June 2012

As reported by Law360 and several other  sources, on June 7, 2012, in Fortunato v. Chase Bank, a federal district court ruled that defendant Chase Bank could not use Facebook to serve a third-party defendant with the complaint that Chase had filed against her.

In Fortunato, plaintiff Lorri Fortunato sued Chase Bank, alleging that the defendant had unlawfully garnished her wages to pay a credit card debt that, according to the plaintiff, was actually incurred by her estranged daughter, Nicole (who the plaintiff alleged had lied on a credit card application in order to open an account in her mother’s name).  Chase sought to implead Nicole in the matter, but was having a difficult time physically locating her; indeed, as the court noted, Nicole apparently had a “history of providing fictional or out of date addresses[.]”

Chase hired a private investigator, who “searched . . . [Department of Motor Vehicles] records, voter registration records, . . . Department of Corrections records, publicly available wireless phone provider records, and social media websites” for a way to contact Nicole.  The private investigator’s search turned up four possible addresses for Nicole in four different towns, but the defendant remained unable to physically locate her at any of those locations.

The private investigator did, however, find what she believed to be Nicole’s Facebook profile, which listed a contact email address and a location in yet a fifth town.  In view of this discovery, and given that Chase’s “numerous attempts to effect personal service” and “diligen[t] . . . search for an alternate residence where Nicole might be served” had not succeeded, the bank suggested a novel alternative to the court:  serving Nicole with notice by sending her a message on Facebook.

Chase argued that service through Facebook would meet due process requirements because it was “reasonably calculated to apprise” Nicole of the claims against her (echoing the words of the U.S. Supreme Court in Mullane v. Central Hanover Bank & Trust Co.), and that it should therefore be an acceptable alternative means of service.  Although the court agreed as an initial matter that some form of alternative service would be appropriate, the court rejected Chase’s argument, ruling that service by Facebook would not be sufficiently “reasonably calculated to apprise” Nicole under the circumstances.  Noting that “anyone can make a Facebook profile using real, fake, or incomplete information,” the court found that “[Chase] ha[d] not set forth any facts that would give . . . a [sufficient] degree of certainty that the Facebook profile . . . [was] in fact maintained by Nicole[.]”  The court then ordered Chase to publish notifications in the local newspapers for all five towns that its private investigator had identified as possible residences for Nicole.

The Fortunato court prefaced its analysis by remarking that “[s]ervice by Facebook is unorthodox to say the least,” and that the court was “unaware of any other court that ha[d] authorized such service.”  But, as it turns out, at least a handful of courts—in the United States and abroad—appear to have done just that.  In May 2011, a local state court in Minnesota permitted service of a petition for divorce by Facebook (or, indeed, “[any] other social networking site”), finding that, compared to the “antiquated . . . and prohibitively expensive” traditional means of publishing notifications in local newspapers, service through social media would be both cheaper and more likely to actually reach the party at issue.  (And, although not a ruling on the issue, official form documents on the Utah State Court system’s website can be read to suggest the use of Facebook and Twitter as possible alternative means of service.)

Outside of the United States, several courts—including courts in New ZealandAustralia, Canada and the United Kingdom —have affirmed or even endorsed the use of Facebook and other social media sites as acceptable alternative means of serving counterparties with notice of the claims brought against them.

The Fortunato court’s approach does not necessarily contradict these examples, given that the Fortunato court did not categorically reject service by Facebook or other social networks.  Rather, the court concluded that service through Facebook would not be appropriate under the circumstances of the case at issue.  Which begs the question:  what might the right circumstances be?

As a general matter, the law still favors traditional personal service as its preferred and primary method—the often-depicted “you’ve been served” moment of physically handing a summons and complaint to a party to be served.  Statutes in U.S. jurisdictions also typically expressly authorize other traditional means of service, for example, delivery to a party’s residence or agent.  When these methods prove impractical, statutes typically authorize courts to allow some sort of appropriate alternative means of service.  But in a case like Fortunato, assuming that the complainant has demonstrated that alternative service should be permitted, what might need to be shown in order to demonstrate to the court’s satisfaction that service through social media would be appropriate?

