The Internet & Communications Law
Defamation and Privacy Laws Face the Internet
SHERI HUNTER
Imagine the following scenario:
While cruising around in cyberspace, you enter a chat room where the participants are discussing
the safety of a new laser eye procedure. As an optometrist familiar with the procedure, you enter
the discussion and offer information and advice. A new user subsequently enters the room, using
the pseudonym Laserman and immediately states that you are not really an optometrist; you are a
zookeeper. After calling you a fraud, Laserman leaves the room. Do you have legal recourse for
these defamatory statements? How can you find out Laserman's identity? Can you sue the online
service provider that allowed the statements to be "published"?
Now imagine instead that you purchase a pregnancy-testing kit over the Internet, believing
the purchase to be confidential because the Web site advertises that it is "secure." Two days
later you receive an e-mail from an anti-choice group begging you to keep the baby if you are indeed
pregnant. Later that same day you receive another e-mail, this time from a pro-choice organization,
offering counseling should you be facing a difficult decision. Furious at this invasion, you learn
that the site where you bought the kit sold your personal information, including a list of your
purchases, to a marketing service. Can you sue the Web site owner or the organizations that sent
the e-mails for an invasion of privacy?
These and many more questions are currently challenging the traditional laws of defamation and
privacy, developed in the era before the Internet. Should the laws be adapted to encompass
evolving technologies, or should completely new laws be developed? Although some federal laws
currently protect online users, they are extremely limited. The government has thus far adopted the
position that the Internet, because of its international reach, should be self-regulated by the
private sector. This article discusses emerging issues affecting defamation and privacy laws and
identifies and analyzes potential and available remedies.
Defamation
Under a categorical approach to constitutional
analysis, judges first determine which of several categories provide the closest fit for the
speech restriction at issue. They then apply the First Amendment rules that have previously been
determined to be appropriate for those categories. There are many different and sometimes
overlapping categories, but examples of the major ones include content-based (versus content-neutral)
restrictions; prior restraints; time, place, or manner restraints; obscenity; fighting words;
commercial speech; compelled speech; restrictions premised on "secondary effects"; defamatory
speech; speech by government employees; speech that is likely to incite imminent lawless
activity; broadcast speech, and so forth. Each of those categories has its own set of judge-made
rules for resolving restrictions falling within those categories. For example, prior restraints
are presumptively unconstitutional, but obscene speech is not protected at all. Content-based
restrictions usually have to satisfy the demanding requirements of "strict scrutiny," but less
demanding review is applied for content-based restrictions of commercial speech or of broadcast
speech.
Early "cyberlibel" cases focused on whether Web site operators, Internet access providers,
and online service providers (OSPs) should be held liable as publishers and/or treated as
distributors when a third party publishes a defamatory statement on the provider's site. In
some electronic rooms, anyone with access can submit or post a comment, and, although bulletin
boards are typically static (comments may remain publicly posted for years), chat rooms are
generally interactive and operate in real time. Comments may or may not be deleted after the
chat has concluded, depending on the provider.
Two New York courts were first to address the issue, with divergent results. In the first
case, Cubby, Inc. v. CompuServe, Inc.,4 the defendant operated a bulletin board that contained
a daily newsletter called Rumorville. When the plaintiff began a competing bulletin board
called Skuttlebutt, Rumorville published statements about it that included allegations that
it was a "start-up scam."5 Cubby sued the creators of Rumorville for libel and sued CompuServe
on the grounds that it had republished the defamatory statements.
The court held that CompuServe was merely a distributor, focusing on the fact
that CompuServe did not exercise control over the bulletin board and had contracted
with an independent business to "manage, review, create, delete, edit, and otherwise
control [its] contents."6 The court further noted that CompuServe had no opportunity to
review the content of, and therefore had no editorial control over, Rumorville before
it was made available to subscribers.7
The next court to consider the issue reached the opposite result. In
Stratton Oakmont, Inc. v. Prodigy Services Co.,8 an anonymous user of
Prodigy's Money Talk board posted comments claiming that the plaintiff, a securities firm,
had committed criminal and fraudulent acts and was a "cult of brokers who either lie for a
living or get fired."9 Anticipating that the defendant would utilize the "distributor's
defense" that had worked for CompuServe, Stratton Oakmont moved for summary judgment on the
limited issue of whether the defendant exercised sufficient editorial control over its
online services to be deemed a publisher. The court found that Prodigy did exercise
substantial control, through its use of screening software and bulletin board leaders
who were paid to monitor content. In the eyes of the court, these actions exposed
Prodigy to greater liability than OSPs with a less active role.
