FOLINO v. HINES, 2:17-cv-01584

Plaintiff John Folino filed suit under the Computer Fraud and Abuse Act alleging thirteen unknown individuals accessed his Google e‑mail account without authorization and caused at least $5,000 in aggregate loss.
The only information Folino has are the IP addresses used to access his account.
Folino moved for expedited discovery to serve Rule 45 subpoenas on multiple ISPs (e.g., Verizon Business, Comcast/Time Warner, Armstrong, Atlantic Broadband, Verizon Wireless) to obtain subscriber-identifying information (name, billing address, phone number, service address).
Folino asserted he cannot serve or proceed against the John Doe defendants without that identifying information.
The ISPs can disclose subscriber records pursuant to a court order under the Cable Privacy Act, with notice to subscribers and an opportunity to move to quash.

Issue	Plaintiff's Argument	Defendant's Argument	Held
Whether expedited discovery (Rule 45 subpoenas to ISPs) is appropriate to identify John Doe defendants	Folino: shows a viable CFAA claim, tailored requests, no other means to identify defendants, central need to proceed, minimal privacy concerns	ISPs/Does: (implicit) privacy concerns and right to contest via notice/motion to quash	Granted: court found the five-factor Arista framework satisfied and authorized subpoenas for limited identifying info

Arista Records, LLC v. Doe 3, 604 F.3d 110 (2d Cir. 2010) (establishes factors for early discovery to identify John Doe defendants)