Blog: The Litigation Law Blog

When can you knowingly republish defamatory statements without risk of liability? When you do so on the Internet.

The California Supreme Court, in Barrett v. Rosenthal (November 2006) 40 Cal.App.4th 33, followed the line of federal cases interpreting the Communications Decency Act of 1996 (CDA) to find broad immunity for both Internet service providers and users of an interactive computer service for republishing defamatory statements.

In the Barrett case, two doctors brought an action alleging libel and libel per se against an alternative health proponent who had posted messages on Internet news groups referring to the doctors as “quacks.” The defendant also redistributed an email message prepared by another author which alleged that one of the plaintiff doctors had stalked women. The trial court granted defendant’s SLAPP motion, finding that the comments concerned an issue of public interest and ruling that the republication of the third party email was immunized by the CDA. The court of appeal vacated the order, finding that the CDA did not protect the defendant from common law liability for defamation as a “distributor” of the article written by the third party. The Supreme Court granted cert. to determine whether the CDA confers immunity on “distributors.”

The CDA provides:

“No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” (47 U.S.C. § 230(c)(1).)

The plaintiff doctors argued that section 230 did not abolish liability for “distributors” of defamatory statements, arguing that the CDA grants immunity only to the service provider who publishes the defamatory statement, but not to the individual who distributes knowingly defamatory statements authored by another.

Under common law, a “distributor,” such as newspaper vendors or booksellers, is liable only if the distributor knew or had reason to know of the defamatory nature of the material. On the other hand, a “publisher,” such as the newspaper where the defamatory statement originally appeared, is liable even without notice. The plaintiff doctors acknowledged that section 230 expressly provides for immunity for the “publisher,” but did not create absolute immunity for the “distributor” of the defamatory statement. A central component of plaintiffs’ argument, which was adopted by the court of appeal, was that there should be a difference between Internet service providers and individuals who use the Internet.

The California Supreme Court followed the holding of Zeran v. AOL (4th Cir. 1997) 129 F.3d 327, in finding that Congress did not intend to exempt “distributors” from the broad immunity granted by the CDA. The Supreme Court noted that section 230(c) specially extends the immunity to both a “provider” and to a “user” of the interactive computer service, making no distinction between the two. The court noted that the common law distinction between a publisher versus a distributor has very little meaning in the context of the Internet. Publication is a necessary element of all defamation claims and includes every repetition and distribution of a defamatory statement. In fact, “distributors” are frequently referred to as “republishers.” However, in light of plaintiffs’ argument, the Supreme Court requested additional briefing on the statutory term “user” and whether there is a different immunity analysis if a user engages in “active” versus “passive” conduct.

The appellate court, in finding for “distributor” liability, did not draw any distinction between an Internet service provider and an individual user in finding that a distributor who has notice of the defamatory statements is not immune from liability. The Supreme Court recognized that “users,” like the defendant in this case, were situated differently than a service provider in that individual users were not faced with the massive volume of posting that could subject them to liability for distributing defamatory statements. Nevertheless, the Court found that the term “user” is not defined in section 230, nor did the legislative record reflect why Congress included “users” as well as service providers under the broad umbrella of immunity granted by the CDA. Absent Congressional history drawing a distinction between a “provider” and “user,” the Supreme Court found that both are entitled to the broad immunity.

The plaintiff doctors attempted to argue that someone who republishes defamatory statements is no longer involved in passive Internet use but is actively posting or republishing the information and, as such, is an “information content provider” unprotected by the statutory immunity. An “information content provider” is defined as “any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service . . ..” (Section 230(f)(3).)

The Supreme Court rejected the plaintiffs’ argument, noting that the argument failed to recognize that the immunity granted by section 230(c)(1) expressly prohibits treating any “user” as the publisher or speaker of the defamatory comment. Congress obviously had a broad meaning by the use of the term “user.” Moreover, the Court rejected the argument, attempting to distinguish between “passive” and “active” users. Attempting to draw such a fine distinction would have a chilling effect on online speech – the whole intent behind the Congressional grant of immunity. If distributors could be liable if they had notice of the defamatory statement, there would be great pressure simply to remove the allegedly defamatory statement. The distributor only faces liability by failing to remove the allegedly defamatory statement, but no liability if it improperly removes non-defamatory content. Secondly, the standard of “known or should have known” defamatory nature of the content would defeat the legislative goal of encouraging the self-policing efforts by Internet service providers to remove harmful or obscene content. The Supreme Court did note that, at some point, active involvement in picking and choosing to republish only certain provisions out of an allegedly defamatory publication could expose a defendant to liability as an original source of the material. However, because defendant Rosenthal republished the defamatory work in whole, the Supreme Court did not determine when that might occur. It should be noted, however, that federal cases have reasoned that making modifications to the prior work which do not go beyond the traditional editing function would not defeat a defendant’s immunity under the CDA.