In the wake of this decision, Congress passed the Communications Decency Act of 1996
(CDA).11 Section 230(c), Protection for "Good Samaritan" Blocking and Screening of Offensive
Material, provides a safe harbor for OSPs by immunizing them from liability for information
originating from third parties. The impact of section 230 is that OSPs are no longer penalized
for restricting access to objectionable material.
The first case to be decided after the enactment of the CDA was
Zeran v. America Online, Inc.12 On April 25, 1995, messages were posted anonymously
on America Online's (AOL) bulletin board advertising T-shirts with tasteless slogans
concerning the Oklahoma City bombing that had occurred just a few days earlier. Zeran's
home phone number was included. After receiving numerous harassing phone calls and death
threats, Zeran immediately requested that America Online (AOL) remove the postings. AOL
agreed to do so but refused to post a retraction as a matter of policy. It is unclear
exactly how long it took AOL to remove the original message, but an anonymous party
continued to post additional messages advertising even more offensive products during
the next four days. During this time, Zeran repeatedly contacted AOL and was told that
the account from which the messages were being posted would soon be closed. Meanwhile,
he was receiving abusive phone calls approximately every two minutes; compounding the
problem even further, an announcer on an Oklahoma City radio station urged listeners
to call Zeran's number.
Zeran subsequently sued AOL for negligence, alleging that it had unreasonably delayed
in removing the defamatory messages, refused to print retractions, and failed to screen
similar postings. After the district court granted judgment for AOL, Zeran appealed,
arguing that section 230 imposes liability on OSPs that have notice of defamatory material
posted on their sites. The Fourth Circuit affirmed the judgment for AOL, stating that
"lawsuits seeking to hold a service provider liable for its exercise of a publisher's
traditional editorial functions . . . are barred," and that holding AOL liable under
these circumstances contradicted an important purpose of section 230, namely, "to
encourage service providers to self-regulate the dissemination of offensive material
over their services."13
Several other courts have broadly interpreted section 230 as providing
absolute immunity for OSPs with respect to content originating with a third party,
even extending such protection beyond causes of action for defamation.14 The question
remains, however, whether an OSP will be held liable for knowingly distributing
defamatory messages. It seems that under such circumstances, OSPs should not be afforded
the protection of the "distributor" status granted under section 230.
Defenses to a Defamation Claim
Like the publisher-versus-distributor dichotomy, traditional defenses to defamation
take on a different spin in cyberspace. Furthermore, new defenses may be available to
defendants accused of publishing defamatory statements, because the courts have yet
to resolve many of the issues presented in applying current defenses to electronic
messages. Following are examples of defenses that present questions requiring
resolution by the courts.
In order for a statement to be defamatory, there must be a "publication."
However, the point when something is "published" in cyberspace remains less
than clear. The date of publication determines the statute of limitations and
possibly sets the deadline by which a plaintiff must demand a retraction or
file suit.15 At common law, a statement is "published" each time it is
distributed, with the exception of publications subject to the Uniform Single
Publication Act (USPA), which has been adopted in most states.
The USPA provides that all issues of a mass-media publication be treated as
one; the statute begins to run when the first copy of an issue is
distributed.16 It remains to be seen whether this rule will work with
online publications. It may be that each day that comments remain
"published" on an electronic bulletin board creates a separate and
distinct cause of action with a new statute of limitations.17 In
a similar context, many Web pages now advertise that the page can be
e-mailed to a friend through a hypertext link. If a page containing
defamatory content is e-mailed to another person, does this constitute "republishing,"
and does another statute of limitations begin to run from the date that e-mail was sent?
These issues have yet to be addressed by the courts.
