April 18, 2014

avatar

The Latest in Nationwide Internet User Identification – Part 1 (The Ancient State Law "Pure Bill of Discovery")

Plaintiffs are engaging in aggressive and questionable new tactics in a growing wave of federal copyright “John Doe” lawsuits. In those lawsuits, the obvious objective of the plaintiffs is to discover from Internet Service Providers (ISPs) the personal identities of many of the ISPs’ subscribers. The plaintiffs typically present the ISPs with long lists of subscriber IP addresses that have allegedly been used in copyright infringement. Many of these plaintiffs have generated a business model around such suits and are often referred to as “copyright trolls“. The orders permitting “John Doe” discovery necessarily precede the naming of the defendants, and many if not most defendants are likely to settle rather than bear the expense of a defense (not to mention, in many cases, the embarrassment of association with pornographic works). Thus, at least for those defendants, the lawsuits effectively begin and end when their names and contact information are provided to the plaintiffs. Many of the copyright plaintiff attorneys would have it no other way – operating form-based lawsuit “factories” and harvesting settlements, and getting out without presenting any evidence at trial.

The response of the federal judges has been mixed. Many of them just grant the requested relief. In the interest of protecting privacy rights, a few judges have properly appointed attorneys ad litem to represent the unidentified Does. Some have decided that the joinder of numerous defendants in a single lawsuit is improper, and dismissed all the Does except for a single John or Jane. Others have required that the plaintiffs demonstrate a good faith belief that the subscriber-defendants reside in the forum and/or are otherwise subject to the personal jurisdiction of the court.

More recently, the copyright plaintiffs are turning to the state courts – an odd tactic given that copyright infringement claims may only be asserted in federal court. Remember, though, that these plaintiffs appear to be far more interested in the personally identifiable information of Internet subscribers (and coercing settlements), than in the actual pursuit of litigation. As such, they are simply motivated to seek, in the least number of lawsuits, as many Internet subscriber identifications for as many IP address/date/time stamps from as many ISPs as possible.

Consistent with such an objective, the plaintiffs’ lawyers have dusted off an ancient proceeding known as a “pure bill of discovery” – an equitable action that originated in the 19th century, before discovery was even available in legal proceedings under common law. As it turns out, this action is still available under a narrow set of circumstances in some states, including Florida, primarily where discovery is not otherwise obtainable and there is no adequate remedy at law.

Plaintiffs use this action to seek discovery in state court – presumably to avoid some of the same hurdles encountered in federal court. In Florida (the preferred jurisdiction so far), they contend that they should be permitted to file a “pure bill of discovery” for any alleged infringement, so long as they can somehow connect the alleged infringement to that jurisdiction (for example, because another alleged member of the same BitTorrent “swarm” – who could even be the plaintiff’s forensic investigator – was allegedly located in Florida).

But these plaintiffs aren’t using the “pure bill of discovery” the way it is supposed to work.

Because the “pure bill of discovery” is for the sole purpose of obtaining discovery, the “defendants” in such an action should be the person from whom the information is sought. Here, that would be the ISPs. However, suing dozens and dozens of ISPs located across the country in a Florida state court could be inconvenient and costly to the plaintiffs given that the ISPs would need to be served with process and a significant number of the ISPs would likely resist. In addition, if there were actual adversaries (i.e., ISP defendants), the plaintiffs would have to demonstrate their rights and convince the court that they are entitled to relief in an adversarial hearing before an order could be issued and before any subpoenas could be issued.

Preferring otherwise, the plaintiffs are suing the (unrepresented, unnamed, and defenseless) Doe defendants in their “pure bill of discovery” actions. That doesn’t make sense, you may say, because the plaintiffs are not seeking any discovery from the Does. True – in a “pure bill of discovery” action, the plaintiff has to be seeking discovery from the defendants in that action. To address this detail, the plaintiffs’ lawyers fictionally assert that they are seeking to require the Does to “confirm” that the identifying information to be provided by the ISPs is “accurate.” And, naturally, before the Doe defendants can “confirm” that they are who they are said to be, the plaintiffs need to uncover their names. So, after filing the lawsuit in a state court, the plaintiffs file an ex parte motion for discovery seeking to issue discovery requests to a long list of ISPs located across the nation (many beyond the state court’s jurisdiction), to obtain the personally identifiable information of hundreds of individual subscribers (i.e., the John Does). These ex parte motions actually get granted tout de suite.

