AOH :: DEFAMATI.TXT
This is a text file about defamatory liability hassles that can ensuon a BBS
|
D E F A M A T I O N L I A B I L I T Y
O F C O M P U T E R I Z E D
B U L L E T I N B O A R D O P E R A T O R S
A N D P R O B L E M S O F P R O O F
John R. KahnCHTLJ CommentComputer Law SeminarUpper Division WritingFebruary, 1989
---
D E F A M A T I O N L I A B I L I T Y
O F C O M P U T E R I Z E D
B U L L E T I N B O A R D O P E R A T O R S
A N D P R O B L E M S O F P R O O F
John R. KahnCHTLJ Comment/Upper Division Writing/Computer Law Seminar
February, 1989
_________________________________________________________________
I. INTRODUCTION
A computer user sits down at her personal computer, turns it on, and has
it dial the number of a local computerized bulletin board service (BBS)
where she has been exchanging opinions, information, electronic mail,
and amicable conversation with other users. Upon connecting with the
BBS, she enters a secret "password", presumably known only to herself
and to the bulletin board operator, so as to gain access to the system.
To her surprise, she finds herself deluged with lewd electronic mail
from complete strangers and hostile messages from persons with whom she
believed she was on friendly terms. The messages read: "Why did you call
me a worthless son-of-a ----- yesterday? I really thought we could be
friends, but I guess I was wrong"; "Hey, baby, I liked your fetish you
were telling me about yesterday: call me at home, or I'll call YOU";
and, "Why didn't you get around to telling me about your venereal
disease sooner?". Yet our user has not called this BBS in weeks and has
never made any of these statements. Dismayed and angered, the
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 2----------------------
user comes to realize that she is the victim of computerized bulletin
board abuse.
A personal computer hobbyist (hereafter "SYSOP") who operates a
computerized bulletin board system notices a rash of heated arguments,
profanity and complaints being reported to him by users on what had been
a forum for the peaceful exchange of ideas. Investigating the
complaints, he discovers that previously responsible users have suddenly
and uncharacteristically been leaving insulting, rude and false messages
about other users on the bulletin board. One user is so enraged about a
public message accusing her of sexual misadventures that she is
threatening to sue the computer hobbyist in libel for having permitted
the message to appear. The SYSOP realizes that both he and his
subscribers have suffered computerized bulletin board abuse.
The aggravating force behind both the above situations is most likely a
third user (known hereafter as "the masquerader") who maliciously
exploits both his computer knowledge and his access to BBSes. Since the
masquerader has discovered the password and name of the regular user,
and uses them to access bulletin boards, he appears for all intents and
purposes to be that regular user. The computer thus believes it has
admitted a legitimate subscriber to its database when it has in fact
given almost free reign to a reckless hacker. The masquerader, posing as
another legitimate user, is then free to portray that user in whatever
light he pleases and also to harass other users of the bulletin board.
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 3----------------------
When validated users later discover that someone else has been
impersonating them, they invariably cancel their subscriptions to that
BBS and often bring a defamation action against its SYSOP for the
smearing of their good names. Conversely, the SYSOP, in an effort to
avoid liability, reluctantly engages in monitoring each and every piece
of information posted daily by hundreds of users. If the SYSOP chooses
instead to stop running his BBS altogether, another efficient and
valuable forum for ideas is lost.
What sort of defamation action may be maintained by the wrongfully
disparaged user? Is the computerized bulletin board offered by the SYSOP
subject to the stricter self-scrutiny of newspapers, or does it operate
under some lesser standard? How may the initial party at fault - the
masquerader - be held accountable for his computerized torts?
The scope of this Comment will be to examine the defamation liability of
computerized BBS operators and evidentiary proof issues that arise in
tracing computerized defamation to its true source. Other possible Tort
causes of action - intentional infliction of emotional distress,
invasion of privacy, trespass to chattels - are not addressed. It is
assumed throughout that the plaintiff is a private person and that the
issues involved are not matters of "public interest" as defined in Gertz
v. Robert Welch, In c.1
A. Background
Computerized BBSes exist as a quick, easy and efficient way to acquire
and exchange information about the entire
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 4----------------------
spectrum of interests.2 The growing popularity of these electronic
forums was demonstrated in a recent study which numbered BBSes at more
than 3,500 nationwide.3 The size and complexity of computerized BBSes
range from relatively simple programs, run on privately-owned
microcomputers with a few hundred subscribers, to vast, multi-topic
database systems with nationwide lists of subscribers and operated for
profit.4
The process of reaching, or "accessing" one of these bulletin boards is
quite simple: all that is required is a computer, a computer program
that allows the computer to communicate over the phone lines, and a
"modem" (a device which converts the computer's electrical signals into
acoustic impulses, defined infra).5 Once she has accessed the BBS, the
caller is free to trade useful non-copyrighted computer programs,
exchange ideas on a host of topics, post electronic mail for later
reading by others, and much more.6 The ease with which most BBSes may be
accessed and the wealth of interests to be found there ensure that they
will continue to be important sources of information and discourse.
However, the speed and efficiency of computerized BBSes also subject
them to serious, wide-ranging civil and criminal abuse. Recently a young
computer user paralyzed several major computer systems across the nation
by sending a harmful computer program (or "worm") to them over telephone
lines. The worm quickly replicated itself in the computers' memories and
thus decreased their output capacities.7 Further, certain computer
abusers (known as "hackers") use the power of the computerized
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 5----------------------
forum to ply illegal copies of copyrighted programs, bilk hundreds of
millions of dollars annually from credit card and phone companies, and
to wrongfully access others' data files.8 A minority of other BBSes
exist mainly to circulate racist ideologies.9
What is more, it now appears that the ancient tort of defamation is
actively being practiced through the use of computerized BBSes.10
Due to the almost ethereal way computerized BBSes operate - one
person may conveniently leave an electronic message for others to
respond to at their leisure and there is no need for the parties to
converse directly or even to know each other11 - the risk of detection
when the BBS is abused is lower than that for defamation practiced in
the print media.12 Difficulties arise with identifying the true party at
fault and with authenticating the computer records as evidence of the
defamation.13 Adding to this problem is an uncertainty in the laws
concerning the appropriate liability of SYSOPs for defamatory messages
on their BBSes of which they were unaware.14
B. Definitions
The following are brief definitions of some important technical terms
connected with electronic BBSes:
SYSOP: An abbreviation for "System Operator", this is the individual
generally responsible for organizing information and for
trouble-shooting on a computerized bulletin board. On larger bulletin
boards covering hundreds of topics, several SYSOPS may be in charge of
maintaining information contained in
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 6----------------------
separate discrete fields.15 But when the BBS is privately owned and
operated, a single SYSOP may very well oversee all aspects of the
board's operations, in addition to being able to access all his users'
passwords and personal information.16
Modem: An abbreviation for "Modulator/Demodulator". This is a device
which links a computer to an ordinary phone line and converts computer
signals to auditory phone signals. A computer modem on the other end of
the transmission then reverses the process. Computers using modems
transfer data rapidly across phone lines and thus share information.17
Validation: Basically this is a set of procedures used by responsible
SYSOPs to do everything reasonably possible to verify that the personal
information supplied by a user is true and correct. Common sense and
emerging legal standards dictate that the SYSOP should not merely rely
on the name provided by a potential user when the SYSOP does not
personally know that individual. The SYSOP may be required to
independently corroborate the prospective subscriber's information by
first asking the potential user's name, address and phone number and
then by checking that information with directory assistance.18 These
procedures will hopefully aid the operator in identifying wrongdoers if
misuse occurs;19 however, as will be seen, these procedures are by no
means foolproof.
Database: Any collection of data in a computer for purposes of later
retrieval and use, i.e., names, addresses, phone numbers, membership
codes, etc.
User: Anyone who accesses a computerized bulletin board
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 7----------------------
system and is exposed to the information stored there. Users may be
identified by their true names, by an assigned numerical code, or by
colorful "handles", or "usernames."20
Operating System: This is a program which controls the computer's basic
operations and which recognizes different computer users so that their
actions do not interfere with one another.21 For example, most
multi-user operating systems will not allow one user to delete another's
data unless the second user gives explicit permission.22 BBS system
software programs perform this function through their use of "accounts"
and "passwords":23 private electronic mail sent to a particular user may
not be read or delet ed by others. The BBS' operating system is also
designed to deny access to those attempting to log on under an
unvalidated or unrecognized name.24
Account/Username: As another part of BBS system security, each user
chooses an "account", or "username", consisting of one to eight letters
or numbers.25 The BBS' operating system then will not allow commands
issued by one user of one account to modify data created by another
account;26 nor will it grant access to an account that has been
terminated or invalidated.
