The case of the day is Microsoft Corp. v. John Doe (E.D.N.Y. 2012). Microsoft asserted claims against dozens of unknown defendants, the alleged creators, controllers, and users of the “Zeus Botnets” malware, a malicious computer program that is used to commit various cyber-crimes. Microsoft did not know the identities of the defendants, but its investigation had shown that they were “most likely [to] reside in the Russian Federation, Ukraine and/or Romania.” Microsoft had served process on the defendants via email and publication on the internet. When they did not answer, it sought entry of default.

The court agreed and directed the clerk to enter the defendants’ default. It noted that the Hague Service Convention did not apply, because the defendants’ addresses (and indeed, their names) were unknown, and it noted that the service satisfied the Due Process Clause because it was reasonably calculated in the circumstances to give notice to the defendants in time to allow them to defend.

My only concern about the decision is that it is not really clear to me that Microsoft obtained the judge’s permission to make service by email and publication before making the service, as I think FRCP 4(f)(3) requires. The rule permits service by such other means “as the court orders.” I don’t see an indication in the decision itself or in the docket of a motion for leave to make service by alternate means.