Taking Judicial Notice Of Internet Hypertext Transfer Protocol (HTTP) Specification

In considering two cases alleging privacy violations involving two popular Internet sites, Ninth Circuit takes judicial notice of a particular Hypertext Transfer Protocol (HTTP) specification, which provides a protocol used to establish how messages or communications are formatted and transmitted, under FRE 201; the case provides another example of judicial notice of Internet information, in In Re: Zynga Privacy Litigation, _ F.3d _ (9th Cir. May 2, 2014) (Nos. 11-18044, 12-15619)

With increasing regularity, information on the Internet may be the subject of judicial notice under FRE 201. For example, as recently noted in the Federal Evidence Blog, the Eleventh Circuit recently noted an open issue concerning: Taking Judicial Notice Of A Website. As another example of taking judicial notice of Internet information, a few days before, the Ninth Circuit took judicial notice of a particular Hypertext Transfer Protocol (HTTP) specification. HTTP is the Internet protocol used to establish how messages or communications are formatted and transmitted.

Trial Court Proceedings: Dismissing Complaints

The case involved consolidated actions alleging violations of the Wiretap Act and the Stored Communications Act against two popular Internet sites, Facebook and Zynga. The plaintiffs alleged that the sites permitted unauthorized disclosure of confidential information based on the use of Facebook’s User ID (which is unique to each user). Specifically, when the plaintiffs clicked on certain site pages, third parties received their User IDs and which could be used to obtain other information about the user.

The district court ultimately dismissed both complaints alleging federal claims under the Wiretap Act and the Stored Communications Act (both under Electronic Communications Privacy Act (ECPA) of 1986) for failure to state a claim. See In re Facebook Privacy Litigation (NDCA No. C 10-02389 JW) Order Granting In Part And Denying In Part Defendant’s Motion To Dismiss (May 12, 2011); Order Granting Defendant’s Motion To Dismiss With Prejudice (Nov. 22, 2011); Order Denying Motion To Amend Judgment (Feb. 21, 2012); see also In re Zynga Privacy Litigation (NDCA No. C 10-04680 JW) Order Granting Defendant’s Motion To Strike; Granting Defendant’s Motion To Dismiss (Nov. 22, 2011). The separate cases were consolidated on appeal.

Ninth Circuit Judicial Notice

The Ninth Circuit affirmed the dismissal of the federal claims after concluding that the complaints failed to allege that the Internet companies "disclosed the 'contents' of a communication, a necessary element of their ECPA claims." In Re: Zynga Privacy Litigation, _ F.3d at _. In considering the allegations raised by the complaints, the circuit reviewed how computers operated when a user clicked on a link or icon. In doing so, the circuit took "judicial notice of the current version of the publicly-available [Hypertext Transfer Protocol] HTTP specification, RFC 2616, because it is referenced and relied on in the body of the complaint in Robertson v. Facebook, and no party has questioned the authenticity of this document." In Re: Zynga Privacy Litigation, _ F.3d at _ n.2 (citing Marder v. Lopez, 450 F.3d 445, 448 (9th Cir. 2006) ("A court may consider evidence on which the complaint "necessarily relies" if: (1) the complaint refers to the document; (2) the document is central to the plaintiff's claim; and (3) no party questions the authenticity of the copy attached to the 12(b)(6) motion.")).

The circuit then summarized the operation of the activity "when a Facebook user clicks on a link or icon". It is useful to see the context of the discussion:

The hypertext transfer protocol, or HTTP, is the language of data transfer on the internet and facilitates the exchange of information between computers. R. Fielding, et al., Hypertext Transfer Protocol —HTTP/1.1, § 1.1 (1999), http://www.w3.org/Protocols/HTTP/1.1/rfc2616.pdf. The protocol governs how communications occur between “clients” and “servers.” A “client” is often a software application, such as a web browser, that sends requests to connect with a server. A server responds to the requests by, for instance, providing a “resource,” which is the requested information or content. Id. §§ 1.3, 1.4. Uniform Resource Locators, or URLs, both identify a resource and describe its location or address. Id. §§ 3.2, 3.2.2. And so when users enter URL addresses into their web browser using the “http” web address format, or click on hyperlinks, they are actually telling their web browsers (the client) which resources to request and where to find them. Id. § 3.2.2.

