You’re Not Just a Number (But is that a good thing?)

You’re Not Just a Number (But is that a good thing?)

It looks like P2P is not the only type of “file-sharing” going on at universities today. The plaintiffs in this case alleged that a number of unknown college students had used the internet service providers on campus to download or distribute copyrighted material using various peer-to-peer file-sharing networks. To determine the students’ identities, the plaintiffs requested permission under Fed. R. Civ. P. 45 to serve subpoenas on Yale University and the University of Connecticut to compel production of the unknown defendants’ true names, their current and permanent addresses and telephone numbers, their e-mail addresses, and their Media Access Control (“MAC”) addresses.

The court began by noting that expedited discovery of such information from a third party is appropriate only upon a showing of “good cause.” To establish good cause, the party seeking discovery must show the need for expedited discovery, in consideration of the administration of justice, outweighs any prejudice to the responding party. Such a showing generally requires a plaintiffs to demonstrate (1) irreperable injury would otherwise result, (2) some probability of success on the merits, (3) some connection between the expedited discovery and avoidance of the irreperable injury, and (4) the risk of injury that might result without expedited discovery looms larger than the risk of injury that might result if discovery were granted. See 589 F. Supp. at 152 (citing Semitool, Inc. v. Tokyo Electronic Am., Inc., 208 F.R.D. 273, 276 (N.D. Cal. 2002). Where the responding party is a college or university, however, the plaintiff must also demonstrate the responding party is authorized to respond to the proposed subpoena under the Family Educational Rigths and Privacy Act (“FERPA”). Id.

Citing the actions of other courts ruling on similar facts, the court concluded the plaintiffs had good cause for expedited discovery of limited, personally identifying information associated with the unknown defendants’ individual IP addresses. Id. As for the FERPA requirement, the court noted FERPA expressly authorizes disclosure of a student’s “directory information” when faced with a lawfully issued court order or subpoena. Such information, the court explained, includes a student’s name, address, telephone listing, e-mail address, and “other identifying information.” Furthermore, the court explained, a student’s MAC address is not part of the student’s educational records and its disclosure, therefore, is not restricted by FERPA. This meant the FERPA did not restrict the universities’ ability to provide the information that the plaintiffs requested in an expedited fashion.

In determining whether expedited discovery was appropriate, the court noted, first, that learning the true identities of the pseudonymous defendants was essential to the plaintiffs’ prosecution of their claims. Expedited discovery of such information, therefore, was necessary for the plaintiffs to avoid irreparable injury to what might otherwise prove to be succesful litigation. Finally, by restricting the expedited discovery to the defendants’ directory information and MAC addresses only, there was little, if any, chance of prejudice to the defendants in the case. The court, therefore, granted the plaintiffs leave to subpoena the universities for this information as it pertained to each of the unknown defendants.

Patrick J. Ryan is a third-year law student at Seton Hall University School of Law. He has focused much of his training and legal education on bankruptcy and state law insolvency proceedings.

Comments (16):

  1. The illegal downloading of copyrighted materials is a big issue right now. Regardless of my personal feelings on the subject, I don’t enjoy seeing the privacy of college students being eroded. I question whether the court would have allowed the Plaintiff in this case to access the identifying information of private Internet users. I know students in general enjoy less protection than private individuals. However, I’m still bothered by the fact that students, who often have no choice but to live in university housing and thus are forced to use the university’s Internet connection, can be subjected to more liability than Joe Shmoe sitting on his couch in his private residence.

  2. While the question of whether students enjoy less privacy than others is a valid one, the fact remains that an illegal act is taking place. So, does it matter that Joe Shmoe shoots an innocent bystander, or is it less of a crime if that bystander is shot on school grounds by a student? I think not. P2P file sharing has become, in my opinion, an uncontrollable behemoth not unlike the drug trade. Intermittent arrests will be made, but the beast lives on….

    • @Atlanta Private Investigator, I’m not following your point. Any person that shoots someone, regardless of where the shooting took place, or who the shooter is, will be prosecuted. The point, in my opinion, is that this case seems to create a double standard for two sets of people committing the same crime. The student who commits the crime on campus is likely subject to prosecution now that his identifying information is subject to disclosure. However, the individual who commits the same crime in a private residence is unlikely to be prosecuted because he still possess the ability to hide behind an anonymous IP address.

