Techdirt. Stories filed under "subpoenas"

Verizon Steps In On Prenda Case; Says Brett Gibbs Never Informed Them Of Judge's Order Killing Subpoenas

Mike Masnick — Mon, 11 Mar 2013 12:20:32 PDT

As the minutes tick off until the Prenda hearing today, yet another bit of news has dropped in relation to the case. Verizon has stepped in and filed a declaration stating that contrary to Brett Gibbs' own claims to the court, it does not appear Gibbs informed Verizon not to follow through and identify the people in the subpoena that had originally been sent.

To understand what happened here, the key aspect to many Prenda cases is getting the identity of people associated with IP addresses, often by getting a court to grant discovery, after which Prenda's lawyers send subpoenas to ISPs with a list of IP addresses. As has happened a few times, courts readily grant the request for expedited discovery (which is rarely denied in normal court cases), but upon learning of Prenda's overall practices, they then pull back that permission and (usually) order the lawyers to immediately inform the ISPs that the order has been withdrawn and not to comply with the subpoena. Here, the same thing happened, and Prenda's Brett Gibbs told the court that he informed ISPs that the order had been withdrawn.

Just a little while ago, however, Verizon stepped in to the case, with a declaration saying they never received any notice of the withdrawal, and had, instead, complied with the subpoena, believing it was valid.

On or about September 6, 2012, Verizon received subpoenas from plaintiff AF Holdings in AF Holdings v. John Doe, C.D. Cal. Case No. 12-cv-6669 and AF Holdings v. John Doe, C.D. Cal. Case No. 12--cv--6636. ...Verizon processed these subpoenas in the ordinary course.

Based on Verizon's records, it does not appear that Verizon received from AF Holdings or its counsel a copy of the Court's Order Vacating Prior Early Discovery Order and Order to Show Cause dated October 19, 2012, nor does it appear that Verizon received other form of notice that the subpoenas attached as Exhibits A and had been withdrawn or were invalid. If Verizon had received such notice, we would not have processed these subpoenas for AF Holdings.

I have reviewed a declaration filed by Brett Gibbs in this litigation, dated February 19, 2013, in which Mr. Gibbs states:
Following receipt of the October 19,2012 Orders, I caused the Court's October 19, 2012 Orders to be served on the registered agents for service of process of Verizon Online ensure that Verizon Online LLC had notice not to respond to the subpoenas that had already been served.
(Gibbs Decl. dated Feb. 19, 2013...) Again, based on Verizon's records, this statement appears to be wrong.

Verizon released the information responsive to AF Holdings' subpoenas in the cases identified above (case nos. 12-cv-6669 and 12-cv-6636) by fax to the Prenda law firm on November 7, 2012. If Verizon had received notice of the Court's Order dated October 19, 2012, we would not have released these records to Plaintiff.

Having Verizon come out and more or less directly state that Gibbs lied to the court isn't going to go over well when it appears that Judge Wright is already not happy with Gibbs or his buddies at Prenda...

Permalink | Comments | Email This Story

Court Again Says It's Okay For The Feds To Snoop Through Your Digital Info Without Telling You

Mike Masnick — Mon, 28 Jan 2013 05:30:46 PST

You may recall that in its quixotic attempt to go after Wikileaks, the US government has been snooping through the private communications of a bunch of folks they're trying to connect to the organization, including Icelandic politician Birgitta Jonsdottir and Jacob Appelbaum, who gets detained and harassed every time he re-enters the country. All of this came to light only because Twitter actually stood up to the US government and refused to just hand over info that was requested using the obscure 2703(d) process. Twitter also got the court to allow it to reveal the existence of the order (something that every other company which has received one has kept secret). A court eventually ruled that Twitter had to hand over the requested info.

Following this, Jonsdottir, Appelbaum and one other person, Rop Gonggrijp, (represented by the ACLU and the EFF), chose not to challenge that ruling, but did appeal concerning the secrecy around the order -- asking the court to have the specific 2703(d) order unsealed -- arguing that they have the right to access judicial documents about themselves. However, last week, an appeals court rejected that appeal, and basically said that the feds can sniff through your digital data without your knowledge, and, well, too bad if you don't like it.

Even though the court did find that 2703(d) orders are "judicial records," which could make them subject to a right to access, they then claimed that, well, when the government investigates things, it should be able to do so in absolute secrecy, and who really cares about pesky little things like oversight or a right to know about it.

Subscribers' contentions fail for several reasons. First, the record shows that the magistrate judge considered the stated public interests and found that the Government's interests in maintaining the secrecy of its investigation, preventing potential subjects from being tipped off, or altering behavior to thwart the Government's ongoing investigation, outweighed those interests.

Further, we agree with the magistrate judge's findings that the common law presumption of access to § 2703 orders is outweighed by the Government's interest in continued sealing because the publicity surrounding the WikiLeaks investigation does not justify its unsealing. The mere fact that a case is high profile in nature does not necessarily justify public access.... Additionally, Subscribers' contention that the balance of interests tips in the public's favor because the Government approved the disclosure of the existence of its investigation by moving the district court to unseal the Twitter Order is adequately counterbalanced by the magistrate judge's finding that the "sealed documents at issue set forth sensitive nonpublic facts, including the identity of targets and witnesses in an ongoing criminal investigation."

The government gets to peer deeper and deeper into our lives, and we're less and less able to even know about it.

Permalink | Comments | Email This Story

Government Demanding More And More Info On Google Users Without Any Oversight

Mike Masnick — Wed, 23 Jan 2013 20:01:00 PST

Google's latest transparency report, once again, highlights why we need ECPA reform in the US as soon as possible. ECPA -- the Electronic Communications Privacy Act -- is an outdated law that was supposed to be about protecting user privacy, but was written nearly three decades ago and now does exactly the opposite. Beyond being complex in ridiculous and unnecessary ways, things that were true decades ago are no longer the case. For example, the idea that emails left for 180 days on a server no longer need a warrant because under ECPA they are considered "abandoned." Whereas in the real world, where all email lives on servers for quite some time, that idea makes no sense.

Either way, the report makes clear that US government agencies are well aware that they can go trolling through Google to get information on people with little oversight. Requests -- especially requests that are purely a subpoena (with no judicial oversight) appear to continue to rise: The largest part of that chart is the government subpoenas, meaning no judge had to look them over first:

68 percent of the requests Google received from government entities in the U.S. were through subpoenas. These are requests for user-identifying information, issued under the Electronic Communications Privacy Act (“ECPA”), and are the easiest to get because they typically don't involve judges.

Unfortunately, Congress had a chance to reform ECPA last year, and the Senate Judiciary Committee even approved it. But, right at the end of the year, Congress passed a separate bill that had been attached to ECPA reform by itself... and left ECPA reform to rot.

Permalink | Comments | Email This Story

If There Needs To Be An Investigation, It Should Be About Why The FBI Was Reading Certain Emails

Mike Masnick — Thu, 15 Nov 2012 09:25:24 PST

While some have noted the irony of General Petreaus being taken down due to online surveillance methods that he should have been aware of, the case is bringing growing attention to an issue many of us have been discussing for a while: how easy it is for law enforcement to snoop through your email. We raised the question already, but as more info comes out, the whole thing is looking that much more questionable.

Julian Sanchez keeps trying to find out exactly what legal process the FBI used to go through a variety of email accounts based on an apparently non-criminal cyberstalking claim (which was apparently brought to the FBI by a non-cyber-focused agent who had seemed to have a crush on the "victim"of the cyberstalking), and notes that there are big questions about what process was used to go through these emails and how much oversight was involved:

To Julian Sanchez, a research fellow at the Cato Institute, the real scandal over the Petraeus affair is not the extramarital sex, but the invasion of privacy.

"Law enforcement and certainly intelligence agencies have an incredible amount of ability to gather huge volumes of detailed information about people's most intimate online communications, a lot of it without requiring a full-blown warrant, a lot of it without requiring even any kind of judicial approval," Sanchez said.

