Illinois Federal Court Limits Discovery of IP Address Identification Information from ISPs in John Doe Actions: Highlights Continuing Challenge of Identifying Anonymous Posters Of Trade Secrets and Other Intellectual Property On Internet

By Robert Milliganand Jeffrey Oh

As highlighted in our recent webinar, The New Risk: Employee Theft Of Trade Secrets And Confidential Information In The Name Of Protected Whistleblowing, companies continue to struggle with anonymous whistleblowers in the Internet and social media age, including anonymous individuals who post trade secrets and other intellectual property on the Internet. Courts are often relunctant to require internet service providers ("ISPs") to disclose account holder information pursuant to a plaintiff’s third party subpoena in a John Doe action against the alleged infringer/misappropriator without a strong showing on the merits by the plaintiff.

In a recent federal case from Illinois, Pacific Century International, Ltd. v. John Does 1-37, No. 12 C 1057, Chief Judge James F. Holderman of the U.S. District Court for the Northern District of Illinois granted in part and denied in part plaintiff’s motion to compel ISPs’ compliance with previously issued subpoenas.

Over the past decade, US courts have seen a marked rise in copyright lawsuits as media companies scramble to protect their intellectual property from digital infringement. Within this landscape, no industry has been more litigious than that of adult entertainment and pornography. To date, over 118 suits have been filed on behalf of producers of pornographic movies with over 15,000 defendants being named in just the last year and a half. Given the anonymity accorded to Internet users, copyright holders are often only able to identify alleged infringers by their IP addresses, requiring them to file against anonymous John Does. During the ensuing discovery, the plaintiffs in these suits often seek subpoenas from ISPs demanding information on the individuals associated with anonymous IP addresses. However, despite their frequency the validity of these subpoenas is often challenged by ISPs.

In Pacific Century International, Ltd., the court held that the subpoenas for information linked to IP addresses specifically named in the suit with direct evidence of infringement should be enforced, but that subpoenas seeking information related to non-party IP addresses should not. The ruling encompasses six cases, which were consolidated due to their similarities, stemming from four separate cases filed in varying Districts over the infringement of copyrighted pornographic videos shared online using the BitTorrent peer-to-peer (“P2P”) file-sharing protocol.

In its analysis, the court outlined what it sees as the typical holding pattern for suits of this nature: (1) the plaintiffs sue large numbers of Doe defendants in a single suit; (2) they obtain through subpoena the identities linked to IP addresses; (3) they threaten the identified parties with legal action, often leveraging them into settlement due to the stigma associated with pornography. Once a subpoena is issued, ISPs are required to inform Doe defendants of the case prior to divulging their information in order to give them the opportunity to dispute the claim. The court noted two arguments used by previous Doe defendants that would compel the court to quash the subpoenas. First, if the Doe defendant does not reside in “the judicial district in which the action was brought” then they may argue that they are not subject to the personal jurisdiction of the court. Second, “the Doe defendants [can] contend that joinder of the defendants is improper under Federal Rule of Civil Procedure 20(a)(2).”

To skirt this judicial hurdle, the plaintiffs in three of the four underlying cases named a single defendant connected to an IP address located in the district where each respective suit was filed, but were seeking through discovery the identities of individuals linked to non-party IP addresses, or those that were not joined as defendants. The ISPs argued, and the courts agreed, that “the identity [sic] of individuals connected with non-party IP addresses is not relevant to the pending claims.” Allowing the plaintiffs to justify the subpoena based on the identities’ associated with non-party IP addresses relevance to “claims against future defendants who have not yet been sued” was not something the court was willing to accept. The plaintiffs’ claim of civil conspiracy was also rejected in all of these cases due to the anonymous nature of the BitTorrent protocol in which users are blind to the identities of fellow users “and have no connection to them beyond the mere fact that they downloaded the same file.” The court also struck down the civil conspiracy claim based on the plaintiffs’ failure to plead “the existence of an agreement among the alleged conspirators.” Based on this reasoning, the court denied the motion to compel the ISPs to comply with the five subpoenas where the identities of non-party ISPs were sought, quashing all five completely.

In the last of the four underlying cases, the plaintiffs named 37 specific defendants with IP addresses located within the jurisdiction of the U.S. District Court for the Southern District of Texas in which plaintiffs brought suit. The corresponding subpoena sought the identity of a single Doe defendant. In evaluating the motion to compel for this case, the court found that the subpoena would be a minimal burden on the ISP and was therefore not subject to rejection based on the court’s obligation to protect non-party witnesses from “undue burden.” Fed. R. Civ. P. 45(c)(3)(A)(iv). Similarly, questions of relevancy and personal jurisdiction were set aside given that the IP address in question was already a named defendant who resides within the district’s jurisdiction. Although the joinder issue of whether the plaintiffs are justified in bringing the suit against these multiple defendants remains, the court reasoned that it was not relevant to the motion to compel the ISPs to comply with the subpoena. The court noted that ISPs have an obligation to notify their customers of the subpoena in order to give them an opportunity to object, which is when it argued that the joinder issue could be settled. For these reasons, the court granted plaintiffs’ motion to compel for this case.

Litigating against a group of anonymous individuals can be extremely challenging. While the courts appear to be willing to support subpoenas aimed at bringing pirates hiding behind the cloak of anonymity to justice, they will only do so within the strict constructs of the law. Rather than allowing the wholesale indictment of thousands of alleged infringers in a single suit, many courts have begun demanding a higher standard of proof requiring copyright holders and other intellectual property holders to point to the specific individuals they are accusing of infringement or misappropriation. Moreover, using the process of discovery to unearth information on Internet users potentially subject to future claims is not a practice most judges will tolerate. In order to successfully bring suit against Internet users who have allegedly infringed on protected material, complaints must be carefully tailored to meet the requirements of relevancy, personal jurisdiction, and permissive joinder. Additionally, although the temptation to overreach in these suits can be great, it is imperative that a suit of this nature is not so broad in scope that it could be seen as an undue burden on non-parties, including ISPs. Actively protecting against infringement and misappropriation is critical for any owner of intellectual property, yet a large part of this proactive approach may require a great deal of patience in navigating the legal landscape.