Mallory King - September 27, 2019 - Cybersquatting Lawsuits & Cases, Internet Law, Internet Lawyer, Social Media Lawyer, Third-Party Subpoenas, Trial Attorney Tips
[Detroit, MI] In this episode of Tech Law Radio, Complex Litigation Attorneys Enrico Schaefer and Mallory King discuss tips and strategies for issuing Federal Rule of Civil Procedure 45 subpoenas to third-parties such as Amazon, Google, Facebook, Apple, and GoDaddy to increase your chances of receiving responsive information from the same. If you are looking for advice on how to draft Rule 45 subpoenas, overcome objections, work with third-party counsel, and acquire valuable information to support or defend a lawsuit, this episode is for you.
Enrico Schaefer: Welcome to Tech Law Radio. My name is Enrico Schaefer. I’m an attorney with Traverse Legal. We specialize in complex litigation, and focus on intellectual property cases such as trademark infringement, copyright infringement, trade dress, trade secret infringement and theft.
These types of issues typically take us in to federal court where we handle a lot of litigation for a lot of clients. And so, today, I wanted to talk about something that comes up all the time in our litigation practice. It’s third-party subpoenas in federal court.
Now, the reason why I want to talk about this today is because I think it is one area of legal practice that is one of the least understood and one of the areas where lawyers can really win a case. And yet, they often fail to do the things necessary in order to get the third-party information that can win the case.
This becomes especially true in Internet and technology cases where you’re dealing with third-party providers of online services. The Facebook’s, the Apples’, the Google’s, the GoDaddy’s of the world. These are the folks that you’re going to want to subpoena in a lot of online infringement cases.
They have got a whole set of special rules that they abide by. They’ve got their internal policies that they abide by. At the end of the day they may get really challenging to actually get the information that you’re looking for. So today on the show we have litigation attorney, Mallory King.
Mallory has got a lot of experience in issuing subpoenas to third-party service providers in the Internet space. And so, she’s going to help us out today by helping you understand how to go about a third-party subpoena to an Apple, or an Amazon, or a Google, or a GoDaddy, or another internet service provider. How to actually get the information that you’re looking for.
So we’re really excited to have Mallory on the show today because we think this is going to be a really high value show for our listeners. And again, we’d like to thank our listeners who tend to be other attorneys, law professors, law students, and clients who are frankly, interested in learning more about how to win their case.
People go to the Internet to search for information about specific legal issues that they’re dealing with. Specific issues that they might be dealing with in litigation that their attorneys are handling such as how to subpoena Amazon or how to subpoena Google. So Mallory King, welcome to the show today. Thank you so much for joining us.
Mallory King: Thanks for having me on the show again, Enrico. It’s a pleasure to be here.
Enrico Schaefer: Mallory, you know we really like to help our listeners out and help other attorneys understand how to navigate Internet and technology issues when it comes to litigation and other matters. So today, we’re going to lift up our dress, and we’re going to let people see how we go about getting third-party information from Internet service providers.
Hopefully, this will help our listeners get the data that they want to try and get from some of these third-party providers in their federal litigation cases so welcome to the show. Let’s talk a little bit about what is a third-party subpoena? Can you explain a little bit? Give us some context about what a third-party subpoena is in the context of federal court litigation.
Mallory King: Absolutely. The Federal Rules of Civil Procedure do provide for third-party subpoenas in Rule 45. This allows for subpoenaing third parties that aren’t a party to the litigation like Google, Amazon, and GoDaddy so you can acquire electronically-stored information.
People can use these Rule 45 subpoenas to try to get more information about the plaintiff and/or defendant. This information can be so incredibly valuable to your intellectual property and cybersquatting claims.
For instance, if you’re subpoenaing GoDaddy as a registrar they could have account information related to ownership of the domain name that is subject to cybersquatting. Amazon and Apple could have information regarding products that are sold on their platforms that are infringing intellectual property.
PayPal can give you logs of money in and out of a defendant’s account so you can get an idea of the profits they are getting from intellectual property infringements. Google, obviously, Gmail, who doesn’t have one of those? That email content there can be invaluable with additional information about infringement and cybersquatting.
For instance, you may be able to discover who the defendant was communicating with. Maybe they were soliciting sales of a particular domain name to establish bad faith. The grounds for information that is discoverable is really unlimited here, but it’s so difficult to acquire. That is why I’m really excited to talk with the listeners about how you can get as much information as possible from these third parties.
