Judge Quashes Recording Industry Subpoena Seeking the Identities of Three Boston University “John Does”
By Jamie Wicks – Edited by Jon Choate

London-Sire Records, Inc. v. Does 1-4
D. Mass., No. 1:04-cv-12434
Court Order (hosted by Ray Beckerman)

On November 24th, Judge Nancy Gertner of the U.S. District Court for the District of Massachusetts rebuffed an attempt by major recording industry companies to force a university to reveal the identity of individuals who shared music through online peer-to-peer networks. Judge Gertner quashed a subpoena in London-Sire Records v. Does 1-4, a copyright infringement case in which the plaintiffs had served subpoenas on a number of internet service providers, largely colleges and universities, requiring them to divulge individual users’ identities based on their IP addresses.

Boston University wrote a letter to the court on September 23, 2008, stating that it could not positively identify three of the IP address users.  Judge Gertner treated the letter as a motion to quash the subpoena, and found that “the University has adequately demonstrated that it is not able to identify the alleged infringers with a reasonable degree of technical certainty.”  In quashing the subpoena, she expressed concern that “compliance with the subpoena . . . would expose innocent parties to intrusive discovery.”

The court’s order to quash the subpoena is available here.  Jacqui Cheng of Ars Technica provides background on the case. One Slashdot contributor notes that the order will provide a lesson to University IT departments served with similar subpoenas: if they are simply honest about the difficulty of identifying IP address users, the subpoenas may be quashed.  A P2PNet commenter suggests the order may “represent a death knell” to the music industry’s attempt to use universities as “copyright cops.”  A Chronicle of Higher Education writer wonders if the holding signifies that IP addresses might no longer be legally synonymous with personal identities.
(more…)

Alleged “Coupon Hacker” and Coupons, Inc. Settle DMCA Suit [UPDATED]

By Chris Kulawik — Edited by Jon Choate

Coupons, Inc. v. Stottlemire
N.D. Cal., No. CV 07-03457 HRL
Court Documents (hosted by Justia)

Last week, Coupons, Inc. (“Coupons”), settled its DMCA suit against John Stottlemire, who had defended himself pro se. The parties have not fully disclosed the details of the settlement, but Stottlemire indicates that the case was dismissed with prejudice. The agreement follows a year’s worth of litigation in the United States District Court for the Northern District of California.

Note:
Since the writing of this post, Coupons, claiming that Stottlemire breached material terms of the parties’ settlement agreement, has resumed litigation.  Stottlemire, in a motion filed with the court, claims that Coupons is mistaken in its belief that he has breached the confidentiality term of the settlement.

(more…)

District Court Halts Sales of Keylogger Software
By Jim Milkey – Edited by Nicola Carah
FTC v. CyberSpy Software, LLC, November 6, 2008, 6:08-cv-1872
Court Documents

[Correction: Originally, this post erroneously indicated Judge Presnell upheld the TRO described below in a November 17th hearing.  In actuality, the TRO was granted on November 6th, and a hearing on the matter occurred on November 24th. The preliminary injunction order resulting from the Nov. 24th hearing is detailed in our case update.]

On November 6th, Judge Gregory Presnell of the United States District Court for the Middle District of Florida granted the Federal Trade Commission’s request for a temporary restraining order prohibiting the sale of CyberSpy Software’s RemoteSpy keylogger software.

The order prohibits CyberSpy from marketing, selling, and providing support for its RemoteSpy software. RemoteSpy is designed to remotely monitor a host computer and record information such as keystrokes, visited websites, and opened documents.  According to the FTC’s press release, CyberSpy allegedly violated Section 5(a) of the FTC Act, 15 U.S.C. § 45(a), which prohibits unfair or deceptive trade practices.  Specifically, the FTC alleges that CyberSpy violated the Act by marketing and selling “software that could be: (1) deployed remotely by someone other than the owner or authorized user of a computer; (2) installed without the knowledge and consent of the owner or authorized user; and (3) used to surreptitiously collect and disclose personal information.” The complaint also alleges that CyberSpy unfairly disclosed the collected information to its clients. Both CyberSpy and its CEO, Tracer Spence, are listed as defendants in the complaint.

Both the complaint filed by the FTC and the TRO are available at the FTC website.

Ryan Singel of Wired notes that this case marks the first time that the FTC has targeted the amateur spyware market.  He speculates that the case will likely turn on evidence that CyberSpy marketed its product to be used in situations where the victim was unaware of potential monitoring. Joel Hruska of  Ars technica notes that “numerous tutorials and ‘how-to’s’ were included with RemoteSpy, including information on disguising the payload in order to maximize the chance of infection.”  The same article goes on to suggest that the FTC should have been more responsive in filing the complaint, since RemoteSpy has been available to consumers since August 2005.