Password: Yet another aspect of BBS system security is the use of
"passwords" as a prerequisite to accessing the computer system. Most
operating systems require the user to enter both her account name and
password to use the account.27 Because electronic mail cannot be sent
without the username to which it is being addressed, and because the
account cannot be
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 8----------------------
used without knowledge of the password, usernames are generally public
knowledge while passwords are a closely-guarded secret, known only to
the user and the operating system.28
Teleprocessing: This is defined as accessing a computer from a remote
location, usually over a telephone line or similar communications
channel.29
Uploading/Downloading: For purposes of exchanging computer programs or
electronic mail over the phone lines, the process of transferring
information from one's personal computer to the bulletin board is called
uploading. The reverse process - transferring information from a
bulletin board to a personal computer - is known as downloading.30
II. DEFAMATION LIABILITY OF COMPUTERIZED BBS OPERATORS
A. Computerized Defamation: Libel or Slander?
Libel is the "publication of defamatory matter by written or printed
words, by its embodiment in physical form, or by any other form of
communication that has the potentially harmful qualities characteristic
of written or printed words."31 Publication of a defamatory matter is
"its communication intentionally or by a negligent act to one other than
the person defamed."32 A communication is defamatory if it "tends to so
harm the reputation of another as to lower him in the estimation of the
community or to d eter third persons from associating or dealing with
him."33 The difference between libel and slander has traditionally
depended upon the form of the communication: oral defamation generally
is considered slander, while written
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 9----------------------
defamation is generally considered libel.34 The distinction is
important, because libel requires no proof of special damages and is
actionable by itself, while slander generally requires proof of special
damages in order to be actionable.35
However, with the advent of electronic media, the traditional
libel/slander distinctions as they apply to sight and hearing are no
longer valid. For example, passing defamatory gestures and signals,
though visible to sight, were considered slander;36 an ad-libbed
statement on a telecast impugning a person's financial status was found
to be libel.37
It has been suggested that the real distinction between libel and
slander is the threat and magnitude of harm to reputation inherent in
the form of publication.38 Libel has been historically associated with
writings because (1) a writing is made more deliberately than an oral
statement; (2) a writing makes a greater impression to the eye than does
an oral statement to the ear; (3) a writing is more permanent than
speech; and (4) a writing has a wider area of dissemination than
speech.39 These four qualities inherent in a writing made the possible
harm to reputation greater than mere spoken words. In applying libel to
the new form of computerized communication used on BBSes, the
potentiality for harm to reputation is significant, and should again be
considered the controlling factor.
In our hypothetical situation, the user discovered that another user
(the masquerader) had usurped her account name and password, causing her
great embarrassment and humiliation. The
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 10----------------------
act of prying into and taking another's computer information to misuse
it elsewhere would indicate a certain deliberation on the actor's part
to spread defamatory messages. Secondly, the defamatory message is
displayed to other users on their computer monitors in the form of
electronic characters, making a visual impression. Third, this
electronic defamation is more permanent than mere words because it is
stored in the BBS' memory until erased by the user or SYSOP. Finally,
the message arguably has a wider area of dissemination than a one-to-one
spoken defamation because, as a message on an electronic BBS, it has the
potential of being viewed by hundreds, perhaps thousands, of users each
day. Based on these four criteria, the capacity for harm to our user's
reputation due to the masquerader's activities is indeed great enough to
be considered libellous.
B. Defamation Liability of the SYSOP
Having established the electronic message as being libellous, the next
issue is to determine the extent of liability for the SYSOP who
unknowingly permits the message to be communicated over his BBS. Case
law indicates that the SYSOP's liability depends upon the type of person
defamed and on the subject matter of the defamation.
1. Degree of fault required
The United States Supreme Court has addressed modern defamation
liability in two major decisions. Both conditioned the publisher's
liability on the type of person defamed and on the content of the
defamation. In New York Times v. Sullivan,40 the Court determined that
in order for a public official to
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 11----------------------
recover damages in a defamation action, the statement must be shown to
have been made with "actual malice", i.e., with knowledge of its falsity
or with reckless disregard for its truth.41 Due to society's interest in
"uninhibited, robust and wide-open" debate on public issues, neither
factual error nor defamatory content sufficed to remove the First
Amendment's shield from criticism of an official's conduct.42
The Supreme Court further elaborated on defamation liability standards
in the private and quasi-private sphere when it decided Gertz v. Robert
Welch, Inc.43 In Gertz, the publisher of a John Birch Society newsletter
made certain false and inaccurate accusations concerning an attorney who
represented a deceased boy's family. The family had civilly sued the
policeman who murdered the boy. In rebutting what he perceived to be a
secret campaign against law and order, the publisher labelled the
family's attorney a "Leninist" and "Communist-fronter".44 In addition,
the publisher asserted that the attorney had been a member of the
National Lawyers Guild, which "'probably did more than any other outfit
to plan the Communist attack on the Chicago police during the 1968
Democratic Convention.'"45 In publishing these statements throughout
Chicago, the managing editor of the Birch Society newsletter made no
effort to verify or substantiate the charges against the attorney.46
The Supreme Court held in Gertz that while First Amendment
considerations protect publications about public officials47 and about
"public figures"48, requiring a showing of "actual malice" before
defamation damages could be recovered,
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 12----------------------
the same was not true for defamation suits brought by private
citizens49, a group to which the attorney was held to belong.50 Private
citizens were seen as deserving more protections from defamation than
public officials or public figures, so they were not required to show
"actual malice" as a precondition to recovery.51 The Court then left it
to the states to decide the precise standard of liability for defamation
of private individuals, so long as liability without fault was not the
standard.52
By Gertz, then, the appropriate standard of liability for publicizing
defamation of private parties falls somewhere below actual malice and
above strict liability. The problem with defining the defamation
standard for computerized BBS operators, however, is a lack of uniform
standards. In such circumstances, the objective "reasonable person"
standard will likely be applied to the SYSOP's actions.53 Several cases
may be usefully applied by analogy.
The court in Hellar v. Bianco54 held that a bar proprietor could be
responsible for not removing a libellous message concerning the
plaintiff's wife that appeared on the wall of the bar's washroom after
having been alerted to the message's existence.55 The court noted that
"persons who invite the public to their premises owe a duty to others
not to knowingly permit their walls to be occupied with defamatory
matter.... The theory is that by knowingly permitting such matter to
remain after reasonable opportun ity to remove [it], the owner of the
wall or his lessee is guilty of republication
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 13----------------------
of the libel."56 The Hellar court then left the ultimate determination
of the bar owner's negligence to the jury.57 This holding seems to be in
accord with the Restatement of Torts, which provides:
PUBLICATION:
(2)One who intentionally and unreasonably fails to remove
defamatory matter that he knows to be exhibited on land or
chattels in his possession or under his control is subject to
liability for its continued publication.58
Contrarily, however, the Ohio court of appeals in Scott v. Hull59 found
that the building owner and agent who had control over a building's
maintenance were not responsible for libel damages for graffiti
inscribed by an unknown person on an exterior wall.60 The court
distinguished Hellar by noting that in Hellar the bartender
constructively adopted the defamatory writing by delaying in removing it
after having been expressly asked to do so:
"It may thus be observed from these cases that where liability is found
to exist it is predicated upon actual publication by the defendant or on
the defendant's ratification of a publication by another, the
ratification in Hellar v. Bianco...consisting of at least the positive
acts of the defendants in continuing to invite the public into their
premises where the defamatory matter was on view after the defendants
had knowledge of existence of same."61
The Scott court held that defendants could only be responsible for
publishing a libellous remark through a positive act, not nonfeasance;
thus, their mere failure to remove the graffiti from the building's
exterior after having it called to
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 14----------------------
their attention was held not to be a sufficient basis of liability.62
A situation similar to Scott arose recently in Tackett v. General Motors
Corporation.63 There, an employee brought a libel suit against his
employer for, inter alia, failing to remove allegedly defamatory signs
from the interior wall of its manufacturing plant after having notice of
their existence. One large sign remained on the wall for two to three
days while a smaller one remained visible for seven to eight months.64
Instead of focussing on the Scott malfeasance/nonfeasance test,65 the
Tackett court con sidered defendant's implied adoption of the libellous
statement to be the correct basis of liability.66 While saying that
failure to remove a libellous message from a publicly-viewed place may
be the equivalent of adopting that statement, and noting that Indiana
would follow the Restatement view "when the time comes,"67 the Tackett
court held that the Restatement view could be taken too far. Citing
Hellar, the court wrote:
The Restatement suggests that a tavern owner would be liable if
defamatory graffiti remained on a bathroom stall a single hour after the
discovery [Citation to Hellar]. The common law of washrooms is
otherwise, given the steep discount that readers apply to such
statements and the high cost of hourly repaintings of bathroom stalls
[Citation to Scott]. The burden of constant vigilance exceeds the
benefits to be had. A person is responsible for statements he makes or
adopts, so the question is whether a reade r may infer adoption from the
presence of a statement. That inference may be unreasonable for a
bathroom wall or the interior of a subway car in New York City but
appropriate for the interior walls of a manufacturing
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 15----------------------
plant, over which supervisory personnel exercise greater supervision and
control. The costs of vigilance are small (most will be incurred
anyway), and the benefits potentially large (because employees may
attribute the statements to their employer more readily than patrons
attribute graffiti to barkeeps).68
According to this reasoning, then, the location and length of time the
libel is allowed to appear plays an integral part in determining whether
a given defendant has adopted the libel, and thus has published it.