Meanwhile, Chris Soghoian, working for the ACLU, highlights some of what's been revealed about the snooping. For example, FBI agents tracked down Patricia Broadwell as the email sender, even though she was using throwaway accounts, because webmail providers record the IP address from whence someone logs in -- and Broadwell didn't conceal that info. Apparently, the IP addresses were a series of hotels, and cross-checking with guest lists, it didn't take long to narrow down the only real suspect. Oh, and none of that info required judicial oversight for the FBI to get:

The guest lists from hotels, IP login records, as well as the creative request to email providers for “information about other accounts that have logged in from this IP address” are all forms of data that the government can obtain with a subpoena. There is no independent review, no check against abuse, and further, the target of the subpoena will often never learn that the government obtained data (unless charges are filed, or, as in this particular case, government officials eagerly leak details of the investigation to the press). Unfortunately, our existing surveillance laws really only protect the “what” being communicated; the government’s powers to determine “who” communicated remain largely unchecked.

He also delves into the method by which Petreaus and Broadwell communicated -- by sharing an account and communicating via "drafts" that were saved. For the head of the CIA you'd think he'd use a method that wasn't long known to be just as (if not more) insecure than regular email. Soghoian tears apart this supposedly "secret" method of communicating:

For more than a decade, a persistent myth in Washington DC, fueled by several counterterrorism experts, has been that it is possible to hide a communications trail by sharing an email inbox, and instead saving emails in a “draft” folder. This technique has been used by Khaled Sheikh Mohammed, Richard Reid (the shoe bomber), the 2004 Madrid train bombers, terrorists in Germany, as well as some domestic “eco-terrorists.” This technique has appeared in federal court documents as early as 2003, and was described in a law journal article written by a DOJ official in 2004. It is hardly a state secret.

Apparently, this method was also used by General Petraeus. According to the Associated Press, “[r]ather than transmitting emails to the other's inbox, they composed at least some messages and instead of transmitting them, left them in a draft folder or in an electronic ‘dropbox,’ the official said. Then the other person could log onto the same account and read the draft emails there. This avoids creating an email trail that is easier to trace.”

The problem is, like so many other digital security methods employed by terrorists, it doesn’t work. Emails saved in a draft folder are stored just like emails in any other folder in a cloud service, and further, the providers can be compelled, prospectively, to save copies of everything (so that deleting the messages after reading them won’t actually stop investigators from getting a copy).

Ironically enough, by storing emails in a draft folder, rather than an inbox, individuals may be making it even easier for the government to intercept their communications. This is because the Department of Justice has argued that emails in the “draft” or “sent mail” folder are not in “electronic storage” (as defined by the Stored Communications Act), and thus not deserving of warrant protection. Instead, the government has argued it should be able to get such messages with a mere subpoena.

Got all that? It's even more info that the FBI may have been able to obtain without ever having to get approval from a judge. That's not to say they didn't necessarily go before a judge to get a warrant or similar tool for surveillance, but it does highlight just how much info the FBI can obtain without any real oversight, and how it's entirely possible for it to be abused -- taking a very limited situation (non-criminal online harassment) and turning it into something massive.

In fact, as the EFF's Trevor Timm notes, we should be investigating the FBI over why it was snooping through people's emails and how frequently it does this. He notes, as others have, that nothing about the origination of this case should have resulted in FBI involvement, let alone reading people's emails. Remember, early on, no one knew this had anything to do with General Petreaus or any other high ranking official:

The spark that set events in motion was a handful of allegedly harassing emails sent anonymously to Kelley, a friend of Petraeus's, which she brought to a friend at the FBI. Yet it's unclear why an investigation was ever opened, given that everything publicly known about the emails suggests they weren't illegal.

As the Daily Beast reported, they said things like "Who do you think you are? ... You parade around the base ... You need to take it down a notch." The story noted, "when the FBI friend showed the emails to the cyber squad in the Tampa field office, her fellow agents noted that the absence of any overt threats."

It seems the deciding factor in opening the investigation was not the emails' content, but the fact that the FBI agent was friendly with Kelley. (Even more disturbing, the same FBI agent has now been accused of becoming "obsessed" with the Tampa socialite, sent shirtless pictures to her, and has been removed from the case.)

Basically, it sounds like the FBI had very questionable reasons for digging all that deep into this case at all. Michael Davis, at the Daily Beast, notes that the emails were typical "cat-fight stuff," with no indication of illegal activity:

When the FBI friend showed the emails to the cyber squad in the Tampa field office, her fellow agents noted that the absence of any overt threats.

“No, ‘I’ll kill you’ or ‘I'll burn your house down,’” the source says. “It doesn’t seem really that bad.”

The squad was not even sure the case was worth pursuing, the source says.

“What does this mean? There’s no threat there. This is against the law?” the agents asked themselves by the source’s account.

At most the messages were harassing. The cyber squad had to consult the statute books in its effort to determine whether there was adequate legal cause to open a case.

“It was a close call,” the source says.

So while there's all sorts of talk of investigations into who should have known the details of what was going on at what time, no one seems to be questioning why a simple "cat fight" resulted in the FBI digging in and reading people's emails. Yet, that seems like something we should all be quite worried about.

Indeed, if there's any "benefit" to come out of this, perhaps it's that more and more people are hopefully realizing just how easy it is for the FBI to spy on people electronically.

Permalink | Comments | Email This Story

Chevron Subpoenas Google, Yahoo & Microsoft To Get Info On Email Accounts Going Back Years

Mike Masnick — Mon, 15 Oct 2012 14:15:02 PDT

Chevron is embroiled in a big lawsuit with some folks in Ecuador that has been going on for 19 years, and resulted in an $18.2 billion judgment against the company for environmental damage in the country. Chevron is accusing the lawyer for the Ecuadorians of racketeering. A New Yorker article from earlier this year goes into significant detail about the case, including Chevron arguing that the whole thing is "a shakedown," and questioning whether or not the lawyer went too far in the case.

We actually wrote about this case a few years ago, when Chevron sought footage that a documentary filmmaker had taken of people involved in the case, including the lawyer, Steven Donziger. While it seemed like the filmmaker should have the right to protect the work like journalists protect their sources, a court ordered it turned over to Chevron. That footage turned out to provide info that Chevron believes shows evidence of racketeering in trying to influence the court decision. Here's the New Yorker describing some of what was in the footage:

As Mastro played a series of outtakes for Judge Kaplan, Donziger’s outspokenness was on full display. He riffed, indignantly, about the inadequacies of the Ecuadoran legal system. “They’re all corrupt,” he says of Ecuadoran judges in one clip. “It’s their birthright to be corrupt.”

... In one scene, a scientific expert for the plaintiffs tells him that one measurement of groundwater contamination was not as strong as he had thought. “This is Ecuador, O.K.?” Donziger says. “At the end of the day, if there’s a thousand people around the courthouse you’re going to get what you want.” As for the scientific data, he adds, it’s “just a bunch of smoke and mirrors and bullshit.”

[...] In another scene that Mastro showed to the court, Donziger chats with associates over dinner at a restaurant. Someone at the table, referring to the popular antipathy toward Chevron in Ecuador, suggests that if the judge in Lago Agrio ruled against the plaintiffs he might be killed.

“He might not be,” Donziger replies, cradling a glass of red wine. “But he thinks he will. Which is just as good.”

All of this, plus some other evidence led Chevron to go after Donziger for racketeering. And, as part of that, it has sent a subpoena to Google, Microsoft and Yahoo seeking information on more than 70 email accounts, claiming that this info may help them show that Donziger was "falsifying evidence from the outset of the trial in Ecuador." CNET notes that Chevron believes that among other things, the lawyers for the Ecuadorians may have been involved in "blackmailing a judge, ghostwriting expert reports, and even helping to draft the court's final opinion."

It's important to note that Chevron is not (yet) seeking the contents of the email, but a variety of information about the accounts -- such as IP address info, physical address, phone numbers and billing info (if available). The idea seems to be that Chevron believes some of the addresses have been faked, and this will help to show that. However, some of the requests clearly seem to be overly broad -- including going after law professor and blogger Kevin Heller, who was not happy about this. Heller was able to have the ACLU call Chevron on his behalf about this -- getting them to drop the request for his info. Chevron claims that this helped them prove that Heller's account belonged to a real person, which is all they're seeking, but Heller is justifiably upset about all of this, sensing significant chilling effects and worrying about possible intimidation.

