April 7, 2011 Computer Crime, Privacy

Court says law firm did not eavesdrop on employee phone calls

Bowden v. Kirkland & Ellis, 2011 WL 1211555 (7th Cir. April 1, 2011)

Two former employees of a law firm sued the firm for violation of the Electronic Communications Privacy Act, 18 USC 2510 et seq. and for violation of the Illinois Eavesdropping Act, 720 ILCS 5/14-2. The district court granted summary judgment in favor of the law firm. The former employees sought review with the Seventh Circuit. On appeal, the court affirmed the grant of summary judgment.

The court held that the former employees’ evidence of eavesdropping raised no more than a “theoretical possibility” of a violation. Even one of the strongest experts in the case triple hedged his testimony, saying the records “could indicate the potential that interception may have occurred.” So the grant of summary judgment was proper.

The plaintiffs had also raised an electronic discovery issue, namely a claim that the law firm spoliated evidence by destroying a server that contained phone records relevant to the case. The court rejected that argument, finding no credible evidence that the destruction was undertaken in bad faith.

April 5, 2011 Computer Crime, Privacy

Do certain mobile apps violate the Computer Fraud and Abuse Act?

[This is a guest post by attorney Caroline Belich. Caroline is a Chicago native, former Michigan State volleyball player, and recent admitee to the California bar with particular interest in the First Amendment.]

According to the Wall Street Journal and other sources, federal prosecutors in New Jersey are investigating whether certain mobile applications for smartphones have illegally obtained or transmitted information about their users. Part of the criminal investigation is to determine whether these app makers made appropriate disclosures to users about how and why their personal information is being used. The app makers subpoenaed include the popular online music service Pandora.

Examples of information disclosed by these app makers may include a user’s age, gender, location, and also unique identifiers for the phone. The information may then passed on to third parties and advertising networks. The problem is that users may be unaware that their information is being accessed by a smartphone app because a maker failed to notify them.

As a result, this failure to notify may violate the Computer Fraud and Abuse Act (18 USC 1030). The CFAA is a federal statute that is often used against hackers. Applying this rationale here, federal prosecutors may argue that the app makers essentially hacked users cellphones.

However, some legal experts believe that criminal charges against the app makers are unlikely. Supporting this belief is the fact that many criminal charges against companies result in non-prosecution or deferred prosecution agreements in exchange for concessions of wrongdoing or monetary payments.

But while criminal charges are doubtful, civil lawsuits by users and causes of action brought by the Federal Trade Commission (FTC) may not be. First, consumers may sue app makers for failure to notify under privacy rights claims. Second, the FTC could allege unfair and deceptive trade practices by makers for failure to inform users how their personal information is being employed. Recently, Google settled with the FTC regarding its social network, Buzz, where allegations were made about violations of users’ privacy.

In light of the potential for privacy rights violations and deceptive trade practices, the FTC has advocated a “Do Not Track” option for web browsers and cellphone users, similar to the “Do Not Call” list for telemarketing. But app makers strongly oppose this idea, of course, for various reason. First, it could obstruct their ability to collect data about their users’ utilization of their product. Second, the option could frustrate financial opportunities with third parties seeking the invaluable consumer statistics. And the third justification is best depicted by Facebook’s privacy policy – while a user may be giving away his own information, he’s not giving away that of his friends… as long as his friends haven’t shared the info with “everyone.”

So even if these criminal investigations do not come to fruition, at least the possibility is making the public aware of their rights involving smartphone products so that industry standards may be created or laws requiring notification may be made.

April 4, 2011 Defamation, Right of Publicity, Section 230

Amazon and other booksellers off the hook for sale of Obama drug use book

Section 230 of the Communications Decency Act shields Amazon, Barnes & Noble and Books-A-Million from some, but not all claims brought over promotion and sale of scandalous book about presidential candidate.

Parisi v. Sinclair, — F.Supp.2d —, 2011 WL 1206193 (D.D.C. March 31, 2011)

In 2008, Larry Sinclair made the ultra-scandalous claim that he had done drugs and engaged in sexual activity with then-presidential candidate Barack Obama. Daniel Parisi, owner of the infamous Whitehouse.com website, challenged Sinclair to take a polygraph test.