Enrico Schaefer: What we typically see, Mallory is other lawyers and other law firms who often issue a subpoena because they know how to do that. They know how to issue a Rule 45 subpoena. But they’re used to doing it to someone’s employer or some offline company that has got a system for providing paper. Sometimes, digital copies of paper.
It’s just different when you are going after information that is being hosted or stored. Data that’s being stored by a third-party service provider. It’s much more challenging. What we tend to see is that the attorney or the lawyer issues the subpoena to Apple, Amazon, Google, GoDaddy, PayPal, whoever. The third-party responds, and they don’t end up providing much, if any, information.
They have a bunch of objections that they make. The lawyers tend to go away at that point. They don’t get what they’re looking for. They’re not sure how to proceed. They end up really falling short of their goal. Getting that objective third-party information that the other party can’t lie about.
Let’s just start and work through the process here before we get to how to deal with some of the barriers that some of these third parties put up in order to try and make it difficult. Maybe that’s not their intent, but they do have a process. You do have to jump through the hoops if you want to get through their subpoena process. But let’s just start with the basics. How do you draft a meaningful subpoena to a third-party Internet provider?
Mallory King: Overall, your strategy needs to be focused on the specifics. Specificity is of ultimate importance here. They don’t want broad requests. They don’t want big requests. They want to know exactly what you’re asking for and essentially, they’re going to want to know why, but we’ll get to that later when we talk about objections.
Our strategy is usually that you need to make sure you’re asking for information within a reasonable date range. You want to make sure you’re covering, of course, the timeframe relevant to the case at hand, but if you’re asking for 20 years’ worth of information they’re going to be completely turned off by that.
You need to be realistic and plus, a lot of them have data retention policies where certain data isn’t even in existence anymore outside a certain date range. You want to try to limit that as much as possible. You also want to give as much information about the account holder as possible.
For instance, if you’re trying to acquire information about what the defendant in a case is doing on a particular online website, you want to give the name, their potential email, and their physical address. Any information that you have that could potentially be associated with that company’s account. This goes also for links to specific websites and products at issue.
For instance, I’ve had Amazon and Apple both tell me, “Putting that link to that product in the subpoena was what sealed the deal for us. We were able to find that for you,” or, “Putting that link to that iTunes Apple App Store account storefront is what helped us know exactly where to look.” They want this to be as easy as possible for them. The more you can give them to help them track down the information, the more like they’re going to work with you.
One last thing to consider. If you’re looking for email content, a good strategy is to include keywords that you’re looking for. For instance, your client’s trademark or other relevant terms to your litigation. But some companies like Google won’t even filter via email so it all really depends. But it never hurts to put them in to show that you’re trying to limit what you’re requesting and not asking for a data dump. Those are the high-level best practices when drafting those.
Enrico Schaefer: When we’re working with other attorneys who are looking for expertise on third-party subpoena help, they come to us because we understand they’re not in technology. We understand how these third-party providers work. And so, we can help these attorneys with their subpoena process.
One of the first things that happens is the question, “What exactly are you looking for?” You mentioned it as the very first bullet point which is specificity is important. It really also comes down to you have to be strategic. The third-party providers do not respond very well to fishing expeditions.
Mallory King: Exactly.
Enrico Schaefer: You should, as a lawyer in litigation, have a pretty good guess as to what it is you think you’re going to find or what exactly you are looking for using the third-party subpoena process. And so, rather than just drafting a broad subpoena that’s everything and the kitchen sink, that’s just going to annoy the third-party service provider, what we advise to both our clients and to other attorneys who retain us to help with these issues is really: let’s be strategic.
Let’s dig in to what it is that we think we’re trying to accomplish. We already understand what the data fields are within these platforms and how account information is kept so it’s easy for us to use the right terminology. If you’re just looking for documents and documents are defined as everything tangible and intangible, that’s much more challenging.
If you’re able to narrow down on exactly what you’re after, and you use the right terminology you’re going to have a much easier time working with the third-party provider. Let’s talk a little bit about the drafting strategy. What are your recommendations as to how to go about getting a third-party subpoena drafted with the specificity that you talk about? With the level of information that’s going to get you the coordination and cooperation you’re looking for from the third-party provider?
Mallory King: What we’ve done in the past on cases where we’re looking for this information is go from broad to narrow. So you would draft, for example, “Defendant is known to have an account with you. Defendant may go by this name. Defendant may be using this email address.” Any association with their account. If there’s several put all of them.
