INTRODUCTION I. CRIMINAL INVESTIGATIONS AND CURRENT PRIVACY LAW: ARE THE PROTECTIONS OUTDATED? II. CIVIL LAWSUITS AND THE BURGEONING THREAT TO ANONYMOUS ONLINE SPEECH A. The Dendrite/Cahill Construct B. Cyber SLAPPs: Squelching Speech Through Intimidation III. POINT AND CLICK: HOW TERMS OF SERVICE CAN HELP SALVAGE USERS' REASONABLE EXPECTATIONS OF PRIVACY IN CYBERSPACE CONCLUSION INTRODUCTION
When Malcolm Harris crossed the Brooklyn Bridge in October 2011--one among some 700 Occupy Wall Street protesters later charged with disorderly conduct for marching over the expanse-he undoubtedly did not imagine that the incident would place him squarely in the throes of a modern-day privacy battle. (1) Shortly after his arrest for the violation--"the lowest level offense in the New York State Penal Law" (2)--the San Francisco headquarters of Twitter informed the twenty-three-year-old writer that the Manhattan District Attorney's Office had issued a subpoena on the social network to appear "as a witness in a criminal action prosecuted by the People of the State of New York against: Malcolm Harris." (3) More specifically, the subpoena commanded the social network to produce "[a]ny and all user information, including email address, as well as any and all tweets posted for the period of 9/15/2011-12/31/2011 for the following twitter account: @destructuremal." (4) The subpoena demanding Harris's user information was not an isolated incident. According to a recent Twitter Transparency Report, the company received 679 government requests for user account information, typically in connection with criminal investigations, in just the first six months of 2012. (5) The company maintains that it has cooperated and produced "some or all information" in 75% of the requests. (6)
The demand for user account information is so great that Twitter has created "Guidelines for Law Enforcement," (7) which set forth its policy for turning over user information to the government or others. Twitter is not alone in developing such a policy: Other social networks, such as Facebook, (8) LinkedIn, (9) and Dropbox, (10) have similar guidelines.
Harris was not the only "occupier" to face such a subpoena. In Boston, Guido Fawkes "has become a representative of the legal limits of privacy on online social networks." (11) Authorities there used an administrative subpoena--one that requires "only an attorney general's approval"--to find information about Fawkes because he "reportedly posted a link to a website with personal information about Boston police officers, including where they live." (12) Peter Krupp, an attorney for Fawkes, observed that most users of Twitter and other social networks would "reasonably expect" their speech to be anonymous. (13) Perhaps more disturbing, in late December 2011, a Suffolk Superior Court judge "held a secret hearing over the objections of lawyers from the American Civil Liberties Union (ACLU) of Massachusetts, and then impounded all documents and motions filed in the case." (14) In response, Massachusetts ACLU executive director Carol Rose commented:
Secret court proceedings, particularly proceedings involving First Amendment issues, are troubling as a matter of both law and democracy. In addition, the manner in which the administrative subpoena in this case was used, and its purported scope, is equally troubling and, in our opinion, well beyond what the Massachusetts statute allows. (15) Police likewise have been quick to subpoena Twitter for seemingly more urgent matters. In August 2012, New York City police officials obtained a subpoena in an attempt to reveal the identity of a user who threatened to attack a Broadway theater. (16) Authorities sought a court order after Twitter declined an emergency request by law enforcement. (17) The company reportedly reviewed the user account that concerned the police and concluded, "While we do invoke emergency-disclosure procedures when it appears that a threat is present, specific and immediate, this does not appear to fall under those strict parameters as per our policies." is The Manhattan District Attorney's Office subsequently obtained the subpoena, after which police spokesman Paul J. Brown commented, "We felt that a threat involving an identified location in the heart of the theater district merited immediate cooperation." (19)
Shortly thereafter, New York City Police Commissioner Raymond Kelly announced plans to reinforce the NYPD's cyber crackdown by expanding online investigative tactics, making clear that monitoring online activity is now a part of standard police operating procedure. (20) Officials added that "much of the potentially incriminating material they gather can be found on Facebook profiles that are public." (20) In Cincinnati, police have created a Real Time Crime Center, headed by Lieutenant Lisa Thomas, who notes, "You have guys who are bragging about their crimes online." (22) But not all of what the police are looking for is readily available online. Further, law enforcement is dealing with how to balance the proper handling of social media content against privacy concerns. Notably, police are grappling with the limits of the current law that determines what kinds of methods police can use to retrieve personal data. (23) This problem threatens to become even more exacerbated as the popularity of social networks continues to grow--for example, Facebook contends it "hit a milestone of 1 billion monthly users" in October 2012 (24)--even though less than half of all law enforcement agencies have a social media policy for police investigation. (25)
