How Private Posts on Social Media Can Lose Important Protections from Civil Discovery

As people increasingly use social media sites as a communications network, they may not be aware that their posts may lose important privacy protections ordinarily granted to email.

The Stored Communications Act and emails

It is well-accepted that an internet service provider is prohibited from disclosing the contents of user emails in response to a discovery request, such as a subpoena, in a civil case. Under the Stored Communications Act (SCA), which is part of federal wiretap laws, a person who provides an electronic communications service to the public “shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage by that service.” (fn1)

Now there are exceptions to this rule: The service provider may disclose the contents of an email to the addressee -- that’s obvious, to law enforcement and governmental agencies – but subject to restrictions, or to other third parties -- but only with the consent of the author or addressee. (fn2)

However, these exceptions leave out an important party – civil litigants, who generally are able to obtain documents from third parties by serving them with a subpoena. As a result, a growing body of courts have held that a discovery request or civil subpoena to an ISP seeking the contents of a user’s email must be quashed. (fn3)

The Stored Communications Act and social media posts

The SCA can also apply to communications posted on social media. However, the SCA excepts from coverage any electronic communications that are “readily accessible to the general public.” (fn4)

What this means is that a post on a social media site may be disclosed by the site operator in response to a civil discovery request if it is posted on a section of the site that is available to the public at large. According to the Senate committee report for this portion of the SCA (which was written in the emergent Internet world of 1986), the SCA does not apply to information posted on electronic bulletin boards, “where the availability of information about the service, and the readily accessible nature of the service are widely known and the service does not require any special access code or warning to indicate that the information is private.” (fn5)

The SCA also permits a site operator to divulge the contents of electronic communications if the author has consented to the disclosure. (fn6) Under the terms of use of many sites, users can give the site operators permission to freely share all posts with the public at large. At least one court has suggested that posts made under such terms may be disclosed by the site operator who has been served with a civil discovery request. (fn7)

But what about information posted on “private” portions of social networking sites? If such posts are truly private, then under the court decisions announced in email cases, they should be immune from a civil discovery request to the site operator. However, the result may be different where the information needed to access a “private” post is made readily available to the public.  

Continue Reading...

Court finds that "private" posts to social network sites are not confidential and orders user to disclose log-in names and passwords

A recent ruling in a Pennsylvania trial court shows how vulnerable to discovery even the “private” contents of a social network page can be.

The case is McMillen v. Hummingbird Speedway, Inc. (fn1)  The plaintiff, McMillen, was a driver who had alleged that he was injured when he was rear-ended during the cool-down lap of a stock car race. The defendants claimed that posts on the public portion of his Facebook page showed that he had exaggerated his injuries. So they asked the court for his user names and log-in and password information to see if he had made similar statements on the private portions of his Facebook and MySpace pages.

McMillen objected, claiming that communications shared among one’s private friends on a social network site are protected by a “social network privilege.”

The court rejected McMillen’s privilege claim, arguing that social network users have no real expectation of privacy -- because the operators of these sites reserve the right to monitor posts and to share them with others at their discretion. Facebook’s privacy policies stated that it was permitted to disclose private posts in response to subpoenas or court orders or to prevent other harms. MySpace’s terms of use stated that its operators monitored posts and could remove any material that was offensive, illegal or that threatened the safety of others.

According to the court, “when a user communicates through Facebook or MySpace . . . he or she understands and tacitly submits to the possibility that a third-party recipient, i.e., one or more site operators, will also be receiving his or her messages and may further disclose them if the operators deem disclosure to be appropriate. That fact is wholly incommensurate with a claim of confidentiality.”

The law generally does not protect otherwise privileged communications that are made in the presence of third parties. (fn2) So because the webhosts had the right to listen in, this meant that the communications weren’t confidential, and thus weren’t privileged. (fn3)

It is important to note that under this reasoning, the court not only rejected McMillen’s novel claim to a social network privilege, but it also would have rejected claims to well-established privileges, such as the attorney-client, physician-patient and clergy-penitent privileges.

After finding no basis for any privileges on the site, the Court required McMillen to give the plaintiffs the user names and passwords for his social network accounts. Such an order is somewhat unusual. Courts are loathe to require litigants to disclose user names and passwords. Such disclosure can permit an opposing party to view private information from the discloser or from third parties that has no relation to the case. It can also permit an opposing party to alter information or create new posts.

To prevent this from happening in McMillen, the court ordered that the defendants’ attorneys be provided with “read-only” access to the sites, and that the plaintiff’s user names and passwords not be provided to the defendants themselves. Of course, even with such protections, disclosure of user names and passwords carries risk.

The court’s holdings in McMillen are not the last word on the viability of privilege claims for posts on social networking sites. However, for businesses whose employees use such sites, this case should serve as a warning. Posting otherwise confidential information even on private sections of social networks can create a significant risk that claims of confidentiality have been waived.