Although the ISPs (much less the John Does) don’t have any opportunity to be heard beforehand, the ISPs can oppose the discovery requests once those requests are served on them. As a practical matter, though, most of the ISPs don’t; and those that do may simply be met with a voluntary dismissal by the plaintiff (as to those Does only), who would presumably rather not have the court actually hear the arguments made. Thus, the plaintiffs for the most part can readily obtain the necessary personally identifiable information to threaten to sue the alleged infringers (in federal court) and, in all likelihood, obtain quick settlement.

To the extent these plaintiffs get away with it, they have found a way to obtain a court order without opposition that permits nationwide identification of mass defendants in a single lawsuit. Assuming the Doe defendants settle, and anecdotal evidence suggests that many do, bothersome details such as service of process, personal jurisdiction, venue, joinder, and even advocacy in a court of law can be avoided entirely.

And why stop with seeking federal copyright claims? If these proceedings can actually be used in the way the plaintiffs are using them, there’s no reason why anyone couldn’t sue in Florida state court in order to get identifying subscriber information for subscribers located anywhere, from any ISP or other communications provider, under any legal theory. It seems to be the perfect tool of stealth and expedience, unless you happen to believe in the protection of fundamental individual rights and that the role of our judicial system is to resolve cases or controversies. It is hard to imagine that this antediluvian equitable action was intended to serve as a settlement weapon in abusive mass copyright litigation.

avatar

A Possible Constitutional Caveat to SOPA

Tomorrow, a hearing in the House will consider H.R. 3261, the Stop Online Piracy Act (SOPA). There are many frustrating and concerning aspects of this bill. Perhaps most troubling, the current proposed text would undermine the existing safe harbor regime that gives online service providers clear, predictable, and reasonable obligations with respect to their users’ sometime infringing activities. Under SOPA’s new, ambiguous requirements, an online service provider might find itself in court merely for refusing to deploy a new technological surveillance system offered to it by rightholders — because such a refusal could be considered “deliberate action[] to avoid confirming” infringements by its users.

SOPA also incorporates DNS blocking provisions, substantively similar to the Senate’s PROTECT IP Act, that are designed to obstruct Americans’ access to “foreign infringing site[s].” It empowers the Attorney General to require a service provider to “take technically feasible and reasonable measures designed to prevent access by its subscribers located within the United States to the foreign infringing site.” This is a deeply troubling provision — and a stark departure from existing law — in that it would put U.S. Internet Service Providers into the business of obstructing, rather than providing, Americans’ access to the worldwide Internet, and would do so coarsely, since those “reasonable measures” could easily apply to whole sites rather than particular infringing pages or sections.

Intriguingly, a site is a “foreign infringing site” only if — among other criteria — it “would . . . be subject to seizure in the United States in an action brought by the Attorney General if such site were a domestic Internet site.” This is a clear reference to Operation in Our Sites, the ongoing program in which federal officials (acting under a controversial interpretation of current law) “seize” targeted sites by taking control over their Internet domain names, and cause those names to point to sternly-worded warning banners instead of pointing to the targeted site. Because these seizures impact whole sites (rather than just the offending pages or files), and because they occur before the defendant receives notice or an opportunity for an adversary hearing, they raise serious First Amendment concerns. In other words, although many sites have been seized in fact, it is far from clear that any of the sites are validly “subject to seizure” under a correct interpretation of current law. As I wrote in a recent working paper,

When a domain name seizure under the current process is effective, it removes all the content at the targeted domain name, potentially including a significant amount of protected expressive material, from public view—without any court hearing. In other words, these are ex parte seizures of web sites that may contain, especially in the context of music or film blogs where people share opinions about media and offer their own remixes, significant amounts of First Amendment protected expression.

The Supreme Court has held in the obscenity context that “[w]hile a single copy of a book or film may be seized and retained for evidentiary purposes based on a finding of probable cause, the publication may not be taken out of circulation completely until there has been a determination of obscenity after an adversary hearing.” The hearing is needed because the evidentiary burden for restraining speech is greater than the burden for obtaining a warrant: “[M]ere probable cause to believe a legal violation has transpired is not adequate to remove books or films from circulation.” In that case, the speech at issue was alleged to be obscene, and hence unprotected by the First Amendment, but the Court held that the unlawfulness of the speech needed to be confirmed through an adversary hearing, before the speech could be suppressed.

