« Facebook Friendship May Undermine University Disciplinary Board Decision -- Furey v. Temple Univ. | Main | "Electronically Printed" Does not Include Automated Merchant Email -- Shlahtichman v. 1-800 Contacts »
August 16, 2010
Creation of False Blog and LinkedIn Account Targeting Utah Resident Supports Personal Jurisdiction in Utah -- Buckles v. Brides Club, Inc.
[Post by Venkat]
Buckles v. Brides Club, Inc., Case No. 2:08-cv-00849 CW (D.Utah; Aug 11, 2010)
A federal district court in Utah recently concluded that several individuals who were allegedly involved in the creation of a false blog and LinkedIn account targeting a Utah resident are properly subject to personal jurisdiction in Utah. Internet personal jurisdiction cases are not very exciting in my opinion, but this case highlights some interesting issues worth discussing.
Background: Brides Club was formed initially by John Buckles, and employed John's two sons, Brad and Ash. In 2005, Brad purchased the company from John. Following the purchase, Ash continued to work for Bride's Club as an independent contractor. Ash oversaw many technical aspects of the company's operation, including "web site, e-mail marketing, [etc.]" In 2008, Ash's agreement with Bride's Club terminated.
Around the time Ash's contract terminated, Bride's Club started experiencing technical problems, including "problems with its blogs, Web photos, YouTube links, security breaches, and other such disruptions." Brad alleged that Ash caused these problems and "masqueraded as 'E Knight' to conceal that he was the one tampering with Bride's Club's Web site, links and accounts." Brad tried to resolve the issue informally with Ash, including trying to obtain the "needed answers regarding the accounts and passwords," but his efforts were unsuccessful. Ultimately, Brad took the self-help measures that culminated in the lawsuit.
The Alleged Wrongful Acts Underlying the Lawsuit: In 2008, an "impersonating" blog appeared on the internet - the blog was made to look like it was Ash's blog (by including pictures of Ash). One entry on the blog was titled:
Ash Buckles - Mastering the art of bringing [sic] hurtful to me.
The blog also contained a link to a fake LinkedIn account in Ash's name that stated Ash only "had six months of experience in the Internet industry." [In internet terms, how is this harmful . . . isn't six months equal to a lifetime?] The fake LinkedIn account also linked to three domain names (ashbucklesblog.com; ashbuckles.net; and ashbuckles.org) that were not registered by Ash. These domain names were registered in Bride's Club's name through private registration services.
According to the complaint, Brad did not engage in these acts alone. Although Brad admitted he "drafted the text of the blog" (allegedly out of frustration, to send a 'private' message to Ash), Brad testified that he was assisted by Ed Steenman, who registered the domain names and created the blog. (Steenman is a Washington-based advertising agent who owns Steenman Associates, Inc. and who had done some work for Brad.) Separately, one of the other defendants, Munish Sangar allegedly posted Ash's pictures on the impersonating blog. Brad testified that Sangar had no involvement in creating the blog or registering the domain names.
How Did the Blog Injure Ash: Ash testified that he worked in "online marketing [and] search engine optimization." Because the blog contained some nonsensical entries, Ash alleged that the very existence of the blog would hurt his credibility on the internet. Additionally:
Ash testified that in Internet marketing there are 'black hat' methods and 'white hat' methods of doing business. Creation of multiple domain names that direct a person to the same site can be viewed as a dishonorable means of boosting rankings and doing business. Finally, the timing of the blog posting also was allegedly damaging. It occurred seven days before Ash spoke 'at Word Camp Utah, which was published for broadcast around the world.' Consequently, anyone who searched the Internet following the conference for information about Ash and his professional abilities could have seen the impersonating Web site that contained nonsensical language and said Ash was unemployed and has only six months of experience in the Internet field.
Munish Sangar: The court easily dismissed Sangar for lack of personal jurisdiction. The sole evidence of Sangar's involvement was submitted through hearsay - i.e., Ash's and his wife's testimony that "Brad had said Sangar posted pictures of Ash" at Brad's request. The court finds this evidence insufficient to establish minimum contacts and dismisses Sangar.
Brad Buckles: Brad had an uphill battle on the jurisdictional front. He admittedly was involved in creating the fake blog and LinkedIn profile. His sole argument was that since the blog was created in Washington, it did not have any contacts with the State of Utah. The court runs through internet personal jurisdiction principles (including the Calder "effects test" and the sliding scale inquiry based on the level of interactiveness of a website) and notes that although the case involves a blog rather than a magazine or more old school publication, "the medium of communication is not the relevant question." Here, Brad created the profile, knew Ash was a Utah resident and this was sufficient to conclude that Brad undertook acts which were aimed at the State of Utah or the effects of which would reasonably be felt there. Brad also tried to argue that he wanted to "send a message" to Ash. Whatever he argued after the fact, the court rejected the notion that the blog and profile were intended to send a private message. The court concludes that "Brad's conduct was aimed at Utah" and he took action "with the knowledge that the brunt of the injury would be felt in Utah." No big surprise here.