Continue Reading...

Kleffman v. Vonage: How Far Can a Commercial Email Marketer Go In Disguising the Source of Its Ads?

If an email marketer uses its actual name in the header of its emails, there is a high chance that modern spam filters will prevent those emails from ever reaching their intended recipients. So, many email marketers use disguised header information to get their message through.

However, under the Federal CAN-SPAM Act, it is unlawful to send commercial promotional emails that contain header information that is “materially false or misleading.” (fn1) Header information includes the source, destination, and routing information attached to an email, including the originating domain name, email address, and any other information that appears to identify the sender. (fn2) State anti-spam laws also prohibit commercial promotional emails that contain false header information. (fn3)

But is disguised header information necessarily false or misleading? According to the recent decision in Kleffman v. Vonage (fn4), other court decisions and the text of the CAN-SPAM Act, the answer may be “no” -- depending on the nature of the disguise.

The Federal Trade Commission has stated that header information must “identify the person or business who initiated the message.” (fn5) However, CAN-SPAM Act doesn’t actually go this far.

The civil provisions of CAN-SPAM do not require commercial email to have any header information. Rather, they only say that: (i) header information cannot be “materially false or materially misleading” (fn6); (ii) heading information cannot have been obtained via fraud (fn7); and (iii) a “from” line that “accurately identifies the person who initiated the message shall not be considered materially false or misleading” (fn8) CAN-SPAM also says that commercial emails must contain a functioning return email address and a physical postal address for the sender. (fn9) However, this information does not have to be in the header, but can be placed in the body of the email.

The criminal provisions of CAN-SPAM effectively do require header information. According to these provisions, header information is considered materially false if it is “altered or concealed in a manner that would impair the ability of the recipient . . . to identify, locate, or respond” to the person who initiated the email. (fn10) However, this only means information must be provided in the header through which the recipient could find the sender, not that the header itself identify the sender. A commercial email marketer could satisfy this requirement by using a domain that was registered to it – but that did not facially identify it.

For example, a recent 9th Circuit case concerned an email marketer, Virtumundo, which used a ”from line” that consisted of two elements: (i) a “from” name which referenced the topic or subject matter of the advertisement, and (ii) a domain name. Examples of from lines included “Criminal Justice @”, “Public Safety Degrees @” and” Trade In@” The Court found that neither element of these from lines violated CAN-SPAM.

The Court said that there was “nothing inherently deceptive” about the defendant’s use of “fanciful domain names” such as,, and Each of these domain names were properly registered to Virtumundo and would allow a recipient to identify and locate Virtumundo via the WHOIS directory. (fn11) The Court also stated that nothing in CAN-SPAM required an email marketer’s name to appear in the “from name” field. (fn12)

Continue Reading...

Are You a Spammer? How the Federal CAN-SPAM Act Can Reach Ordinary Business E-mail Traffic

When we think of spam, most of us envision an organization like, which allegedly paid spammers to promote online pharmacies and is now under investigation by Russian authorities. According to the New York Times, in the month after suddenly ceased operations on September 27, spam traffic worldwide dropped by an estimated 50 billion messages per day.

However, even if you’re not sending out billions of unsolicited e-mails promoting impotency drugs, this does not mean that Federal and State anti-spam laws don’t apply to you. When Congress passed the federal anti-spam law in 2003 -- the CAN-SPAM Act -- in classic legislative overreach, it wrote the law so that it even applies to broad classes of everyday, normal, “garden-variety” business communications.

Anti-spam laws can apply to a single business e-mail message

A stated purpose of the CAN-SPAM Act ostensibly was to control “bulk unsolicited commercial” e-mails. (fn1) However, instead of limiting its reach to bulk e-mailers, the text of the Act actually specifies no minimum number of e-mails that must be sent before CAN-SPAM applies. As a result, the Act can apply to a person who sends out just a single e-mail message. (fn2)

In certain cases, CAN-SPAM can apply even to an e-mail message that was “solicited” by the recipient. For example, according to the Federal Trade Commission, which regulates this area, if a recipient subscribes to a periodical which is delivered via e-mail, transmission of the periodical by the publisher is subject to the CAN-SPAM Act. (fn3)

It also doesn’t matter whether the e-mail message was sent by an individual, a for-profit corporation or a non-profit corporation. If the message relates to a business conducted by such a person or entity, CAN-SPAM can apply. (fn4)

What Is the Impact on Your Business If CAN-SPAM Applies?

If CAN-SPAM applies to your e-mails, it is unlawful for you to send out e-mail traffic that does not comply with the CAN-SPAM regulatory scheme. Violations of the CAN-SPAM Act can be punished with fines of up to $250 per unlawful e-mail, a cease-and-desist order, and an award of attorneys fees. (fn5) State anti-spam laws (which we will discuss in subsequent posts) can impose even higher fines.