ICE does make some ex parte effort, before a seizure, to verify that the websites it targets are engaged in criminal IPR infringement: As the agency’s director testified, “[f]or each domain name seized, ICE investigators independently obtained counterfeit trademarked goods or pirated copyrighted material that was in turn verified by the rights holders as counterfeit.”

Domain seizures might be distinguished from these earlier cases because “it is only the property interest in a domain name that is being seized here, not the content of the web site itself or the servers that the content resides on.” But the gravamen of the Supreme Court’s concern in past cases has been the amount of expression suppressed by a seizure, rather than the sheer quantity of items seized.

The operators of one targeted site are currently challenging an In Our Sites seizure, on First Amendment and other grounds, in an appeal before the Second Circuit. (An amicus brief submitted by EFF, CDT and Public Knowledge makes for excellent background reading.) The district court ruling below apparently turned on the defendant’s ability to demonstrate financial harm (rather than on the First Amendment issues), so it is possible that the Court may not reach the First Amendment issue. But it is also possible that the Second Circuit may take a dim view of the constitutionality of the In Our Sites seizures — and by extension, a dim view of the Attorney General’s constitutional power to “subject [domestic web sites] to seizure.” In that event, the scope of this portion of SOPA may turn out to be much narrower than its authors intend.

avatar

Don't Regulate the Internet. No, Wait. Regulate the Internet.

When Congress considered net neutrality legislation in the form of the Internet Freedom Preservation Act of 2008 (H.R. 5353), representatives of corporate copyright owners weighed in to oppose government regulation of the Internet. They feared that such regulation might inhibit their private efforts to convince ISPs to help them enforce copyrights online through various forms of broadband traffic management (e.g., filtering and bandwidth shaping). “Our view,” the RIAA’s Mitch Bainwol testified at a Congressional hearing, “is that the marketplace is generally a better mechanism than regulation for addressing such complex issues as how to address online piracy, and we believe the marketplace should be given the chance to succeed.” And the marketplace presumably did succeed, at least from the RIAA’s point of view, when ISPs and corporate rights owners entered into a Memorandum of Understanding last summer to implement a standardized, six-strikes graduated response protocol for curbing domestic illegal P2P file sharing. Chalk one up for the market.

What, then, should we make of the RIAA’s full-throated support for the Senate’s pending PROTECT IP Act (S. 968) and its companion bill in the House, SOPA (H.R. 3261)? PROTECT IP and SOPA are bills that would regulate the technical workings of the Internet by requiring operators of domain name servers to block user access to “rogue websites”—defined in PROTECT IP as sites “dedicated to infringing activities”—by preventing the domain names for those sites from resolving to their corresponding IP addresses. In a recent RIAA press release on PROTECT IP, the RIAA’s Bainwol praised the draft legislation, asserting the need for—you guessed it—new government regulation of the Internet: “[C]urrent laws have not kept pace with criminal enterprises that set up rogue websites overseas to escape accountability.” So much, I guess, for giving the marketplace the chance to succeed.

As the Social Science Research Council’s groundbreaking 2011 report on global piracy concluded, the marketplace could succeed in addressing the problem of piracy beyond U.S. borders if corporate copyright owners were willing to address global disparities in the accessibility of legal digital goods. As the authors explain, “[t]he flood of legal media goods available in high-income countries over the past two decades has been a trickle in most parts of the world.” Looking at the statistics on piracy in the developing world from the consumption side rather than the production side, the SSRC authors assert that what developing markets want and need are “price and service innovations” that have already been rolled out in the developed world. Who is in a better position to deliver such innovations, through the global marketplace, than the owners of copyrights in digital entertainment and information goods? Why not give the marketplace another chance to succeed, particularly when the alternative presented is a radical policy intrusion into the fundamental operation of the Internet?

The RIAA’s political strategy in the war on piracy has been alternately to oppose and support government regulation of the Internet, depending on what’s expedient. I wonder if rights owners and the trade groups that represent them experience any sense of cognitive dissonance when they advocate against something at one moment and for it a little while later—to the same audience, on the same issue.