Bride's Club: Bride's Club argued that it was a Nevada corporation and could not be haled into court in Utah. The court rejects this argument, concluding that Brad created the blog and profile, and as the president of a corporation who used corporate resources in undertaking the alleged wrongful acts, his acts could be imputed to Bride's Club. Accordingly, personal jurisdiction was proper over Bride's Club.
Steenman and Steenman Associates: Steenman - according to his own testimony - was involved with the blog. He also registered the three domain names and set up the "false LinkedIn account." For the same reasons that Brad was subject to personal jurisdiction in Utah, Steenman was as well. With respect to Steenman Associates, the court came to a different conclusion. The court determined that there was no evidence showing that Steenman was acting within the scope of his employment at Steenman Associates or furthering the interests of that company. Accordingly, the court dismisses Steenman Associates without prejudice.
[The defendants brought motions to dismiss on personal jurisdiction grounds only and the court's order does not evaluate the complaint on the merits. I don't see a great section 230 argument here, but I wondered whether one or more defendants would try to use section 230 - their efforts will probably be complicated by the contractual relationships in place, among other things.]
As I initially noted, the issue of personal jurisdiction over the internet has been hashed out to death, and I don't think the case is noteworthy for this reason. [It's also not noteworthy because it involves LinkedIn, although this is why it caught my eye.]
So, what was interesting about the case?
First, Brad committed a cardinal error by entrusting password and account information to a contractor that he did not seem to have a stable relationship with. When people conduct business over the internet, often they entrust their technical people or web designers with the task of registering domain names, setting up accounts, and generally controlling the back end of their site. This leaves you exposed from a practical standpoint. (Cf. the Zipatoni case.)
Second, the details of Bride's Club's revenue and lead generation activities are worth noting. In 2008, Bride's Club's total revenue was between $1.5 and $1.7 million. The court did not mention what its profit figures were, but it can be somewhat surprising that a small family owned internet business generated this level of revenue. (Obviously from a Fortune 500 perspective, the figure may not seem significant, but it's probably well above the level of the corner liquor store.) Bride's Club also generated 35-300 "bridal names" (leads) per week. That's a fair number of people who sign up or provide their contact information to receive information from Bride's Club (more than I would have guessed).
Ash's allegations of injury were also interesting. His basic claim was that as an SEO professional, having a blog out there with nonsensical entries and an unprofessional LinkedIn profile could damage him. At the end of the day, he'll obviously have to prove this up, by producing some credible people who testify that they would have purchased services but for the fact that they saw his bogus profile, and evidence that people actually viewed the blog, but it's a testament to the power of the internet in the reputation space that he could even make this argument credibly. The fake blog seems marginally defamatory, but Ash's allegation of harm is that be setting up a non-flattering profile of him on the internet, this harmed his reputation as an internet professional. I'm not sure he would have been able to make this argument five years ago.
Finally, I wonder if there's something to be gleaned from the court's analysis of whether Steenman (and Brad for that matter) were acting on behalf of their respective companies. In both instances, it was undisputed that the individuals had participated in the allegedly wrongful conduct personally, but their conduct was not automatically imputed to their companies. You hear a lot about social media policies and whether companies need them. I don't have a strong position on this yet (I think it's early to tell and use by companies and their employees seems to be constantly changing, so I'm not sure today's policy will serve you well tomorrow). That said, I wonder if a blanket policy that said "you will not create any accounts in the company's name or using the company's resources without email or written approval" would have helped here? I guess if such a policy existed and the President of the company (Bride's Club) used company resources to create the account, the policy probably would not have helped Bride's Club much, but if Brad was a lower level employee and a policy that was reasonably enforced was in place, I wonder if the court would have viewed things differently?
Self help can be a tempting alternative, but as this case illustrates, bypassing a straightforward resolution in favor of a counter-attack on the internet can lead to some rough consequences. This isn't the first case where two parties are battling it out and one party who likely has a legally cognizable injury takes the self-help route which ultimately results in greater liability for this party. It's unclear as to how this lawsuit will play out but it's likely that Brad has spent significantly more money than he would have spent initially resolving the issue through legal channels.
Some related blog posts: