendant’s computer had been encrypted. Furthermore, the police officer who prepared the forensic report admitted that PGP “may be included on every Macintosh that comes out today.” Given the evidence of widespread use of PGP and the lack of any evidence to show the defendant had used the encryption software in connection with any crime, one is left to wonder why the court would find it, as it stated, “at least somewhat relevant.”

Apparently, the court believed that the mere ability to conceal wrongdoing showed an actual intent to commit a crime. But such a conclusion is troubling. How is the mere presence of PGP on the defendant’s computer any different than him having a lock on his front door? Would the court have drawn the same conclusion regarding relevancy if the defendant was on trial for something less heinous, say, securities fraud?

[More coverage here.]

State v. Levie, 2005 Minn. App. LEXIS 476 (May 3, 2005).

Decision further exposes loophole in Electronic Communications Privacy Act

A federal court in Utah has held that although evidence obtained through illegal interception of wire or oral communication would not be admissible at trial, any evidence obtained through illegal interception of an electronic communication is admissible.

A confidential FBI informant accessed defendant Jones’s email account without his permission and printed out several messages which she turned over to FBI agents. Based on these messages, the agents obtained a search warrant and arrested Jones. Before trial, Jones moved to suppress the evidence contained in the e-mail messages, as well as the evidence derived from the search warrant based on those messages.

Jones argued that Section 2515 of the federal Electronic Communications Privacy Act (“ECPA”) prohibited the court from considering this evidence which he argued was illegally obtained by the confidential informant. Section 2515 provides, in relevant part: “Whenever any wire or oral communication has been intercepted, no part of the contents of such communication and no evidence derived therefrom may be received in evidence in any trial . . . if the disclosure of that information would be [prohibited].”

The court rejected Jones’s argument and denied the motion to suppress. Although the ECPA prohibits the introduction into evidence of wire or oral communications that may have been illegally obtained, the court held that the statute specifically excludes electronic communications from the statute’s suppression remedy. “Even though the [ECPA] prohibits the interception and disclosure of any wire, oral or electronic communication, the suppression remedy in §2515 applies only to intercepted wire and oral communications.”

U.S. v. Jones, — F.Supp.2d —, 2005 WL 850991 (D.Utah, April 12, 2005).

Time Warner ordered to identify sender of offensive e-mail

In the case of Fitch v. Doe, the Supreme Court of Maine has held that while the Cable Communications Policy Act of 1984 generally prohibits a cable operator’s disclosure of subscriber information, an exception provided in the Act allows disclosure to nongovernmental entities pursuant to court order, so long as the subscriber has received notification thereof.

On Christmas Eve 2003, an anonymous person sent an email under Plaintiff Fitch’s name with a derogatory cartoon attached. Fitch filed suit in Maine state court against the unknown sender of the email (John or Jane Doe). Fitch then sought an order directing Time Warner (the ISP of the account from which the message was sent) to disclose Doe’s identity. Doe’s counsel objected to the disclosure, arguing that the disclosure was forbidden by the Cable Communications Policy Act of 1984, 47 U.S.C.A. § 551 (the “Act”), and that Doe did not consent to allow Time Warner to disclose his identity. The trial court ordered disclosure, finding that Doe’s agreement with Time Warner provided such consent.

Doe appealed to the Maine Supreme Court, but the lower court’s decision to order disclosure was affirmed. Although the court concluded that the lower court erred in determining Doe had consented to disclosure, such disclosure was authorized under an exception found in the Act.

The Act restricts cable providers from releasing information about their subscribers without the consent of the subscriber concerned. Section 551(c)(2)(B) of the Act authorizes disclosure of personally identifiable information if the disclosure is, “subject to subsection (h) of [Section 551], made pursuant to a court order authorizing such disclosure, if the subscriber is notified of such order by the person to whom the order is directed.”

Section 551(h) provides that when a governmental entity is seeking disclosure, it must show by clear and convincing evidence that criminal activity is reasonably suspected. Doe had argued that the reference to Section 551(h) served to “meld” the entire exception into one applicable only when the government seeks information about a subscriber. Because Fitch was not a governmental entity, Doe argued that the exception to the restriction of disclosure should not apply.

