December 4, 2011 Defamation, First Amendment

Oregon media shield law did not protect blogger from having to reveal her sources

Obsidian Finance Group, LLC v. Cox, 2011 WL 5999334 (D.Or. November 30, 2011)

Plaintiff filed a defamation lawsuit against defendant, who self-identified as an “investigative blogger” and a member of the “media.” Defendant asked the court to protect her from having to turn over the identity of the sources she spoke with in connection with drafting the allegedly defamatory content. She claimed that she was covered under Oregon’s media shield law, which provides in relevant part that:

No person connected with, employed by or engaged in any medium of communication to the public shall be required by … a judicial officer … to disclose, by subpoena or otherwise … [t]he source of any published or unpublished information obtained by the person in the course of gathering, receiving or processing information for any medium of communication to the public[.]

The court gave two reasons for finding that defendant was not covered by the shield law. First, although defendant thought of herself as the “media,” the record failed to show that she was affiliated with any newspaper, magazine, periodical, book, pamphlet, news service, wire service, news or feature syndicate, broadcast station or network, or cable television system. Thus, according to the court, she was not entitled to the protections of the law in the first instance.

Second, even if defendant were otherwise entitled to those protections, another part of the statute specifically provides that “[t]he provisions of [the shield law] do not apply with respect to the content or source of allegedly defamatory information, in [a] civil action for defamation wherein the defendant asserts a defense based on the content or source of such information.” Because this case was a civil action for defamation, defendant could not rely on the media shield law.

November 17, 2011 Anonymity, Computer Crime, Copyright, Privacy, Section 230

Video: my appearance on the news talking about isanyoneup.com

Last night I appeared in a piece that aired on the 9 o’clock news here in Chicago, talking about the legal issues surrounding isanyoneup.com. (That site is definitely NSFW and I’m not linking to it because it doesn’t deserve the page rank help.) The site presents some interesting legal questions, like whether and to what extent it is shielded by Section 230 of the Communications Decency Act for the harm that arises from the content it publishes (I don’t think it is shielded completely). The site also engages in some pretty blatant copyright infringement, and does not enjoy safe harbor protection under the Digital Millennium Copyright Act.

Here’s the video:

November 9, 2011 First Amendment

Employee’s Facebook status update was protected by the First Amendment

Mattingly v. Milligan, 2011 WL 5184283 (E.D.Ark. November 1, 2011)

Plaintiff worked in the county clerk’s office. Her old boss, whom she had supported in the election, lost. Her new boss (the newly-elected county clerk) began cleaning house and laid off some of the staff. Plaintiff survived that round of cuts, but lamented those terminations in a Facebook status update. Empathetic comments from county residents ensued.

The new boss found out about the status update and the comments. So he fired plaintiff. She sued, alleging that the termination violated her right to free speech. The boss moved for summary judgment, but the court denied the motion, sending the case to trial.

Here is some of the relevant Facebook content:

Plaintiff’s status update: So this week not going so good bad stuff all around.

Friend’s comment: Will be praying. Speak over those bad things positively.

Plaintiff’s comment: I am trying my heart goes out to the ladies in my office that were told by letter they were no longer needed…. It’s sad.

* * *

Friend’s comment: He’s making a mistake, but I knew he would, too bad….

* * *

Friend’s comment: I can’t believe a letter would be the manner of delivering such a message! I’m with the others…they will find some thing better and tell them this is an opportunity and not a closed door. Prayers for you and friends.

* * *

Friend’s comment: How could you expect anything else from [defendant], he was an…well nevermind.

Courts addressing claims by public employees who contend that they have been discharged for exercising their right to free speech must employ a two-step inquiry: First, the court must determine whether the speech may be described as “speech on a matter of public concern.” If so, the second step involves balancing the employee’s right to free speech against the interests of the public employer.

In this case, the court found the speech to be on a matter of public concern because:

  • the statements were made in a “public domain”
  • those who saw the statements (many of whom were residents of the county) understood them to be about terminations in the clerk’s office
  • some of the comments contained criticism of the termination decision
  • six constituents of the new clerk called his office to complain
  • the press and media had covered the situation

As for the second step in the analysis, namely, balancing the employee’s right to free speech against the interests of the public employer, the court did not even undertake a balancing test, as there simply was no evidence that the status update and the comments disrupted the operations of the clerk’s office.

October 23, 2011 Employment, Litigation

Court requires fired social media employee to return usernames and passwords

Ardis Health, LLC v. Nankivell, 2011 WL 4965172 (S.D.N.Y. October 19, 2011)

Defendant was hired to be plaintiffs’ “video and social media producer,” with responsibilities that included maintaining social media pages in connection with the online marketing of plaintiffs’ products. After she was terminated, she refused to tell her former employers the usernames and passwords for various social media accounts. (The case doesn’t say which ones, but it’s probably safe to assume these were Facebook pages and maybe Twitter accounts.) So plaintiffs sued, and sought a preliminary injunction requiring defendant to return the login information. The court granted the motion for preliminary injunction.