“They may have this physical address hooked up to their account.” If there’s several list them. “The product is located at this link.” Put it in the subpoena. Put as much information in there as possible. If you get a response which again, we’ll talk about the objections in a bit, but a lot of them wanted more insight in to the procedural posture of the case.
“Where are you in discovery? What’s going on? Why are you asking for this now?” Also, consider putting maybe some background information about why you’re looking for this information could even push it further to avoid more hiccups down the road.
Enrico Schaefer: Yeah, because what these third-party providers are very sensitive to is if someone goes to a court, and they start using the court process for what the third-party provider might believe is inappropriate use of court process. “Why are you trying to get this?” “Well, someone stole my copyright-protected products and listed them at Amazon.” That’s a good answer.
Amazon understands that. They don’t want that. They’re much more psychologically tuned in to trying to want to help you on that, but if it’s, “Oh, well, here’s a competitor, and they’re underselling our price.” You can’t really say that you’ve got a claim, but you were able to file a lawsuit. And then that gave you subpoena power. They get to decide how much they’re going to fight you which really brings us to the next thing I want to talk about, Mallory.
You send out the subpoena. It’s well-drafted. Maybe they ask for an extension to respond to the subpoena, but eventually, you get the responsive document and inevitably, it contains objections. Tell us a little bit about what we would expect in terms of objections from third-party service providers.
Mallory King: Like you said, it’s essentially guaranteed that they’re going to respond with more than one objection. They probably have template letters waiting at the ready to send out to people who send subpoenas to them because they never want to give it up until they know absolutely for certain that it’s legally sound. And that they’re able to provide you with that information.
One of the biggest ones we see, and this is especially when you’re asking for email content is the Stored Communications Act (“SCA”) objections. The SCA prohibits entities that provide electronic communication services from divulging contents of communications that are in their electronic storage. This is a big one for Gmail or if you’re asking for emails from GoDaddy for communications related to an account holder’s account.
They could be liable under the SCA if they divulge information that they are not allowed to and so, they are very, very cautious. They will almost always want consent from the account holder before releasing this information. It’s really important to either come with that consent or anticipate that you may have to work around that consent.
Another one that is really big is relevancy. Companies may want it spelled out exactly how their requests in their subpoena are relevant to the claims or defenses in the litigation. So, for instance, Apple sends us an objection letter. They like to see a letter back that literally breaks down every single objection. It explains why you think the objection is meritless and why you think the information is relevant.
This is copying and pasting complaint allegations or answer responses. Attaching documents so that they can see, “Okay, we’re alleging that they’ve uploaded this copyrighted information on Apple iTunes. Here is the product screenshot on Apple iTunes, and that’s why it’s relevant to our copyright infringement claim.” You need to break it down and then after that you talk to them on the phone, they’re willing to work with you. They just want to see that you’re willing to put the effort in.
Let’s see, another one that’s very common is undue burden. These companies consider these subpoenas to be expensive and laborious. They don’t want to go searching deep into the archives. Potentially, it’s archaic technology that they no longer even utilize that you’re asking for information from.
This burden is on them so you need to just reiterate to them, “Hey, show me why this is so hard for you to do.” They’re big companies. They should have the staff at hand to respond to these types of subpoenas. You’re certainly not the only subpoena they’re receiving so you just have to push them.
Something else to consider is their confidential business information. Again, Apple has a lot of proprietary information that they may disclose pursuant to a subpoena response. They would prefer the general public not to know about it. If you could have a protective order already in place in your litigation anticipating that sensitive information might be forthcoming that’s great.
You can be like, “Hey, we already have one. No problem. You don’t have to do that.” Just some things to think about.
The last one I would say which is really silly, and if anyone gives up because of this one you should think differently. The designated place for compliance. The Federal Rules of Civil Procedure say that people and companies don’t have to produce documents that are more than 100 miles away from their place of business. We’re located in Michigan. We get California companies throwing in this objection all the time. “That’s way further than 100 miles. We shouldn’t have to provide that to you.”
The committee notes for Rule 45 have already addressed this and said, “Given the digital age, and the electronic exchange of production, and discovery information that rule really is worked around a lot.” You just reiterate to them. Be like, “Hey, we’re not asking you to send these physical documents. In fact, we’d prefer you didn’t.” “We’re not asking for anyone to physically show up and hand-deliver them. Just send them to us in a CD. Send them to us in a zip drive.” Electronic is the way to go so you can get around that 100-mile objection, no problem.