I will likely never know why Chevron subpoenaed me. But I do know that it is unacceptable for a party to litigation to try to obtain private information from a blogger-journalist who has criticized its tactics. This is not about my journalistic freedom; it is about the journalistic freedom of all bloggers. And it is not about Chevron; it is about any party that thinks it is acceptable to subpoena a blogger’s private information. I would be no less critical of an attempt by Greenpeace to subpoena Glenn Reynolds. Tactics like this need to be exposed and resisted, no matter who uses them or whom they target; passive acquiescence is simply an invitation to further abuses.

Heller also goes after Google, his email provider, for not more actively fighting back on his behalf:

I also think that Google needs to do far more to protect the privacy of its users. Twitter has been very active in resisting attempts to obtain its users’ private information. Google has also done so in the past, but it did nothing to help me, even after I informed it via email that I was a law professor and a blogger-journalist. But again, this isn’t about me. It’s about all the other bloggers who might find themselves facing a similar subpoena. I’m lucky: I have friends like Glenn Greenwald to ask for help. I’m sure that the ACLU would assist anyone in my position — but not everyone knows that the ACLU is out there, much less that no case is seemingly too small or too unimportant for them to be concerned. More importantly, the ACLU should not have to get involved in every case like this one (and again, I am but one of 44 people named in the subpoena); Google itself — and all other service providers in similar situations — need to be the first line of defense.

Google has asked the judge for more time to respond to the subpoenas, which Chevron has already agreed to. The magistrate judge is also going to hold a hearing in a few weeks to "evaluate" the subpoenas. Microsoft told Declan McCullagh at CNET that it had provided notice to the Microsoft accounts in question. Yahoo didn't respond to McCullagh's questions about the subpoenas, so it's unclear what they've done.

There may be legitimate reasons for Chevron's request, but given Heller's experience, it certainly appears that the fishing expedition is overly broad, and could have significant chilling effects in intimidating people who were legitimately helping out with the case. That should be a big concern, and the judge should be exceptionally careful in making the companies reveal info on these email accounts. We've talked in the past about things like the Dendrite rules for determining when possibly identifying info on anonymous people should be allowed, as it sets a high bar that protects a person's right to anonymity. Hopefully the court recognizes that Chevron's requests seem to go too far.

Permalink | Comments | Email This Story

Verizon, Once Again, Fights For Consumer Privacy Against Copyright Shakedown Attempts

Mike Masnick — Fri, 11 May 2012 14:00:00 PDT

The internet sometimes has a short memory. While Verizon is often (quite accurately) seen as a big company that does some ridiculous things, one issue that the company has been good about for many years is fighting against overly aggressive attempts by copyright holders to identify IP address holders. A decade ago, Verizon was the key player in pushing back on the RIAA's attempts to identify people it accused of file sharing without filing a lawsuit. If you don't recall, the RIAA used a rather unique (i.e. totally bogus) interpretation of the DMCA to mean that it could issue subpoenas to ISPs to identify users based on an IP address without first filing a lawsuit. Verizon fought this claim (pretty strongly) and argued for its users' privacy rights, and eventually the court sided with Verizon. In fact, this fight was a large part of the reason that the RIAA started actually suing users, because it meant that it had to sue first in order to identify.

Thus, it's not entirely surprising -- but still nice -- to find out that Verizon is, once again, fighting to protect its users' privacy. Last fall, we wrote about the unfortunate decision by publisher John Wiley & Sons to follow the trail led by copyright trolls, and start suing groups of people accused of sharing Wiley's infamous "For Dummies" books via BitTorrent. Similar to copyright trolls, Wiley lumped together a bunch of IP addresses into a single lawsuit -- though, it didn't go quite as far as some trolling operations.

Even so, Verizon is going to court to fight back against the subpoenas for user information. It has a few procedural objections, and also noted (as many courts have found) that lumping together many people in the same lawsuit is improper joinder. But the key issues are privacy ones. Verizon objected that the identifying information isn't really designed to get "relevant" information for a lawsuit, but rather to send a settlement letter (like most copyright trolling operations). Furthermore, Verizon takes it up a notch by claiming that disclosing such information may violate "rights of privacy and protections guaranteed by the First Amendment."

Apparently, there will be a discussion with the court concerning these objections soon, but in the mean time, it's good to see Verizon, once again, defending some privacy rights for its users.

Permalink | Comments | Email This Story

Court Finds Copyright Trolling Lawyer Evan Stone In Contempt; Orders Him To Pay Attorneys' Fees

Mike Masnick — Thu, 26 Jan 2012 15:11:26 PST

Remember Evan Stone? He's one of a "new breed" of copyright trolling lawyers, who has been trying to sue large groups of John Does based on IP addresses, claiming they infringed on a client's work. Of course, the end game of these lawsuits is not to actually take these people to court, but to find out who they are, send them a nastygram... with an offer to "settle," and then get as many people to settle as possible. It's basically a way to use the court system to force lots of people to give you money. Thankfully, the courts have been cracking down on many of the more egregious players in these games. Evan Stone was one of the earlier players in this space in the US, but one who made a pretty big mistake last year while representing porn producer Mick Haig. One of his cases came before a judge who recognized how sketchy these lawsuits were, and told Stone that he couldn't subpoena for the Does' identities just yet, and in the meantime, he asked Public Citizen and EFF to represent the interests of the still anonymous users. Amazingly, Stone sent the subpoenas anyway. The appointed lawyers discovered this when they heard from one of the Does in question. When they confronted Stone about it, he dropped the case in the most petulant manner possible (basically whining about the judge appointing these meddlesome lawyers who kept him from getting his way).

In response, the lawyers at Public Citizen and EFF filed for sanctions against Stone... which they got, to the tune of $10,000. Stone, of course, appealed.

However, as you can see below, the court isn't buying it (not one bit). Not only does the court order him to pay attorneys' fees to Public Citizen and EFF (basically the $22,000 the lawyers asked for, though the court gets there through very slightly different math), but even more interestingly, the court also finds Stone in contempt and is requiring that he pay $500 per day until he pays the attorneys' fees owed...

Permalink | Comments | Email This Story

Evan Stone Appeals Judicial Slapdown And Sanctions For Ethics Violations

Mike Masnick — Mon, 17 Oct 2011 05:32:47 PDT

Last month, a court smacked down copyright troll lawyer Evan Stone, who had been caught sending out subpoenas to identify those he was suing, even after the judge had ordered him to wait until he could rule on the matter. This was a big, big deal, because it was a clear abuse of Stone's subpoena power as a lawyer -- especially since the judge recognized that the entire purpose of the lawsuit was to identify individuals in order to send "pay up" threat letters. The judge ordered Stone to pay a $10,000 sanction, alert other courts where he had cases pending, and to pay the legal fees of Public Citizen and the EFF, who represented the defendants in the case.

You might think that Stone would learn when it's appropriate to stop digging. But he hasn't. Instead, as That Anonymous Coward alerts us, Stone has appealed the ruling (pdf, and embedded below). There aren't many details, just notice of the appeal:

Notice is hereby given that Evan Stone, a subject of a sanctions motion filed by attorneys ad litem after termination of their ad litem appointment, appeals now to the United States Court of Appeals for the Fifth Circuit from the sanctions order entered September 9, 2011 (Dkt. 17), which finally disposes of the only remaining issue in this case.

While brief, it suggests he's arguing that because the motion for sanctions was filed after he tried to weasel his way out of the case, they were improper. Remember, Stone filed (petulantly) to drop the case just days after he was alerted by Public Citizen lawyers that they'd discovered he was sending out subpoenas despite the judge's order. Pretending that dismissing the case lets him off the hook isn't likely to play well in court.

Permalink | Comments | Email This Story

Shame On Weebly For Revealing Info On Anonymous User It Promised Not To Reveal

Mike Masnick — Tue, 13 Sep 2011 14:09:00 PDT

We've already written about some of the questionable activities by the lawyer hired by the Thomas Cooley law school in its lawsuit against some former students who have become anonymous critics. However, that same blog post from Paul Alan Levy also spent time discussing behavior on the part of Weebly, the service provider who coughed up the identifying information requested by Cooley's lawyer, despite first promising not to reveal the information at all, and later promising not to reveal if it received information on a motion to quash within a certain time frame. Even with all of that, when the second subpoena came in... Weebly handed over the info, well before the promised deadline it had provided the lawyer for the defendant.