The Fortunato court expressly identified a first major hurdle, which some have termed “authentication.”   In order to demonstrate a reasonable likelihood that the counterparty is actually going to receive notice, the complainant needs to be able to convince the court that the social media profile in question really does belong to the party to be served, and is not under the control of a different person with the same or a similar name (or even, perhaps, an impersonator).  This has some parallels to the issues raised when trying to use social media evidence in the context of a trial.

A second hurdle, somewhat less explicit in the Fortunato court’s ruling, is whether—even if the social media profile does belong to the party to be served—the profile’s owner regularly (or ever) logs in to or checks that profile.  Being able to demonstrate this fact could help support an argument that “the person to be served would be likely to receive the summons and complaint” through his or her social media profile, which, as the Fortunato court noted, was important in cases where service by email has been accepted.

Cases from various countries, coupled with some creative thinking, provide helpful guidance for how a party that wants to serve notice through social media could surmount the hurdles above.  For example, a party could try to demonstrate:

  • That the personal biographical details listed in the profile match the party to be served’s basic personal information (e.g., date of birth, educational history and/or work history);
  • That recent photos of the party to be served have been posted to the profile;
  • That the profile’s “friend” or contact list corresponds with the party to be served’s known real-world acquaintances;
  • That updates, posts and other interactions on the profile’s “wall” identify the user as the party to be served;
  • That the profile’s user has responded to recent friend requests, wall posts or private messages; and
  • That third-party testimony corroborates the assertion that the profile belongs to the party being served.

Depending on the applicable social media profile’s privacy settings, much of this information may be readily accessible to the general public.  (Yes, people do still leave their social media profiles wide open.)  Of course, practitioners should keep in mind ethical rules when using social media to obtain information.

In the long run, service through social media and other Internet-based means of communication could become a viable alternative to personal service, given that electronic service may have certain distinct advantages over the traditional means of alternative service used where no physical address is available (i.e., publication in local newspapers and posting of public notices).  First, as noted in the Minnesota case described above, electronic notice can be far quicker, cheaper and easier.  Second, as the Minnesota court also noted, notice may actually be more likely to reach the intended recipient if delivered through social media than if communicated through those more traditional means.  And third, some means of Internet communication enable senders to confirm electronically that their messages have been opened or received by the intended recipients.

Given the likelihood that attempted service through social media will be around for a while, we look forward to keeping you posted on future developments.

The Seventh Circuit held recently in Brownmark Films, LLC v. Comedy Partners that, under certain circumstances, a trial court may dismiss a copyright infringement case based on a fair use defense prior to discovery.

Over the years, the satiric Comedy Central cartoon program South Park and its creators have developed a reputation for biting social commentary. Past targets include World of Warcraft players, Occupy Wall Street, and the History Channel’s recent obsession with swamp creatures and World War II. In the show’s 12th season, in an episode entitled “Canada on Strike,” South Park took on the world of viral videos. The episode included a parody of a real-world viral video called “What What (In the Butt)” (“WWITB”) (Authors’ Note: possibly NSFW).  South Park’s version visually approximates the original, but plays on the naïveté of the starring nine-year-old South Park character, Butters, by using more childish elements; for example, by portraying Butters dressed up as a teddy bear and a daisy.

Brownmark, the copyright holder for the original WWITB video, filed suit for copyright infringement against South Park Digital Studios and others (“South Park Studios”). South Park Studios responded with a motion to dismiss based on an affirmative fair use defense.  Although Circuit Judge Cudahy noted that courts should generally refrain from dismissing cases based on affirmative defenses, he wrote that the reason for this reticence is that defenses typically turn on facts that emerge during discovery and trial.  In this case, though, the district court ruled that only two pieces of evidence were needed to decide the question of fair use: the original WWITB video and South Park Studios’ parody.

The district court granted South Park Studios’ motion and dismissed the case. The Seventh Circuit affirmed, noting that “[o]ne only needs to take a fleeting glance at the South Park episode” to determine that its use of the WWITB video is meant “to lampoon the recent craze in our society of watching video clips on the internet . . . of rather low artistic sophistication and quality.” Thus, fair use.

