close
The Wayback Machine - https://web.archive.org/web/20100805065543/http://volokh.com/category/cyberspacelaw/

Archive for the ‘Cyberspace Law’ Category

So says Baldwin v. Fischer-Smith (Mo. Ct. App. July 6, posted on Westlaw a few days ago), in holding that a defendant whose Web page allegedly libeled a Missouri dog kennel could be sued in Missouri. (The defendant’s Web page specifically mentioned that the kennel was located in Missouri.) There’s a longstanding dispute about this question of personal jurisdiction, and the opinion basically just adheres to one side of the dispute; but it’s pretty readable, and might be of interest to people who have been following the issue.

A while back, I posted my early reaction to the SDNY’s decision in the long-running Viacom lawsuit asserting secondary copyright infringement on the part of Youtube. Here’s what I said then:

The case was/is enormously important — Youtube was asserting that it was immune under the Digital Millennium Copyright Act (specifically, Sec. 512(c)) from copyright infringement claims arising out of user postings. Sec 512(c) sets up a “notice-and-takedown” scheme under which website owners are immune from third-party infringements as long as they “respond expeditiously” when notified of specific infringements by copyright holders. Viacom was relying on a portion of the statute that denies the immunity if the website operator has “actual knowledge that the material . . . on the system or network is infringing” OR if “in the absence of such actual knowledge, [it is] aware of facts or circumstances from which infringing activity is apparent . . .” 

The critical question in the case was: given that it is a matter of common knowledge that there’s lots and lots and lots of infringing activity on Youtube, does that make the infringing activity “apparent”? If so, the 512(c) immunity is unavailable for Youtube. The court — correctly, in my view — said no, it does not. The “facts and circumstances” to which the statute refers must be of “specific and identifiable infringements of particular items. Mere knowledge of prevalence of such activity in general is not enough.” Sec. 512, and the other immunities provided in the Act for online conduct, “place the burden of policing copyright infringement — identifying the potentially infringing material and adequately documenting infringement — squarely on the owners of copyright. We decline to shift a substantial burden from the copyright owner to the provider . . .”

One could easily argue that these copyright immunities in the DMCA were a critical feature allowing “Web 2.0″ and “user-generated content” sites (like Youtube, Facebook, Myspace, and many, many others) to flourish. This opinion (though it will probably be appealed) goes a long way to protecting those sites from further attack by the copyright police. Nice work, Judge Stanton! 

In the aftermath of the decision, there’s been, predictably, a backlash from commentators inside (and occasionally outside) the entertainment industry, arguing either that the decision’s not really that important, or that it’s just plain badly reasoned. Ben Sheffner’s piece over on Copyrights & Campaigns criticism of the opinion is thoughtful, but ultimately wrong-headed. Sheffner makes an interesting observation:

Section 512(c) of the DMCA identifies two triggers for the obligation of the host to remove the subject material (if it wants to maintain the safe harbor). First is actual knowledge of infringement (which can be obtained through receipt of a facially valid takedown notice pursuant to Section 512(c)(3)). Second is where the host becomes “aware of facts or circumstances from which infringing activity is apparent.” Id. § 512(c)(1)(A)(ii). This latter situation is known as “red flag” infringement; the idea is that the host can’t claim the safe harbor if red flags are being waved in its face, suggesting the obvious presence of infringing activity. The Ninth Circuit gutted the red flag doctrine in Perfect 10 v. CC Bill, specifically in this thoroughly unconvincing paragraph:

Perfect 10 alleges that CCBill and CWIE were aware of a number of “red flags” that signaled apparent infringement. Because CWIE and CCBill provided services to “illegal.net” and “stolencelebritypics.com,” Perfect 10 argues that they must have been aware of apparent infringing activity. We disagree. When a website traffics in pictures that are titillating by nature, describing photographs as “illegal” or “stolen” may be an attempt to increase their salacious appeal, rather than an admission that the photographs are actually illegal or stolen. We do not place the burden of determining whether photographs are actually illegal on a service provider.

In other words, under Ninth Circuit precedent..., having material identified by its poster as “illegal” and “stolen” is not a red flag that infringing activity is taking place. One is left to wonder whether the panel would have ruled the same way had actual red flags been waved in the defendants’ faces.
Judge Stanton, incorrectly in my view, adopted CCBill’s holding without much analysis, further rendering red flag infringement a dead letter. The statute (and legistlative history) clearly indicate that some form of knowledge beyond that imparted via DMCA notices qualifies as knowledge of “facts or circumstances from which infringing activity is apparent,” thus triggering a site’s takedown obligation (on pain of losing the safe harbor). But after reading Judge Stanton’s opinion several times, I simply have no idea what would actually constitute such “red flag” knowledge. And, again, his opinion does not even scratch the surface of the evidence presented by Viacom on this issue, see, e.g, Viacom Br. at 5–24, 50–56, and explain why none of it would raise a red flag for a reasonable service provider in YouTube’s position. 

Sheffner’s absolutely right — the courts are indeed in the process of making the “red flag” exception disappear. And good riddance to it. 

[Incidentally, there should be a name for this rhetorical phenomenon — where an opponent gives you, in the course of his criticism of a decision, ammunition for strengthening and even expanding its rationale. You see it a lot in dissenting opinions: “Under the majority’s reading of sections 543(c)(1)(ii)–(vi), all a defendant need show to escape liability is blahblahblah . . .” — and then defendants start to argue (even citing to the dissent) that because they can show blahblahblah, they shouldn’t be liable.] 

Sec. 512 is a powerful defense precisely because it sets up a simple procedure: copyright owners find infringing material, they notify the host, the host takes it down, and the host is immune from liability. All steps along the way easily verifiable. “State of mind” inquiries — wasn’t it “apparent” from all the surrounding “facts and circumstances” that such-and-such was infringing? shouldn’t the host have known that? — are out of place here; among other things, they’re preposterously ill-suited to the scale of this problem. It would, I read recently, take you 15 years to watch the content uploaded to Youtube in a single day. What is, or is not, apparent to Youtube’s operators from this avalanche of material is not something we want to be arguing about, and it is not something I want web hosts to be worrying about. Judge Stanton got it spot on — the web host has no duty to act until the copyright owner identifies specific infringing material. 

Do we want a powerful defense like this against claims of secondary copyright infringement on the Net? Damned right we do. I made the point in my earlier posting, and I think it’s interesting enough to reiterate. Virtually all of the wildly-successful 3d-party content sites on the Net — Youtube, Facebook, Twitter, Myspace, Flickr, Google News, Wikipedia, Blogger, . . . — come out of the U.S. Why is that? Why didn’t some college kid in the UK, or Italy, or Brazil, come up with the idea for Facebook? There are, I’m sure, lots and lots of factors at play — but I’m convinced that the existence of the immunity in sec. 512 in our copyright law is one of them. Even if Simon or Allessandra or Joao had the idea, and the technical wherewithal to pull it off, they’d be crushed before they got started — by many things, perhaps, but copyright liability is high on that list of crushers. Sec. 512 has meant that you can put your startup on line — even go to a bank or a VC and get financing — without worrying about potentially devastating copyright infringement liability. We don’t have many legislative successes in the copyright arena, so we should celebrate the ones we have.

[Thanks to Justin Gordon for one of the pointers]

Tags:

As many of our readers know, I have long been fascinated by robotics, and have a particular interest in battlefield robotics and related questions of law.  I felt I was late to the cyberwarfare field — and don’t know enough about it — and so have left it for others.  But robotics ... well!  Robotics and the law, well, well!  However, one of the important features about Predator drones and UAVs as the US has developed them is that they involve important overlaps between robotics and cyber fields, because the UAV has to be controlled somehow from halfway around the world.  If the classic conceptual parts of a robot are

  • gross locomotion and its ability to move and act in the physical world;
  • the brain and computing and processing power; and
  • sensors to bring data streams into the computational resources, so as to figure out how to move and what gross physical world actions to take ...

then, in the case of how the US uses UAVs, we need to add a fourth, the cyber component of communication and control over long distances.  At that point, questions of cyberattack on the robotic system become live.

This brings me to a movie I just watched last night on Netflix, Surrogates — from the comic book series of the same name to the Bruce Willis movie.  It manages to combine robotics with cyber.  Not bad — I thought the critics were overly tough, frankly, but then I have both low standards and low taste in movies.  I liked it.  I think it is a movie that Jack Goldsmith and anyone else working on cyber and robotics issues should see (I will assume that Glenn Reynolds has already watched it ... twice).  With popcorn.

YouTube Preview Image

(Robots as caregivers have suddenly been surging to the front pages of the newspapers — the Wall Street Journal, followed by the New York Times.  I’ll say more about the implications of that later.)

Youtube wins Viacom Lawsuit:

Judge Stanton in the SDNY has granted Youtube’s motion for summary judgment in in the long-running copyright infringement lawsuit brought by Viacom (and, in a nice soccer-related twist, The English Football Association’s Premier League was another (losing) plaintiff). [The full text of the decision is here]

The case was/is enormously important — Youtube was asserting that it was immune under the Digital Millennium Copyright Act (specifically, Sec. 512(c)) from copyright infringement claims arising out of user postings. Sec 512(c) sets up a “notice-and-takedown” scheme under which website owners are immune from third-party infringements as long as they “respond expeditiously” when notified of specific infringements by copyright holders. Viacom was relying on a portion of the statutory immunity, which denies the immunity if the website operator has “actual knowledge that the material or an activity using the material on the system or network is infringing” OR if “in the absence of such actual knowledge, [it is] aware of facts or circumstances from which infringing activity is apparent . . .” 

The critical question in the case was: given that it is a matter of common knowledge that there’s lots and lots and lots of infringing activity on Youtube, does that mean that “infringing activity is apparent” and that, accordingly, the 512(c) immunity is unavailable for Youtube? The court — correctly, in my view — said no, that’s not what it means. The “facts and circumstances” to which the statute refers must be of “specific and identifiable infringements of particular items. Mere knowledge of prevalence of such activity in general is not enough.” Sec. 512, and the other immunities provided in the Act for online conduct, “place the burden of policing copyright infringement — identifying the potentially infringing material and adequately documenting infringement — squarely on the owners of copyright. We decline to shift a substantial burden from the copyright owner to the provider . . .”

One could easily argue that these copyright immunities in the DMCA were a critical feature allowing “Web 2.0″ and “user-generated content” sites (like Youtube, Facebook, Myspace, and many, many others) to flourish. This opinion (though it will probably be appealed) goes a long way to protecting those sites from further attack by the copyright police. Nice work, Judge Stanton!

[Thanks to Justin Gordon for the pointer]

Jack Goldsmith on Cyber War

This week’s The New Republic features a cover story by Harvard Law School’s Jack Goldsmith on cyberwar.  (June 24, 2010.)  It’s a long, serious review essay, using Richard A. Clarke and Robert K. Knake’s new book, Cyber War, as the hook.  But Jack goes well beyond a book review into the rapidly expanding literature on the subject — expanding across technical computer science and engineering, software, security, strategic, and legal lines.  Terrifically well written and intelligent, I strongly recommend it (full disclosure: I haven’t read the book under review) — whether you know the field or are looking to get an overview of it.  One thing is clear, it is not going away.

Years ago I decided my inner geek comparative advantage was in robotics, but I read this essay with particular attention to its discussion of complexity of systems, and just how hard it is to get a handle on cyber systems, and their diffuse, distributed natures:

Many factors make computer systems vulnerable, but the most fundamental factor is their extraordinary complexity. Most computers connected to the Internet are general-purpose machines designed to perform multiple tasks. The operating-system software that manages these tasks–as well as the computer’s relationship to the user–typically has tens of millions, and sometimes more than one hundred million, lines of operating instructions, or code. It is practically impossible to identify and to analyze all the different ways these lines of code can interact or might fail to operate as expected. And when the operating-system software interfaces with computer processors, various software applications, Web browsers, and the endless and endlessly complex pieces of hardware and software that constitute the computer and telecommunications networks that make up the Internet, the potential for unforeseen mistakes or failures becomes unfathomably large.