Not all subpoenas designed to extract user information in criminal matters originate from the prosecutorial side of the case. George Zimmerman, the neighborhood watchman charged in the shooting death of a teenager, is using a subpoena against Twitter and Facebook to find evidence suggesting that Trayvon Martin could in fact have been the aggressor on the night that he was killed. (26) Defense attorneys also hope to find out whether "negative rumors about Trayvon's social media comments that have circulated the Internet for months are proven true." (27) Zimmerman's lawyer defended the use of subpoenas, noting, "This is how you defend someone charged with second-degree murder, a charge that presumes ill will and hate." (28) As Nicole Black, co-author of Social Media for Lawyers: The Next Frontier, similarly observed, "Lawyers are experimenting with social media to make their client's case, with George Zimmerman's defense counsel being a prime example of this." (29)
Moreover, these demands for user information are not limited to criminal cases, as corporations and others now routinely seek to reveal user-identifying information for those who post negative information anonymously to social networks, blogs and consumer gripe sites. These so-called CyberSLAPPs (Strategic Lawsuit Against Public Participation) pose a very real threat to anonymous online speech. (30) In the CyberSLAPP context, the individual or organization who has been criticized has a "frivolous lawsuit" that enables them to issue subpoenas to the offending website or internet service provider (ISP). The suit thus enables them to find out who has made the comments and potentially to force them to delete their comments or otherwise "silence them." (31) In short, posters who thought their reviews were anonymous may find themselves as litigants in a CyberSLAPP case. (32)
All of these instances paint a grim picture for online privacy today. Equally troubling is the fact that the key law governing privacy in cyberspace in the United States, the Electronic Communications Privacy Act, (33) was passed more than a quarter century ago. Privacy advocates argue that this twenty-six-year-old law--which establishes the boundaries for how law enforcement can obtain electronic communications--is no longer suited to the task of regulating social media. (34) As Mark Rumold, an attorney for the Electronic Frontier Foundation, aptly phrased it, "[T]he law is arcane and confusing. And there is a significant debate on what governs what." (35)
This Article examines how the expectation of privacy in cyberspace will disintegrate if current laws are not updated to reflect changes in technology and curtail the use of subpoenas and other court orders to cull private data. Part I explores the efforts by law enforcement to troll social networking sites as a standard part of criminal investigation and how effective the current laws are in protecting citizens against unmerited intrusions into their online postings. Part II examines how private individuals and corporations are using subpoenas in an at tempt to unmask anonymous posters in an effort to retaliate against them in court or intimidate them into silence. Part III discusses how user agreements, or terms of service, by online providers might be used as a vehicle for safeguarding online posters by prescribing a set of core protections. Finally, the Article concludes by suggesting a framework for a comprehensive overhaul of the nation's outdated privacy laws.
CRIMINAL INVESTIGATIONS AND CURRENT PRIVACY LAW: ARE THE PROTECTIONS OUTDATED?
As the ACLU is fond of pointing out, "In 1986, there was no World Wide Web, nobody carried a cell phone, and the only 'social networking' two-year-old Mark Zuckerberg was doing was at pre-school or on play dates." (36) The year 1986 was not chosen at random. That year, Congress enacted the Electronic Communications Privacy Act (ECPA), the law that spells out protections for citizens communicating through electronic means, although those means have changed markedly in the quarter century since the measure was signed into law. (37) Moreover, although the ECPA was ostensibly designed to protect citizens against intrusions into their private transmissions, the ACLU warns that the law allows the government to go on a "shopping spree," collecting a "treasure trove" of information...