If you lose your mobile phone with highly confidential and private information on it, all may not be lost. The unscrupulous finder may be prevented from blurting its contents all over the web, even if the identity of that person is unknown to you or the court. It requires considerable input of computer expertise, but it is possible, as the case of AMP v Persons Unknown (cleverly taken in the Technology and Construction Court) illustrates.

The applicant’s mobile phone was reported to the police as stolen after she lost it at university in 2008. It contained digital images of an explicit sexual nature which were taken for the personal use of her boyfriend at the time. The applicant was alone in the photos and her face was clearly visible.

Invoking the right to privacy under Article 8, and the Protection from Harassment Act 1997, she applied for an interim injunction to prevent transmission, storage and indexing of any part or parts of certain photographic images taken from the phone, and an anonymity order under CPR r.39.2(4), which meant that the application, which was heard in private on the basis that publicity would defeat the object of the hearing, would preserve the anonymity of the applicant. Both applications were granted.

Background

The series of events following shortly after the loss or theft of the phone were stressful indeed. The digital images were uploaded to a free online media hosting service that is used to upload and share images. The applicant was contacted on Facebook by someone threatening to post the images widely online and tell her friends about them if she did not add him as a friend on Facebook. Even though she deleted those Facebook messages and blocked the sender, the persecution continued. Her father’s business public relations team were also contacted and allegedly threatened and blackmailed about some images. The images were uploaded to a Swedish website that hosted files known as “BitTorrent” files and were downloaded an unknown number of times by persons unknown. The images were uploaded so that the applicant’s name was appended to each of the images and could therefore readily be searched for when using online search engines. As a result, the link to the BitTorrent files were at the top of the list of search engine searches for her name.

The use of BitTorrent technology raised complex technical issues, which was why this claim was brought in the Technology and Construction Court. This “peer-to-peer” form of file-sharing is a type of technology which is much more difficult for authorities to stop than individual websites that host illegal files themselves. The way the “Bit.torrent” process works is complex but the key thing is that the person downloading files must first download BitTorrent client software. By using BitTorrent client software each user who downloads the file becomes, in turn, a seeder facilitating the distribution of a particular file by allowing pieces of that file to be uploaded by other users downloading the file.

Expert evidence before the court demonstrated how it could be possible to identify the unique IP Address of every computer helping to share the images thereby making it possible to contact their broadband provider to find their name and address. If enough of these “seeders” were contacted and ordered to stop their account being used, it would become harder for anyone to download the pictures.

As far as the claim under the harassment Act was concerned, the judge considered that there was sufficient evidence in this case that the conduct by the applicant’s unknown persecutors caused alarm and distress, thus amounting to “harassment” under the Act (Thomas v News Group Newspapers Ltd (2001) EWCA Civ 1233. Equally, the circumstances of the case were such that X’s identity should be protected under CPR 39.2(4) (para.46).

As a result, the injunction was granted against “persons unknown”, so a forensic computer company instructed by her lawyers could track down anyone hosting the files. Although it was most unlikely that any of the file sharers were outside the jurisdiction of this country, anyone in the EU could be bound by the order.

Comment

It is hardly surprising that the judge upheld the applicant’s claim under Article 8. The leading authority on privacy under the Convention is still Campbell v Mirror Group Newspapers Ltd [2004] UKHL 22, according to which the applicant had a reasonable expectation of privacy both in relation to the explicit sexual photographs which she had taken for transmission to her boyfriend and also of the images taken of family and friends. All the circumstances of the case, including her attributes, the nature of the activity in which she was engaged, the place at which it was happening, the nature and purpose of the intrusion, the absence of consent and whether it was known or could be inferred, the effect on the applicant herself and the circumstances in which and the purposes for which the information came into the hands of the publisher, all engaged the right to privacy under Article 8.

Put in terms of the ordinary common law of confidentiality, information which was stored on a person’s mobile phone would generally be information for which there would be a reasonable expectation of privacy. Whilst rights under Article 8 would normally have to be balanced against those under Article 10, this case was clearly not one where press freedom was at issue. The balance fell strongly in favour of the applicant’s right to have her privacy respected. Since the material at issue could not described as journalistic, literary or artistic material, or conduct connected with such material, the provisions in the Human Rights Act 1998 preserving the interests of the press in claims for interim injunctions (sections 12(2) and s.12(4)) did not apply to prevent an interim order from being made. The users of the BitTorrent client software who were downloading and uploading those digital images had no rights in that information and the information was of a personal, private and confidential nature which the courts should protect. Accordingly, it was appropriate to grant interim relief in the form of an injunction.

The most significant feature of this case is that the claim was brought against “Persons Unknown”. The reason for that is, as Ramsay J explains it,

that until seeders of the relevant digital photographic image files have been identified by way of their IP Addresses whilst they are seeding and their addresses have been obtained from their Internet Service Provider, they cannot be made a party to these proceedings. It is submitted on behalf of the Claimant that the number of potential Defendants and the need to move rapidly to prevent increasing numbers of seeders militates against identifying individual defendants at the present time.

A conventional procedure which required further applications to add additional defendants when they are identified, would be cumbersome and lead to unnecessary costs and time being spent which would be contrary to the overriding objective of anonymity. Instead the judge accepted the applicant’s submission that, by identifying the class of persons unknown by reference to their particular characteristic, namely any person in possession of any of the relevant files containing the images, would be a sufficient description of the defendants to enable them to be served with any order which the court might make. The judge therefore considered it appropriate for the application to be granted in the name of “Persons Unknown”.

According to Professor Andrew Murray, the applicant’s expert on computer technology in this case, the judgment could have far-reaching consequences for social media and the attempt to bring users of it within the reach of the law:

the impact it may have is far reaching in terms of an alternative to orders being sought against essentially unregulatable (for the UK courts) offline platforms such as Twitter or Facebook.

This post originally appeared on the UK Human Rights Blog and is reproduced with permission and thanks