Consider two cases: In Colorado, clothing company Façonnable is attempting to sue an anonymous Wikipedia editor (or, possibly, more than one; the number is sort of up in the air) over some unflattering edits to the company's Wikipedia page. But first, Façonnable has to figure out who the editors are--thus, a subpoena to the ISP allegedly attached to the editors' IP address. The ISP, Skybeam, is fighting the subpoena; CMLP's full treatment of the case is here.
Meanwhile, a couple of weeks ago the Texas Supreme Court quashed a subpoena seeking the identities of some anonymous bloggers. Without getting too bogged down in the niceties of Texas civil procedure, the court said that to order this type of subpoena, a court has to rule either (1) there would be a failure of justice without it, or (2) the likely benefit of the discovery outweighs the harm. The plaintiff in the case hoped to get around that requirement by cutting a deal with the company in possession of the bloggers' identities (Google, through Blogger). Google's response to the subponea was mixed at best,1 but the bloggers objected and finally succeeded in getting the subpoena quashed.
Neither of these cases is, at this stage, formally an anti-SLAPP situation, but at the very least the Colorado case has a distinct whiff of SLAPP.2 What I'm interested in here is the way in which anti-SLAPP legislation can most effectively protect online anonymity, and what the different responses of Skybeam and Google in the two cases can tell us.
In a SLAPP suit against anonymous writers, revealing the writer's true identity is often the whole point; it doesn't do a lot of good to let now-revealed defendants use an anti-SLAPP statute. The time for a statute to come to the rescue is before the identity is revealed. So with that in mind, the question becomes: who's in the best position to fight a spurrious SLAPP subpoena seeking to reveal hidden identity, and how can we get them to fight?
Certainly, the anonymous writers themselves can push back by fighting the underlying lawsuit through what is hopefully a strong state anti-SLAPP statute. And California, for example, has clear statutory language to help SLAPP victims fight unmasking subpoenas. This is all to the good, but I think there's a case to be made that the company recieving the subpoena for identifying information (an ISP, or Google, or whoever) is in a better position to fight back.
Obviously, it can be tough for a SLAPPed anonymous defendant to find a lawyer in time, let alone a lawyer who knows the ins and outs of a state's anti-SLAPP statute/case law. Companies in businesses that attract identity-revealing subpoenas can be ready to fight (either through in-house attorneys or relationships with outside anti-SLAPP experts) when a subpoena comes. So if the primary goal of anti-SLAPP legislation is preventative, not punitive (which is hopefully an uncontroversial statement), a would-be SLAPP plaintiff who knows he will face well-funded corporate legal opposition is less likely to bring the suit in the first place.
So if the company is willing to pick a fight over the subpoena, like Skybeam is in Colorado, we end up in a good place. But if, instead, the company makes like Google (who filed an adamantly indifferent response to the Texas Supreme Court), we're not so lucky. Whatever the reason for Skybeam's resolve (principle, reputation, potential liability under its TOS), we clearly can't assume every company that gets a subpoena for a blogger's identifying information will share it. That means building into the anti-SLAPP system some incentives (or threats) to spur companies to action.
Step one is to allow non-party companies subpoenaed for identifying information to utilize an anti-SLAPP law (or something similar) that at least would reimburse the company's legal costs. But that only gets us so far: companies would still often decline to fight. After all, why take the time to fight with only an uncertain chance of slight reward? To get it right, we'll need some kind of penalty for a company who willingly hands over information--if a defendant (now unmasked) successfully employs an anti-SLAPP motion to strike/dismiss, the company who caved to the demand for the defendant's identity should be penalized. That possible liability should help with companies' standing to fight the subpoena in the first place, too.