The court found that plaintiffs had come forward with sufficient evidence to support a finding of irreparable harm if the login information was not returned prior to a final disposition in the case:

Plaintiffs depend heavily on their online presence to advertise their businesses, which requires the ability to continuously update their profiles and pages and react to online trends. The inability to do so unquestionably has a negative effect on plaintiffs’ reputation and ability to remain competitive, and the magnitude of that effect is difficult, if not impossible, to quantify in monetary terms. Such injury constitutes irreparable harm.

Defendant argued there would not be irreparable harm because the web content had not been updated in over two years. But the court rejected that argument, mainly because it would have been unfair to let the defendant benefit from her own failure to perform her job responsibilities:

Defendant was employed by plaintiffs for the entirety of that period, and she acknowledges that it was her responsibility to post content to those websites. Defendant cannot use her own failure to perform her duties as a defense.

Moreover, the court found that the plaintiffs would lose out by not being able to leverage new opportunities. For example, plaintiffs had recently hopped on the copy Groupon bandwagon by participating in “daily deal” promotions. The court noted that the success of those promotions depended heavily on tie-ins with social media. So in this way the unavailability of the social media login information also contributed to irreparable harm.

October 18, 2011 Computer Crime, Uncategorized

Impostor bids in online auction sufficient allegation of interrupted service under CFAA

Yoder v. Equipmentfacts, 2011 WL 2433504 (N.D.Ohio June 14, 2011)

[This is a post by Jackson Cooper. Jackson graduated from DePaul University College of Law in May 2011 with a certificate in intellectual property and information technology law. Jackson also recently passed the Kentucky bar exam and will begin practicing soon. You can find him online at jacksonccooper.com or follow him on Twitter at @jacksoncooper.]

The plaintiffs here were an auction company and a firm employed to assist them with running a private online auction.  They sued the defendant, a firm previously employed by the auction company to assist them with running online auctions.  The plaintiffs  alleged violations of the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, stemming from the defendant’s unauthorized access to a private auction conducted by the plaintiffs after the defendant’s relationship with the auction company was terminated.  According to the plaintiffs, the defendant made unauthorized access to the auction system using an administrative user name and password to post negative comments, and later impersonated a customer in order to place fraudulent bids as that customer.  The plaintiffs further alleged that the defendant, posing as a customer, won auctions for over one million dollars of equipment and failed to pay on those winning bids.

The defendant asked the court to dismiss the CFAA claim, challenging the plaintiffs’ pleadings on the issue of “loss” as defined by the CFAA. The CFAA defines “loss” as “any reasonable cost to any victim, including the cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.” Plaintiffs alleged lost commission resulting from the defendant’s fraudulent bids and resulting failed auctions.  Defendant claimed that the small scale sabotage as at issue here did not satisfy the “interruption of service” requirement, and therefore could not support the claimed violation of the CFAA.

The court, noting the lack of a definition of “interruption of service” in the statute and the lack of case law dealing with disruptions of this type, treated the issue as one of first impression.  The court concluded that the disruption alleged here was sufficient to support the “interruption of service” requirement in the CFAA.

The court found that the defendant’s alleged “intentional disruption of even a portion of the online auction” constituted an interruption of the service of the site. Although the auction system was not taken offline by defendant’s alleged activities, the court found that thwarting individual transactions and the resulting denial of service to plaintiffs and their customers was an interruption as envisioned by the statute.

September 29, 2011 Antitrust, Copyright

Ninth Circuit: Apple did not engage in copyright misuse by restricting OS X to Apple hardware

Apple Inc. v. Psystar Corp., — F.3d —, 2011 WL 4470623 (9th Cir. September 28, 2011) [PDF]

Back in 2008, Apple sued Psystar for copyright infringement arising from Psystar’s manufacture and distribution of computers preloaded with copies of Mac OS X. Psystar lost at the trial court level, with the judge rejecting its argument that Apple engaged in anti-competitive, “copyright misuse” by requiring in its OS X software license agreement that the operating system be used only on Apple hardware. Psystar sought review of this ruling. On appeal, the Ninth Circuit affirmed.

Copyright misuse is a defense (not an independent cause of action) that one sued for infringement can raise. Courts will find that a plaintiff has engaged in copyright misuse if the enforcement of the plaintiff’s copyright will restrain the development of competing products. In this case, Psystar claimed that Apple’s enforcement of its software license restrained the development of competing hardware.