An application of the foregoing analysis to the issue at hand highlights
the need for greater care in allowing the posting of electronic mail
messages on a BBS. The Tackett court noted that while the content of
graffitti scrawled on bathroom walls might be subject to healthy
skepticism by its readers, the same might not be true for other
locations such as interiors of subway cars or manufacturing plant
walls.69 If this is true, then it is reasonable to assume that a
defamatory message displayed in a forum f or the exchange of ideas is
more apt to be taken seriously by its readers - especially when the
libellous
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 16----------------------
message purports to be written by the subject of the libel.70
Further, the Tackett court indicated that the high cost of repainting
bathroom stalls by the hour outweighed its perceptible benefits. The
same is not true for electronic BBSes, where the costs of prevention are
minimal in light of the threat of widespread harm to users'
reputations.71
2. Damages
Once the plaintiff establishes that the SYSOP failed to act reasonably
in removing statements known to be libellous from his BBS or in
negligently failing to prevent their appearance there,72 no proof of
special damages is necessary as libel is actionable per se.73 The
state's interest in protecting private reputations has been held to
outweigh the reduced constitutional value of speech involving matters of
no public concern such that presumed and punitive damages may be
recovered absent a showing of actual malice.74
The proper gauge of liability has again raised some questions.75 One
writer has noted that if the burden of proof is
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 17----------------------
to rest on the plaintiff, she may be at a disadvantage in producing
sufficient evidence to demonstrate negligent conduct on the part of the
SYSOP.76 Solutions to this problem have ranged from a rebuttable
presumption of negligence in favor of the plaintiff77 to adoption of a
set of standards similar to those set out in the Federal Fair Credit
Reporting Act.78 In either event, damage awards for computer abuse have
been addressed both by federal and state law.79
3. Suggestions
Because computerized BBSes are still a relatively new technological
phenomena, consistent standards for SYSOPs' duties have yet to be
developed.80 However, at least one users' group has adopted a voluntary
code of standards for electronic BBSes, applicable to both users and
SYSOPs of boards open to the general public:
SCOPE:
This Minimum Code of Standards applies to both users and SYStem
Operators (SYSOPs) of electronic bulletin boards available to the
general public.
FREEDOM OF SPEECH AND IDEAS
Each user and SYSOP of such systems shall actively encourage and promote
the free exchange and discussion of information,
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 18----------------------
ideas, and opinions, except when the content would:- Compromise the
national security of the United States.- violate proprietary rights.-
violate personal privacy,- constitute a crime,- constitute libel, or-
violate applicable state, federal or local laws and regulations
affecting telecommunications.
DISCLOSURE
Each user and SYSOP of such system will:- disclose their real name, and-
fully disclose any personal, financial, or commercial interest when
evaluation any specific product or service.
PROCEDURES
SYSOPS shall:
-review in a timely manner all publicly accessible information, and
-delete any information which they know or should know conflicts
with this code of standards.
A 'timely manner' is defined as what is reasonable based on the
potential harm that could be expected. Users are responsible for:
-ensuring that any information they transmit to such systems
adheres to this Minimum Code of Standards, and
-upon discovering violations of the Minimum Code of Standards,
notifying the SYSOP immediately.
IMPLEMENTATION
Electronic bulletin board systems that choose to follow this Minimum
Code of Standards shall notify their users by publishing this Minimum
Code, as adopted by the [Capitol PC Users Group], and prominently
display the following:'This system subscribes to the Capitol PC Users
Group Minimum Code of Standards for electronic bulletin board
systems.'81
While non-binding on publicly-accessible BBSes, the above guidelines
furnish sound basic policies that all SYSOPs might use in shielding
themselves from defamation liability. Our hypothetical at the beginning
of this Comment described a situation where a malicious intruder was
able to access and
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 19----------------------
masquerade as a validated user on a BBS; the following are some
additional computer security measures that the reasonable SYSOP could
conduct to avoid that situation:
a. Special "screening" software: One writer has suggested discouraging
potential BBS misuse through programming the BBS to reject those
messages containing common defamatory and obscene language;82 such a
program would discard a message containing any of those terms and would
presumably notify the SYSOP of their presence. Drawbacks to this
procedure are that computer programs cannot understand all the nuances
of libellous messages83 and would thus lead to the rigid deletion of
many otherwise legitimate mess ages.84
b. Unique passwords: A more fundamental and economical approach would be
for the SYSOP to both notify all new users about the potential for
computerized BBS abuse and to encourage their use of a unique password
on each BBS they call. This would have the practical effect of keeping a
masquerader from using the names and passwords found on one BBS to
wrongfully access and masquerade on other BBSes. A drawback to this
procedure is that the truly malicious masquerader may still discover a
BBS' most sensitive us er records by way of a renegade computer program
called a "trojan horse".85 However, one could speculate that the SYSOP
acts reasonably in informing potential users of the existing threat and
in helping them avoid it.
c. Encryption: This is essentially a way for the SYSOP to make the
users' passwords unique for them. The power of the computer allows
complex algorithms to be applied to data to
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 20----------------------
encode it in such a way that, without the key to the code, it is
virtually impossible to decode the information.86 This technique would
have the added benefit of forcing the masquerader, upon accessing the
BBS with a trojan horse program, to search for the secret decoding
algorithm in addition to the BBS' secret user files. Indeed, it is
conceivable that a special encryption or password could be devised to
allow only the SYSOP access to the BBS' decoding algorithm. However,
encryption involves a significant overhead - impractical for most small,
privately-operated BBSes - and is more frequently used to protect
messages from one system to another where the data is vulnerable to
interception as it passes over transmission lines.87
d. Prompt damage control: In accord with Hellar,88 the Restatement
(Second) of Torts,89 and possibly Tackett,90 a SYSOP acts reasonably in
promptly assisting the libelled user to partially reverse the effects of
the masquerader's actions. Recall that in those instances a defendant
was held to have impliedly adopted a defamatory statement by acting
unreasonably slowly in removing it from his property once having been
made aware of it.91 While it may be unreasonable to expect the SYSOP to
monitor each message posted every day - especially where the defamatory
message appears to have been left by the true user - it is not too much
to require the SYSOP to quickly remedy security flaws in his BBS as they
are pointed out to him.92 To this end, the SYSOP has several options. In
situations where the defaming user libels another without masquerading
as the libelled party, the SYSOP could simply delete the defamer's
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 21----------------------
account. In situations where a user masquerading as another posts a
libellous message, the SYSOP could publish a retraction to all his
subscribers, urging them to use a different password on each BBS they
call. Further, where a masquerader published the libel, the SYSOP should
offer his full cooperation to the maligned user in tracking down the
time and date the libellous message was posted93 in order to better
limit the SYSOP's liability.
Certain BBS SYSOPs claim that holding them liable for information
appearing on their BBSes violates their First Amendment rights by
restricting their right to free speech94 and by holding them responsible
for the libel perpetrated by the
From kadie Sat Oct 12 09:53:46 1991To: cafb-mail~Subject: Computers and
Academic Freedom mailing list (batch edition)Status: R
Computers and Academic Freedom mailing list (batch edition)Sat Oct 12
09:53:27 EDT 1991
[For information on how to get a much smaller edited version of thelist,
send email to archive-server@eff.org. Include the line: send
acad-freedom caf- Carl ]
In this issue:
The addresses for the list are now: comp-academic-freedom-talk@eff.org
- for contributions to the list or caf-talk@eff.orglistserv@eff.org -
for automated additions/deletions (send email with the line "help" for
details.)caf-talk-request@eff.org - for administrivia
-------------------
masquerader. It has been suggested that the SYSOP should be held to the
same standard of liability as a neighborhood supermarket which furnishes
a public bulletin board:95 just as the supermarket would not be liable
for posting an advertisement for illicit services, so should the BBS
SYSOP escape liability for libellous messages left on his board,
especially when its poster appears to be a validated user.96
However, this comparison lacks merit for the reasons given by the
Seventh Circuit in Tackett v. General Motors Corporation.97 The
defendant's liability in that case rested on its publication of libel by
implicitly adopting the statement.98 Defendant's failure to remove a
defamatory sign painted on one of the interior walls of its factory for
seven or eight months after discovering its presence was such that "[a]
reasonable person could conclude that Delco 'intentionally and
unreasonably
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 22----------------------
fail[ed] to remove' this sign and thereby published its contents."99
There would certainly be accomplice liability if the supermarket
unreasonably delayed removing an advertisement for illegal services from
its bulletin board once it was made aware of it. The market could be
seen as having adopted the ad's statements by not acting responsibly to
its viewing public. Similarly, a SYSOP would be liable for defamatory
messages posted on his BBS - even by what appears to be the true user -
if he fails to act reasonably by using his computer skill to eviscerate
the libel.100 While the computerized BBS may be nothing more than a
hobby of the SYSOP, the speed with which it can disseminate potentially
damaging information among its users demands the standards of
responsibility described above.