Levy contacted Weebly's CEO, who gave a variety of reasons why they handed over this info, despite promising not to:

Weebly’s first point to me was that its email to Hermann saying that he could consider the subpoena “squashed at this point” really wasn’t intended to make any commitments — Hermann has been writing “over and over” about keeping his client’s identity private, and “I had no idea what he was talking about, so I said it’s ‘squashed for now’ just so he’d leave me alone.”

Weebly also said that after it got the California subpoena, it told Hermann that he would actually need to get a ruling from the judge quashing that subpoena no later than August 22, or it would have to obey the subpoena. I have two problems with that — first, even the subpoena did not require compliance until August 25, and the information was furnished on August 17. But more important, Weebly’s stance falls well short of the industry standard. In our experience, responsible ISP’s, such as Google, and Yahoo!, and Twitter, will simply insist to parties sending them subpoenas that they won’t comply with subpoenas to identify users if a motion to quash is filed within a given period, normally about two weeks.

Weebly also told me that the disclosure was made in part because Hermann gave shifting stories about whether the subpoena would be issued by a Michigan court or a California court. I found that argument unconvincing. Hermann was plainly uncertain about the actual subpoena documents, but I could not find the shifting accounts. And in any event, should discomfort with the Doe’s lawyer be a reason to shed the Doe’s privacy?

Next, Weebly said that its disclosures didn’t really matter because it did not provide the customer’s actual name, just an email address and various IP addresses. This is not the first ISP that has rationalized subpoena compliance on such grounds. I have got that line from Wikipedia twice, for example. But this case shows why the argument is delusional. The Doe was a former student at plaintiff law school, and the same email address that he gave Weebly was one that he has used while in law school. Thus, when plaintiff got the email address it was able to identify the Doe, and in fact it named the Doe in its amended complaint and cited his name throughout its opposition to the motion to quash.

Weebly’s final explanation to me struck me as the real reason, and it was perhaps the worst part of the explanation. Huffaker said, the subpoena came in on a day when I was out of the office, we have a small staff, we work long hours, we don’t have a lawyer on staff, we don’t get many subpoenas, and we strongly resist requests to remove material at the request of the targets of its customers’ criticism. All of this is understandable, and much of it praiseworthy, but to my mind, protecting customers’ privacy is also important, and if an ISP doesn’t have a lawyer, it has a responsibility to inform itself of the law governing subpoenas to identify customers and of the industry standard on responding to subpoenas. Moreover, although legal representation can be expensive, Public Citizen often represents smaller ISP’s pro bono in opposing subpoenas when the plaintiff does not meet the Dendrite test. Indeed, California has made it easy to fund the defense against subpoenas in these cases by passing a SLAPP-like law providing for awards of attorney fees; and Hermann made a point of suggesting that angle. Weebly says that it cares about protecting its customers, but it is hard to take those protestations seriously. Potential customers of Weebly, beware.

This may seem harsh on a small service provider like Weebly, and it's recognizable that it's tough for service providers to keep up on every law that they have to deal with, but if you're in the business of providing websites, it's important to know some basic laws concerning free speech and privacy.

And Weebly isn't just some mom-and-pop ISP as you might get from Levy's writeup. The company is funded by Sequoia Capital, considered one of the top 5 (if not the top) venture capital firms out there, went through the famous YCombinator program, and has other famous investors including Ron Conway, Mike Maples, Aydein Senkut and Paul Buchheit. In other words, this is a company that has both the resources and the connections to get the proper legal help when it receives a subpoena (questionable or legit), and never should have revealed this info -- especially after promising not to.

That said, companies do make mistakes. One would hope that Weebly's response in this case will be to apologize for handing over the info without properly allowing the court to consider the motion to quash, and will (1) make its policies much clearer and (2) make sure that its entire staff is familiar with how to deal with such subpoenas in the future. Hopefully this is a lesson for the company.

Permalink | Comments | Email This Story

Copyright Troll Evan Stone Sanctioned For More Than $10k For Sending Subpoenas When Court Said To Wait

Mike Masnick — Mon, 12 Sep 2011 08:28:16 PDT

You may recall that the somewhat brash copyright trolling lawyer, Evan Stone, got into a bit of legal hot water earlier this year, in a case for porn producer Mick Haig. Stone had been trying to follow in the footsteps of other copyright trolls who shake down people for money by filing a John Doe lawsuit against them, but the entire purpose of the lawsuit is to find out who they are to send them "settlement offers," for much less than it would cost to mount a defense. In one of Stone's lawsuit, the judge had, quite reasonably, asked Public Citizen and EFF to act as the Does' attorneys prior to their identification, for the sake of seeing whether or not revealing their info was proper. As part of that, the judge had ordered Stone not to send any subpoenas to get identifying info until after the court had ruled whether or not that was proper.

And yet, Stone sent the subpoenas anyway, and began identifying individuals, even though the court was still determining if it was proper to allow this.

In response to being called on this huge ethics violation, Stone petulantly dropped the case and blamed the judge for bringing in Public Citizen and the EFF -- while basically ignoring the massive ethics violation and questions raised about whether or not he had received settlements from people whose identity he wasn't supposed to know yet. Public Citizen and the EFF asked for sanctions against Stone in response to this.

And, boy, did they get sanctions. Both Public Citizen and the EFF have blog posts about it -- and both suggest that you're best off just reading the ruling (pdf) by Judge David Godbey which is also embedded below.

The key points: the judge slams Stone and orders him to pay $10,000 in sanctions, take remedial steps (including filing the court order in every ongoing proceeding in which he represents a party) and pay the legal fees of Public Citizen and the EFF. He also needs to reveal if anyone he sent a settlement letter to paid up -- which would suggest he'll have to pay back that money too. While the ruling runs through the whole thing, this paragraph from the ruling both summarizes what happens and makes it clear that the court is not pleased:

To summarize the staggering chutzpah involved in this case: Stone asked the Court to authorize sending subpoenas to the ISPs. The Court said “not yet.” Stone sent the subpoenas anyway. The Court appointed the Ad Litems to argue whether Stone could send the subpoenas. Stone argued that the Court should allow him to – even though he had already done so – and eventually dismissed the case ostensibly because the Court was taking too long to make a decision. All the while, Stone was receiving identifying information and communicating with some Does, likely about settlement. The Court rarely has encountered a more textbook example of conduct deserving of sanctions.

The court also notes, "Stone’s representation to the Court that it should grant his motion so he could serve subpoenas, when in fact he had already done so, treads perilously close to violating a lawyer’s duty of candor to the Court."

From there, the court goes on to attack Stone's "substanceless" explanation for his actions, noting, "this court deals in facts, not counterfactuals." Ouch. It also dings Stone for arguing that his actions were okay because most courts approve such requests for discovery:

This argument also fails. Discovery proceeds in “normal fashion” according to the Rules of Civil Procedure. They provide that no discovery of any kind takes place prior to a Rule 26(f) conference unless the Court orders otherwise. Although Stone might believe that motions like the Discovery Motion are mere formalities and that courts routinely grant them, that misapprehension provides no basis for proceeding with preconference discovery without court order. The only “highly irregular” activity here is Stone’s disregard of the Rules and the Court’s orders, which would have constituted sanctionable conduct even if the Court eventually had granted the Discovery Motion.

Permalink | Comments | Email This Story

The Info Law Enforcement Gets When They Subpoena Facebook

Mike Masnick — Thu, 5 May 2011 03:42:16 PDT

With the US government looking for software that will let them manage fake profiles on social networks, in order to "infiltrate" groups, you might have forgotten that they can also take the easy way out and issue a subpoena. While Julian Assange is certainly being hyperbolic with his claims that "Facebook... is the most appalling spying machine that has ever been invented," it is worth remembering that the US government can access all sorts of info from Facebook. The Next Web has a the details of what kind of info Facebook provides law enforcement on the receipt of a valid subpoena. Of course, this certainly doesn't mean Facebook is handing over this kind of info willy-nilly (this isn't AT&T we're talking about here...). Also, none of this is a huge surprise, but just a reminder that Facebook likely has a lot of info about you, and when put together, could allow the government to collect a pretty detailed dossier on certain aspects of your life:

Once Facebook has the form submitted, they will then prepare an archive for the police to review. That archive will include the following.