The complexity of computer systems often leads to accidental mistakes or failures. We have all suffered computer crashes, and sometimes these crashes cause serious problems. Last year the Internet in Germany and Sweden went down for several hours due to errors in the domain name system that identifies computers on the Internet. In January of this year, a software problem in the Pentagon’s global positioning system network prevented the Air Force from locking onto satellite signals on which they depend for many tasks. The accident on the Washington Metro last summer, which killed nine people and injured dozens, was probably caused by a malfunction in the computer system that controls train movements. Three years ago, six stealth F-22 Raptor jets on their maiden flights were barely able to return to base when their onboard computers crashed.

The same complexity that leads to such malfunctions also creates vulnerabilities that human agents can use to make computer systems operate in unintended ways. Such cyber threats come in two forms. A cyber attack is an act that alters, degrades, or destroys adversary computer systems or the information in or transiting through those systems. Cyber attacks are disruptive activities. Examples include the manipulation of a computer system to take over an electricity grid, or to block military communications, or to scramble or erase banking data. Cyber exploitations, by contrast, involve no disruption, but merely monitoring and related espionage on computer systems, as well as the copying of data that is on those systems. Examples include the theft of credit card information, trade secrets, health records, or weapons software, and the interception of vital business, military, and intelligence communications.

This drew my attention in part because of my interest in complexity and complex systems interacting one another in another part of my work — finance and financial regulation.  Duke’s Steve Schwarcz and I are doing a book on financial regulation reform, and our approach — in a field currently getting saturated with books on this very topic — is to offer pragmatic, basic heuristics, rules of thumb, really, for how financial regulation needs to be designed.  Not some super deep conceptualization, but something much more practical.

The same pragmatic assessment applies to diagnosing What Went Wrong, so to speak, in financial regulation.  We have settled on the three homely, but still useful, categories of complexity, complacence, and conflicts (cupidity we take for granted).  They’re useful because they’re homely.  Complexity hides conflicts that undermine basic duties of loyalty, and breeds complacency that undermines basic duties of care, and they feed back into the development of more complexity.  They stoke each other.

Professor Schwarcz has a Washington University Law Review paper on the issue of regulating complexity in finance and financial regulation, from which we are drawing for the book.  I recommend it, partly for those interested in financial regulation issues and complexity — but I also recommend it as a way of thinking comparatively about complexity in other settings that cross-weave technological and legal-regulatory divides.

It’s been a pleasure to blog this week.  I hope you’ve enjoyed this conversation and I’d love to continue it.  If you’re interested in reading more, check out our book, Wild West 2.0.  It is the most-discussed Internet policy book of 2010 (Jimmy Wales called it “an invaluable guide” to the “brave new world of the Internet”) and it sold out Amazon.com once already.  Or, contact me directly through my site at davidcthompson.com.  Thanks again to Eugene and the whole Volokh Conspiracy for inviting me to participate this week.

This week, we’ve discussed the “Wild West 2.0” metaphor for the Internet.  Today, I’m going to present a few quick ideas that didn’t make it into this week’s posts.   I don’t have enough space to flesh them all out, but I hope to provoke some thoughts and discussions that will continue beyond this week.

What will widespread surveillance and facial recognition do to privacy? 

It’s always been the law in the U.S. that images you take in public are yours to use non-commercially.  There are a few exceptions around security, peeping Toms, and so-called “upskirt” photography, but basically you can take a photo from any public place and make any non-commercial use of it.

There are good reasons for this policy, ranging from a basic respect for the free press and free expression, to the First Amendment.

But, today, facial recognition is quickly becoming available on a wide scale.  For just one example, an application called Face.com allows Facebook users to use photo recognition to find their friends in photos (even if they have not been tagged, or if they have removed their tag).  Using the tool, it’s often possible to find hundreds of untagged photos of your friends (or yourself) posted by other people.

The Face.com developers just released an API (programming interface) to allow other websites to use the same technology.  So far, Face.com has restricted use of the technology to known faces, but nothing technological prevents them from using their database of hundreds of millions of Facebook photos to identify millions of people in public photos.

The results of just one company unleashing photo recognition on the Internet could be huge.  There are more than 3 billion photos on the site Flickr.com  , and billions more in the unstructured Web, on sites like Facebook, and in automated surveillance systems (every time you walk past a security camera, imagine your name being logged).

The figures above don’t even count the fact that some forms of advocacy corporate surveillance would increase in a world with easy facial recognition.  Why would anti-abortion groups not photograph every person who walks into an abortion clinic, use facial recognition to identify them, and use public name-and-address databases (see below) to target mailings (or harassment) to each person’s home?  Why would anti-gay advocates not do the same for people who frequent gay bars, or liberals target “Tea Party” activists, or statists target libertarians, etc?  Or insurance companies outside bars to monitor drinking and driving, smoking, or any other risk factor that could increase rates?

What does this mean for privacy?   If the freedom to take and post photos cannot or should not be changed, should there be regulation of the uses of facial recognition software?  Should it be a privacy tort to publicly identify private citizens by name if they are walking into an abortion clinic, a gay bar, a Tea Party rally, a divorce lawyer’s office, a police station (to “snitch”), or a substance abuse treatment facility?  What does it mean when Google indexes a list of these names and it comes up first for a search for your name?  How will it affect job prospects, inter-personal relations, and more?

Will we all just get over it and not care that our friends are getting abortions or divorces?  Will anti-gay groups get over the fact that some people visit gay bars?  Will political opponents stop harassing each other?   I hope so, but my hopes are dim.

The end result might be that we all wear low-fitting baseball caps each day, or the aptly-named “FlickrBlockrs” sunglasses that started as an art project but might fill a real need.   But should individuals have to proactively monitor their public image so fiercely?  (Read more about our ideas for privacy in the book, Wild West 2.0.)

Will the future allow a binary public/private distinction?

Right now, the law generally recognizes facts as “public” or “private” with very little gray area in between.  This has caused problems in the Fourth Amendment context, where seemingly-private facts (like your bank account information) are not considered “private” for Fourth Amendment purposes (thanks to the “third party doctrine,” the government simply ask your bank; many scholars find this doctrine problematic).

The Internet sharpened this problem by making “public-but-obscure” facts readily available online.  Privacy interests were often supported by practical obscurity; a court may have a list of all cases and convictions, but very few people bothered to trudge to the courthouse to find out.  The county clerk’s office may have a hardcopy list of home owners and their property values, but nobody actually checks.

But online, these records are being rapidly digitized and made searchable.  And because they are all “public” information for privacy purposes, there is currently no restriction on how the information can be displayed.  So far, no case of which I am aware has held that online “white pages” or “dossier” sites (like Spokeo.com, WhitePages.com, Intelius.com, and many others) cannot create a dossier of private-seeming information like your income, hobbies, credit score, home address, phone number, political contributions, and more—just so long as each data point was drawn from a “public” source.

The result of the end of practical obscurity has turned a lot of privacy upside-down.  Criminals now routinely use public records databases for identity theft purposes (itself illegal, but hard to catch), to stalk their victims at home (same), and to identify candidates for burglary or other attacks.  Millions of people (below) now casually flip through their neighbors’ dirty laundry online, ranging from bankruptcy filings to property records to divorce records.  Maybe this information has always been “public,” but it was never so readily available.

Will the law continue to recognize only “public” and “private” information?  Or will it develop shades of gray to recognize that obscurity can protect privacy while allowing “legitimate” uses.  Scholars have discussed ways to limit data like property records to their original purpose (making sure property taxes are apportioned fairly) by encouraging states to strip names from the data before publication; of course, this works only if there are no other records that correlate names to addresses.  Will that be enough?  Or is it a good thing that all these facts are public?

Does the Law Recognize the 300 Million Little Brothers Problem?

The section above should suggest it, but her it is expressly: we no longer live in a nation of Big Brother; we live in a nation of 300 million Little Brothers.

Much of our law is based around fear of surveillance by the government (Big Brother).  The Fourth Amendment is the easiest example; it is based around a fear of an overly intrusive government acting in its role as sovereign.  Statutory law like the Electronic Communications Privacy Act also seeks to protect individual privacy against the government.  And laws like the Stored Communications Act and HIPPA prohibit corporations from revealing certain information about you.

But now an equally real risk is 300 million Little Brothers.  We’ve moved from the Panopticon—where the guards can see everything—to a suburb of glass houses where everyone can see each other.  This is a powerful development for politics (we can now watch the watchers), but it has changed inter-personal privacy as well.  What laws (if any) should be updated to reflect this new reality?  Or should we all just get used to living in public–to quote Google CEO Eric Schmidt If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”  The power of the Internet is increasingly moving toward making sure that everybody knows what everybody does.  Is this the right direction?

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.

Thanks again for the great responses in comments.  I’ve learned a lot about how people think about the Internet of 2010 and whether it fits the “Wild West 2.0” model.

On Monday, we discussed why the Internet of 2010 resembles the closing of the Wild West frontier.  On Tuesday, we talked about whether CDA 230 is appropriate for the Internet of 2010.  Yesterday, we talked about why CDA 230 is a subsidy to online libel.

Today, I want to present some ideas to preserve the best parts of anonymous free expression, while fixing the subsidy that Section 230 of the Communications Decency Act gives to libelous speech.  I’d love to hear your thoughts.

Online Anonymous Speech is a Good Thing

Anonymous online speech can be powerful and beneficial.  You are free to leave anonymous or pseudonymous comments on this site, which encourages free discussion of political issues.  Protesters in Iran can spread ideas, corporate whistleblowers can speak out, and the government is deterred from at least one form of intrusion into personal life.  On a personal level, you can explore your identity, research controversial causes or issues, or just vent frustration.  All of these are good things and worthy of preservation.

But in the offline world there is also accountability for anonymous speech that is libelous or invasive of privacy.  By taking control of the media away from The New York Times and putting it in the hands of individual bloggers, the Internet have empowered free expression and opinion, but also empowered hundreds of millions of people to anonymously libel each other and invade each others’ privacy.

Updating the Assumptions Underlying CDA 230 

CDA 230 was based on a number of guesses about how the Internet of the then-future would work.  We’ve had almost fifteen years to test those assumptions.

To give a little perspective, in 1996, when Section 230 of the Communications Decency Act was passed, the first search engines like AltaVista and Lycos were just getting started, the Google founders were still in college, Netscape Navigator was the most popular browser, the first version of Microsoft Internet Explorer had just been released, and OS/2 was considered a viable operating system.

In 1996, many people assumed that CDA 230 was necessary to a functioning Internet.  They believed that if hosts* had any liability (under any circumstances) for any content, they would stop providing platforms for user interaction.  * I use “hosts” to mean primarily websites that host user-generated content, like Facebook, discussion forums and blog hosts. 

But in fifteen years of experience, we’ve seen that CDA 230 is not required for a thriving Internet.  Europe does not have a statute equivalent to CDA 230, the U.K. has stricter libel laws than the United States, and Directive 2000/31/EC requires EU member nations to enforce libel laws online.  But some estimates suggest that Internet use is actually higher in the U.K. than the U.S.  The same goes for Japan (hosts may be liable if they have knowledge of libel, higher Internet use than the U.S.) and Canada (hosts immune only if “innocent dissemination,” higher Internet use than U.S.).  Fast-growing nations like Brazil have experienced ten-fold increases in Internet use in the last decade, even without a local version of CDA 230.

Many people like the “Internet routes around  damage” metaphor to claim that CDA 230 is irrelevant. But right now, the US is the only major country with CDA 230 immunity.  There will always be jurisdictions like Sealandia, but the vast majority of the commercial Internet is based in the U.S., E.U., and Pacific Rim.  There will always be Freenet-type projects that evade all jurisdictions and have no commercial connections, but the vast majority of the network relies on advertising dollars.  And the mostly-effective U.S. online gambling ban suggests that the legal regime does matter after all.

We can also learn from the DCMA: we’ve seen that over-use of DMCA takedowns can lead to chilling effects.  (disclosure: My employer, ReputationDefender, does not send DMCA takedown notices.)  But we’ve also seen that even despite periodic abuses of the DCMA, the user-generated Internet has bloomed.  The DMCA did not, despite itself, kill the Internet.

The drafters of CDA 230 worked in an era when a user’s ISP and forum host were the same.  The Prodigy case led directly to CDA 230.  The cased turned on the actions of a Prodigy subscriber on a Prodigy-run message board inside Prodigy’s “walled-garden.”  Back then, it would have been easy to find the original defendant: Prodigy ran the forums and had a billing relationship with every poster.  The same was true of services like CompuServe and AOL.

