top of page

Don’t sue the messenger: the limits of online tort liability

By: L. David Russell

Los Angeles Daily Journal (July 19, 2012)

The Internet has revolutionized the way we interact with one another, and not always for the better. Between hacking, phishing and confidence tricks like the infamous “Nigerian scam,” cyber-misconduct is widely estimated to cost society billions of dollars. The human costs are also striking: defamation, identity theft and cyber-bullying can cause their victims immense heartache. In one particularly tragic case, a teenage girl committed suicide after being humiliated by her online “boyfriend” — the alter ego of a middle-aged woman who created a false MySpace profile to harass her.

Given the alarming frequency of online misbehavior, anyone who facilitates access to Internet content — including Internet Service Providers, website operators, and social media sites — has ample reason to worry about potential liability. Because it can be difficult to identify the ultimate perpetrators, let alone sue them, many victims of cyber-torts attempt to sue website operators and others who provide access to third-party content. And while not every website or ISP has the financial resources of Facebook, most have far deeper pockets than the average hacker, scam artist or Internet bully.

In Section 230 of the Communications Decency Act, Congress sought to address this issue by shielding providers of “interactive content services” from civil liability. The CDA’s immunity provisions distinguish between: (1) “information content providers,” who create or develop Internet content; and (2) providers of “interactive content services,” who “provide or enable computer access to multiple users.” By its own terms, the CDA attempts to immunize those who merely access or facilitate access to online content — rather than create the content itself

— from liability. However, this distinction is not always clear-cut. For instance, many news sites encourage user comments, and some will edit, delete or highlight certain comments. Social networking sites encourage their users to populate their profiles with specific information, which facilitates interaction with like-minded users and allows the site to target advertising to individual users. But while technology has blurred the line between facilitating access and creating content, the courts have not used the advent of Web 2.0 as a reason to cut back on the immunity granted by the CDA.

In 2006, the state Supreme Court addressed this issue for the first time in Barrett v. Rosenthal, 40 Cal. 4th 33 (2006). Two “quackbusters” sued an alternative medicine advocate for republishing an allegedly defamatory article on her message board. The court held that the CDA immunized the alternative medicine advocate from liability, even though she played an active role in disseminating the article. Although the CDA’s immunity provisions do not attach to “publishers” of online content, the court refused to extend liability to those who acted as mere distributors, because doing so would be inconsistent with congressional intent and insufficiently protective of free speech. Although the court noted in dicta that “active involvement in the creation of a defamatory Internet posting would expose a defendant to liability as an original source,” the court ultimately concluded that the CDA had “comprehensively immunized” providers of Internet content services and individual users from liability for “republication” of content.

In 2009, the Court of Appeal further broadened the scope of the CDA in Doe II v. MyS- pace Inc., 175 Cal. App. 4th 561 (2009). The plaintiffs, four teenage girls, were sexually assaulted by adult men they met on MySpace. The plaintiffs sued MySpace for failing to implement reasonable safety precautions to protect young children from sexual predators. The court sustained MySpace’s demurrer, holding that the CDA broadly immunized the website from liability for the actions of third parties. Although the court acknowledged that MySpace had encouraged both the plaintiffs and their attackers to create and de- velop their profiles, it held that MySpace was not a “content provider” because it simply provided a “neutral” platform and did not require its members to fill in their profiles as a condition of using the site. The court also noted several other factors that cut in MySpace’s favor, including: (1) the attack- ers’ actions violated MySpace’s Terms of Service; (2) the assaults took place off-line; and (3) the profile questions that MySpace asked were not themselves unlawful.

That said, the broad immunity provided by the CDA is not limitless. A website operator who facilitates the generation of unlawful user content can still be held liable, even if the operator’s conduct closely resembles that of an ordinary provider of “interactive content services.” For instance, in Fair Housing Council v. Roommates, Inc., the 9th U.S. Circuit Court of Appeals held that the CDA did not immunize for liability under the Fair Housing Act. 521 F.3d 1157 (9th Cir. 2008). The court reasoned that was a content provider — and therefore was not entitled to immunity under the CDA — because actively solicited information about its users’ racial, gender and sexual orientation preferences, attempted to match its users based on those preferences, and concealed listings that failed to match those preferences. Although Roommates emphasized that minor, cos- metic changes to third-party content would not render a website operator liable, the 9th Circuit held that a “collaborative effort” between website users and a website opera- tor was sufficient to hold a website operator responsible.

While Roommates makes clear that the CDA has limits, federal courts in California have not been eager to restrict CDA immunity. For instance, in Levitt v. Yelp! Inc., the Northern District of California recently held that the CDA immunized Yelp! (a popular review site) from claims that it had manipulated third-party reviews. 2011 U.S. Dist. LEXIS 124082 (N.D.Cal. Oct. 26, 2011). The court rejected the plaintiff’s argument that Yelp! created editorial content by aggregating user reviews to generate a single “star” ranking. In the court’s view, this conduct was protected by the CDA because it simply represented the average score based on users’ reviews, rather than Yelp!’s independent judgment.

The Central District of California echoed this reasoning in Asian Enterprise Institute v. Xcentric Ventures LLC, holding that a “ripoff report” website could not be held liable for defamation — even though the website had altered third-party consumer reports to make them more visible on Google searches. 2011 U.S. Dist. LEXIS 145380 (C.D. Cal. May 4, 2011). The court stated that “[i]ncreasing the visibility of a statement is not tantamount to altering its message,” and held that CDA immunity applies to any case where the website operator does not alter the substantive content displayed on the site.

In sum, a “sue the messenger” strategy in response to a cyber-tort is unlikely to prevail in California. Nevertheless, as web- sites become more complex and interactive, website operators should ensure that they are not actively soliciting unlawful third-party content. Operators should also be aware that California courts are more reluctant to grant immunity under the Communications Decency Act when there is significant collaboration between users and website operators in generating content. But in general, website operators and other providers of interactive content services should be relieved to know that the CDA will shield them from liability for other parties’ misconduct.

—By L. David Russell, Christopher Chiou, and Alex Smith, attorneys at Jenner & Block LLP

© 2012 Daily Journal Corporation.



bottom of page