Not satisfied with the attention his outlandish claims had garnered, Sinclair self-published a book detailing his alleged misadventures. The book was available through print-on-demand provider Lightening Source.

Amazon, Barnes & Noble, and Books-A-Million (“BAM”) each offered Sinclair’s book for sale through their respective websites. (Barnes & Noble and BAM did not sell the book at their brick and mortar stores.) Each company’s website promoted the book using the following sentence:

You’ll read how the Obama campaign used internet porn king Dan Parisi and Ph.D. fraud Edward I. Gelb to conduct a rigged polygraph exam in an attempt to make the Sinclair story go away.

Parisi and his Whitehouse Network sued for, among other things, defamation and false light invasion of privacy. BAM moved to dismiss pursuant to Rule 12(b)(6) while Amazon and Barnes & Noble moved for summary judgment. The court granted the booksellers’ motions.

Section 230 applied because booksellers were not information content providers

The booksellers’ primary argument was that Section 230 of the Communications Decency Act shielded them from liability for plaintiffs’ claims concerning the promotional sentence. The court found in defendants’ favor on this point.

Section 230 provides in relevant part that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” The major issue in this case was whether the online booksellers had provided the information comprising the promotional sentence. The court found that the pleadings (as to BAM) and the evidence (as to Amazon and Barnes & Noble) did not credibly dispute that the booksellers did not create and develop the promotional sentence.

But not so fast, Section 230, on some of those other claims!

The court’s treatment of Section 230 in relation to plaintiffs’ false light claim and the claims relating to the actual sale of the book were even more intriguing.

Plaintiffs argued that their false light claim was essentially a right of publicity claim. And Section 230(e)(2) says that immunity does not apply to claims pertaining to intellectual property. There is some confusion as to whether this exception to immunity applies only to federal intellectual property claims or to both federal and state IP claims. On one hand, Perfect 10, Inc. v. CCBill says that only federal intellectual property claims are excepted from immunity (which would mean that state law IP claims would be barred by Section 230). On the other hand, cases like Atlantic Recording Corp. v. Project Playlist, Doe v. Friendfinder Network and Universal Communication System v. Lycos suggest that both state and federal IP claims should withstand a Section 230 challenge.

In this case, the court indicated that it would have sided with the cases that provide for both federal and state claims making it past Section 230: “I am not inclined to extend the scope of the CDA immunity as far as the Ninth Circuit. . . . ”

But ultimately the court did not need to take sides as to the scope of Section 230(e)(2), as it found the use of plaintiff Parisi’s name fit into the newsworthiness privilege. One cannot successfully assert a misappropriation claim when his name or likeness is used in a newsworthy publication unless the use has “no real relationship” to the subject matter of the publication.

The court also seemed to constrain Section 230 immunity as it related to the online booksellers’ liability for selling the actual book. (Remember, the discussion above, in which the court found immunity to apply, dealt with the promotional sentence.) The court rejected defendants’ arguments that the reasoning of Gentry v. eBay should protect them. In Gentry, eBay was afforded immunity from violation of a warranty statute. But it merely provided the forum for the sale of goods, unlike the online booksellers in this case, which were the distributors of the actual allegedly defamatory book.

Even though Section 230 did not serve to protect BAM, Barnes & Noble and Amazon from liability for defamation arising from sales of the book, the court dismissed the defamation claim because of the lack of a showing that the booksellers acted with actual malice. It was undisputed that the plaintiffs were limited-purpose public figures. Persons with that status must show that the defendant acted with actual malice. That standard was not met here.

April 2, 2011 Computer Crime, Privacy

Sexting minor’s lawsuit against website moves forward despite her violation of federal law

Doe v. Peterson, 2011 WL 1120172 (E.D.Mich. March 24, 2011)

When plaintiff Jane Doe was seventeen years old, she took some nude photos of herself and sent them over the internet to her boyfriend. Somehow the photos ended up on an adult website owned by defendants. Doe brought a civil cause of action against defendants for violation of the federal child pornography laws and for intrusion upon seclusion, public disclosure of private facts, intentional infliction of emotional distress, and negligence.