The CAN-SPAM Act divides e-mails into three classes: (1) commercial e-mails, (2) transactional and relationship e-mails, and (3) other e-mails.

“Commercial e-mails” must comply with the following five requirements:

• Header information (e.g., IP address, To, From) cannot be materially false or misleading.

• Subject headings cannot contain messages that are likely to mislead the recipient about a material fact regarding the contents or subject matter of the e-mail.

• The e-mail must contain a working return e-mail address that the recipient can use to request that no further messages be sent to it.

• If a recipient makes a request not to receive further messages, no further commercial e-mail messages that fall within the scope of its request may be sent.

• The e-mail must: (i) clearly and conspicuously state that the message is an ad, (ii) provide a clear and conspicuous notice that the recipient has the right to decline further e-mail messages, and (iii) a contain a valid physical postal address for the sender. (fn6)

Continue Reading...

Skirting the Extortion Pitfall When Publishing Consumer Critiques

Many experienced internet publishers are aware of the Communications Decency Act (CDA – see 47 USC § 230) and understand it to provide them immunity from suit for publishing posts that come from third parties. However, many internet publishers may not be aware that CDA immunity has large exceptions. One of these is that a web publisher can still be liable if its publishing of third-party posts violates federal criminal law. (Fn1)

An important area of criminal law to which web publishers are susceptible is extortion. While extortion is generally a violation of state criminal law, multiple acts of extortion can form the predicate for a RICO claim – a violation of federal criminal law.

Under California law, extortion includes the acts of obtaining or attempting to obtain property from someone – with his consent – by threatening to accuse him of a crime or to expose or to impute to him “any deformity, disgrace, or crime” or “any secret affecting him” (Fn2) The threatened disclosure can include anything that would damage a victim’s personal or business reputation or other interests. (Fn3) In contrast to defamation law, it doesn’t matter whether the threatened exposure is true or false. (Fn4)

Under the CDA, a web host is immune from a defamation suit if it publishes material that damages someone’s personal or business reputation – as long as that material comes from a third party. However, according to recent federal court decisions, CDA immunity may not apply and a web publisher might be subject to criminal prosecution, if the web host either threatens to publish negative material from a third party unless the victim pays it money, or if it offers to take down negative material in exchange for payment.

The most recent of these decisions was announced in July 2010 by a Los Angeles federal judge in the case Asia Economic Institute v. XCentric Ventures. The defendant, XCentric, operates the well-known gripe site, which publishes complaints from consumers about businesses. XCentric claims that it does not author any of the posts on its site. However, XCentric does edit posts to remove offensive language and private information and uses an automatic program to create meta-tags and titles for each post. XCentric is frequently sued for defamation, but according to my own private survey generally prevails under CDA immunity. (Fn5)

The plaintiff, Asia Economic Institute (AEI) was a free, on-line publication that provided information about current events. AEI never generated any revenues and ultimately ceased operations. In 2009, AEI discovered that six reports about it had been published on the Ripoff Report. These reports claimed that AEI was “laundering money” and “routinely ignores employment laws,” stated that “Asia Economic Institute it’s a SCAM” and in general said that AEI was a bad egg. Standard defamatory stuff.  

Continue Reading...

Website Operators Risk Losing Communications Decency Act Immunity When Customer Service Personnel Don't Follow-through on Promises to Take Down Third-Party Posts

A debate is heating up over whether the courts should recognize a “promissory estoppel” exception to Communications Decency Act (CDA) immunity.  Some courts have recently been citing this doctrine as a basis for holding a website operator liable for damages when it has failed to act quickly to remove an offensive third party web post after promising to do so.

The CDA contains two immunity provisions: The first says that a website operator may not be “treated as the publisher or speaker of any information provided by another information content provider.” 47 U.S.C. § 230(c)(1). The second says that a website operator may not be held liable for any good faith action it takes to restrict availability of material that it considers “objectionable.” 47 U.S.C. § 230(c)(2)(A).

Early court decisions, such as Zeran v. America Online, ruled that these CDA provisions immunize a website operator from suits regarding third-party content -- even when the operator has promised but then failed to remove remove offensive material. (Fn1) However, in two recent cases with facts similar to those in Zeran, courts have relied on the doctrine of promissory estoppel to reach the opposite conclusion. 

In the most recent case, Scott P. v. craigslist, Inc., Scott P., an employee of Foster Farms claimed that he was harassed by his supervisor based on his sexual orientation. Scott P. alleged that on several occasions his supervisor created false ads on craigslist which identified him as openly gay and invited sexual liaisons. (Fn2) Scott P. called craigslist about the posts, and craigslist personnel voluntarily removed the posts within minutes.