C. Defamation Liability of the Masquerader
1. Degree of fault required
It should be noted that the liability and proof issues concerning the
SYSOP and masquerader are inverse. As to the SYSOP who allows libellous
messages to be posted on his BBS, his liability may be inferred simply
by those messages having appeared there;101 however, his degree of fault
- actual malice or simple negligence - is subject to debate.102
Conversely, while the masquerader's degree of fault is clearly
evident,103 tracing that fault back to him is a more elusive matter.104
The requisite degree of fau lt for masqueraders is set out in federal
and state law.105
2. Damages
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 23----------------------
Assuming arguendo that the masquerader's defamatory publications have
been successfully traced back to him by the plaintiff, actual and
punitive damages may then be recovered from him based on his knowledge
of the publication's falsity or reckless disregard for its truth.106
Federal and state law have also specified certain remedies.107
III PROBLEMS OF PROOF
A. Proof of SYSOP's Actions
We have seen that while the appropriate degree of fault for a SYSOP to
be liable for defamatory messages appearing on his BBS is subject to
dispute,108 a showing that the defamation appeared there due to the
SYSOP's negligence is much more capable of resolution.109 The jury
should be made aware of the actual validation/security procedures
practiced by the SYSOP and should weigh them in light of the prevailing
practice.110 Several facets of an emerging standard of care for SYSOPs
have already been suggested in this Comment,111 and the SYSOP's
adherence to them could be shown through users' testimony.
B. Proof of Masquerader's Actions
In contrast with the degree of fault required to establish the SYSOP's
publication of the libellous message, the degree of fault for the
masquerader is much less subject to debate. The masquerader's actions
are not likely to be considered merely inadvertent or negligent.112
However, because the masquerader has intentionally discovered and
usurped the user's name and password, he appears to be that user on all
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 24----------------------
computer records. Tracing the masquerader's defamatory publication back
to him thus encounters some important evidentiary barriers: the maligned
user is forced to rely on computerized records produced by the BBS and
phone company in trying to link the masquerader's libellous publication
back to him.113 We turn now to consider the evidentiary hurdles to be
overcome in tracing the libellous communication to its true source.
1. The Hearsay Rule & Business Records Exception
The first evidentiary obstacle to connecting the masquerader with his
libellous publication is the hearsay rule. As defined by the Federal
Rules of Evidence, hearsay is "a statement, other than one made by the
declarant while testifying at the trial or hearing, offered in evidence
to prove the truth of the matter asserted";114 as such, it is
inadmissible as evidence at trial.115 Computer-generated evidence is
subject to the hearsay rule, not because it is the "statement of a
computer", but because it is the statement of a human being who entered
the data.116 To the extent the plaintiff user relies on
computer-generated records to show that a call was placed from the
masquerader to the BBS at the time and date in question, then, her
evidence may be excluded.
However, numerous exceptions to the hearsay rule have developed over the
years such that evidence which might otherwise be excluded is deemed
admissible. The most pertinent hearsay exception as applied to
computerized evidence is the "business records exception", which admits
into evidence any
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 25----------------------
records or data compilations, so long as (1) they were made reasonably
contemporaneously with the events they record; (2) they were
prepared/kept in the course of a regularly conducted business activity;
and (3) the business entity creating these records relied on them in
conducting its operations.117 The veracity of the computer records and
of the actual business practices are shown by the record custodian's or
other qualified witness' testimony, unless the circumstances indicate
lack of trustworthiness.11 8 The term "business" as used in this rule
includes callings of every kind, whether or not conducted for profit.119
Statutes and judicial decisions in several states have gradually
recognized that the business records exception extends to include
computer-generated records.120 This is largely due to (1) modern
business' widespread reliance on computerized record-keeping, (2) the
impracticability of calling as witnesses every person having direct
personal knowledge of the records' creation, and (3) the presumption
that if a business was willing to rely on such records, there is little
reason to doubt their accuracy.121
Using this exception to the hearsay rule, plaintiff user would most
likely seek to admit the BBS' computer-generated username/password
log-in records plus the phone company's call records to establish the
connection between the masquerader's telephone and the BBS at the
precise instant the libellous message was posted.122 As an initial
matter, however, plaintiff
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 26----------------------
must first lay a foundation for both the BBS' and phone company's
computer-generated business records.
Asufficient foundation for computer-generated records
was foundrecently to exist in People v. Lugashi.123 There, the
CaliforniaCourt of Appeal affirmed a conviction of grand theft
based on evidence adduced from computer-generated bank records.
Defendant, an oriental rug store owner, had been convicted of
fraudulently registering thirty-seven sales on counterfeit credit cards.
The issuing banks became suspicious of criminal activity when charge
card sales data from defendant's store showed 44 fraudulent uses of
charge cards at defendant's store within only five weeks.124 As each
fraudulent credit card transaction was completed, defendant registered
the sale simultaneously with the ban ks' computers.125 Each night, as
standard bank practice, the banks then reduced the computer records of
credit card transactions to microfiche. Information gleaned from these
microfiche records was entered against defendant at trial.126
The California Court of Appeal recognized the trial court judge's wide
discretion in determining whether a sufficient foundation to qualify
evidence as a business record has been laid.127 It held that defendant's
allocations of error were without merit since defendant himself had
acknowledged that the bank's computer entries memorialized in the
microfiche record were entered simultaneously as they occurred in the
regular course of business.128 Further, the Court of Appeals dismissed
defendant's claim that o nly a computer expert could
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 27----------------------
supply testimony concerning the reliability of the computer record:
Appellant's proposed test incorrectly presumes computer data to be
unreliable, and, unlike any other business record, requires its
proponent to disprove the possibility of error, not to convince the
trier of fact to accept it, but merely to meet the minimal showing
required for admission....The time required to produce this additional
[expert] testimony would unduly burden our already crowded trial courts
to no real benefit.129
The Lugashi court then followed the bulk of other jurisdictions adopting
similar analyses and upholding admission of computer records with
similar or less foundational showings over similar objections.130
As to admission into evidence of telephone companies' computer-generated
call records under the business records exception, courts have evinced a
similar attitude to that in Lugashi. In State v. Armstead,131 a
prosecution for obscene phone calls, the trial court was held to have
properly admitted computer printouts showing that calls had been made
from defendant's mother's telephone, despite defendant's contention that
the witness who was called to lay the foundation had not been personally
responsible for making the record.132 Because the printout represented a
simultaneous self-generated record of computer operation, the court held
it was therefore not hearsay.133
In an Ohio prosecution for interstate telephone harassment, it was held
no error was committed in admitting defendant's computerized phone
statement under the Business Records exception which showed that
telephone calls had been
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 28----------------------
made from defendant's phone in Ohio to various numbers in Texas.134 A
sufficient foundation for the admission of business records under
Federal Rules of Evidence 803(6) was established when a telephone
company witness identified the records as authentic and testified they
were made in the regular course of business.135
Applying the foregoing analyses to BBSes, the plaintiff user would
establish a foundation for the correlated BBS136 and telephone company
phone logs by showing that (1) they were made contemporaneously with the
posting of the libellous message;137 (2) they were prepared/kept in the
course of a regularly conducted business activity, since both the BBS
and telephone company consistently maintain accounts of all persons who
use their services; and (3) the BBS and telephone company relied on
those records for b illing purposes.138 Once such a foundation is laid,
the trial court has wide discretion in admitting business records into
evidence.139
2. Authentication & the Voluminous Records Exception
The second evidentiary barrier encountered in tracing the masquerader's
libellous messages back to him is proving his authorship of the libel,
or "authenticating" the computerized records.140 The computer-generated
phone and BBS records showing that a call from a certain phone number at
a particular date and time resulted in a libellous message being
published must somehow be linked to the masquerader.
The Federal Rules of Evidence provide in pertinent
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 29----------------------
part: (a)General provision. The requirement of authentication or
identification as a condition precedent to admissibility is
satisfied by evidence sufficient to support a finding that the matter
in question is what its proponent claims.
(b)Illustrations. By way of illustration only, and not by way of
limitation, the following are examples of authentication or
identification conforming with the requirements of this rule:...(6)
Telephone conversations. Telephone conversations, by
evidence that a call was made to the number assigned at the time by the
telephone company to a particular person or business, if (A) in the case
of a person, circumstances, including self-identification, show the
person answering to b e the one called, or (B)in the case of a
business, the call was made to a place of business and the
conversation related to business reasonably transacted
over the telephone....141
The question of whether a writing is properly authenticated is primarily
one of law for the court; if the court decides the question
affirmatively, it is ultimately for the jury.142 The court will make no
assumptions as to the authenticity of documents in deciding their
initial admissibility.143 The difficulty presented here is that the
Federal Rules of Evidence seem to require authentication of telephone
calls by reference to their specific content.144 The specific content of
a given phone call is not demo nstrated by phone logs showing merely the
date and time the call occurred.