The defendants pled an interesting affirmative defense to Doe’s claims — in pari delicto. A plaintiff’s actions that are found to be in pari delicto are just as bad or worse than what the plaintiff is suing over, so in cases like that the court will not award relief. Doe moved to strike this affirmative defense. The court granted the motion.

Although the court found that “it seems clear that [Doe was] guilty of violating federal laws prohibiting the production and distribution of child pornography,” it held that as a matter of law the doctrine of in pari delicto was not available to the defendants as an affirmative defense.

The court refused to allow “broad common-law barriers to relief where a private suit serv[ed] important public purposes.” Doe was a member of the class sought to be protected by the statute she had violated, and was not equally culpable as defendants allegedly were in permitting the distribution of the images. In this respect, it was not clear that Doe was of greater or equal fault than defendants, so the in pari delicto defense did not apply.

March 30, 2011 Litigation

Court: Mark Zuckerberg lives in California

Ceglia v. Zuckerberg, — F.Supp.2d —, 2011 WL 1108607 (W.D.N.Y. March 28, 2011)

Well, maybe that title is a bit of an oversimplification. Technically the court said that Facebook’s founder is domiciled in California. The issue came up in a breach of contract case against Zuckerberg and Facebook in federal court in New York.

Last year, one Paul Ceglia sued in New York state court, claiming he owns 84 percent of Facebook. Zuckerberg and Facebook removed the case to federal court. Defendants can do that if the court would have subject matter jurisdiction over the case. Since a breach of contract case arises under state law, there needed to be diversity jurisdiction in the case — that is, the parties must be domiciled in different states. (The amount in controversy must also be above $75,000. An 84 percent cut of a multibillion dollar company would seem to meet that criterion.)

Zuckerberg claimed that California had become his domicile since 2004. Ceglia challenged that assertion. In the ConnectU v. Facebook litigation, Zuckerberg had claimed New York as his domicile. And Zuckerberg had the burden of proving his change in domicile by clear and convincing evidence. The court found that such evidence existed, including the following biographical tidbits:

  • He currently resides in California and has done so continuously since the summer of 2004.
  • He has no other residences.
  • He does not own real property in New York, California or elsewhere.
  • In 2007, he purchased and registered a vehicle in California.
  • He does not own or lease any other vehicles.
  • Zuckerberg has paid California resident income taxes since 2004.
  • He lists his California residence on his federal income tax returns.
  • He has not filed taxes in any state other than California since 2004.
  • Since at least 2007, he has been registered to vote in California and has voted in California.
  • He possess a valid California driver’s license issued in 2006.
  • His bank and brokerage accounts list his California residence and his investment advisors are located in California.
  • Zuckerberg receives his mail at a California post office box and at his Facebook office.
  • Most significantly, however, he is the owner, founder and CEO of a multi-billion dollar corporation with over 1,600 employees and a principal place of business within walking distance to his current residence in Palo Alto, California.

The court found that these facts overwhelmingly showed that as of June 2010 (when Ceglia filed the lawsuit), Zuckerberg had changed his domicile to California and intended to remain there indefinitely. Since diversity jurisdiction existed, the court ordered the case to remain in federal court.

March 28, 2011 Copyright, Litigation

Court leaves thousands of BitTorrent copyright infringement defendants joined in single action

Call of the Wild Movie v. Does 1 – 1,062 — F.Supp.2d —, 2011 WL 996786 (D.D.C. March 22, 2011)

One of the craziest things about the copyright infringement lawsuits that have been brought against BitTorrent users accused of trading movies over the internet is the vast number of John Doe defendants that are usually lumped into one case. After the plaintiff copyright owners file a complaint for infringement — sometimes against thousands of anonymous defendants — they ask the court for leave to take expedited discovery. Then the movie companies serve subpoenas on the John Does’ internet service providers, asking the ISPs to disclose the identities of their customers associated with particular IP addresses.

Prosecuting a case against thousands of copyright infringement defendants is an enormous task, both for the plaintiffs’ attorneys as well as the ISPs who must respond to the subpoenas. Having so many defendants risks making the case unmanageable. So one may question whether it is appropriate under the Federal Rules of Civil Procedure to have so many unknown defendants all in the same case. In the nomenclature of civil litigation, the question is whether the joinder of all the defendants in one action is appropriate.