However, during his telephone calls, Scott P. also asked that any future posts identifying him by name, telephone number or address not be allowed on the craigslist website without his express consent. According to Scott P, the craigslist services representatives all volunteered that they would “take care of it.” (Fn3)

A month later, Scott P.’s supervisor successfully posted six new ads on craigslist advertising a number of items that were purportedly available for sale or for free from Scott P. (Fn4) Scott P. then sued craigslist in San Francisco Superior Court, claiming that craigslist’s failure to block the ads constituted a breach of craigslist’s promises to him. Craigslist filed a motion to dismiss, claiming that the CDA immunized it from suits concerning material posted on its site that came from third parties. However, the trial court rejected craiglist’s motion, finding that Scott P.’s suit could proceed under a theory of promissory estoppel. (Fn5)

Craigslist filed petitions for writ of mandate with the California Court of Appeal and Supreme Court to overturn this decision. However, the courts refused to hear these writs, meaning that the suit against craiglist can proceed, as the trial judge had ordered. (Fn6)

Similarly, in the 2009 case Barnes v. Yahoo!, Inc., the plaintiff contacted Yahoo!’s customer service for help after her ex-boyfriend posted fraudulent profiles about her on Yahoo! chatrooms that included nude photos of her, solicitations for sex and her contact information. (Fn7) Barnes contacted Yahoo! And asked for the profiles to be removed. After a news program about the profiles was broadcasted, a Yahoo! staffer told Barnes that she would “personally walk the statements over to the division responsible for stopping unauthorized profiles and they would take care of it.” The profiles were not removed from Yahoo! until two months later, after Barnes filed suit against Yahoo! (Fn8) 

Continue Reading...

New SPEECH Act Provides Limited Protections for Website Operators, Authors and Publishers Against Libel Tourism

For years, U.S. writers and publishers have faced the threat of “libel tourism” – suits by foreigners, who take advantage of England’s plaintiff-friendly libel laws to get large judgments and injunctions against authors and publishers of writings they don’t like.

For example, in 2003, Rachel Ehrenfeld published Funding Evil: How Terrorism Is Financed and How to Stop It in the U.S. In Funding Evil, Ehrenfeld claimed that Bin Mahfouz, a Saudi Arabian banker, provided financial backing for terrorist organizations. The book was not marketed or published in England, and a mere 23 copies reached England via Internet sales. Nevertheless, Bin Mahfouz was able to sue Ehrenfeld for defamation in the English courts, which found that these few sales were sufficient to confer personal jurisdiction over Ehrenfeld. When Ehrenfeld failed to make an appearance to defend the suit, the English court entered a default judgment against her, ordering her to pay a large fine, to apologize and retract her statements and to pay Mahfouz’s legal fees, and enjoining her from further publication of Funding Evil in England. (Fn1)

After Mahfouz attempted to enforce his judgment against her in New York, Ehrenfeld filed an action in federal court for a declaratory judgment that Bin Mahfouz’s judgment was not enforceable in the U.S. based on First Amendment protections. Ehrenfeld claimed that as a result of the English judgment awarded Bin Mahfouz, publishers had rejected other articles she had written about Saudi companies, possibly fearing that publication of Ehrenfeld’s work would make them the targets of defamation suits as well. However, the District Court dismissed Ehrenfeld’s case, finding that New York’s limited long-arm statute did not give the Court jurisdiction over Bin Mahfouz. (Fn2) This let Mahfouz continue his efforts to enforce his judgment against her.

The Ehrenfeld case illustrates an increasingly common problem in the Internet age. Courts in foreign countries that lack First Amendment speech and press freedoms are increasing willing to assert jurisdiction over defendants in defamation suits based on tiny levels of distribution or viewership of content. For example, in 2007, American actress Cameron Diaz was reportedly able to sue the National Enquirer in London over an article that was only published in the U.S. version of the Enquirer and had received 279 hits from U.K. addresses on the Enquirer’s website. (Fn3) The Washington Times also recently faced a defamation suit in London, even though no hard copies of the Times are sold in the U.K., based on forty-odd hits on its website. (Fn4)

In an effort to ameliorate this problem, Congress has just passed and the President signed the SPEECH Act (to be codified at 28 U.S.C. §§ 4101-05). The SPEECH Act provides shields for U.S. authors and publishers by preventing a person who obtains a defamation judgment in a foreign court from enforcing that judgment in the U.S., unless that person makes two showings concerning that judgment.

Continue Reading...

Proposed Congressional Privacy Legislation Would Create Burdens for Offline and Online Data Collectors

 It is by no means settled that the American public cares about the privacy of much of its personal information – other than a few narrow categories such as financial account data.  On one hand, surveys taken over the past decade have often reported that high percentages of Americans don’t want private companies to collect or use their personal information without their consent.  On the other hand, well over a 100 million Americans participate in social networking sites in which they freely publish the details of their professional and personal lives for large portions of the world to know.  In an interview earlier this year, Facebook founder Marc Zuckerberg opined that “People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people.  That social norm is just something that has evolved over time.”  

