
Lawsuit filed against sites that posted Ashley Madison data dump - jstalin
https://www.unitedstatescourts.org/federal/azd/941986/1-0.html
======
declan
I suspect this lawsuit will fail. If I were feeling more cynical I would say
that plaintiffs' counsel knew that and filed it to intimidate some of the
mirror sites into shutting down.

In Bartnicki v. Vopper, SCOTUS held that a radio station had a 1A right to
distribute stolen property--an illegally wiretapped conversation. Because the
recording came to the station over the transom, the station was not involved
in the illegal wiretapping itself, just like the Ashley Madison mirror sites
today.

On the other hand, the Bartnicki court recognized that there were "important
interests to be considered on both sides" and pointedly did not consider
"domestic gossip or other information of purely private concern." In that case
the illegally intercepted conversation was of _public_ concern.

If this ever goes to SCOTUS (unlikely) I suspect it will favor the 1A
arguments because of the unique nature of Ashley Madison. It's not a dating
site for singles, but a service for "discreet married dating," after all,
which necessarily implicates the other person in a marriage. And the current
SCOTUS is probably more 1A-protective than it was in 2001.

Also all the allegations lodged against the mirror sites could be lodged
against news organizations that are reporting on the data dump and naming
names. So the plaintiffs will have to persuade courts to invent a new theory
of liability that sweeps in mirror sites but not news organizations, a non-
trivial task. How about a news organization that publishes hundreds of names?

~~~
bigiain
> because of the unique nature of Ashley Madison

Indeed, the first para of that complaint describes it as:

"the adultery website and dating service known as “Ashley Madison”"

(I can't help but think they've very carefully chosen that specific wording -
probably as part of other arguments they're going to make...)

~~~
FullyInvested
>(I can't help but think they've very carefully chosen that specific wording -
probably as part of other arguments they're going to make...)

Adultery is still illegal in some states[0]. So the argument is likely going
to be that Ashley Madison was facilitating criminal behavior.

[0]
[https://en.wikipedia.org/wiki/Adultery#United_States](https://en.wikipedia.org/wiki/Adultery#United_States)

------
stevebmark
They're attempting to sue AWS and Godaddy? When Viacom sued YouTube claiming
YouTube was hosting copyright infringing material, YouTube won. I hope that
Ashley Madison (represented by this Kronenberger Rosenfeld group) loses this
case and has to pay full legal fees of all parties they're suing, which should
be hefty.

~~~
pravda
I agree -- this seems a real BS lawsuit. But Avid Life Media (owner of Ashley
Madison) is not part of it.

~~~
spacemanmatt
Smart money says Avid Life Media has their greasy fingerprints all over it.

------
nness
So knowing absolutely nothing about the relevant laws of the claim, I went and
looked up 18 U.S. Code § 2315. How do the claimants intend to demonstrate the
value of the stolen goods exceed the $5,000 or more test required by the law?

More important, do they have to demonstrate that the value of the whole dump
to be greater than $5,000 or just the value of their constituent component? I
can imagine that the whole dump would pass the test, but tested individually,
can their records really be worth that much?

~~~
reviseddamage
more interestingly they will have to prove(confirm) that the dump that showed
up is the real one, just in case someone pulls the parody defense.

~~~
nness
I think they also have to prove that these sites actually had their
information and did provide it. Otherwise they're just assuming that their
information was accessible because their information was part of the dump.

Likely though, since there are three claimants and three sites, I'd wager they
all incidentally discovered their details (or maybe were made aware by an
unhappy spouse) and that's how they know their details are actually
accessible.

------
x0x0
the sites whose publishers are being sued are: ashleymadisonpowersearch.com,
adulterysearch.com, ashleymadisoninvestigations.com, greyhatpro.com, plus aws
and godaddy

the first two now redirect to a suicide prevention hotline, but apparently
charged for access, with suggested users individuals, PIs and investigators,
journalists/media, and others

ashleymadisoninvestigations.com seemed to offer $14.99 spouse investigations

greyhatpro charged $150; as of 2015 0920 9pm pst it was allowing email
searches for free

------
nickles
> Indeed, in recognition of the fact that Ashley Madison data contains
> confidential information and constitutes stolen property, a Canadian court,
> the Ontario Superior Court of Justice, issued a restraining order requiring
> several websites and Internet service providers to immediately disable the
> Ashley Madison data, deeming it “offence-related property in respect of
> which order of forfeiture may be made under the [Ontario] Criminal Code.”