Today, there is no connection between ISP and content host.  Instead of Prodigy serving as both ISP and forum host, today Comcast (as ISP) has no relationship with BlogSpot (as content host).  Because of the separation, it became near-impossible find the original defendant in many online libel cases.

Another faulty assumption of CDA 230 is that it would encourage websites to filter their content and produce a more civilized online world.  In the Prodigy case, the service as found liable in part because it selectively removed some libelous and obscene comments (the court: “Prodigy’s conscious choice, to gain the benefits of editorial control, has opened it up to a greater liability”).  The hope for CDA 230 was that, by removing any penalty for taking editorial control, more sites would exercise discretion and remove harmful content.

Of course, the last 15 years have taught us that CDA 230 has been used to support immunity for inaction as much as action.  Many sites have taken the grant of immunity intended to encourage editorial control and used it to abdicate responsibility.

Finally, CDA 230 is a law that assumed the Internet needed a subsidy to grow.  Almost fifteen years of open frontier Internet later, the Internet is approaching maturity (or at least its petulant teenage years) and it is questionable whether the Internet now deserves a special subsidy that no other form of media gets.  Even if the CDA 230 subsidy made sense in 1996, the assumption does not hold in 2010.

Market Solutions are Part of the Answer, But Not All of It

We’ve already seen some market influence toward record-keeping, such as the trend toward services like Facebook Connect.  Sites use identification to discourage users from abusing other users.  But as long as there is no barrier to entry and as long as humans love scandal, the market will not be able to fully correct for the race-to-the-tabloid-bottom effect of sites that benefit from the libel subsidy and encourage users to attack others.

There are also commercial services that help victims recover from online attacks, but these also do not substitute for a legal regime that discourages attacks in the first place.  (Disclosure: My employer provides services that help people build their online reputation before it is damaged, recover from attacks, keep their personal and professional lives separate, and protect their privacy.)  These services can be expensive, some forms of attack can never be fully eliminated, and mitigation does not take the place of prevention.  They cannot replace the proper legal regime, even if they help mitigate damages after the fact.

A Proposal to Keep the Best and Jettison the Rest

How do we keep the best parts of online anonymous speech while jettisoning the ability of site owners to actively encourage libel or invasion of privacy?

This is not a balance between anonymity and accountability.  There will always be anonymity online thanks to services like Anonymizer and TOR.

I propose an opt-in system for web hosts:

Hosts that make a good-faith effort to keep sufficient records to locate content creators are granted CDA-style immunity, even if they have knowledge of liability-creating content.  Sites that do not keep records are immune unless they know that there is liability-creating content.  Good-faith attempts to filter shall not create knowledge liability for what is missed.

The system preserves the right to speak anonymously in both cases; nothing requires sites to reveal any information except on subpoena.  The system still allows sites to choose not to keep any records; if a site wants to allow completely anonymous interactions then it may do so.   No liability is ever imposed without knowledge of the content.  And the original goal of CDA 230 (to fix the filtering glitch in Prodigy) is respected without creating another race-to-the-bottom.

The system preserves First Amendment and free expression values while also respecting the right of non-speakers to privacy and quiet solitude.  It removes a subsidy to libel, and puts the Internet on even footing with other forms of media.  It is technologically neutral, and imposes no new burdens on sites that don’t currently have knowledge of liability-creating material.  And it harmonizes US and foreign law, to make cross-border websites easier to maintain.

Tomorrow: Future Problems in Reputation and Privacy

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.

Tags: ,

In the early Internet, it was impossible to find isolated references to people, places, and things.   Many users navigated using directories like the original Yahoo, and early search tools like Gopher (structured documents) and Archie (FTP) were limited .

The search engines changed everything.  Starting with Lycos and AltaVista, information was freed from obscurity.  Suddenly, no matter where on the Internet your name might be mentioned, a search engine could find it.

On Monday, we discussed why the Internet is a new frontier.  On Tuesday ‚we questioned whether Section 230 of the Communications Decency Act of 1996 still fits the Internet of 2010.  Today, I’ll explain how the rise of search engines since 1996 has changed reputation and privacy, and why CDA 230 subsidizes libel by preventing speakers and facilitators from internalizing the costs of their actions.

Google Has Changed How Information is Consumed

I don’t think Google is evil.

But Google is far from perfect.  Google creates the illusion that just ten search results reflect some meaningful judgment on a person’s life.  For example, the top five Google search results for any search term get 88% of the clicks.  The over-attention given to the first few Google results is partly user error, but it’s also a form of rational ignorance on the part of searchers: Google gives good enough results most of the time, so there is little incentive to look deeper.

The attention given to the first few Google results would be fine if Google always provided accurate, balanced, and relevant information.  Unfortunately, it doesn’t.  Google has no way to measure whether websites contain information that is true, fair, or proportionate.  Instead, Google uses rough heuristics—most notably the number of links to a page—to try to calculate a page’s popularity.  Popularity substitutes for relevancy, often with comical results (remember “miserable failure?”).

Online, Google search drops users onto a website with no context or history of the site.  There’s no indication whether a site is a parody (witness Salon being fooled by Landover Baptist), populated by anonymous trolls, a personal rant, or anything else.  Of course, it is possible for users to perform this research for each and every site they visit–but the evidence is that they simply don’t (witness the Times of London being fooled by anonymous postings on a soccer website).

Rational ignorance?  Possibly. Through experience, I’ve learned with law-related sites are reliable, which are tabloid, and which are garbage—but I haven’t had reason or opportunity to do the same for medicine, sports, fashion, or any of hundreds of other areas, and it’s questionable whether we should subsidize it further.

Google has Leveled the Playing Field – For Better and Worse

Google has elevated the ramblings of a lone speaker to the same visibility as the New York Times.  This is a wonderful development for politics and freedom.  It is a frightening development for personal privacy.

In the old days, the major media (think New York Times) was very unlikely to write about you.  Your privacy was generally at the mercy of your neighbors and acquaintances—who often had to stake their own reputations when they chose to attack yours.  If something rose to the level of defamation, it was usually easy to find the defendant and fight it out in court.

But today, anybody with a blog can (and all too often does) smear you, defame you, or invade your privacy.  Their motivations are many: politics (if you read VC, you might have strong opinions), envy (think job promotion), mischief (think 4chan), etc.  If you don’t have a big presence in Google before being attacked, Google will inevitably find the smear and bring it to the top of your search results: and tabloid material often rises to the top of a Google search because it gets the most clicks and attention.

This mechanism takes place even if the same content offline would undoubtedly be considered libelous or invasive-of-privacy.  (If you disagree with offline liability for libel and invasion of privacy, you probably won’t agree with this either.)  In many cases, you can’t find the original poster (it would take a lawyer, two subpoenas, and months).  The host shrugs and says “CDA 230, not my problem” and rationally declines to name the creator (his customer).

Further, online defamation and privacy invasions can outlive the original speaker.  In the offline world, most libelers stop once they are found.  Online, hosts need not remove libelous or privacy-invasive information even after it has been found to be liability-creating.  “Zombie content” lives on even after the original creator wants it gone (much to privacy advocates’ chagrin, Facebook does not delete all content when you delete your account), or even if the original creator has passed away or gone offline.

This has real consequences for real people.  Consider false-but-hard-to-disprove allegations.  How do you respond if a political opponent, a personal enemy, or simply a random stranger creates a blog claiming that you harassed or had an affair with a subordinate?  What do people think when they see that in the first three Google results?  It’s true that more speech can help push the false information down in search results, but it is near-impossible to prove the negative.  And once that seed of doubt is planted (“did Obama shake hands with the President of Iran?” “was Kerry at a rally with Jane Fonda?”  ) your name is forever tarnished.

Or consider the case of true-but-private information.   Some anti-libertarians may question the Fourth Amendment by asking “If you have nothing to hide, then why should you care if we search you?”  But should we cede our privacy so easily?  What if a “peeping tom” photo of you ends up at the top of a search for your name?  Your daughter’s name?  It may be clearly illegal offline, but that doesn’t stop it from being distributed online without recourse.

CDA 230 Removes the Internalization of the Cost of Libel

I agree with commenters who have pointed out that stopping free speech online is (1) impractical, (2) inconsistent with the First Amendment, and (3) a bad idea.

But, consider how CDA 230 is subsidizing libel.  Speech liability (libel, slander, invasion of privacy, etc) exists to make sure that a speaker can’t impose certain forms of harm on others (unfairly ruining a reputation) without feeling some cost herself.  In the offline world, this risk of speech liability is largely internalized by the speaker and knowing facilitators: would-be authors of libelous publications know that they will be found and sued, and newspapers stop running advertisements they know to be false in order to stay out of court.

But online, the speakers often disappear thanks to anonymity and the lack of effective record-keeping by hosts.  And, thanks to CDA 230, hosts suffer no liability even if they know that users are using the platform to defame others, profit from the resulting tabloid attention.  CDA 230 goes so far that, under current law, a site owner could knowingly create a site that expressly encourages users to create false and malicious information.

In these cases, CDA 230 acts as a subsidy by removing liability (cost internalization) away from the speaker and host.  There’s no incentive for hosts to keep records about their users; in a race to attract users, hosts have rationally advertised their lack of record-keeping–even though the lack of records imposes an external cost on defamation and privacy victims.  There’s no incentive for hosts to remove content; Google rewards them (with web traffic) for keeping libelous material online–even though the material imposes external costs on victims.  And there’s no incentive for users to not create libelous materials; in many cases there’s little practical chance of being found—even though it can take a victim years to clean up the damage.

The result has been a high-speed race to the tabloid bottom online among many content hosts.  In a race to stand out in Google’s search results, which deliver users without context or background, some sites have encouraged tabloid anonymity (think JuicyCampus) rather than thought-through content (think VC).  Maybe the market will correct the imbalance, but so far it has responded to the subsidy for libelous speech by producing more of it.

Tomorrow: Fixing the CDA 230 subsidy

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.

Tags: ,

(Thanks for the great comments!  I’ll be speaking in Las Vegas this afternoon 3:45 pm today at the EduComm conference at the Mirage, Ballroom D.)

Anonymous and pseudonymous speech dates back at least to the early days of the printing press.   Anonymous online speech has been a powerful force for change in situations ranging from simple campus disputes to political protests in Iran.  And the technology of the Internet makes it unlikely that any attempt to eliminate anonymous speech could succeed.

That said, the fact that there always will be anonymous online communication does not tell us whether it deserves subsidy.  Yesterday, I explained why the Internet is a new frontier.  Today, I challenge that Section 230 the Communications Decency Act of 1996 provides a subsidy to anonymous online speech, and ask whether that subsidy is sustainable in the closed frontier era of the Internet.

To be clear: I am in favor of anonymous online speech, and sometimes I’m also a user of it.  I disagree strongly with Eric Schmidt’s opinion of privacy and anonymity.  My goal this week is not to destroy anonymous online speech, but instead to figure out how to best preserve its value while curbing abuses, especially in light of the growing regulatory pressure that arises at the close of a frontier.

Offline Speech Combines Practical Anonymity with Legal Accountability 

Offline, speech has never been absolute.  In the offline world, the right to speak comes also comes with the responsibility of the familiar speech torts.  If someone publishes false statements about you, you can sue them for libel.  If someone publishes “peeping tom” photos of you or other true-but-private information, you may sue them for invasion of privacy (and they may also be criminally prosecuted).  And so on.

What makes this legal regime possible is the fact that offline anonymity is imperfect: we leave traces of our identity in every interaction.  You may seem anonymous when you pay cash to buy a pack of gum at a grocery store, but the transaction is anonymous only so long as it is inconsequential; if you passed a counterfeit $100 bill, you would quickly discover that you could be tracked by your fingerprints, your DNA, and by your image on store cameras.  Conscious attempts to preserve anonymity offline are tolerated only so long as no laws are broken; and even then there are limits on social toleration of anonymity (compare wearing masks at a political rally with wearing masks at a bank).

In the offline world, the result is a reasonably well-balanced system: it is possible to speak anonymously for political or personal reasons, but the worst abuses are deterred.

The Online World Provides Near-Perfect Anonymity, Less Accountability

Online, things aren’t so simple.

Unlike in the offline world, anonymity is the default online, and near-perfect anonymity is easily achieved.  Unless you choose to identify yourself, there are very few clues to who you are when posting online.  And some of these clues (such as IP address logs) are intentionally swept away by websites; there is no requirement that websites store IP logs or any other pseudo-identifying information, and some sites advertise that they provide perfectly anonymous services.

