Blogger Identity Theft

[UPDATE:  The blogger in question responds in the comments below and at Frank's original post.  Meanwhile, Mike Madison chimes in.]

We’re all familiar with the sort of identity theft where bad guys steal your personal data in order to get access to your money — or more often your good credit history — for financial gain. But what about those who impersonate others in online communications by deceptively adopting a real person’s name as a pseudonym?

That appears to have happened, bizarrely, to law prof and prolific blogger Frank Pasquale, as he explains at Concurring Opinions. A Blogger page called “The Paris Site” (cute pun) is a detailed gripe site about the local hospital in Paris, Texas and its parent company, Essent Healthcare. According to this news story in the local Paris paper, Essent has sued the anonymous bloggers behind the site for defamation, alleging that the site suggests the hospital is culpable for Medicare fraud and other wrongdoing. The blogger(s) use various pseudonyms, including, at one point, “Frank Pasquale.” The state court judge in the case has ordered a local ISP to provide the real name and address of the site’s proprietor.

This sort of thing occurs fairly frequently online. On political blogs you often see commenters signing the name of elected officials, usually to parody them by making sarcastic or ridiculous remarks in their name. You also see it all the time on sites like AutoAdmit/XOXOHTH, where part of the style of so-called joke is to use other people’s names (or screen names) and turn them into sock puppets. If obvious enough as humor, those may or may not be misleading, but I have little doubt that this sort of impersonation also happens in many contexts that are outright deceptive.

Speaking completely hypothetically, does Frank have a cause of action against the bloggers too?

I think he does. It could be defamatory to attribute comments to Frank that he did not make, at least if they harm his reputation as a trustworthy scholar and blogger. And in states that recognize the tort of appropriation, the unauthorized use of someone else’s name for your own benefit is unlawful. Of course, such litigation would be an expensive and complicated undertaking, and usually not worthwhile. Short of suing, though, the best remedy is, as Frank suggests, regular self-googling. I have been advising people to do this for some time. Even if you don’t actually spot someone stealing your identity, it gives you a sense of how others perceive you when they search for you online — a more important component of your persona all the time.

Finally, two asides about this particular case:

First, we are going to see more and more of these motions to disclose the identity of John Doe defendants in cases involving pseudonymous or anonymous online speech. It seems clear to me that there needs to be a mechanism for plaintiffs who are truly harmed by such speakers to hold them accountable in court (including in legitimate IP infringement cases). On the other hand, it should not be a routine procedural formality to unmask anonymous speakers just because you filed a complaint with some allegations. Our system is extremely lenient toward complaints at the initial or “pleading” stage. There is tension here with underlying fundamentals of civil procedure, because we would need a judge to make some assessments of the lawsuit’s merit at the very outset. This happens to some degree when plaintiffs seek preliminary injunctions, but in those situations at least the defendant is already at the table. There is more work to be done in developing appropriate standards for these ISP subpoenas.

Second, I have not seen the complaint, but based on the newspaper story alone I wonder whether the hospital’s case is very strong to begin with. It seems to allege defamation and violation of patients’ privacy.

On defamation, many of the newspaper’s quotations from the Paris Site seem to be statements of opinion that are not actionable, for example: “This isn’t Nashville or Boston or Dallas or Austin. It is a community that you wounded and are sucking out the life’s blood. We don’t like your style of vampires.” Clearly this is not an accusation that Nosferatu actually works at the hospital in Paris, Texas. The most likely candidate for defamation — again, just going on the news report — is this insinuation: “Apparently Medicare fraud is in the air, and PRMC is looking for a scapegoat. Billing practices from the rehabilitation unit are suspect, as well as vascular ultrasound studies billed by the hospital, but done by unregistered technologists.” I’m not sure, and I’d need to see it in context, but this may also skirt the boundary of defamation if it can be found to raise questions based on reliable information rather than to state flatly that the hospital is engaged in wrongdoing.

As to the patient privacy angle, what gives the hospital standing to sue on behalf of its patients? Not the privacy torts. Not HIPAA, which provides no right to sue (and anyway, a loophole in HIPAA means that individuals who are not “covered entities” cannot be held liable for breaches under the statute, as explained in this DOJ memorandum — the topic of an excellent seminar paper by one of my students last year). Again, I have not seen the complaint, but this does not sound like a slam-dunk case. If it is harassment against a gripe site — if that’s what’s really happening — then I hope these bloggers can find themselves a good pro bono lawyer.

7 Responses to “Blogger Identity Theft”

  1. Mea Culpa, Mea Culpa, I suppose I should have actually googled the name, I did for fac_p. But in setting up the hotmail address, I needed to put something in, so two names popped up from childhood–Frank and Pasquale and I didn’t really notice any cross-over until last year when we ran a post on the telemetry issue with the hospital’s orthopedic floor.

    Really, being a local issue blog, I wouldn’t have thought that a not-quite-piney-woods, East Texas issue would have come to light in such rarified surroundings, but when 45000 4500 [correction from comment below] or so people hit the site in two days, I would say that it has gotten a bit larger than I might have foreseen.

    And, if you will note, I have never tried to pass my self off in his identity, nor have I ever claimed to have a legal background.

    All we wanted was decent treatment for both patients and employees.

    Yes, it probably would qualify as harassment of a gripe site (does that qualify as a legal opinion? I’d better be more circumspect.) Would I appreciate a good pro bono representation? You bet.

    But, hopefully we haven’t gotten there yet.

    A question was asked as to why I didn’t use my given name. In a right-to-work state, you can be terminated for the wrong color socks. We have been threatened with suspension for logging in to the site, or saying that we are running short-staffed. Termination if we posted to the blog anything identifiable. Perfect environment for an underground.

    If I have caused any confusion, except by the newspaper and Essent, I truly apologize.

    fac_p

  2. Sorry, didn’t notice the extra zero. 4500 hits. Accuracy, accuracy….

  3. fac_p: I am a big supporter of anonymous blogging in general. And of course everything I said in the post was hypothetical — I don’t think Frank is suing you. But your comment shows another peril of anonymous speech online: picking the wrong pseudonym!

  4. Now a new fear has raised its head because of the recent federal and the state laws that go into effect on January 1, 2008. For years anyone in the country illegally could (and still can) purchase any type of document on the street from some vendor. These fake documents can range from a Social Security card, drivers license, green card or practically anything else people are willing to pay for.

  5. Why on Earth did you pull my links to the KingCast/Jesseman post?

    http://christopher-king.blogspot.com/2008/03/harvard-law-school-agrees-with-kingcast.html

    There’s information in there now about Fuzzy Zoeller’s case, which was also on point.

  6. I’ve seen this type of identity theft popping all over some of the microblogging platforms such as twitter lately. Interesting to see people try to gain traffic off other peoples identity.

  7. I don’t think Frank is suing you. But your comment shows another peril of anonymous speech online: picking the wrong pseudonym!