Just before Christmas 2011, a federal magistrate working under D.C. District Court issued a… curious ruling. The case is Hard Drive v. Does 1-1,495, another one of these mass-joinder copyright-infringement cases. I recommend hitting that link for the full story, but here's the basic sketch:
The plaintiff – named, ahem, "Hard Drive Productions" – tries to sue 1,495 IP addresses allegedly linked to some BitTorrent activity. So, Hard Drive successfully moves for some expedited discovery, subpoenas the ISPs linked to the IP addresses in order to find out who they should sue, the ISPs notify (at least some of) the subscribers linked to those IPs, and (at least some of) the subscribers anonymously move to quash the subpoenas and keep their identities secret. So far, so good – that's how you'd expect it to work.
Problem is, the D.C. District Court has a local rule disallowing anonymous filings. So, the judge comes up with a work-around: Put your names on your motions to quash, and we'll keep them under seal from the public and from Hard Drive (who gets copies of the motions with the identifying information redacted). Seems fair enough. The case gets passed to a magistrate for management.
Then, the magistrate decides… "never mind." He issues an order telling all of the defendants that they can either (a) file their motions publicly (thus, revealing their identities and defeating the purpose of the motions), or (b) withdraw their motions (meaning their identities will be revealed).
If that strikes you as a bit odd, you're not alone. There are indeed many troubling things happening in this case and this ruling, and I won't pretend to cover them all here. Today, I'm interested in one particular claim in the magistrate's order: "Individuals who subscribe to the [I]nternet through ISPs simply have no expectation of privacy in their subscriber information."
This claim didn't just materialize out of thin air—the magistrate was kind enough to cite a few cases. So, come with me, and see if you can spot the point at which the context of the cases shifts dramatically. (Hint: there be child pornography cases ahead.)
The Hard Drive Order
We begin at the beginning (or, depending on how your species percieves time, perhaps we begin at the end). To support the "no expectation of privacy" claim, the magistrate cites three cases: U.S. v. Christie, 624 F.3d 558 (3rd Cir. 2010); Guest v. Leis, 255 F.3d 325 (6th Cir. 2001); and the mouthful Achte/Neunte Boll Kino Beteiligungs Gmbh & Co. v. Does 1-4,577, 736 F. Supp. 2d 212 (D.D.C. 2010).
(For an added bit of fun, note this January 23, 2012 order from the same magistrate judge in a different mass-copyright case, West Coast Productions v. Does 1-1,434, which made the same reverse-a-previous-order-to-keep-identities-protected ruling, citing the same three cases as the Hard Drive order.)
Out of this set of three, Achte/Neunte clearly stands out: its name has the look and feel of one of these mass-defendant file sharing cases, and it's from the relevant jurisdiction. So, it seems like a good place to begin.
But First, Some Context
Before we get to Achte/Neunte, Leis, and Christie, it's worth pointing out one thing: the Hard Drive order isn't exactly a bolt from the blue. Indeed, there's a whole string of D.D.C. decisions, denying anonymous defendants' motions to quash in huge, colorfully-named copyright caes over the past couple of years. And each of them – West Coast Productiongs v. Does 1-5,829, Call of the Wild Movie v. Does 1-1,062, Donkeyball Movie v. Does 1-171, and Maverick Entertainment Group v. Does 1-4,350 – cites to and builds the ones that came before, all tracing back to Achte/Neunte. Some (like Maverick and Donkeyball) are terse, two-or-three-page orders; others, like Call of the Wild, ponder the issue a bit more. But they all endorse the same statement: ISP subscribers don't have any expectation of privacy in their information. That doesn't make the Hard Drive order any better or less befuddling, but it at least tells us that Achte/Neunte is very much a live piece of precedent.
Man, I love typing that. So, what is this thing? A six-page D.D.C. order in another mass-copyright case dealing with another anonymous attempt to quash subpoenas. And at the bottom of page 5, we get the context for our grail-statement: "[C]ourts have held that Internet subscribers do not have an expectation of privacy in their subscriber information as they already have conveyed such information to their Internet Service Providers."