Other commentators support the decision, noting that the focus of the parody is not the specific viral video, but rather that the parody is a commentary on society’s consumption of such Internet videos generally. It is worth noting that such arguments have not always found favor in the courts. For example, in the well-known Cat Not in the Hat! case, a district court found—and the Ninth Circuit affirmed—that a book entitled The Cat Not in the Hat! A Parody by Dr. Juice was not shielded as fair use. The book “mimic[ked] the distinctive style” of a Dr. Seuss book, using repetitive, simple rhymes to tell the story of the O.J. Simpson double-murder trial. The general idea is that a use is not fair if, in the words of the U.S. Supreme Court in Campbell v. Acuff-Rose, the alleged infringer uses the original work solely “to get attention or to avoid the drudgery in working up something fresh.” In Brownmark, it seems, the Seventh Circuit viewed South Park’s parody as something more than mere drudgery avoidance.

Going forward, Brownmark changes little, if anything, with respect to the substance of the fair use analysis. But Brownmark does show that courts may—in at least some fair use cases and at least in the Seventh Circuit—grant a motion to dismiss prior to discovery. While Brownmark involved a seemingly easy fair use case in the defendants’ favor, it will be interesting to see whether future courts will grant motions to dismiss where the fair use analysis is less obvious. In any event, copyright infringement plaintiffs should be aware that the road to discovery where a defendant raises a fair use defense may not be quite as smooth as it used to be.

The Jumpstart Our Business Startups Act (JOBS Act) is resulting in significant changes to the way in which public and private offerings are conducted, presenting new funding opportunities and strategies for emerging growth companies. Please join Morrison & Foerster and Grant Thornton on Wednesday, July 18, in the New York City office of Morrison & Foerster as they address the many issues raised by the JOBS Act. The panel will discuss how the JOBS Act is being implemented by the SEC, issuers, investment banks and practitioners. Registration will begin at 8:30 a.m. EDT and the program will run from 9:00 a.m. to 10:00 a.m. EDT.

Topics will include:

  • The background and reach of the JOBS Act
  • Conducting emerging growth company IPOs today
  • Disclosure considerations for emerging growth companies
  • Crowdfunding and smaller public offerings after the JOBS Act
  • Accounting considerations under the JOBS Act
  • The impact on research analysts and research reports
  • Implications for removing restrictions on general solicitation and general advertising in Rule 506 offerings
  • Changes to registration thresholds for bank holding companies and other issuers

Speakers:

  • David Weild, Head of Capital Markets, Grant Thornton LLP
  • David Lynn, Partner, Morrison & Foerster LLP
  • Anna Pinedo, Partner, Morrison & Foerster LLP

Click here to register.

CLE credit is pending.

For more information:
Diane Kolanovic
dkolanovic@mofo.com
(212) 336-4402

We reported this past May in our Socially Aware blog about efforts of law enforcement authorities in the United Kingdom to adapt existing laws to police potential offenses committed via social media.  The UK government has just announced proposals that will make it easier to identify people who abuse social media.

The UK government’s somewhat surprising announcement came just after a recent case that highlighted the problem that some law enforcement authorities seem to be having in deciding when to get involved.  That case also illustrated that the social media industry could be quicker to self-police, were it not for the fear of legal action.  In part, the UK government’s move is a reaction to the need—from both the police and the social media industry—for a better legal framework in which to take action against social media abusers.

In the recent case, a woman who had been targeted by trolls with a campaign of online abuse won a UK High Court order requiring Facebook to reveal the names, emails and IP addresses of the individuals behind the abusive messages.  Interestingly, the court action began only after the woman’s local police force refused to take action and was undertaken with the apparent full support of Facebook.

The campaign of harassment against Nicola Brookes began when she posted a comment on Facebook in support of a contestant on the UK talent show “The X Factor”.  Immediately after Ms. Brookes had made the posting, she was subject to a campaign of harassment by anonymous Internet trolls who targeted her Facebook account, set up a fake Facebook profile in her name using her picture, and posted explicit comments that, among other things, branded her a pedophile.