There are probably other ways to get at a similar effect--a few paragraphs back I mentioned Skybeam's Terms of Service, and that could provide another avenue. Take a look at page 22 of Skybeam's memo on the topic: Façonnable has argued that since Skybeam's TOS allows information to be released when required by legal process, the subpoena should be enough to free the Wiki editors' identities. Skybeam points out a (what seems to me obvious) flaw in that logic: the TOS only allows release of information for legitimate requests, so if the whole fight is over the validity of the subpoena in the first place the TOS doesn't help. But again, that's relying on the ISP actually wanting to put up a fight. Who could blame them for saying, "Hey man. We got a subpoena. It's signed by a judge and everything. We had to turn your stuff over."? We could, instead of hoping that the ISP fights, make sure the incentives are right--some kind of beefed-up breach-of-contract claim would do the trick there. Or, if a company too readily turns over someone's private information, hit them with tort liability. (There are obvious, gigantic line-drawing problems here, but this post is already going to be long enough. I'll leave that part for you to ponder.)
I'm sure there's some sort of market-based case to be made here, too (something about "if people are willing to pay for privacy protection, companies will include it in their contracts, and something about an invisible hand") but I hesitate to put too many eggs in that basket. Local ISP monopolies can quickly throw that off, and even with real choice I doubt very many people would opt for a pricier private-protection service (until they get sued, and realize it's too late). So for effectiveness-based reasons, I'd suggest trying to enforce that contract term.
But there's still the bigger issue of why it's OK to drag the companies into this. After all, I believe in Section 230 as much as the next guy, and I'm not looking to open too vast a field of potential liability. But anonymous online speech matters, and we could use some deep-pocketed corporate defendants to fight the good fight. As I have said, a well-structured fee shifting system should help keep costs to the companies from spinning out of control; while that might not be a perfect solution, it's reasonable to require ISPs to chalk up any marginal expenses as a cost of doing business. If you're going to be in the business of profiting off of all the excellent things the internet does, you should expect to chip in a few bucks to defend some core principles.
This is a fine line to walk--motivate companies just enough to get them defending against SLAPP identifying subpoenas, without freaking them out so much that they decide anonymity isn't worth the trouble--but it's possible. There'll be tricky bits with any method we choose here: a company that honorably fights a subpoena and loses shouldn't be liable if the defendant later succeeds in getting the case tossed (which can easily happen, with different burdens at different stages of the lawsuit); we don't want to make it impossible for a legitimately defamed plaintiff to get relief; &cet. All of that can be sorted out by those far smarter than me. My point is simply this: we need serious online anonymity protection, and to get it we need to make sure we've got big money on defendants' side. The more we get service-providers to pick up the slack in fighting those subpoenas, the better off we'll be.
1Google's position throughout the lawsuit has been a bit murky, as a trip through the exhibits in the case demonstrates. Looking first at Exhibit B, we see Google saying that once it gets the subpoena, it will "produce documents in its possession, custody, or control, with identifying information, if any, related to the websites at issue." Not a promising start. But Google at the same time reserves the right to object to any requests, and contemplates the procedure should anyone (including the bloggers) challenge the subpoena. And in Exhibit D, we see that Google did in fact raise some objections to the subpoena--mostly that various requests were vague or overbroad. Those objections are pretty heavily qualified, though: always with the disclaimer that "subject to and without waiving" their objections, Google is ready to comply with the subpoena. The overall impression is of Google sitting back to see what was going to happen with the bloggers' quest to quash, at which point the Big G would wrestle a bit over exactly which identifying documents it would produce (not whether it should produce anything at all). For my purposes, the takeaway is: Google was willing to sit back and let the bloggers fight the subpoena, rather than getting involved in the challenge itself--and that's not surprising, given the current set of incentives.
2If you're curious, but not curious enough to wade through court filings: the beef in Façonnable v. John Does surrounds Wikipedia edits suggesting that Façonnable and its parent company, M1 Group, have ties to Hezbollah. That's heavy stuff; as it turns out, though, the head honcho of M1 Group is current Lebanese prime minister Najib Mikati, and as with anything involving Lebanese politics, Hezbollah is certainly part of the picture. I'm not trying to make any comments about Mr. Mikati personally (I'm sure he's an affable chap); I just mean to suggest that Façonnable's case isn't exactly a slam dunk (to say nothing of their Lanham Act claims, which [to this uneducated observer] seem like a major stretch)...
(Picture courtesy Flickr user Vermin Inc, under CC BY-NC-SA 2.0 license)
John Sharkey is a CMLP blogger fresh off his first year at Harvard Law School. Since his last post, the Twins have stayed feisty.