Practically, if you are defamed online, you are at least several steps away from finding your attacker–at a minimum, it requires getting a lawyer, filing a lawsuit, and issuing a subpoena to the web host and another to an ISP (more on this tomorrow).  Neither is required to keep any records, and many choose not to.  The same is true if your privacy is violated by a peeping tom and the photos posted online, if your child is threatened, and so forth.  In all too many cases, the trail has gone cold before redress can be sought.  These aren’t cases of political protest or uprising; they are shocking cases where defamation liability is certain if the defendant can be found.

What’s even more peculiar is that online, the U.S. legal system allows site owners to continue profit from hosting content they know to be illegal, even after they have been notified of its illegality—and, in fact, even after a (rare) underlying libel lawsuit has been completed.

This surprising result occurs because of Section 230 of the Communications Decency Act.  Congress set out to regulate online indecency, but the majority of the Act was struck down on First Amendment grounds in 1997.  Section 230 survived.  It limits the liability of “interactive computer service providers” for “information provided by another information content provider,” with a statutory exception for intellectual property and child pornography.   This vague language has been widely interpreted as giving almost–complete immunity to blogs and forums for the actions of their users, no matter how vile that content may be.

This immunity for hosts is a sharp distinction from the offline world.   In the offline world, “hosts” are often held liable for content provided by others: book publishers are liable for illegal content provided by authors, newspapers can be liable for content provided by advertisers, and even swap meets can be liable for infringing content sold by vendors.

Against this default of host liability, CDA 230 was expressly designed as a subsidy to encourage growth of the fledgling Internet of 1996.  It was thought necessary to allow some level of frontier anarchy, some level of protection from the lawyers.  By subsidizing online speech, it was hoped that the Internet would blossom into the communications medium it has become.  In that light, CDA 230 was probably a good law for 1996.

But after nearly 15 years of CDA 230, many think that it has run its course.  The Internet has matured and no longer needs a special exemption from offline law.  Any law consistent with the First Amendment will preserve vibrant online discussion.  And, through nearly 15 years of experience, we’ve seen the good and the bad sides of CDA 230: sites like Volokh.com seek to inform and support positive discussions, but also CDA 230 has also empowered cesspools that profit from encouraging commenters to libel and defame outsiders.  These sites often advertise their consequence-free policies, and profit from the resulting tabloid attention they receive.

Why Does the Frontier Metaphor Matter?

I talked about the frontier yesterday because CDA Section 230 is fundamentally a law made for the open frontier.  It is a law that subsidizes the growth of the frontier and the experimentation with new models of communication, at the direct expense of enforcement of existing laws.  The problem for CDA 230 is that the frontier days are coming to an end: sex, drugs, and gambling have all been shut down, will CDA 230 be next?

Just like at the end of the Old West, online today there is a culture clash between the early and late arrivers.  Those who have been using the Internet for years like the current system (call it “it might be anarchy, but it’s our anarchy”).  The newcomers want the Internet to be more like the rest of society; safe, stable, and predictable.  The concept of self-defense online is foreign to them, and they wonder why law enforcement hasn’t done more to protect them.

People who didn’t grow up with the Internet will inevitably want to curb the abuses (which do undoubtedly exist, more on that tomorrow). Proposals by Internet outsiders to regulate online abuses have ranged from an “internet ID card” requirement (China and UAE), to calls to ban some forms of online  speech based on their “hate speech” content (United States), to a plan to license journalists and bloggers (Michigan), to rejiggering the Internet Protocol to end anonymity (United Nations), to an online aggregator tax (United States — call it a Stamp Tax for the Reddit Generation).

There’s plenty to dislike about all of the above proposals; it’s hard to come up with a less libertarian set of policy ideas.  But the increasing frequency of these proposals suggests there is a strong push for reform.

Perhaps the best way to preserve the core value of free speech is to limit the special subsidy given by CDA 230?  Thursday, I’ll present some ideas on how to protect the right to anonymous speech while addressing the abuses that CDA 230 has encouraged.

Tomorrow: Why Google changed everything, and why Section 230 matters so much

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.

http://en.wikipedia.org/wiki/Encyclopedia_Dramatica

A gold rush.  A wide-open anything-goes frontier.  Prostitution.  Gambling.  Drugs.  Lax law enforcement. Vigilantism and mob justice.  Petty scammers at every turn.

The subject?  Not the dusty Wild West of American history, but instead the Internet of just 10 years ago.

In the last decade, the Internet has gone from open frontier populated by a select few, to a regular part of life for a majority of Americans and Europeans.   Predictably, the change from sparse frontier to societal integration has caused rather significant cultural clashes between early adopters and latecomers.  Disputes rage about whether we should view and regulate the Internet like an open frontier or like the rest of “offline” society.

This week, I will try to answer that question by exploring the similarities between the Internet and the original Wild West frontier.  I’ll examine what the close of the Wild West frontier teaches us about the next 10 years of the Internet.  As an example, I’ll focus on what the frontier experience tells us about online privacy and laws like Section 230 of the Communications Decency Act.  On Friday, I also hope to take a quick look at the broad impact of the Internet on the future of privac.

I look forward to discussing these issues with readers; this site has managed to consistently attract some of the brightest and most civilized commenters online.  I’m happy to take questions, comments, and suggestions.  And thank you, Eugene, for the kind introduction; I’m proud to be able to contribute to such an important community.

The Internet as Frontier Experience

The history of the Internet echoes the history of the American West.  We go into much greater detail in the book (Amazon), but even at a glance the parallels between Wild West 1.0 (1800s America) and Wild West 2.0 (the Internet of the 1990s and early 2000s) are clear:

  • In the case of the original Wild West, a few early pioneers cleared the way for the (literal) gold rush of the 1840s.  Online, the pioneers of ARPANET cleared the way for the NASDAQ gold rush of the late 1990s.  Millions of dollars were made (and lost) in just a few years.
  • The early Internet and Wild West were both populated only by a small, self-selected group of pioneers who sought out adventure and fortune.
  • Both started with dramatically gender-skewed populations, with more than five men for every woman at times–and as the frontier closed the gender ratio drifted back toward 50/50.
  • Both the Internet and the original Wild West developed their own culture and manners.  A sense of self-reliance and libertarian beliefs dominated in both places—a sense that any group could make their own fortune if they simply pulled hard enough on their bootstraps.  In both places, the freedom to experiment was considered important enough to justify discarding many old laws and morals.
  • Even the forms of vice on both frontiers are similar: sex, drugs, and gambling.  In the Old West, prostitution was readily available, despite some nominal prohibitions.  Online it was possible to find prostitution openly advertised on relatively mainstream sites like Craigslist.  Gambling halls are rightfully a western movie cliché, and the early 2000s boom in Texas Hold ‘Em poker was largely attributed to online gambling.  Even the drug of choice has not changed in 150 years—the old west was notorious for the availability of opium, and in the early days of eBay it was easy to buy opium for recreational use.

The Moment of Transition from Open Frontier to Integrated Part of Society

In the Old West, the lawless days of the “Wild” West frontier eventually came to an end.  As eastern society caught up to the original Old West pioneers, a culture clash ensued.  The gambling halls were shut down, prostitution was gradually regulated away in all but one state, and vigilantism was slowly replaced by formal law enforcement.  Old-timers bemoaned the loss of the wild frontier; newcomers welcomed the stability of formal laws and familiar law enforcement.

Online, we are in the midst of the same transition from lawless frontier to integration with society.  It has become routine to talk about government regulation of the Internet—ranging from “net neutrality” to Facebook privacy.

Looking again at vice, the government has started to shut down the most serious sex, drugs, and gambling.  To take just a handful of examples, online gambling in the United States was curtailed in 2006 when the CEO of online gambling site BetOnSports was arrested as he changed planes in Texas, and the SAFE Port Act effectively banned online gambling by U.S. residents.   The online sale of narcotics was deterred in 2003 when the DOJ cracked down on eBay opium sales.  And online prostitution went at least somewhat underground in 2008 when 40 state attorneys general demanded that Craigslist remove its “erotic services” section (the practical effect of this move has been limited, but there are already renewed calls for further regulation).

This transition in the way the Internet is viewed and regulated–from a place frequented only by self-selected pioneers to part of everyday life for almost all of the West–creates a natural time to reexamine existing laws and consider whether they still fit the new reality of the Internet.  Different countries have had the chance to experiment with different legal regimes online, and we’ve been able to watch how law shaped the growth of the Internet.

In particular, it’s a time to consider the difference between the legal regimes of open and closed frontiers.   Open frontiers are often characterized by self-reliance, self-defense, exploration of new norms, and informal law enforcement.  But the lax regulation of the Internet often comes at a great price: spam, scams, fraudsters, online lynch mobs, and more.  Closed frontiers are often characterized by increasing similarity to the “old” society (often formed by combining elements of old and new), increasing formality, and active law enforcement.

We’re at a tipping point for the Internet.  It started as a classic open frontier, with no almost no law and complete freedom to experiment. But society has caught up, and is demanding changes to make the Internet more like the rest of the world.  For scholars and activists, the question is simple: how to keep the best parts of the Internet while while successfully integrating with offline society?

Ultimately, the lesson from the original Wild West is clear: in the end, the Internet will not stay wild forever.  Instead, “offline” society and the Internet will meet somewhere in the middle, each taking something from the other.  Now is the time to consider how we can best shape the future of the Internet using what we’ve learned by watching the close of other frontiers.

Tomorrow: Why Section 230 of the Communications Decency Act of 1996 doesn’t work in 2010.

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer. 

Tags: , ,

Interesting Free Speech Question:

Ari David, who’s running for Congress against long-time incumbent Henry Waxman, raises an interesting and troubling free speech issue on his blog here. Apparently (taking everything he says to be factually correct) he hired some folks to create an iPhone app with text (not surprisingly) highly critical of Waxman — e.g.,

“HENRY WAXMAN… SUPPORTED Cap & Trade legislation that would have brought us $7 a gallon gas and as President Obama has stated would make electricity rates “necessarily sky rocket.”
VOTED TO CUT Medicare spending by a half a trillion dollars which would severely hurt seniors. . . .
TRIED to make over-the-counter vitamins and supplements prescription only . . .
TRIED TO STRANGLE family farms with insane Soviet-Style regulation . . .” 

Apple, however, has turned them down, on grounds that the app is “defamatory.” 

Does David have any legal recourse here? Probably not. The First Amendment, of course, does not grant him any free speech rights against private actors like Apple, and even if Apple is using the defamation rationale as a pretext for denying his application on purely political grounds (e.g., they like Henry Waxman), there’s nothing (that I know of, anyway) that would stop them from doing that. [David does make an interesting suggestion — that Apple’s actions constitute an “in-kind contribution” to Waxman’s campaign, which if true would, I suppose, trigger various election law reporting/disclosure obligations). 

It makes for a nice test case for one’s views about the inapplicability of the First Amendment to private actors — should Apple have some non-discrimination obligation when it comes to allowing people space on their app platform?
[And incidentally, I have a question that I bet some of you can answer for me. What does it mean, exactly, that Apple has rejected their app? I understand that it means that they won’t offer it at their App Store — but will it not function on anyone’s iPhone unless and until Apple approves? Or if David were to distribute it himself — off of his own website, say — would it work as intended?]

State of the Net:

If you’re interested, Jerry Brito over at SurprisinglyFree.com, has been doing a series of interviews with legal thinkers and entrepreneurs focusing on a variety of tech issues, and he’s posted a podcast of an interview he did with me a couple of weeks ago on Net governance issues - it turned out pretty well, I think, and those of you who find those issues of interest might find it useful and/or thought-provoking.

The Battle for the Internet:

Bernard Kouchner, the Foreign Minister of France and a founder of Doctors Without Borders, has an interesting but somewhat unsettling op-ed in today’s New York Times. Entitled “The Battle for the Internet,” it’s a call to arms in

the battle of ideas . . . between the advocates of a universal and open Internet — based on freedom of expression, tolerance and respect for privacy — against those who want to transform the Internet into a multitude of closed-off spaces that serve the purposes of repressive regimes, propaganda and fanaticism. 