Ms. Brookes quickly became frustrated by the lack of action from the Sussex Police and decided to take matters into her own hands by initiating a criminal suit against the anonymous trolls via private prosecution.  In order to do so, however, she needed to know who the perpetrators were.  To get that information, she applied to the High Court for a procedural order under UK law known as a Norwich Pharmacal Order—which the court quickly granted. 

A Norwich Pharmacal Order requires the person to whom it is directed (in this case, Facebook) to disclose particular documents or data.  Usually, Norwich Pharmacal Orders are targeted at individuals or companies who are somehow involved in wrongdoing, whether innocently or not, but are unlikely to be a party to a potential proceeding.  These types of orders are often used to identify the correct defendant in an action or to obtain information to bring a suitable claim.

Facebook is supportive of Ms. Brookes’ court order application.  Facebook reportedly shares information such as IP addresses and basic subscriber information when there is legal justification and an obligation to do so; however, given that it receives similar requests frequently, its policy is that all demands for information must be backed up by a court order.

Facebook will be required to release the information as soon as all of the procedural requirements (which include serving the court order on Facebook at its U.S. headquarters) have been complied with.  In a recent statement, the company noted:  “There is no place for harassment on Facebook, but unfortunately a small minority of malicious individuals exist online, just as they do offline.  We respect our legal obligations and work with law enforcement to ensure that such people are brought to justice.”

In a separate case, on June 11, 2012, a British court handed down a suspended jail sentence to an Internet troll who posted abusive tweets threatening a British member of parliament.

The cases of Ms. Brookes and Ms. Mensch are merely the latest in a series of UK cases involving lawsuits arising as a result of social media use. 

The UK government, as keen as any set of politicians to latch on to a populist bandwagon, reacted to this recent spate of cases.  As luck would have it, a draft Defamation Bill is already making its way through the UK legislative system—and rapidly. The government has announced an amendment that will require websites to identify people who have posted defamatory messages online and will give victims of Internet trolls a right to know who is behind malicious messages, without the need for costly legal battles.  The new laws will apparently offer a defense to defamation claims to any online provider that identifies the author of defamatory material when requested to do so.

It is far from clear, however, how the proposed legislation will work.  In theory, the power to compel disclosure will be balanced by measures to prevent false claims, but operators of websites and other social media platforms will also be concerned with not being placed in the position of having to make subjective judgments as to what meets the takedown or disclosure criteria.  There are further concerns that the legislation will find it hard to distinguish between abusers and genuine whistleblowers; and some futher doubt exists as to how the laws will apply to non-UK operated websites and online platforms.

In two recent decisions issued within a day of each other, two influential federal courts limited the scope of three important federal laws used to prosecute criminal conduct involving computers.  On April 10, 2012, the Ninth Circuit limited the scope of criminal liability for prosecutions under the Computer Fraud and Abuse Act, and on the following day the Second Circuit sharply limited the scope of the National Stolen Property Act and the Economic Espionage Act of 1996.  Together, these decisions indicate a reluctance to accept prosecutors’ expansive views of the reach of federal criminal laws with respect to computer usage, and the Ninth Circuit’s decision in particular may have far-reaching implications for the enforceability of website terms of service and employee policies in the civil context.

The Ninth Circuit’s decision was issued en banc in United States v. Nosal upholding the district court’s dismissal of David Nosal’s indictment for violations of the Computer Fraud and Abuse Act (“CFAA”).  Nosal had worked for an executive search firm and left to start a competing business.  He convinced several of his former colleagues to help him by accessing and then transferring to him source lists, names, and contact information from the firm’s confidential database.  The former colleagues were authorized to access the database, but the firm had a policy forbidding the disclosure of confidential information.  The government charged Nosal with violating 18 U.S.C. § 1030(a)(4) by aiding and abetting the former colleagues in “exceed[ing] authorized access” to the firm’s computers with intent to defraud the firm.

