VIEWPOINT: New Wave of Class Action Privacy Litigation Loses Some of Its Momentum
Lucy L. Thomson, Esquire, CIPP/G
The case involves a lawsuit alleging copyright infringement filed by the motion picture studios Columbia Pictures Industries against the owners of Torrentspy, a Web site that made file- sharing software available to users to download copies of movies and other materials. The complaint alleges that the Web site enables, encourages and profits from "massive online piracy of plaintiffs' copyrighted works through the operation of their Internet Web site." The Web site makes "dot-torrent" files available to users, software that facilitates downloading of files through peer-to-peer file-sharing.
- On appeal, the district court emphasized that the privacy interests of defendants' users "are, at best, limited," adding that to the extent the users are engaged in copyright infringement, the First Amendment affords them no protection whatsoever." That court further noted that "because users openly disclosed their IP addresses as part of the BitTorrent file transfer process, the Court is not persuaded â€¦ that the retention of the IP addresses of users who obtain dot-torrent files from defendant's website will "chill" their speech."
- The magistrate judge emphasized that plaintiffs did not request the names or other identifying information about Web site users. As a practical matter, the court issued a protective order to ensure that the information about users is anonymous (users'IP addresses were masked or encrypted); therefore the court concluded that users' privacy and First Amendment rights were not violated.
Similarly, the case presents complex and far-reaching issues for litigators and experts responsible for drafting technical contracts and agreements. At issue in the litigation was a technical interpretation of Rule 34(a) of the Federal Rules of Civil Procedure, which provides for the discovery of documents or electronically stored information - "including writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations stored in any medium from which information can be obtained." The court addressed several novel and complex issues and questions.
- Is the data "electronically stored information" within the meaning of Fed .R.Civ.P. 34(a)? In affirming the magistrate's decision, the district court held that with respect to obtaining data from RAM, "Rule 34 requires no greater degree of permanency from a medium than that which makes obtaining data possible."
- Does the decision change the requirements for data retention and disposition? Traditionally, courts have required entities in litigation to preserve potentially relevant information by not deleting or destroying it. In this decision, defendants were affirmatively required to take steps to capture and store transactions they did not previously retain or want for their business operations.
- Was the data in RAM within the "possession, custody or control" of defendants? Of particular significance to the court was the fact that the Web site owners entered into a contract with a third party to operate their Web server. The court found that because of this contractual relationship, the information in RAM is "within defendants' possession, custody or control by virtue of defendants' ability to manipulate at will how the data in issue is routed."
The Electronic Frontier Foundation (EFF) and the Center for Democracy & Technology filed an amicus brief in the appeal before the federal district court "to overturn a dangerous ruling that would require an Internet search engine to create and store logs of its user activities." EFF pointed out that the decision would undermine the right to read and speak anonymously online.
In a June 25, 2007 press release, EFF staff attorney Corynne McSherry issued a statement. "This unprecedented ruling has implications well beyond the file sharing," McSherry said. "Giving litigants the power to rewrite their opponent's privacy policies poses a risk to all Internet users." (Available at www.eff.org/ legal/cases/torrentspy/EFF_amicus.pdf.)
The EFF brief noted the far-reaching effect this decision could have on the technology operations of organizations: "This decision could reach every function carried out by a digital device. Every keystroke at a computer keyboard, for example, is temporarily held in RAM, even if it is immediately deleted and never saved. Similarly, digital telephone systems make recordings of every conversation, moment by moment, in RAM."
On appeal, the magistrate's decision was affirmed by the United States District Court for the Central District of California. Following these federal court decisions, Torrentspy changed its Web site and posted the following notice to users:
Torrentspy Acts to Protect Privacy
"Sorry, but because you are located in the USA you cannot use the search features of the Torrentspy.com website. Torrentspy's decision to stop accepting US visitors was NOT compelled by any Court but rather an uncertain legal climate in the US regarding user privacy and an apparent tension between US and European Union privacy laws."
(See www.torrentspy.com/US_ Privacy.asp.)
No doubt contrary positions to those decided in the Central District of California will be put forth in future cases in other federal courts. In light of these decisions, businesses should carefully document their business model with respect to the collection and use of data and information, and develop a data management and data retention plan. A longstanding tenet of discovery is that organizations from which discovery is sought are not required to create data that does not otherwise exist. Advance planning and coordination among privacy professionals, IT and document management experts, and legal counsel, are required to avoid adverse rulings while cases such as this one are being litigated. The case is Columbia Pictures Industries v. Bunnell, No. 06-cv-01093 FMC-JCx (C.D. Calif. August 24, 2007).
Lucy Thomson, CIPP/G, is a Senior Principal Engineer, Information Security, and Privacy Advocate at Computer Sciences Corporation (CSC), a global IT company, where she works on teams building information systems for large organizations. She was appointed Consumer Privacy Ombudsman by two federal courts to oversee the sale of sensitive electronic consumer records in bankruptcy cases. A career U.S. Department of Justice attorney from 1977-2001 and a former criminal prosecutor, she has extensive experience as both a litigator in complex federal civil and criminal cases and as an expert in new technology and electronic discovery. She earned an M.S. degree from Rensselaer Polytechnic Institute in 2001, and her J.D. degree from Georgetown University Law Center.