User ID number

Email address

Date and Time of your account’s creation

The most recent logins, usually the last 2-3 days

Your phone number, if you registered it

Profile contact info

Mini-feed

Status update history

Shares

Notes

Wall posts

Friends list

Groups list

Future and past events

Videos

Photos

Private messages

IP logs (computers and locations you logged in from)

You’ll notice that this list includes just about everything that you’ve posted to Facebook. In addition, it also includes a list of your Friends, which you didn’t technically add to Facebook yourself.

Again, there's nothing surprising here, but when laid out directly, it may make some people realize that relying so much on a third party like Facebook to manage such a large part of your life also opens yourself up to certain risks.

Permalink | Comments | Email This Story

P2P Shakedown Lawyers Apparently Still Sending Subpoenas To Get Info On Defendants Who Had Cases Dismissed

Mike Masnick — Fri, 25 Feb 2011 10:32:19 PST

About a month ago, we pointed out an effort by an anonymous concerned citizen who has been tracking the massive increase in these P2P file sharing shakedown lawsuits, that are all about sending "pre-settlement" letters and getting people to pay up, rather than really taking all these people to court. So far, the courts have been pretty good about dumping many of the cases that involved thousands of defendants, noting that it makes little sense to put them all together in a single case. The person who made that epic spreadsheet is continuing to keep it updated, and it shows about 110,000 people sued: Of course, what this also shows is that approximately 40,000 defendants have been dropped from these cases, mainly after judges pointed out how bogus it was to join so many defendants into single cases. However, the EFF is noting that it's received reports that some of the law firms involved in these schemes may still be sending subpoenas to defendants already dismissed from cases. Similar to Evan Stone's sending subpoenas before a judge had okayed it, this suggests a massive breach of legal ethics. Sending a subpoena on someone that a judge has already dismissed from the case? That seems like a strategy for trouble.

Permalink | Comments | Email This Story

Public Citizen & EFF Plan To Continue Pursuing Evan Stone Over Questionable Subpoenas

Mike Masnick — Fri, 4 Feb 2011 06:08:00 PST

We recently wrote about the odd situation in which mass copyright letter sender lawyer Evan Stone hastily, but petulantly, dropped a case, after the lawyers representing the defendants (from Public Citizen and the EFF) noticed that he appeared to have totally ignored the fact that the court had not allowed him to issue subpoenas, and had gone ahead and issued them anyway. Rather than respond to any of the questions that Public Citizen lawyer Paul Alan Levy asked Stone, he just dropped the case. Levy has now put up a blog post digging into the details, including why this move was more or less an admission by Stone that he'd made a huge mistake. The key point, though, is that Public Citizen and EFF appear to be planning to continue to pursue the motion to make sure that Stone did not contact any of those sued directly.

But there are some oddities here -- he claims that as a result of our filing, he has lost the opportunity to take discovery; does that mean that he believes our arguments are meritorious, and hence that his motion should be denied? After all, the judge ordered the ISP's to preserve identifying information for the Does, so it is not as if that information was going to disappear while he was waiting for a decision. And previously he claimed that these were 670 people who had seriously damaged his client by obtaining its copyrighted product illegally and then re-distributing it illegally. If his client has been injured, why has he dismissed the claims with prejudice, which means not only the client cannot bring suit in a proper jurisdiction but also that the Does are now prevailing parties who are entitled to seek an award of attorney fees under the Copyright Act?

My guess is that this is all about Evan Stone and not at all about his client. Stone's business model depends on easy settlements in the four figures, and he must have recognized that a win would not come easily. In my view, it is also fair to read the dismissal as an admission of our argument that he has no claim for fees and statutory damages. Thus, the litigation of the case on the assumption that he could use the threat of litigation to demand four figure settlements was no longer possible, and Stone may just have been unwilling to continue to represent his client without that possibility. Moreover, it seems likely that Stone worried about the possibility of a sanctions motion, and about having to answer questions incident to that motion about his communications with the ISPs and with the Does, and that he dismissed with prejudice in an effort to cut off such inquiries. The very fact that he is dodging the questions makes me worry that he may have already made some profits from our clients for which he does not want to be accountable. What he may not have recognized is that dismissal of a case not only sets up a motion for attorney fees, but does not deprive the court of jurisdiction to consider sanctions. And because we have an obligation to protect our Doe clients, we are going to have to pursue such a motion until we are satisfied that none of them has been abused.

Levy also highlights a bigger point, which is that more judges when confronted with these mass infringement lawsuits should act like the judge in this case did, and not just rubberstamp subpoenas for identifying information:

The larger lesson is that, no matter how clearly meritorious the plaintiff's claim may be from a first review of an ex parte motion for early discovery, more judges should emulate Judge Godbey and Judge MacKenzie by deferring a ruling on the motion for leave to take immediate discovery until there has been an opportunity for consideration and adversary litigation. Judging from the panicked calls that my EFF colleagues and I received after the notices of subpoena went out, the mere receipt of notices of subpoena alarmed a number of innocent people until they got word that the ISP's were going to hold off on production. The mere need to decide on a short schedule whether to respond to a subpoena may be harmful, and sad to say there are ISP's out there who just assume when they receive a subpoena that their clients are likely criminals who should be identified as soon as possible (I'll have more to say soon about the scoundrels at Bluehost). Judges should demand some evidence of wrongdoing before they allow discovery to identify the alleged wrongdoers, and if they are not sure of their ability to evaluate the papers in their own chambers, they should consider appointing pro bono counsel to respond to the motion.

Demanding this sort of inquiry does not protect those whose online conduct is tortious, because plaintiffs with valid claims have little difficulty making the showings that are demanded under the Dendrite standard, especially in copyright suits over downloading. But it holds out the prospect of protecting some innocent people.

Hopefully more judges will agree.

Permalink | Comments | Email This Story

Mass Copyright Lawsuit Lawyer Petulantly Drops Lawsuit After Called Out For Apparent Ethics Violations

Mike Masnick — Tue, 1 Feb 2011 10:16:07 PST

One of the lawyers who has been at the forefront of filing many of those massive P2P infringement cases for porn producers, with the intent of getting people to pay up "pre-settlement" fees to avoid an actual trial (and being accused publicly of downloading porn), Evan Stone, keeps running into problems. Stone, who apparently only became a lawyer a few months ago, seems to have pushed his luck in yet another case, not expecting lawyers on the other side who might recognize what was going on. However, Public Citizen and the EFF, acting as lawyers for those being sued, discovered that Stone had sent subpoenas to ISPs seeking the identity of file sharers even though the judge in the case had not yet determined if such subpoenas would be allowed.

It appears that, as in other similar cases, Stone filed a bunch of John Doe lawsuits on behalf of a porn producer, in this case Mick Haig Productions. Public Citizen and EFF were appointed to defend those sued while the court determined if the overall lawsuit was appropriate. While the court was still considering the question of the legitimacy of the lawsuit and any subpoenas attached to it, Stone apparently just went ahead and sent subpoenas to various ISPs demanding the identity of those accused of file sharing. After discovering this, Paul Alan Levy wrote Stone a letter (pdf) pointing out that this was a serious ethical breach. The full letter is embedded below and it's a must read, but here's just a snippet:

Inquiring further, I was able to obtain a copy of the subpoena that you sent to Comcast and of your cover letter, which concealed from Comcast the fact that Judge Godbey had never granted you permission to serve subpoenas in this case. Inquiring still further of other major ISP's, we have learned that you have served other subpoenas in the case, that the date required by one of the notices of subpoena for a response to avoid identification is January 31, and that some ISP's have provided you with identifying information.

We are very disturbed by this information. Because the rules of procedure to not allow you to take discover at this phase of the lawsuit without express judicial permission, the subpoenas that you have issued to the ISP's that we have been able to contact to date essentially misrepresented that discovery was open in the case, and gave you access to information to which you are not entitled. It is, as well, arguably a serious abuse of process that may be independently actionable. Given the fact that your standard practice is to send settlement demand letters to Does once they are identified, we must acknowledge the possibility that you have been communicating with our clients. Yet, because those clients are represented by counsel (until the disposition of the discovery motion), your contacting them directly would be a serious violation of legal ethics, because we have never given you permission to contact our clients.

