Justia Internet Law Opinion Summaries

Clemens, then an employee, provided ExecuPharm with sensitive information, including her address, social security number, bank, and financial account numbers, insurance, and tax information, passport, and information relating to her family. Clemens’s employment agreement provided that ExecuPharm would “take appropriate measures to protect the confidentiality and security” of this information. After Clemens left ExecuPharm, a hacking group (CLOP) accessed ExecuPharm’s servers, stealing sensitive information pertaining to current and former employees, including Clemens. CLOP posted the data on the Dark Web, making available for download 123,000 data files pertaining to ExecuPharm, including sensitive employee information. ExecuPharm notified current and former employees of the breach and encouraged precautionary measures. Clemens reviewed her financial records and credit reports for unauthorized activity; placed fraud alerts on her credit reports; transferred her bank account; enrolled in ExecuPharm’s complimentary one-year credit monitoring services; and purchased three-bureau additional credit monitoring services for herself and her family for $39.99 per month.Clemens's suit under the Class Action Fairness Act, 28 U.S.C. 1332(d), was dismissed for lack of Article III standing. The court concluded that Clemens’s risk of future harm was not imminent, but “speculative.” Any money Clemens spent to mitigate the speculative risk was insufficient to confer standing; even if ExecuPharm breached the employment agreement, it would not automatically give Clemens standing to assert her breach of contract claim. The Third Circuit vacated. Clemens’s injury was sufficiently imminent to constitute an injury-in-fact for purposes of standing. View "Clemens v. Execupharm Inc" on Justia Law

NBA Properties owns the trademarks of the NBA and NBA teams. In 2020, a Properties investigator accessed HANWJH’s online Amazon store and purchased an item, designating an address in Illinois as the delivery destination. The product was delivered to the Illinois address. Properties sued, alleging trademark infringement and counterfeiting, 15 U.S.C. 1114 and false designation of origin, section 1125(a). Properties obtained a TRO and a temporary asset restraint on HANWJH’s bank account, then moved for default; despite having been served, HANWJH had not answered or otherwise defended the suit. HANWJH moved to dismiss, arguing that the court lacked personal jurisdiction over it because it did not expressly aim any conduct at Illinois. HANWJH maintained that it had never sold any other product to any consumer in Illinois nor had it any “offices, employees,” “real or personal property,” “bank accounts,” or any other commercial dealings with Illinois.The Seventh Circuit affirmed the denial of the motion to dismiss and the entry of judgment in favor of Properties. HANWJH shipped a product to Illinois after it structured its sales activity in such a manner as to invite orders from Illinois and developed the capacity to fill them. HANWJH’s listing of its product on Amazon.com and its sale of the product to counsel are related sufficiently to the harm of likelihood of confusion. Illinois has an interest in protecting its consumers from purchasing fraudulent merchandise. HANWJH alleges no unusual burden in defending the suit in Illinois. View "NBA Properties, Inc. v. HANWJH" on Justia Law

Popa browsed the website of Harriet Carter Gifts, added an item to her cart, but left the website without making a purchase. She later discovered that, unbeknownst to her, Harriet Carter’s third-party marketing service, NaviStone, tracked her activities across the site. Popa sued both entities under Pennsylvania’s Wiretapping and Electronic Surveillance Control Act (WESCA), 18 Pa. C.S. 5701, which prohibits the interception of wire, electronic, or oral communications. The district court granted the defendants summary judgment, reasoning that NaviStone could not have “intercepted” Popa’s communications because it was a “party” to the electronic conversation. Alternatively, it ruled that if any interception occurred, it happened outside Pennsylvania, so the Act did not apply.The Third Circuit vacated. Under Pennsylvania law, there is no direct-party exception to WESCA liability, except for law enforcement under specific conditions. The defendants cannot avoid liability merely by showing that Popa directly communicated with NaviStone’s servers. NaviStone intercepted Popa’s communications at the point where it routed those communications to its own servers; that was at Popa’s browser, not where the signals were received at NaviStone’s servers. The court noted that the district court never addressed whether Harriet Carter posted a privacy policy and, if so, whether that policy sufficiently alerted Popa that her communications were being sent to a third-party company to support a consent defense. View "Popa v. Harriet Carter Gifts Inc." on Justia Law