The court rejected that argument because Apple’s enforcement of its software license agreement, requiring that the software be used only on Apple hardware, did not restrict Psystar from developing its own software. The court found that:

Apple’s [software license agreement] does not restrict competitor’s [sic.] to develop their own software, nor does it preclude customers from using non-Apple components with Apple computers. Instead, Apple’s [software license agreement] merely restricts the use of Apple’s own software to its own hardware. . . . Psystar produces its own computer hardware and it is free to develop its own computer software.

This case solidifies Apple’s approach to enforcing a controlled, closed ecosystem for the distribution of software used for Macs and iDevices. Now that a federal court has found that Apple is not playing unfairly by keeping its users from loading Apple software onto non-Apple hardware, the company can likewise maintain the technological controls that ensure only approved applications are used in connection with the operating systems. Marketplaces for third-party hardware running Apple software would greatly lower the entry barrier for hackers and enthusiasts to play outside of the rules. But this decision from the Ninth Circuit keeps those rules firmly in place.

September 29, 2011 Employment, Privacy

Employer did not violate employee’s privacy by accessing personal laptop

Sitton v. Print Direction, Inc., — S.E.2d —, 2011 WL 4469712 (Ga.App. September 28, 2011)

A Georgia court held that an employee using a personal laptop to conduct business for a competitor did not have an invasion of privacy claim when his employer busted him at work using the laptop to send email.

Plaintiff-employee worked for a printing company. His wife also owned a printing business. On the side, plaintiff would broker printing jobs, sending them to his wife’s company. He would bring his own laptop to work and use that to conduct business for his wife’s company while at work for his employer.

One day, the boss came into plaintiff’s office (apparently when plaintiff was not in the room) and saw that the computer screen on plaintiff’s computer showed a non-work related email account, with messages concerning the brokering of print jobs to the wife’s company. The boss printed out the email messages.

Plaintiff sued, claiming, among other things, common law invasion of privacy and violation of a provision of the Georgia Computer Systems Protection Act. The case went to trial, and plaintiff lost. In fact, he ended up having to pay almost $40,000 to his employer on counterclaims for breach of loyalty. Plaintiff sought review of the trial court’s decision. On appeal, the court affirmed.

The appellate court affirmed the trial court’s finding that the boss’s access to plaintiff’s computer did not constitute common law invasion of privacy based upon an intrusion upon plaintiff’s seclusion or solitude, or into his private affairs. The court held that the boss’s activity was “reasonable in light of the situation” because:

  • He was acting in order to obtain evidence in connection with an investigation of improper employee behavior,
  • The company’s interests were at stake, and
  • He had “every reason” to suspect that plaintiff was conducting a competing business on the side, as in fact he was.

To bolster this holding, the court cited from a Georgia Supreme Court case that said, “[T]here are some shocks, inconveniences and annoyances which members of society in the nature of things must absorb without the right of redress.”

September 27, 2011 First Amendment

Online threats made by blogger were not protected by the First Amendment

State v. Turner, 2011 WL 4424754 (Conn. Super. September 6, 2011)

A Connecticut state court held that prosecuting a blogger for posting content online encouraging others to use violence did not violate the blogger’s First Amendment right to free speech.

Defendant was charged under a Connecticut statute prohibiting individuals from “inciting injury to persons or property.” Angry about a bill in the state General Assembly that would have removed financial oversight of Catholic parishes from priests and bishops, defendant posted the following statements to his blog:

  • [T]he Founding Fathers gave us the tools necessary to resolve [this] tyranny: The Second Amendment
  • [My organization] advocates Catholics in Connecticut take up arms and put down this tyranny by force. To that end, THIS WEDNESDAY NIGHT ON [my radio show], we will be releasing the home addresses of the Senator and Assemblyman who introduced bill 1098 as well as the home address of [a state ethics officer].
  • These beastly government officials should be made an example of as a warning to others in government: Obey the Constitution or die.
  • If any state attorney, police department or court thinks they’re going to get uppity with us about this, I suspect we have enough bullets to put them down too

Defendant challenged the application of the state statute as unconstitutional. The court disagreed, finding there to be “little dispute that the defendant’s message explicitly advocate[ed] using violence.” Moreover, the court found the threatened violence to be “imminent and likely.” The blog content said that the home address of the legislators and government officials would be released the following day.

Though the court did not find that a substantial number of persons would actually take up arms, it did note, in a nod to 9/11, “the devastation that religious fanaticism can produce in this country.” As such, there was a sufficient basis to say that defendant’s vitriolic language had a substantial capacity to propel action to kill or injure a person.

