Anonymity over for WordPress bloggers?

Article published: Saturday, January 8th 2011

As the University of Salford continues to pursue a former lecturer for libel, MULE can reveal that the Californian company behind the WordPress blogging site voluntarily handed over personal information relating to users – despite their denials. Gary Duke’s supporters claim the move deals a blow for online anonymity.

In the latest twist of the case Automattic Inc, the Californian company which owns blog-hosting website WordPress, has denied breaching its own rules on anonymity for users – in the face of legal documents and the contents of an email from their CEO which indicate the contrary.

The accusation of violating user privacy was first levelled by Dr Gary Duke in December. He alleged the company had handed over personally-identifying information to lawyers for the University of Salford (UoS) in absence of a court order legally requiring the company to do so – and in contravention of the US Constitution.

UoS lawyers had requested an extensive list of IP addresses in order to identify the author of a blog entitled ratcatchersofthesewer, which allegedly defamed members of staff at the University. This would allow them to proceed with a libel case.

An extensive list of IP addresses of all users who had been active on the blog was duly handed over to UoS lawyers.

When contacted by MULE, Automattic CEO Toni Schneider insisted that the information was only handed over on the basis of a valid court order requiring the company to do so.

This is in line with the Automattic’s privacy policy, which states that the company only “discloses potentially personally-identifying and personally-identifying information…when required to do so by law, or when [it] believes in good faith that disclosure is reasonably necessary to protect the property or rights of WordPress.org, third parties, or the public at large.”

However, documents seen by MULE indicate that no such order was granted in a UK court and that large amounts of personally-identifying information were handed over without legal cause.

In an undated note to the High Court in Manchester, Counsel for UoS Simon Vaughans attests that the company “was prepared to make voluntary disclosure of the identity of the websites [sic] creator,” before going on to list the relevant IP address obtained. According to Vaughan’s statement the disclosure also “sets out at length the records regarding the identity of those who have contributed to the blog.”

This is followed by an affidavit signed by Toni Schneider on November 10 certifying the veracity of documents disclosed, in response to a request of records sought by UoS on August 26.

According to these statements presented before the court in Manchester no order was required, as Schneider had already voluntarily handed over a list of all the IP addresses related to activity on the blog.

In a statement to MULE Schneider has since denied to MULE that this is the case, stating “[to say we voluntarily handed over information is] both wrong and damaging to our reputation… [W]e never disclose personal information unless ordered to do so by a court.”

To add weight to their denial Automattic provided MULE with further documents which they say prove evidence of a court order. However, these consist only of an application for a court order by UoS, dated August 26, of which there is no evidence was granted. Duke has argued even if there was an order from a UK court this would have no binding effect on Automattic due to its origin in a different legal jurisdiction.

And in email correspondence with Duke the Automattic CEO appeared to contradict the stated position of the company on the matter, admitting that “I can tell you in general that we routinely respond to subpoenas and court orders in law suits that involve a site that is hosted by us, including international subpoenas (or equivalent). We occasionally refuse to cooperate with a legal request, but we did not see a reason to do so in the case of theratcatchersofthesewers.wordpress.com.”

These revelations come following the latest stage of the ongoing litigation between Duke and UoS.

On December 21 the Manchester Court granted an order requiring internet provider Virgin Media to release details of an account holder corresponding to a specific IP address, one of many on the list earlier obtained by UoS from Automattic.

Duke unsuccessfully argued against the granting of the order, contesting that the disclosure was an illegal act in the first place. He claimed that by handing over the information, Automattic had failed to respect the constitutionally-protected right of free expression, of which anonymity of authorship is an integral part according to a US Supreme Court judgement. He also submitted that an order should be granted forcing UoS to return the list of IP addresses. These arguments were not accepted by the court.

The order means that the IP address of the blog’s originator will be matched to the name of the Virgin user. Consequently UoS will be able to pursue a full libel case in the High Court.

Duke and his supporters now claim that the move by Automattic could have wider repercussions for online expression, as bloggers using the WordPress site cannot be assured of anonymity or privacy. WordPress is a widely-used blogging site and reportedly the internet’s most popular open source Content Management System.

Supporters of Duke are concerned that UoS are now in possesssion of an extensive list of IP addresses of other users associated to the blog, many of whom did not leave comments. One supporter, who did not wish to be named, told MULE: “The University demanded details of all contributors, not just the alleged defamatory contributors. Why should they want that unless they seek to intimidate and victimise their critics?”

Previously a lecturer at the University, Dr Gary Duke was sacked in 2009 for distributing a satirical magazine which lampooned the Vice Chancellor and criticised senior management pay. He is taking his former employers to tribunal for unfair dismissal in March.

Michael Pooler

More: Features

Comments

  1. [...] http://manchestermule.com/article/anonymity-over-for-wordpress-bloggers  [...]

    Pingback by Wordpress Denies Breaching Its Own Rules of Anonymity For Users-Schneider, Mullenweg & Gunderson Dettmer Have a Lot of Explaining To Do on January 9, 2011 at 1:31 am
  2. This is no surprise, really. Never assume you have anonymity on the Web.

    If you’re posting material like this that might come back and bite you then you really should register your blog using false details and *always* use a proxy when posting.

    Comment by Slacker on January 9, 2011 at 10:32 am
  3. Please see this page for more information about anonymity on WordPress.com: http://en.support.wordpress.com/disputes/

    WordPress.com is not an anonymous blogging service. If Mr Duke is the author of the blog in question, he should stand by the words he published and defend himself on the merits of his case instead of asking Automattic to protect and defend his anonymity in court.

    Also, your statement that we (Automattic) released information about all active users of the ratcatchers blog is wrong. In cases like these we only release the minimal information we have about the author of a blog, never the blog’s other users, visitors, or commenters.