It’s a subject dear to my heart, as you probably know; I, too, believe that preserving what the Center for Democracy and Technology aptly calls the “free, open, and innovative Internet” is of the deepest importance for the future — literally — of human society on the planet. I like where Kouchner’s coming from:

The Internet is above all the most fantastic means of breaking down the walls that close us off from one another. For the oppressed peoples of the world, the Internet provides power beyond their wildest hopes. It is increasingly difficult to hide a public protest, an act of repression or a violation of human rights. In authoritarian and repressive countries, mobile telephones and the Internet have given citizens a critical means of expression, despite all the restrictions. 

He’s right about that — at least, I agree wholeheartedly. (Libertarian blogger Adam Thierer called my book about the Net “an extended love letter to both cyberspace and Jefferson,” and though I’m not entirely sure he meant it as one, I took it as a compliment. Though we academics are supposed to take the posture of ironic detachment from pretty much everything we encounter, I happen to think, and I’m happy to say to whomever is listening, that the Net is an astonishing achievement with the potential, only partly but tantalizingly realized to date, to become a true milestone in the history of human communication and a possibly unstoppable force for the spread of liberty and freedom around the globe. I realize (see Evgeny Morozov’s rather peevish piece in Foreign Policy, denying that the Net has been (or can be) a force for good in the world) that it has not instantly transformed everything it touches into the Earthly Paradise — but that’s a pretty high standard to hold it to. 

And I’m certainly with him when he writes:

However, the number of countries that censor the Internet and monitor Web users is increasing at an alarming rate. The Internet can be a formidable intelligence-gathering tool for spotting potential dissidents. Some regimes are already acquiring increasingly sophisticated surveillance technology. If all of those who are attached to human rights and democracy refused to compromise their principles and used the Internet to defend freedom of expression, this kind of repression would be much more difficult.

The Net is under siege, and will require some serious work to keep it free and open. But somehow, I can’t work up much enthusiasm for Kouchner’s call to action:

Multilateral institutions like the Council of Europe, and nongovernmental organizations like Reporters Without Borders, along with thousands of individuals around the world, have made a strong commitment to these issues. No fewer than 180 countries meeting for the World Summit on the Information Society have acknowledged that the Universal Declaration of Human Rights applies fully to the Internet, especially Article 19, which establishes freedom of expression and opinion. And yet, some 50 countries fail to live up to their commitments.

We should create an international instrument for monitoring such commitments and for calling governments to task when they fail to live up to them. We should provide support to cyber-dissidents — the same support as other victims of political repression. We should also discuss the wisdom of adopting a code of conduct regarding the export of technologies for censoring the Internet and tracking Web users.

These issues, along with others, like the protection of personal data, should be addressed within a framework that brings together government, civil society and international experts. 

It sounds a bit, to my ears, too much like asking the UN to run the Net (which, as readers of my work know, we tried once before, with notable lack of success). 

Kouchner also makes me nervous when he begins his list of what the “enemies of the Internet” are up to this way:

Extremist, racist and defamatory Web sites and blogs disseminate odious opinions in real time. They have made the Internet a weapon of war and hate. . . . Violent movements spread propaganda and false information. 

There are many threats out there to the free and open Internet, but I don’t regard “extremist, racist, and defamatory Web sites,” or “blogs disseminating odious opinions,” as among them. Although Kouchner has ringing words for freedom of expression — “Freedom of expression, said Voltaire, ‘is the foundation of all other freedoms.’ Without it, there are no ‘free nations.’” — somehow I think that his agenda is to the contrary. Freedom of expression without “extremist, racist, and defamatory web sites” and “odious opinions” is not freedom of expression — not in my book, anyway. Something tells me that when the “World Summit on the Information Society” gets its hands on the Net, true freedom of expression on the Net will not be high on their list of preferred outcomes.

So, on the one hand, I’m glad Kouchner has sounded the alarm; he ends his piece by declaring that “the defense of fundamental freedoms and human rights must be the priority for governance of the Internet. It is everyone’s business” and I think he’s right — importantly right — about that. But I think we need — rather desperately — alternate governance models to deal with this problem, alternate models that move in a direction away from the UN and towards something that better reflects the wishes and desires of the world’s people, not the world’s governments. It’s not going to be easy, though I’m working on it . . . 

I just noticed this decision, from a few weeks ago — Burfoot v. May4thCounts.com (Va. Cir. Ct. Apr. 22) (Poston, J.):

Today the Court sua sponte vacates the Order of April 21, 2010. In that Order the Court granted plaintiffs Motion for Entry of a Temporary Injunction prohibiting the defendants from using a website entitled “May4thCounts.com” and ordered the removal of the website from the internet. The Court also directed the plaintiff to effect service of process on the defendants and continued the action for July 7, 2010, for further proceedings. Under the Injunction Order’s terms, the action will be advanced on the docket upon the motion of any defendant.

Continue reading ‘Virginia Circuit Court Opinion Issues Preliminary Injunction Shutting Down a Web Site, Reverses Itself the Next Day’ »

“Cyber Civil Rights” Symposium

Danielle Citron

Last year, Maryland law professor Danielle Citron published “Cyber Civil Rights” in the BU Law Review. Here’s the abstract:

Social networking sites and blogs have increasingly become breeding grounds for anonymous online groups that attack women, people of color, and members of other traditionally disadvantaged groups. . . . Attackers manipulate search engines to reproduce their lies and threats for employers and clients to see, creating digital “scarlet letters” that ruin reputations.

. . . .

General criminal statutes and tort law proscribe much of the mobs’ destructive behavior, but the harm they inflict also ought to be understood and addressed as civil rights violations. Civil rights suits reach the societal harm that would otherwise go unaddressed and would play a crucial expressive role. Acting against these attacks does not offend First Amendment principles when they consist of defamation, true threats, intentional infliction of emotional distress, technological sabotage, and bias-motivated abuse aimed to interfere with a victim’s employment opportunities. To the contrary, it helps preserve vibrant online dialogue and promote a culture of political, social, and economic equality.

Citron’s article detailed some particular cases of such abuses. As she acknowledged, the mob actions are solidly within the scope of existing criminal law and tort law. Nevertheless, she made the case that federal civil rights laws should be revised to cover Internet threats and defamation–since civil rights statutes provide attorney’s fees for a successful plaintiff, and since prosecutors would be more likely to bring criminal charges if the underlying offense has a civil rights association. She arguds that “Just as changing circumstances justified curtailing the right of contracts in the 1930s, today’s networked environment warrants a rejection of free speech absolutism.”

Citron also proposed that website operators be civilly liable for the content of postings on their websites (by means of an exception to 47 U.S.C. § 230, the immunity statute), and that operators be required to collect and maintains ISP logs for all posters.

Last fall, the Denver University Law Review held a symposium about Citron’s proposal, featuring commentary from 11 scholars, plus a response from Citron. Rather than being required to submit a full-length article, the commenters for the on-line symposium were asked to provide a lightly-annotated essays. The full collection of commentary is here, as a PDF. (HTML versions of individual comments are here.)

Essays by Paul Ohm, Viva Moffett, and Wendy Seltzer suggest that mandatory ISP collection and civil liability might cause many problems than they would solve. In response, Citron acknowledges the force of these arguments. Accordingly, she suggests that the best remedies would be to amend federal civil rights rights statutes so that they fully cover the abuses she has described. She also suggests that some version of Notice & Takedown might be appropriate, although, as she detailed in her Boston University article, this has problems of its own.

Comments welcome, of course, but before commenting, please read at least one of the essays, or Citron’s original article.

From Hopscotch Adoptions, Inc. v. Kachadurian (E.D. Cal. Dec. 7):

On an expedited, ex parte basis, plaintiffs Hopscotch Adoptions, Inc. ... and Robin Sizemore ... seek: ... a temporary restraining order to prohibit defendant Venessa Kachadurian’s ... internet and related comments on Hopscotch and Ms. Sizemore ....

Hopscotch is an accredited intercountry adoption agency and was co-founded by Ms. Sizemore, its executive director. Ms. Kachadurian is a Fresno resident who, according to plaintiffs, “has unsuccessfully pursued intercountry adoption since at least 2004 and has waged an ongoing cybersmear campaign against such agencies since at least 2005.” Ms. Kachadurian has been neither a Hopscotch client nor an applicant with plaintiffs or an entity affiliated with Ms. Sizemore.

Plaintiffs attribute to Ms. Kachadurian comments in email, blogs and internet chatrooms that plaintiffs engaged in illegal practices and that Ms. Sizemore was fired from a prior adoption agency job for illegal or unethical practices. Plaintiffs further attribute Ms. Kachadurian to improperly claim that Ms. Sizemore is connected with the arrest of Hopscotch’s in-county facilitator in the Georgia republic. Plaintiffs claim “irreparable harm” in lost business and “hesitance among adoption seekers in doing business with Hopscotch.” Plaintiffs’ complaint alleges claims for violations of the Computer Fraud and Abuse Act, 18 U.S.C. §§ 1030, et seq., defamation, negligent misrepresentation, false light, tortious interference with contractual relations, and negligent interference with prospective advantage....

Here, plaintiffs’ alleged harm is compensable by monetary damages, and the complaint’s tort claims demonstrate as much. Unearned fees from lost clients or opportunities is subject to calculation. Moreover, this Court is concerned about free speech issues, especially given plaintiffs’ reliance on apparent limited, stray comments by Ms. Kachadurian. This Court is perplexed by the overreaching injunctive relief sought by plaintiffs and inability to police or enforce such relief. Although plaintiffs identify finite, limited comments by Ms. Kachadurian, they seek sweeping injunctive relief touching on areas irrelevant and remote to plaintiffs’ claim. The scope of plaintiffs’ proposed injunctive relief is unreasonable and unacceptable....

This Court does not grant overreaching injunctive and discovery relief on an ex parte, unnoticed basis, especially when such requested relief lacks defined, adequate support. Although plaintiffs may have meritorious claims for monetary damages, this Court is concerned that plaintiffs pursue their requested relief to retaliate and intimidate....

Here is the plaintiffs’ denied motion for a TRO, which asks for (among other things) a temporary restraining order barring “[a]ny further annoyance or harassment of any adoption service provider and/or from interfering with any adoption service providers on the basis of their [race], color, religion, national origin, disability or sexual orientation,” barring “false and defamatory statements” (something that’s generally treated as an unconstitutional prior restraint unless there’s a final decision on the merits actually finding the speech to be false), and requiring defendant to “take appropriate remedial measures with respect to postings still available on the Internet.” Plus “Notice of this application was not provided to Defendant due to her history of acting in retaliation and general erratic behavior and concern that she might attempt to destroy relevant evidence in this matter,” but such speech restraints without notice are especially hard to justify.

For more on defendant’s postings to which plaintiffs object, see the Complaint.

So held a Massachusetts trial court last year in Jenzabar, Inc. v. Long Bow Group, Inc. (PDF p. 4); I just ran across the case online, so I thought I’d mention it. Defendant had posted a Boston Globe article that mentioned certain allegations by one DiLorenzo; DiLorenzo had later retracted those allegations. The court held that Long Bow had no “continuing duty to investigate the accuracy of the Boston Globe article, i.e., whether DiLorenzo was still accusing the plaintiffs of inappropriate actions.”

Second installment of a five-part series on Silverglate’s book, Three Felonies a Day: How the Feds Target the Innocent.

Sami Omar al-Hussayen was a doctoral candidate at the University of Idaho when he was arrested in February 2003. Federal prosecutors alleged that al-Hussayen, a Saudi citizen studying computer science in the United States, provided “material support” and rendered “expert advice or assistance” to terrorists. News reports, on the word of anonymous “federal criminal justice” sources, linked him to Osama bin Laden.

What was his crime? Al-Hussayen used his computer skills to run a number of websites for a Muslim charity dedicated to traditional religious teaching. But if a web-surfer burrowed into links from al-Hussayen’s site, he or she would eventually come across links containing violent anti-American messages. This, prosecutors charged (PDF), was how al-Hussayen aided global terrorism.

District Judge Edward J. Lodge, for one, played the case right down the middle. In his jury instructions, Lodge explained to twelve stalwart Idahoans that the First Amendment protects advocacy, even advocacy to break the law, “unless the speech is directed to inciting or producing imminent lawless action and is likely to incite or produce such action.” (Brandenburg v. Ohio, 395 U.S. 444, 1969) Of course, it was doubtful that al-Hussayen was even advocating lawlessness, much less violence, but for the sake of argument, let’s assume that there was such a subtext to his website maintenance. Even then, the prosecution was highly dubious.