The Supreme Court echoed policy concerns raised by the plaintiffs and some commentators that granting broad immunity to users of the Internet failed to properly consider the public interest in providing redress to victims of Internet defamation. Allowing individuals to knowingly republish defamatory statements on the Internet has broad societal implications, but is a legislative concern. The Supreme Court noted that the Congressional record, as well as the express language of section 230, expressly extends its broad immunity to Internet service providers as well as users and makes no distinction between active and passive use. A victim of defamatory statements published on the Internet only has recourse against the original author of the defamatory statement. Any remedies beyond the original author must await Congressional action.

A California appellate court affirmed last month that an employer is entitled to immunity from tort liability for threatening emails sent on or through the employer’s internet/email system by one of its employees. On December 14, 2006, the Sixth Appellate District in the case Delfino v. Agilent Technologies, Inc., 2006 WL3635399, affirmed summary judgment in Agilent’s favor finding that Agilent, as an employer, was immune from tort liability under the Communications Decency Act of 1996 (“CDA”) for threatening emails sent and posted by one of its employees. This case, apparently one of first impression, extended the immunity protections of the CDA to cover corporate employers who provide their employees with internet access through internal computer systems. Employers thus have additional protection from claims that their employees have used the employer’s computer system to commit torts against third persons.

In Delfino, Plaintiffs Michelangelo Delfino and Mary E. Day claimed that an Agilent employee, Cameron Moore, sent a number of anonymous threats over the internet and that he used Agilent’s computer system to send and post these threats. Plaintiffs also alleged that Agilent was aware that Moore was using Agilent’s computer system to threaten plaintiffs but took no action to prevent its employee from continuing to make these threats. Moore’s threats against plaintiffs were allegedly sent in email messages directly to plaintiffs or were contained in messages posted on a Yahoo message board. Plaintiffs sued Moore and Agilent for intentional infliction of emotional distress and negligent infliction of emotional distress. [1]

Agilent moved for summary judgment, which was granted by the trial court on March 18, 2005, on the ground that it was immune from liability under 47 U.S.C. § 230(c)(1), one provision of the CDA. The plaintiffs appealed the summary judgment asserting that Agilent was not immune from suit under the CDA and had failed to take measures to protect plaintiffs from its employee’s threatening communications.

The Delfino Court looked to the language of § 230(c)(1), which provides in pertinent part, “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” The CDA preempts any state law causes of action (such as negligence) that are inconsistent with the CDA: “No cause of action may be brought and no liability may be imposed under any state or local law that is inconsistent with this section.” (47 U.S.C. § 230(e)(3).)

Agilent argued that CDA immunity applied to the plaintiffs’ claims because sought to impose derivative liability against Agilent for its employee’s internet communications. Agilent argued that it was immune since it was simply a provider of an interactive computer service, i.e. the computer network provided to its employees for work purposes.

The CDA was enacted in 1996 with the “primary goal . . . to control the exposure of minors to indecent material” over the internet. The Delfino Court recognized that “an important purpose of [the CDA] was to encourage [internet] service providers to self regulate the dissemination of offensive materials over their services.” (citing Zeran v. America OnLine, Inc. (4th Cir. 1997) 129 F.3d 327, 331, cert. denied (1998) 524 U.S. 937.)2 The Delfino Court also noted that a second goal of the CDA was to avoid the chilling effect upon internet free speech that would be occasioned by imposing tort liability upon companies that do not create harmful messages, but rather, are intermediaries for their delivery. Thus, CDA immunity is available to an interactive computer service provider or user who undertakes good faith efforts to restrict access to objectionable material.