The court disagreed, and held that 511(h) served merely to impose a higher standard when the government seeks disclosure of information about a cable subscriber. Because Fitch was not a governmental entity, Time Warner was permitted to release the information in response to a valid court order, so long as it had given notice to Doe. The record established that Doe had received such notice, thus the Act did not bar Fitch’s access to the requested information.

Fitch v. Doe, — A.2d —-, 2005 WL 627569 (S.Ct. Me., March 18, 2005).

Use of spyware doesn’t pay in Florida divorce proceeding

Evidence obtained through wife’s use of spyware on husband’s computer to obtain information about extramarital affair not admissible in divorce proceedings.

Just in time for Valentine’s Day, we have a romantic case coming from Florida that interprets a provision of that state’s Security of Communications Act. The case originated in divorce court, and the appellate court considered whether evidence of a husband’s infidelity obtained through the use of a spyware program installed by the wife was properly excluded in the divorce proceedings. The court held that it was properly excluded from consideration.

After marital discord eruped between Husband and Wife, Wife installed a spyware program on Husband’s computer that captures screenshots which are saved on the hard drive for later review. Through these means, Wife discovered Husband’s online philandering with another woman.

After Husband discovered the spyware on his computer, he petitioned the divorce court to exclude the evidence Wife had obtained using the spyware. The court excluded the evidence, entered a final decree, and Wife appealed.

On appeal, the court affirmed that the evidence was properly excluded, because Wife had obtained it illegally under a provision of the Security of Communications Act that makes it illegal for a person to intentionally intercept wire, oral or electronic communications.

Wife asserted that the communications were not illegally obtained, arguing that by the time the communications appeared on the screen they were no longer in transit, and not subject to interception. The court acknowledged that “there is a rather fine distinction between what is transmitted as an electronic communication subject to interception and the storage of what has been previously communicated.” It went on to hold that “the evanescent time period” between the transmission of the communications and their appearance as visible text on the screen was not “sufficient to transform acquisition of the communications from a contemporaneous interception to retrieval from electronic storage.”

O’Brien v. O’Brien, — So.2d —, 2005 WL 322367 (Feb. 11, 2005).

No liability for Earthlink under the ECPA

In a decision handed down January 25, 2005, the United States Court of Appeals for the Second Circuit held that Earthlink did not violate the Electronic Communications Privacy Act,18 U.S.C. 2510 et seq., when it continued to receive email directed to a former customer’s account after service to that customer had been terminated.

The facts of this case go all the way back to 1997. Plaintiff Hall’s Earthlink service was terminated after Earthlink incorrectly concluded that he was sending spam from his account. Email sent to Hall’s erstwhile Earthlink account simply remained there, and after a few months’ time, Earthlink forwarded to Hall’s non-Earthlink account a batch of some 600 messages that had accumulated on Earthlink’s servers.

Because no good deed goes unpunished, Hall sued Earthlink alleging several causes of action, among them that Earthlink violated a provision of the Federal wiretap law, also known as the Electronic Communications Privacy Act (ECPA) which prohibits, among other things, the intentional interception of any electronic communication. Hall claimed that by continuing to receive the messages after the account closed, Earthlink “illegally intercepted” messages intended for him.

The district court disagreed with Hall, and found in favor or Earthlink, holding that Earthlink’s actions did not constitute an intentional interception. Hall appealed to the Second Circuit.

The Second Circuit upheld the district court’s decision in favor of Earthlink. In its opinion, the court elaborated on the reasons why Earthlink’s actions did not give rise to liability under the ECPA. The court emphasized a portion of the ECPA known as the “ordinary course of business exception,” which eliminates one’s liablity for eavesdropping whenever he or she uses a device in — you guessed it — the ordinary course of his or her business.

The important question, then, was whether collecting email in a former customer’s account was an activity that Earthlink did in the ordinary course of its business. Hall, of course, characterized Earthlink’s actions as “intentionally seizing” and tried to argue that such conduct would not fall in the ordinary course of business. Earthlink countered with evidence that it was its practice in 1997 to continue to receive and store e-mails on its servers after accounts were cancelled, and that it did not have the ability to bounce e-mail back to senders when messages were sent to a closed account.

Hall v. Earthlink Network, Inc., No. 04-0384-CV, 2005 WL 147139 (2d Cir, Jan. 25, 2005).

1 2 3 9 10 11 12