Mac Musings

Apple vs. PowerPage: What Does It Mean?

Daniel Knight - 2005.03.14

Last Friday, Santa Clara County Superior Court Judge James Kleinberg ruled that PowerPage's email provider must provide the email records covered by Apple's subpoena. Apple hopes this information will help them identify the person or persons leaking information on their "Asteroid" project.

Subpoenas issued against AppleInsider and MacNN have been allowed to expire.

In this ruling, Kleinberg avoided the question of whether writers on the Internet (often referred to as "bloggers") are journalists, and issue that has been at the heart of most commentary about Apple's recent suits on the Internet.

Instead, the ruling hinges on whether shield laws should protect criminals, such as thsoe who violated their nondisclosure agreements with Apple Computer. This ruling is expected to help Apple identify the source of leaks.

PowerPage's lawyers will appeal this decision.

What Judge Kleinberg Said

Kleinberg clearly distinguishes between the public's right to know about dangerous or illegal activities and the work of rumor sites. "Unlike the whistleblower who discloses a health, safety or welfare hazard affecting all, or the government employee who reveals mismanagement or worse by our public officials, [these websites] are doing nothing more than feeding the public's insatiable desire for information."

In short, in cases where the public interest comes up against Trade Secret law, the public interest wins, but in cases where it's only an interested public, Trade Secret law trumps a free press.

Further, Kleinberg believes that Apple did a thorough investigation and exhausted "all alternative means" of determining who might be illegally leaking this information before filing suit against PowerPage.

If this ruling stands, PowerPage's email provider will have to provide email records to Apple.

What This Means

First and foremost, this means that those who sign nondisclosure agreements and share trade secret information with the press will not have their identity protected by shield laws unless what they disclose is in the public interest. They are breaking the law, and journalists break the law when they protect criminals.

For journalists, this may mean some changes in the way they do business. If they wish to protect their sources, they had better not leave a paper trail or electronic trail (email, Internet chat, etc.) that the courts can subpoena.

For websites and other businesses that use email and chat software, it means being aware of what is being tracked and archived. Does the mail server archive every message processed? Does it keep logs of everything sent and received? Does the chat provider claim a right to chat sessions (AOL does)?

If possible, run your own mail and chat servers so you can control what is and what is not archived. As Steve Watkins warned in Legal Aspects of Network Privacy and Security for Business several years ago,

"Never back up your email server. Despite any benefit you might incorrectly perceive to be derived from this procedure, you are in fact creating one thing and one thing only: evidence.

Anytime you have a backup of your email server, it is subject to subpoena in case of legal action. In layman's terms, this means you will have turn over all backups of your email server to the party suing you. If you have not passed out by this point, read on. Otherwise, lie down, catch your breath, and continue reading when you are sufficiently recovered.

"Having represented both the party who received the email backups (the legal term is called "hitting the jackpot") and the party who was forced to turn over the email backups ("losing your shirt"), I can say unequivocally that, in this scenario at least, it is infinitely better to receive than to give. In a typical company, reference to every secret that the company would not want to be exposed is contained in those backups, not to mention quite a few personal emails that the senders and/or recipients would probably not want paraded about in a courtroom open to the public."

I'm guessing Jason O'Grady wishes he'd done that. By using a third-party email provider, you have less (if any) control over backup and archives.

Depending on how O'Grady corresponded with sources (email, chat, fax, phone, snail mail, etc.) and steps these sources took to cover their tracks (email anonymizers, mailing items away from home and work, using code words and phrases rather than Apple's names for products), Apple may well be able to determine who has been leaking this information and deal with them.

That said, it's very possible that none of these rumor sites have any idea who their sources really are. They may only have an email address or an online ID (AppleLeaker? NDC_Breaker?), and it may turn out that there are no records for Apple to use in identifying the leak.

All this ruling does is require PowerPage's email provider to give Apple the records they request. And if those records are insufficient to identify the sources, you can bet that Apple will try to find other ways to ferret them out.

This isn't over by a long shot.