The Delfino court recognized that for immunity to apply, Agilent had to establish three elements: “(1) the defendant [is] a provider or user of an interactive computer service; (2) the cause of action treats the defendant as a publisher or speaker of information; and (3) the information at issue [is] provided by another information content provider.” (Citing Gentry v. eBay, Inc. (2002) 99 Cal.App.4th 816, 830.)

It is this first element, whether Agilent was “a provider or user of an interactive computer service,” that the case hinges upon. The Delfino Court reasoned that “[c]ourts have noted that the CDA has interpreted the term ‘interactive computer service’ broadly.” Although the Delfino court was not aware of any case that had held that a corporate employer could be a provider of interactive services for CDA immunity purposes, the Court cited several legal commentators who had observed that an employer who provides its employees with internet access through a company’s internal computer system should be entitled to CDA immunity. The Court recognized that, given the advances over the last ten years, “internet resources and access are sufficiently important to many corporations and other employers that those employers link their office computer networks to the internet and provide employees with direct or modem access to the office network (and thus to the internet).”

The Court also found that Agilent met the definition of the term “interactive computer service” as defined in section 230(f)(2) because it provided or enable “computer access by multiple users [i.e., Agilent employees] to a computer server.” Thus, in light of the broad definition under the CDA, the Delfino Court concluded that “Agilent was a provider of interactive computer services.”

The Court then turned to the second element, whether “the cause of action treated the defendant Agilent as a publisher or speaker of information.” Plaintiffs contended Agilent knew that (1) Moore was sending threatening messages; and (2) that he was using Agilent’s computer system to do so. Agilent submitted undisputed evidence in support of its motion to rebut these allegations. The Court reasoned that plaintiffs were essentially alleging that as Moore’s employer, Agilent should be treated “as a publisher or speaker” of Moore’s messages. The court recognized that, although many CDA immunity cases had been limited only to defamatory causes of action, “it is clear that immunity under section 230 is not so limited.” Given that plaintiff sought to impose negligence liability against Agilent as a result of its employee’s threatening messages, the Court concluded “that the claims against Agilent treated it ‘as a publisher or speaker’ . . . of Moore’s messages and that plaintiffs claims were among those to which immunity under the CDA potentially applies.”

Finally, the Court reached the third element, whether “the information at issue [was] provided by another information content provider.” The Court found that Moore was undoubtedly the party who authored the offensive emails and postings and that “there was no evidence that Agilent played any role whatsoever in the ‘creation or development’ of those messages.” The Delfino Court concluded that the trial court had properly found that Agilent was entitled to immunity under the CDA and summary judgment was properly granted.

Although employers are entitled to immunity under the CDA, employers must remain vigilant as to their employees’ use of the employer’s computer system. Immunity under the CDA is only available provided the employer has taken action in good faith to prevent or restrict objectionable materials from its computer system. In Delfino, Agilent quickly investigated and took appropriate actions against its employee, including a reprimand, once it learned of Plaintiffs’ claims. Agilent further cooperated with the FBI in its investigation into Moore’s threats. Thus, it is clear under Delfino that an employer may not be eligible for immunity should it turn a blind eye to its employee’s misuse of its computer system.

Here’s the next step Big Brother is taking toward an Orwellian 1984: Your cellular telephone can pinpoint your location any time it’s turned on. That’s right. Any time your cell phone is turned on and within range of a cellular tower, it is communicating with that tower to broadcast your location. It has to. Otherwise you couldn’t get your incoming calls. Federal law enforcement agencies have figured this out, and if you are someone a federal law enforcement agency is looking for, they are using that to track you.

Here’s how it works: These days, everyone has a cell phone. Since the end of 2005, the Federal Communications Commission has mandated that cell phone service providers must be able to locate 67% of all callers to within 100 meters, and 95% of all callers within 300 meters. Cell phone companies have a variety of ways of doing this. They can triangulate your position by using three cell towers to fix your position. Others have gone one step further, and most new cell phones come with a GPS chip which can be used to pinpoint your position to within a few feet. The cell phone companies record your location data as determined either through triangulation or from the GPS chip, and store it as “historical location” information. An important feature in this equation, however, is the ability of your cell phone service carrier to transmit “real-time” location information (of your cell phone, anyway) to law enforcement at any time. And since “everyone” carries their cell phone, the government has a pretty good chance of tracking you down if they need to. Big Brother is watching.