The full letter not only asks him to withdraw the subpoenas, but also to provide Public Citizen and the EFF with the details of the subpoenas issued, apparently for the purpose of asking the court to sanction Stone for his apparent abuses.

Stone, perhaps realizing he was in a bit of trouble, responded by dismissing the lawsuits. Though he did so somewhat petulantly. His filing is also included below, but in it he mocks Public Citizen and the EFF, and complains that the court appointed them in the first place, claiming they are "renowned for defending internet piracy and.. for their general disregard for intellectual property law." He also mocks their response to his original motion as "absurd." Of course, in all the childish lashing out, he never seems to mention the fact that he subpoenaed info from ISPs almost certainly in violation of the rules of procedure. Instead, he just claims that the process is taking too long, so the plaintiff "feels it has lost any meaningful opportunity to pursue justice in this matter." That's a pretty laughable statement.

Of course, now the question is whether or not Public Citizen and the EFF will continue to seek relief from the court for Stone's actions.

Permalink | Comments | Email This Story

Judge Says No To Hurt Locker Subpoenas

Mike Masnick — Fri, 24 Sep 2010 15:20:44 PDT

Last month, we noted that at least one ISP, Midcontinent Communications, was actually fighting the mass subpoenas from US Copyright Group in its attempt to demand money from people associated with IP addresses that allegedly shared the movie Hurt Locker. It looks like the judge has, indeed, quashed the subpoenas, noting a series of procedural problems with them (notably, these are mostly the same procedural problems with the subpoena recently sent to us). This doesn't mean that things are over, as US Copyright Group can try to follow the rules next time around, but it should be a reminder to companies that just because you receive a subpoena, it doesn't mean you just have to roll over and hand over information. You have every right to make sure that it's within what the law allows.

Permalink | Comments | Email This Story

Hurt Locker Subpoenas Arrive With New Language... And Higher Demands

Mike Masnick — Fri, 3 Sep 2010 11:56:28 PDT

Well, it took a while, but US Copyright Group (really DC law firm Dunlap, Grubb & Weaver) have finally gotten around to getting subpoenas out to ISPs in the Hurt Locker lawsuit. While that lawsuit was filed months ago, the subpoenas just went out, in part, because of the fight in another of USCG's lawsuits over certain aspects of the threat letters. That ended with a requirement for USCG to work with groups like the EFF to come up with more informative threat letters. The results don't look all that more reasonable, but it does note that those accused have the right to try to fight the subpoena, and removes the misleading threat of a $150,000 penalty hanging over their heads. Of course, being just slightly more honest has its cost. The pre-settlement fee demanded has been increased from $2,500 to $2,900 this time around.

Separately, in Greg Sandoval's article, he talks to Cindy Cohn from the EFF who notes that they're hearing from a lot more people on the receiving end of USCG lawsuits who have no idea what it's all about and aren't BitTorrent users at all. That happened with the RIAA lawsuits as well, but apparently at a much lower rate. This certainly calls into serious question the techniques that USCG is using to identify file sharers and to make sure they're not suing innocent people. Of course, when you look at the economics of it all, to USCG it really doesn't matter. When it makes mistakes, the actual likelihood of getting in trouble for it times the likely cost of such a mistake is so low as to make the incentive such that there's little reason to care about false positives. Yet, on the flip side, the cost of defending yourself against a bogus threat from USCG is certainly going to be more than $2,900 in almost every case. As Cohn notes:

"When it comes to copyright," Cohn said "the law is set up so that truth, whether someone actually violated the law or not, takes a back seat to financial considerations."

And, really, that's what's so nefarious about this whole process. The incentives are totally screwed up. USCG has no incentive to weed out the false positives, and the innocent folks threatened have powerful economic incentives to just pay up. It's still not "extortion," in that USCG can claim to have a legitimate legal basis for the demands, but it certainly comes damn close in practice.

Permalink | Comments | Email This Story

Another ISP Fighting US Copyright Group Subpoenas; Why Aren't More ISPs Protecting Your Privacy?

Mike Masnick — Mon, 30 Aug 2010 08:34:03 PDT

With US Copyright Group filing tens of thousands of lawsuits against people accused of sharing movies like Hurt Locker online, we've been disappointed that many ISPs don't seem willing to stand up for their subscribers' rights, and are willing to hand over names without a thought. Time Warner Cable fought the subpoenas, but its main concern was the volume, not the concept. However, a small ISP in South Dakota, Midcontinent Communications is also asking for the subpoenas to be quashed, noting that its privacy policies say that it cannot hand out customer information to third parties without a court order. It also questions how it can be covered by the jurisdiction of a Washington DC court.

Bravo to Midcontinent Communications for actually standing up for its users. But, the real story here is why other ISPs are not doing this? This should be how pretty much any ISP responds to questionable subpoenas of this nature.

Permalink | Comments | Email This Story

EFF, Public Citizen And ACLU Ask Judge To Quash Mass Subpoenas From US Copyright Group

Mike Masnick — Thu, 3 Jun 2010 14:32:48 PDT

While companies like Verizon apparently won't stand up to protect their users' rights against the ridiculous and overly broad mass copyright infringement lawsuit filings made by a group called US Copyright Group (really a DC-based lawfirm called Dunlap, Grubb and Weaver), Time Warner Cable is pushing back, but mainly on procedural issues -- not in any way to stand up for the rights of those being sued. Thankfully, it looks like the EFF, Public Citizen and the ACLU are trying to help out.

Those three organizations filed an amicus brief with the court in the Time Warner Cable case, where they point out that there are multiple reasons why the subpoenas should be quashed. Among the many problems with the process used by USCG are the ideas of suing thousands of people in a single lawsuit and all in Washington DC. Obviously, this makes it easier and cheaper for Dunlap, but it's not how the legal system is supposed to work. First, it only makes sense that each lawsuit should be filed individually, as each involves different circumstances. Second, they should be filed in the proper jurisdiction, not in DC. As the briefing notes:

This Court cannot consider this case unless it has personal jurisdiction over the Doe Defendants, and it is Plaintiff's burden to show that such jurisdiction exists. The Constitution imposes that burden on every plaintiff as a fundamental matter of fairness, recognizing that no defendant should be forced to have his rights and obligations determined in a jurisdiction with which he has had no contact. These requirements "give[ ] a degree of predictability to the legal system that allows potential defendants to structure their primary conduct with some minimum assurance as to where that conduct will and will not render them liable to suit." World-Wide Volkswagen Corp. v. Woodson, 444 U.S. 286, 297 (1980).

Plaintiff has not met this burden. Instead, the very information upon which Plaintiff relies as a basis for seeking the identity of the Doe defendants -- their Internet Protocol (IP) addresses -- indicates that few, if any, reside in this District. If, as it appears, the vast majority of the Doe defendants do not have sufficient minimum contacts with this jurisdiction to satisfy due process, the Court should quash the subpoena for information about out-of-district defendants.

....

Requiring individuals from across the country to litigate in this District creates exactly the sort of hardship and unfairness that the personal jurisdiction requirements exist to prevent. It requires the individuals urgently to secure counsel far from home, where they are unlikely to have contacts. In this particular instance the hardship is very clear. When the underlying claim is a single count of copyright infringement, the cost of securing counsel even to defend a defendant's identity is likely more than the cost of settlement, and possibly even more than the cost of judgment if the Defendant lost in the litigation entirely.

As for lumping all of the lawsuits into a single filing, the brief shows that courts have rejected this approach in the past as unreasonable and should do so again here:

There is little doubt that Plaintiff's joinder of more than 4,500 defendants in this single action is improper and runs the tremendous risk of creating unfairness and denying individual justice to those sued. Mass joinder of individuals has been disapproved by federal courts in both the RIAA cases and elsewhere. As one court noted:
Comcast subscriber John Doe 1 could be an innocent parent whose internet access was abused by her minor child, while John Doe 2 might share a computer with a roommate who infringed Plaintiffs' works. John Does 3 through 203 could be thieves, just as Plaintiffs believe, inexcusably pilfering Plaintiffs' property and depriving them, and their artists, of the royalties they are rightly owed. . . .

