There’s an old joke among trial lawyers that there’s one crucial difference between a federal judge and God: God doesn’t think he’s a federal judge. It’s all in jest, of course, but such jokes are only funny because judges occasionally give us reason to laugh. On February 15, a California federal judge issued a series of injunctions that brought down Wikileaks.org, a site that describes itself as “an uncensorable Wikipedia for untraceable mass document leaking and analysis,” and which aims to reveal unethical behavior on the part of governments and corporations through anonymous disclosure of “smoking gun” documents. The injunction was the opening move in a suit brought by the Cayman Islands’ Julius Baer Bank and Trust (Julius Baer), which, along with its Swiss parent company, is seeking to prevent the site from disseminating documents which plaintiffs describe as “stolen confidential bank documents and account records.” (Wikileaks, for its part, calls the documents evidence of “asset hiding, money laundering and tax evasion.” What those documents reveal, though striking, is beyond the ambit of this article.)
Shutdown Dynadot, Wikileaks’ Registrar
Rather than simply ordering the offending documents removed, however, the court instead attempted to disable the site altogether by ordering Dynadot, Wikileaks’ domain name registrar, to halt access to the web address. The court then ordered any and all Wikileaks mirror sites, from India to New Zealand, to remove the offending documents and to prevent their further dissemination. It was a sweeping and expansive move that immediately aroused the suspicions of news outlets and bloggers across the web. This was possible since it was treated as a terrorist organization:
Several writers questioned the legal basis of the court’s action. Why wouldn’t the court simply order the documents removed from the site? What about the protections provided to websites and their service providers under Section 230 of the Communications Decency Act (CDA)? Is the publication of these, or other similar documents, protected under the First Amendment? Moreover, does the California court even have jurisdiction over Wikileaks?
Wikileaks never had the opportunity to offer those arguments and questions to the court; Julius Baer’s injunction was granted on an expedited and ex parte basis. Wikileaks will, however, have the opportunity to contest the injunction in a hearing scheduled for February 28. If Bank Julius Baer v. Wikileaks is any indication, similar cases implicating free speech on the internet are bound to appear again. Here’s what Wikileaks — or any web-based organization in a similar position — should consider in forming its response.
Jurisdiction, the power of a court to pronounce or enforce a ruling over a defendant, is a significant factor in the Wikileaks case. Put simply, for a court to have jurisdiction over a defendant, that defendant must either be present in the state and personally served with court papers, or have sufficient “minimum contacts” with the state in which the court sits that the defendant should expect to be sued there. If the court doesn’t have jurisdiction over a defendant, it has no power to rule against the defendant — and cannot compel that defendant to show up in court without violating the Constitution.
Julius Baer’s complaint names several defendants. Listed first are Wikileaks and Wikileaks.org, cited as entities “of unknown form.” Second, the complaint names Dynadot, Wikileaks’ domain name registrar. Finally, the plaintiff includes unidentified individuals “Does 1 through 10,” described simply as those “responsible in some manner for the occurrences, acts, and omissions alleged” by the plaintiffs. Dynadot, a California corporation, is the only defendant that the plaintiffs can conclusively identify, and more importantly, the only one over whom the California court can clearly assert jurisdiction. Jurisdiction over the remaining defendants, on the other hand, rests on very shaky ground. Julius Baer posits, without any supporting evidence, that Wikileaks’ principal place of business lies in California. In fact, it’s a bit more complicated than that. In what reads like the civil procedure exam of nightmares, U.K. newspaper The Guardian reports that the people behind Wikileaks include “Tibetan, Chinese, and Thai political campaigners, an Australian hacking author, and … a mathematician living in West London.” The site itself is hosted by a company based in Stockholm, Sweden. Making matters even more difficult, Wikileaks maintains several redundant mirror sites across the globe — every one of which the court purports to restrain and enjoin from publishing or circulating the documents in question.
To the extent Wikileaks is considered an out-of-state defendant, establishing “minimum contacts” with the state of California promises to be an uphill battle as well. Julius Baer alleges that “not less than 6.4% of Wikileaks’ total world-wide Internet users/visitors are located in San Francisco,” but it appears that no federal court has ever found sufficient minimum contacts to assert jurisdiction over a website based solely upon the source of its incoming traffic. Ultimately, if Julius Baer cannot show why the court has jurisdiction over the Wikileaks defendants, any order by the court to compel Wikileaks to appear would be unconstitutional. As a result, it would not be surprising if Wikileaks simply decided not to appear in court to defend the case at all: without jurisdiction over a named defendant, Julius Baer’s suit against Wikileaks would simply be dismissed.
