Alert February 01, 2009

Finding the “Anonymous Dogs” on the Internet: Court-Authorized Investigations of Anonymous Illegal Conduct

      IP 20090201
© The New Yorker Collection 1993 Peter Steiner from All Rights Reserved.

As the cartoon says, “On the Internet, nobody knows you’re a dog.”  The apparent anonymity of Internet users can be a source of significant frustration to businesses that are exposed to a wide variety of anonymous or disguised threats or actions. The very anonymous nature of such threats often makes them seem impossible to address. Yet, through court-authorized investigations of illegal conduct, it is possible to unmask the “bad dogs” on the Internet.

Such anonymous harms can and have run the gamut, including the following circumstances:

  • Posting insider information to a public message board
  • Theft of corporate trade secrets or source code
  • Unauthorized destruction of information
  • Unauthorized access to private email
  • Impersonating a corporate official
  • Posting of proprietary source code on “open source” databases
  • Unauthorized online use of trademarks or corporate identity
  • Defamatory statements online or by email
  • Unauthorized use of pirated software

Under these kinds of circumstances that can be deeply harmful and wrongful, aggrieved businesses and individuals cannot simply “let sleeping dogs lie.”  Rather, they must investigate the source of these activities. In these circumstances, businesses have increasingly used court-authorized discovery procedures to unmask these anonymous violators and thereby protect their legitimate interests. Despite the apparent anonymous nature of such activities, there are methods available to address the harmful circumstances described above.

Contrary to conventional wisdom, in fact, there usually is information available that can help to trace and identify the Internet’s anonymous actors. Internet protocol addresses – or IP addresses – can often be used like Caller ID to trace user activity. The computers that provide and facilitate Internet access often log and retain those IP addresses. And quite frequently, they also retain subscriber information that can enable investigators to tie those IP addresses to specific individuals.

So if the data is retained, why does the Internet seem so anonymous?  When the data is retained, it is usually in the hands of a third party, such as an Internet service provider (ISP). Those ISPs may have contractual privacy obligations to others, and thus may not be willing to share this data voluntarily. In such cases, by enlisting court-authorized discovery, legal counsel may help businesses trace malfeasance to its source.

To trace harmful activities to their sources, an aggrieved business should undertake five steps through its counsel: (i) file a valid complaint; (ii) request court-ordered discovery; (iii) notify the ISP of the court order; (iv) obtain information from the ISP; and (v) conduct any follow-up discovery requests as needed.

A pending lawsuit is typically the basis for obtaining court-authorized discovery. Thus, a preliminary step to receiving court authorization is to file a valid complaint in court. If a federal claim is made, such complaints may be filed in federal court. Since the identity of the defendant is unknown, the defendant is typically listed as “John Doe” or “Jane Doe.”  Indeed, such cases are sometimes known as “John Doe” lawsuits. (In cases where there appears to be multiple defendants, they are listed as, for instance, “John Does 1-150.”)

The victim would then request authorization for an appropriate court order or subpoena in order to obtain the information sought, and provide the basis for why such a court order or subpoena is necessary. Since the discovery is needed to identify the actual defendant to the litigation, it is usually reasonable to make this request.

  • Nevertheless, since no defendant has yet been named in a case, such requests are still unconventional and, in the absence of any critical adversary, can receive enhanced judicial scrutiny. Moreover, certain courts have expressed concern – particularly in cases alleging defamation – that court-ordered discovery to identify the speaker of controversial anonymous statements might have an unintended “chilling” effect on freedom of speech. Thus, in requesting court-ordered discovery, many courts will consider a number of factors. These factors vary from jurisdiction to jurisdiction, and from court to court, but they often include inquiries into whether the requestor:
  • Identified the actionable harm that the discovery will address
  • Identified the ISPs or other sources of the discovery as specifically as possible
  • Identified the information sought as specifically as possible
  • Requested only information that is necessary for identifying the defendant
  • Explored alternative means to obtain the requested information

When the ISPs or other sources of information are subject to specific legal regimes, they may insist that the court specifically tailor its approval of discovery to those legal protections. For example, many cable companies provide Internet services, and thus act as ISPs, and they often claim that their management of personal information is governed by the protections and obligations of federal cable laws. Thus, they sometimes insist on a particularized court order directed to those laws.

Those seeking court-ordered discovery must also attend to other practical concerns. For instance, many ISPs routinely write over their logs every 30, 60 or 90 days. Thus, it is often prudent to seek court-ordered discovery as quickly as possible. Additionally, under some circumstances, discovery from one ISP will lead the investigation not to the perpetrator, but to a second ISP, and additional discovery will be necessary from the second ISP. To the extent the requestor anticipates such “follow-on” discovery, he or she can seek authorization for discovery from the second ISP from the outset.

Because of the legal scrutiny and the practical issues, companies often use internal or public resources and information to supplement or focus court-authorized discovery. For example, where a computer hacker accesses a company’s computer system from a particular IP address, a company’s own logs might identify an employee who regularly accesses his email address from that same IP address. In that instance, it may not be necessary even to seek court-ordered discovery.

Typically, after an investigator works through these issues, an ISP may supply the requested information. As a result, the victim often is able to identify the apparent wrongdoer. Once the wrongdoers are identified, of course, the victim has a full range of options – for instance, it may choose to name the wrongdoer as a defendant in the lawsuit, or it may choose to contact them and resolve the matter privately.

By employing court-ordered discovery, businesses can make sure their rights are protected from harms perpetrated by anonymous actors. Experienced counsel can successfully and efficiently obtain court-ordered discovery to identify those who seek to act anonymously on the Internet and to make sure that “every dog has his day.”  By anticipating the legal issues and the practical challenges, court-ordered discovery can provide a quick and economical antidote to the anonymity that might otherwise shield those who cause so many Internet-oriented harms.