    Comment by Toni Schneider on January 9, 2011 at 6:26 pm
  4. The issue at stake here is not of anonymity, it is of privacy and confidentiality. It is also one of truth. Mr Toni Schneider who is the CEO of WordPress has clearly breached WordPress’s own Privacy Policy. Mr Schneider has also breached US law and the First Amendment of the US Constitution. WordPress published Privacy Policy states ‘Other than to its employees, contractors, and affiliated organizations, as described above, WordPress.org discloses potentially personally-identifying and personally-identifying information only when required to do so by law, or when WordPress.org believes in good faith that disclosure is reasonably necessary to protect the property or rights of WordPress.org, third parties, or the public at large’. Mr Schneider personally and voluntarily handed over a list of IP addresses to University of Salford lawyers. In an email to Mule, Mr Schneider then suggested that they only handed over information when compelled to do so by law:
    “we never disclose personal
    information unless ordered to do so by a court.” I have asked Mr Schneider to supply me with a copy of the Court Order. He has not supplied any UK Court Order or subpoena. Mr Schneider would have known of course that a UK Court Order carries no authority in the US.

    I can also confirm that Judge Smith stated at the last hearing on December 21 that there was no UK court order. There was no ‘Letter of Request’ issued by the UK Court which had been requested by the UoS US attorneys. Nor was a US subpoena issued asking WordPress or Mr Schneider to disclose the information.

    Schneider voluntarily supplied the information. In so doing, he has breached the rights of privacy and confidentiality of the author and anyone who posted to the satirical ratcatchers blog. If I had an account with WordPress, given Mr Schneider’s above actions, I would be very worried indeed.

    Comment by Dr Gary Paul Duke on January 10, 2011 at 2:17 pm
  5. Toni Schneider said that WordPress released the information under a Court Order. Schneider has been unable to produce the Court Order – something to do with the fact it doesnt exist? In the absence of Schneider producing the Court Order we are constrained to think that he has lied. In England we call such people liars.

    ESL

    Comment by Eric Longly on January 10, 2011 at 4:56 pm
  6. [...] If you’re posting material like this that might come back and bite you then you really should register your blog using false details and *always* use a proxy when posting. http://manchestermule.com/article/anonymity-over-for-wordpress-bloggers [...]

    Pingback by WordPress Cannot Produce Court Order They Claim Justified Termination of University of Salford Student Blog on January 10, 2011 at 7:10 pm
  7. Thank you for underscoring the illegal activites of this predator blog host that has capitalized on Internet Censorship for Profit.

    I am following this story very carefully as Toni Schneider, WordPress/Automattic and its horrendously unethical attorneys,Gunderson Dettmer Stough Villeneuve Franklin & Hachigian, LLP have used this fraudulent court order strategy for years here in the states.

    Please see the articles I’ve posted at http://erinbaldwin.com pertaining to your story.

    My story: NYSE:UDR Sues Blogger For Defamation, Obtains Fraudulent Injunction & Uses Injunction to Hide Truth
    http://erinbaldwin.com/2011/01/03/nyseudr-sues-blogger-for-defamation-obtains-fraudulent-injunction-uses-injunction-to-hide-truth/

    WordPress Uses Fraudulent Court Orders Claiming Defamation to Silence Bloggers
    http://erinbaldwin.com/2010/12/24/wordpress-uses-fraudulent-court-orders-claiming-defamation-to-silence-bloggers/

    WordPress Denies Breaching Its Own Rules of Anonymity For Users-Schneider, Mullenweg & Gunderson Dettmer Have a Lot of Explaining To Do
    http://erinbaldwin.com/2011/01/09/wordpress-denies-breaching-its-own-rules-of-anonymity-for-users-schneider-mullenweg-gunderson-dettmer-have-a-lot-of-explaining-to-do/

    Good luck and don’t give up!!!!! Let me know how I can help.

    Erin Baldwin

    Comment by Erin Baldwin on January 10, 2011 at 7:27 pm
  8. @Toni Schneider – who asked WordPress to defend Gary Duke’s anonymity in court? You are painting a false dichotomy when you give the impression that your choice was either to defend the case in court or supply the affadavit that you did.

    The correct procedure in Europe for determining whether to supply personally identifying information in conjunction with alleged internet libel is that a court order must be granted which identifies statements which are arguably defamatory and specifically requests user data for the associated author. Even a rudimentary bit of legal research on your part would have revealed this.

    You did not even wait for a court order. Legally, you would not have had to oppose such an order in a Californian Court (were it granted). You would have been entitled to bill the claimants for the costs of compliance. You would not have been risking money, negative publicity or principle if you had followed the correct and well established legal procedures for disclosing anonymous internet data in cases of this kind.

    But you did not do this. You handed over personally identifying data of anybody who had authored the primary content of the blog, regardless of whether or not their contributions were ‘arguably defamatory’. This wreckless disregard for user anonymity may well equate to people being victimised who are not the authors of defamatory content. All because, rather than follow due process, you broke the standards of which you were the chief author and protagonist. If only you had complied, you could’ve held your head high regardless of what happened in the UK Courts.

    Shame on you.

    Comment by UoS on January 18, 2011 at 5:05 am
  9. [...] Hosted by the fabulous network23 collective. Please keep checking back. Automattic – the company that runs wordpress.com – does not claim to offer anonymous blogging, but users might assume that some degree of legal authority would be needed to access the identities of their bloggers. However, Automattic recently handed over the personal data of the owner of a blog criticizing the VC of the University of Salford to the University seemingly without a court order. [...]

    Pingback by Moving! | Alexander Leistiko on January 20, 2012 at 2:47 pm
  10. Comment by Anonymous on March 1, 2012 at 7:04 am

The comments are closed.