Alight provides recordkeeping services for employee healthcare and retirement benefit plans, some of which are governed by ERISA, 29 U.S.C. 1001–1461 The Department of Labor investigated Alight, following a discovery that Alight processed unauthorized distributions of plan benefits due to cybersecurity breaches, and sent Alight an administrative subpoena duces tecum, seeking documents in response to 32 inquiries, including broad demands, such as “[a]ll documents and communications relating to services offered to ERISA plan clients.” Alight produced some documents but objected to several inquiries, citing its duty to keep certain information confidential. The Department petitioned for enforcement of the subpoena. Alight produced additional materials but redacted most of the documents to remove client identifying information, preventing the Department from discerning potential ERISA violations. Alight asked the court to quash or limit the subpoena and permit redactions. Alight’s legal consultant projected full compliance would require “thousands of hours of work.” The Department clarified or narrowed its requests.The Seventh Circuit affirmed an order granting the Department’s petition to enforce the subpoena with some modifications. The court rejected Alight’s arguments that the subpoena is unenforceable because the Department lacks authority to investigate the company because it is not a fiduciary under ERISA, or cybersecurity incidents generally; that the subpoena’s demands are too indefinite and unduly burdensome, and that the district court abused its discretion by denying Alight’s request for a protective order to limit production of certain sensitive information. View "Walsh v. Alight Solutions, LLC" on Justia Law

A Romanian organization, the Alexandria Online Auction Fraud Network (AOAF), used fraudulent online advertisements on websites like eBay, Craigslist, and Amazon to convince unknowing U.S. purchasers to send payments for high-value items that did not actually exist. After receiving the payments through vehicles like gift cards and prepaid debit cards, AOAF money launderers in the U.S., including Brown, converted the payments into Bitcoin currency, which was then transferred back to Romania. Foreign Bitcoin exchange businesses including RG, Iossifov’s Bulgaria-based business, then transferred the Bitcoin balances to cash on behalf of AOAF fraudsters. About 900 victims never received the items for which they paid. The government learned about the scheme in 2014 when it discovered that an American citizen living in Kentucky was laundering funds on behalf of an online fraud organization; the individual became a confidential source.The Sixth Circuit affirmed Iossifov and Brown’s convictions and sentences under the Racketeer Influenced and Corrupt Organizations Act (RICO), 18 U.S.C. 1962(d), and Iossifov’s additional conviction for conspiring to launder money 18 U.S.C. 1956(h). The court rejected venue, jurisdiction, and Due Process claims, a contention that Bitcoin does not fall under the money laundering statute, and challenges to sentencing enhancements and evidentiary rulings. View "United States v. Iossifov" on Justia Law

The HuffingtonPost.com, Inc. ("HuffPost"), petitioned the Alabama Supreme Court for a writ of mandamus to direct a circuit court to vacate its order denying HuffPost's motion for a summary judgment based on the immunity provided in the Communications Decency Act of 1996, 47 U.S.C. § 230, and to enter a summary judgment in its favor pursuant to the immunity provided in 47 U.S.C. § 230. K.G.S. petitioned to adopt Baby Doe; the birth mother contested the adoption. The birth mother contacted Mirah Ruben, a contributor to HuffPost, and shared her version of events leading to her contesting the adoption. HuffPost published two online articles about Baby Doe’s adoption, including the full name of the birth mother, K.G.S. and included images of Baby Doe. After the articles were published, Claudia D’Arcy, a resident of New York, created a Facebook page dedicated to reuniting the birth mother and Baby Doe, which attached the HuffPost articles. The Facebook page also identified the birth mother and K.G.S. by name, and images of Baby Doe. After the creation of the Facebook page, K.G.S. stated she was “inundated with appallingly malicious and persistent cyber-bullying.” K.G.S.’ attorney compelled Facebook to take down the page because it violated Alabama’s Adoption Code. Then K.G.S. sued HuffPost, Mirah Riben, and a number of other defendants alleging that the defendants had made statements relating to the adoption that subjected them to civil liability and had unlawfully disclosed confidential information about the adoption "to create a sensationalized, salacious, and scandal-driven trial in the court of public opinion to pressure K.G.S. into relinquishing her custody of Baby Doe." After review of the circumstances of this case, the Alabama Supreme Court concluded HuffPost demonstrated a clear legal right to mandamus relief, and its petition was granted. View "Ex parte The HuffingtonPost.com" on Justia Law

John Doe (Father) appealed a magistrate court’s decision to terminate his parental rights to his three children: John Doe I (age 12), Jane Doe (age 11), and John Doe II (age 7). The children and their biological mother (Mother) lived in Idaho when the Idaho Department of Health and Welfare (the Department) petitioned to terminate Mother’s parental rights. Mother eventually voluntarily stipulated to the termination of her rights. Father resided in Tennessee during these proceedings and could not be located by the Department for several months. The Department amended its original petition in Idaho to establish jurisdiction over Father. The Department then moved to obtain authorization to serve the petition on Father by publication in the Tennessee city where Father resided. The magistrate court granted the Department’s request. Ultimately, Father was located in Tennessee and accepted personal service. The Department then filed petitioned to terminate his parental rights. Father participated in the termination trial via Zoom from Tennessee. Throughout the proceeding, Father’s internet connection proved to be unreliable, and he was repeatedly disconnected from the proceeding. Father rejoined the proceeding when the connection was reestablished. Father moved to continue the trial because of the connectivity issue, which the magistrate court denied, noting that it had given the parties the option of joining the proceedings remotely, but that they were required to ensure they had a reliable internet connection. Following the trial, the magistrate court terminated Father’s parental rights based on the grounds of abandonment, neglect, and the inability to discharge parental responsibilities. Father appealed. Finding no reversible error in the magistrate court's judgment, the Idaho Supreme Court affirmed it. View "IDHW v. John Doe" on Justia Law

