RSS FeedProtecting internet anonymity: the case for providing notice to anonymous defendants in defamation cases
An open issue in Canadian internet defamation law is whether courts should require that anonymous defendants be given notice of, and an opportunity to oppose, applications to compel the disclosure of their identities by third parties such as websites and internet service providers (“ISPs”). Because applications to compel disclosure are generally left unchallenged by third parties who would rather evade the costly cross-fire of litigation, courts have tended to review such applications ex parte. The concern in these cases is that anonymous defendants may be stripped of their anonymity – and thereby subjected to embarrassment, social stigma, or harm to their career prospects – all without an initial opportunity to anonymously submit a written response or retain counsel to oppose the application. This post discusses the status of a notice requirement in Canadian, American, and English law and evaluates the different approaches.
1. Canadian Law
Only one Canadian case has commented on the appropriateness of a notice requirement. In York University v. Bell Canada Enterprises, [2009] O.J. No. 3689 (S.C.J.) (“York University”) a plaintiff sought pre-action discovery by way of an equitable bill of discovery known as a Norwich Order. The Ontario Superior Court of Justice granted the Norwich Order, which required ISPs to disclose information necessary for the plaintiff to obtain the identity of the anonymous author of allegedly defamatory emails and web postings. Justice G.R. Strathy noted that it might be appropriate to impose a notice requirement, but declined to do so without providing reasons:
[I]t may be appropriate, in a given case, to require that the unknown publisher of the offending material be given notice of the proceedings. It does not appear to have been done as a matter of course in other Norwich order cases and I did not consider it necessary to do so in this case.
York University was discussed by other commentators in two excellent blog posts on Slaw: the first generally outlining the case, and the second commenting on specific points including the notice issue.
2. English law
The appropriateness of a notice requirement has received more attention in English law. In Totalise plc v The Motley Fool, [2001] E.M.L.R. 29 (H.C.), [2002] 1 W.L.R. 1233 (C.A.) (“Totalise”), the English Court of Appeal described the rationale for a notice requirement. In that case, Justice Owen of the English High Court first granted a Norwich Order that compelled a website operator to reveal the identifying information of an anonymous defendant that posted allegedly defamatory statements about the plaintiff. When the case was appealed on the issue of costs, Justice Aldous noted in obiter that it would have been desirable to require the third party to give the anonymous defendant notice of the application and then allow the anonymous defendant to make written submissions through the third party in order to better inform the court’s decision:
It is difficult to see how the court can carry out this task [i.e. whether to grant the requested order] if what it is refereeing is a contest between two parties, neither of whom is the person most concerned, the data subject; one of whom is the data subject’s prospective antagonist; and the other of whom knows the data subject’s identity, has undertaken to keep it confidential so far as the law permits, and would like to get out of the cross-fire as rapidly and as cheaply as possible. However the website operator can, where appropriate, tell the user what is going on and to offer to pass on in writing to the claimant and the court any worthwhile reason the user wants to put forward for not having his or her identity disclosed. Further, the court could require that to be done before making an order. Doing so will enable the court to do what is required of it with slightly more confidence that it is respecting the law laid down in more than one statute by Parliament and doing no injustice to a third party, in particular not violating his convention rights.
Although the obiter from Totalise is compelling, English courts have yet to impose a notice requirement. In the recent case of Sheffield Wednesday Football Club Ltd v. Hargreaves, [2007] EWHC 2375 (Q.B.) a justice of the English High Court dealt with a similar case and, after considering Totalise, concluded in the absence of reasons that
It did not seem to me that this was a case where I should require that the website users [i.e. the anonymous defendants] be contacted before making an order.
3. American law
American law, by contrast, strongly supports a notice requirement. In the leading case of Dendrite International, Inc. v. John Doe No. 3, 775 A.2d 756 (N.J. App. Div. 2001) (“Dendrite”), a New Jersey appellate court articulated a series of requirements for plaintiffs to meet before a court would order disclosure. The first of these requires that the plaintiff make efforts to notify the anonymous defendant that they are the subject of an application for an order to disclose their identities so that the defendants have a reasonable opportunity to respond:
We hold that when such an application is made, the trial court should first require the plaintiff to undertake efforts to notify the anonymous posters that they are the subject of a subpoena or application for an order of disclosure, and withhold action to afford the fictitiously-named defendants a reasonable opportunity to file and serve opposition to the application. These notification efforts should include posting a message of notification of the identity discovery request to the anonymous user on the ISP’s pertinent message board.