Online defendants may also be able to avail themselves of the
"public figure" defense. The public figure doctrine provides a privilege
defense against plaintiffs pursuing a defamation claim. Pursuant to this
privilege, a plaintiff who is a public figure must prove "actual malice,"
a higher standard of fault than private plaintiffs are required to prove.
The actual malice standard requires plaintiffs to show, with clear and
convincing evidence, that the defendant published the disputed statement
with knowledge of, or in reckless disregard of, its falsity.18 Because
the actual malice standard is difficult to meet, most of the cases using
this test are resolved in favor of the defendant.
When defamatory statements are posted on an electronic bulletin board or during a chat
room discussion, a possible defense arises under the public figure privilege.
A plaintiff who has been participating in an online discussion might be characterized
as a "limited purpose" public figure who must meet the actual malice standard.19 The
definition of a limited purpose public figure varies slightly by state, but the basic
elements are the same. California, for example, defines a limited purpose public figure
as a person who (1) voluntarily takes part in a discussion about a public controversy,
and (2) has access to the media or effective channels of communication to make an
opinion available to the public.20 Arguably, a plaintiff who regularly posts messages
online might be deemed to have voluntarily assumed an increased risk of defamation by
courting attention and inviting comments. It is likely that such plaintiffs will be
classified as limited purpose public figures because they have access to the same
audience that viewed the defamatory message and can rebut the statements almost
immediately, simply by posting a response.
Protection from defamation liability is afforded in many jurisdictions through retraction
or correction statutes. Application of a retraction statute might at least allow a defendant to
limit damages. Whether or not retraction statutes protect cyberspace defendants is often
unclear. Several jurisdictions designate only newspapers and other traditional printed
materials as falling within the statutes' protections, although others include radio and
television stations. Only a few apply to defamation published in any medium.21 It will be
interesting to see how broadly or narrowly these statutes are interpreted with regard to
Internet publications. For example, are online newspapers that share the content of their
traditional print counterparts covered by retraction statutes specifically applicable to
newspapers?
To date, only one court has published an opinion on the applicability of
a state correction statute to a statement published online. The Wisconsin
Court of Appeals, in It's In The Cards, Inc. v. Fuschetto,22 reversed a
grant of summary judgment based on the plaintiff's failure to request a
correction prior to filing suit, as required by the retraction statute,
which applies to "any libelous publication in any newspaper, magazine,
or periodical."23 The statements at issue were posted on a bulletin board
run by SportsNet, an online service that bought and sold sports
memorabilia. The appellate court held that the retraction statute does not
apply to bulletin board postings for the following reasons: (1) the
plain meaning of the word "periodical" covers only publications that
appear at regular or stated intervals; (2) a previous judicial
interpretation found the statute applicable only to "print" media,
which this court held inapplicable to computer bulletin boards;
and (3) because the statute predates the Internet, the court
determined that the legislature must address the growing issues of
electronic libel.24
Even in states where it is questionable whether publication of a
retraction is required by law, online entities might be best served by
complying with a demand for one. Retractions still serve the traditional
functions of mitigating damages and providing evidence of good faith.25
The retraction should be accessible through a number of different avenues
on the Web site, thereby improving the likelihood that it will reach
substantially the same audience as the original statement. Retraction
statutes generally require that the corrective statement be
published prominently, in as conspicuous a place and type size as the
original defamatory statement.26 Those posting Internet retractions
would be wise to follow these guidelines, even when the state
retraction statute is inapplicable to online media, or where no such
statute exists.
Web sites may be able to limit their liability for defamatory materials
posted by third parties through disclaimers in visitor agreements. To provide
sufficient protection against user-supplied content, the disclaimer should
(1) disclaim responsibility for content in chat rooms, bulletin boards,
and similar areas that may not be regularly monitored and/or could be
offensive, controversial, or both; (2) warn users not to post statements
that are defamatory or otherwise unlawful; and (3) reserve the right
of the Web site to remove any user-supplied content at its discretion.
Two recent cases in the Seventh Circuit suggest that online visitor
agreements of which the user has notice may be valid, even if the user never signs
a contract.28 Currently, Web site operators are bringing visitor agreements to the
attention of the user in a number of ways. Some require that the user "click
through" a visitor agreement before being granted access.29 While this gives
the operator a convincing claim that the user read and agreed to the contract,
the argument is easily rebutted by the fact that users often link into pages
that bypass the home-page visitor agreement. To get around this, some sites have
posted prominently displayed links to their visitor agreements on all site pages.