The coming wave of privacy legislation and regulation 

Despite the social trends toward increased personal disclosure, the Federal Trade Commission and Congress have been pressing for new regulations that would heavily burden the collection and use of personal information from individuals.  The FTC held a series of roundtables on Internet privacy this spring and has recently signaled that it may be about to move ahead with new privacy regulations.  This summer, Representatives Rick Boucher and Bobby Rush brought two separate privacy bills to the House and Senator John Kerry promised to introduce a third bill in the Senate.  

Both on and off-line information gathering will be affected

The most important, but non-obvious, element of the House bills is that they apply to any person who collects “covered” personal information from the public – regardless of whether the collection occurs online, via snail-mail, in-person or otherwise.  “Covered” information includes any of the data that would typically be gathered on a registration form, such as an individual’s first and last name, postal address, telephone number or email address.  It includes “unique persistent identifiers,” such as customer numbers and IP addresses.  It also includes preference profiles. 

While the bills provide exceptions for persons who conduct a small amount of data collection, the limits are low.  The Boucher bill only excludes persons who collect information from fewer than 5,000 persons in a 12 month period.  This means that the Boucher bill would apply to a business that annually creates more than 5,000 new credit accounts with individuals, a web site operator that adds more than 5,000 e-mail addresses to its list-serve, a market research firm that interviews more than 5,000 consumers, or a newspaper that adds more than 5,000 new subscribers.  The bills could also apply to advocacy, political and religious groups, if their activities were deemed to involve interstate commerce.  

While the FTC and Senator Kerry have yet to release drafts of their proposed rules, the outlines of the regime to come can be ascertained from the two House bills, which are broadly similar.  Unless there is a sea change in Washington, businesses of all kinds are likely to see their freedom to gather about individuals sharply curtailed.

Continue Reading...

FTC Hammer Falls On LifeLock's Online Identity Theft Protection Service

On March 9, 2010, the FTC announced that LifeLock had agreed to pay $12 million to the FTC and 35 State attorneys general to settle allegations that claims it made about its identity theft protection service were false. LifeLock is well-known from its TV, radio and Internet advertising which touted its "proven solution" to prevent identity theft before it happened, and offered a $1 million guarantee to consumers. TV ads often featured CEO Todd Davis who would drive around in a van with his social security number painted on the side, while announcing his social security number on a loud speaker. In the ads, Davis would state, "I'm Todd Davis, and I'm here to prove just how safe your identity can be with LifeLock. That's my real social security number."

The FTC complaint, which was made public on March 8, stated that LifeLock's credit protection service actually consisted of the following elements: placing an Initial Alert on its customers' consumer reports with credit reporting agencies, obtaining and providing its customers with copies of their free annual credit reports, and submitting requests on its customers' behalf to remove their names from lists of prescreened offers of credit.

According to the FTC, these steps did not prevent identity theft and did not provide many of the protections LifeLock promised. While an Initial Alert can provide notice to businesses that someone may be impersonating another, it is only useful if the business accesses the consumer's credit report as part of the transaction - something that generally only occurs where a consumer opens a new account. According to the FTC, "Alerts do not protect against more common types of identity theft, such as misuse of an existing credit account . . . medical identity theft, employment-related identity theft, or using another's identity to evade law enforcement." An Initial Alert would also be highly unlikely to prevent wire transfer fraud, since financial institutions do not check credit reports before initiating wire transfers.

The FTC charged that LifeLock falsely claimed that its ID theft prevention service made customers' personal information useless to thieves and prevented unauthorized changes to customer address information. It also charged that LifeLock failed to take appropriate security measures to protect sensitive data that customers provided to LifeLock itself.

On March 9, LifeLock and Davis entered into a Stipulated Final Judgment and Order for Permanent Injunction to settle the FTC's claims. In this order, the defendants did not admit to the allegations in the FTC complaint. However, they did agree to an injunction prohibiting them from engaging in the activities charged in the FTC complaint, including, "misrepresenting" that its ID theft program "provides complete protection against all forms of identity theft by making customers' personal information useless to identity thieves."

Continue Reading...

Keller v. Electronic Arts: Court Finds that Electronic Arts' Use of Personal Traits in Video Games Violated College Footballer's Rights of Publicity

Digital media law update: Players have long complained about the lack of compensation they receive when risking their bodies in service of the multi-billion dollar business of college football. However, a court in the Northern District of California has drawn a line in the sand for at least one type of exploitation of their talents. In a February 8, 2010 ruling, Judge Claudia Wilken held that Electronic Arts could be held liable for violating college players' rights of publicity for using their personal characteristics in its NCAA Football video game. While this was only a preliminary ruling, a loss for Electronic Arts (EA) could have big money implications, putting it on the hook to pay for use of player images in games already distributed and requiring it to get licenses before creating future editions.

