Articles Posted in Internet Law

The Stored Communications Act (“SCA”) establishes a criminal offense for whoever “intentionally accesses without authorization a facility through which an electronic communication service is provided” or “intentionally exceeds an authorization to access that facility,” and by doing so “obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system.” 18 U.S.C. § 2701(a). The SCA also creates a civil cause of action, in which the plaintiff may obtain damages plus reasonable attorneys’ fees and other costs. 18 U.S.C. § 2707(b).

Federal district courts around the country have reached inconsistent conclusions when grappling with the issue of whether a particular communication is in “electronic storage” at the time it is accessed. The SCA defines electronic storage as “(A) any temporary, intermediate storage of a wire or electronic communication incidental to the electronic transmission thereof; and (B) any storage of such communication by an electronic communication service for purposes of backup protection of such communication.” 18 U.S.C. § 2510(17). Some courts have interpreted subsection (A) as applying only to “unopened” communications, reasoning that the “temporary, intermediate” language contemplates the interception of a communication before it reaches its intended recipient. Others, like Hoofnagle v. Smyth-Wythe Airport Comm’n, No. 1:15CV00008 (W.D. Va. May 24, 2016), found no reason to draw a distinction between “opened” and “unopened” communications for purposes of evaluating SCA liability. Similar disagreement exists with respect to subsection (B), where courts reached different conclusions about the relevance of whether it is the Internet Service Provider or user for whose benefit a backup copy of an email is made. Earlier this month, the Fourth Circuit weighed in on both issues for the first time.

Continue reading

Most laws were written before people started texting naked pictures of each other on their phones. No one had heard of so-called revenge porn until around 2010, when the controversial website “Is Anyone Up?” launched, allowing users to upload sexually explicit images of former romantic partners. That site ceased operation just two years after it started, but revenge porn is now more widespread than ever. So widespread, in fact, that several states (Virginia included) have decided that existing laws against copyright infringement, intentional infliction of emotional distress, and bullying were not offering victims sufficient protection. In Virginia, revenge porn is now a crime, as well as a civil cause of action for which legal remedies are available.

Under Virginia Code § 8.01-40.4, victims can sue for compensatory damages, punitive damages, and attorney’s fees. Injunctive relief may also be available. But what kind of financial recovery can vicitms expect to receive? How does one measure the emotional harm suffered as a result of sexual cyberbullying? If you bring a lawsuit and win, will the rewards outweigh the uncomforable and expensive process of open-to-the-public litigation? These are difficult questions to answer because–at least here in Virginia–few (if any) civil actions have been tried to verdict under the new revenge porn statute. But looking to some other jurisdictions may provide a clue as to what kinds of damage awards you might expect here in Virginia.

Continue reading

Unauthorized access to another’s email account can give rise to a variety of claims. The Computer Fraud and Abuse Act (“CFAA”), for example, prohibits a wide variety of improper computer activity, including unauthorized access to another’s email account. Specifically, it makes it illegal to intentionally access a computer without authorization and to thereby obtain information which results in a loss worth at least $5000 over the course of a year. (See 18 U.S.C. § 1030(a)(2)(C)). In Virginia, the Computer Crimes Act prohibits “computer fraud,” which occurs when a person uses a computer without authority and thereby obtains property or services by false pretenses. It also makes it a crime to commit “computer invasion of privacy,” which occurs when a person, without permission, logs onto someone else’s computer and examines that person’s employment, salary, credit, or any other financial information.

To obtain relief under the Virginia Computer Crimes Act, a plaintiff must have suffered injury to person or property. (See Va. Code § 18.2-152.12). And as mentioned above, you need at least $5000 in damages to recover anything under the CFAA. But what if someone hacks into your email and reads your personal messages without actually causing any direct pecuniary loss or personal injury?

Continue reading

Suppose your employer asks you to create a Google account for the company. So you do. You set up everything yourself: Google Drive, Google+, Gmail–the works. You even set the password to your dog’s name. All of Google’s terms and conditions are accepted by you personally when creating the account. You proceed to use the account on behalf of the company, using Google Drive to store hundreds of company documents. Then you leave your job. Is the Google account yours? You created it, so are you free to make whatever use of the account you wish? Can you delete it?