The agreement itself usually states that, by using the Web site, the user agrees
to be bound by the terms of the agreement.30 In light of the case law addressing
the credibility of "shrink-wrap" software licenses and mail-order computer
agreements, it is likely that the terms of such visitor agreements will be
enforceable.31 Of course, unconscionable provisions will still be subject to
traditional contract laws that limit their enforceability.
Several defamation issues also assume unique complexities in the online context. They are briefly discussed here in order to facilitate awareness of their existence, although it is not certain how these problems will be resolved.
Through the technology used by electronic "remailers," it is possible
for an individual to send messages anonymously over the Internet.32 To do
this, a person sends the e-mail to a remailer, who strips the message of
anything that can be traced back to the sender and forwards it to the
recipient. As a result, it can be difficult for the victim of a defamatory
statement to determine the identity of the author. The question then arises
whether a court can demand that the remailer identify the author. It seems
unlikely that legal privilege would protect the remailer (or an OSP) from
producing, under the rules of discovery, the identity of a potential
defendant.
This is important to the defamed individual for two reasons. First,
because section 230 of the Communications Decency Act prohibits a plaintiff
from suing the OSP based on third-party content, the injured party must find
the individual who actually posted or sent the message. Second, the plaintiff
must sue within the applicable statute of limitations, and discovery rules
state that the statute begins to run on the date the plaintiff learns of the
defamatory statement, not the date the plaintiff identifies the defendant.
The Supreme Court traditionally has recognized that anonymous speech falls
under the protections of the First Amendment.34 The right is not absolute,
and the Court has balanced the freedom to speak anonymously with the need for
accountability. When the anonymous speech is conveyed over the
World Wide Web, however, the Court's authority in applying the rights
guaranteed by the Constitution may be brought into question. Due to the
lack of jurisdictional boundaries, a U.S. court's rulings may not be
enforceable.
The advent of anonymous Internet communication, coupled with the
difficulty of tracing authors of anonymous Internet messages, may render
the court's decisions wholly ineffective because of the impossibility of
enforcement. Because of the global scope of Internet communication, the
ability of Congress to pass enforceable legislation is also questionable.
Therefore, the Constitution's supremacy and permanency in governing
anonymous communication becomes increasingly suspect.35
Whether the Court is trying to protect the freedom of speech of an
anonymous user or, conversely, attempting to make a remailer disclose
the identity of an individual, the international scope of the Internet may
limit the sovereign authority of national governments.36 Some may see this
jurisdictional problem as evidence of the futility of one country's attempt
to regulate the Internet. However, if U.S. law regarding online
communications is rendered ineffective, what would prevent the U.S
government itself from tracking down the identities of anonymous users
who post criticisms of politicians, the government, or
Supreme Court decisions? Essentially, no one on the Internet would be
entitled to the protection of the First Amendment.37 As more countries
gain access to the Internet and more individuals rely on online
communications as their source for news and political debates, this
issue takes on an urgent need for resolution.
Similar to using the protections afforded by anonymity, using pseudonyms
has become a popular way to speak freely on the Internet. The application
of defamation laws to pseudonyms is rather questionable, however. Assume
that an individual enters a chat room using a pseudonym for identification.
The individual chats often, using the pseudonym, claims to be a priest,
and engages in controversial debates on a variety of topics. Regular
participants in the chat room learn to expect conservative views and
ideas from the person using that name. On one occasion, the user enters
the chat room and states, "I have been lying to you all, I am really a
convicted murderer out on parole; you had better lock your doors," before
immediately signing off. At some later point, the user enters the chat
room again but claims that someone else had used her pseudonym and made
the defamatory statement.
The question then becomes: Can a pseudonym be defamed? The user has created
an identifiable persona known to the other participants in the chat room; if
the statements caused harm to the true owner of the user name, the pseudonym
"thief" should be held liable for defamation. But this is an area where
traditional laws fail to address the realities of the Internet.38 Defamation
laws clearly focus on the concept of the person; when the defamatory
statement is made using a pseudonym, courts generally require that
plaintiffs prove that the public was aware that the statement attached to
them personally. Thus, plaintiffs can be defamed only if the public knows
their true identities.39 To counteract the failure of the law to protect
pseudonymous personalities, one commentator has suggested that individuals
create untraceable "digital signatures" for their pseudonyms by combining
cryptography and remailers.40 As a result, a pseudonym could not be impersonated
without access to the owner's private encryption key.
Privacy in the Electronic Age
Many people are unaware that as they casually browse the Internet,
every electronic move may be being watched. Although this may sound
like science fiction, it is true that many Web sites use new
technologies to track the identities, activities, and preferences of
site visitors. As a user "surfs" the Internet, each Web site visited
and each page viewed within a site are logged by the user's OSP. The
OSP typically keeps a record of each user's e-mail communications
and "click stream data," such as advertisements viewed and purchases
made.41 Operators also record user activities using "cookie"
technology that personalizes the site with the user's preferences,
based on earlier visits to that site. Cookies are sent from a server
to the user's hard drive during browsing sessions. The cookies label
one's Web browser with an electronic serial number so that the
originating site can then identify the user the next time he
or she enters.42
Many Internet users understandably feel that this collection of data is an illegal invasion of privacy. They believe that such practices violate the users' rights to "information privacy," which is defined as the right of an individual to control the acquisition, disclosure, and use of personal information.43 Site operators argue that the collected information is a valuable commodity, and that they have the right to exploit it commercially. This argument is strengthened by the fact that the "postindustrial economy generally and the telecommunications sectors particularly are seeing increased competition
. . . [prompting] firms to exploit every competitive advantage, including the use of personal information."44 The Federal Trade Commission issued a report on Internet privacy in June 1998, stating that 92 percent of commercial Web site operators surveyed collected personal information about visitors, but that only 14 percent actually disclosed to the visitors how the information is used.45 Both the federal government and the private sector are attempting to resolve this conflict in numerous ways.
Federal Protection of Privacy
The Electronic Communications Privacy Act of 1986 (ECPA)46 prescribes what information may be disclosed by providers of electronic communication services and remote computing services. The ECPA specifically forbids providers from divulging the contents of electronic communications during transmission or storage. However, this protection is limited, as one critical scholar has noted:
Although this may seem to bar communication providers from peddling personal information in the marketplace, such privacy protections are illusory. The . . . bar applies solely to the contents of communications, not to transactional records, that may be freely disclosed to anyone other than a governmental entity. Unfortunately, the line is not bright between the contents of a communication and the transactional data about that communication. . . .The legislative history adds little light, except to make clear that "contents" do not include "the identity of the parties or the existence of the communication."47
The ECPA may not prohibit disclosure of personal information to the private sector, but section 2703 does strictly limit the information that electronic communications providers and OSPs may give to the government. Pursuant to sections 2703(a) and (b), in order for a government entity to obtain user information, it must first obtain a subpoena, warrant, or court order.48 If the government seeks the contents of a communication rather than the records pertaining to a user, more stringent procedural safeguards apply. For communications that have been in electronic storage for 180 days or fewer, the government must obtain a warrant from the U.S. Attorney General or an equivalent state warrant. If the communication has been stored for more than 180 days, the government must obtain either a warrant, subpoena, or court order and give the user notice before the contents are released.49 Subsections (a) and (b) clearly apply to the conduct of the government; but two courts have directly contradicted each other in determinations regarding subsection (c), which lists the only instances in which an electronic communications service provider may disclose subscriber information (exclusive of content) to a government entity. At issue is whether this section imposes restrictions on government actions or only on actions of the service provider.
In Tucker v. Waddell,50 police officers in North Carolina obtained the plaintiff's telephone records from GTE South using improper subpoenas. The plaintiff sued the City of Durham for violations of her rights under the ECPA. The Fourth Circuit, in interpreting section 2703(c)(1)(B) of the ECPA, held that the language of subsection (c) does not expressly bar any action by governmental entities, but only prohibits the actions of electronic communications providers and remote computing services. The court noted that "the inclusion, within the same section, of two subsections limiting governmental access to information and one subsection limiting provider disclosure of information makes the distinction between the two eminently clear."51
Conversely, in Timothy R. McVeigh v. William Cohen,52 the D.C. district court issued a preliminary injunction forbidding the U.S. Navy from discharging a sailor for violating the "don't ask, don't tell" policy as the result of statements made in his AOL profile. A Navy employee received an e-mail message regarding a children's toy-drive from the alias "boysrch," signed by "Tim." The employee searched AOL's member profile directory in an attempt to identify the actual sender and later learned that "boysrch" was a man named Tim who lived in Hawaii, worked in the military, and identified himself as homosexual. Having communicated with the plaintiff on other occasions with respect to the toy-drive, the employee forwarded this material to her husband, who was an officer on the same ship as the plaintiff. Eventually, the message was forwarded to the plaintiff's commanding officer. A Navy paralegal contacted America Online to confirm that the profile of "boysrch" was indeed that of plaintiff; upon verification, the Navy proceeded to discharge the plaintiff for making a "statement of homosexuality" in violation of the "don't ask, don't tell" policy. The plaintiff filed an action against the Navy, alleging that the government violated his rights under the ECPA. The district court, also interpreting section 2703(c)(1)(B), concluded that the section must be read in the context of the statute as a whole, with the ultimate purpose being to protect consumer privacy. Thus, this court held that subsection (c) provides a cause of action against the government as well as the service providers.
Federal Trade Commission Proposal
The FTC, after conducting its June 1998 survey, proposed a legislative model that identifies four elements necessary to protect consumer privacy on commercial Web sites. The directive would require operators to: (1) provide notice to consumers on how their personal information is used; (2) give consumers a choice about whether and how their information is used; (3) provide security for personal information collected; and (4) allow consumers access to their own information to promote accuracy. The FTC subsequently charged GeoCities, Inc., with violating the FTC Act by misrepresenting to users that personal information collected through membership applications would be used only to provide members with requested advertising, and that "optional" information given in the application would not be released.53 The FTC and GeoCities reached a settlement under which GeoCities agreed to post a privacy notice explaining to members what information is collected, the purpose for which it is collected, third parties to whom the information will be released, and procedures by which members can view and remove their information.54 This settlement is generally regarded as a model for OSP privacy statements.55 However, absent further legislation or self-regulation, OSPs may decide to protect themselves from liability by not issuing a privacy policy statement, thereby avoiding the possibility of its being deemed deceptive.56
As the issue of online privacy has become more controversial, the government has recognized the need for further protections in the private arena. However, progress has been slowed by the desires of both the public and private sectors to allow self-regulation of the Internet. Indeed, the Clinton administration is still attempting to implement self-regulation, even as Congress is pushing for legislation to limit the rights of Web sites to collect personal information without the consent of users.57
Several private organizations have begun the self-regulation process. Services like TRUSTe and BBBOnline (Better Business Bureau) work to promote the appropriate use of personal data by requiring participating Web sites to disclose their collection process to users.58 These organizations will also investigate complaints from consumers who suspect their privacy rights have been abused by a member Web site. However, the majority of sites do not participate in these programs. TRUSTe had only about 500 members as of April 1999, although this included many of the largest sites such as Yahoo! and Microsoft. BBBOnline, which started in March 1999, had fewer than 100 approved participants as of August 1999, although members included several large companies such as Amazon and Dell Computers. Both Microsoft Explorer and Netscape Navigator give the user the option of setting a preference that alerts the user each time a site tries to send a cookie. The user can choose to refuse the cookie but still enter the Web site. There are also companies that have developed software that either blocks cookies or allows the user to set cookie preferences.59
Although the collection of personal data is the major focus of privacy concerns regarding the Internet, there are other invasion of privacy causes of action that require revamping with regard to the Web. An example is the privacy tort of intrusion that traditionally arises when the personal space of the plaintiff is invaded either physically or visually.60 The typical online intrusion occurs through "spamming," the mass distribution of unsolicited and unwanted e-mail. Courts are rapidly confronting spammers and so far have consistently held in favor of plaintiffs.61 Congress is also attacking this issue, and in June 1997, the Electronic Mailbox Protection Act of 199762 was introduced to protect consumers and OSPs from such unsolicited e-mails.
With the uncertainties the Internet has generated in traditional privacy law, it might be wise to protect one's privacy with cyber-generated tools such as encryption. Encryption allows an individual, using a cryptographic algorithm and a key, to turn a message into gibberish. Once the message is sent to the intended recipient, the gibberish is decoded and becomes readable.63 The strongest type of safeguard is public key encryption, where whatever has been encoded with one key can be decoded only by the person with its complement. This encryption method is used by Web browsers to enable confidential transmission of credit card numbers.64 Of course, the ability to transmit "secret" messages makes it easier to send harmful or criminal communications. The government will want to ensure that it has a way to decode encrypted messages obtained with a warrant. However, even if the government preserves this power, it should be limited to criminal situations.
Conclusion
There are no definite answers on how defamation and privacy laws will develop in order to encompass online violations. It remains to be seen whether the federal government will intervene or continue to depend on self-regulation. Legislation thus far has established only limited protections via the CDA and the ECPA, and the courts have yet to address the elements of defamation in an online context. Cases have focused to this point on whether an OSP can be held liable for content posted by a third party and on the proper interpretation of section 230 of the CDA. Critical jurisdictional issues need to be resolved before either the U.S. government or courts can enforce defamation or privacy laws on the Internet. Accordingly, an international solution will likely be necessary in order to regulate ongoing Internet abuses. While this may solve the problems encountered by current privacy and defamation laws, it may also mean that the U.S. Constitution will become secondary to international law when the action involves the global environment of Internet communications.
There is a spark of hope, however. "Virtual Magistrate" has developed as an alternative dispute resolution program on the Internet. For a minimal fee, users can participate in nonbinding arbitration designed to resolve disputes arising from statements published online.65
Endnotes
1. See generally, ROBERT D. SACK, SACK ON DEFAMATION, LIBEL, SLANDER, AND RELATED PROBLEMS (3d ed. 1999).
2. Id.
3. Id.
4. Cubby, Inc. v. CompuServe, Inc., 776 F. Supp. 135 (S.D.N.Y. 1991).
5. 776 F. Supp. at 141.
6. Id. at 143.
7. Id. at 140.
8. Stratton Oakmont, Inc. v. Prodigy Serv. Co., 23 Media L. Rep. (BNA) 1794 (N.Y. Sup. Ct. 1995).
9. Id. at 1795.
10. Id. at 1797.
11. 47 U.S.C. § 230.
12. Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997), cert. denied, 118 S. Ct. 2341 (1998).
13. Id. at 330-31.
14. See Blumenthal v. Drudge, 992 F. Supp. 44 (D.D.C. 1998); Aquino v. Electriciti, Inc., 26 Media L.
Rep. (BNA) 1032 (Cal. Super. Ct. 1997); Doe v. America Online, Inc., 718 So. 2d 385 (4th Fla. Dist.
Ct. App. 1998), review granted, 729 So. 2d 390 (Fla. Apr. 12, 1999); Lunney v. Prodigy Serv. Co., 683
N.Y.S.2d 557 (N.Y. App. Div. 2d Dep't 1998).
15. Online Liability Issues: Defamation, Privacy and Negligent Publishing, 520 PLI/Pat. 707, 730 (1998).
16. Id.
17. Id.
18. See Philadelphia Newspapers, Inc. v. Hepps, 475 U.S. 767, 773, cert. denied, 475 U.S. 1134 (1986).
19. 520 PLI/Pat at 733-34.
20. See Reader's Digest Ass'n v. Superior Court, 37 Cal. 3d 244, 254 (1984), cert. denied, 478 U.S. 1009 (1986).
21. Cyberspace Liability, 523 PLI/Pat. 123, 161 (1998).
22. It's In The Cards, Inc. v. Fuschetto, 535 N.W.2d 11 (Wis. Ct. App. 1995).
23. Id. at 14.
24. Id.
25. 523 PLI/Pat. at 163.