The authentication of extrinsic documents may be subject to a "best
evidence rule" objection. As stated in Federal Rule of Evidence 1002:
REQUIREMENT OF ORIGINAL: To prove the contents of a
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 30----------------------
writing, recording, or photograph, the original of that writing,
recording, or photograph is required, unless provided otherwise in
these rules or by an act of Congress.145
Since its introduction in the 18th century, various rationales have been
posited for this rule.146 While earlier writers asserted that the rule
is intended to prevent fraud, most modern commentators agree that the
rule's main purpose is to convey to the court the exact operative effect
of the writing's contents.147
However, at least one jurisdiction has implicitly equated compliance
with the business records exception with the Best Evidence Rule. In
Louisiana v. Hodgeson,148 the defendant in a manslaughter trial
contended that a printout of her telephone bill, offered to show
communications between her and a third party, was not authenticated.149
The court, while making no specific reference to the authentication
point, rejected defendant's contention, noting that the information from
the computer's storage was the co mpany's business record and that it
was accessible only by printout.150
Similarly, in an Indiana bank robbery prosecution,151 the state offered
microfiche copies of the telephone company's computerized records
showing certain telephone calls from defendant. On appeal, defendant
argued that these documents were not authenticated because they were not
the "original or first permanent entry," and that they therefore should
not have been admitted into evidence. The court disagreed, saying that a
duplicate was admissible to the same extent as an original
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 31----------------------
unless a "genuine issue" were raised as to the authenticity of the
original.152
By these precedents, then, provided plaintiff user establishes that both
the telephone and BBS user records were prepared in accordance with the
business records exception,153 the fact that a call from the
masquerader's phone is shown to have occurred at the same instant the
libellous message was posted may be sufficient to authenticate that the
call was made by the masquerader. Other circumstantial evidence adduced
by plaintiff user would strengthen this inference.154
Another authentication hurdle in plaintiff's case is the requirement
that the entire original record sought to be authenticated be
produced.155 This requirement can prove highly impractical in situations
where there are vast numbers of individual records extending over long
periods of time.156 Requiring plaintiff to produce the entire body of
these records would be unduly expensive and time-consuming. What is
more, if plaintiff were to attempt to summarize vast computerized
business data compilations so as to introduce those summaries into
evidence without producing the complete body of computer records, such
summaries might not be admissible on the grounds that they were not made
"in the regular course of business."157
However, an exception to strict authentication requirements of the
Federal Rules of Evidence has been developed. Rule 1006 provides: The
contents of voluminous writings, recordings, or photographs which cannot
conveniently be examined in court may be presented in the form of a
chart, summary,
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 32----------------------
or calculation. The originals, or duplicates, shall be made available
for examination or copying, or both, by other parties at reasonable time
and place. The court may order that they be produced in court.158
In Cotton v. John W. Eshelman & Sons, Inc.,159 summaries of certain
computerized records were held properly admitted into evidence on the
theory that "[w]hen pertinent and essential facts can be ascertained
only by an examination of a large number of entries in books of account,
an auditor or expert examiner who has made an examination and analysis
of the books and figures may testify as a witness and give summarized
statements of what the books show as a result of his investigation,
provided the books them selves are accessible to the court and to the
parties."160 Under this precedent, plaintiff user would only need to
produce the pertinent parts of the computerized records, as determined
by an impartial auditor.IV. CONCLUSION
It is difficult to overestimate the ease with which computers now enable
us to compile and exchange information. Computerized "bulletin boards"
run on personal microcomputers by private persons and businesses are
examples of this enhanced form of communication. Users can trade
computer programs and exchange a wealth of ideas, opinions, and personal
information through such forums.
The advantages of this process break down, however, when malicious users
abuse the system and BBS SYSOPS intentionally or negligently allow this
to occur. The nature of computerized data is such that tortious
misinformation may
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 33----------------------
easily be spread to thousands of users before it is discovered. Because
the potential for harm to reputation is so tremendous, appropriate
standards of liability and methods of proof must be addressed.
The requisite degree of fault in libelling private persons is less than
that for libelling public officials/public figures, and may be
established as against a SYSOP by a simple showing of his negligent
failure to observe reasonably minimal computer security measures. The
basis of liability for a masquerader who intentionally misappropriates
another's private information is even less subject to debate.
Two main evidentiary hurdles face the plaintiff seeking to link the
masquerader with his libellous message through reliance on
computer-generated records. First, the hearsay rule automatically
excludes all evidence produced out-of-court that is being offered to
prove the truth of the matter at hand. Second, the authentication
requirement demands that the masquerader's connection to the entire body
of proffered computer records be established.
However, certain exception to both of these limitations ease the
plaintiff's burden. First, the business records exception to the hearsay
rule admits computer records into evidence if they (1) were made
reasonably contemporaneously with the events they record; (2) were
prepared/kept in the course of a regularly conducted business activity;
and (3) the business entity creating these records relied on them in
conducting its operations. Both BBS and telephone company records may
come
---Defamation Liability of Computerized BBS Operators& Problems of Proof
(C) 1989 John R. Kahn 34----------------------
under this exception. Second, the voluminous writings exception allows
the contents of voluminous computerized records which cannot
conveniently be examined in court to be presented in the form of a
summary. So long as the original records or duplicates thereof are
available for examination by other parties at reasonable times and
places, the entire data compilation need not be produced. Plaintiff
should employ both of these exceptions in an effort to convince a jury
by a preponderance of the evidence that the masquerader has abused his
computer skills and has damaged plaintiff's reputation.
==============================================Resent-Message-Id:
<9004210506.AA15278@gaak.LCS.MIT.EDU> id AA20305; Fri, 20 Apr 90
12:46:45 PDT~Date: Fri, 20 Apr 90 12:42:02 PDT~From: Lang Zerner
<langz@ebay.sun.com>Message-Id:
<9004201942.AA08069@khayyam.EBay.Sun.COM>~Subject: Sysops and libel
liability -- endnotesResent-Date: Sat, 21 Apr 90 0:05:23 CDTResent-From:
telecom@eecs.nwu.eduResent-To: ptownson@gaak.LCS.MIT.EDUStatus: ROHere
are the endnotes to the paper I submitted in a separate message.Be
seeing you...==Lang=======
---Defamation Liability of Computerized BBS Operators& Problems of Proof (C) 1989 John R. Kahn 35----------------------
ENDNOTES
1. 418 U.S. 323, 94 S.Ct. 2997, 41 L.Ed.2d 789 (1974).
2.These interests can cover anything from science fiction to gourmet cooking. Uyehara, Computer Bulletin Boards: Let the Operator Beware, 14 Student Lawyer 28 (1986).
3. Id., at 30.
4.Thedata service Compuserve is one such national BBS run for profit by business organizations. Uyehara, at 28 Other examples of large databases of interest to the legal profession are computerized research services such as LEXIS and WESTLAW.
5.Uyehara, at 28; Manning, Bulletin Boards: Everybody's Online Services, Online, Nov. 1984, at 8,9. "Modem" is defined infra, note 17 and accompanying text.
6."...computer bulletin boards offer their users important benefits. An individual can use a bulletin board to express his opinion on a matter of public interest. He may find a review of a product he is considering buying. He may find a useful piece of software. An individual might also use the bulletin board to ask a technical question about a specific computer program." Note, Computer Bulletin Board Operator Liability For User Misuse, 54 Fordham L.Re
v. 439, 440 (1985) (Authored by Jonathan Gilbert); see also Lasden, Of Bytes And Bulletin Boards, N.Y.Times, August 4, 1985, sec. 6, at 34, col. 1, where the author notes computer users may now use BBSes to voice their opinions directly to State Senators' offices.
7."Virus" Hits Nation's Research Computers, San Jose Mercury News, Nov. 4, 1988, at 1, col. 1.
8."It is estimated that the theft of long-distance services and software piracy each approximate $100 million a year; credit card fraud via computers costs about $200 million annually." Pittman, Computer Security In Insurance Companies, 85 Best's Rev. - Life-Health Ins. Edition, Apr. 1985 at 92.
9.Schiffres, The Shadowy World of Computer "Hackers," U.S. News & World Report, June 3, 1985, at 58.
10.Pollack, Free Speech Issues Surround Computer Bulletin Board Use, N.Y. Times, Nov. 12, 1984, note 1, at D4, col. 6.
