A Doe subpoena is a subpoena that seeks the identity of an unknown defendant to a lawsuit. Most jurisdictions permit a plaintiff who does not yet know a defendant's identity to file suit against John Doe and then use the tools of the discovery process to seek the defendant's true name. A Doe subpoena is often served on an online service provider or ISP for the purpose of identifying the author of an anonymous post.
Legal process 
Unmasking an anonymous online poster is a two-step process. First, the plaintiff must issue a subpoena to the hosting website requesting the IP address of the poster. Most websites collect and temporarily store the IP addresses of visitors in a web server log, although no U.S. law requires that they retain this information for any particular length of time.
If the website provides the poster's IP address, the plaintiff must then subpoena the ISP that owns the address. This second subpoena requests the contact information associated with the account of the computer to which the IP address was assigned at the time the post was made.
Courts do not require the target of a subpoena to provide notice to the person whose identity is sought. The hosting website is unlikely to notify the defendant, as it generally will not have access to contact information; subpoenas for IP addresses are therefore seldom subjected to legal challenge. The ISP, however, may be required by law to notify its subscriber before revealing any personally identifiable information in connection with a subpoena.
A defendant who does receive notice may file a motion to quash, which asks the court to block the subpoena and prevent the ISP from complying. ISPs may also challenge Doe subpoenas on their customers' behalf, but they are not required to do so.
Legal standards 
No uniform standard exists in the United States for determining the circumstances under which an anonymous online speaker may be unmasked. The federal and state courts that have considered the issue have applied a variety of tests.
Summary judgment standard 
This standard requires an ISP to divulge the identity of an anonymous poster if the plaintiff's case would be able to withstand a motion for summary judgment. This means that the plaintiff must "make a sufficient showing on [every] essential element of its case with respect to which it has the burden of proof."
The lead case applying the summary judgment standard is Doe v. Cahill, in which a city council member sued an anonymous poster for two allegedly defamatory blog comments. The Delaware Supreme Court held that the plaintiff had failed to demonstrate that the comments were "capable of a defamatory meaning," an essential element of any defamation claim. As a result, the plaintiff was not entitled to discovery of the Doe defendant's identity.
Other courts have applied a "prima facie showing" test, which functions like the summary judgment test but avoids the "potentially confusing" attachment of a procedural label, since the standards governing such motions may differ depending on the jurisdiction. In Krinsky v. Doe 6, the California Court of Appeals applied the prima facie showing test in the libel context, holding that "[w]here it is clear to the court that discovery of the defendant's identity is necessary to pursue the plaintiff's claim, the court may refuse to quash a third-party subpoena if the plaintiff succeeds in setting forth evidence that a libelous statement has been made."
The prima facie standard was also favored by a New York district court in Sony Music Entertainment Inc. v. Does. The court first found that the Doe defendants, who had used a peer-to-peer network to download copyrighted music files, warranted a lesser degree of First Amendment protection than speakers who engaged in "true expression" intended "to communicate a thought or convey an idea." It then held that disclosure of the Doe defendants' identities was warranted based on a consideration of: (1) the plaintiff's ability to establish a prima facie claim; (2) the specificity of the plaintiff's discovery request; (3) the availability of alternative means to obtain the subpoenaed information; (4) the central need for discovery to advance the plaintiff's claim; and (5) the defendants' expectation of privacy.
Summary judgment standard followed by balancing 
This test provides a higher level of protection to anonymous online speakers, in that it requires a court to first apply the summary judgment standard of Doe v. Cahill and then, if the plaintiff is able to meet its burden, to balance the strength of the plaintiff's prima facie case against the poster's interest in remaining anonymous.
A New Jersey appellate court applied this hybrid test in Dendrite International, Inc. v. Doe No. 3. The court set forth five guidelines for judges to follow in deciding whether to compel disclosure of an anonymous poster's identity: (1) the plaintiff must make good faith efforts to notify the poster and give the poster a reasonable opportunity to respond; (2) the plaintiff must specifically identity the poster's allegedly actionable statements; (3) the complaint must set forth a prima facie cause of action; (4) the plaintiff must support each element of the claim with sufficient evidence; and (5) "the court must balance the defendant's First Amendment right of anonymous free speech against the strength of the prima facie case presented and the necessity for the disclosure of the anonymous defendant's identity to allow the plaintiff to properly proceed."
The so-called Dendrite standard was adopted by the Arizona Supreme Court in Mobilisa, Inc. v. Doe, and most recently, by Maryland's highest court in Independent Newspapers v. Brodie. After reviewing the treatment of anonymous online speech by other state and federal courts, the Maryland court concluded that "a test requiring notice and opportunity to be heard, coupled with a showing of a prima facie case and the application of a balancing test—such as the standard set forth in Dendrite—most appropriately balances a speaker's constitutional right to anonymous Internet speech with a plaintiff's right to seek judicial redress from defamatory remarks."
Motion to dismiss standard 
Some early cases required plaintiffs to demonstrate that their cause of action could withstand a motion to dismiss. This standard holds plaintiffs to a much lower evidentiary burden than the summary judgment standard, as it only requires the allegation of facts that, if true, would entitle the plaintiff to a legal remedy.
A California district court applied this standard in one of the first cases to consider the discovery of an anonymous online speaker's identity, Columbia Insurance Co. v. Seescandy.com. The court analogized the motion to dismiss standard to the requirement in a criminal investigation that the government show probable cause before obtaining a warrant, in that both prerequisites were necessary to "prevent abuse." The court concluded that an anonymous poster could only be unmasked if the plaintiff made "some showing that an act giving rise to civil liability actually occurred and that the discovery [was] aimed at revealing specific identifying features of the person or entity who committed that act." Inconsistent with s motion to dismiss standard, the court also relied on evidence of actual confusion in finding a basis for allowing discovery to identify the anonymous speaker.