Graham Cluley points out that keylogger software such as RemoteSpy can be used for a wide variety of purposes, from protective child monitoring to identity theft, and that the final outcome of the CyberSpy case could have serious implications for sellers of “legitimate” spyware.

(more…)

District Court Judge Rules Evidence of Suicide Admissible in Lori Drew MySpace Case
By Leocadie Welling – Edited by Nicola Carah
United States v. Drew, 08-CR-582
 
On November 14, 2008, Judge George Wu of the District Court for the Central District of California indicated at hearing that he would admit evidence of 13-year-old Megan Meier’s suicide at the upcoming trial of Lori Drew.  Judge Wu further indicated that although he was admitting the evidence, he would issue a jury instruction specifying that the case against Drew is not about Meier’s suicide and that Drew is not charged with causing the suicide.

Drew is charged with conspiracy and with three counts of violating the Computer Fraud and Abuse Act (“CFAA”), 18 U.S.C. § 1030, after creating a fake MySpace account, purporting to be a teenaged boy.  Drew, along with others, contacted Meier through MySpace, befriending the girl and eventually entering into a “relationship” online. Drew subsequently broke the relationship off and Meier committed suicide shortly thereafter.  On Monday, November 10, Judge Wu indicated in pretrial conference that he was inclined to exclude evidence of Meier’s suicide on the grounds of lack of relevance and potentially prejudicial effects on the jury.  On Friday November 14, after hearing counsels’ arguments, Judge Wu ruled that the evidence was admissible.  No order has yet been issued explaining Judge Wu’s reasoning.

The Citizen Media Law Project hosts court documents. For background on the case, The New York Times featured a summary of the events leading up to Meier’s death in November 2007 and the WSJ Law Blog has posted several items on the subsequent case.

The AP covers Judge Wu’s decision to admit evidence of Meier’s suicide, reporting that he said he was convinced many jurors would already be aware of the suicide from news reports or a recent Law & Order episode that contained similar facts.   

GW Law professor Orin Kerr, wrote in May in favor of granting Drew’s motion to dismiss the case.  He argues that the that the CFAA’s criminal prohibition against accessing a computer “without authorization” should not be interpreted as extending to instances of individual violations of a website’s Terms of Service. Professor Kerr has since joined Drew’s defense team. 

Concurring Opinions wrote a piece in May largely agreeing with Kerr’s conclusion but slightly diverging in its reasoning, and wrote recently arguing that the case should not be going to trial.  Simple Justice also covers the recent ruling to admit the evidence.  

(more…)

The Fed, Treasury Department Release Joint Final Rule Implementing UIGEA
By Linda Tieh – Edited by Dmitriy Tishyevich

Federal Reserve Board
Department of the Treasury 
Federal Register Notice

On November 12, 2008, the Department of Treasury and the Federal Reserve Board, in consultation with the Department of Justice, jointly published final rule 12 C.F.R. Part 233, implementing the Unlawful Internet Gambling Enforcement Act (“UIGEA”) of 2006.   The UIGEA prohibits gambling businesses from knowingly accepting payments in connection with unlawful Internet gambling, including payments made through credit cards, electronic transfers, and checks.  The final rule requires U.S. financial firms participating in certain payment systems to establish and implement written due diligence policies and procedures that are reasonably designed to prevent transactions in connection with unlawful Internet gambling.  The Treasury Department has said that “unlawful Internet gambling” generally covers making a bet that involves use of the Internet and is unlawful under applicable federal or state laws in the jurisdiction where the bet is initiated, received, or otherwise made.  The rule is effective as of January 19, 2009, and compliance by companies is required by December 1, 2009.

The Department of the Treasury has issued a press report on the final rule. 

Reuters suggests that Republican lawmakers, who controlled Congress in 2006, passed the UIGEA in hopes of having a rule issued before Bush leaves office in January, and notes that its passage cost Europe’s online gambling companies billions in lost market value as they had to withdraw from providing service to the U.S., one of their most lucrative markets. The Associated Press reports that the final regulation drew criticism from Democrats who believe financial services companies will be burdened. 

Poker News Daily likewise criticizes the regulations as “midnight rule-making” by the Bush Administration, arguing that the final rule leaves unclear which gaming activities are legal and which are not. The Poker Players Allinace (PPA), a poker grassroots advocacy group, agrees the rule failed to clarify the differences between legal and illegal gambling activities. 

(more…)