The case is a class action entitled Keller v. Electronic Arts, Inc., Northern District of California, No 4:09-cv-01967. Electronics Arts, which is based in the Los Angeles area, is the world's largest manufacturer of videogame software. In 2009, its gross revenues exceeded $4 billion on the strength of titles such as Madden NFL. Among its many sports titles is NCAA Football, a game which enables players to recreate football matches between college teams.

According to the complaint, EA designs NCAA Football to include characters that resemble real-life college athletes. The virtual players "share the same jersey numbers, have similar physical characteristics and come from the same home state." While EA omits the players' names, game users allegedly can "access online services to download team rosters and the athletes' names and upload them into the games." The complaint further charges that in recent versions, EA has included features to facilitate the upload of this data.

The complaint alleged that EA's actions violated the players' rights of publicity. California law contains both statutory and common law causes of action for violation rights of publicity. California's right of publicity statute provides that "any person who knowingly uses another's name, voice, signature, photograph or likeness, or in any manner, on or in products, merchandise, or goods . . . shall be liable for any damages sustained by the person or persons injured as a result." Cal. Civ. Code § 3344(a).

Electronic Arts conceded that the allegations in the complaint stated a claim for violation of their rights of publicity. However, EA countered that the players' rights of publicity claims were barred by the doctrines of transformative use and public interest use and a statutory "reporting" exception.

Judge Wilken disagreed.

Continue Reading...

Zynga v. Does d/b/a Easy Chips: California Federal Judge Applies Light Standard for Uncovering Identity of Anonymous Proprietor of On-line Business

Digital media law update: In a January 21 decision, a California Federal judge permitted a plaintiff to discover the identity of the operator of a counterfeit online poker chip business, without requiring the plaintiff to providing evidence to support its allegations. The court merely required the plaintiff to (1) show that the anonymous defendant was a real person who could be sued in a Federal court, (2) recount the steps it had taken to locate the defendant, (3) show that its action could survive a motion to dismiss, and (4) file its request for discovery with the Court. See Zynga v. Does 1-5 d/b/a Easy Chips, Northern District of California, No. 5:09-cv-05232, Order Granting in Part and Denying in Part Plaintiff Zynga's Motion for Leave to Conduct Third Party Discovery (January 21, 2010). While the standard imposed by the Court here was far lighter than that typically imposed in cases involving Internet defamation, it was not necessarily inappropriate in this case.

We have frequently written about the differing standards that courts use when confronted with a request from plaintiffs to uncover the identity of the anonymous author of material posted on the Internet. The right to speak and write anonymously is protected by the First Amendment of the U.S. Constitution -- and to an even greater extent by some State constitutions. However, the extent of the right to anonymous speech varies based on the content of the speech. At one end of the spectrum, the author of purely political anonymous speech may be given absolute protection against disclosure of his identity. At the other end, the author of defamatory speech may ultimately be given no protection from disclosure at all, since defamatory speech is considered unprotected under the U.S. Constitution. Fn1

While certain types of speech, such as defamation, may get little or no protection, a court considering a complaint is not in a position to know whether the allegations have any merit. There is always a danger that the allegations will prove untrue, or that the defendant will be able to establish a valid affirmative defense. As such, to protect the rights of anonymous authors, courts around the U.S. generally require a plaintiff to show that their claims have at least some level of merit before being permitted to discover the identity of the anonymous author of the speech at issue.

These standards can vary greatly from court to court. Some courts impose what we have termed a "light" standard, and merely required the plaintiff to show that his complaint would withstand a motion to dismiss or that it was filed in "good faith." This light standard was applied in the recent Liskula Cohen case. See In re Liskula Cohen, Supreme Court of the State of New York, County of New York: Part 11, Index No. 100012/09. While this test has different labels, it ultimately merely requires the plaintiff to show that his complaint meets pleading standards -- no evidence or proof is required.

Continue Reading...

Catsouras v. California Highway Patrol: California Court Recognizes Family's Privacy Interest in Death Scene Photos of Deceased Relative

On January 29, 2010, the California Court of Appeal issued an opinion holding that the family of a decedent could bring an action for invasion of privacy for the publication on the Internet of gruesome photos of their deceased daughter who was decapitated in an auto accident. Catsouras v. Dept. of the California Highway Patrol. Fn1. This decision does not mean that family members now have the right to bring a claim for the invasion of the privacy of a deceased relative. Rather it is merely an application of an established legal principle that the relatives of a person whose privacy was breached may bring suit, if the breach also invaded their own, separate privacy interests.