Nosal moved to dismiss the CFAA counts, arguing that the statute was meant to target hackers and not those who accessed a computer lawfully but then misused information obtained from such access.  The district court agreed, and the government appealed.  In a panel decision issued in 2011, the Ninth Circuit reversed the district court, holding that an employee “‘exceeds access’ under § 1030 when he or she violates the employer’s computer access restrictions — including use restrictions.”  The en banc court found otherwise, holding that “‘exceeds authorized access’ in the CFAA is limited to violations of restrictions on access to information, and not restrictions on its use.” (Emphasis in original.)  To hold otherwise, the court reasoned, would make federal crimes out of “minor dalliances” like playing games or shopping online, if such activities were prohibited by an employer’s computer-use policy.  The court observed:  “Employer-employee and company-consumer relationships are traditionally governed by tort and contract law,” and to interpret the CFAA to apply to use restrictions “allows private parties to manipulate their computer-use and personnel policies so as to turn these relationships into ones policed by the criminal law.”  This would implicate “[s]ignificant notice problems.”  Although the government argued that it would not prosecute minor violations of the law, the court found that “we shouldn’t have to live at the mercy of our local prosecutor.”

The Second Circuit’s decision in United States v. Aleynikov, issued on April 11, 2012, limits the reach of computer crime prosecutions under the National Stolen Property Act (“NSPA”) and the Economic Espionage Act of 1996 (“EEA”).  Sergei Aleynikov was convicted of violating both acts based on his theft and transfer of his company’s proprietary source code.  Aleynikov was a computer programmer at Goldman Sachs, where he developed source code for the company’s proprietary high-frequency trading (“HFT”) system.  Goldman’s policies bound Aleynikov to keep the firm’s proprietary information confidential and barred him from taking or using it when his employment ended.  Aleynikov accepted an offer from a new company that was looking to develop its own HFT system.  On his last day at Goldman, Aleynikov uploaded source code for Goldman’s HFT system to a server in Germany, which he then downloaded to his home computer for use at his new job. 

Aleynikov was sentenced to 97 months in prison.  He appealed, arguing that the district court should have dismissed his indictment for failure to state an offense.  The Second Circuit reversed his conviction on both counts, finding that his conduct did not constitute an offense under either statute.  (Aleynikov has also been charged with a criminal violation of the CFAA, but the district court had dismissed that charge on the ground that “authorized use of a computer in a manner that misappropriates information is not an offense” under the act.  This ruling predates the similar en banc Nosal decision discussed above, and the government did not appeal the ruling.)

The NSPA criminalizes transmittal of a stolen “good” in interstate or foreign commerce.  The Second Circuit held that source code is not a “good,” and therefore, “the theft and subsequent interstate transmission of purely intangible property is beyond the scope of the NSPA.”  The court “decline[d] to stretch or update statutory words of plain and ordinary meaning in order to better accommodate the digital age.”  Significantly, the court noted that a different conclusion might apply if the stolen source code had been removed from Goldman’s premises on a tangible item, like a CD or flash drive, instead of having been stolen through uploading to an off-premises server.

The EEA prohibits the unauthorized downloading, uploading, transmitting, or conveying of trade secrets related to or included in a product that is produced for or placed in interstate or foreign commerce, with the intent to convert the trade secret, while intending or knowing that the offense will injure the owner of the trade secret.  On this count, the Second Circuit held that Goldman’s HFT system was neither “produced for” nor “placed in” interstate commerce because Goldman had no intention of selling or licensing the system and, in fact, “went to great lengths to maintain the secrecy of its system.” 

Although neither the NSPA nor EEA provides for a private right of action, we think it is possible the rationales of these decisions could influence civil litigation involving misuse of an employer’s computer system, including, in particular, civil litigation under the CFAA based on violations of website terms of service or employee policies.  For examples of previous such cases, see, e.g., Am. Online, Inc. v. LCGM, Inc. and EF Cultural Travel BV v. Explorica, Inc. In most of these cases, it appears that the defendant was authorized to access the website or system in question, but misappropriated the data on those websites or systems.  In addition to limiting criminal exposure, the Ninth Circuit’s interpretation of “exceeds authorized access” in Nosal may be construed to undermine this basis for a civil suit.  Watch these pages for further reports on these issues.

As a result of her recent Socially Aware blog post What’s Not to Like, our contributor Debbie Rosenbaum has been interviewed by LXBN TV regarding Bland v. Roberts, the recent (and controversial) federal court decision holding that “liking” a Facebook page does not constitute protected speech under the First Amendment.  Click below to watch the interview.