The universe of cyberspace[1] is expanding
rapidly. A "virtual" world of tens of millions of users now interact
with each other electronically, finding information, friends and lovers, and
even a sense of community on-line. While the explosive growth of, and tangible
benefits available through, cyberspace offers much promise, there remains much
work to be done to develop a coherent, empowering set of legal rules to guide
cyberspace denizens. In this paper, I will address the specific problem of
assigning causality for legal wrongs between users and system operators
("sysops"). As we will see, this assignation can have a significant
impact on the robustness of the cyberspace universe.
Before delving into specific legal problems,
it is useful to outline briefly some trends. With mega-mergers between
telephone, cable, and media companies all seeking to control the data highway,
the technology is at a critical crossroads. As a result, only time will tell
whether computer bulletin boards will remain a robust technology over the long
term. One possibility is that computer bulletin boards will be supplanted by
television-based mechanisms which may promote information services but
de-emphasize user-to-user interaction. Another possibility is that the digital superhighway,
also known as the information infrastructure, may alter the popularity of
bulletin boards, as it coalesces activity through one conduit. More likely,
however, the digital superhighway will lead to an explosion of "network
nodes," essentially independent bulletin boards (as we know them today)
that will be accessible to any superhighway driver.
The trends of technology are important
because it is hazardous to develop rules, to develop a law of cyberspace, based
on the technology as it exists today. If in fact bulletin boards are destined
to be a historical curiosity, the eight-track or video telephone of the 1990s,
then the problems we see today are not serious. However, I think the trends
indicate that the problems are only going to get worse, as less technologically
sophisticated people, who do not know the informal norms and rules, behave in
ways that inadvertently transcend the rules and create conflict.
Specifically, it is useful to focus on one
specific problem: the liability of sysops for the actions or statements of
their users. This is a thorny legal problem with significant social
implications. If we as a social system assign too much causality to the sysops,
sysops will leave the industry. If, on the other hand, we do not hold the
sysops responsible for users' actions, there will be numerous situations where
injured parties are left without recourse or the overall incidence of injury
exceeds the social optimum. Therefore, causality as a legal conclusion is bound
to dramatically affect the overall status of the computer bulletin board
industry.
The causality issue initially gained
prominence in 1984, when a sysop was arrested because, unbeknownst to him,
stolen telephone charge numbers had been posted on his bulletin board.[2] More
recent incidents have involved the sysop's liability for the defamatory
statements of others,[3] the dissemination of copyrighted,[4] prurient,[5] or
virus-infected material by users,[6] and the transmittal of incorrect
information by information services.[7]
In response to these situations, some sysops
have sought legal immunity. Others have taken a more proactive and arguably
heavy-handed approach, by managing the bulletin board in a way that some have likened
to censorship.
In both cases, sysops and commentators have
posited various "analogies" to guide the rule making. The models
asserted have analogized the sysops' role to, among others, print publishers,
information distributors such as libraries or booksellers, information conduits
such as the telephone, airwave broadcasters such as television or radio
stations, and various real property owners, such as the owners of shopping
centers, coffeehouses or bars. You name it, they've analogized to it.
As a quasi-academician, I float these models
so that I may duly shoot them down in favor of my own pet theories. Indeed,
while these five different models are useful to creating a law of cyberspace, I
would like to reapproach the issue of sysop liability by describing three
"competing" paradigms. I say these paradigms compete because all
three of them are useful and yet no one paradigm "dominates" or
otherwise governs all situations.
I can illustrate through the first paradigm.
Some have argued, quite persuasively, that sysop liability should accrue only
when the sysop has intentionally participated in the harmful conduct.[8]
Therefore, if the sysop didn't actually directly cause the harmful conduct, the
sysop could still be liable if the sysop can be deemed a
"co-conspirator" or criminal facilitator. Requiring this level of
"intent" as a threshold is actually quite meaningful, since sysop
liability then would only accrue when the fact-finder is convinced that the sysop
had actually thought about the harmful actions and intended to participate in
them.
However, this paradigm has some weaknesses.
First, although the system should require the injured party to prove the
sysops' intent, we can anticipate that the system will break down and that the
sysop will have to disprove the existence of intent. Second, the paradigm is
somewhat tautological and circularly defined, by saying that bad intent is
punished when we believe the actions are harmful.
Nevertheless, the "co-conspirator"
paradigm warrants consideration because its high threshold immunizes many
criminally innocent sysops from criminal liability. At the same time, it
provides a relatively clear test for liability for sysops who create all the
preconditions for pirate boards or boards for the traffic of stolen information
but who do not actually pirate software or steal the telephone codes.