Wholesale litigation of these claims is inappropriate, at least with respect to a vast majority (if not all) of Defendants.
BMG Music v. Does 1-203, No. Civ.A. 04-650, 2004 WL 953888, at *1 (E.D. Pa. Apr. 2, 2004) (severing lawsuit involving 203 defendants).

Rule 20 requires that, for parties to be joined in the same lawsuit, the claims against them must arise from a single transaction or a series of closely related transactions. Specifically:
Persons . . . may be joined in one action as defendants if: (A) any right to relief is asserted against them jointly, severally or in the alternative with respect to or arising out of the same transaction, occurrence, or series of transactions or occurrences; and (B) any question of law or fact common to all defendants will arise in the action.
Fed. R. Civ. P. 20. Thus, multiple defendants may be joined in a single lawsuit only when three conditions are met: (1) the right to relief must be "asserted against them jointly, severally or in the alternative"; (2) the claim must "aris[e] out of the same transaction, occurrence, or series of transactions or occurrences"; and (3) there must be a common question of fact or law common to all the defendants. Id.

Joinder based on separate but similar behavior by individuals allegedly using the Internet to commit copyright infringement has been rejected by courts across the country. In LaFace Records, LLC v. Does 1-38, No. 5:07-CV-298-BR, 2008 WL 544992 (E.D.N.C. Feb. 27, 2008), the court ordered severance of lawsuit against thirty-eight defendants where each defendant used the same ISP as well as some of the same peer-to-peer ("P2P") networks to commit the exact same violation of the law in exactly the same way. The court explained: "[M]erely committing the same type of violation in the same way does not link defendants together for purposes of joinder." LaFace Records, 2008 WL 544992, at *2. In BMG Music v. Does 1-4, No. 3:06-cv- 01579-MHP, 2006 U.S. Dist. LEXIS 53237, at *5-6 (N.D. Cal. July 31, 2006), the court sua sponte severed multiple defendants in action where the only connection between them was allegation they used same ISP to conduct copyright infringement.

The brief also takes issue with the evidence that Dunlap presents in the USCG filings:

Moreover, Plaintiff provides no specific evidence other than its summary declarations to establish that its investigation was done for each Doe. And such evidence ought to be readily available, including screen shots showing the IP addresses of the Doe defendants so the Court can see that the addresses submitted to the Court match those discovered during the investigation, copies or real-time capture of the activities of the "proprietary technologies" used, and shots of the P2P server logs that to which Plaintiff apparently had access. Without those, the declarations merely describe downloading activity in general, and fail to provide the Court with real information linking each of the individuals sued to the alleged infringement.

This is a big concern because Dunlap and USCG are seeking to reveal private information based on incredibly flimsy evidence:

Robust protection for the right to engage in anonymous communication -- to speak, read, view, listen, and/or associate anonymously -- is fundamental to a free society. See, e.g., Talley v. California, 362 U.S. 60 (1960) (recognizing the First Amendment right to communicate anonymously); McIntyre v Ohio Elections Comm'n, 514 U.S. 334 357 (1995) (same; "Anonymity is a shield from the tyranny of the majority."); Lamont v. Postmaster General, 381 U.S. 301 (1965) (recognizing the First Amendment right to receive ideas in privacy). This fundamental right enjoys the same protections whether the context for speech and association is an anonymous political leaflet, an Internet message board or a video-sharing site. See Reno v. ACLU, 521 U.S. 844, 870 (1997) (there is "no basis for qualifying the level of First Amendment scrutiny that should be applied to" the Internet).

Courts in this District have recognized that First Amendment protections extend to the anonymous publication of expressive works on the Internet even where, as here, that publication is alleged to infringe copyrights. In re Verizon Internet Servs. Inc., 257 F. Supp. 2d 244, 260 (D.D.C.), rev'd on other grounds, 351 F.3d 1229 (D.C. Cir. 2003) (hereinafter "Verizon"); see also UMG Recordings, Inc., v. Does, No. 06-0652 SBA, 2006 WL 1343597, at *2 (N.D. Ca. March 6, 2006) (citing Sony Music Entm't, Inc. v. Does 1-40, 326 F. Supp. 2d 556, 564 (S.D.N.Y. 2004)). As the court in Sony noted:
Arguably, however, a file sharer is making a statement by downloading and making available to others copyrighted music without charge and without license to do so. Alternatively, the file sharer may be expressing himself or herself through the music selected and made available to others. Although this is not "political expression" entitled to the "broadest protection" of the First Amendment, the file sharer's speech is still entitled to "some level of First Amendment protection."
326 F. Supp. 2d at 564 (quoting Verizon) (citations omitted). The Sony court continued: "Against the backdrop of First Amendment protection for anonymous speech, courts have held that civil subpoenas seeking information regarding anonymous individuals raise First Amendment concerns."

No one is arguing that a legitimately filed lawsuit shouldn't entitle USCG to get the right to an individual's information. The issue is that not nearly enough evidence is presented in these cases, and what is presented is done in a way that does not allow an individual to protect their First Amendment rights. This destroys the basic balance that the courts have established to permit such lawsuits to go forward.

The filing is an important one, and it's unfortunate that it had to come from three public interest groups rather than the ISPs themselves. In an email from Verizon PR, in response to a question on this issue from reporter Dave Burstein, Verizon PR gave the "we're just following orders" response, and tries to suggest it goes above and beyond by giving their customers a week or less of notification to fight this on their own. Verizon (and Time Warner Cable) could be making these same arguments on behalf of their customers, and it's a shame that they have not and, in fact, have handed over information on such flimsy proof in such questionably filed lawsuits.

Permalink | Comments | Email This Story

Verizon Handing Over Names For US Copyright Group's Mass Automated Lawsuits

Mike Masnick — Tue, 1 Jun 2010 08:56:56 PDT

We've already discussed how the so-called US Copyright Group (which seems like a bit of a front for DC-based law firm Dunlap Grubb Weaver -- tag line: "Lawyers with a Higher Standard" -- since the first named partner in the operation, Thomas Dunlap, also happens to appear to run US Copyright Group) has been filing tens of thousands of questionable lawsuits for certain movie producers, including, most recently 5,000 lawsuits for those accused of file sharing Hurt Locker. Of course, it looks like this particular operation is nothing more than a copy of European operations like ACS:Law, whose main goal is not to take anyone to court, but to get people to pay up to not get sued. In this case, US Copyright Group's starting offer is $1,500 to not get sued. How generous.

When the news of this operation first came to light, it was noted that one major ISP had already agreed to hand over names of folks based on IP addresses. At the time, we wondered who that was. Later on, we found out, Dunlap claimed that 75% of ISPs were cooperating. Again, we wondered who was actually doing this. The only major ISP we know who is fighting handing over the names is Time Warner Cable. In response, Dunlap is trying to advance the novel legal theory (i.e., one that would get laughed out of court) that by not handing over the names TWC is guilty of inducing infringement itself.

Well, now we know at least one ISP that is handing over the names In a rather annoying "photo gallery" put together by News.com that only shows one photo per page so you need to click through a bunch of pages to get the actual story (nice to see News.com stooping to cheap page view boosting tricks), we find out that Verizon is handing over names to US Copyright Group. The photo gallery shows images from one guy who received one of these pre-settlement letters. Verizon apparently gave him less than a week to retain a lawyer to fight the subpoena or it would hand over his info.

This is unfortunate. Verizon was the one big ISP that stood up to the RIAA back in the early days, when it pulled a similar trick, going to court to protect its customers' identities. It's too bad that it no longer thinks so highly of protecting its customers.

Some other tidbits from the letter in the News.com story: US Copyright Group demands $1,500 not to sue, but only if you pay up within a month. After that the price goes up to $2,500. The letter, not surprisingly warns that the producers of the film will seek at least $30,000 per infringement in any lawsuit, with the possibility of asking for $150,000, if it believes it can prove the infringement was "intentional."

