CastleCops® - Issues Regarding Liability for Providers of Online Interactive Services

By Gerald R. Smith, aka grsamf

Introduction

In recent months, two federal court cases have denied claims against MySpace and Yahoo that sought to recover damages for alleged harm suffered as a result of the interactive web services provided by the two cyber giants. In the first, the Court dismissed a claim against Yahoo by the parents of a minor child whose picture had been posted in the “Candyman” e-group forum hosted by Yahoo. Doe v. Yahoo!, Inc., 35 Media L. Rep. 1435 (E.D.Tex. 12/27/06) (Link). The picture was pornographic and was taken by a neighbor who was a member of the group. The second case came from across the state of Texas and involved a suit by the parents of a 13-year-old girl who had been sexually assaulted by a nineteen year old she had met through his response to her profile, which stated she was18 years old, posted on myspace.com. Doe v. MySpace, Inc., 474 F.Supp.2d 843 (W.D. Tex. 2/13/07) (Link). Both cases relied in large part on the Communications Decency Act (CDA), 18 U.S.C. §230, in finding the defendants could not be held liable.

In the next section of this article, I briefly analyze the facts of each case and the reasoning of the Courts and arrive at the conclusion that the Yahoo case correctly applied the law but MySpace did not. Somewhat paradoxically, I believe that, as a policy matter, Yahoo may have reached the wrong result for the right reasons, but MySpace reached the right result for the wrong reasons. I then turn to several questions that I believe are important for proper determination of what the policies and goals of the law should be with respect to potential liability for providers of interactive web services. Finally, I discuss what I believe the near future holds with respect to what the law will actually become.

The Law, the Facts, and the Cases

The Communications Decency Act was enacted in 1996 and added section 230 to the Communications Act of 1934. In that section Congress found that rapidly developing Internet and other interactive computer services “offer users a great degree of control over the information that they receive, as well as the potential for even greater control in the future as technology develops.” Further, these tools “offer a forum for a true diversity of political discourse, unique opportunities for cultural development, and myriad avenues for intellectual activity.” The Internet and other interactive services “have flourished, to the benefit of all Americans, with a minimum of government regulation.” Along with these findings, Congress stated the policies of promoting continued development, preserving the “vibrant and competitive free market,” encouragement of future development to maximize user control over information received, removal of disincentives for the development and utilization of blocking and filtering technologies that “empower parents to restrict their children’s access to objectionable and inappropriate online material,” while ensuring vigorous enforcement of criminal laws.

The main purpose of the law was to protect Internet hosts and other providers of interactive services from liability for any (1) voluntary action to restrict access to or availability of material the provider considers to be obscene or (2) any action taken to make available means, such as filters, to restrict access to such material.

Almost hidden was a single paragraph that states that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” “Internet content provider” means any person creating information and includes users of the service. This paragraph almost certainly was aimed at protecting providers from lawsuits for defamation, copyright infringement, and similar legal actions. The language of the provision supports this conclusion. Defamation suits may generally be brought against publishers or speakers and copyright infringement against publishers, performers, and others. This was the provision the two cases relied on to dismiss the lawsuits.

The law was probably correctly applied in the Yahoo case. The plaintiff asserted in their complaint that Yahoo was or should have been aware of the pornographic nature of the material posted in the e-group, and given the information provided by the moderator and developer of the group, the claim may very well have been true. The CDA, however, is written in absolute terms and makes no exceptions for the knowledge of the provider of the service. Thus, although the material unquestionably amounted to child pornography, given that the moderator is serving a thirty-year sentence for that offense, Yahoo could not be held liable according to the law regardless of what the plaintiffs could have proven about the degree of knowledge.

The result in Yahoo, although legally correct, seems to me to be unreasonable if in fact the service provider was aware of the nature of the material being posted. The information available does not permit a firm conclusion in that area, although the Court’s opinion did detail the e-group’s description of itself, which would have left no one in doubt about the nature of what was posted there. Indeed, if the facts as stated by the Court were true, Yahoo would possibly be criminally liable under aiding and abetting or accessory laws. It is inconceivable that Congress would have intended that the CDA’s protection would have extended to protecting providers from the consequences of knowingly permitting the posting of child pornography.

The MySpace case, on the other hand, probably applied the law incorrectly, but arrived at the “right” result. Although what was published on the site ultimately led to the sexual assault, it was that act and not any words, images, or other things that were published that led to the lawsuit. Reliance on the CDA’s protection against being treated as the publisher or speaker stretches the limitations of the intent of the law. Nonetheless, the outcome in MySpace was probably correct. Even if the statute does not provide protection against actions of this nature, the precautions taken by the defendant almost certainly would have met the standards of reasonable care, which provide the framework for lawsuits based on negligence.

According to the findings of the Court, the defendant took reasonable steps to inform users of the dangers and to caution them not to increase the danger by foolish actions. “MySpace.com is free to users who agree to the MySpace Terms of Use Agreement. Every new member of MySpace.com, including Julie Doe, agrees to be bound by the MySpace.com Terms of Service, by clicking a check box on the website. MySpace's Terms of Service provide that MySpace cannot verify the age or identity of MySpace.com members and cautions members not to provide ‘telephone numbers, street addresses, last names, URLs or email addresses’ to other members.” Although the protection from lawsuits as a “publisher or speaker” does not appear to be applicable here, finding liability in these circumstances would almost certainly chill efforts of service providers.

Although the Court did consider general negligence principles in addition to the CDA, it concluded that Internet and other interactive service providers have no duty to protect users and that the total responsibility fell on the parents to protect their child. This conclusion raises several questions, which I will examine in the next section.

What Should the Law Be?