The “basic unit of HTTP communication” is the message, which can be either a request from a client to a server or a response from a server to a client. Id. §§ 1.3, 4.1. A request message has several components, including a request line, the resource identified by the request, and request header fields. Id. § 5. The request line specifies the action to be performed on the identified resource. Id. § 5.1. Often, the request line includes “GET,” which means “retrieve whatever information . . . is identified by the” indicated resource, or “POST,” which requests that the server accept a body of information enclosed in the request, such as an email message. Id. §§ 9.3, 9.5. For example, if a web user clicked a link on the Ninth Circuit website to access recently published opinions (URL: http://www.ca9.uscourts.gov/opinions/), the client request line would state “GET /opinions/ HTTP/1.1,” which is the resource, followed by “Host: www.ca9.uscourts.gov,” a location header that specifies the website that hosts the resource. Id. § 5.1.2.

Other request headers follow the request line and “allow the client to pass additional information about the request, and about the client itself, to the server.” Id. § 5.3. A request header known as the “referer”3 provides the address of the webpage from which the request was sent. Id. § 14.36. For example, if a web user accessed the Ninth Circuit’s website from the Northern District of California’s webpage, the GET request would include the following header: “Referer: http://www.cand.uscourts.gov/home.” A client can be programmed to avoid sending a referer header. Id. § 15.1.2.

During the period at issue in this case, when a user clicked on an ad or icon that appeared on a Facebook webpage, the web browser sent an HTTP request to access the resource identified by the link. The HTTP request included a referer header that provided both the user’s Facebook ID and the address of the Facebook webpage the user was viewing when the user clicked the link. Accordingly, if the Facebook user clicked on an ad, the web browser would send the referer header information to the third party advertiser.http://federalevidence.com/pdf/2014/05May/ZyngaPrivacy.OrderDismiss.pdf

To play a Zynga game through Facebook, a registered Facebook user would log into the user’s Facebook account and then click on the Zynga game icon within the Facebook interface. For example, if a user wanted to access Zynga’s popular FarmVille game, the user would click the Farmville icon, and the user’s web browser would send an HTTP request to retrieve the resource located at http://apps.facebook.com/onthefarm. Like the HTTP request to view an ad on Facebook, the HTTP request to launch a Zynga game contained a referer header that displayed the user’s Facebook ID and the address of the Facebook webpage the user was viewing before clicking on the game icon. In response to the user’s HTTP request, the Zynga server would load the game in an inline frame4 on the Facebook website. The inline frame allows a user to view one webpage embedded within another; consequently, a user who is playing a Zynga game is viewing both the Facebook page from which the user launched the game and, within that page, the Zynga game.

According to the relevant complaint, Zynga programmed its gaming applications to collect the information contained in the referer header, and then transmit this information to advertisers and other third parties. As a result, both Facebook and Zynga allegedly disclosed the information provided in the referer headers (i.e., the user’s Facebook IDs and the address of the Facebook webpage the user was viewing when the user clicked the link) to third parties.

In Re: Zynga Privacy Litigation, _ F.3d at _.

Conclusion

The Zynga case provides another useful example how technical Internet information may be the subject of judicial notice. Before any information, including on the Internet, may be taken for judicial notice, the requirements of FRE 201 must be met. For other recent examples of judicial notice of Internet information, consider:

______________________________

Subscribe Now To The Federal Evidence Review

** Less Than $25 Per Month ** Limited Time Offer **

subscribe today button

Federal Rules of Evidence
PDF