The second paradigm involves the legal regime
of editorial control. Generally speaking, the law responding to new communication
technologies has established some sort of sliding scale of editorial control
and tort liability. Grossly simplified, the more editorial control the media
owner exercises (or, as a legal conclusion, is permitted to exercise), the more
tort liability that accrues.[9] Therefore, newspaper and print publishers,
which are allowed as a legal conclusion to exercise virtually unrestrained
editorial control, are also frequently liable for the statements of others. At
the other end of the spectrum, telephone carriers, who as a legal conclusion
and practical matter are not able to exercise any editorial control, are given
virtual immunity from tort liability for the statements or actions of their
users.
In discussing the applicability of this
sliding scale to bulletin boards, several camps have emerged. I'll call the
first approach the "Prodigy" approach. Prodigy has sought to
transcend this sliding scale as applied in cyberspace, arguing that it should
have editorial control without tort liability.[10] Others have warned that
applying this sliding scale in cyberspace could create "perverse"
incentives for sysops to run their boards "blindly," seeking tort
immunity by refusing to exercise editorial control.[11]
At the heart of these critiques is an
assumption that the existing legal scheme is inadequate to accommodate bulletin
board technology. I disagree. If used properly, the sliding scale of control
and liability can lead to wholly satisfactory results.
In my opinion, most of the legal confusion
about bulletin boards arises because of their multiple functions. Any bulletin
board can, at the same time, be a crowded telephone conference call, a soapbox,
an email postal carrier, a hotbed of commerce, an information resource, or a
gateway to other systems. It is both technologically possible, and indeed
logical, that sysops exercise differing levels of control over users' actions
and statements depending on which function is being used. Further, because
sysops can and should exercise different levels of control over different
functions, it is natural that the editorial control sliding scale apply
functionally: on those functions where the sysop is exercising control,
liability accrues; where the sysop is not exercising control, liability
generally should not accrue.
I say generally because it is not good policy
to deny injured parties any recourse whatsoever. Where sysops know that the
users' statements or actions are harmful, or are alerted to this, they should
have an obligation to intervene except when they are acting as information
conduits. This provides some protection to injured parties without putting the
burden on sysops.
However, with this exception, I see no reason
why sysops should not be able to choose their basket of control and liability.
If sysops choose to exercise control over an area of their board, they will
receive certain legal benefits that would be available to, say, print
publishers but will also have more responsibilities. On the other hand, sysops
who do not exercise control will increase the incidence of "free"
speech and therefore should receive some protection. In either case, the
editorial control sliding scale provides the appropriate social cost
internalization necessary to a free market equilibrium: sysops who exercise
editorial control will bear the social costs of these actions, while those
sysops who do not act will not be stuck with unwarranted social costs. In other
words, either approach sets private costs of sysop's actions equal to their
social costs, a necessary precondition to the free market.
Having outlined the
"co-conspirator" paradigm that might apply generally in the criminal
context, and the "editorial control" paradigm that might apply
generally in the civil context, I would like to suggest yet a third
"transcendental" paradigm that might best govern the relationship
between sysops and users, and sysops and the government. This third paradigm
relates to the sysop's associational freedoms as outlined in the First
Amendment, so that we treat sysops as the leader of an association or group.
Using this paradigm significantly limits the
situations where it is appropriate to impose criminal or civil liability on the
sysop for the actions or statements of another member. Just as there are few
situations where associations or their leaders should be responsible for the
statements of members, this paradigm would substantially immunize the
association leader (the sysop) from the statements of users. Further, the First
Amendment gives associations substantial control over their destiny, including
generally the decision over who can be a member. Finally, an association leader
can "cut the mike" of a member without incurring legal liability, in
effect exercising editorial control. In all cases, aggrieved users have a
powerful recourse: the right to create their own associations.
This paradigm warrants special consideration
because of the crucial role bulletin boards may play in group formation over
time. It has been noted that computer communications have facilitated the
creation of new groups, and these groups can transcend geography while
affiliating on common and often very specialized interests.[12] Excessive
imposition of liability on sysops will effectively curtail group formation and
hinder associational freedom.
Nevertheless, treating all bulletin boards as
associations can often be euphemistic: massive commercial entities like Prodigy
or CompuServe are no more associations than are Price Club or Fedco. On the
other hand, existing groups such as MENSA "meet" on CompuServe to
conduct presumably constitutionally protected activities. Distinguishing
between euphemistic and "real" associations can be a difficult and
perhaps fruitless line-drawing exercise, but nevertheless we must always be
circumspect about how our legal regimes might unduly impose on our
constitutionally protected associational freedoms.
Ultimately, I present these three paradigms
as heuristics rather than solutions. The technology is moving too fast, and
society's acceptance of the transformation into an information economy is too
new, for us to set up legal precedents that may prove inadequate or overly
restrictive. But I think we'll stay on the right track if, at each point along
the way, we take a "gut check" to ensure we are developing rules that
enhance communication rather than stifle it.