It is a fundamental tenet that privacy rights are personal and only the person whose privacy has been invaded can sue to recover damages for a breach. This means that if the victim has died, his relatives may not bring a claim for invasion of the victim's privacy either by suing personally, or on behalf of the deceased's estate. Fn2 As the law treatises put in -- there is no "relational right" to bring a claim for invasion of privacy. Fn3 Among the reasons for this limitation is a general judicial wariness towards claims of pure emotional injury, and concerns about permitting plaintiffs to gain a double recovery. Fn4.

However, courts have permitted relatives to recover where the breach also constituted an invasion of their own privacy rights. For example, in Vescovo v. New Way Enterprises, Ltd., the defendant ran a classified ad in an L.A. paper touting "Hot Lips --- Deep Throat Sexy young bored housewife Norma" and giving plaintiff Norma Vescovo's address. The California Court of Appeal permitted not only Norma, but also her 14 year old daughter, to bring claims for invasion of privacy. This was because the ad had resulted "in excess of 100 persons" coming to the Vescovo's home, day and night, "demanding to see Norma, creating disturbances, and using lewd, abusive and threatening language" and "in excess of 150 motor vehicles stopp[ing] in front or cruis[ing] slowly" by the residence, and subjecting the family, including the 14 year old, to neighborhood ridicule. Because the 14 year old sought to recover for the intrusion into her own seclusion, her claim was proper. Fn5

The Catsouras case fits into this exception. The facts of the case are tragic. On October 31, 2006, 18 year old Nicole Catsouras was decapitated in an automobile accident. CHP officers arrived at the scene and cordoned off the area. They also took multiple photos of the decapitated corpse. Two CHP officers allegedly emailed copies of these "graphic and horrific" photos to members of the public who were not involved in the investigation. Once released, the photos went viral and soon appeared on more than 2.500 websites around the world.

A number of Internet miscreants then decided to use the occasion to torture the decedent's relatives. For example, her father, Christos Catsouras, received several emails containing the photographs, include one entitled "Woo Hoo Daddy" that said "Hey Daddy I'm still alive." These and other emails caused the Catsouras's severe emotional and mental distress. As a result, the Catsouras's sued the CHP on invasion of privacy and related tort theories.

Continue Reading...

U.S. v. Little: Emerging Circuit Split on Whether National Community Standards Should Be Applied in Internet Obscenity Cases

The 11th Circuit has just issued an opinion in which it rejected the national community standard in Internet obscenity standards that was recently adopted by the 9th Circuit. Instead the 11th Circuit adopted the older local community standard previously announced by the Supreme Court for obscenity cases in general. See U.S. v. Little, 11th Circuit, No. 07-00170 (Feb. 2, 2010).

In a 1973 pre-Internet decision, the U.S. Supreme Court held that a local community standard should be applied in obscenity cases, so that the attitudes of the town in which the alleged violation occurred determine whether a violation has occurred. Miller v. California, 413 U.S. 15 (1973). This means that distribution of the same material might be punishable under Federal statutes in one city, but not in another.

However, in 2003 decision regarding the Child Online Protection Act (COPA), several Justices discussed whether this standard should be changed for cases involving material distributed over the Internet. See Ashcroft v. ACLU, 5335 U.S. 564 (2002). Two Justices, O'Connor and Breyer, stated that a "national standard" should be adopted for such cases. Justice O'Connor argued that because Internet publishers cannot control where their materials will be downloaded, using a "local community" standard would impose the most restrictive view of obscenity taken by any community in the country on them. This would "potentially suppress an inordinate amount of expression."

Seizing on Justice O'Connor's language, in 2009 the 9th Circuit held that "a national community standards must be applied in regulating obscene speech on the Internet . . ." U.S. v. Kilbride, 584 F.3d 1240 (9th Cir. 2009). In support of its decision, the 9th Circuit claimed that a majority of the justices in Ashcroft had supported adoption of a national community standard for Internet cases.

As we wrote in our November 5, 2009 post, the 9th Circuit got this point wrong. In fact, the opinion by Justice Kennedy, which the 9th Circuit counted as expressing support for a national community standard, actually stated that a national community standard was "neither realistic nor beyond constitutional doubt." Because only Justices O'Connor and Breyer expressed support for a national community standard, this means that the Supreme Court left the "local community" standard of Miller intact -- even for Internet cases. See also Kilbride at 1719 (noting that the Kilbride decision also had actually not reached the issue of national v. local community standards).

Continue Reading...

Layshock and J.S.: The 3rd Circuit Attempts to Define the Circumstances under Which a School Can Punish a Student for Creating a Defamatory MySpace Profile

In twin February 4, 2010 decisions, the Third Circuit reached opposite rulings on whether a school violated a student's First Amendment rights by disciplining him for creating a defamatory MySpace page about the school principal. In both cases, a student used an off-campus computer to create the profile. In both cases, the profile created a reaction on campus, and enraged the school principal. In both cases, the principal reacted by suspending the student. However, the 3rd Circuit found the suspension was only proper in one of the two cases. Here's why.

