Tag Archives: Anonymity

Site operator successfully challenges subpoena which sought to unmask anonymous commenters

Enterline v. Pocono Medical Center, 2008 WL 5192386 (M.D. Pa. December 11, 2008)

A federal court in Pennsylvania has denied a motion demanding that a website operator turn over the identity of persons who commented anonymously in response to an article posted on the website. The court held that the website had standing to assert the free speech rights of the anonymous speakers, and that the First Amendment barred the unmasking where the information sought was available from other sources.

Plaintiff Enterline sued defendant Pocono Medical Center for sexual harassment and retaliation. On October 9, 2008, the local newspaper, The Pocono Record, published an article about the lawsuit. Several people left comments to the article, some of them claiming personal knowledge of facts possibly relevant to the case.

The Lovely Pocono Mountains

The Lovely Pocono Mountains

Enterline sent a subpoena to the newspaper seeking the identity of the anonymous commenters. When the newspaper wouldn’t respond, Enterline filed a motion to compel response to the subpoena. The newspaper responded by asserting a number of arguments. Among those arguments was that disclosure of the anonymous commenters’ identities would violate those persons’ First Amendment right to speak anonymously.

Siding with the newspaper, the court denied the motion.

The court first evaluated whether the newspaper website operator even had standing (i.e., the legal right) to assert the anonymous commenters’ First Amendment right. To answer this question in the affirmative, the court found that:

  • Practical obstacles prevented the anonymous commenters from asserting rights on their own behalf. The anonymity was the very right at stake. To defend that right, the commenters would have to be identified (setting aside for a moment the question of whether the commenters could appear as Doe defendants). The evaporation of that anonymity would lead to practical difficulties, as they had indicated they worked at the hospital or otherwise had personal connections with the litigants.
  • The anonymous commenters had sufficient injury-in-fact to satisfy the constitutional “case or controversy” requirement. Looking to such cases as RIAA v. Verizon, 257 F.Supp.2d 244 (D.D.C. 2003), the court agreed with the website operator, concluding that the relationship between the website and its readers was the type of relationship allowing it to assert the First Amendment rights of the anonymous commentators.
  • The website operator could reasonably be expected to properly frame the issues and present them with the necessary adversarial zeal. There was little discussion on this point, as the plaintiff did not contest that the website operator would be an adequate advocate to assert the First Amendment rights of the anonymous visitors.

Finding that the website operator had standing to assert the rights of its anonymous commenters, the court next considered whether the identification of the anonymous speakers would violate the First Amendment. To evaluate this question, the court applied the factors set out in Doe v. 2TheMart.com, 140 F.Supp.2d 1088 (W.D. Wash. 2001).

The court found that:

  • The subpoena was not brought in bad faith or for an improper purpose,
  • The information sought related to a core claim of the plaintiff,
  • The information was directly and materially relevant to the claim,
  • but that

  • Information required to prove the plaintiff’s claims was available from other sources. Several of the anonymous commenters stated that they were, for example, co-workers of the plaintiff or of the doctor against whom the plaintiff complained. The information these anonymous posters had could be uncovered through other discovery

This case is significant inasmuch as it could be applied to a case where a blogger or any other social media website operator is asked to turn over information that would identify its anonymous users. The decision outlines the framework that a blogger would have to use to show it has the right to argue on behalf of its anonymous visitors. The case then lays out (with the help of the 2TheMart.com decision) what must be shown after that initial threshold is crossed.

Photo of the Poconos courtesy Flickr user Nicholas T under this Creative Commons license.

Expedited electronic discovery includes subpoena to ISP and imaging of defendants’ hard drives

Allcare Dental Management, LLC v. Zrinyi, No. 08-407, 2008 WL 4649131 (D. Idaho October 20, 2008)

Plaintiffs filed a defamation lawsuit against some known defendants as well as some anonymous John Doe defendants in federal court over statements posted to Complaintsboard.com. The plaintiffs did not know the names or contact information of the Doe defendants, so they needed to get that information from the Does’ Internet service provider.  But the ISP would not turn that information over without a subpoena because of the restrictions of the Cable Communications Policy Act, 47 U.S.C. § 501 et seq. [More on the CCPA.]