In support, the Achte/Neunte order cites three cases: U.S. v. Hambrick, U.S. v. Kennedy, and Guest v. Leis, which as you'll recall is one of the three citations in the Hard Drive order. So, what are these cases?
- Guest v. Leis, 255 F.3d 325 (6th Cir. 2001): a lawsuit stemming from an online-obscenity bust, alleging Fourth Amendment violations. During the investigation that led to the bust, the government had gotten its hands on the suspects' ISP information.
- U.S. v. Hambrick, 2000 WL 1062039 (4th. Cir. Aug. 3, 2000): a child pornography, search-and-seizure case. Same ISP story.
- U.S. v. Kennedy, 81 F. Supp. 2d 1103 (D. Kan. 2000): a child pornography, search-and-seizure case. You get the idea.
- And while we're at it, remember U.S. v Christie, 624 F.3d 558 (3rd Cir. 2010), the third (along with Leis and Achte/Neunte) case cited in the Hard Drive order? A child pornography, search-and-seizure case, which cites a few more child-porn cases and one case about ecstasy manufacturing. Fits right in; had it come down a bit sooner (instead of on September 15, after Achte/Neunte was written), one suspects it would have joined the trio.
Ok. What's the deal, then?
We've certainly had to simplify this line of cases to get this whole journey down to blog-plausible size. There's plenty more to dig out. But even in this first glance at how the "no privacy in your subscriber info" idea got started, we can see something rather... dramatic: The Achte/Neunte order that more or less started the whole string of D.D.C. no-privacy cases was based on an unexamined analogy to a bunch of child-pornography-raid cases.
Laying out a full proposal for how, precisely, courts should handle anonymity in copyright infringement cases is a bit beyond my scope today. But importing a standard from Fourth Amendment child-porn-bust cases isn't just an extreme bit of analogizing: it fails to capture the full scope of the issues in play in these copyright cases, and it ends up ignoring very real First Amendment concerns.
Out of this whole line of cases, Call of the Wild comes closest to grappling with the First Amendment problem. But it slips up when it reduces the problem down to a simple, declaratory "The First Amendment does not protect copyright infringement." The relevant First Amendment concern, instead, is the right to use the Internet anonymously. The right question to ask is: What will we require a plaintiff to show before we use the courts to unmask Internet users?
Courts have recognized this problem for more than a decade. Back in 1999, the Northern District of California, in the pre-Dendrite case Columbia Ins. Co. v. seescandy.com, 185 F.R.D. 573, 578, had this to say:
People who have committed no wrong should be able to participate online without fear that someone who wishes to harass or embarrass them can file a frivolous lawsuit and thereby gain the power of the court's order to discover their identity.
Mindlessly importing a standard for child-porn search-and-seizure cases flattens the problem entirely, removing from view the very real concern with frivolous (or even extortionate) litigation. And these sue-5,000-people BitTorrent cases are a good example of why we need to be worried about a standard (or lack thereof) that lets a plaintiff stroll into court, unmask a few thousand Internet users, and see what happens. Among other problems, there are very real concerns with the tech used to monitor file-sharing networks. (Example: "Why My Printer Recieved a DMCA Takedown Notice.") To avoid these kinds of problems, you have to make plaintiffs make some sort of initial showing that their claim has some level of merit (that's the point of Dendrite and all of those other related tests we're familiar with in the defamation context). If rights-holders want to make the argument that their questionable list of a couple thousand IP addresses satisfies whatever standards we choose, they're free to do so. But cases like Hard Drive skip that step.
The argument that you give up your interest in online anonymity by subscribing to the Internet just can't be right (unless you, I dunno, start your own ISP). We have years of cases recognizing an interest in online anonymity. (Elliott Alderman mentions some of them here.) This line of D.C. cases tosses all of it in the bin with a pure Catch-22: give up your anonymity to protect your anonymity.
John Sharkey is a CMLP intern in his second year at Harvard Law School. Pitchers and catchers can't report soon enough.