Plaintiff-Appellant Cl.G., on behalf of his minor son, C.G., appealed a district court’s dismissal of his case against Defendants-Appellees Cherry Creek School District (District or CCSD) and various employees for alleged constitutional violations stemming from C.G.’s suspension and expulsion from Cherry Creek High School (CCHS). In 2019, C.G. was off campus at a thrift store with three friends. He took a picture of his friends wearing wigs and hats, including “one hat that resembled a foreign military hat from the World War II period.” C.G. posted that picture on Snapchat and captioned it, “Me and the boys bout [sic] to exterminate the Jews.” C.G.’s post (the photo and caption) was part of a private “story,” visible only to Snapchat users connected with C.G. on that platform. Posts on a user’s Snapchat story are automatically deleted after 24 hours, but C.G. removed this post after a few hours. He then posted on his Snapchat story, “I’m sorry for that picture it was ment [sic] to be a joke.” One of C.G.’s Snapchat “friend[s]” took a photograph of the post before C.G. deleted it and showed it to her father. The father called the police, who visited C.G.’s house and found no threat. Referencing prior anti-Semitic activity and indicating that the post caused concern for many in the Jewish community, a CCHS parent emailed the school and community leaders about the post, leading to C.G.'s expulsion. Plaintiff filed suit claiming violations of C.G.'s constitutional rights. Defendants moved to dismiss, which was ultimately granted. On appeal, Plaintiff argued that the First Amendment limited school authority to regulate off-campus student speech, particularly speech unconnected with a school activity and not directed at the school or its specific members. Defendants maintained that C.G. was lawfully disciplined for what amounts to off-campus hate speech. According to Defendants, although originating off campus, C.G.’s speech still spread to the school community, disrupted the school’s learning environment, and interfered with the rights of other students to be free from harassment and receive an education. The Tenth Circuit determined Plaintiff properly pled that Defendants violated C.G.’s First Amendment rights by disciplining him for his post; the district court’s dismissal of Plaintiff’s first claim was reversed in part. The Court affirmed dismissal of Plaintiff’s further facial challenges to CCSD’s policies. Questions of qualified and absolute immunity and Plaintiff’s conspiracy claim were remanded for further consideration. View "C1.G v. Siegfried, et al." on Justia Law

Turo, an Internet-based platform, allows vehicle owners to list, and customers to rent, specific passenger vehicles, processes reservations and payments and retains a percentage of the proceeds of each rental transaction. Turo provides a liability insurance policy through a third-party insurer. Turo competes with traditional on-airport and off-airport rental car companies and has used phrases like “rent” and “rental car” in its advertisements.The government sued Turo under the Unfair Competition Law (Bus. & Prof. Code 17200) for operating a rental car business at SFO without the required permit, engaging in prohibited curbside transactions at SFO, and using airport roadways and offering services on airport property without permission. Turo sought a declaratory judgment that it is not a rental car company and alleged that SFO had unlawfully demanded that Turo obtain an off-airport rental car company permit, and pay fees that SFO is authorized to charge only “rental car companies” under Government Code 50474.1(a).The court of appeal held that Turo is not a rental car company. That term is not defined in the Government Code but is defined in nearly identical language in three separate California statutes to mean a person or entity in the business of renting passenger vehicles to the public. A rental car company has control over the vehicles in its fleet in a way Turo does not View "Turo v. Superior Court of the City and County of San Francisco" on Justia Law

Freed created a Facebook profile, limited to his “friends.” Eventually, he exceeded Facebook’s 5,000-friend limit on profiles and converted his profile to a “page,” which has unlimited “followers.” His page was public, anyone could “follow” it; for the page category, Freed chose “public figure.” Freed was appointed Port Huron’s city manager. He updated his Facebook page to reflect that title. In the “About” section, he described himself as “Daddy ... Husband ... and City Manager, Chief Administrative Officer for the citizens of Port Huron, MI.” Freed listed the Port Huron website as his page’s website, the city’s general email as his page’s contact information, and the City Hall address as his page’s address. Freed shared photos of family events, visits to local community events, and posts about administrative directives he issued as city manager. When the Covid-19 pandemic hit, he posted policies he initiated for Port Huron and news articles on public-health measures and statistics. Lindke responded with criticism. Freed deleted those comments and eventually “blocked” Lindke from the page.Lindke sued Freed under 42 U.S.C 1983, arguing that Freed violated his First Amendment rights. The Sixth Circuit affirmed summary judgment in favor of Freed. Freed’s Facebook activity was not state action. The page neither derives from the duties of his office nor depends on his state authority. View "Lindke v. Freed" on Justia Law