In three of the BitTorrent copyright cases pending in federal court in Washington DC brought by the US Copyright Group on behalf of a handful of independent film makers, groups like the Electronic Frontier Foundation, the ACLU and others argued improper joinder. These organizations filed amicus briefs in the cases of Call of the Wild Movie v. Does 1 – 1,062, Maverick Entertainment v. Does 1 – 4,350, and Donkeyball Movie v. Does 1 – 171, arguing that joining all the defendants in one action violated Rule 20 of the Federal Rules of Civil Procedure. The court rejected these arguments, finding that joinder was proper, at least in such early stages of the litigation where the defendants had not yet been identified.

The court considered three factors when answering the question of proper joinder: (1) whether the claims arose from the same transaction or occurrence or series of transactions or occurrences, (2) whether the legal and factual questions are common to all defendants, (3) and whether joinder would cause prejudice to any party or needless delay.

Same transaction or occurrence

The court observed that claims against joined parties must be “logically related,” and that this is a flexible test, with courts seeking the broadest possible scope of action. The court held that the claims against the BitTorrent users were logically related, based on plaintiffs’ allegations that the BitTorrent protocol makes every downloader of a file also an uploader, and accordingly, every user who has a copy of the infringing file on the network must necessarily be a source of download for that infringing file. This is an interesting finding, in that the strength of plaintiffs’ allegations were based on how BitTorrent works.

Common legal and factual questions

As for this second factor, the court found that the legal and factual questions were common because the parties would be litigating the same copyright claims, and all of the claims related to the use of BitTorrent.

Prejudice or needless delay

The court said some intriguing things about the interests of the parties in making its findings on this factor. For one, it said that leaving all the defendants joined in the same action would benefit them all, in that they would be able to see the defenses that other defendants were making. The court also expressed concern in favor of the efficiencies afforded the plaintiffs in filing these mass lawsuits. The plaintiff movie studios have been criticized for filing suit against large numbers of defendants in one action rather than separate suits against each defendant (and thereby having to pay only one filing fee to start the action versus several thousand filing fees). The court saw this question squarely in favor of plaintiff. It found that forcing plaintiffs to administer multiple actions, and having to pay the filing fees in all those actions “would certainly not be in the ‘interests of convenience and judicial economy,’ or ‘secure the just, speedy and inexpensive determination of the action.'”

March 23, 2011 Spam

Yahoo not liable for blocking marketing email

Section 230 of Communications Decency Act (47 U.S.C. 230) shields Yahoo’s spam filtering efforts

Holomaxx v. Yahoo, 2011 WL 865794 (N.D.Cal. March 11, 2011)

Plaintiff provides email marketing services for its clients. It sends out millions of emails a day, many of those to recipients having Yahoo email addresses. Yahoo used its spam filtering technology to block many of the messages plaintiff was trying to send to Yahoo account users. So plaintiff sued Yahoo, alleging various causes of action such as intentional interference with prospective business advantage.

Yahoo moved to dismiss, arguing, among other things, that it was immune from liability under Section 230(c)(2) of the Communications Decency Act. The court granted the motion to dismiss.

Section 230(c)(2) provides, in relevant part, that “[n]o provider or user of an interactive computer service shall be held liable on account of … any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable.”

Plaintiff argued that immunity should not apply here because Yahoo acted in bad faith by using “faulty filtering technology and techniques,” motivated “by profit derived from blocking both good and bad e-mails.” But the court found no factual basis to support plaintiff’s allegations that Yahoo used “cheap and ineffective technologies to avoid the expense of appropriately tracking and eliminating only spam email.”

The court rejected another of plaintiff’s arguments against applying Section 230, namely, that Yahoo should not be afforded blanket immunity for blocking legitimate business emails. Looking to the cases of Goddard v. Google and National Numismatic Certification v. eBay, plaintiff argued that the court should apply the canon of statutory construction known as ejusdem generis to find that legitimate business email should not be treated the same as the more nefarious types of content enumerated in Section 230(c)(2). (Content that is, for example, obscene, lewd, lascivious, filthy, excessively violent, harassing).

