Compulsory Process in Cyberspace: Rethinking Privacy in the Social Networking Age

Article excerpt

INTRODUCTION  I. CRIMINAL INVESTIGATIONS AND CURRENT   PRIVACY LAW: ARE THE PROTECTIONS   OUTDATED?  II. CIVIL LAWSUITS AND THE BURGEONING   THREAT TO ANONYMOUS ONLINE SPEECH   A. The Dendrite/Cahill Construct   B. Cyber SLAPPs: Squelching Speech     Through Intimidation  III. POINT AND CLICK: HOW TERMS OF SERVICE CAN HELP SALVAGE USERS' REASONABLE EXPECTATIONS OF PRIVACY IN CYBERSPACE  CONCLUSION 

INTRODUCTION

When Malcolm Harris crossed the Brooklyn Bridge in October 2011--one among some 700 Occupy Wall Street protesters later charged with disorderly conduct for marching over the expanse-he undoubtedly did not imagine that the incident would place him squarely in the throes of a modern-day privacy battle. (1) Shortly after his arrest for the violation--"the lowest level offense in the New York State Penal Law" (2)--the San Francisco headquarters of Twitter informed the twenty-three-year-old writer that the Manhattan District Attorney's Office had issued a subpoena on the social network to appear "as a witness in a criminal action prosecuted by the People of the State of New York against: Malcolm Harris." (3) More specifically, the subpoena commanded the social network to produce "[a]ny and all user information, including email address, as well as any and all tweets posted for the period of 9/15/2011-12/31/2011 for the following twitter account: @destructuremal." (4) The subpoena demanding Harris's user information was not an isolated incident. According to a recent Twitter Transparency Report, the company received 679 government requests for user account information, typically in connection with criminal investigations, in just the first six months of 2012. (5) The company maintains that it has cooperated and produced "some or all information" in 75% of the requests. (6)

The demand for user account information is so great that Twitter has created "Guidelines for Law Enforcement," (7) which set forth its policy for turning over user information to the government or others. Twitter is not alone in developing such a policy: Other social networks, such as Facebook, (8) LinkedIn, (9) and Dropbox, (10) have similar guidelines.

Harris was not the only "occupier" to face such a subpoena. In Boston, Guido Fawkes "has become a representative of the legal limits of privacy on online social networks." (11) Authorities there used an administrative subpoena--one that requires "only an attorney general's approval"--to find information about Fawkes because he "reportedly posted a link to a website with personal information about Boston police officers, including where they live." (12) Peter Krupp, an attorney for Fawkes, observed that most users of Twitter and other social networks would "reasonably expect" their speech to be anonymous. (13) Perhaps more disturbing, in late December 2011, a Suffolk Superior Court judge "held a secret hearing over the objections of lawyers from the American Civil Liberties Union (ACLU) of Massachusetts, and then impounded all documents and motions filed in the case." (14) In response, Massachusetts ACLU executive director Carol Rose commented:

   Secret court proceedings, particularly proceedings    involving First Amendment issues, are troubling as a    matter of both law and democracy. In addition, the    manner in which the administrative subpoena in this    case was used, and its purported scope, is equally    troubling and, in our opinion, well beyond what the    Massachusetts statute allows. (15) 

Police likewise have been quick to subpoena Twitter for seemingly more urgent matters. In August 2012, New York City police officials obtained a subpoena in an attempt to reveal the identity of a user who threatened to attack a Broadway theater. (16) Authorities sought a court order after Twitter declined an emergency request by law enforcement. (17) The company reportedly reviewed the user account that concerned the police and concluded, "While we do invoke emergency-disclosure procedures when it appears that a threat is present, specific and immediate, this does not appear to fall under those strict parameters as per our policies. …