Marcelo Cuellar thought so, but he was wrong. According to papers filed in Estes Forwarding Worldwide v. Cuellar in the Eastern District of Virginia, here are the facts. Cuellar joined Estes Forwarding Worldwide (“EFW”)–a transportation logistics company–in 2010. EFW has developed trade secrets relating to the best transportation solutions for various types of shipments, including information about type of freight, freight dimensions, routing decisions, vendor selection, and so on. It keeps this information in spreadsheets and other electronic documents.

Continue reading

The Stored Communications Act (“SCA”), found at 18 U.S.C. §§ 2701-2712, establishes both a criminal offense and a civil cause of action against anyone who “intentionally accesses without authorization a facility through which an electronic communication service is provided” or “intentionally exceeds an authorization to access that facility,” and by doing so “obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system.” Successful plaintiffs may obtain damages, equitable or declaratory relief, and reasonable attorney’s fees. (See 18 U.S.C. § 2707(b)). In the employment context, the SCA is often understood to place restrictions on those situations in which an employer can access its employees’ private email accounts (i.e., accounts maintained by third-party email service providers like Google, Microsoft, and Yahoo). A few weeks ago, the Western District of Virginia decided Hoofnagle v. Smyth-Wythe Airport Commission, in which it rejected various justifications offered by an employer for accessing a former employee’s private Yahoo! email account.

Charles H. Hoofnagle was a government employee who worked as the Operations Manager for Mountain Empire Airport in Rural Retreat, Virginia. He reported to the Smyth-Wythe Airport Commission and his duties included answering phone calls and responding to emails from the public and customers. The Commission, however, did not have in place an official policy regarding use of computers or email. The airport did not even provide employees with an email address, so Hoofnagle created a Yahoo! Mail address, charliemkj@yahoo.com, which he used for both personal and business purposes. (MKJ is the airport’s FAA idendifier code). It was this Yahoo! address that was held out to the public as an official contact for the airport and provided to nearly all vendors and customers.

Continue reading

Back in 2012, the Alexandria Circuit Court ruled in an Internet defamation case that discovery could be obtained from a nonresident third party by serving a subpoena on the company’s registered agent in Virginia. That decision was reversed last week by the Virginia Supreme Court in an unambiguous ruling that is going to force a lot of Virginia attorneys to make greater use of the Uniform Interstate Depositions and Discovery Act.

I had been following this case–Yelp, Inc. v. Hadeed Carpet Cleaning, Inc.–over the past few years with great interest, not because of the subpoena-power issue, but because the case involved some fascinating First Amendment issues and promised to offer some guidance on the correct application of Virginia’s “unmasking” statute, Section 8.01-407.1. For example, would an interactive computer service like Yelp have standing to object to complying with an enforceable subpoena by invoking the First Amendment rights of its users? Does a plaintiff need to produce evidence to meet 8.01-407.1’s “showing” requirement or can it make the required showing merely by by alleging a prima facie cause of action for defamation? In a case involving online negative reviews phrased as non-actionable statements of opinion but written anonymously by competitors hiding behind a pseudonym, how can a plaintiff demonstrate falsity (i.e., that the reviewer was not an actual customer) without an opportunity to use discovery to ascertain the poster’s true identity? The justices showed keen interest in questions like these at oral argument, but ultimately decided to save addressing them for another day.
Continue reading

The Racketeer Influenced and Corrupt Organizations Act (commonly known as “RICO“) became effective on October 15, 1970. It was originally intended primarily to assist in the prosecution of mafia leaders, as it permitted them to be tried for crimes they ordered others to do rather than committed themselves. Congress never intended to limit RICO to organized crime, however. G. Robert Blakey, the primary author of the statute, once told Time Magazine, “We don’t want one set of rules for people whose collars are blue or whose names end in vowels, and another set for those whose collars are white and have Ivy League diplomas.” The statute includes a civil provision, found at 18 USC § 1964(c), that has proven particularly popular in business litigation as it allows for the recovery of treble damages and attorneys fees.

