Service Via Facebook Shouldn't Always "Count" 80
A New Zealand court has ruled
that a plaintiff can serve papers on a defendant
via a message sent to their Facebook account. Last December, an Australian
court ruled
that a company could serve papers on a couple
after failed attempts to reach them by regular
mail and e-mail. Facebook responded to the ruling with a statement that said,
"We're pleased to see the Australian court validate Facebook as a reliable, secure and
private medium for communication. The ruling is also an interesting indication of the
increasing role that Facebook is playing in people's lives." I think there are two interesting
questions here: (1) Is that really how courts view service via Facebook? And (2) What will
happen if courts do begin to view service via Facebook that way?
As to the first question — the court's endorsement of service via Facebook does not mean
that they think the service is necessarily secure or reliable. Courts often let you serve
papers on a party in a court case via means that are less reliable than normal channels,
provided that you've exhausted the more reliable means first. When I was trying to earn
my way into heaven by suing spammers in Small Claims court, some states allowed corporations
to be served by serving the papers on the Secretary of State in the corporation's home state,
but only if you could prove that you had tried and failed to serve the corporation at their
registered address. In cases where I served the Secretary of State,
it's unlikely that the defendant ever even saw the
papers (since the only thing the Secretary of State could do with them was forward them to the
defendants' address on file, where I'd already tried to locate them), but it still "counted"
because I had exhausted the regular means of serving the documents. Sometimes when serving
an individual, if the sheriff
couldn't reach someone at home, a judge would sign an order allowing the legal papers to be stuck
to their front door (which is neither "secure" nor "reliable"),
but only after the sheriff had been unable to deliver it to them in person.
So a court's endorsement
of Facebook as a means of service doesn't necessarily mean the court thinks that the means
of service is reliable. It just means it's a good last resort when conventional methods haven't
worked.
Facebook is not, after all, secure or reliable, although these limitations are not the
fault of Facebook itself. By "not reliable," I don't mean that it loses or mis-routes messages —
I've never seen that happen — but that you have no idea whether someone has signed in to read a
message,
or deleted it by accident, or lost it among all the other messages that they received. As for
whether it's "secure," like most services, the greatest weakness in Facebook's security is in
the 'forgot your password' feature — if you
compromise someone's e-mail account, then you can have a password reset link sent to their
e-mail address and compromise their Facebook account as well. So your Facebook account is
only as secure as your e-mail account, and e-mail accounts are usually vulnerable in their own
"forgot your password" feature, which often lets you access someone's e-mail account just by
knowing their birth date, their zip code, and the answer to an easy question like "Who is your
favorite fictional character?" And in any case, obtaining "service" via Facebook doesn't preclude
the possibility that the person you served on Facebook was an impostor, or another person who
happened to have the same name.
What would really change the game would be if courts started ruling that service via Facebook
was valid even without first attempting to serve a party via mail or other means.
I had my own experience with a case like this in 2000, when programmers Matthew Skala and
Eddy Jansson released a program called "CPHack" which could decode the encrypted list of sites
blocked by a program called
Cyber Patrol,
so that people who owned copies of the program
could use CPHack to decrypt the list of blocked sites.
(One of the more controversial aspects of such blocking
software is that the list of blocked sites is hidden from purchasers of the program.) A judge
granted Cyber Patrol a
ruling
forbidding the authors from distributing the program, and ordering anyone hosting a mirror
copy of the program to remove it as well. That same day, I received a copy
of the ruling via e-mail from Cyber Patrol's lawyer, ordering us to remove the mirror from the Peacefire
site. I asked a lawyer if that was considered valid service (this was back when I still
thought that a legal question like that always had an objective answer, as opposed to the
question of "valid service" being an entirely subjective one that depended on what judge you
happened to get), and he said that I shouldn't take any chances and should take the mirror down
anyway, which we did. Dozens of other mirror sites, which had sprung up in anticipation of the legal
controversy, were also served with papers, although the overseas ones mostly ignored them.