26. Id. at 164; see, e.g., UNIFORM CORRECTION OR CLARIFICATION OF DEFAMATION ACT § 6(b)(1) (1993); CAL. CIV. CODE § 48a(2) (1997); FLA. STAT. ANN. § 770.02(1) (1997).
27. Id. at 169.
28. See ProCD, Inc. v. Zeidenberg, 86 F.3d 1447 (7th Cir. 1996); Hill v. Gateway 2000, Inc., 105 F.3d 1147 (7th Cir. 1997), cert. denied, 118 S. Ct. 47 (1997).
29. 523 PLI/Pat. at 169.
30. Id.
31. See Zeidenberg, 86 F.3d at 1447; Hill, 105 F.3d at 1147.
32. Michael H. Spencer, Anonymous Internet Communication and the First Amendment: A Crack in the Dam of National Sovereignty, 3 VA. J.L. & TECH. 1 (1998).
33. See, e.g., V.T.C.A. CIV. PRAC. & REM. CODE § 16.002.
34. See Thomas v. Collins, 323 U.S. 516 (1945); Watkins v. United States, 354 U.S. 178 (1957); NAACP v. Alabama ex rel. Patterson, 357 U.S. 449 (1958).
35. Spencer, supra note 32.
36. Id.
37. Id.
38. Mark A. Lemley, Rights of Attribution and Integrity in Online Communications, 1995 J. ONLINE L. art. 2, 38.
39. Id.
40. Michael Froomkin, Anonymity and Its Enmities, 1995 J. ONLINE L. art. 4, 31-35.
41. Cyberspace Liability, 523 PLI/Pat. 123, 173 (1998).
42. Id.
43. INFORMATION INFRASTRUCTURE TASK FORCE, PRIVACY AND THE NATIONAL INFORMATION INFRASTRUCTURE: PRINCIPLES FOR PROVIDING AND USING PERSONAL INFORMATION (1995).
44. Jerry Kang, Information Privacy in Cyberspace Transactions, 50 STANFORD L. REV. 1193, 1238 (1998).
45. FEDERAL TRADE COMMISSION, PRIVACY ONLINE: A REPORT TO CONGRESS (June 4, 1998).
46. 18 U.S.C. §§ 2510-2522; 2701-2709; 3121-3126 (1988 & Supp. 1994).
47. Kang, supra note 44, at 1234-35.
48. 18 U.S.C. §§ 2510-2522; 2701-2709; 3121-3126 (1988 & Supp. 1994).
49. Id.
50. Tucker v. Waddell, 83 F.3d 688 (4th Cir. 1996).
51. Id. at 693.
52. Timothy R. McVeigh v. William Cohen, 983 F. Supp. 215 (D.D.C. 1998).
53. In re GeoCities, Inc., FTC, File No. 9823015 (1998).
54. Id. (settlement reached Aug. 13, 1998).
55. Internet Law Developments, 538 PLI/Pat 1051, 1087 (1998).
56. Id.
57. See, e.g., Data Privacy Act of 1997, H.R. 2368, 105th Cong. (1998); Consumer Internet Privacy Protection Act of 1997, H.R. 98, 105th Cong. (1997); Communications Privacy and Consumer Empowerment Act, H.R. 1964, 105th Cong. (1997).
58. U.S. Still Pushing for Self-Regulation of the Internet Regarding Privacy Issues, REUTERS (Apr. 9, 1999). See Communications Media Center at New York Law School .
59. Cyberspace Liability, 523 PLI/Pat 123, 174 (1998).
60. See Miller v. National Broadcasting Co., 187 Cal. App. 3d 1463 (Cal. App. 2d Dist. 1986).
61. See Cyber Promotions, Inc. v. America Online, Inc., 948 F. Supp. 436 (E.D. Pa. 1996); CompuServe, Inc. v. Cyber Promotions, Inc., 962 F. Supp. 1015 (S.D. Ohio 1997).
62. S. 875, introduced by Sen. Robert Torricelli on June 11, 1997.
63. Kang, supra note 44, at 1241.
64. Id. at 1242.
65. The Virtual Magistrate project is located at www.law.vill.edu.
Sheri Hunter is an associate in the corporate/intellectual property section in the firm of Jackson Walker L.L.P., in Austin, Texas