Under Federal Rule of Civil Procedure 26(d)(1), a party generally may not seek discovery in a case until the parties have had a Rule 26(f) conference to discuss such things as discovery. Because of the Rule 26(d)(1) requirement, the plaintiffs found themselves in a catch-22 of sorts: how could they know with whom to have the Rule 26(f) conference if they did not know the defendants’ identity.

So the plaintiffs’ filed a motion with the court to allow a subpoena to issue to the ISP prior to the Rule 26(f) conference. Finding that there was good cause for the expedited discovery, the court granted the motion. It found that the subpoena was needed to ascertain the identities of the unknown defendants. [More on Doe subpoenas.] Furthermore, it was important to act sooner than later, because ISPs retain data for only a limited time.

The Plaintiffs also contended that that the known defendants would likely delete relevant information from their computer hard drives before the parties could engage in the ordinary process of discovery. So the plaintiffs’ motion also sought an order requiring the known defendants to turn over their computers to have their hard drives copied.

The court granted this part of the motion as well, ordering the known defendants to turn their computers over to the plaintiffs’ retained forensics professional immediately. The forensics professional was to make the copies of the hard drives and place those copies with the court clerk, not to be accessed or reviewed until stipulation of the parties or further order from the court.

Subpoena to university in P2P case must give time to notify parents

UMG Recordings, Inc. v. Doe, No. 08-3999, 2008 WL 4104207 (N.D.Cal. September 4, 2008)

Plaintiff record companies, using Media Sentry, found the IP address of a John Doe file-sharing defendant, and filed suit against Doe in federal court for copyright infringement. As in any case where a defendant is known only by his or her IP address, the record companies needed some discovery to ascertain the name and physical address matching that IP address. But the federal rules of procedure say that without a court order, a party cannot seek discovery until the parties have conferred pursuant to Fed. R. Civ. P. 26(f).

So the record companies sought the court order allowing them to issue a subpoena to Doe’s Internet service provider prior to the 26(f) conference. The court granted the order, but with a caveat.

The evidence showed that Doe was a student at the University of California, Santa Cruz. Under the Family Educational Rights and Privacy Act at 20 U.S.C. § 1232g, a college generally cannot disclose “any personally identifiable information in education records other than directory information.” There’s an exception to that rule when the college is answering a lawfully issued subpoena, provided that “parents and the students are notified of all such … subpoenas in advance of the compliance therewith by the educational institution or agency.”

The court granted the record companies’ motion for leave to serve the subpoena prior to the Rule 26(f) conference, but required that the subpoena’s return date “be reasonably calculated to permit the University to notify John Doe and John Doe’s parents if it chooses prior to responding to the subpoena.”

Anonymous defendants to be unmasked in Computer Fraud and Abuse Act case

Kimberlite Corp. v. Does 1-20, No. 08-2147, 2008 WL 2264485 (N.D. Cal. June 2, 2008)

Plaintiff Kimberlite sued a number of anonymous John Doe defendants after it learned that its network and email system had been unlawfully accessed. A few days after filing suit for violation of the Computer Fraud and Abuse Act (CFAA) and trespass to chattels under state law, Kimberlite served a subpoena on AT&T, the owner of the IP address from which the unauthorized access originated, seeking to discover who was responsible.

One of the John Doe defendants, pro se, wrote a letter to the court which the court treated as a motion to quash the subpoena. The court denied the motion.

Doe argued that Kimberlite had failed to state a claim under the CFAA. The court rejected that argument, observing that Kimberlite had adequately alleged and had provided preliminary evidence of a CFAA violation. (Doe had not challenged the sufficiency of the trespass to chattels claim.) Kimberlite’s computers were “protected” computers under the CFAA because they were used in interstate and foreign commerce. They were password protected and accessed without authorization by someone from the subject IP address. Kimberlite succeeded in alleging the threshold amount of CFAA damages ($5,000) through an employee declaration describing over 100 hours of investigation and repair following the intrusions.

Doe also argued that Kimberlite had not demonstrated a need to obtain the information that outweighed Doe’s privacy rights under the Cable Communication Policy Act (CCPA). That act prohibits cable operators from disclosing subscriber information unless certain criteria are met.