WHAT ABOUT THE COMMUNICATIONS DECENCY ACT?
The court does have jurisdiction over Wikileaks’ domain name registrar Dynadot due to its operations in California. In any suit against an internet-based organization, a domain name registrar or hosting service will generally be an easy defendant to track down for jurisdiction purposes. But will such a defendant ever actually be liable on the underlying claim? Julius Baer seems to think so, portraying Dynadot in its complaint as Wikileaks’ “agent” and conspiring partner in crime. But if Julius Baer plans on alleging that a web registrar was indeed collaborating with each of its registrants, it has an extraordinarily tough set of facts to prove. (The Citizens Media Law project at Harvard, for example, declared that Dynadot likely bears no liability under Julius Baer’s complaint.)
If, on the other hand, Julius Baer is alleging that Dynadot is acting as “publisher” of the offending documents, Dynadot may be shielded by federal immunity under the Communications Decency Act. Section 230(c)(1) of the CDA provides that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” The Fourth Circuit, in what is currently the most expansive reading of the law, held that such immunity extends “to any cause of action that would make service providers liable for information originating with a third-party user of the service.” It would appear, following this decision, that a “service provider” such as Dynadot — even if it facilitated the publication of a third party’s offending material — would not be held liable as if it published the content itself. So far, so good.
As always, though, there are caveats. The most important of these is that Section 230 does not change a defendant’s liability under intellectual property law. Whether that provision precludes Section 230 immunity in a claim such as Julius Baer’s allegation of unfair competition, however, remains to be seen. The second caveat: Wikileaks itself may enjoy no such immunity at all. Although several scholars have concluded that online encyclopedia Wikipedia enjoys federal immunity under Section 230, Wikileaks may represent different circumstances altogether. Compared to Wikipedia, Wikileaks appears to exert greater control over its content, both in verifying the authenticity of the documents it provides (the site currently claims to have more than 1.2 million documents waiting in the wings) and in affirmatively providing “cover” for those who supply them. If that control is great enough that Wikileaks is considered not merely a “service provider” but a “content provider,” immunity under Section 230 would be lost. In any case, any attempt by Wikileaks to assert federal immunity under Section 230 of the CDA would entail stretching the bounds of that law further than any court has thus far allowed.
IS THE COURT’S ACTION PERMITTED UNDER THE CONSTITUTION?
The most striking aspect of the court’s action, and the most likely basis upon which it will be rescinded, lies in its effect under the First Amendment. Could shutting down an entire website be a constitutionally legitimate means to limit the speech of an individual posting on that site?
The simple answer is no. To begin with, a restriction on free speech before the speech occurs — commonly called censorship, and referred to in legalese as “prior restraint” — is viewed by the Supreme Court as inherently suspect and is seldom upheld. The Court referred to such measures in Nebraska Press Association v. Stuart as “the most serious and the least tolerable infringement on First Amendment rights.” The burden of proof upon the government to sustain such a prior restraint is exceptionally high: in New York Times v. United States, the Court refused to permit the government to restrain news coverage of a classified government study, even though the government claimed publication of the materials posed a threat to national security.
Even more disconcerting is the effect of the court’s action upon documents other than those Julius Baer is attempting to rein in. To be constitutional, a restraint on free speech must be very narrowly drawn, in such a way that it affects only the material that gives rise to the court’s concern. Instead, the California court’s order was so broad as to be altogether unprecedented: Dynadot was ordered to shut down the website address, erase the navigation information that directed traffic to that address, and lock down the IP registration so Wikileaks couldn’t simply move its site to another domain name registrar. Every document Wikileaks might publish, whether related to Julius Baer’s complaint or not, has been shuttered from Wikileaks.org. In effect, the order is akin to shutting down The New York Times and prohibiting all future editions on the basis of one plaintiff’s allegation that it reprinted stolen material in last week’s paper.
Upon review, a federal court is unlikely to uphold any action so broadly restrictive of speech as that in Julius Baer v. Wikileaks. If the attorneys for Wikileaks appear in court to defend the case, they should have no problem reaching the same result. Unfortunately, that doesn’t change the fact that as of this writing, Wikileaks.org remains down. So should websites fear such decisions in the future? Probably not. At the end of the day, a judge’s decision will always be subject to review, whether in the form of a second hearing, as in the Julius Baer case, or upon appeal. In any case, even a site without Wikileaks’ extensive system of mirror sites and foreign servers is subject to the protections of the Constitution — and by the unprecedented mass of readers the internet uniquely provides.