RICO makes it unlawful for any person employed by or associated with any enterprise engaged in, or the activities of which affect, interstate or foreign commerce, to conduct or participate, directly or indirectly, in the conduct of such enterprise’s affairs through a pattern of racketeering activity or collection of unlawful debt. (See 18 USC § 1962(c)). Key concepts in civil RICO cases typically include whether a true “enterprise” exists, whether the defendant has engaged in “racketeering activity,” and, if so, whether such activity constitutes a “pattern.”
Continue reading

Virginia lacks an anti-SLAPP statute, but that doesn’t mean filing a frivolous lawsuit focused on eliminating criticism rather than enforcing actual legal rights can’t result in being ordered to reimburse the defendant’s legal fees. Some creative plaintiffs, finding themselves the subject of online criticism but not wanting to sue for defamation either because of an inability to satisfy the elements of the actionable libel or slander or because of other potential problems with bringing a defamation claim, have resorted to copyright law in pursuit of their goals. But as demonstrated by a recent decision of the Western District of Virginia, if the plaintiff has no valid copyright-infringement claim and/or takes unreasonable positions (either in making arguments to the court or in the process of settlement negotiations), the court has the authority not only to dismiss the case but to order the plaintiff to pay the defendant a reasonable amount of attorneys’ fees.

In Ergun M. Caner v. Jonathan Autry, the court found that “Plaintiff filed a copyright infringement suit to stifle criticism, not to protect any legitimate interest in his work” and ordered him to pay Mr. Autry $34,389.59 in attorneys’ fees and costs. The court described the facts of the case essentially as follows:
Continue reading

Small businesses often find themselves the target of defamatory online reviews left by anonymous reviewers. In most cases, a subpoena can be issued to the website owner or Internet Service Provider to reveal the poster’s identity (or at least the I.P. address from which the post was written). See, for example, Yelp v. Hadeed Carpet Cleaning, in which the Virginia Court of Appeals held that Yelp could be compelled to comply with such a subpoena. Any such subpoena, however, cannot subject the recipient to undue burden. As illustrated by the recent Maryland case of In re: Subpoena of Daniel Drasin, an overreaching subpoena that places an undue burden on the recipient will be quashed.

Advanced Career Technologies, Inc. (“ACT”) sued John Does 1-10 in a Colorado federal court based on allegedly defamatory comments posted anonymously on the “Random Convergence” blog. In an attempt to discover the identity of the John Does, ACT served a third party subpoena on the blog’s administrator, Daniel Drasin, commanding him to produce any hard drives, servers and any other devices he used to administer the blog, and data stored online via website or application. Drasin moved to quash the subpoena pursuant to Federal Rule of Civil Procedure 45(c)(3) asserting that it was unreasonable, imposed an undue burden and was not likely to lead to relevant evidence.
Continue reading

In yet another case involving alleged defamatory Yelp reviews, Hadeed Carpet Cleaning has filed a “John Doe” action in Alexandria Circuit Court, seeking to first learn the identities of the anonymous posters, then recover damages from them. Yelp is based in California but conducts substantial business in Virginia, so Hadeed served Yelp’s registered agent with a subpoena duces tecum seeking to identify the individuals who wrote the negative reviews. Yelp refused to comply.

Yelp objected to the subpoena on several grounds. It argued that serving a Virginia subpoena on its registered agent was insufficient to confer jurisdiction over a California company, that its advertising agreement with Hadeed required the parties to resolve their disputes in California, and that Hadeed did not meet constitutional requirements to compel Yelp to reveal the anonymous posters’ identities.

The court rejected these arguments, finding that Hadeed complied with Virginia Code § 8.01-407.1, which spells out what a party must do to discover the identities of anonymous posters on the Internet. The court found that service of a subpoena on the registered agent was sufficient to confer jurisdiction, but even if it wasn’t, Yelp would be subject to personal jurisdiction Yelp.jpganyway due to its substantial business activities in Virginia. The forum-selection clause in Yelp’s advertising agreement was inapplicable because the dispute did not arise under that contract.

Contact Us
Virginia: (703) 722-0588
Washington, D.C.: (202) 449-8555
Contact Information