  3. I must say this ruling is entirely correct. When it comes to illegal activity such as what was allegedly going on in this case, I can think of no reason why anyone should be allowed to hide behind an IP address to get away with their crimes.

    • @MWS,

      First of all, copyright infringement, which is what Arista was claiming, is not a crime; it’s a civil action for damages. Otherwise it would be the government bringing a charge, not a record company filing a lawsuit. So please, let’s not demonize these people as criminals.

      Second, what’s lost in the wording of this decision is that the motion that Arista is making is essentially an ex parte motion. There’s no one on the other side of the aisle standing up for the “John Does” or the schools, and I’m sure that if there were, such lawyers would be able to raise more persuasive arguments against discovery than the judge in this case was apparently able to conceive.

      Since this is in effect an ex parte motion, I think that Arista should have to put forth much more convincing evidence that copyright infringement actually took place here for trying to obtain what can easily be deemed private information.

      • Sorry, the last sentence should read “Since this is in effect an ex parte motion, I think that Arista should have to put forth much more convincing evidence that copyright infringement actually took place here *before being able to obtain what can easily be deemed private information.”

        As an addendum, based on the written opinion, I am anything but certain that such evidence was presented to the judge.

  4. It is a scary prospect that my ISP can provide identifying information about me. Although a MAC address is nothing more than the computer’s equivalent to a car’s license plate, when it comes to computer and internet use, there is an expectation of privacy. I hold out no illusions that anything done in my car is private, but I do expect my ISP to keep my indtifying information and internet usage habits confidential. Whether my expectations are unreasonable, I dont know.

  5. @Evan

    My point was simply this: A crime is a crime no matter what the crime is, or where it took place.

    @Will Hilton
    File sharing of proprietary information, or information or products that are normally licensed for consideration is stealing, which is a crime.

    • @Atlanta Private Investigator, if this is a crime, then please find it for me in the U.S. Code. I’ve already looked at Section 5 of the Copyright Act, which defines criminal copyright infringement, and I don’t see how this case fits. And furthermore, if this were a crime, then where is the federal prosecutor? I certainly don’t see him. This is not “United States v. Does 1-4”; this is “Arista Records v. Does 1-4″.

      However you feel about copyright infringement, stick to the facts and circumstances at hand: this is a civil action for money damages brought by a record company. The federal government is not bringing a criminal charge. There is no criminal fine being threatened, and there’s no possibility of jail time for the defendants. No one is being charged with a crime, so calling the fictitious defendants criminals is categorically wrong.

      • Hit the “Submit Comment” button too early again: it should be Section 506 of the Copyright Act, not “Section 5 of the Copyright Act.” The link points to the correct section.

  6. You got a really useful blog I have been here reading for about an hour. I am a newbee and your success is very much an inspiration for me. If you got time, Please check out my blog Michgan Business Directory if you got time.

  7. Me and my friend were arguing about an issue similar to this! Now I know that I was right. lol! Thanks for the information you post. My blog

  8. I found your blog on google and read a few of your other posts. I just added you to my Google News Reader. Keep up the good work. Look forward to reading more from you in the future. Check out my site btw its really nice I am trying to get info all over the web about real estate leads

  9. Very nice information. Thanks for this.

  10. Can you provide more information on this?

  11. I have been requested to provide user info based on IP address. But when there are shared computers you don’t know who used the PC.

Leave a Reply

  • Find an eLesson

  • Register for Post Notifications

    Subscribe to receive updates whenever a new eLesson is published.

    Manage Subscriptions
  • Let Us Blog Your Event!

    eLessons Learned is fast becoming the site of choice for employers, employees, judges, lawyers, and journalists who are interested in learning more about these areas without being intimidated by the complexity of the topic. In fact, organizations and event coordinators often feature eLessons Learned as their official eDiscovery blog. Fill out our simple registration form to have eLessons Learned be the official blog of your organization or event.

    Register Now
  • Recent Praise

    The blog takes a clever approach to [e-discovery]. Each post discusses an e-discovery case that involves an e-discovery mishap, generally by a company employee. It discusses the conduct that constituted the mishap and then offers its ‘e-lesson’ — a suggestion on how to learn from the mistake and avoid it happening to you.

    Robert Ambrogi

    Legal Tech Blogger and creator of LawSites

    Although I may have missed some, yours is the first article that I have seen addressing Zubulake II. It is often the lost opinion amongst the others.

    Laura A. Zubulake

    Plaintiff, Zubulake v. UBS Warburg

    Click here to see more.