Now this is not necessarily a bad thing. If you are someone wanted by the FBI or another federal law enforcement agency, maybe the FBI should be able to get information from your cell phone company that would pinpoint your location. In fact, no one is seriously saying that the FBI cannot get access to that information. The real question is rather what showing is required for the government to gain such access. As to historical location information, the Stored Communications Act, 18 U.S.C. ¬ß¬ß 2701 et seq., provides that the government need only demonstrate ‘articulable facts as to why such records are relevant to an ongoing investigation.’ This is a significantly lower showing than the government must make to get a search warrant. For that, it must demonstrate ‘probable cause that the information sought will lead to evidence of a crime.’ The government is asserting that they need only satisfy this same rather lax ‘articulable facts’ standard for getting real-time location information rather than showing probable cause that the information will yield evidence of a crime. The question of required showing by the government has been causing quite a stir in the federal courts recently.

The first court to publish a decision regarding the government’s required showing was the Southern District of New York. On August 25, 2005, Magistrate Judge James Orenstein denied the government’s request for real-time cell site location information. The court had previously granted the government’s request for installation and use of a pen register and trap and trace device, which allowed the government to obtain the numbers which call the phone or are called by it, and the time those calls are made. The pen register and tap and trace device are clearly available by federal statutes, including 18 U.S.C. ¬ß¬ß 2703, 3122, and 3123. But the importance of this decision is that Judge Orenstein denied the site location information that would provide real-time location because the government failed to provide information establishing the probable cause that would be required for a warrant. The judge noted that he had granted similar requests in the past, and quoted Justice Frankfurter: “Wisdom too often never comes, and so one ought not reject it merely because it comes late.

Following Judge Orenstein’s stand, several magistrate judges have been confronted with similar requests for location information derived from cell phone tracking. In fact, a dozen decisions have issued regarding the requested cell site information since that decision. The requests at issue, like the request Judge Orenstein confronted, were not accompanied by affidavits establishing probable cause that evidence of a crime would be discovered. Instead, the government stated that the information would be relevant to an ongoing investigation, thus apparently satisfying the less stringent standard required to get the historical location information. All but two of these decisions have denied the government’s request.

On December 20, 2005, Magistrate Judge Gabriel W. Gorenstein, of the Southern District of New York, became the first to agree with the government’s arguments in a published opinion. While it is a complex issue, the court reasoned that the cell location information sought was covered by the Pen Register Statute, which would provide authority for the order if not for a provision of 47 U.S.C. ¬ß 1002. That section, part of the Communications Assistance for Law Enforcement Act of 1994, provides that information acquired solely pursuant to the authority of pen registers and trap and trace devices shall not include any information that may disclose the physical location of the cell phone customer. Judge Gorenstein found that the information sought was not acquired solely pursuant to the authority of pen registers and trap and trace devices.

Almost every other published case has disagreed with Judge Gorenstein. Only Magistrate Judge Hornsby in Louisiana has agreed with Judge Gorenstein. (A magistrate judge in West Virginia granted the government’s request. It did so, however, after rejecting the government’s arguments about statutory authority for the cell location information and holding instead that the individual in question had no expectation of privacy in the cell phone because the phone in question did not belong to him. It belonged to a friend.)

Almost all of these cases have another similarity. In each case, the magistrate judge issuing the opinion denying the government’s request has invited the government to seek review of the denial so that the magistrate judges will have guidance as they continue to encounter this issue. The government has not yet seen fit to seek review of any of these cases. As the government appears ex parte in each case, and the individual never even knows he is being tracked, there is no one else to seek review. Thus, the government seems willing, and able, to deprive the courts of any higher level guidance of the required showing it must make to receive the cell location information it seeks.

As technology continues to advance, law enforcement naturally looks to find ways to use that technology to improve its efficiency. The concern must be drawing the proper line between efficiency of law enforcement and protecting the privacy of the citizens. It is up to the courts to recognize, as Judge Orenstein did in this case, when that line is approached, and when it is crossed. And when magistrate judges across the country invite the government to seek review of their decisions to provide guidance from higher courts and the government declines all such requests, instead remaining content with the rulings against them, it begins to raise suspicions. If this is a valuable tool for law enforcement to use to protect citizens more efficiently and effectively, and clearly it is, why does the government resist all efforts to establish the limits of the use of that tool? Big Brother?