On this point the court looked to the sheer volume of the purported spam to conclude Yahoo was within Section 230’s protection to block the messages — plaintiff acknowledged that it sent approximately six million emails per day through Yahoo’s servers and that at least .1% of those emails either were sent to invalid addresses or resulted in user opt-out. On an annual basis, that amounted to more than two million invalid or unwanted emails.

March 19, 2011 Fraud/Misrepresentation

Court rules against woman accused of fraudulent misrepresentation for creating fake internet boyfriend

Bonhomme v. St. James, — N.E.2d —, (Ill.App. 2 Dist March 10, 2011.)

Perhaps the most famous legal case about someone creating a false persona online and using that to dupe someone is the sad case of Megan Meier, which resulted in the (unsuccessful) prosecution of Lori Drew. The facts of that case were hard to believe — a woman created the identity of a teenage boy from scratch by setting up a bogus MySpace profile, then engaged in sustained communications with young Megan, leading her to believe the two of them had a real relationship. After the “boy” broke that relationship off, Megan committed suicide.

Here’s a case that has not seen quite as much tragedy, but the extent and the nature of the alleged deception is just as incredible, if not more so, than that undertaken by Lori Drew.

The appellate court of Illinois has held that a woman who was allegedly the victim of an elaborate ruse, perpetrated in large part over the internet, can move forward with her fraudulent misrepresentation claim against the woman who created the fake persona of a “man” who became her “boyfriend”. The story should satisfy your daily requirement of schadenfreude.

Plaintiff first got to know defendant Janna St. James back in 2005 in an online forum for fans of the HBO show Deadwood. A couple months after they first began talking online, defendant set up another username on the Deadwood site, posing as a man named “Jesse”. Plaintiff and this “Jesse” (which was actually defendant) struck up an online romance which apparently got pretty intense.

To add detail to the ploy, defendant invented no less than 20 fictitious identities — all of whom were purportedly in “Jesse’s” social or family circle — which she used to communicate with plaintiff.

The interactions which took place, both online and through other media and forms of communication (e.g., phone calls using a voice disguiser) were extensive. “Jesse” and plaintiff planned to meet up in person once, but “Jesse” cancelled. Plaintiff sent $10,000 worth of gifts to “Jesse” and to the other avatars of defendant. It even went so far as “Jesse” and plaintiff planning to move to live with one another in Colorado. But before that could happen, defendant pulled the plug on “Jesse” — he “died” of liver cancer.

Some time after that, defendant (as herself) flew from Illinois to California to visit plaintiff. During this trip, some of plaintiff’s real friends discovered the complex facade. Plaintiff sued.

The trial court dismissed plaintiff’s fraudulent misrepresentation claim. Plaintiff sought appellate review. On appeal, the court reversed, sending the case for fraudulent misrepresentation back to the trial court.

The court said some interesting things about whether the facts that plaintiff alleged supported her claim for fraudulent misrepresentation. A plaintiff suing for fraudulent misrepresentation under Illinois law must show: (1) a false statement of material fact; (2) knowledge or belief of the falsity by the party making it; (3) intention to induce the plaintiff to act; (4) action by the plaintiff in justifiable reliance on the truth of the statement; and (5) damage to the plaintiff resulting from that reliance.

Defendant made a strange kind of circular argument as to the first element — falsity of a material fact. She asserted that plaintiff’s claim was based more on the fiction that defendant pursued rather than specific representations. And the concepts of “falsity” and “material fact,” defendant argued, should not apply in the context of fiction, which does not purport to represent actuality. So defendant essentially argued that so long as she knew the masquerade was fiction, there could be no misrepresentation. The court recognized how invalid this argument was. The logic would shift the element of reliance on the truth of the statement from the injured party to the utterer.

Though the appellate court ruled in favor of plaintiff, the judges disagreed on the question of whether plaintiff was justified in relying on the truth of what defendant (as “Jesse,” as the other created characters, and herself) had told plaintiff. One judge dissented, observing that “[t]he reality of the Internet age is that an online individual may not always be — and indeed frequently is not — who or what he or she purports to be.” The dissenting judge thought it simply was not justifiable for plaintiff to spend $10,000 on people she had not met, and to plan on moving in with a man sight-unseen. (In so many words, the judge seemed to be saying that plaintiff was too gullible to have the benefit of this legal claim.)