September 21, 2011 Copyright

Court denies anonymous motion to quash subpoena in BitTorrent copyright case

First Time Videos v. Does 1-18, 2011 WL 4079177 (S.D. Indiana, September 13, 2011)

Plaintiff owns the copyright in an adult film that a swarm of anonymous “Doe” BitTorrent users allegedly traded. So plaintiff filed suit for infringement in the U.S. District Court for the Southern District of Indiana and issued subpoenas to the internet service providers associated with the IP addresses of the unknown Doe defendants.

After one of the Doe defendant’s ISP, Insight Communications, put her on notice that the ISP was about to turn over her account information to plaintiff’s lawyer, Doe filed a motion to quash the subpoena. The court denied the motion.

Doe had raised several common arguments in support of the motion to quash. But the court rejected each of these:

  • Plaintiff had no protectable privacy interest in her ISP account information because that was held by a third party, namely, the ISP. Moreover, the court found that a subscriber has no privacy interest when there is an allegation of copyright infringement. (It would have been nice had the court put the words “valid” or “prima facie” before the word “allegation,” but alas, it did not.)
  • Responding to the subpoena was not unduly burdensome to Doe. The burden, if any, in responding to the plaintiff’s subpoena, would fall onto the ISP, not the anonymous defendant.
  • The fact that Doe denied involvement with trading porn files did not matter at this stage in the litigation. The court held that the question of liability for copyright infringement should be determined when the parties are properly brought into the suit.

So the court concluded that the anonymous Doe BitTorrent user should be identified.

September 14, 2011 Governance

ISP’s alleged throttling of BitTorrent and Skype violates Computer Fraud and Abuse Act

Fink v. Time Warner Cable, 2011 WL 3962607 (S.D.N.Y. September 7, 2011)

Plaintiffs sued Time Warner (the provider of Road Runner High Speed Online internet access), alleging, among other things, that Time Warner’s alleged “throttling” of plaintiffs’ internet communications violated the Computer Fraud and Abuse Act, 18 USC 1030 (“CFAA”). Specifically, plaintiffs alleged that without their authorization, Time Warner sent forged reset packets which frustrated plaintiffs’ peer-to-peer communications (e.g., BitTorrent and other P2P mechanisms) as well as their use of Skype.

Time Warner moved to dismiss the CFAA claims. The court granted the motion as to claims that required plaintiffs to  plead “loss” as defined by the statute. As for those claims that required only allegations of “access” and “damage,” the court denied the motion to dismiss and let the case move forward.

Plaintiffs brought three claims under the CFAA, one under each of subparts (A), (B) and (C) of 18 USC 1030(a)(5). This part of the statute provides liability for anyone who:

(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or

(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.

No CFAA loss

The CFAA defines “loss” as “any reasonable cost to any victim, including the
cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.”

In this case, plaintiffs alleged that the loss they suffered arose from their payments for high-speed internet services allegedly not received, costs to prevent Time Warner’s throttling practice and the costs of obtaining information elsewhere when they were unable to use their computers for file transfers and VoIP communications. Plaintiffs also pled losses relating to time and effort in assessing “damage” to each computer for which transmissions were interrupted. 

The court found these alleged losses to be outside the scope of those contemplated by the CFAA. Plaintiffs did not allege that they needed to restore data,a program, a system, or information to its condition prior to Time Warner’s conduct. The court held that Plaintiffs had failed to adequately plead this element of a CFAA claim. So it dismissed the claim plaintiffs had brought under 18 USC 1030(a)(5)(C).

“Damage” and “access” adequately pled

Plaintiffs’ failure to adequately plead loss was not the end of the case. Since subparts (A) and (B) of  18 USC 1030(a)(5) do not require one to plead “loss,” but do require pleading “damage” and “access,” the court turned its attention to see if those elements were adequately pled. It found that they were.

The CFAA defines “damage” as “any impairment to the integrity or availability of data, a system, or information.” Plaintiffs alleged that Time Warner impaired their ability to obtain data and utilize their computer systems by knowingly transmitting “reset packets to [their] computers with the intention of impeding or preventing [their] peer-to-peer transmissions” and that damage was caused because the reset packets “compromis[ed] the internal software of [their]computers and impair[ed] their ability to receive and transmit data.” The plaintiffs also alleged that the throttling process prevented data exchange and inhibited certain use of their computers. In addition, plaintiffs identified the specific types of information that had its availability “impeded” and identified a particular program, Skype, that was rendered unusable by the alleged throttling. 

As for “access,” the court looked to the plain meaning, dictionary definition of the word for guidance (since the term is not defined in the CFAA). Plaintiffs had alleged that Time Warner accessed their computers in violation of the statute by knowingly transmitting reset packets to plaintiff’s computers and otherwise accessed their computers to impede data receipt and transmission.” Giving the term “access” a broad meaning, the court found these allegations to satisfy the CFAA requirement.

Scroll to top