Tag Archives: computer fraud abuse act

Federal court applies Seescandy.com test to unmask anonymous defendants in copyright and privacy case

Liberty Media Holdings, LLC. v. Does 1-59, 2011 WL 292128 (S.D. Cal., January 25, 2011)

Plaintiff porn company sued 59 anonymous defendants it knew only by IP address for violation of the Stored Communications Act (SCA), the Computer Fraud and Abuse Act (CFAA) and for copyright infringement. Since plaintiff did not know who the defendants were, it had to jump through a few hoops to find out their names.

The court rewarded such hoop-jumping by ordering that the defendants’ identities be turned over.

Hoop #1 – The Cable Communications Policy Act of 1984

A subpoena to the defendants’ internet service providers would reveal the needed information. But these ISPs, being governed by the Cable Communications Policy Act of 1984, could not turn over their subscribers’ information without a court order. (See 47 USC 515(c)(2)(B))

Hoop #2 – Discovery prior to the Rule 26(f) conference

What’s more, a plaintiff cannot start conducting discovery (and a subpoena is a discovery tool) until after it has had the initial conference with the defendant (the Rule 26(f) conference). But how can a plaintiff confer with a defendant it does not know? There is a bootstrapping problem here. The court has to step in and issue an order allowing the discovery be had.

Hoop #3 – Balancing injury versus right to anonymous speech

And getting that court order is a bit problematic and nuanced when one is dealing with anonymous defendants. The courts recognize the conflict between a need to provide injured plaintiffs with a forum in which they may seek redress for grievances, and the right of John Doe defendants to use the internet anonymously or pseudonymously when appropriate.

So judges apply a balancing test to weigh these interests. Different courts apply different tests. Some apply a very demanding standard, requiring plaintiffs to present enough facts to withstand a hypothetical motion for summary judgment. Other cases require a lesser burden be carried, looking merely to whether the complaint would survive a motion to dismiss. That’s the standard the court applied in this case.

The Seescandy.com standard

It looked to the 1999 case of Columbia Ins. Co. v. Seescandy.com, 185 F.R.D. 573, 577 (N.D.Cal.1999) which articulated the following test:

  • First, the plaintiff should identify the missing party with sufficient specificity such that the Court can determine that (the) defendant is a real person or entity that could be sued in federal court …
  • Second, the (plaintiff) should identify all previous steps taken to locate the elusive defendant …
  • Third, Plaintiff should establish to the Court’s satisfaction that plaintiff’s suit against (the) defendant could withstand a motion to dismiss … Plaintiff must make some showing that an act giving rise to civil liability actually occurred and that the discovery is aimed at revealing specific identifying features of the person or entity who committed the act.

In this case, the court found that each of these criteria had been met across the board.

It found that plaintiff had identified the defendants as best it could. Plaintiff provided the court with the unique IP addresses assigned to each defendant and the ISP that provided each defendant with internet access. Further, the requested discovery was necessary for plaintiff to determine the names and addresses of each defendant who performed the allegedly illegal and infringing acts.

The only information plaintiff had regarding the defendants was their IP addresses and their ISPs. Therefore, there were no other measures plaintiff could have taken to identify the defendants other than to obtain their identifying information from their ISPs.

And the court found the allegations supporting each of the claims were sufficient to survive a motion to dismiss.

As to the SCA, the complaint alleged that defendants intentionally accessed plaintiff’s web servers, which are facilities where electronic communication services are provided, defendants had no right to access the copyrighted materials on plaintiff’s website, and defendants obtained access to these electronic communications while these communications were in electronic storage.

On the CFAA claim, the complaint alleged that defendants unlawfully and without authorization entered into plaintiff’s computer server, which was used in interstate commerce, where plaintiff’s copyrighted materials were contained, stole plaintiff’s copyrighted materials, valued in excess of $15,000, and as a result of such conduct, caused plaintiff to suffer damage. Based on these facts, 18 USC 1030(g) authorized plaintiff’s civil action.

And as for copyright infringement, plaintiff alleged that it is the owner of the copyrights for certain motion pictures, which were accessed, reproduced, distributed and publicly displayed by defendants. Also, plaintiff alleged that defendants, without authorization, intentionally accessed, reproduced and distributed plaintiff’s copyrighted works onto their local hard drives or other storage devices.