Shame On Weebly For Revealing Info On Anonymous User It Promised Not To Reveal

from the gotta-trust-your-ISP dept

We’ve already written about some of the questionable activities by the lawyer hired by the Thomas Cooley law school in its lawsuit against some former students who have become anonymous critics. However, that same blog post from Paul Alan Levy also spent time discussing behavior on the part of Weebly, the service provider who coughed up the identifying information requested by Cooley’s lawyer, despite first promising not to reveal the information at all, and later promising not to reveal if it received information on a motion to quash within a certain time frame. Even with all of that, when the second subpoena came in… Weebly handed over the info, well before the promised deadline it had provided the lawyer for the defendant.

Levy contacted Weebly’s CEO, who gave a variety of reasons why they handed over this info, despite promising not to:

Weebly?s first point to me was that its email to Hermann saying that he could consider the subpoena ?squashed at this point? really wasn?t intended to make any commitments ? Hermann has been writing ?over and over? about keeping his client?s identity private, and ?I had no idea what he was talking about, so I said it?s ?squashed for now? just so he?d leave me alone.?

Weebly also said that after it got the California subpoena, it told Hermann that he would actually need to get a ruling from the judge quashing that subpoena no later than August 22, or it would have to obey the subpoena. I have two problems with that ? first, even the subpoena did not require compliance until August 25, and the information was furnished on August 17. But more important, Weebly?s stance falls well short of the industry standard. In our experience, responsible ISP?s, such as Google, and Yahoo!, and Twitter, will simply insist to parties sending them subpoenas that they won?t comply with subpoenas to identify users if a motion to quash is filed within a given period, normally about two weeks.

Weebly also told me that the disclosure was made in part because Hermann gave shifting stories about whether the subpoena would be issued by a Michigan court or a California court. I found that argument unconvincing. Hermann was plainly uncertain about the actual subpoena documents, but I could not find the shifting accounts. And in any event, should discomfort with the Doe?s lawyer be a reason to shed the Doe?s privacy?

Next, Weebly said that its disclosures didn?t really matter because it did not provide the customer?s actual name, just an email address and various IP addresses. This is not the first ISP that has rationalized subpoena compliance on such grounds. I have got that line from Wikipedia twice, for example. But this case shows why the argument is delusional. The Doe was a former student at plaintiff law school, and the same email address that he gave Weebly was one that he has used while in law school. Thus, when plaintiff got the email address it was able to identify the Doe, and in fact it named the Doe in its amended complaint and cited his name throughout its opposition to the motion to quash.

Weebly?s final explanation to me struck me as the real reason, and it was perhaps the worst part of the explanation. Huffaker said, the subpoena came in on a day when I was out of the office, we have a small staff, we work long hours, we don?t have a lawyer on staff, we don?t get many subpoenas, and we strongly resist requests to remove material at the request of the targets of its customers? criticism. All of this is understandable, and much of it praiseworthy, but to my mind, protecting customers? privacy is also important, and if an ISP doesn?t have a lawyer, it has a responsibility to inform itself of the law governing subpoenas to identify customers and of the industry standard on responding to subpoenas. Moreover, although legal representation can be expensive, Public Citizen often represents smaller ISP?s pro bono in opposing subpoenas when the plaintiff does not meet the Dendrite test. Indeed, California has made it easy to fund the defense against subpoenas in these cases by passing a SLAPP-like law providing for awards of attorney fees; and Hermann made a point of suggesting that angle. Weebly says that it cares about protecting its customers, but it is hard to take those protestations seriously. Potential customers of Weebly, beware.

This may seem harsh on a small service provider like Weebly, and it’s recognizable that it’s tough for service providers to keep up on every law that they have to deal with, but if you’re in the business of providing websites, it’s important to know some basic laws concerning free speech and privacy.

And Weebly isn’t just some mom-and-pop ISP as you might get from Levy’s writeup. The company is funded by Sequoia Capital, considered one of the top 5 (if not the top) venture capital firms out there, went through the famous YCombinator program, and has other famous investors including Ron Conway, Mike Maples, Aydein Senkut and Paul Buchheit. In other words, this is a company that has both the resources and the connections to get the proper legal help when it receives a subpoena (questionable or legit), and never should have revealed this info — especially after promising not to.

That said, companies do make mistakes. One would hope that Weebly’s response in this case will be to apologize for handing over the info without properly allowing the court to consider the motion to quash, and will (1) make its policies much clearer and (2) make sure that its entire staff is familiar with how to deal with such subpoenas in the future. Hopefully this is a lesson for the company.

Filed Under: , ,
Companies: weebly

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Shame On Weebly For Revealing Info On Anonymous User It Promised Not To Reveal”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Corporate Psychopath At Work

Weebly’s CEO gave the game away. He said, ?I had no idea what he was talking about”. That was a lie, he knew precisely why some of his users wanted to keep their names private — to avoid retaliation. He clearly really did know that because he was offering privacy as a sales feature of the service.

Then he said, “so I said it?s ?squashed for now?”. That is a most artfully created lie, done with full knowledge. He knew that it had not been squashed, but said that it had been, knowing that his listener might be fooled. That was clever, but utterly immoral. The definition of a psychopath is that they are a person who has no conscience.

Then he said, “just so he?d leave me alone.? That was honest. Sometimes psychopaths reveal their true motivation. Take note, people, the psychopaths are out there. It is nothing unusual for one of them to achieve the rank of CEO. You will meet them. Forewarned is forearmed.

Anonymous Coward says:

I find it quite odd to read about Weebly complying with an outside request that they didn’t have to and probably shouldn’t have, considering another recent experience I had with Weebly.

Someone had set up a site on Weebly for an event, and was asking for registration fees via Paypal. Most people who had attended similar events readily spotted that the site was a fake and there was no real event. Yet when we attempted to notify Weebly, we ran into difficulty. First, the only e-mail address that could be found for notifying them of TOS violations was one intended for legal and law enforcement authorities, and when we used that one to notify them of scam site, their reply was that they couldn’t be the judge of whether the site was legitimate or not. The impression that I and others who contacted them about this site was clear – “Unless you are someone in authority we can’t ignore, don’t bother us. We don’t care.”

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...