Original URL: http://www.theregister.co.uk/2007/06/24/autoadmit_libel_case/

Defamation lawsuit seeks to unmask anonymous cowards

Server logs? what server logs?

By Kevin Fayle

Posted in Law, 24th June 2007 08:02 GMT

They should've known better than to flame law students.

Two female law students at Yale University have filed a lawsuit in a federal district court in Connecticut against an operator and several anonymous users of AutoAdmit.com - "the most prestigious college discussion board in the world," according to its own billing. The plaintiffs in the suit allege that some less-than-prestigious lewd comments and sexual threats directed at them by the anonymous users caused them psychological and economic injury, including the loss of a summer job.

Autoadmit.com allows users to post anonymously, and does not retain IP addresses for its users. It does require a valid email address in order to register, however. The operators of the site, citing First Amendment principles, usually refuse to modify or delete offensive threads.

This policy of not deleting threads regardless of their content has give rise to a good deal of controversy concerning racist and sexist postings to the site prior to the lawsuit, including a write-up in the Washington Post.

The plaintiffs - who, ironically enough, have sued anonymously - allege that the offensive posts directed at them began soon after one of the plaintiffs, labelled "Doe I" received her acceptance to Yale Law School.

Shortly thereafter, she received word that someone claiming to be a classmate of hers at Stanford undergrad had begun a thread warning Yale Law about a "Stupid Bitch" about to enter with the class of 2008. The comments quickly went downhill from there, with some posters expressing intent to force themselves on her sexually, and others alleging that she suffered from sexually transmitted diseases.

The posts continued down this path, eventually claiming that the plaintiff was having an affair with the Dean of Admissions at Yale Law School, had bribed her way into the school, and had sexually assaulted her co-plaintiff in this case.

That other plaintiff, known throughout the complaint as "Doe II," allegedly suffered financial and emotional damage as a result of sexually explicit descriptions of her anatomy and sexual activities, and a few suggestions by users of their intent to rape her.

The plaintiffs claim that the comments on the website caused emotional distress and insomnia and interfered with their studies. In addition, Doe I claims that the postings on the site caused her to miss out on summer jobs with law firms, since several of the postings appear in the top results for a Google search for her name, and she suggests that the firms saw these results and passed her over for the positions.

The two Does reportedly requested that the AutoAdmit operators remove the threads and posts, but those requests were apparently denied. The plaintiffs included one of the operators, Anthony Ciolli, in the suit because of his refusal to remove the posts despite the site's supposed "anti-outing" policy that threatens to delete any postings that contain personally identifiable information. The plaintiffs do not allege that Ciolli was personally involved in writing any of the offending threads, though.

Pinning any liability on Ciolli represents a challenge for the plaintiffs, since he most likely enjoys protection under Section 230 of the Communications Decency Act. This law immunizes operators of websites from lawsuits based on a site's publication of content produced by a third-party, but allows for a lawsuit where the site operator has personally created content.

A recent 9th Circuit ruling, however, has called that immunity into question by holding that a website fell out of the statute's protections by directing users to other users' profiles based on information that the users provided when establishing those profiles. This filtering, according to the court, acts as a layer of information created by the website, and rendered the website open to a lawsuit under the Fair Housing Act.

The decision was widely criticized and the Ninth Circuit has no jurisdiction over a district court in Connecticut. Moreover, it's unclear that any court would consider AutoAdmit.com's activity - which consisted of little more than creating categories for the threads - as amounting to an additional layer of information. Still, the decision should make Ciolli just a little nervous since he's not exactly the most sympathetic defendant to begin with, and a judge might grab onto any precedent in order to send him to trial.

Since the complaint was filed, a different AutoAdmit operator, Jarrett Cohen, has stated in a post to the site that he has offered to remove the threads and implement a system of community moderation, but also that his offer has been rebuffed by the plaintiffs. He then accuses the plaintiffs of acting out of a desire for vengeance, and bringing the lawsuit as a means to identify the posters in order to damage their legal careers.

The plaintiffs' first problem - whatever their motivations - will be, in fact, the identification of those anonymous posters. Since the site claims to not have IP addresses for the users, the plaintiffs will probably begin by subpoenaing the email addresses the users provided during registration. Assuming these aren't sham webmail accounts with no real personal information, the email could be linked to the individuals involved.

Even if the email address is a sham, however, webmail providers do keep IP logs, so the plaintiffs could probably trace the email account to an IP address that opened the email account or that uses the email frequently.

The plaintiffs will also most likely point to a recent decision out of a federal district court in California as a way to recover information from AutoAdmit. That decision required a BitTorrent site, TorrentSpy.com, to preserve the traffic information contained in its servers' RAM. That site, like AutoAdmit, had systematically declined to keep IP logs in an attempt to keep its users anonymous. The judge in the case ruled, however, that the IP information contained in RAM was electronically stored information subject to discovery.

This, in effect, required the website to begin keeping server logs, although it did allow TorrentSpy to mask the IP addresses contained within the servers' RAM. The court ruled that the order to preserve the information in RAM as it was created wouldn't constitute a requirement that the website create new data solely to provide it to the plaintiffs (Columbia Pictures and others, in this case) since the data was automatically created and was already present in RAM. The court also held that the storage costs associated with all the extra information wouldn't constitute a burden on TorrentSpy.

That decision is currently up for appeal, and a California federal district court's opinion has even less clout in a Connecticut federal district court than a decision by the Ninth Circuit. But don't expect that to stop the plaintiffs from bringing it up before their judge in an attempt to force AutoAdmit to collect data on the posters in question should they be brazen enough to post to the site now that this litigation has commenced.

And if the judge goes for it, it will add yet another chink in the armor of sites that claim to offer "anonymous" anything on the web. ®