It was just a simple discovery tool, used by the Department of Justice in defense of a lawsuit brought by the American Civil Liberties Union. It hasn’t gotten much attention. In fact, for several months, it got no attention at all. But it’s starting to. So, what is “it?”

On August 25, 2005, Alberto Gonzales, U.S. Attorney General, issued a subpoena to Google, Inc., the online search engine used by millions every day to navigate the Internet. In this subpoena, the Attorney General demanded that Google, who was not a party in the case, produce “1. All URL’s that are available to be located through a query on your company’s search engine as of July 31, 2005,” and “2. All queries that have been entered on your company’s search engine between June 1, 2005, and July 31, 2005.” In essence, the Department of Justice was asking Google to produce the Internet, and a list of all searches on the Internet for two months.

The demand comes at a time when the issue of privacy and governmental intrusion is becoming a concern to more and more citizens. The U.S. Patriot Act, a controversial law granting the government significant investigative power, is up for renewal. This Act has many opponents in the government and in the private sector due to the intrusive nature of the powers it affords to federal law enforcement agencies. The government is also coming under considerable fire for the widely-reported wiretaps it used to fight terrorism.

This subpoena is not being used to fight terrorism. The purpose for this subpoena is to defend the constitutionality of the Child Online Protection Act-a law that requires commercial Web sites to shield minors from materials that may be harmful to them or face potential criminal penalties including prison. As stated in the declaration of government expert Dr. Philip Stark, Professor of Statistics at the University of California at Berkeley, “reviewing URL’s available through search engines will help [the government] understand what sites users can find using search engines, to estimate the prevalence of harmful-to-minors (HTM) materials among such sites, to characterize those sites, and to measure the effectiveness of content filters in screening HTM materials from those sites.” Further, “reviewing user queries to search engines will help [the government] understand the search behavior of current web users, to estimate how often web users encounter HTM materials through searches, and to measure the effectiveness of filters in screening those materials.” This information, the government says, would assist its “efforts to understand the behavior of current web users, to estimate how often web users encounter harmful-to-minors material in the course of their searches, and to measure the effectiveness of filtering software in screening that material.”

Not surprisingly, Google objected to the demand, claiming the demand was too broad, burdensome, and intrusive. The Department of Justice and Google worked toward a compromise regarding the subpoena. The Department agreed to limit its request to only one million random URL’s and a random sampling of one million search queries submitted to Google on any given day. However, Google still objected to the demand, and refused to comply with the subpoena. According to Google, complying with the demand would require it to divulge important trade secrets, and would require divulging information about the individuals that use its service, and even potentially revealing personal identifying information about its users.

This dispute went largely unnoticed by the public until January 18, 2006, when the Attorney General filed a motion to compel compliance with the subpoena in a federal court in San Jose. The motion to compel states that “after lengthy negotiations, the Government has narrowed this request to seek the production of an electronic file containing ‘the text of each search string entered onto Google’s search engine over a one week period (absent any information identifying the person who entered such query.)'”

Filing this public motion got some attention. The story was reported in the major newspapers and on online news sites when the motion was filed. Privacy groups, such as the World Privacy Forum and the Electronic Privacy Information Center are rallying behind Google’s stance resisting the subpoena. Many of these organizations are filing amicus briefs with the court. Not to be left out, Congress is also becoming involved. Sen. Patrick Leahy sent the Attorney General a request for information regarding the subpoena, including the potential for production of personal identifying information and any safeguards to prevent such production. Representative Ed Markey said he intends to introduce legislation to curb records retained by Web sites.

It will be interesting to watch this dispute play out. Google’s response to the motion is due on February 17, 2006, and the government’s reply is due on February 24th. Amicus briefs are also due February 24th, and the hearing on this motion has been moved to March 13th.

Lost in this dispute is the fact that the subpoena to Google was only one of the subpoenas issued by the Attorney General. America Online, Microsoft Network, and Yahoo apparently did not challenge the subpoenas. Have you used any of these search engines lately? Do you remember what search strings you used?