[*] B.A., UCLA, 1988; J.D., UCLA, 1994;
M.B.A., UCLA, 1994. The author is an attorney at the law firm of Cooley Godward
Castro Huddleson & Tatum in Palo Alto, California. The text of this article
has been adapted from a speech presented at the International Symposium on
Technology and Society 1993, George Washington University, Washington DC. The
author refers interested readers to his article in the conference proceedings,
entitled Computer Bulletin Board Technology: Sysop Liability and Control in a
Decentralized Information Economy. He also refers interested readers to his
Essay, Cyberspace,
the Free Market, and the Free Marketplace of Ideas: Recognizing Legal
Differences in Computer Bulletin Board Functions, in 16 Hastings Comm.
& Ent. L.J. 87 (1993).
[1] The tricky definition of cyberspace often
befuddles even the most savvy. For the purposes of this paper, I concentrate on
the following "access points" to cyberspace: computer bulletin
boards, electronic bulletin boards, network nodes, on-line services,
computer/electronic information services, videotext systems, electronic mail
systems, and electronic networks. For purposes of this paper, I will use the
term "computer bulletin board" or "bulletin board" to stand
as a proxy for all of these different, but functionally similar, technologies.
[2] See, e.g., Lynn Becker, Electronic
Publishing: First Amendment Issues in the Twenty-First Century, 13 Fordham Urb.
L.J. 801, 801-06 (1985); Kim Uyehara, Computer Bulletin Boards: Let the
Operator Beware, Student Law., Apr. 1986, at 28, 30.
[3] The issue of defamation has received a
significant amount of attention in the press and legal literature. The only
reported case is Cubby, Inc. v. CompuServe, Inc., 776 F. Supp. 135 (S.D.N.Y.
1991). In Cubby, an electronic newsletter distributed on CompuServe made some
disparaging remarks about a rival newsletter. The rival sued the electronic
newsletter, the subcontractor who managed the journalism area for CompuServe,
and CompuServe. In a decision widely praised in the literature, the judge
dismissed CompuServe from the lawsuit, holding that CompuServe was not legally
liable for the allegedly defamatory information contained in the newsletter
because CompuServe was more like an information disseminator such as a library
than a print publisher. See id. at 140.
[4] In a recent decision, a federal district
court found a sysop liable for the "publication" of copyrighted
digitized photographs from Playboy Magazine when this photographs had been
uploaded by users regardless of the sysop's knowledge. Playboy Enters. v.
Frena, 839 F. Supp. 1552 (M.D. Fla. 1993). This decision did not cite or
address the reasoning in Cubby, and I generally believe the analysis is
inconsistent with the reasoning used in Cubby. Furthermore, the judge in Frena
awarded summary judgment to Playboy, thereby not even reaching the factual
issues of whether the sysop or BBS was acting like a publisher or whether the
sysop had any knowledge that the users had uploaded the infringing photographs.
[5] E.g., Jim Doyle, FBI Probing Child Porn
on Computers: Fremont Man Complains of Illicit Electronic Mail, S.F. Chron.,
Dec. 5, 1991, at A23 (describing an America Online user who received digitized
child pornography as private electronic mail and complained about the lax
standards of the sysop).
[6] See, e.g., Susan C. Lyman, Note, Civil
Remedies for the Victim of Computer Viruses, 21 Southwestern U. L. Rev. 1169
(1992).
[7] See Daniel v. Dow Jones & Co., 520
N.Y.S.2d 334 (N.Y. Civ. Ct. 1987) (holding an electronic information provider
not liable for negligently disseminating false information).
[8] See, e.g., Eric C. Jensen, Comment, An
Electronic Soapbox: Computer Bulletin Boards and the First Amendment, 39 Fed.
Comm. L.J. 217, 231-32 n.79 (1987); Brock N. Meeks, As BBSes Mature, Liability
Becomes an Issue, Infoworld, Jan. 22, 1990, at S14, S14.
[9] For a more developed analysis of the
contours of this sliding scale, see Schlachter, Cyberspace, the Free Market,
and the Free Market of Ideas, supra note *, at 111-18.
[10] E.g., W. John Moore, Taming Cyberspace,
24 Nat'l J. 745, 748 (1992); Terri A. Cutrera, Computer Networks, Libel and the
First Amendment, 11 Computer/L.J. 555, 571 (1992).
[11] David R. Johnson & Kevin A. Marks,
Mapping Electronic Data Communications onto Existing Legal Metaphors: Should We
Let Our Conscience (and Our Contracts) Be Our Guide?, 38 Vill. L. Rev. 487
(1993); Edward A. Cavazos, Note, Computer Bulletin Board Systems and the Right
of Reply: Redefining Defamation Liability for a New Technology, 12 Rev. Litig.
231, 242-43 (1992); Philip H. Miller, Note, New Technology, Old Problem:
Determining the First Amendment Status of Electronic Information Services, 61
Fordham L. Rev. 1147, 1196 (1993).
[12] See M. Ethan Katsh, the Electronic Media
and the Transformation of Law, 239 (1989); M. Ethan Katsh, The First Amendment
and Technological Change: The New Media Have a Message, 57 Geo. Wash. L. Rev.
1459, 1474 (1989).