When interactive service providers such as MySpace, Yahoo, hosts of web forums, and others invite the public, and often certain segments of the public, to participate in their service, do they assume the responsibility for preventing harm to those who accept the invitation? Does the responsibility vary with whether the service is for profit or non-profit? What analogies may be drawn from the liability imposed on brick and mortar businesses who fail to exercise reasonable care to ensure the safety of their customers?

These are just a few questions that arise within the larger question of who must accept the responsibility when someone is harmed by their participation in online services or by someone else’s participation. That larger question is often answered with one of two extremes, i.e., that providers must always be responsible or that providers should never be held responsible. I do not believe either of these two extremes is reasonable nor does either comport with standards imposed on businesses or service providers in other venues.

As the two cases discussed demonstrate, the issue of providing adequate protection most often arises in the arena of safeguards to protect children from harm. Certainly, the Court in MySpace was correct in stating that parents must exercise responsibility to protect their children. But that platitudinous refrain is meaningless in the face of parents who simply do not accept that responsibility. Do we simply abandon those children who have the misfortune of being born to irresponsible parents and leave them to the tender mercies of predators? Or do we, as a society that recognizes that one of the duties of an organized society is to protect the defenseless, find those standards that will allow the growth of these services but also provide guidelines under which they must operate to minimize the risk? General negligence principles result in liability for damages when a child is injured in many instances that would not require compensation in the case of an adult being injured. For example, an adult who enters a construction site and falls into a hole is generally said to have assumed the risk, while the operator of the site may very well be held liable under the “attractive nuisance” theory if a child falls into the hole.

Interactive service providers should be held to the same standards as any other business, service provider, entity, or individual. I would ask those who fall back on the responsible parent crutch whether they would permit a recreation center catering to young children a free pass if it knowingly or recklessly permitted child predators on staff or even to come onto the premises? If it is totally the parents’ responsibility to protect their children with respect to online activities, must we not impose that same total responsibility in other areas in which a child needs protection?

The other extreme, that providers are always responsible, fares no better. As with any business or other endeavor, even the most exacting care cannot ensure complete success in keeping people safe from harm. Accidents, the ill deeds of wrongdoers, and other circumstances beyond the control or reasonable knowledge of the provider or the injured person often result in blameless injuries. Stuff happens, as they say.

Certainly, the differences between online and “real world” endeavors present a completely different set of circumstances. We have, however, developed standards of conduct that require reasonable care to protect customers and others in providing services in the real world without dampening the participation and growth of such services. We must strive to find the same balance in the realm of online services. Without that balance, we will be faced with shutting down the advancing technology, information sharing, and reliance on interactive services for political, educational, cultural, and entertainment services, or ever increasing harm to innocent victims. Finding the balance is not only something we can do, it is something we must do to protect everyone’s interest.

What Will the Law Be?

As I have said elsewhere, the law is slow to adapt to changing circumstances in the world. This is generally a beneficial phenomenon because laws that are precipitously adopted and easily enforced are more often than not bad laws. The CDA was conceived, debated, and enacted well over a decade ago. The growth of interactive services on the Internet and elsewhere has proceeded exponentially since that time, with opportunities and concomitant dangers that could barely be conceived at the time. Perhaps the biggest danger we face in this area is that when the ponderous nature of the law does permit change, the pendulum often swings drastically and indeed precipitously.

Recently, there have been several developments that indicate that sweeping changes in the law are on the horizon. In Metro-Goldwyn-Mayer Studios, Inc., et al. v. Grokster, LTD, et al., 545 U.S. 913, 125 S.Ct. 2764 (2005), the Supreme Court held distributors of P2P file sharing software may be held liable for copyright infringement that occurs from the use of the software. This reversed a 20+ year trend, dating back to Sony Corp. of America v. Universal City Studios, Inc., 464 U.S. 417 (1984), in which the Court held that Sony could not be held liable for copyright infringement based on the Betamax video recorder. For over twenty years that case was the touchstone for those claiming immunity from suit while providing the means for copyright infringement.

Twice in the last two years, the PERFORM Act has been introduced in Congress. The Act, which I discussed in an article in March 2007, would “require satellite, cable and Internet broadcasters to pay fair market value for the performance of digital music. Additionally, the bill would require the use of readily available and cost-effective technology to prevent music theft.” Along with the Grokster case and other changes that have occurred, the Act signals a shift in the attitude of holding providers of hardware, software, and services accountable for the predictable conduct of those using the products.

These developments will, I believe, continue and their momentum will increase. In the not too distant future, I expect the blanket immunity enjoyed by providers of interactive services will be a thing of the past. We will increasingly see instances of providers being held accountable for the conduct of users and participants. The biggest and most immediate impact will continue to be on software and hardware developers and distributors. Warez and similar web sites are likely to be the next major emphasis, but the popular and heavily used web forums will also come under scrutiny. I expect the CDA will be drastically amended, with forums and other sites being required to exercise reasonable care to protect against copyright infringement, defamation, and other harms.

Although this will place a burden on providers of these services, I do not expect the honest and conscientious provider will have much to worry about. Despite the changes I predict, I also expect the concern for encouraging the growth and development will continue and that the differences between print media and online communications will continue to be obvious. These differences, including the fact that letters, articles, and other material submitted to magazines and newspapers require an active decision prior to publication while online postings do not, mandate considerable differences in the standards of conduct to be imposed. Blatant and repeated defamatory comments, instructions on circumventing legal requirements, easily accessible means to infringe on copyrighted materials, and similar conduct that is permitted unabated, if not actively encouraged, on many forums may be a cause for concern, however.


	2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 209ppm 0.320s (0.006s) Making cybercriminals unhappy since 2002*