Several notable American cases have adopted the same or similar notice requirements post-Dendrite: Doe No. 1 v. Cahill, 884 A.2d 451 (Del. 2005); Mobilisa, Inc. v. Doe 1, 170 P.3d 712 (Ariz. Ct. App. 2007); Krinsky v. Doe 6, 72 Cal. Rptr. 3d 231 (Ct. App. 2008) (“Krinsky”); Solers, Inc. v. Doe, 977 A.2d 941 (D.C. 2009) and Swartz v. Does (“Swartz“) (Swartz, the most recent of these cases, was discussed in a previous post).
4. Analysis
Although both English and American jurisprudence supports a notice requirement, the approaches differ: while Totalise advocates imposing the requirement on third parties, Dendrite and subsequent American cases have consistently imposed the burden on plaintiffs. The problem with the later approach is that plaintiffs are generally in a relatively poor position to give reliable notice because, unlike third parties, they lack access to the defendant’s contact information. As a result, Dendrite and subsequent American cases have merely required plaintiffs to provide indirect notice by posting on the ISP’s pertinent message board, by posting on the same website or medium used by the anonymous defendant to publish the statements at issue, or, if the statements originated in an email, by sending notice to the anonymous defendant’s email address. The concern with these types of notice is their unreliability. There is no guarantee that a defendant will check these sources, or that the website or medium will still exist by the time the plaintiff commences action. And, in the case of email, a similar concern still exists due to the increasingly common use of disposable email accounts that defendants may abandon after sending allegedly defamatory statements.
Yet, imposing the burden of notice on plaintiffs may have some notable benefits. Unlike the approach advocated in Totalise wherein third parties would directly notify anonymous defendants, plaintiffs under the Dendrite approach generally have no choice but to provide indirect notice by posting in a publicly accessible forum. The public nature of a plaintiff’s notice will expose the matter to the oxygen of publicity and may affect the extent of the plaintiff’s reputational harm, depending on the context. In some cases, public scrutiny might result in further reputational harm if the public perceives the plaintiff to be unjustifiably attempting to silence the anonymous defendant. In other cases, however, public scrutiny might serve to alleviate the existing reputational harm by calling into question the veracity of the statements. Third parties might even be persuaded to mount a defence against a plaintiff’s application in cases where there is significant public support in favour of an anonymous defendant but they lack the resources to defend their anonymity.
Another option is to require both the plaintiff and the third party to provide notice. Although this approach would increase the reliability of notice and preserve the beneficial qualities of plaintiff-based notice, the approach seems redundant in the absence of evidence to suggest that the benefits of dual notification outweigh the costs. This is likely one of the reasons why the California appellate court in Krinsky rejected the notion of requiring a plaintiff to provide notice where a third party had already voluntarily done so:
When ISPs and message-board sponsors (such as Yahoo!) themselves notify the defendant that disclosure of his or her identity is sought, notification by the plaintiff should not be necessary.
In summary, a notification requirement imposes a relatively light burden on plaintiffs or third parties while providing defendants with the valuable opportunity to defend their anonymity and better inform the courts’ decision. Although a plaintiff-based approach may have some ancillary benefits, a third party approach provides more reliable notice and should be preferred because it best furthers the primary rationale underlying notice requirements.
Originally posted on Defamation Law Blog
Swartz v. Does: American and Canadian approaches to anonymity in internet defamation cases
A recent case illustrates that American jurisprudence is increasingly coalescing around a uniform approach to determine whether a plaintiff may compel the disclosure of an anonymous defendant’s identity in internet defamation cases. As discussed below, the Canadian experience has been different.
In Swartz v. Does (“Swartz”) (see: judgment) a Tennessee state court held that plaintiffs were entitled to discover the identity of an anonymous blogger that published allegedly defamatory statements about them. The case arose when the plaintiffs subpoenaed Google, the parent company of the blogging service used by the anonymous defendants (see: news article).
The decision is notable for Justice Brothers’ survey of the various standards previously applied by American courts and his ultimate application of the standard most protective of internet anonymity. This standard, established in Dendrite International, Inc. v. John Doe No. 3, 775 A.2d 756 (N.J. App. Div. 2001) (the “Dendrite Standard”) and commonly but perhaps misleadingly known as the “prima facie” standard, requires a plaintiff to meet several requirements. One of these requires the plaintiff to make a “substantial legal and factual showing” that the defamation claim has merit before a court will compel the disclosure of an anonymous defendant’s identity.
