At the centre of the recent media furore about so-called super injunctions and anonymity, the social networking site Twitter has been successfully used to get around High Court injunctions. The tabloid media have always had ways of outing a private story but the use of Twitter exposes not only irony but also misconceptions that US internet companies are immune from UK or EU law. The irony is of course that that the tabloid media oppose vehemently the anonymisation of the various claimants who have sought injunctions but champion the anonymous tweeters who break the injunctions with supposed immunity.

The misconceptions, however, are more significant. Over the last 10 years the law and online procedures have developed significantly so that defamers and other online miscreants cannot always hide behind a veil of anonymity on the internet. The world wide web may be big but it is not the total anarchic free-for-all with no redress for claimants that recent press reports would have us believe. Setting up web accounts, tweeting and posting items online usually requires subscriber information and contact details.  Even if a user chooses to input fake subscriber information, traces are left which can lead to the culprits being identified.  Most importantly, unique IP (internet protocol) addresses are left by internet users, which can lead to their identification.  Accordingly, those who have been defamed on the internet or whose privacy has been infringed can make use of the well-established Norwich Pharmacal jurisdiction whereby a third party can be compelled to disclose information to a claimant if he has “facilitated” the wrongdoing of another.  The third party may incur no personal liability him or herself but has a duty to assist the person who has been wronged by giving that person full information and disclosing the identity of the wrongdoers.

There was much outcry and mockery on Twitter and in the media when CTB applied for an order recently that Twitter disclose the identities of users who had breached the injunction obtained by CTB.  However, the head of Twitter’s European operations subsequently admitted that the website would turn over user information to the relevant authorities if it was “legally required” to do so.  The admission followed comments from the Attorney General, Dominic Grieve, who warned that internet users who breached injunctions were in for a “rude shock” and suggested that it would not necessarily be right to sit back and do nothing to prevent people flouting the law.  This week, Mr Grieve confirmed that he would take action if he thought that his intervention was necessary in the public interest “to maintain the rule of law.” He also said that Twitter users in England and Wales were not exempt from the requirement to observe privacy orders.

As mentioned above, however, requiring third parties to disclose the identity of an online wrongdoer is not a new concept. Over the last 10 years there have been numerous cases brought in which anonymous user identity information has been disclosed by foreign companies and even US companies leading to the identification of the wrongdoer. It is also not unusual or difficult to get disclosure orders abroad for example in France, Canada or the US.

G & G v Wikipedia

In 2009, a Norwich Pharmacal disclosure application was made against Wikipedia. It was reported in the decision of Mr Justice Tugendhat in G & G v Wikipedia [2009].  The applicants, a mother and her young child who were anonymised in the proceedings, successfully sought an Order that the Respondent disclose the IP address of a registered user of Wikipedia.  The material over which they wished to make complaint was private and confidential and of a sensitive nature.

Lawyers for Wikipedia initially referred to Section 230 of the US Communications Decency Act (1996) which they believed afforded the Respondent immunity from civil liability for content the Respondent itself did not originate or develop.  They also made the argument that the Respondent did not operate within the jurisdiction of the English court.  Despite these contentions, the offending material was removed immediately from Wikipedia upon receipt of the Applicant’s complaint.  The Respondent’s lawyers subsequently stated that it was Wikipedia’s policy to release the IP data sought in response to a valid subpoena or equivalent compulsory legal process.  It added:

Without waiving our insistence that no court in the United Kingdom has proper jurisdiction over us as a foreign entity, we nevertheless are willing to comply with a properly issued court order narrowly limited to the material [the Claimants] as for in [their] letter.”

Bacon v Automattic Inc and Wikimedia Foundation

Louis Bacon, an American billionaire hedge fund manager, has made two applications recently for Norwich Pharmacal relief.  He successfully obtained a Norwich Pharmacal Order in December 2010 against the publisher of a Bahamian website.  He also applied last month for Norwich Pharmacal relief against three US based online publishers, including Wikipedia, in respect of defamatory allegations published online. The decision of Mr Justice Tugendhat has been reported here.

Mr Bacon asked the Court to require the US defendants to identify or assist his solicitors in identifying the person or persons responsible for publishing the defamatory allegations.  The central issue has yet to be decided but there was a recent interim hearing before Mr Justice Tugendhat concerning service and permission to serve out of the jurisdiction at which the Judge considered whether a claim form could be served by email on a defendant domiciled in the United States.  The judgment contains some helpful information for claimants looking to do the same as Mr Bacon, including the legal stance that each US defendant adopted upon receipt of Mr Bacon’s complaint.

Interestingly, evidence was submitted by the Claimant’s American lawyer stating his belief that a Norwich Pharmacal order may be enforced in California pursuant to the recently enacted Interstate and International Depositions and Discovery Act, Cal. Code of Civil Procedure Section 2029.100.  In addition, Tugendhat J permitted alternative service of the Claim Form upon each defendant by email out of the jurisdiction even though one of the defendants had not responded to the Claimant’s solicitor’s correspondence.  The Judge said, however, that in future claimants should put before the Court evidence as to whether the method of service they are seeking is permitted by the law of the country in which the claim form is to be served.


Although US companies operate in a different legal climate, it is important to recognise that many US internet companies such as Google, Microsoft and Apple all have European or UK offices.  They are often at pains to downplay the significance of their operations in this jurisdiction but where there has been misuse of their website or email services, it would seem that they will generally not oppose any court disclosure order seeking to indentify the anonymous wrongdoer.

Although many internet companies are based in the US, the internet is not the “Wild West” that many suggest and anonymous lawbreakers may post at their peril.

Lucy Middleton is a solicitor at Carter-Ruck specialisting in defamation, privacy and confidence