Since this suit is being filed in Arizona, will the Canadian ruling hold in
this case? It seems as though the DMCA's safe harbor provision shields the
defendants from liability in this case.

~~~
zaroth
The complaint says they notified Amazon and GoDaddy, and apparently no take-
down resulted, so I think DMCA does not apply. Also, it's questionable if
searching for an email address in a stolen database is a DMCA issue, rather,
the suit is alleging possession of stolen property.

Greyhatpro for example was trying to charge $149 for people to search the data
according to a screenshot in the complaint. Now the site appears to provide
searches for free.

There are a few sites which provide search tools for breaches which I think
are pretty convenient. Breaches are so common it's good to keep a central
record. Can a commercial service monitor a given email address and keep track
of breaches affecting that address? The particular services named in the
lawsuit are quite sketchy, but where do you draw the line?

~~~
nadams
> The complaint says they notified Amazon and GoDaddy, and apparently no take-
> down resulted, so I think DMCA does not apply.

I find that rather suspicious. If you file a proper DMCA request than the
provider must, ASAP, take the content down - regardless of if the content is
actually infringing. This is to protect their "safe harbor" status to make
sure the government doesn't go after godaddy but rather the individual
(rightfully so - godaddy doesn't and shouldn't control or monitor what users
upload on their services). An example of it in use at github [1].

My sneaking suspicion is they either they didn't actually send a DMCA takedown
request or they filed it improperly. Or perhaps the owners of the sites sent a
counter-notice which puts godaddy in the clear and forces these individuals to
sue the site owners (if they wish to have the content removed).

> Can a commercial service monitor a given email address and keep track of
> breaches affecting that address?

I think there is a difference between "here is a text box - enter your
husband's email to check if he is a cheater" and "we will alert you privately
if your email is ever leaked". I don't see any problems with the later.

[1] [https://github.com/github/dmca](https://github.com/github/dmca)

~~~
cft
> If you file a proper DMCA request than the provider must, ASAP, take the
> content down

You are very confused about the nature of DMCA. The provider that receives a
DMCA copyright infringement notification is not mandated to do anything at all
by the DMCA. Having complied with the notice however gives the provider
immunity from a potential copyright infringement lawsuit from the copyright
holder - that is the purpose of DMCA.

About 30% of DMCA notices are defective, and Google for example complies with
less than 70% of the notices it receives.

~~~
nadams
> The provider that receives a DMCA copyright infringement notification is not
> mandated to do anything at all by the DMCA.

Ok sure they don't _HAVE_ to do anything. But if they wish to maintain their
safe harbor status [1] they must remove it when requested. Otherwise the
copyright holder can, and probably will, go after them. Google et al can
safely ignore some number of the notices because they are Google and can send
a swarm of lawyers to defend themselves if they are taken to court. Many
smaller companies don't have that luxury.

> 3) upon receiving notice from copyright owners or their agents, act
> expeditiously to remove the purported infringing material.

I don't know if you have noticed but Youtube and github employ a "take down
now - ask questions later" policy for this very reason. You can file a
counter-notice to get the content reinstated - but you better be sure you are
in the right.

Oh and Google actually complied with 97% of requests between July and December
2011 [2].

[1]
[https://en.wikipedia.org/wiki/Online_Copyright_Infringement_...](https://en.wikipedia.org/wiki/Online_Copyright_Infringement_Liability_Limitation_Act#Safe_harbor_provision_for_online_storage_-_.C2.A7_512.28c.29)

[2]
[http://www.google.com/transparencyreport/removals/copyright/...](http://www.google.com/transparencyreport/removals/copyright/faq/#compliance_rate)

------
venomsnake
I see a popehat lawsplainer soon in the future.

> Plaintiffs’ claims arise out of the recent theft of massive amounts of
> private consumer data, including private stored communications, from the
> adultery website and dating service known as “Ashley Madison” by anonymous
> hackers. Due to the salacious nature of Ashley Madison, this Internet crime
> has been widely reported in the media, both in the United States and
> internationally.

Is there a penalty for lawyers writing bullshit? The data was not stolen, it
was copied and leaked. Also wtf is "Internet crime"