Justice Brothers considered this requirement of the Dendrite Standard and concluded that the plaintiffs had made a substantial legal and factual showing on each of the three elements of a defamation claim under Tennessee law. Interestingly, Justice Brothers proceeded to offer guidance for future litigants by providing a detailed description of how the plaintiffs met the requirement, which does not appear to be onerous:
Plaintiffs submitted and displayed several copies of the blog posts in question, and testified that the statements were publicly available for several months. Plaintiffs testified that the [allegedly defamatory allegations] are all false. Plaintiffs also testified that they experienced actual damages from the allegedly defamatory statements, including loss of business, harm to their reputations, emotional distress, and the costs of having to hire a security expert inspect their home [sic].
Swartz is yet another American case that has followed the increasingly prevalent Dendrite standard. Unfortunately, Canadian jurisprudence has yet to begin coalescing to the same extent. The scarce Canadian law on this issue, most of which comes from Ontario, indicates that plaintiffs have two ways to compel online service providers to reveal the identities of anonymous defendants:
- by seeking pre-action discovery by way of an equitable bill of discovery known as a Norwich Order; or
- by seeking pre-action discovery or production from the online service provider by bringing a motion under the applicable rules of civil procedure.
The requirements of each approach vary substantially. While the Norwich Order approach requires plaintiffs to establish only a bona fide case of defamation (see York University v. Bell Canada Enterprises, [2009] O.J. No. 3689 (S.C.J.) (see: previous post) and BMG Canada Inc. v. John Doe, [2004] 3 F.C.R. 241 (C.A.)), the alternate approach has generated different requirements depending on the rules of civil procedure under which the plaintiff brought their motion. In an early case, the court required the plaintiff to establish a prima facie case of defamation similar to that required under the Dendrite standard (Irwin Toy Ltd. v. Joe Doe, 2000] O.J. No. 3318 (S.C.J.)). Yet, in a more recent and controversial case, the court held that the plaintiff had no obligation to establish a prima facie or even bona fide case because the rules of civil procedure required disclosure to be automatic upon the issuance of a statement of claim (Warman v. Wilkins-Fournier, [2009] O.J. No. 1305 (S.C.J.)). Although these cases are distinguishable on the basis of differences in the applicable rules of civil procedure, more uniformity is needed to ensure that courts consistently strike an appropriate balance between privacy and reputational interests.
Also posted on Defamation Law Blog
Reputation Management Law is the Next Big Thing
Tony Wilson, of Boughton in Vancouver, wrote in this week’s issue of Lawyer’s Weekly,
Reputation matters… But it’s not just companies and trade-mark owners who have reputations to protect. We all do, and these days, much of our personal reputation is on the web for all the world to see.
Like many professionals, physicians in Canada operate by word-of-mouth referrals, largely based on the personal experiences of patients or other referring physicians. RateMDs has become an increasingly popular site for patients to share experiences about their physician.
It’s become enough of a concern to physicians that Sam Solomon provides some advice to MDs in this month’s edition of Parkhurst Exchange:
- Ask for the review to be taken down
- The Medical Justice approach of providing patients a contract allowing them to only post reviews on sites that confirm poster identity
- Sue
- Encourage patients to post positive reviews
- Use the criticism as an opportunity to improve practice
It’s unclear whether option 2) would hold up in court, and 1) is rarely effective, either due to confidentiality issues, site administrative policies, or simple refusal.
RateMDs was founded by the same people who made RateMyProfessors.com, RateMyTeachers.com, and the Ratingz.net network of rating sites that includes LawyerRatingz.com. It seems quite a few of my law professors are up there. A quick survey reveals that many Canadian attorneys have been rated, and most not favourably.
Assuming that the only people to ever review professionals are clients who have utilized their services is far too presumptuous. Competitors, business rivals, people with personal vendettas, and even opposing parties in lawsuits can pose as a client in an attempt to portray the person in a negative light.
It can and has happened. Solomon points to the case of Dr. Mohamed Foda of Leduc, Alberta, who forced RateMDs to provide information about a negative poster through the California Northern District Court in Foda et al v. RateMDs, Inc. On April 28, 2008, the Edmunton Sun covered the story,
An Edmonton urologist has launched a $12-million defamation lawsuit against two unidentified people for allegedly posting bogus poor ratings about him on the California Internet site RateMDs.com. In a March 31 statement of claim, Dr. Mohamed Foda alleges the postings were not made by actual patients of his, but by someone who has a “malicious” motive to harm his medical business, and states he will seek to identify the unknown defendants by searching for their computer identifying information. Foda claims the defamatory comments have caused irreparable harm to his reputation and medical practice and caused him emotional distress and anxiety.