---Defamation Liability of Computerized BBS Operators& Problems of Proof (C) 1989 John R. Kahn 36----------------------
11. Note, 54 Fordham L.Rev. 440-441 (1985).
12. Poore and Brockman, 8 Nat'l L.J. 14, (1985).
13. See infra, Topic III, Problems of Proof.
14.The uncertainty revolves around how to define BBSes. When viewed as analogous to newspapers and other media, SYSOPS would be responsible for any message posted on their systems, much as newspaper editors are responsible for articles appearing in their medium. Uyehara, 14 Student Lawyer 30 (1986). But when BBSes are compared to a bulletin board found in a public hall or supermarket, the liability issue is focused more on those actually posting the messages rather than on
the board's owner. Id., at 30. This Comment suggests that BBS SYSOPs be held to a reasonable standard of care emerging specifically for their endeavors. See infra, Topic II.
15.Poore and Brockman, 8 Nat'l L.J. 14, (1985). Another writer has noted that Compuserve now has over 200,000 users making use of nearly 100 diverse databases. Lasden, Of Bytes And Bulletin Boards, N.Y. Times, August 4, 1985, sec. 6, at 34, col. 1.
16. Poore and Brockman, 8 Nat'l L.J. 14 (1985).
17.14 Am Jur. POF 2d Computer-Generated Evidence Sec. 11 (1977).
18. Note, 54 Fordham L.Rev. 439, 446 (1985).
19. Id.
20. See "Account," infra, note 25 and accompanying text.
21.Garfinkel, An Introduction to Computer Security, 33 Prac. Law.41-42 (1987).
22. Id.
23. See infra, notes 25 and 27 and accompanying text.
24.Some more sophisticated operating systems provide greater access control by (1) recording unauthorized attempts at entry; (2) recording those attempts and sending a warning to the perpetrator; and (3) keeping the perpetrartor off the system permanently until he/she is reinstated by the computer's security administrator or SYSOP. Balding, Computer Breaking and Entering: The Anatomy of Liability, 5 Computer Lawyer, Jan. 1988, at 6.
---Defamation Liability of Computerized BBS Operators& Problems of Proof (C) 1989 John R. Kahn 37----------------------
25.Garfinkel, An Introduction to Computer Security, 33 Prac. Law. 42 (1987).
26. Id.
27.Id. "A password is a secret word or phrase that should be known only to the user and the computer. When the user first attempts to use the computer, he must first enter the password. The computer then compares the typed password to the stored password and, if they match, allows the user access."
28. Id., at 42 and 46.
29.14 Am. Jur. POF 2d Computer-Generated Evidence Sec. 11 (1977).
30. 54 Fordham L.Rev. 439, note 2 (1985).
31. Restatement (Second) of Torts Sec. 568(1) (1976).
32. Restatement (Second) of Torts Sec. 577(1) (1976).
33. Restatement (Second) of Torts Sec.559 (1976).
34.Veeder, The History and Theory of the Law of Defamation, 3 Colum. L.Rev. 546, 569-571 (1903).
35. Restatement (Second) of Torts Sec. 622 (1976).
36. Restatement, Torts Sec. 568, comment d (1938).
37.Shor v. Billingley, 4Misc.2d 857, 158 N.Y.S.2d 476 (Sup. Ct. 1956), aff' mem., 4 App.Div. 2d 1017, 169 N.Y.S.2d 416 (1st Dep't.1957).
38.Torts: Defamation: Libel-Slander Distinction: Extemporaneous Remarks Made on Television Broadcast: Shor v. Billingley, 4 Misc. 2d 857, 158 N.Y.S.2d 476 (Sup.Ct. N.Y. County 1957), 43 Cornell L.Q. 320, 322 (1957) (Authored by Stephen A. Hochman).
39. Id.
40.376 U.S. 254, 84 S.Ct. 710, 11 L.Ed.2d 686 (1964), motion denied 376 U.S. 967, 84 S.Ct. 1130, 12 L.Ed.2d 83.
41. 376 U.S. 254, 273.
42. 376 U.S. 254, 280.
43. 418 U.S. 323, 94 S.Ct. 2997, 41 L.Ed.2d 789 (1974).
---Defamation Liability of Computerized BBS Operators& Problems of Proof (C) 1989 John R. Kahn 38----------------------
44. Gertz v. Robert Welch, Inc., 418 U.S. 323, 326.
45. Id.
46. Id., at 327.
47."...those who hold governmental office may recover for injury to reputation only on clear and convincing proof that the defamatory falsehood was made with knowledge of its falsity or with reckless disregard for the truth." Gertz v. Robert Welch, Inc., 418 U.S. 323, 342. "An individual who decides to seek governmental office must accept certain necessary consequences of that involvement in pubic affairs. He runs the risk of closer public scrutiny than might otherwise be
the case." Id., at 344.
48."...[A]n individual may attain such pervasive fame and notoriety that he becomes a public figure for all purposes and in all contexts. More commonly, an individual voluntarily injects himself or is drawn into a particular public controversy and thereby becomes a public figure for a limited range of issues. In either case such persons assume special prominence in the resolution of public questions." 418 U.S. 323, 351.
49."Even if the foregoing generalities do not obtain in every circumstance, the communications media are entitled to act on the assumption that public officials and public figures have voluntarily exposed themselves to the increased risk of injury from defamatory falsehood concerning them. No such assumption is justified with respect to a private individual. He has not accepted public office or assumed an 'influential role in ordering society.' Curtis Publishing Co.
v. Butts, 388 U.S., at 164 ...He has relinquished no part of his interest in the protection of his own good name, and consequently he has a more compelling call on the courts for redress of injury inflicted by the defamatory falsehood. Thus, private individuals are not only more vulnerable to injury than public officials and public figures; they are also more deserving of recovery." Id., at 345.
50."...[P]etitioner was not a public figure. He ... plainly did not thrust himself into the vortex of this public issue, nor did he engage the public's attention in an attempt to influence its outcome." Id., at 352.
51. Justice Powell noted for the Court that
"[T]he communications media are entitled to act on the assumption that public officials and public figures have voluntarily exposed themselves to increased risk of injury from defamatory falsehood
---Defamation Liability of Computerized BBS Operators& Problems of Proof (C) 1989 John R. Kahn 39----------------------
concerning them. No such assumption is justified with respect to a private individual. He has not accepted public office or assumed an 'influential role in ordering society....' He has relinquished no part of his interest in the protection of his own good name, and consequently he has a more compelling call on the courts for redress of injury inflicted be defamatory falsehood. Thus, private individuals are not only more vulnerable to injury than public officials and public figures; they are also more deserv
ing of recovery." Id., at 345.
52. Id., at 347.
53.Keeton, Dobbs, Keeton and Owen, Prosser and Keeton on Torts, sec. 32, p.174. See also Vaughn v. Menlove, 3 Bing. (N.C.) 467, 132 Eng.Rep. 490 (1837).
54.111 Cal. App. 2d 424, 244 P.2d 757, 28 ALR2d 451 (1952).
55. 111 Cal. App. 2d 424, 427.
56. Id., at 426.
57. Id, at 427.
58. Restatement (Second) of Torts Sec. 577(2) (1976).
59. 22 Ohio App.2d 141, 259 N.E.2d 160 (1970).
60. Scott v. Hull, 259 N.E.2d 160, 162 (1970).
61. Id., at 161.
62. Id., at 162.
63. 836 F.2d 1042 (7th Cir. 1987).
From kadie Sat Oct 12 09:54:35 1991To: cafb-mail~Subject: Computers and Academic Freedom mailing list (batch edition)Status: R
Computers and Academic Freedom mailing list (batch edition)Sat Oct 12 09:54:16 EDT 1991
[For information on how to get a much smaller edited version of thelist, send email to archive-server@eff.org. Include the line:
send acad-freedom caf- Carl ]
In this issue:
:
The addresses for the list are now:
comp-academic-freedom-talk@eff.org - for contributions to the list
or caf-talk@eff.orglistserv@eff.org - for automated additions/deletions
(send email with the line "help" for details.)caf-talk-request@eff.org - for administrivia
-------------------
64. Id., at 1047.
65.The Court of Appeals noted the Restatement view and observed that Indiana law had neither embraced nor rejected that approach. Id., at 1046
66. Id.
67. Id.
68. Id., at 1046-47.
69. Id.
70. Recall that in our hypothetical a third user ---Defamation Liability of Computerized BBS Operators& Problems of Proof (C) 1989 John R. Kahn 40----------------------
masquerading as another is transmitting messages to others, revealing embarassing and false information.
71.BBS systems security and other preventative measures are discussed more fully infra, Topic 3.d.
72.Issues in proving the SYSOP's role in publishing the libellous statement are discussed more fully in Topic III. A., infra.
73.Sydney v. MacFadden Newspaper Publishing Corp., 242 N.Y. 208, 151 N.E. 209, 44 A.L.R. 1419 (1926). See also Restatement (Second) of Torts Sec. 621 (1976) ("One who is liable for a defamatory communication is liable for the proved, actual harm caused to the reputation of the person defamed.")
74.Dun & Bradstreet, Inc. v. Greenmoss Builders, Inc., 472 U.S. 749, 86 L.Ed.2d 593, 105 S.Ct. 2939 (1985).