Good faith standard 
Under a good faith standard, plaintiffs are simply required to show that their claim is made in good faith and not with the intent to harass the Doe defendant. In an early case, the Circuit Court of Virginia applied this standard in In re Subpoena Duces Tecum to America Online, holding that a court may compel an ISP to reveal a subscriber's identity if it finds "that the party requesting the subpoena has a legitimate, good faith basis to contend that it may be the victim of conduct actionable in the jurisdiction" and that "the identity information is centrally needed to advance that claim." In Doe v. 2themart.com Inc., the U.S. District Court for the Western District of Washington required showing of good faith, as well as the compelling need for the discovery of the identifying information.
Courts and commentators have subsequently deemed this standard the "most deferential to plaintiffs," as "it offers no practical, reliable way to determine the plaintiff's good faith and leaves the speaker with little protection."
Statutory limitations to obtaining IP addresses 
Federal privacy statutes may limit a plaintiff's ability to gain access to an ISP's subscriber records.
Cable TV Privacy Act of 1984 
Under the Cable TV Privacy Act of 1984, a cable ISP may be required to notify its subscribers and obtain consent before disclosing any personally identifiable information, but the statute provides limited exceptions to the consent requirement, including disclosure made pursuant to a court order.
Electronic Communications Privacy Act 
The Electronic Communications Privacy Act restricts government and private access to computer records. Thus, in order to unmask the author of an anonymous post through the legal process, the individual seeking the information must comply with ECPA. There is no provision within ECPA, other than voluntary disclosure or with consent, that allows civil litigants to force an ISP or website to reveal the contents of a user's emails via a subpoena. However, a private party in a lawsuit may force an ISP to disclose non-content records (e.g. the name of the owner of an account, a list of email addresses to whom emails were sent, access times, etc.) through a subpoena. In addition, the government can obtain the records needed to identify the person behind an IP address using a subpoena. In order to obtain more detailed transactional records, the government would be required to obtain a court order by setting forth "specific and articulable facts show that there are reasonable grounds to believe...the records...are relevant and material to an ongoing criminal investigation."
See also 
- Aaron E. Kornblum, Searching For John Doe: Finding Spammers and Phishers (pdf), Second Conference on Email and Anti-Spam (2005). Retrieved on 2009-03-15.[dead link]
- Bills proposed in both houses of Congress in February 2009 would require ISPs and wireless access points to retain records of IP addresses for two years. This proposal, if enacted, would not affect the retention policies of web hosting services, however. See Albanesius, Chloe (2009-02-20). "Bill Would Require ISPs to Retain Data for Two Years". PCMag. Retrieved 2009-03-16.
- Id. at 346.
- Id. at 328.
- See Statutory Limitations to Obtaining IP Addresses.
- See Citizen Media Law Project's Guide to Potential Legal Challenges to Anonymity. Retrieved on 2009-03-15.
- Gleicher, supra note 1, at 345.
- Who's Exposing John Doe Journal of Technology Law & Policy, Vol. 13, No. 1, 2008
- Celotex Corp. v. Catrett, 477 U.S. 317, 323 (1986). Retrieved on 2009-03-15.
- 884 A.2d 451 (pdf) (Del. 2005). Retrieved on 2009-03-15.
- Id. at 454.
- Id. at 466-67.
- Id. at 468.
- Krinsky v. Doe 6, 159 Cal. App. 4th 1154 (pdf) (2008). Retrieved on 2009-03-15.
- Id. at 1172.
- 326 F. Supp. 2d 556 (pdf) (S.D.N.Y. 2004). Retrieved on 2009-03-18.
- Id. at 564.
- Id. at 564-67.
- 775 A.2d 756 (N.J. App. Div. 2001). Retrieved on 2009-03-15.
- Id. at 760-61.
- 170 P.3d 712 (pdf) (Ariz. 2007). Retrieved on 2009-03-15.
- Court of Appeals of Maryland, Feb. 27, 2009, No. 63 (pdf). Retrieved on 2009-03-15.
- Id. at 41 (internal citation omitted).
- 185 F.R.D. 573 (N.D. Cal. 1999). Retrieved on 2009-03-15.
- Id. at 579.
- Id. at 580.
- Id. at 580.
- 2000 WL 1210372, *8 (Vir. Cir. Ct. Jan. 31, 2000). Retrieved on 2009-03-15.
- Krinsky, 159 Cal. App. 4th at 1167; see also Ryan M. Martin, Freezing the Net: Rejecting a One-Size-Fits-All Standard for Unmasking Anonymous Internet Speakers in Defamation Lawsuits, 75 U. Cin. L. Rev. 1217, 1228 (2007) (referring to the good faith standard as "extremely deferential to plaintiffs' allegations").
- 47 U.S.C. § 551.
- See Cahill, 884 A.2d at 455, n.4; but see In re United States, 157 F. Supp. 2d 286, 290-92 (pdf) (S.D.N.Y. 2001) (holding that ECPA, and not the Cable Act, applied to government access of internet subscriber records).
- 18 U.S.C. § 2703(d).
- See O'Grady v. Super. Ct., 139 Cal. App. 4th 1423 (pdf) (2006) (holding that ECPA prohibited disclosure of emails in connection with a subpoena); Fed. Trade Comm'n v. Netscape Commc'ns Corp., 196 F.R.D. 559 (N.D. Cal. 2000) (denying FTC's motion to compel disclosure of customer information because of ECPA); 18 U.S.C. § 2703 (only government entities can force disclosure). But see Flagg v. City of Detroit, 252 F.R.D. 346 (pdf) (E.D. Mich. 2008) (finding that a subpoena can be used to force a party to consent to disclosure).