The posts in question stated:
“This doctor prescribed me an antibiotic that causes birth defects after I clearly told him I was 4 months pregnant!! Apparently he made a ‘mistake.’” — Posted on RateMDs.com on October 1, 2007
“I found Dr Foda to ignore problems until drastic measures were required. Had to call numerous times to get an appointment. Felt that Dr Foda did not do required follow up in a timely manner. Did not inform patients of what he did in the OR [such as] remove tumours. Would have died if not for another [doctor].” — Posted on RateMDs.com on May 26, 2007
Administrator of RateMDs, John Swapceinski, says that the site gets letters from lawyers once a month. Not surprisingly, they do not comply with the requests. The site does serve an important public function for consumers of healthcare. But Swapceinski also said that Dr. Foda’s suit is the first time a lawyer has actually followed through and sued the site, and he indicated he would cooperate with a subpoena to release the information if one was provided.
In light of the Cohen v. Google and York University v. Bell Canada Enterprises cases I’ve covered previously, it’s probably no great surprise that the court did reveal the identity of the poster.
What is also unique about this case is that the person identified as the RateMDs poster was involved in different lawsuit on the other side of Dr. Foda in Foda v. Capital Health Region, [2007] A.J. No. 22; 2007 ABQB 19, where he was making a claim for breach of contract, conspiracy, harassment, defamation, and direct interference with economic relations.
The Court of Appeal ([2007] A.J. No. 668;2007 ABCA 207) upheld a motion to add a party to his statement of claim, but the defamation claim agains this party was struck for lack of evidence using the test in Botiuk v. Toronto Free Press Publications Ltd.,
62 …it is sufficient to observe that a publication which tends to lower a person in the estimation of right‑thinking members of society, or to expose a person to hatred, contempt or ridicule, is defamatory and will attract liability. See Cherneskey v. Armadale Publishers Ltd., [1979] 1 S.C.R. 1067, at p. 1079. What is defamatory may be determined from the ordinary meaning of the published words themselves or from the surrounding circumstances. In The Law of Defamation in Canada (2nd ed. 1994), R. E. Brown stated the following at p. 1‑15:
[A publication] may be defamatory in its plain and ordinary meaning or by virtue of extrinsic facts or circumstances, known to the listener or reader, which give it a defamatory meaning by way of innuendo different from that in which it ordinarily would be understood. In determining its meaning, the court may take into consideration all the circumstances of the case, including any reasonable implications the words may bear, the context in which the words are used, the audience to whom they were published and the manner in which they were presented.
But if the party Dr. Foda was seeking to add in the Alberta case – a Donna Canart, Surgical Clinic Coordinator at Leduc Community Hospital – is the same person identified in the California proceedings, this evidence may now be available. Canart allegedly filed a report against Dr. Foda according to the Capital Health Corporate Workplace Respect Policy, raising issues in the Alberta case of malicious prosecution. However, similar defamation claims in Alberta were made against co-defendant Linda Scott. The California case has only had two hearings to date, and Dr. Foda only spoke in general terms to Sam Solmon, so it is difficult to ascertain which specific party was behind the RateMDs posting.
Even when a claim is substantiated, it is possible for either party to turn malicious. The Foda case highlights that litigants in lawsuits can and will attempt to affect the reputation of the opposing party online, something I’ve predicted repeatedly. All types of litigation will invariably cross over into this specialized area of law.
Some of these rating sites allow the professors to respond to their students, even with video. Or, as they put it,
Your professors have been reading your comments on RateMyProfessors.com. Now it’s their turn…
I don’t see other professions going the same way, given the nature of client solicitation. So where do people turn for help?
Wilson concludes,
Just like there was no such thing as Internet law before the Internet or franchise law before there were franchises, a new and growing niche area is “reputation management law.” It straddles libel, slander and defamation law, freedom of speech, privacy law, copyright and trade-mark law, employment law and the rules governing Youtube, Facebook, Twitter and other social media. And like environmental law 25 years ago, it has nowhere to go but up…
Either way, it’s clear that online reputation management is the next big thing that everyone will have to deal with.
Everyone reading this is now searching their name on LawyerRatingz.com, or other sites like CanLaw. They’re probably wondering what they would do if they were deliberately maligned, and trying to figure out who is the best”reputation management lawyer” they know, if any.
And that’s assuming that you waited until the end of the article to do so.
Using a Norwich Order to Reveal Gmail Accounts
The Ontario Superior Court of Justice released its decision on an application in York University v. Bell Canada Enterprises this Friday. The case is based on an allegedly defamatory e-mail about the President of York University, Mamdouh Shoukri, saying he had “perpetrated an outrageous fraud.”
A group calling itself “York Faculty Concerned About the Future of York University” protested the appointment of Martin Singer of the new Faculty of Liberal Arts and Professional Studies, questioning his credentials and attaching a letter from other academics who did disclose their names.
But the University is more interested in the identity of the unsigned e-mail, presumably by York faculty, sent from a Gmail account, yfcfyu@gmail.com.
G.R. Strathy J. approved a Norwich order against Bell Canada Enterprises and Rogers Communications Inc. to disclose the identity of the account owners. A previous order had been approved against Google back in May, which identified the two ISPs as the holders of the information.
A Norwich order is a pre-action discovery mechanism that is described by Spence J. in Isofoton S.A. v. The Toronto-Dominion Bank,
Requests for Norwich relief are largely unfamiliar to Canadian courts. A Norwich order essentially compels a third party to provide the applicant with information where the applicant believes it has been wronged and needs the third party’s assistance to determine the circumstances of the wrongdoing and allow the applicant to pursue its legal remedies.
The 5 elements identified in this case for granting such an order include:
(i) Whether the applicant has provided evidence sufficient to raise a valid, bona fide or reasonable claim;
(ii) Whether the applicant has established a relationship with the third party from whom the information is sought such that it establishes that the third party is somehow involved in the acts complained of;
(iii) Whether the third party is the only practicable source of the information available;
(iv) Whether the third party can be indemnified for costs to which the third party may be exposed because of the disclosure, some [authorities] refer to the associated expenses of complying with the orders, while others speak of damages; and
(v) Whether the interests of justice favour the obtaining of disclosure.
[emphasis added]
The privacy interests of the alleged wrongdoer were overcome by the last element, the interests of justice, because of the applicant’s equitable right to information. Spence J. pointed to Alberta v. Leahy and Bankers Trust Orders (from Bankers Trust Co. v. Shapira) indicating that court orders can override confidential information, even for financial records, and Glaxo-Wellcome PLC v. M.N.R. that the privacy interests of alleged wrongdoers is somewhat diminished.
What is troubling about the latter citation is that the rationale used by the Federal Court of Appeal was that the information could not be considered especially sensitive since it had passed through several hands. Although the York case does demonstrate that multiple parties may be involved in identifying a defendant, many privacy watchdogs would be concerned that IP information loses its privacy value simply because it is shared.
However, Spence J. did point to other reasons why the privacy expectation may be overridden, because the information is limited by terms of the order for specific purposes and the use of this information is not absolute. Additionally, a strong case of fraud removes the possibility of a frivolous or vexatious application of the order.
G.R. Strathy J. also discussed the necessity of granting the order for York by citing GEA Group AG v. Ventra Group Co,
…there is no suggestion in the established jurisprudence that [necessity] is a stand-alone requirement for the granting of a Norwich order…
In my opinion, the precise placement of the necessity requirement in the inventory of factors to be considered on a Norwich application is of little moment. The important point is that a Norwich order is an equitable, discretionary and flexible remedy. It is also an intrusive and extraordinary remedy that must be exercised with caution. It is therefore incumbent on the applicant for a Norwich order to demonstrate that the discovery sought is required to permit a prospective action to proceed, although the firm commitment to commence proceedings is not itself a condition precedent to this form of equitable relief.
…The crucial point is that the necessity for a Norwich order must be established on the facts of the given case to justify the invocation of what is intended to be an exceptional, though flexible, equitable remedy.
G.R. Strathy J. then pointed to a number of other ways that this information could be obtained without the Norwich order, including the pre-action disclosure in the now-infamous Cohen v. Google Inc. Although both ISPs had privacy policies for the customers, these could be overridden by s. 7(3)(c) of PIPEDA to comply with a court of law.
Given the recently ruling, and assuming it’s not overturned in the future, it’s likely were going to see more Norwich orders used for the purposes of identifying Internet activity.