With Judge Lodge’s clear line separating lawful political speech from unlawful incitement to imminent violence, the jury took little time in acquitting the grad student of the terrorism-related charges. Liberty, which seemed to matter less and less at Main Justice in Washington, remained alive and well in Idaho. (This was due not only to a law-abiding judge presiding over the trial, but also to the fact that the defendant was able to hire and pay competent defense counsel.)

Nonetheless, this case, reportedly the first prosecution brought under the USA Patriot Act’s expanded material support provision, did little to clarify the “expert advice or assistance” aspect of the federal terrorism laws. There are, in fact, three separate federal statutes that criminalize such material support, and Georgetown Law Professor David Cole provides an interesting analysis of these overlapping provisions, here. For present purposes, material support will refer to 18 U.S.C. 2339B.

Yet the mere fact that there are three separate provisions for essentially the same violation—and all are characterized by vague and dangerously subjective wording—illustrates the general opacity of the federal criminal code. (And, rest assured, incitement to violence could likely be squeezed into yet another statute by a creative federal prosecutor). With similarly vague statutes criminalizing a wide array of seemingly benign activity, the average citizen, even without touching the apparently volatile arena of Muslim charities, can commit several arguable felonies in the course of a day. Thus, the thesis and title of my book, Three Felonies a Day: How the Feds Target the Innocent.  (I provided an introduction to the topic on Monday.)

To be sure, there are countless federal crimes that an average citizen can inadvertently violate. But I’d like to focus today on the vague laws governing terrorism and terrorist organizations. These laws, and those prosecuted under them, provide a timely window into how loosely-worded statutes enable the government to prosecute virtually anyone.

Consider, first, the semantic power of “terrorism.”

The Animal Enterprise Protection Act, passed by Congress in 1992, outlawed the “physical disruption” of an animal farm or testing facility. But with animal-rights activists continually ramping up their protests, medical facilities and some researchers looked to toughen criminal sanctions. In November 2006, Congress responded with the Animal Enterprise Terrorism Act, which expanded the scope of criminal sanctions for any activist who “intentionally damages or causes the loss of any real or personal property…used by an animal enterprise.”

How does one define “real or personal property?” Is it limited to monetary losses, or can this include the loss of future profits? The statutory language is unclear, and case law indicates that loss of profits and business goodwill can be considered property damage (See, e.g., Radiation Sterilizers v. United States, E.D. Wash., 1994).

It’s an important distinction for animal-rights activists; after all, threatening future profit is arguably the point of lawful protest (expose alleged wrongdoing and, in turn, encourage a boycott by others). Nonetheless, the law threatens to impede such political expression, not only through actual prosecution, but also through the “chilling effect” of those who severely restrain themselves in order to avoid a possible federal criminal indictment—because they don’t know their legal obligations until it’s too late.

A similar legal ambiguity led to the court challenge of the aforesaid “material support” language. In a case that will be argued before the Supreme Court this coming term (Holder v. Humanitarian Law Project), six groups and two individuals are seeking clarity on whether they are permitted to assist in the nonviolent, legal activities of groups classified by the U.S. government as terrorist.

The Kurdistan Workers’ Party and the Liberation Tigers of Tamil Eelam are considered terrorist organizations by the U.S. government, although plaintiffs insist that both groups engage in a broad range of lawful activity. Due to the vague terminology in Patriot Act provisions (“service,” “training,” or “expert advice or assistance,” to name a few), plaintiffs claim that even innocuous conduct such as “teach[ing] such an organization human rights advocacy or English” could be considered material support. With indictments like al-Hussayen’s showing the elasticity of “expert advice” in the government’s lexicon, there’s little wonder that these groups are seeking guidance.

The intensity of the friend-of-the-court (amicus) briefs is an indication, perhaps, of the far-reaching fear instilled by such statutory language. Wrote the ACLU (PDF):

Amici, like plaintiffs, are left hopelessly guessing – at the risk of grave penalty – whether their advocacy for peace or human rights, their engagement in or facilitation of peace-making dialogue, or the expressive components of their humanitarian aid work crosses the line from constitutionally protected to criminally proscribed.

The bi-partisan nature of the problem—demonstrated by the fact that what is now the “Holder” case began as Humanitarian Law Project v. Reno and then was re-named through every administration to the present dayexplains the need for a non-partisan response. Starting with Clinton Attorney General Janet Reno, this case has been litigated through the Ashcroft/Gonzales/Mukasey years of the Bush administration, and it continues with current AG Eric Holder. Plus ça change, as the French say, plus c’est la même chose.

When these lines are left vague, the feds are given strong tools to target extremists. But they’re also free to target any other victim of their choosing, which they seem to do with disturbing regularity. And while the current political climate has put the issue of laws related to terrorism in the spotlight, similarly vague statutes exist throughout the federal criminal code, exposing all of civil society. It’s time to recognize that the bell tolls for us all.

State v. Drahota Oral Argument

Those of you who have been following this free speech / cyberspace law case — which I’m litigating pro bono — can now see starting the video of yesterday’s oral argument before the Nebraska Supreme Court. My opening argument starts at about 39:00, and lasts for about five minutes; it’s followed by the State’s argument, followed by about five minutes of my rebuttal. I’m cautiously optimistic, but I guess we’ll know in several weeks what the Justices really thought.

As I mentioned before, I’m litigating a pro bono free speech / cyberspace law case before the Nebraska Supreme Court. My client, Darren Drahota, was convicted of two counts of breach of the peace for sending two rude messages to William Avery, who had earlier asked him to stop sending such messages. Avery was Drahota’s University of Nebraska professor and a candidate for the Nebraska Legislature. (Avery was elected and is now a state legislator.) We argued that such speech did not constitute breach of the peace, and was in any event constitutionally protected under the First Amendment; for more details, see here. The Nebraska Supreme Court granted our petition for further review, and agreed to hear the case; we filed the opening brief Oct. 20, and the state’s brief was due yesterday.

Today, we learned that the state has apparently elected not to file a brief. The local prosecutors had of course prosecuted the case, and the Nebraska Attorney General’s office had briefed the case before the Nebraska Court of Appeals. But at the Nebraska Supreme Court stage, no brief is apparently forthcoming. (The Nebraska Attorney General’s office does make such a decision every so often.)

Naturally, the state supreme court will still have to consider the case, since there is a Nebraska Court of Appeals opinion on the books, and the court needs to decide what to do with it. But the state’s decision not to defend the opinion, or the result it reached, strikes me as heartening.

I haven’t blogged recently about the Ninth Circuit’s blockbuster computer search and seizure decision in United States v. Comprehensive Drug Testing, although not because it hasn’t been on my mind: Among computer crime law folks, it’s topic #1 these days. Indeed, since the en banc decision was handed down, it seems that every conference and informal gathering in the field eventually morphs into trying to figure out what the majority was smoking opinion means, how judges should comply with it, how law enforcement should respond to it, and whether and how long it will be until it is overturned.

Closer to home, I had to make a quick decision whether to put the opinion into the 2nd edition of my computer crime law casebook, which is at the printers right now. I ended up deciding not to include it, as I think the odds favor it being overturned within a year or two. I figured it was better to include the opinion in a supplement in the meantime rather than include it in the main book, as you can easily take a case out of a supplement but not the book itself. 

But exactly how the case was going to be overturned is another matter. The most remarkable parts of the opinion are just lists of new rules, announced without any apparent authority or even a case or controversy. We don’t yet know if DOJ plans to file a cert petition in the case, although the procedural posture is tricky: DOJ could try to challenge some other aspect of the case and get that part scrapped in the process, but it’s hard to mount a direct challenge to what seems to be dicta. The main alternative for DOJ would be to let this case stand, let the system struggle with it for a few months or a year until there is a clear split, and then take the case to the Supreme Court. But that’s not a great option, as it means an intervening period when no one knows what the rules are for obtaining and executing search warrants for digital evidence.

In light of those somewhat awkward possibilities, I was intrigued to learn that the Ninth Circuit entered an order yesterday addressed to the parties in the case asking them to brief whether the case should be reheard by the full en banc court:

KOZINSKI, Chief Judge:
By November 25, 2009, the parties shall file simultaneous briefs addressing whether this case should be reheard en banc by the full court.

Now, wait, you’re wondering, wasn’t the case already heard by the full court? No, it wasn’t: The Ninth Circuit has so many active judges that its en banc panels consist of only about a third of its active judges. As Wikipedia explains:

In other circuits, en banc courts are composed of all active circuit judges, plus (depending on the rules of the particular court) any senior judges who took part in the original panel decision. By contrast, in the Ninth Circuit it is impractical for twenty-eight or more judges to take part in a single oral argument and deliberate on a decision en masse. The court thus provides for a “limited en banc” review of a randomly-selected 11 judge panel. This means that en banc reviews may not actually reflect the views of the majority of the court, and indeed may not include any of the three judges involved in the decision being reviewed in the first place.

But the Ninth Circuit’s rules provide for an en banc from the en banc – a super banc? – of all of the judges. As Judge Kozinski explained in 2003 testimony:

In the unlikely event that six judges might command a majority of an 11-judge en banc court and express a view inconsistent with the views of the other 21 active judges on the court, the circuit rules provide for review by the full court upon the request of any judge. This has never happened since the limited en banc rule was adopted by the Court in 1980.

Will Comprehensive Drug Testing be the first such case? On purely selfish grounds, a small part of me hopes not: As a public law scholar, you want your field to be red hot, and the initial en banc decision here is so way “out there” that it would help bring the field to the frontburner if it stays on the books. But from a less selfish perspective, it’s hard to think of a better case to take to the full court. The en banc decision dropped a bomb on the entire computer forensics world, without any briefing or even notice, and most of its rules are hard to square with relevant Supreme Court doctrine and/or the Federal Rules of Criminal Procedure. Plus, it’s difficult to figure out what the new rules really mean in practice, as they are written in such vague language that it’s hard to know what to make of it. The opinion has the agents, prosecutors, and magistrate judges all scratching their heads trying to figure out what to do. So I would think this is a very appropriate case to take super-en-banc. Stay tuned.

In Miller v. California, 413 U.S. 15 (1973), the Supreme Court announced a three-part test to determine whether a work counts as “obscenity” for purposes of constitutional law:

(a) whether “the average person, applying contemporary community standards” would find that the work, taken as a whole, appeals to the prurient interest, (b) whether the work depicts or describes, in a patently offensive way, sexual conduct specifically defined by the applicable state law; and ( c) whether the work, taken as a whole, lacks serious literary, artistic, political, or scientific value.

In explaining the choice of community standards instead of national standards, the Court wrote:

Under a National Constitution, fundamental First Amendment limitations on the powers of the States do not vary from community to community, but this does not mean that there are, or should or can be, fixed, uniform national standards of precisely what appeals to the “prurient interest” or is “patently offensive.” These are essentially questions of fact, and our Nation is simply too big and too diverse for this Court to reasonably expect that such standards could be articulated for all 50 States in a single formulation, even assuming the prerequisite consensus exists. When triers of fact are asked to decide whether “the average person, applying contemporary community standards” would consider certain materials “prurient,” it would be unrealistic to require that the answer be based on some abstract formulation. The adversary system, with lay jurors as the usual ultimate factfinders in criminal prosecutions, has historically permitted triers of fact to draw on the standards of their community, guided always by limiting instructions on the law. To require a State to structure obscenity proceedings around evidence of a national “community standard” would be an exercise in futility.

Nothing in the First Amendment requires that a jury must consider hypothetical and unascertainable “national standards” when attempting to determine whether certain materials are obscene as a matter of fact. Mr. Chief Justice Warren pointedly commented in his dissent in Jacobellis v. Ohio, supra, at 200: “It is my belief that when the Court said in Roth that obscenity is to be defined by reference to ‘community standards,’ it meant community standards — not a national standard, as is sometimes argued. I believe that there is no provable ‘national standard’ . . . . At all events, this Court has not been able to enunciate one, and it would be unreasonable to expect local courts to divine one.”

In the last decade, some have wondered whether this concept still makes sense with materials distributed and obtained over the Internet. The basic idea is that the experience of an Internet user does not depend on the local community, so it no longer makes sense to apply a local community standard to obscenity.

The question of how the Internet impacts national versus community standards came up indirectly at the Supreme Court in Ashcroft v. ACLU, 535 U.S. 564 (2002), a case on the constitutionality of the Child Online Protection Act (COPA). In Ashcroft, a bunch of people who wanted to post content on the Web argued that COPA violated the First Amendment rights of adults barring the posting of “material that is harmful to minors.” The statutory definition of “material that is harmful to minors” harnessed the “contemporary community standards” standards from obscenity law, and the Third Circuit had ruled that the community standards could not apply to the Internet because “Web publishers are currently without the ability to control the geographic scope of the recipients of their communications.” The Supreme Court reversed in a splintered opinion, with various Justices chiming in on on how much of a problem they thought it was to use community standards in light of the First Amendment challenge to COPA.

So where does that leave Internet obscenity law: Do we still have community standards, or do we have new national standards?

The Ninth Circuit’s answer in yesterday’s decision, United States v. Kilbride: National standards. In an opinion by Judge Betty Fletcher, joined by Judges Hug and Hawkins, the Ninth Circuit concluded that if you looked at each of the concurring and dissenting opinions in Ashcroft v. ACLU, there were five votes for a new approach to Internet obscenity law that embraced national standards, not community standards:

The divergent reasoning of the justices in and out of the majority in Ashcroft leaves us with no explicit holding as to the appropriate geographic definition of contemporary community standards to be applied here. Nonetheless, we are able to derive guidance from the areas of agreement in the various opinions. . . .

Justices O’Connor and Breyer held more narrowly that while application of a national community standard would not or may not create constitutional concern, application of local community standards likely would. . . . Justices O’Connor and Breyer were joined by Justice Kennedy’s opinion, as well as Justice Stevens’s dissent. Accordingly, five Justices concurring in the judgment, as well as the dissenting Justice, viewed the application of local community standards in defining obscenity on the Internet as generating serious constitutional concerns.

At the same time, five justices concurring in the judgment viewed the application of a national community standard as not or likely not posing the same concerns by itself. Accordingly, following Marks, we must view the distinction Justices O’Connor and Breyer made between the constitutional concerns generated by application of a national and local community standards as controlling.

Accepting this distinction, in turn, persuades us to join Justices O’Connor and Breyer in holding that a national community standard must be applied in regulating obscene speech on the Internet, including obscenity disseminated via email. The constitutional problems identified by the five justices with applying local community standards to regulate Internet obscenity certainly generate grave constitutional doubts as to the use of such standards in applying §§ 1462 and 1465 to Defendants’ activities. Furthermore, the Court has never held that a jury may in no case be instructed to apply a national community standard in finding obscenity. To “avoid[ ] the need to examine the serious First Amendment problem that would otherwise exist,” we construe obscenity as regulated by §§ 1462 and 1465 as defined by reference to a national community standard when disseminated via the Internet.

As a matter of law, I don’t find this particularly persuasive. In Marks v. United States,430 U.S. 188 (1977), the Court identified the rule for identifying the holding of a fragmented court:

When a fragmented Court decides a case and no single rationale explaining the result enjoys the assent of five Justices, the holding of the Court may be viewed as that position taken by those Members who concurred in the judgments on the narrowest grounds.

But here the Ninth Circuit is counting the number of Justices who had “concerns.” Concerns are not positions. You can’t count the number of Justices who had a particular thought and then say that the thought is somehow binding on the lower courts.

Rather, I would think this case should have been answered by the Supreme Court’s directive that “[i]f a precedent of this Court has direct application in a case, yet appears to rest on reasons rejected in some other line of decisions, the Court of Appeals should follow the case which directly controls, leaving to this Court the prerogative of overruling its own decisions.” Rodriguez de Quijas v. Shearson /American Express, Inc., 490 U.S. 477, 484 (1989). My sense is that the case which directly controls here is Miller v. California, and I read Miller’s statement of the “basic approach” to obscenity as being a holding, not just one of many possible ways to define obscenity. In light of that, I think courts are bound to the Miller community standard until the Supreme Court says otherwise, whether that standard makes sense for Internet obscenity or not. See United States v. Extreme Associates, Inc., 431 F.3d 150 (3d Cir. 2005) (relying on the traditional Miller test on the ground that “if the Supreme Court wishes to treat all Internet obscenity cases as sui generis for purposes of federal obscenity law analysis, it has not yet said so, “tacitly” or otherwise.”).

Whether the Ninth Circuit was right or wrong, the likely effect is to put a case on the Supreme Court’s docket in the next year or two on whether Internet obscenity requires a different standard than traditional obscenity. That should be a fascinating case.

So holds the Arizona Supreme Court; the Washington Court of Appeals held the same a year ago. The decision applies to whatever metadata is stored with the document, including creation, modification, and access dates, the identities of the creating, modifying, and accessing users, and so on (at least unless some exception to the public records act applies). 

The decision does not require that the computer systems maintain any metadata; it only requires the disclosure of whatever metadata is present. “[W]hen a public entity maintains a public record in an electronic format, the electronic version of the record, including any embedded metadata, is subject to disclosure under our public records law.”

Thanks to How Appealing for the pointer.

The case is In re United States, — F.Supp.2d —-, 2009 WL 3416240 (D.Or. 2009), by District Judge Mosman. The issue in the case is whether the government must notify a person when the government obtains a search warrant to access the contents of the person’s e-mail account. Judge Mosman concludes that Rule 41 and 18 U.S.C. 2703(a) require the notice to be served on the ISP, not the account holder, as a statutory matter. He then rules that there is no constitutional requirement of notice to the account holder because the Fourth Amendment does not apply to the e-mails under the third-party doctrine. [CORRECTION: SEE BOTTOM OF POST] Here’s the relevant analysis:

The Fourth Amendment protects our homes from unreasonable searches and seizures, requiring that, absent special circumstances, the government obtain a search warrant based on probable cause before entering. This is strong privacy protection for homes and the items within them in the physical world.

When a person uses the Internet, however, the user’s actions are no longer in his or her physical home; in fact he or she is not truly acting in private space at all. The user is generally accessing the Internet with a network account and computer storage owned by an ISP like Comcast or NetZero. All materials stored online, whether they are e-mails or remotely stored documents, are physically stored on servers owned by an ISP. When we send an e-mail or instant message from the comfort of our own homes to a friend across town the message travels from our computer to computers owned by a third party, the ISP, before being delivered to the intended recipient. Thus, “private” information is actually being held by third-party private companies.

This feature of the Internet has profound implications for how the Fourth Amendment protects Internet communications-if it protects them at all. The law here remains unclear and commentators have noted that there are several reasons that the Fourth Amendment’s privacy protections for the home may not apply to our “virtual homes” online. First, it is uncertain whether we have a reasonable expectation of privacy in information sent through or stored by ISPs because the Fourth Amendment does not protect information revealed to third parties. [Citation to work of bald academic deleted.]

Here, the defendants voluntarily conveyed to the ISPs and exposed to the ISP’s employees in the ordinary course of business the contents of their e-mails. The Google privacy policy explicitly states that Google will share personal information of its subscribers when it has “a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to ... satisfy any applicable law, regulation, legal process or enforceable governmental request.” Google Privacy Policy, http:// www.google.com/privacypolicy.html (last visited May 13, 2009). The court understands that other ISPs have similar privacy policies. See, e.g., Microsoft Online Privacy Statement, http://privacy.microsoft.com/en-us/fullnotice.mspx (last visited May 13, 2009) (stating that personal information may be shared to “comply with the law or respond to lawful requests or legal process”); AOL Network Privacy Policy, http://about.aol.com/aolnetwork/aol_pp (last visited May 13, 2009) (“The contents of your online communications, as well as other information about you as an AOL Network user, may be accessed and disclosed in response to legal process (for example, a court order, search warrant or subpoena); [and] in other circumstances in which AOL believes the AOL Network is being used in the commission of a crime....”). Thus subscribers are, or should be, aware that their personal information and the contents of their online communications are accessible to the ISP and its employees and can be shared with the government under the appropriate circumstances. Much of the reluctance to apply traditional notions of third party disclosure to the e-mail context seems to stem from a fundamental misunderstanding of the lack of privacy we all have in our e-mails. Some people seem to think that they are as private as letters, phone calls, or journal entries. The blunt fact is, they are not.

As I have blogged before, I disagree: I think e-mails are protected under the Fourth Amendment despite the third-party doctrine for reasons explained in my forthcoming Stanford Law Review article Applying the Fourth Amendment to the Internet: A General Approach (click on the link and then press the download button to download a draft of the article). Still, I thought the decision was worth noting given the importance of the issue and the still-unsettled state of the caselaw.

CORRECTION: In the course of re-reading the opinion to post it, I recognized that I was misreading a key part of the opinion. As I read it now, Judge Mosman does not conclude that e-mails are not protected by the Fourth Amendment. Rather, he assumes for the sake of argument that the e-mails are protected (see bottom of page 12), but then concludes that the third party context negates an argument for Fourth Amendment notice to the subscribers. I missed this because the reasoning closely resembles the argument for saying that the Fourth Amendment doesn’t apply at all, and I didn’t read the earlier section closely enough. That’s obviously a much narrower position, and I apologize for misunderstanding it the first time in the quick skim I gave it. 

So held a federal district court in Dart v. Craigslist, Inc. Here’s what plaintiff, the Cook County, Illinois, Sheriff claimed:

[Sheriff Dart] ... alleges that the “erotic” (now “adult”) services section of Craigslist’s popular Internet classifieds service facilitates prostitution and constitutes a public nuisance.... The webpage located at “chicago.craigslist.org” ... displays Chicago-related listings arranged by categories (e.g., “for sale” and “services”) and subcategories (e.g., “antiques” and “computer”). Craigslist created the categories, but its users create the content of the ads and select which categories their ads will appear in. Users posting ads on the website agree to abide by Craigslist’s “Terms of Use,” which prohibit posting unlawful content. Users browsing the “erotic” subcategory — which is (or was) the website’s most popular destination — receive an additional “warning & disclaimer” stating that users entering that section agree to “flag ‘prohibited’” any content that violates Craigslist’s Terms of Use including “offers for or the solicitation of prostitution.” Below the warning is a general “erotic services” link, and links to further subcategories (e.g., “w4m” (women for men)). Craigslist also gives users the option to search through ads using a word-search function. 

Sheriff Dart alleges that, notwithstanding Craigslist’s warnings, users routinely post advertisements in the eroticservices category “openly promis[ing] sex for money.” Based on the samples that he cites in his complaint most of the ads are veiled (sometimes very thinly) using code words.

The court’s reasoning, which seems quite right to me: 47 U.S.C. § 230 generally immunizes Internet service providers from (among other things) being held civilly liable on the grounds that they are “publishers” of material that is supplied by their users. The Seventh Circuit has not read this as broadly as some other courts, but even under the Seventh Circuit’s reading, Craigslist immune because its alleged liability would stem precisely from the fact that it published material provided by its users. “A claim against an online service provider for negligently publishing harmful information created by its users treats the defendant as the ‘publisher’ of that information,” and is therefore preempted by § 230.

The court also considered the Ninth Circuit’s holding in Fair Housing Council v. Roommates.com (discussed here), under which a service provider could be held liable for its own actions in actively inducing people to post illegal content (some paragraph breaks added):

Continue reading ‘Craigslist Not Liable for Prostitution Ads’ »

Tags:

And Speaking of Copyright

VC readers in New York City might be interested in this talk I’m going to be giving at lunchtime this coming Thursday, Oct. 22. It’s co-sponsored by the Copyright Society of the US and the Internet Society’s NYC chapter, and is my (latest) attempt to get people to think about how we might fashion a copyright law for the Internet age that actually makes some sense (as opposed to the copyright law we actually have, which doesn’t). [Oh yeah, it’s about my book, too — and why Jefferson sent a moose to Paris, and how we find a “moose” for the Net that will do for us what Jefferson’s moose did for him]. I gave a version of this talk last week at the University of Virginia Law School, and I think I can guarantee you a pretty lively discussion — in fact, I’ll be a tad disappointed if fisticuffs do not break out in the audience as a result of some of the ideas I propound. 

More from Walter Olson on the potential scope of the FTC’s new regulations governing bloggers and other social media users.

It’s been much asserted of late that it’s no particular burden to disclose when mentioning a newly published book or quoting from a newsworthy speech that the publisher sent you a review copy or the conference-giver let you into the hall on a press pass or its equivalent. But the regulations clearly contemplate broader disclosures than that. At some point, acceptance of such benefits will be deemed to create a relationship that must be disclosed even on other occasions, when, say, you mention an author or a nonprofit institution in a different context six months later.

Today the Sixth Circuit handed down a case on probable cause to search a home based in large part on a subscription to a child pornography website: United States v. Frechette. I blogged in detail about this issue a few years ago, so I wanted to cover the latest case, as well.

The defendant, Douglas Frechette, had a previous criminal history and was listed in the Michigan State Sex Offender Registry as living at a particular address in Muskegon, Michigan. Bank and drivers license records confirmed that he lived at that address. One day, Frechette created a PayPal account in his own name, linked to his own bank account, and from an IP addressed assigned to his home purchased a one-month subscription for $80 to a child pornography website, HTTP:\\[redacted]-lolita.com.” The purchase of the one-month subscription was the only purchase Frechette ever made on his PayPal account. The opinion indicates that the homepage of the website was extremely clear that it was entirely about very disturbing images of child pornography. Visitors to the site were “welcomed” with very graphic and patently illegal images. 

It is unclear how long the site stayed on line. A little more than a year after Frechette’s purchase, however, agents learned of the purchase and confirmed from the sex offender registry that Frechette still lived at the same address in Muskegon. The agents applied for a warrant to search Frechette’s home based on that information. A search of of the home led to the discovery of child pornography images and a confession by Frechette. That then led to charges against Frechette, and a motion to suppress the images and the confession as a fruit of an allegedly unlawful search.

The question in the case was whether the magistrate judge had a “substantial basis” to believe that there was probable cause to find evidence of child pornography at Frechette’s home. The court concluded that there was, and this seems clearly correct to me. The agents knew that a registered sex offender had paid $80 to purchase a month of access to a website that offered only child pornography; they knew he had purchased the access from his computer at home; and they knew he still lived at that same home a year later. Given the known practices of child pornography collectors to keep and store images over a long period — practices that the federal courts of appeals have recognized — I would think it highly likely that there would be images of child pornography in the home a year later. 

Judge Karen Nelson Moore vigorously dissented. Her opinion accused the majority of adopting a “radical view of probable cause” that created “an unprecedented encroachment upon our constitutional protections” based on the majority’s “personal feelings of scorn and disgust” about child pornography. Judge Moore thought it critical that the website appeared to be for “browsing” images rather than for “downloading” images. According to Judge Moore, “this browsing, without question, can be done without purposefully downloading images.” She also thought it important that Frechette only bought a one-month subscription rather than a multi-month subscription, as had been the case in some cases form other circuits that had found probable cause. She concluded with the following hypothetical:

Consider a factually identical scenario in a different context: Would this court approve a search warrant for all the computers in a home based on an affidavit that contains only one particularized fact—that someone who lived at that address obtained a one-month membership to a website that allows its members to listen to music in violation of copyright law? If the answer to this question is “yes,” there are not enough officers in the nation to enforce the countless warrants that magistrates may now issue to search college dorm rooms and homes across America. If the answer is “no,” as it should be, and as I suspect it would be, one must ask why two cases with materially indistinguishable facts result in two very different outcomes. The answer is as obvious as it is unsettling. The majority’s conclusion is erringly shaped by the fact that child pornography cases are particularly appalling. As reprehensible as our society finds those who peddle, purchase, and view child pornography, we, as judges, must not let our personal feelings of scorn and disgust
overwhelm our duty to ensure the protection of individual constitutional rights. 

I think Judge Moore is wrong for a few different reasons.

First, there is no legal distinction between “browsing” and “downloading.” The federal child pornography laws criminalize intentional receipt and knowing possession, and anyone who goes out looking for images and sees them has intentionally received the images. Judge Moore notes the uncertainly over whether intentional browsing amounts to possession, but she mistakenly assumes that this is a dispute as to whether browsing is legal. See footnote 2. Intentional browsing is pretty clearly illegal under the receipt ban, though, regardless of the interesting issues raised by whether browsing amounts to the separate crime of illegal possession. 

Second, I’m not sure I see the relevance of the fact that Frechette purchased only one month of access. My sense is that sites explicitly dedicated to child pornography usually last a matter of hours, days, or weeks, not months, before being taken down. It would have been surprising to purchase a subscription to such a site for several months, especially at $80 a month. And it’s not like this purchase was an accident: Frechette was a registered sex offender who set up a PayPal account just to make this one purchase. It seems very unlikely to me that he would go through the trouble of setting up a PayPal account for this and then pay $80 and then never actually receive or possess any images.

Indeed, the case for probable cause strikes me as dramatically stronger in this case than in most of the past cases from other circuits. In most of the past cases, the police knew an e-mail address had been used to join a child pornography e-mail list. They weren’t sure where the person was located in a particular place, or even whether the real account holder had been the one to join, whether the person every logged into the account to receive the images, and they didn’t know anything about the suspect (such as a prior criminal record involving sex offenses). In this case, though, they knew a registered sex offender had spent a good amount of money to buy access from his home to a site dedicated to child pornography. Further, the opinion states that the welcome pages of the site — the pages a person would see before buying a subscription — themselves contained very explicit images of child pornography, which Frechette must have seen before he intentionally purchased a subscription. I think that is very strong evidence. 

Finally, Judge Moore’s hypothetical about a warrant for copyright offenders just doesn’t work. Most obviously, possession of unauthorized copyrighted material is not a crime. To be guilty of a copyright crime, a person needs to actually know they are breaking the law, the downloading cannot be fair use, and the person needs to download enough music to trigger the statutory threshold ($1,000, if I recall correctly). Mere purchase of a subscription to a music site does not show or significantly hint at any of these elements, so the fact of a subscription alone could not plausibly provide probable cause of any crime. In contrast, receipt or distribution of a single image of child pornography is a crime whether the suspect knows it or not, and there is no “fair use” defense. Plus, the argument that “there wouldn’t be enough police officers in the nation” to enforce an equivalent copyright crime seems off to me: Enforcement of the law is up to the executive, not the judiciary, and the executive has chosen not to enforce criminal copyright laws except in very extreme cases in large part because enforcement would be so invasive. The limit on copyright enforcement is a judgment about resources and social benefit, not a question of Fourth Amendment law.

I’m delighted to say that the Nebraska Supreme Court has just agreed to review State v. Drahota (Neb. Ct. App. June 16), a case that I am litigating pro bono. We don’t have an oral argument date set yet, but it will probably be during the first week of November.  Here is my argument, from the 10-page petition for further review, on why the Nebraska Supreme Court should agree to hear the case; the argument on the merits — about why the Nebraska Supreme Court should reverse the decision below — will be quite similar, though of course not identical. Thanks again to Mayer Brown LLP (the firm with which I’m an academic affiliate) for providing support through their pro bono program; to Gene Summerlin of Ogborn, Summerlin & Ogborn for being pro bono local counsel; and, for their help as amici, to my coblogger David Post and the law professors who were willing to sign on to his amicus brief, to the Foundation for Individual Rights in Education, and to the ACLU of Nebraska.

Facts

In early 2006, Appellant Darren J. Drahota was a University of Nebraska student who had been in William Avery’s political science class. Avery was still a University professor, but had announced that he was running for the Nebraska Legislature.

Drahota e-mailed Avery on Jan. 27, 2006, which led to an exchange of 18 e-mails over two weeks. At least one of Drahota’s e-mails used epithets and personal insults of Avery, alongside political commentary. One of Avery’s e-mails used an epithet and an insult of Drahota as well, saying “I am tired of this shit” and saying Drahota “and the ‘Chicken Hawks’ in the Bush Administration” didn’t “have the guts” to join the military. At the end of the exchange, Avery e-mailed Drahota saying, “Please consider this email a request that you not contact me again for the purpose of spilling more vile [sic].” Drahota responded with an apology.

Four months later, Drahota sent two more e-mails to Avery, this time from the address “averylovesalqueda@yahoo.com.” In the first, Drahota wrote concerning the death of an Iraqi terrorist, and asked Avery: “Does that make you sad that the al-queda leader in Iraq will not be around to behead people and undermine our efforts in Iraq? . . . You . . . and the ACLU should have a token funeral to say goodbye to a dear friend of your anti-american sentiments.” The second had the subject line “traitor,” and read, in relevant part,

I have a friend in Iraq that I told all about you and he referred to you as a Benedict Arnold. I told him that fit you very well. . . . I’d like to puke all over you. People like you should be forced out of this country. Hey, I have a great idea!!!! . . . Let’s do nothing to Iran, let them get nukes, and then let them bomb U.S. cities and after that, we will just keep turning the other cheek. Remember that Libs like yourself are the lowest form of life on this planet[.]

After a bench trial, Drahota was convicted of breach of the peace. The Court of Appeals affirmed the conviction, based solely on the last two e-mails. 17 Neb. App. at 685, 687.

Argument

I. The Importance Of This Constitutional Precedent Warrants Review By This Court

The decision below sets an important precedent, in Nebraska and elsewhere, that sharply limits the constitutional protection for political speech. It appears to be the first published decision allowing criminal punishment for nonthreatening but insulting politically themed speech to an elected official or candidate for office. Prosecutors throughout Nebraska and the country will now be more likely to conclude that such speech could indeed lead to a prosecution. And citizens throughout the country will now be rightly concerned that their critical e-mails to government officials and political candidates will lead to criminal prosecution if a prosecutor concludes the e-mails contain “epithets” (even clearly political ones such as “traitor”) or “personal abuse.”

It is thus important for this Court to review the case, notwithstanding Drahota’s labeling his assignments of error in his pro se appellate brief as “issues” instead of “assignments of error.” 17 Neb. App. at 683. Drahota’s briefing was incorrect on this score. Nonetheless, he supported his claims with detailed argument. The state’s brief did not claim any waiver on Drahota’s part. The opinion below dealt fully with his arguments. And while the Court of Appeals stated it was reviewing the case for plain error, Id. at 684, it concluded there was no error at all.

The precedential force of the decision below is thus not limited to plain error cases. Because of this, reviewing the constitutional issue “is necessary to a reasonable and sensible disposition of the issues presented,” State v. Conover, 270 Neb. 446, 449, 703 N.W.2d 898, 902 (2005), both in this case and for the benefit of future speakers who might be deterred by the precedent set below. See, e.g., Linn v. Linn, 205 Neb. 218, 221, 286 N.W.2d 765, 767 (1980) (reviewing constitutional question in “‘the interests of substantial justice,’” though the issue had not even been raised below (quoting Wittwer v. Dorland, 198 Neb. 361, 253 N.W.2d 26 (1977))).

II. The First Amendment, And A Proper Understanding Of Breach Of The Peace Law, Bar Punishing Drahota’s E-Mails As “Breach Of The Peace”

The decision below is not only important but mistaken, both as to what constitutes “breach of the peace” and as to what the First Amendment protects. It is therefore likely to be confusing to lower courts, as well as likely to improperly deter constitutionally protected speech.

The e-mails in this case do not fit within any exception to First Amendment protection, nor are they like the speech that this Court has treated as a breach of the peace in the past. The e-mails do not contain “true threats” of illegal conduct; the opinion below did not suggest that the e-mails were threatening. Nor are they libelous, despite the assertion by the opinion below that the e-mail address from which they were sent (“averylovesalqueda@yahoo.com”) was “libelous,” 17 Neb. App. at 685, and despite the use of the word “traitor.” First, there can be no libel “‘when the words are communicated only to the person defamed.’” Molt v. Lindsay Mfg. Co., 248 Neb. 81, 91, 532 N.W.2d 11, 18 (1995). Second, in context Drahota’s “allegation” was a hyperbolic statement of opinion, not a statement of fact. See Letter Carriers v. Austin, 418 U.S. 264, 284, 286 (1974) (noting that “traitor” can be used not as a “representation[] of fact” but “in a loose, figurative sense”); Wheeler v. Neb. State Bar Ass’n, 244 Neb. 786, 792, 508 N.W.2d 917, 922 (1993) (endorsing the Letter Carriers analysis).

A. The E-Mails In This Case Are Not “Fighting Words”

Continue reading ‘Pro Bono Free Speech Case Headed to the Nebraska Supreme Court:’ »