In the Layshock case, Justin Layshock, a 17 year old high school senior, created a "parody profile" of his principal, Eric Trosch, using his grandmother's computer. The profile included a photograph copied from the school district website and characterized Trosch as a habitual drunk and marijuana user, a "steroid freak", a "big whore" and a "big fag." Layshock "friended" several fellow students on the webpage. This caused news of it to "spread like wildfire" to most of the school's student body. The webpage was viewed by students in the school's online computer class, and three other students also created parody sites about Trosch.

Trosch complained to the local police and also instituted disciplinary proceedings against Layshock at the school. After a hearing, the school district found Layshock guilty of "gross misbehavior", "obscene, vulgar and profane language" and computer policy violations -- for use of school pictures without authorization. The school then imposed a ten-day, out-of-school, suspension on Layshock, placed him in an Alternative Education Program (for children who are unable to function in a normal classroom setting), banned him from all extra-curricular activities and prohibited him from participating the school's graduation ceremony. See Layshock v. Hermitage School District, 3d Circuit, N0. 07-4465, Opinion, Feb. 4, 2010).

In the J.S. case, J.S., a 14 year old middle school student, created a fake MySpace page for her principal, James McGonigle, using her parent's computer. The profile did not list his name, but included his photograph, which was taken from the school district's website. The website described McGonigle as a bisexual who liked "hitting on students and their parents" and "love[d] sex (of any kind)." J.S. initially set the MySpace profile as "public", but then changed the setting to private and granted "friend" status to about 20 children at the school. However, because the school computers block access to MySpace, students were only able to view the page from off-campus computers.

After learning about the website from a student, McGonigle called J.S. into his office. He told her that he was very hurt by the site and that he planned to take legal action against J.S. and her family. He later imposed a ten-day suspension on J.S., and prohibited her from attending school functions.

According to the school, the profile caused a minor disruption on campus. Two teachers had to quiet their classes while students talked about the profile, one guidance counselor had to proctor a test so another administrator could sit in on the meetings between McGonigle and J.S., and two students decorated J.S.'s locker to welcome her back following her suspension. J.S. v. Blue Mountain School District, 3rd Cir.., No. 08-4138, Opinion (Feb. 4, 2010).

Continue Reading...

Williams v. MetroPCS: Consumer Cannot be Bound by Terms of Contract She Never Received

While some courts are willing to enforce click-wrap or browse-wrap agreements that a consumer may have never read, a Federal judge in the Southern District of Florida drew the line at enforcing an agreement that a consumer never received.

The case is Williams v. MetroPCS Wireless, Inc., S.D. Fla, No. 1:09-cv-22890, Order (Jan. 5, 2010), a proposed class action against a pre-paid wireless phone carrier. The complaint alleged that MetroPCS marketed itself as a provider of unlimited nationwide coverage, but that in reality, its coverage reached less than half of the U.S. population and excluded 11 of the top 25 metropolitan areas. The complaint further alleged that MetroPCS offered flat rate plans in which customers were to pay by the month, not the minute, and were not required to sign a contract. However, lead plaintiff Marcia Williams claimed that after purchasing an unlimited $45/month plan, she was charged $225 for one month's service. The complaint sought equitable and declaratory relied, damages, attorneys' fees and a trial by jury.

MetroPCS contended that the allegations had no merit, and that Williams had entered into an arbitration agreement with MetroPCS, so the matter had to be settled in front of an arbitrator. According to MetroPCS . its standard business practice was to provide customers with several forms at the time service is initiated. These included an Agreement, a Start of Service Request Form and a Welcome Guide. The Welcome Guide referred customers to the MetroPCS website. At the footer of the website was a "Terms and Conditions" hyperlink that instructed users to review the Agreement. The Agreement contained an arbitration clause, requiring that claims or controversies relating to or arising out of the Agreement be resolved through individual binding arbitration.

MetroPCS claimed that under its standard business practices, Williams would have received these forms and hence had notice of the arbitration clause. However, MetroPCS was unable to provide testimony or other evidence showing that Williams actually received these forms.
Williams contended that she never received the Agreement or the Welcome Guide and never accessed MetroPCS's website. Williams further contended that the MetroPCS advertisements repeatedly stated that there was "no contract." One such advertisement allegedly featured a unicorn and a mermaid stating that no contract was required. Another commercial featured a contract being passed through an animated paper shredder and a drawing of a contract with a circle and diagonal line over it.

There is a liberal federal policy favoring enforcement of arbitration agreements. However, the policy only applies if the parties have actually entered into an agreement to arbitrate. Here there was no evidence that Williams had assented to the Agreement or its arbitration clause.

Continue Reading...