by Eric Goldman [*] [updated Spring, 1994]
Introduction
The universe of cyberspace[1] is expanding rapidly. A “virtual” world of tens of millions of users now interact with each other electronically, finding information, friends and lovers, and even a sense of community on-line. While the explosive growth of, and tangible benefits available through, cyberspace offers much promise, there remains much work to be done to develop a coherent, empowering set of legal rules to guide cyberspace denizens. In this paper, I will address the specific problem of assigning causality for legal wrongs between users and system operators (“sysops”). As we will see, this assignation can have a significant impact on the robustness of the cyberspace universe.
Trends
Before delving into specific legal problems, it is useful to outline briefly some trends. With mega-mergers between telephone, cable, and media companies all seeking to control the data highway, the technology is at a critical crossroads. As a result, only time will tell whether computer bulletin boards will remain a robust technology over the long term. One possibility is that computer bulletin boards will be supplanted by television-based mechanisms which may promote information services but de-emphasize user-to-user interaction. Another possibility is that the digital superhighway, also known as the information infrastructure, may alter the popularity of bulletin boards, as it coalesces activity through one conduit. More likely, however, the digital superhighway will lead to an explosion of “network nodes,” essentially independent bulletin boards (as we know them today) that will be accessible to any superhighway driver.
The trends of technology are important because it is hazardous to develop rules, to develop a law of cyberspace, based on the technology as it exists today. If in fact bulletin boards are destined to be a historical curiosity, the eight-track or video telephone of the 1990s, then the problems we see today are not serious. However, I think the trends indicate that the problems are only going to get worse, as less technologically sophisticated people, who do not know the informal norms and rules, behave in ways that inadvertently transcend the rules and create conflict.
The Issue of Sysop Liability
Specifically, it is useful to focus on one specific problem: the liability of sysops for the actions or statements of their users. This is a thorny legal problem with significant social implications. If we as a social system assign too much causality to the sysops, sysops will leave the industry. If, on the other hand, we do not hold the sysops responsible for users’ actions, there will be numerous situations where injured parties are left without recourse or the overall incidence of injury exceeds the social optimum. Therefore, causality as a legal conclusion is bound to dramatically affect the overall status of the computer bulletin board industry.
The causality issue initially gained prominence in 1984, when a sysop was arrested because, unbeknownst to him, stolen telephone charge numbers had been posted on his bulletin board.[2] More recent incidents have involved the sysop’s liability for the defamatory statements of others,[3] the dissemination of copyrighted,[4] prurient,[5] or virus-infected material by users,[6] and the transmittal of incorrect information by information services.[7]
Developing Alternative Models
In response to these situations, some sysops have sought legal immunity. Others have taken a more proactive and arguably heavy-handed approach, by managing the bulletin board in a way that some have likened to censorship.
In both cases, sysops and commentators have posited various “analogies” to guide the rule making. The models asserted have analogized the sysops’ role to, among others, print publishers, information distributors such as libraries or booksellers, information conduits such as the telephone, airwave broadcasters such as television or radio stations, and various real property owners, such as the owners of shopping centers, coffeehouses or bars. You name it, they’ve analogized to it.
As a quasi-academician, I float these models so that I may duly shoot them down in favor of my own pet theories. Indeed, while these five different models are useful to creating a law of cyberspace, I would like to reapproach the issue of sysop liability by describing three “competing” paradigms. I say these paradigms compete because all three of them are useful and yet no one paradigm “dominates” or otherwise governs all situations.
The Co-Conspirator Approach
I can illustrate through the first paradigm. Some have argued, quite persuasively, that sysop liability should accrue only when the sysop has intentionally participated in the harmful conduct.[8] Therefore, if the sysop didn’t actually directly cause the harmful conduct, the sysop could still be liable if the sysop can be deemed a “co-conspirator” or criminal facilitator. Requiring this level of “intent” as a threshold is actually quite meaningful, since sysop liability then would only accrue when the fact-finder is convinced that the sysop had actually thought about the harmful actions and intended to participate in them.
However, this paradigm has some weaknesses. First, although the system should require the injured party to prove the sysops’ intent, we can anticipate that the system will break down and that the sysop will have to disprove the existence of intent. Second, the paradigm is somewhat tautological and circularly defined, by saying that bad intent is punished when we believe the actions are harmful.
Nevertheless, the “co-conspirator” paradigm warrants consideration because its high threshold immunizes many criminally innocent sysops from criminal liability. At the same time, it provides a relatively clear test for liability for sysops who create all the preconditions for pirate boards or boards for the traffic of stolen information but who do not actually pirate software or steal the telephone codes.
