The First Amendment does not protect the identities of computer hackers, a New Jersey appellate court held this month.

Warren Hospital alleges that two anonymous individuals hacked into its web and email servers and sent inappropriate and defamatory messages to all hospital employees.  The hospital and some employees filed a civil action against the John Doe defendants for defamation and other torts.  To obtain the true identities of the defendants, the plaintiffs subpoenaed four Internet Service Providers. The anonymous defendants moved to quash the subpoena under the First Amendment.

To decide the motion to quash, the state trial court applied a four-part qualified First Amendment analysis, known as the Dendrite test, which considers whether the plaintiffs identified the defendant with sufficient specificity, whether the plaintiffs made a good-faith effort to serve the defendants, whether the suit can withstand a motion to dismiss, and whether the discovery will likely lead to identifiable information that will enable service of process.  Applying these factors, the trial court quashed the subpoenas.

The New Jersey Appellate Division reversed the trial court’s decision, concluding that Dendrite does not apply because this case involves hacking. The appellate court stated that the anonymous defendants’ alleged actions were “no different than if they had broken into the hospital and spray painted their messages on the hospital’s walls.”  The court rejected the argument “that those who engage in this type of conduct are entitled to cling to their anonymity through a strict or overly-formulaic application of the Dendrite test.”

This ruling is particularly noteworthy because the New Jersey Appellate Division developed the Dendrite test in a 2001 decision, Dendrite Int’l, Inc. v. Doe No. 3.  Since then, many state and federal courts nationwide have adopted the Dendrite test when considering motions to quash subpoenas for identities of anonymous defendants.