Enrico Schaefer: That is great, Mallory because it really gives a great overview and synopsis of what you’re going to see in almost every third-party subpoena response is a whole list of objections. They’re very good at giving you just enough information to be able to make it look like they sent something, but none of the stuff you’re looking for. None of the good stuff that is going to win your case in litigation, right?
Mallory King: Exactly.
Enrico Schaefer: The first one that you mentioned, I think it deserves a little special attention. It’s this Stored Communications Act or SCA. It’s 18 U.S.C. 2701, et cetera. It basically creates penalties for anyone that assesses information. Digital information, electronic information that’s stored through or with an internet service provider (“ISP”).
It’s a legitimate objection that you will see by third-party providers. There are special federal laws that protect all of our digital information when it’s stored in the cloud or it’s stored on the servers of an Internet service providers. They use the SCA as a way to avoid providing documents and creating potential liability, but there are ways around the Stored Communications Act objection. One of which is the subpoena.
If a court orders that documents be produced, then there’s no way for the ISP to get in trouble. Where it gets to be an issue is does the ISP, does the service provider, social media provider, etc., have to respond to the subpoena with the SCA objection?
And then you have a follow-up order from the court saying, “No, that’s fine. You need to provide it. I’ve already reviewed the matter, and I find it relevant,” or is a subpoena enough to trigger the production? Of course, not all third parties treat this issue the same. The point is this. The SCA is a common objection which stops a lot of people in their tracks.
They don’t understand the Stored Communications Act. They look it up. It looks legitimate. “Oh, no, I can’t get this information,” and they simply walk away from their subpoena. What I want to ask you is what happens next after you get this minimal production and a litany of objections from the Internet service provider?
Mallory King: I would just emphasize that persistence is key. If you’re dissatisfied with the amount the third-party has given you or they’ve just given you a letter alone with nothing else, keep working with them. These attorneys are willing to work with you to overcome their concerns, and they’re often willing to compromise. Narrowing the scope of your subpoena to make responding more practical for them.
We’ve issued signed consents to some third-parties. Pretty general contracts where the defendant has signed their consent, and we’ve provided that to some, and that’s been sufficient. For Apple along with the signed consent, and with our responses to their objections, and with several phone calls with Apple’s counsel narrowing our scope they finally, provided us with information.
But this was over several months of communications back and forth with their attorney. This isn’t going to be a one-week and done thing because once they’ve agreed to produce it, guess what? It’s going to be another month or so before they actually give it to you. I just want to emphasize the persistence on that really, is so important.
Enrico Schaefer: Let me ask you a question about the signed consent because presumably, I’m a plaintiff. I’m suing for trademark or copyright infringement. The defendant is my adversary, and they’re counsel isn’t going to want to cooperate with me at all. I get Apple saying, “Well, we can’t give you that without consent,” or Gmail saying, “We cannot give that to you without consent or a court order,” is usually the way it’s phrased. Consent or a specific court order, right?
One of the ways though is to get the defendant to consent. For our listeners you shouldn’t expect that’s going to be something that you’re going to send to the other attorney and they’re simply going to have their client sign. Context is key here. Sometimes, there’s already been motion practice, and it’s clear that the court is ordering that the subpoena be allowed and go forward.
Sometimes, there’s objections to the subpoena. A motion to quash that had been filed and ruled on which essentially, tell the defendant, “You need to consent. Do whatever is necessary to work with the plaintiff to get the information.” The court has either explicitly or implicitly told the other party to sign whatever consent the third-party service provider requires in order to get the information. You’ve seen that work in the past, correct?
Mallory King: Yes, I have. And like you said, it varies across which third-party company you’re dealing with. The court is in a position to actually order a defendant to consent so there’s case law out there that says, “Court-ordered consent is valid under the Stored Communications Act.” If you have like we have before you have a court order that says, “Defendant, sign X, Y, and Z subpoenas for these third parties.”
He signs them and then we provide those companies with the signed consent, along with the court order that says he was meant to sign them. Yes, there are the exceptions where you have an amicable defendant, which is almost an oxymoron, and they sign the consent voluntarily.
But Google, for instance, takes this whole process another step further. Google won’t just take a signed consent at face value. They want a specifically-drafted court order which, if you work with Google’s general counsel they will give you an example court order and say, “This is how we like to see it stylized. If you have any questions send it back to us. Send us the draft back to us, and we’ll review it before you file it so that we know for sure we can comply.”