The Editorial Control Approach
The second paradigm involves the legal regime of editorial control. Generally speaking, the law responding to new communication technologies has established some sort of sliding scale of editorial control and tort liability. Grossly simplified, the more editorial control the media owner exercises (or, as a legal conclusion, is permitted to exercise), the more tort liability that accrues.[9] Therefore, newspaper and print publishers, which are allowed as a legal conclusion to exercise virtually unrestrained editorial control, are also frequently liable for the statements of others. At the other end of the spectrum, telephone carriers, who as a legal conclusion and practical matter are not able to exercise any editorial control, are given virtual immunity from tort liability for the statements or actions of their users.
In discussing the applicability of this sliding scale to bulletin boards, several camps have emerged. I’ll call the first approach the “Prodigy” approach. Prodigy has sought to transcend this sliding scale as applied in cyberspace, arguing that it should have editorial control without tort liability.[10] Others have warned that applying this sliding scale in cyberspace could create “perverse” incentives for sysops to run their boards “blindly,” seeking tort immunity by refusing to exercise editorial control.[11]
At the heart of these critiques is an assumption that the existing legal scheme is inadequate to accommodate bulletin board technology. I disagree. If used properly, the sliding scale of control and liability can lead to wholly satisfactory results.
In my opinion, most of the legal confusion about bulletin boards arises because of their multiple functions. Any bulletin board can, at the same time, be a crowded telephone conference call, a soapbox, an email postal carrier, a hotbed of commerce, an information resource, or a gateway to other systems. It is both technologically possible, and indeed logical, that sysops exercise differing levels of control over users’ actions and statements depending on which function is being used. Further, because sysops can and should exercise different levels of control over different functions, it is natural that the editorial control sliding scale apply functionally: on those functions where the sysop is exercising control, liability accrues; where the sysop is not exercising control, liability generally should not accrue.
I say generally because it is not good policy to deny injured parties any recourse whatsoever. Where sysops know that the users’ statements or actions are harmful, or are alerted to this, they should have an obligation to intervene except when they are acting as information conduits. This provides some protection to injured parties without putting the burden on sysops.
However, with this exception, I see no reason why sysops should not be able to choose their basket of control and liability. If sysops choose to exercise control over an area of their board, they will receive certain legal benefits that would be available to, say, print publishers but will also have more responsibilities. On the other hand, sysops who do not exercise control will increase the incidence of “free” speech and therefore should receive some protection. In either case, the editorial control sliding scale provides the appropriate social cost internalization necessary to a free market equilibrium: sysops who exercise editorial control will bear the social costs of these actions, while those sysops who do not act will not be stuck with unwarranted social costs. In other words, either approach sets private costs of sysop’s actions equal to their social costs, a necessary precondition to the free market.
The Associational Approach
Having outlined the “co-conspirator” paradigm that might apply generally in the criminal context, and the “editorial control” paradigm that might apply generally in the civil context, I would like to suggest yet a third “transcendental” paradigm that might best govern the relationship between sysops and users, and sysops and the government. This third paradigm relates to the sysop’s associational freedoms as outlined in the First Amendment, so that we treat sysops as the leader of an association or group.
Using this paradigm significantly limits the situations where it is appropriate to impose criminal or civil liability on the sysop for the actions or statements of another member. Just as there are few situations where associations or their leaders should be responsible for the statements of members, this paradigm would substantially immunize the association leader (the sysop) from the statements of users. Further, the First Amendment gives associations substantial control over their destiny, including generally the decision over who can be a member. Finally, an association leader can “cut the mike” of a member without incurring legal liability, in effect exercising editorial control. In all cases, aggrieved users have a powerful recourse: the right to create their own associations.
This paradigm warrants special consideration because of the crucial role bulletin boards may play in group formation over time. It has been noted that computer communications have facilitated the creation of new groups, and these groups can transcend geography while affiliating on common and often very specialized interests.[12] Excessive imposition of liability on sysops will effectively curtail group formation and hinder associational freedom.
Nevertheless, treating all bulletin boards as associations can often be euphemistic: massive commercial entities like Prodigy or CompuServe are no more associations than are Price Club or Fedco. On the other hand, existing groups such as MENSA “meet” on CompuServe to conduct presumably constitutionally protected activities. Distinguishing between euphemistic and “real” associations can be a difficult and perhaps fruitless line-drawing exercise, but nevertheless we must always be circumspect about how our legal regimes might unduly impose on our constitutionally protected associational freedoms.
Conclusions
Ultimately, I present these three paradigms as heuristics rather than solutions. The technology is moving too fast, and society’s acceptance of the transformation into an information economy is too new, for us to set up legal precedents that may prove inadequate or overly restrictive. But I think we’ll stay on the right track if, at each point along the way, we take a “gut check” to ensure we are developing rules that enhance communication rather than stifle it.