So this was very different from a ruling
made by the 9th Circuit Court of Appeals two years later, allowing a Las Vegas casino
to serve
an offshore company via e-mail because regular methods had failed. The court in that
case wrote,
"When faced with an international e-business scofflaw playing hide-and-seek with the federal court,
e-mail may be the only means of effecting service of process." But I was a domestic scofflaw
whose mailing address was publicly known (in the WHOIS registration for the Peacefire site). What
was the rationale for allowing me to be served by e-mail?
Unfortunately I think it's probably just a case where the rules were vague enough
that the judge felt entitled to bend them to achieve an outcome that he wanted. The 9th Circuit
didn't leave much doubt as to the level of objectivity in their ruling on e-mail service either, in calling
the defendant an "international e-business scofflaw."
And these are the two main reasons why I think that allowing electronic "insta-service" via
e-mail or Facebook — in cases where parties have not first tried to serve papers via
regular means — would erode the rights of the little guy.
First, in most of the cases I can think of where a powerful
plaintiff was playing "whack-a-mole" with
multiple defendants by using electronic service of process
to shut down new sites as fast as they were springing
up, the goal they were trying to achieve was (a) futile, if half the mirror sites were overseas
anyway, and (b) ultimately incompatible with civil liberties. (Why shouldn't people have the right to decrypt
the list of sites blocked by Cyber Patrol? After the ACLU got involved on appeal, a higher
court ultimately ruled that mirror sites could not be ordered to take down CPHack. The
HD DVD encryption key
controversy is another well-known example.) In cases where
a plaintiff has a legitimate claim against multiple sites — for example, sites that are violating
the plaintiff's copyright by hosting unauthorized copies of content that they own — most service
providers already publish an e-mail address where copyright owners can send a DMCA takedown notice,
and where the copyright owner is risking large statutory financial penalties if they send a takedown notice
that turns out to be baseless. There are no similar protections to prevent abuses of the system
through electronic service of other kinds of legal notices.
The other reason this trend could work against the average person,
is that any vague rule that is not consistently followed by different judges,
puts non-lawyers at a disadvantage in court. Partly because it may confuse non-lawyers who hear that
e-mail service was allowed in one case, and think that's part of "the rules," and then find that e-mail service
was disallowed in another case, and wonder how "the rules" could allow it in one case but not in
another, all the while laboring under the mistaken impression that there actually are "rules" which unambiguously
determine whether or not e-mail service is allowed, when the truth is that it's just up to
each individual judge. But also because every ambiguity in the rules is another opportunity for the
judge's prejudices to influence the outcome.
I do not think that most judges are prejudiced against
people based on race or gender, but I doubt you could find any legal professional who thinks that most judges
would take a case equally seriously regardless of whether it was brought by a professional lawyer or
by a layperson representing themselves. (At one point in my spammer-suing career, I
had only about a
50-50 chance of my
motions even being read.)
So, let's not get carried away applauding judges for being "hip" and "with it" for allowing service
via e-mail or Facebook. And if they start allowing it more frequently, can we at least ask that
they pick one rule and stick with it?
Comment removed (Score:5, Interesting)
Facebook/Myspace (Score:2, Interesting)
Re:Where this can really bite someone (Score:3, Interesting)
Who knows what kinds of messages are sitting in that never-opened inbox; maybe even a subpoena, but I'd never know.
I can top that, I subscribed to a local ISP before getting broadband, after the broadband install I was using fetchmail to fetch email from the old ISP while I was getting everything set up on the new ISP. Then I canceled my old ISP but forgot to remove my old email account from my fetchmail config, and apparently they never removed my old account, which was receiving a continuous stream of spam months later. I only noticed when months later my old provider took down their pop server for scheduled maintenance and I got fetchmail errors all night.
So, should I continue to illegally access my no longer paid for account that has not been removed by my former provider in order to please the court by receiving legal papers, or should I stop illegally accessing my email account thus being in contempt of court by intentionally avoiding reception of legal papers... Hmmmmmm. Luckily was never an issue for me.
Even stranger is I have heard some companies forward former employee email accounts to their former boss, much as they do with phone calls or mail etc.