The letter cites the ruling against Joel Tenenbaum to support why it's cheaper to pay up. Amusingly, but not surprisingly, it doesn't cite the ruling against Jammie Thomas, who also was ordered to pay huge amounts... until the judge greatly reduced the award. Funny that the lawyers would omit that little fact...

Also, the letter (which is not about Hurt Locker, but about Uwe Boll's Far Cry) points people to www.farcry-settlement.com, which you can check out for yourself.

Oh, as for the guy who showed the letter to News.com. He has an open WiFi setup, says he doesn't know who downloaded the film and appears pretty annoyed by the whole thing:

"For me, the issue here isn't whether or not peer-to-peer is evil," said Harrison, a photographer. "It is whether or not our federal courts and Verizon should cooperate with such an obvious intimidation scam."

Permalink | Comments | Email This Story

Pennsylvania AG Drops Twitter Subpoena

Mike Masnick — Mon, 24 May 2010 02:50:57 PDT

Last week, the news came out that Pennsylvania Attorney General (and gubernatorial candidate), Tom Corbett, was so thin-skinned that he had subpoenaed Twitter to try to get at the identity of some anonymous online critics. Of course, all this really did was draw attention to (a) the criticism of Corbett and (b) his incredibly thin skin when it comes to criticism. Twitter, thankfully, didn't just roll over, and now Corbett has dropped the subpoena. Of course, one of the reasons Corbett was trying to unmask the identity of the commenter was because he believed it may have been someone he had already targeted in a political corruption scandal -- who was being sentenced on Friday. However, without being able to identify the user by the time of the sentencing, he couldn't use that in pushing for a tougher sentence. So, in the end, Corbett didn't get what he was after, but called a lot more attention to criticism of him. Nice work.

Permalink | Comments | Email This Story

Utah Moves Forward On Plans To Let Attorney General Have All Sorts Of Info On Internet Users With No Judicial Oversight

Mike Masnick — Tue, 2 Mar 2010 15:05:03 PST

Tim writes in to let us know of a proposal in the state legislature in Utah (known for passing some bizarre internet related legislation in the past) that would grant prosecutors stunning freedom to spy on internet users without much oversight. Specifically, the bill would let prosecutors in the Attorney General's office demand names, addresses, phone numbers, and bank information from mobile phone operators and ISPs -- without a judge reviewing the request. Last year, apparently, the legislature passed a similar law that was just limited to sex-related crimes -- and prosecutors are now requesting info under that law approximately once per day, which seems like a pretty high number. The new law was originally intended to cover all crimes, but was limited to felonies as well as cyberstalking and cyberharassment claims (which, again, seem broad). It seems quite likely that such a law would be greatly abused.

Of course, the politicians supporting this claim that it's necessary to keep people safe:

"If we charge our law-enforcement folks with trying to protect us and trying to catch these people," [sponsor of the bill, Rep. Brad] Daw said, "we need to always be trying to review the capabilities these criminals have and the tools technology gives to them and make sure we have adequate tools in place."

Except that makes no sense. Prosecutors could get a judge to grant a subpoena already. Why do they need to do this with no judicial review? This isn't about protecting people and catching criminals. You already had a process to do that. It's just that it had oversight. So what's the excuse for taking away the oversight?

Permalink | Comments | Email This Story

TSA Withdrew Subpoenas On Travel Bloggers... But Serious Questions Linger

Mike Masnick — Mon, 4 Jan 2010 10:40:19 PST

Last week, the news that the TSA visited two travel bloggers who had written about some rather obvious "security directives" that the TSA had refused to confirm publicly (i.e., that everyone boarding a flight to the US would get a pat down) got a fair bit of attention. Beyond just seeking their sources, the TSA agents had subpoenas and with one of the bloggers, were quite threatening and ended up confiscating his laptop (which was then damaged when it was returned). With the story getting so much attention, the TSA withdrew the subpoenas saying they were no longer necessary. While some are attributing this to the negative publicity received in the press, it seems more likely that they had figured out what they needed (especially with Steven Frischling handing over his laptop).

There are two other aspects of the story that remain in question and are somewhat troubling. The first is the issue raised by Danny Sullivan about Google's role in this effort. It came out in the early reports that both bloggers had received the notice from someone with a Gmail account. Google won't comment on whether or not it received a subpoena in this case, but it seems likely that it did. In fact, as Sullivan points out, Google -- unlike some other companies -- often seems quite willing to comply with such subpoenas without giving users a chance to protect themselves. This is the company's right, of course, but given Google's own positioning as a protector of user rights, you would think it would be a bit more aggressive on this front.

The second issue concerns reports that the TSA more or less forced Frischling to post a Twitter message, asking the guy who sent him the original email to email him again. Again, earlier reports had noted that Frischling had already deleted the email when the TSA agents had arrived. So, the suggestion is that they wanted to get him to email again. An "anonymous source" (so take it for what it's worth) is claiming that the TSA agents typed a message into Twitter asking the guy to send Frischling an email, but told Frischling to actually "send" the Twitter message, so they could deny that they had posted it.

Given all of this, it seems like there's a half decent chance that the TSA withdrew the subpoenas because it already had what it needed. It could get the guy's email from Frischling's computer after the guy emailed back -- and then could subpoena Google to find out who it was, without getting much pushback. The bigger question, though, remains why this is happening at all. The "security directive" wasn't classified. It wasn't secret and it was obvious to anyone who happened to fly into the US from a foreign country. If the TSA really thinks that keeping something like this secret somehow makes us more secure, it's even more messed up than previously thought.

And, once again, we're reminded why we should have a federal shield law to protect anyone engaged in journalism from having to reveal their sources.

Permalink | Comments | Email This Story

Court Tells Echostar It Doesn't Get Access To Customer Lists Of Satellite Receiver Company

Mike Masnick — Tue, 30 Sep 2008 23:41:42 PDT

Recently, we wrote about how satellite TV provider Echostar had been sending out subpoenas demanding customer lists from resellers who had sold satellite receivers made by a company named Freetech. Freetech's satellite receivers can be used to receive perfectly legal over-the-air satellite TV signals. Echostar's complaint was that many also used Freetech's receivers to pirate its own DishTV offering. However, that doesn't give Echostar the right to then demand the contact info on everyone who ever bought a Freetech receiver, as many could be using them for perfectly legal purposes. And, historically, with DirecTV, we've seen a similar situation where the DirecTV forced plenty of totally innocent smart card device buyers to pay up by threatening them with lawsuits over pirated satellite TV.

Luckily, it looks like the EFF helped convince the judge that Echostar was out of line, and the judge has said that the buyers' privacy trumps Echostar's right to the info. As the EFF notes, this is a big ruling, in that it's "the first time a federal court has explicitly rejected a third-party subpoena on the basis of the privacy interests of nonparty consumers." Chalk one up for the right to privacy.

Permalink | Comments | Email This Story

One Way To Reveal Anonymous Posters: Subpoena The Sites They Read

Mike Masnick — Wed, 30 Jan 2008 23:38:16 PST

We've written many times in the past about how courts have protected anonymous speech in the US, but that doesn't mean that some won't go to ridiculous lengths to reveal anonymous commenters they don't like. Last summer, we wrote about the ridiculous lawsuit over some anonymous "mean" postings on a forum for law school students. The case involved students claiming that they were unable to get jobs due to mean comments on the boards. It seems like quite a stretch to think law firms would judge their hiring decisions on such a thing, but the law students in question apparently needed someone to blame for their inability to get jobs.

Of course, revealing who those anonymous posters are isn't easy, thanks to that previously mentioned respect for the right to be anonymous. So, it appears that lawyers for the plaintiffs are taking a rather indirect route to reveal the anonymous posters. Since the posters had linked to web pages that mention the plaintiffs, the lawyers are now seeking a subpoena on the log files of the sites that had those articles. Yes, this is a huge stretch, as they're basically searching for a needle in a haystack, trying to pick out of the logfiles exactly who visited a particular news story. Even though some of the companies in question have pointed out that it's impossible to provide this data, the lawyers are still seeking a subpoena from the court demanding it. If the law students in question put half the effort they're putting into this lawsuit into finding a job, rather than worrying about what people said about them, perhaps this wouldn't be an issue at all.

Permalink | Comments | Email This Story