75. See supra, note 53 and accompanying text.
76.Note, Protecting the Subjects of Credit Reports, 80 Yale L.J. 1035, 1051-52, n.88 (1971).
77.Gertz did not rule out an assumption of defendant's negligence. See Eaton, The American Law of Defamation Through Gertz V. Robert Welch, Inc., and Beyond: An Analytical Primer, 61 Va. L.Rev. 1349 (1975).
78.15 U.S.C.A. Sec. 1681 et seq. (1974). Two standards are proposed there: the first, willful noncompliance, is defined as equivalent to the New York Times "actual malice" standard, and violators are liable for actual and punitive damages. Sec. 1681(n), supra. Presumably this would apply to the situation where the SYSOP is dilatory in removing the libellous message. The second proposed standard, negligent noncompliance, occurs in the absence of willfulness and results in liabil
ity only for actual damages. Sec. 1681(o), supra. Situations where the SYSOP failed to adopt reasonable computer security measures might come under this category.
79.18 U.S.C.S. Sec. 2707(b),(c) (Law. Co-op 1979 & Supp. 1988) provides in pertinent part:
(b)Relief. In a civil action under this section, appropriate relief includes -(1) Such preliminary and other equitable or declaratory relief as may be appropriate;(2) damages under subsection (c); and(3) a reasonable attorney's fee and other
litigation costs reasonably incurred. (c) Damages. The court may assess as damages in a
---Defamation Liability of Computerized BBS Operators& Problems of Proof (C) 1989 John R. Kahn 41----------------------
civil action under this section the sum of the actual damages suffered by the plaintiff and any profits made by the violator as a result of the violation, but in no case shall a person entitled to recover receive less than the sum of $1,000.
18 U.S.C.S. Sec. 2707(e) (Law. Co-op 1979 & Supp. 1988) limits the civil action under this section to two years after the date upon which the claimant first discovered or had a reasonable opportunity to discover the violation.As to damage provisions supplied by state law, see California Penal Code 502(e)(1),(2) (West Pub. 1988):
(e)(1) In addition to any civil remedy available, the owner or lessee of the computer, computer system, computer network, computer program, or data may bring a civil action against any person convicted under this section for compensatory damages, including any expenditure reasonably and necessarily incurred by the owner or lessee to verify that a computer system, computer network, computer program, or data was not altered, damaged, or deleted by the access. For purposes of actions authorized by this subdivi
sion, the conduct of an unemancipated minor shall be imputed to the parent or legal guardian having control or custody of the minor, pursuant to the provisions of Section 1714.1 of the Civil Code.(2) In any action brought pursuant to this subdivision the court may award reasonable attorney's fees to a prevailing party.
80.A lawsuit recently filed in the United States District Court for the Southern District of Indiana may break new ground in enunciating precisely what BBS SYSOPs' reasonable duties of care are. Thompson v. Predaina, Civil Action #IP-88 93C (S.D. Ind. filed 1988). The complaint alleges, inter alia, invasion of plaintiff user's privacy, libel, and wrongful denial of access to the BBS in violation of U.S.C. Title 18, ss 2701 (a)(2). As to statutory damages available, see inf
ra, note 105.
81.Gemignani, Computer Law 33:7 (Lawyers Co-op 1985, Supp. 1988) (quoting Capitol PC Users Group Minimum Code of Standards for electronic Bulletin Board Systems, reprinted in 4 Computer Law Reptr. 89).
82.Note, 54 Fordham L.Rev. 439, 449 (1985) (Authored by Jonathan Gilbert).
83. Id., at 449.
84. Id., at 449-50.---Defamation Liability of Computerized BBS Operators& Problems of Proof (C) 1989 John R. Kahn 42----------------------
85.A "trojan horse" program takes control of the BBS and allows its sender to access and steal its most sensitive information. Fites, Johnston and Kratz, The Computer Virus Crisis, Van Nortrand/Reinhold (1989), at 39 and 45.
86.Balding, Computer Breaking and Entering: The Anatomy of Liability, 5 Computer Law. (January 1988), at 6.
87. Id.
88.Hellar v. Bianco, 244 P.2d 757. See supra, note 54 and accompanying text.
89.Restatement (Second) of Torts Sec. 577(2) (1976). See supra, note 58 and accompanying text.
90.Tackett v. General Motors Corporation, 836 F.2d 1042 (7th Cir. 1987). See supra, note 63 and accompanying text.
91. See note 53, supra, and accompanying text.
92.It has been suggested that this would be the rough
equivalent of a newspaper publishing a retraction after
discovering what it had printed was defamatory. Note,
54 Fordham L.Rev. 439, note 55 (1985). BBS operators should not be held liable in this situation insofar as they did not know of the nature of the statement at the time it was made. Restatement (Second) of Torts Sec. 581 (1977).
93.Proving the masquerader's actions is discussed more fully infra, Topic III. B.
94.Stipp, Computer Bulletin Board Operators Fret Over Liability for Stolen Data, Wall St. J. Nov. 9, 1984, at 33, col. 1.
95. Id.
96.See Topic I., supra, where the masquerader has discovered and uses the password and name of the regular user; he appears for all intents and purposes to be that regular user.
97. 836 F.2d 1042 (7th Cir. 1987).
98. Id., at 1047.
99. Id.
100. Indeed, U.S.C. Title 18, Sec. 2702 (Law. Co-op 1979 & ---Defamation Liability of Computerized BBS Operators& Problems of Proof (C) 1989 John R. Kahn 43----------------------
Supp. 1988) proscribes the knowing dissemination of an electronically stored communication by the SYSOP:
Sec. 2702. Disclosure of contents(a) Prohibitions. Except as provided in subsection (b)-(1) a person or entity providing an electronic communication service to the public shall not knowingly divulge to any person or entity the contents of a communication while in electronic storage on that service; and (2) a person or entity providing remote computing service to the public shall not knowingly divulge to any person or entity the contents of any communication which is carried or maintained on that
service-(A) on behalf of, and received by means of electronictransmission from (or created bymeans of computer processingof communications received bymeans of electronic transmissions from), a subscriber or customer of such service; and (B)solely for the purpose of providing storage or computer processing services to such subscriber or customer, if the provider is not authorized to access the contents of any such communications for purposes of providing any servic
es other than storage or computer processing.
A similar provision is embodied in Cal. Pen. Code sec. 502(c)(6) (West Pub. 1988), which provides:
(c)Except as provided in subdivision (i), any person who commits any of the following acts is guilty of a public offense:(6) Knowingly and without permission provides or assists in providing a means of accessing a computer, computer system, or computer network in violation of this section.
101.The doctrine of res ipsa loquitor, or "the thing speaks for itself" warrants the inference of the SYSOP's negligence, which the jury may draw or not as its judgement dictates. See Sullivan v. Crabtree, 36 Tenn.App. 469, 258 S.W.2d 782 (1953).
102. See discussion under Topic II. B., supra.
103.As someone who intentionally accesses confidential password information to masquerade as other users on other BBSes, the masquerader falls well within the pale
---Defamation Liability of Computerized BBS Operators& Problems of Proof (C) 1989 John R. Kahn 44----------------------
of "actual malice" defined in Gertz v. Robert Welch, Inc., 418 U.S. 323, 342, supra, note 43 and accompanying text (a defamatory falsehood was made with knowledge of its falsity or with reckless disregard for the truth).
104.Evidentiary problems involved with proving the masquerader's actions are discussed more in Topic III. B., infra.
105.18 U.S.C.S. Sec. 2707(a) (Law. Co-op 1979 & Supp. 1988) describes the masquerader's fault thus:
(a)Cause of action. Except as provided in section 2703(e), any provider of electronic communication service, subscriber, or customer aggrieved by any violation of this chapter in which the conduct constituting the violation is engaged in with a knowing or intentional state of mind may, in a civil action, recover from the person or entity which engaged in that violation such relief as may be appropriate.
California Penal Code sec. 502(c) et seq. (West Pub. 1988) is even more specific:
(c)Except as provided in subdivision (i), any person who commits any of the following acts is guilty of a public offense:
(1) Knowingly accesses and without permission alters, damages,deletes, destroys, or otherwise uses any data, computer, computer system,or computer network in order to either(A) devise or execute any scheme or artiface to defraud, deceive, or extort, or
(B) wrongfully control or obtain money, property or data.
* * *(3) Knowingly and without permission uses or
causes to be used computer services.(4) Knowingly accesses and without permission adds, alters, damages, deletes, or destroys any data, computer software, or computer programs which reside or exist internal or external to a computer, computer system, or computer network.
* * *(7) Knowingly and without permission accesses
or causes to be accessed any computer, computer system, or computer network.