The majority opinion, on the other hand, found the question of justifiable reliance to be more properly determined by the finder of fact in the trial court. For the motion to dismiss stage, plaintiff had alleged sufficient facts as to justifiable reliance.

(Congratulations to my friend Daliah Saper for her good lawyering in this case on behalf of plaintiff.)

March 15, 2011 Computer Crime

School didn’t violate eighth grade hacker’s due process rights by suspending him over denial of service attack

Harris ex rel. Harris v. Pontotoc County School Dist., — F.3d —, 2011 WL 814972 (5th Cir., March 10, 2011)

Back in 2008, when Derek Harris was in eighth grade, he got suspended and had to attend “alternative school” for violating the school district’s technology use policy. School officials accused Derek of possessing a keylogger program, of launching a denial of service attack on the school’s network (from the computer his mom used in her job as secretary for the elementary school’s principal), and bypassing security to access the DOS prompt. (Kudos to the kid for getting in trouble for two kinds of “D-O-S” nefariousness!)

Derek’s parents, on his behalf, sued the school in federal court, arguing that the suspension and transfer to alternative school violated his due process rights under the Fourteenth Amendment to the Constitution. The school district moved for summary judgment. The court granted the motion.

It quickly dispensed with the argument that sending Derek to an alternative school violated his rights. It observed that a school district may not withdraw the right to a public education on grounds of misconduct absent fundamentally fair procedures to determine whether the misconduct has occurred. Since transferring him to an alternative education program did not deny access to public education, it did not violate his Fourteenth Amendment rights.

The court likewise held that the suspension was proper and did not violate Derek’s constitutional interests. It reviewed the suspension in light of the 1975 Supreme Court case of Goss v. Lopez, which requires that a student being suspended be given oral or written notice of the charges against him and, if he denies them, an explanation of the evidence the authorities have and an opportunity to present his side of the story.

In this case, the court found that Derek was notified of the charges on the day he was suspended. He had numerous opportunities to meet with school officials, to hear some of the charges, and to explain and respond. The processes he was afforded, the court found, were sufficient to satisfy the Fourteenth Amendment.

March 13, 2011 Defamation, Privacy

Woman mistaken for Spitzer prostitute in Girls Gone Wild internet video awarded $3 million

Arpaio v. Dupre, 2011 WL 831964 (D.N.J., Mar 3, 2011)

It has been three years since Eliot Spitzer resigned as governor of New York for getting busted for hooking up with a prostitute (time flies!). Shortly after he resigned, Girls Gone Wild offered Ashley Dupre, the high-priced prostitute Spitzer was accused of patronizing, a million dollars to be in a new Girls Gone Wild magazine spread and promotional tour. But when the producers realized they already had archival footage of her from years earlier, they revoked that offer.

Dupre sued Joseph Francis, the head of Matra Films (the producer of Girls Gone Wild) for $10 million alleging that he improperly used Dupre’s image from the archival footage. She claimed that because she was only 17 at the time, she didn’t understand the nature of what she was doing. Francis responded by releasing a video that made its rounds on the web (maybe NSFW) that showed the 17-year-old Dupree saying she was of age, and presenting a New Jersey driver’s license bearing the name of plaintiff Arpaio.

Plaintiff filed this lawsuit against Dupre and Girls Gone Wild alleging defamation and invasion of privacy. After none of the defendants responded to the lawsuit, the court entered default against the Girls Gone Wild defendants. Plaintiff never properly served the complaint on Dupre, so it did not enter default judgment against her.

The court awarded plaintiff $3 million in damages. It based this figure on her testimony and other evidence relating to plaintiff’s distress from being mistaken for Dupre, her concern that future employment would be jeopardized from employers doing a Google search on her and learning of the situation, the harm from plaintiff’s children (someday) being exposed to insulting material, and plaintiff’s symptoms consistent with post traumatic stress disorder.

Scroll to top