The worst thing you want to do is think you have a court order, go through the whole rigmarole and have Google be like, “Sorry, it’s still not okay.” After you get a court order for Google they have a consent verification process. This process entails the defendant emailing Google from the email address at issue in the subpoena, or from the various email addresses at issue in the subpoena, and attaching the court order that is either ordering their consent, or involuntary, or voluntarily.
You attach that court order to the email and then the defendant sends it to Google. And then that way Google knows it’s the actual person consenting to the production of email and then there’s a court order attached to it. So that requires a whole other level of consideration.
Making sure the court order is drafted correctly. Making sure the defendant follows through on his end of the court-ordered bargain. There is an extra layer, and it is different across all boards. A lot of experimentation is needed, but if you really want to know the answers they can always ask us.
Enrico Schaefer: Yeah, that’s true enough because we’ve been through it enough times. This, of course, all assumes that the defendant is the subject of the subpoena. Sometimes, there will be an anonymous defendant. A John Doe, a Jane Doe, or a third-party account holder that’s not a party to the suit. In which case, you’re not going to get consent, but you are going to need to get court orders.
You might have the third-party provider file their own motion to quash. You might have the defendant file a motion to quash. The third-party provider might give notice to the account holder so they have an opportunity to file a motion to quash. There’s a whole motion practice side to this whole thing that can go in lots of different directions. The main point being none of this is quick.
You need to get started on subpoenas early if you’re going to be subpoenaing tech companies. You need to be willing to work for what you get. Perhaps the hardest thing in discovery are your third-party tech subpoenas. They take the longest. If you’re just issuing a request for production to the defendant and they don’t respond you’ll get a motion to compel. It’s ordered. They’ve got to give it to you.
That’s not how third-party subpoenas work in the Internet Age unfortunately. You’re going to need a cooperative judge, too, and the best thing I can advise is when we have these third-party subpoenas with the cases that we’re involved in we advise the court right out of the gate how difficult this is going to be. That it’s going to be a process. That it’s going to take time, and that we want to get started early.
And then that way you’re not coming back to the court and the court is going, “Well, that was four months ago. Why don’t you have the records yet?” The answer could be a very legitimate, “We’ve been working out butts off,” and you still don’t have the records. You need to understand all of these different things if you want to work your way through this process and get where you need to get to.
Mallory, there’s a lot more we could talk about on third-party subpoenas, but this has been a great start for our listeners today who are interested in this issue. And, of course, they can contact Mallory King at www.traverselegal.com if they have any questions.
We’re always willing to help and obviously, we do work with other law firms on the subpoena issue since we have that expertise. Give us your high-level tips for any attorney that’s looking to issue a third-party subpoena to a tech company.
Mallory King: Okay, absolutely. I have some tips that if you’re going on this adventure of third-party subpoenas definitely take heed. First, be specific. Like I said, include as much information as possible in your subpoena. Be persistent. It isn’t over after the receipt of objections. In fact, you’ve only just begun.
Be flexible with the information you’ve requested. If you can compromise on certain aspects, for instance, narrowing the date range do it. Some information is better than none. Be gracious with the individuals helping you. Use your other attorneys on the other side representing these tech companies and kindness can go a lot further than being aggressive or demanding.
They’re more likely to help you if you have a good repertoire with them. And lastly, be realistic. The chances that you’re going to get every single piece of information you requested is very slim. [This could be] because the tech company’s retention period has expired or that information never existed in the first place. If you’re not getting every single piece of information that’s probably an accurate representation of the information they have. That would be all I would recommend in general.
Enrico Schaefer: That’s great. Mallory King, thank you so much today for your insights on third-party tech subpoenas. I think it is an area that we’re going to continue to see grow more and more complex. You obviously, have GDPR issues that are going to work their way in to these things when you happen to have folks located in the EU.
You’ve got data that used to be available that is now not available publicly. You’ve got deletion requests going on from the EU. Citizens that just simply removes data at their request from any third-party provider. As we look at these data discovery issues and the preservation of data, the storage of data, and the discovery of data expertise is going to become the number one differentiator between and success and failure in litigation.
That’s it today for Tech Law Radio. Thank you so much for joining us. To all our lawyer friends, and law professor friends, law student friends and, of course, clients who follow along we encourage you to share this show. And to tell other people about it and increase the following. We will continue to bring you great content and until next time, have a great day.