106. Gertz v. Robert Welch, Inc., 418 U.S. 323, 342.
107. In addition to the remedies set forth in note 105, ---Defamation Liability of Computerized BBS Operators& Problems of Proof (C) 1989 John R. Kahn 45----------------------
supra, the following federal and state penalties may apply:18 U.S.C.S. Sec. 2701(b),(c) (Law. Co-op 1979 & Supp. 1988):
(b)Punishment. The punishment for an offense under subsection (a) of this seciton is -(1) if the offense is committed for purposes of commercial advantage, malicious destruction or damage, or private commercial gain -(A) a fine not more than &250,000 or imprisonment for not more than one year, or both, in the case of a first offense under this subparagraph; and (B)a fine under this title or imprisonment for not more than two years, or both, for any subsequent offense under this sub
paragraph; and (2)a fine of not more than $5,000 or imprisonment for not more than six months, or both, in any other case. (c)Exceptions. Subsection (a) of this section does not apply with respect to conduct authorized-(1) by the person or entity providing a wire or electronic communications service;(2) by a user of that service with respect to a communication of or intended for that user; or (3) in section 2703, 2704, or 2518 of this
title.
For an example of state-mandated damages provisions on this subject, see California Penal Code sec. 502(d) et seq. (West Pub. 1988).
108. See discussion under Topic II. B., supra.
109. See note 101, supra.
110."Custom...bears upon what other will expect the actor to do, and what, therefore, reasonable care may require the actor to do, upon the feasibility of taking precautions, the difficulty of change, and the actor's opportunity to learn the risks and what is called for to meet them. If the actor does only what everyone else has done, there is at least an inference that the actor is conforming to the community's idea of reasonable behavior." Keeton, Dobbs, Keeton and Owen, Prosser
and Keeton on Torts, sec. 33, p.194. See also James, Particularizing Standards of Conduct in Negligence Trials, 5 Vand. L. Rev. 697, 709-714 (1952); Ploetz v. Big Discount Panel Center, Inc., 402 So.2d 64 (Fla. App. 1981).
---Defamation Liability of Computerized BBS Operators& Problems of Proof (C) 1989 John R. Kahn 46----------------------
111. See notes 80-93, supra, and accompanying text.
112. See note 103, supra.
113.See Pfau and Keane, Computer Logs Can Pinpoint Illegal Transactions, Legal Times of Washington, vol. 6, p.16 (May 14, 1984): "Computers can monitor their own use. Unlike other such forms of physical evidence such as guns, computers can keep track of individual users and other identifying data. Imagine a gun that logs every instance it is fired or even handled, and shows the date, time, and activity. Recovery of such a weapon would be essential to the prosecution."Most comput
ers have long had built-in logging capabilities....The log function was designed to facilitate billing for the use of computer resources rather than to assist crime detection. To the extent that the owner of a smaller computer does not charge for its use, he or she has no incentive to purchase a self-executing log. Still, such logs keep surprisingly accurate records of who is using the computer."
114. Fed. R. Evid. 801(c).
115.Fed. R. Evid. 802: "Hearsay is not admissible except as provided by these rules or by other rules precribed by the Supreme Court pursuant to statutory authority or by Act of Congress." Exclusion of hearsay evidence is grounded on: (1) nonavailability of the declarant for cross-examination and observance of demeanor; (2) absence of an oath by the person making the statement; amd (3) significant risk that the person that the witness may report proffered statements inaccuratel
y. 2 Bender, Computer Law, sec. 6.01[2].
116.Gemignani, The Data Detectives: Building A Case From Computer Files, 3 Nat'l L.J. 29 (1981).
117.Fed. R. Evid. 803(6). See also 2 Bender, Computer Law, sec. 6.01[4] (1988).
118. Fed. R. Evid. 803(6).
119.Id. In current practice records kept by nonprofit organizations, such as churches, have long been held to be admissible. Ford v. State, 82 Tex.Cr.R. 638, 200 S.W. 841 (1918). It is at least arguable that a computerized BBS, although run as a hobby, falls under the same classification.
120.See Iowa Code Ann. Sec. 622.28; People v. Lugashi, 252 Cal.Rptr 434 (Cal.App. 2 Dist. 1988).
---Defamation Liability of Computerized BBS Operators& Problems of Proof (C) 1989 John R. Kahn 47----------------------
121.See 14 Am.Jur. POF2d Sec. 15 (1977, Supp. 1988). Cf. United States v. De Georgia, 420 F.2d 889, 2 CLSR 479, 484 (1969, CA9 Ariz), where it was held that it is immaterial whether a business record is maintained in a computer rather than in company books regarding admissibility of those records, so long as (1) the trial court requires the proponent of the computerized records to lay a foundation as to their trustworthiness, and (2) the opposing party is g
iven the same opportunity to inquire into the computer's accuracy as he would have to inquire into the accuracy of written business records.
122.The BBS program run on the SYSOP's computer ordinarily "stamps" the date and time of day each user logs onto the BBS. A corresponding record is automatically affixed to each piece of electronic mail posted so that the reader knows when it was added to the database. Similarly, the telephone company maintains copious records of the date and time each phone call is connected in its dialing area. The caller has no control over either of these processes.
123. 252 Cal.Rptr. 434 (Cal.App. 2 Dist. 1988).
124. Id., at 437.
125. Id.
126. Id.
127. Id., at 439.
128. Id., at 437.
129. Id., at 440.
130.Id.,at 442. See also United States v. Russo, 480 F.2d 1228 (CA6 Mich, 1973), cert den 414 U.S. 1157, 94 S.Ct. 915, 39 L.Ed.2d 109; Capital Marine Supply, Inc. v. M/V Roland Thomas II, 719 F.2d 104 (1983 CA5 La), 104 Fed Rules Evid Serv 731; Peoples Cas & Coke Co. v. Barrett, 118 Ill.App.3d 52, 73 Ill. Dec. 400, 455 N.E.2d 829 (1983).
131. 432 So.2d 837 (La., 1983).
132. Id., at 839-40.
133. Id., at 839.
134.United States v. Verlin, 466 F.Supp. 155 (ND Tex, 1979).
---Defamation Liability of Computerized BBS Operators& Problems of Proof (C) 1989 John R. Kahn 48----------------------
135. Id., at 158.
136.The reasonable SYSOP should offer his full cooperation in aiding the maligned user to regain her good name by providing her with his BBS' phone-in records made at the time the libellous message appeared. See note 93, supra.
137. See note 123, supra.
138.Cf. note 118, supra. As to an electronic BBS being classified as a "business" for hearsay purposes, see note 120, supra.
139. See note 128, supra.
140.Authentication has been broadly described thus: "[W]hen a claim or offer involves impliedly or expressly any element of personal connection with a corporeal object, that connection must be made to appear...." Wigmore, Evidence, Sec. 2129 at 564 (2d ed. 1972). This requirement is also known as the "Best Evidence Rule."
141. Fed. R. Evid. 901(a),(b)(6).
142. 2 Bender, Computer Law, sec. 5.03[1][a] (1988).
143. Id.
144.See Fed. R. Evid. 901(b)(6): "(6) Telephone conversations. Telephone conversations, by evidence that a call was made to the number assigned at the time by the telephone company to a particular person or business, if *** (B) in the case of a business, the call was made to a place of business and the conversation related to business reasonably transacted over the telephone...." (emphasis added).
145. Fed. R. Evid. 1002.
146.E.W. Cleary, McCormick on Evidence, sec. 231 (2nd. Ed. 1972).
147.Id. Furtherrationales for the rule are risks of inaccuracy contained in commonly used copying techniques and heightened chances of witness' forgetfulness through oral testimony. Id., sec. 231.
148. 305 So.2d 421, 7 C.L.S.R. 1238 (La. 1974).
149. 305 So.2d 421, 427.
150. Id., at 428.---Defamation Liability of Computerized BBS Operators& Problems of Proof (C) 1989 John R. Kahn 49----------------------
151. Brandon v. Indiana, 396 N.E.2d 365 (Ind. 1979).
152. Id., at 370.
153. See note 121, supra, and accompanying text.
154.Other circumstantial evidence might include, among other things: possible motive for the masquerader to defame plaintiff; plaintiff's own inability to call from the phone number from which the defamatory message is shown to have originated; or even an electronic "fingerprint" left by the particular computer from which the defamatory message originated. Pfau and Keane, Computer Logs Can Pinpoint Illegal Trasactions, Legal Times of Washington, vol. 6, p.16 (May 14, 198
4).
155. Fed. R. Evid. 1002 provides:
REQUIREMENT OF ORIGINAL. To prove the content of a writing, recording, or photograph, the original of that writing, recording or photograph is required, unless provided otherwise in these rules or by an Act of Congress.
156.Examples of this situation are the telephone company's keeping of hundreds of thousands of individual computerized records of each telephone call made within a certain dialing area, or a BBS' extensive history of subscriber use compiled for billing purposes.
157.See Harned v. Credit Bureau of Gilette, 513 P2d 650, 5 CLSR 394 (1973).
158. Fed. R. Evid. 1006.
159. 137 Ga.App. 360, 223 S.E.2d 757 (1976).
160. 223 S.E.2d 757, 760.
Make REAL money with your website!
The entire AOH site is optimized to look best in Firefox® 2.0 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2008 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.