[*] B.A., UCLA, 1988; J.D., UCLA, 1994; M.B.A., UCLA, 1994. The author is an attorney at the law firm of Cooley Godward Castro Huddleson & Tatum in Palo Alto, California. The text of this article has been adapted from a speech presented at the International Symposium on Technology and Society 1993, George Washington University, Washington DC. The author refers interested readers to his article in the conference proceedings, entitled Computer Bulletin Board Technology: Sysop Liability and Control in a Decentralized Information Economy. He also refers interested readers to his Essay,Cyberspace, the Free Market, and the Free Marketplace of Ideas: Recognizing Legal Differences in Computer Bulletin Board Functions, in 16 Hastings Comm. & Ent. L.J. 87 (1993).
[1] The tricky definition of cyberspace often befuddles even the most savvy. For the purposes of this paper, I concentrate on the following “access points” to cyberspace: computer bulletin boards, electronic bulletin boards, network nodes, on-line services, computer/electronic information services, videotext systems, electronic mail systems, and electronic networks. For purposes of this paper, I will use the term “computer bulletin board” or “bulletin board” to stand as a proxy for all of these different, but functionally similar, technologies.
[2] See, e.g., Lynn Becker, Electronic Publishing: First Amendment Issues in the Twenty-First Century, 13 Fordham Urb. L.J. 801, 801-06 (1985); Kim Uyehara, Computer Bulletin Boards: Let the Operator Beware, Student Law., Apr. 1986, at 28, 30.
[3] The issue of defamation has received a significant amount of attention in the press and legal literature. The only reported case is Cubby, Inc. v. CompuServe, Inc., 776 F. Supp. 135 (S.D.N.Y. 1991). In Cubby, an electronic newsletter distributed on CompuServe made some disparaging remarks about a rival newsletter. The rival sued the electronic newsletter, the subcontractor who managed the journalism area for CompuServe, and CompuServe. In a decision widely praised in the literature, the judge dismissed CompuServe from the lawsuit, holding that CompuServe was not legally liable for the allegedly defamatory information contained in the newsletter because CompuServe was more like an information disseminator such as a library than a print publisher. See id. at 140.
[4] In a recent decision, a federal district court found a sysop liable for the “publication” of copyrighted digitized photographs from Playboy Magazine when this photographs had been uploaded by users regardless of the sysop’s knowledge. Playboy Enters. v. Frena, 839 F. Supp. 1552 (M.D. Fla. 1993). This decision did not cite or address the reasoning in Cubby, and I generally believe the analysis is inconsistent with the reasoning used in Cubby. Furthermore, the judge in Frena awarded summary judgment to Playboy, thereby not even reaching the factual issues of whether the sysop or BBS was acting like a publisher or whether the sysop had any knowledge that the users had uploaded the infringing photographs.
[5] E.g., Jim Doyle, FBI Probing Child Porn on Computers: Fremont Man Complains of Illicit Electronic Mail, S.F. Chron., Dec. 5, 1991, at A23 (describing an America Online user who received digitized child pornography as private electronic mail and complained about the lax standards of the sysop).
[6] See, e.g., Susan C. Lyman, Note, Civil Remedies for the Victim of Computer Viruses, 21 Southwestern U. L. Rev. 1169 (1992).
[7] See Daniel v. Dow Jones & Co., 520 N.Y.S.2d 334 (N.Y. Civ. Ct. 1987) (holding an electronic information provider not liable for negligently disseminating false information).
[8] See, e.g., Eric C. Jensen, Comment, An Electronic Soapbox: Computer Bulletin Boards and the First Amendment, 39 Fed. Comm. L.J. 217, 231-32 n.79 (1987); Brock N. Meeks, As BBSes Mature, Liability Becomes an Issue, Infoworld, Jan. 22, 1990, at S14, S14.
[9] For a more developed analysis of the contours of this sliding scale, see Schlachter, Cyberspace, the Free Market, and the Free Market of Ideas, supra note *, at 111-18.
[10] E.g., W. John Moore, Taming Cyberspace, 24 Nat’l J. 745, 748 (1992); Terri A. Cutrera, Computer Networks, Libel and the First Amendment, 11 Computer/L.J. 555, 571 (1992).
[11] David R. Johnson & Kevin A. Marks, Mapping Electronic Data Communications onto Existing Legal Metaphors: Should We Let Our Conscience (and Our Contracts) Be Our Guide?, 38 Vill. L. Rev. 487 (1993); Edward A. Cavazos, Note, Computer Bulletin Board Systems and the Right of Reply: Redefining Defamation Liability for a New Technology, 12 Rev. Litig. 231, 242-43 (1992); Philip H. Miller, Note, New Technology, Old Problem: Determining the First Amendment Status of Electronic Information Services, 61 Fordham L. Rev. 1147, 1196 (1993).
[12] See M. Ethan Katsh, the Electronic Media and the Transformation of Law, 239 (1989); M. Ethan Katsh, The First Amendment and Technological Change: The New Media Have a Message, 57 Geo. Wash. L. Rev. 1459, 1474 (1989).