A federal court in California has held that subpoenas served on Google and Yahoo! seeking the subscriber and usage information associated with 68 email addresses did not infringe on the subscribers’ First Amendment rights or their right to privacy. Chevron Corp v. Donziger, No. 12-mc-80237 (N.D. Cal. Aug. 22, 2013). The subpoenas also did not violate the Stored Communications Act (SCA). According to the court, the subscribers “vastly overestimate[d] the amount of legal protection accorded to the subscriber and usage information associated with their email addresses.” Chevron, slip op. at 32.

The court reasoned that:

Although the [subscribers] may believe that using their email addresses will protect their identities, that belief is simply not reflected by the reality of the world we live in. Email addresses are labels we voluntarily present to the outside world, through which we allow the world to contact us, and in that way identify us.

Id. at 14.

The court’s decision is a reminder of how much information is being collected and stored electronically about a subscriber each time that person establishes and logs into an internet account — whether that account is webmail, a social media site or a customer profile — and how that information may become discoverable and accessed years later during litigation. It also shows how valuable metadata can be not only to internet marketers and service providers but also to litigants.

The underlying dispute

The discovery sought in the subpoenas was “just one small part in an elaborate maze of litigation spanning states, countries, and continents.” Id. at 2. Back in 2003, plaintiffs in Ecuador, represented by attorney Steven Donziger, sued Chevron under Ecuador’s Environmental Management Act. On Feb. 14, 2011, an Ecuador court awarded the plaintiffs an $18.2 billion judgment against Chevron for damages related to alleged environmental harms in Ecuador.

Chevron subsequently brought civil RICO claims against the plaintiffs’ attorney and others in the Southern District of New York alleging that they attempted to defraud and extort Chevron by bringing suit in Ecuador, bribing Ecuadorian judges, ghostwriting opinions and expert reports, and exerting a pressure campaign on Chevron in the United States. A court in the Southern District of New York has found that there is probable cause to believe that the defendants have engaged in fraud in five separate instances, including the alleged bribery of the judge and the writing of the judgment and other judicial documents in the Ecuador case.

The subpoenas served on Google and Yahoo!

As part of the discovery Chevron is taking in the RICO case, it served subpoenas on Google and Yahoo! seeking documents dating back to 2003 related to:

(A) the identity of the user of 68 email addresses, including but not limited to documents that provide all names, mailing addresses, phone numbers, billing information, date of account creation, account information and all other identifying information associated with the email addresses under any and all names, aliases, identities or designations related to the email address; and

(B) the usage of the 68 email addresses, including but not limited to documents that provide IP [Internet Protocol] logs, IP address information at time of registration and subsequent usage, computer usage logs, or other means of recording information concerning the email or Internet usage of the email address.

Chevron claimed that the email addresses were identified principally through the review of documents recovered from an image of Donziger’s hard drive and that the subscribers were intimately involved with the alleged fraud by managing legal and public relations strategies. According to Chevron, the subpoenaed information would provide evidence about the structure and management of the alleged fraudulent scheme.

The email addresses supposedly belonged to former interns, environmentalists, journalists and bloggers who, at one point or another, spoke out about the Ecuadorian rain forest and the alleged impact of Chevron’s operations there.

Information collected by Google and Yahoo! about their subscribers

Google’s privacy policy states that it collects information given to it by a subscriber (such as name, email address and phone number) as well as information related to a subscriber’s use of Google, including device-specific information, mobile network information, IP addresses, cookies that uniquely identify a user’s browser or Google account and location information.

Yahoo!’s privacy policy states that it collects information given at registration such as name, date of birth, gender, occupation, industry and personal interests. Yahoo! also records a user’s IP address, cookie information, the software and hardware attributes of the connecting computer and the page the user requests. Yahoo!’s privacy policy states explicitly that “[w]hen you register with Yahoo! and sign in to our services, you are not anonymous to us.”

Motions to quash filed by the defendants and non-parties

In response to the subpoenas, the defendants and 32 non-parties, whose email addresses were among those subpoenaed, moved to quash the subpoenas.

In ruling on the motions, the court addressed these issues among others:

  1. whether the subpoenas were proper under the SCA;
  2. whether the subpoenas infringed the non-party movants’ First Amendment rights to speak anonymously and freely associate;
  3. whether the subpoenas infringed the non-party movants’ right to privacy; and
  4. whether the subpoenas were overbroad.

The subpoenas were proper under the Stored Communications Act

Under the SCA, “electronic communication service providers” such as Google and Yahoo! may “divulge a record or other information pertaining to a subscriber to or customer of such service.” 18 U.S.C. § 2702(c). Among the records Google and Yahoo! may reveal are the subscribers’ “name, address, … records of session times and durations, telephone or instrument number or other subscriber number or identity, including any temporarily assigned network address.” Chevron, slip op. at 10.

Because the subpoenas did not seek the contents of any subscriber’s email, the court concluded that the SCA permitted Google and Yahoo! to reveal identifying information associated with each subscriber as well as usage information of each account. Courts in other cases have reached the same conclusion. See, e.g., Obodai v. Indeed, Inc., No. 13-80027 (N.D. Cal. Mar. 21, 2013).

The subpoenas did not infringe the non-party movants’ first amendment rights to speak anonymously and to associate freely

The non-party movants argued that revealing the subscriber information associated with their email accounts would chill their anonymous speech about an issue of public concern. According to the non-party movants, the production of their IP addresses and logs associated with their email accounts would provide a rough itinerary of where and with whom they have been for the last nine years.

Because the subpoenas did not seek the contents of any subscriber’s email, the court rejected the non-party movants’ argument and concluded that the subject of the subpoenas was not protected speech. The court also concluded that the actions of the non-party movants were not anonymous: “Several of their email addresses contain their first and last names, or their first initial and last name, or some other combination of identifying information.” The court also concluded that the non-party movants did not establish that they were “members of an association” that would be impacted by the enforcement of the subpoenas.

The non-party movants had no privacy interest in their IP logs and account information

The court also considered the non-party movants’ right to privacy under the California constitution. The court concluded that subscribers had no privacy interest in the identifying information, IP addresses, and IP logs associated with their email accounts because they voluntarily turned this information over to Google and Yahoo!:

As a condition of using Google and Yahoo!’s email service, the [non-party] movants voluntarily provided their names, addresses and other identifying information. This voluntary production to a third party eviscerates any subjective expectation of privacy the Doe movants might harbor. In addition, the IP address and IP logs associated with their email accounts are the addresses visible to the outside world associated with their accounts. The IP address is the routing information that they [subscribers] provide to the ISPs when the choose to connect a computer to their email account, send or receive an email, or even visit a website.

Id. at 18-19.

The court limited the applicable time period of the subpoenas based on an “independent obligation” to avoid undue burden or expense

Interestingly, the court acknowledged an “independent obligation” to avoid imposing undue burden or expense on the recipient of a subpoena. The court also acknowledged a duty to limit the extent of the discovery sought according to principles of proportionality, including if the discovery “is unreasonably duplicative, if it can be obtained from a source that is more convenient or less burdensome, or if the burden of producing it outweighs its likely benefit.” Id. at 19 (quoting Fed. R. Civ. P. 26(b)(2)(C).

Applying these discovery principles, the court concluded that the requested period of 2003 through Sept. 7, 2012 should be limited to the period of 2003 through Feb. 14, 2011, which was the date of the judgment in Ecuador, for all the email addresses subpoenaed. The court then applied these principles to the scope of the subpoenas as to the individual email addresses.