Computer Fraud & Abuse Act Lawsuit for … Posting Reviews That Allegedly Violate Terms of Service

Paul Alan Levy of Public Citizen, whose work I trust and admire, posted this at the Consumer Law & Policy blog a week ago; I e-mailed plaintiff's counsel to see if they were willing to pass along their side of the story, but got no response:

Our latest case about the right to speak anonymously is in federal court in Chicago, flowing from a dispute between a prominent vlogger named Cristina Villegas and a plastic surgeon named David Shifrin who, Villegas complained, "botched my nose job." Villegas posted a 23-minute-long YouTube video which recounts the inadequacies that she perceived in the doctor's work ….

Villegas' Instagram account has nearly 500,000 followers, and her YouTube channel has more than 1,600,000 followers; as of today, her "botched nose job" video has had over four million views. Shifrin has taken no action to prevent her from telling her story directly; he has not, for example, sued Villegas claiming that she made any false statements of fact in her vlog….

Instead, he has apparently tried to salvage his reputation by going after what might have been a weak link: members of the public who, incensed by what they saw in the vlog, took to Google and Yelp to side with Villegas and denouncing Dr. Shifrin. Because both Google and Yelp ask reviewers to recount their own personal experiences with businesses, those companies began to remove the reviews or, at least to downgrade them to "not-recommended" status. But that was not enough to satisfy Shifrin, who filed suit in state court against 78 such reviewers, charging them with violation of the federal Computer Fraud and Abuse Act ("CFAA") and a variety of state-law torts, all of which amount to defamation.

The CFAA claim is predicated on the proposition that any violation of the terms of service in accessing a web site amounts to "exceeding authorized access" and hence is a violation of the CFAA, allowing not only a claim for damages but, indeed, a criminal prosecution. The defamation claim is based on the proposition that, [among other things -EV], contrary to what Villegas said on her vlog, Shifrin really cares about his patients, doesn't botch surgeries, and never "bribes" his patients to keep silent….

This lawsuit came to our attention because Shifrin filed a motion for early discovery and then served subpoenas on Yelp and Google. The Illinois state courts have squarely rejected the widely accepted Dendrite standard, which requires a plaintiff to present evidence before he is allowed to use court process to identify defendants claimed to have engaged in wrongful speech.   In rejecting Dendrite, the Illinois Supreme Court said that state procedures provide equivalent protections, but I found that explanation dubious -- without a  recognition that First Amendment rights are at issue, would trial courts really be careful to insist that there be a tenable claim against each of the anonymous defendants?

What transpired in the Cook County Circuit Court in this case shows that, as a practical matter, a merely conclusory allegation in a complaint can be sufficient basis in Illinois for stripping anonymous online speakers of their First Amendment right to speak anonymously….

However, because Shifrin included a federal law claim, his state-court lawsuit was subject to removal to federal court for Northern Illinois, where the application of the Dendrite standard remains an open question. Consequently, we have removed the case on behalf of two Yelp reviewers, and we are preparing a motion to quash the subpoena to Yelp.   A motion to quash the subpoena to Google might follow if we hear from a Google reviewer whom we are willing to represent (or, perhaps Google follow Yelp's example by asserting its users' rights?).

In addition to the important question about discovery of anonymous online speakers, this case presents a significant question about the meaning of the CFAA.  Ever since the controversial prosecution of Lori Drew for creating a fake MySpace profile with tragic results, many of us have focused  on the nightmarish implication from the Government's theory in that case: that any violation of a web site's terms of service might make an Internet user susceptible to prosecution under the CFAA. Those hypotheticals are implicated by  Van Buren v. United States, which was recently argued before the Supreme Court; Orin Kerr would say they are at the center of the case.  This case presents an opportunity to secure a clear "no" answer to that question.