The court rejected the CCPA argument first by expressing serious doubt that AT&T, as an Internet service provider was a “cable operator” and thus subject to the CCPA. Even if the CCPA did apply, the court found Kimberlite had demonstrated a compelling need for the information sought. It had adequately set forth a cause of action, so discovery of the anonymous parties was proper.

Anonymous alleged infringer identified with little substantive inquiry into infringement claim

[In re Subpoena Issued Pursuant to the Digital Millennium Copyrigt Act to: 43SB.com, No. 07- 6236, 2007 WL 4335441 (D. Idaho, December 7, 2007).]

When the general counsel for Melaleuca, Inc. saw some negative content someone had posted about the company on the Web site 43rdstateblues.com, he sent a cease and desist letter demanding the content be removed. The letter, however, did not accomplish its intended purpose. Instead, the site owner posted the entire letter.

Melaleuca did not give up, but just adapted its strategy. It served a DMCA subpoena [see 17 U.S.C. §512(h)] on the site, seeking to identify the person who posted the letter “so that [Melaleuca] might seek redress for copyright infringement.” Melaleuca claimed that its copyright rights in the letter were infringed when it was posted online. (Claiming copyright in cease and desist letters is not a new tactic.  See, e.g., here and here.) 

The website moved to quash the subpoena, asserting, among other things, that the letter was not subject to copyright protection, and that the failure by Melaleuca to establish a prima facie case of copyright ownership was fatal to the subpoena.

The court denied the motion to quash. The Web site had argued that Melaleuca could not own a copyright in the letter, according to 17 U.S.C. 102(b)’s exclusion of “any idea, procedure, process, system, method of operation, concept, principle or discovery” form copyright protection. But the court rejected that argument.

Declining to “go into an in-depth analysis of the merits of a copyright infringement claim in determining whether to quash [the] subpoena,” the court found that Melaleuca’s copyright registration in the letter was sufficient to establish ownership of a valid copyright.  As for alleged copying, the court found that posting of the entire letter was sufficient.

There are a couple of interesting observations to be made from this decision.  First, unlike cases in which plaintiffs seek to uncover the identity of anonymous defendants accused of defamation [see here], this court gave – relatively speaking – little inquiry into the merits of the plaintiff’s case.  Perhaps it felt that such an analysis was not necessary given that the Copyright Office had already determined copyrightable subject matter to exist (when it issued the registration certificate).

A second interesting question arises when one considers how the court might have ruled had the defendant asserted fair use as a basis for the motion to quash. (Doesn’t it seem like posting a cease and desist letter on the Internet, ostensibly for eliciting public ridicule, is a transformative use?) Given the fact intensive inquiry of a fair use analysis, the court would have probably reached the same conclusion, if anything to put off the factfinding until later.  But would a court do that in other cases where the offending, anonymous use is more obviously fair?     

Arizona state court adopts three part test for unmasking anonymous online speakers

Test adds an additional “balancing of the competing interests” element to the Cahill test

Mobilisa, Inc. v. Doe, — P.3d —-, 2007 WL 4167007 (Ariz. App. November 27, 2007)

Plaintiff filed suit in Washington state court against an anonymous (“John Doe”) defendant which it accused of violating the Computer Fraud and Abuse Act and the Stored Communications Act. Doe allegedly accessed the plaintiff’s computer system and obtained a copy of an “intimate” email which he forwarded to a number of people.

Plaintiff served a subpoena on Doe’s Arizona-based email provider, seeking to uncover Doe’s true identity. The email provider and Doe individually, through counsel, objected, but the Arizona court ordered that Doe’s identity be revealed. The court looked to the 2005 case of Doe v. Cahill which requires (1) that the anonymous party sought to be unmask be given notice of the proceedings, and (2) that the party seeking the identity of the anonymous party put forth sufficient facts to survive a motion for summary judgment.

Doe appealed the lower court’s order which required he be identified. On appeal, the Arizona Court of Appeals remanded the matter back to the trial court. It held that although the court correctly applied the two Cahill factors, it should have considered a third factor, namely, a balancing of the relative interests of the parties. Consideration of this third factor, the court held, would help ensure that the important First Amendment rights at issue in anonymous speech cases would be adequately protected.