The Volokh Conspiracy

An interesting decision in Paridon v. Trumbull County Childrens Servs. Bd. (Ohio Ct. App. Mar. 11, 2013) (some paragraph breaks added):

At issue is whether appellee, Trumbull County Children Services Board ..., may require attendees of its public meetings to sign in before being admitted to such meetings....

[Appellants allege] they attended a public meeting of the board, but that they were not permitted to enter the meeting unless they signed a sign-in sheet, pursuant to the board’s sign-in procedure. Appellants alleged that the board’s rule violated Ohio’s Sunshine Law ....

Nicholas Kerosky, Executive Director of the Trumbull County Children Services Board, testified on cross-examination that the board has a written policy, which prohibits members of the public from entering the board’s building unless they sign in and state the nature of their visit. The written policy, which was admitted in evidence, provides that these security measures are necessary due to the “sometimes volatile nature of child welfare.”

Mr. Kerosky testified that this written policy applies whether the person is visiting the board’s facility during the board’s usual business hours to conduct business or in the evening to attend the board’s meetings.

Mr. Kerosky testified the purpose of this policy is to protect the children in the care and custody of the board, who reside in the board’s facility, and also to protect the confidential records maintained there by the board.

Mr. Kerosky said the board does not verify the name of those persons who sign in by requiring them to produce their driver’s license or other form of identification. Nor does the board perform any check on these individuals, such as a criminal history check. Thus, any member of the public is permitted to attend a meeting of the board by simply signing in....

The board’s meetings are held in the board’s facility on Reeves Road in Warren, Ohio. Most of the meetings are held in the training room. The October 18, 2011 meeting, which gave rise to this lawsuit, was held in the gym because attendance was expected to be higher than usual. Children in the care and custody of the board reside in the board’s facility. The area in which they reside can be accessed from various areas in the building, including the gym....

[A]ppellants argue that any condition imposed on the admission to a public meeting is null and void. They argue that because there is no sign-in requirement in the Sunshine Law, the board lacked authority to impose such a requirement. We do not agree.

A meeting of government officials, when opened to the public, is a limited public forum for discussion of subjects relating to the duties of those officials [citing First Amendment cases]. The public body may place limitations on the time, place and manner of access to its meetings, as long as the restrictions are content-neutral and narrowly tailored to serve a significant governmental interest....

Continue reading ‘No Right to Anonymously Visit Government Meetings’ »

So reports Paul Alan Levy (Public Citizen Consumer Law & Policy Blog), with links to various documents, including the letter objecting to the subpoena, which in turn includes the subpoena as Exhibit A:

Shelby County, a government body in the southwestern corner of Tennessee that contains the city of Memphis, has subpoenaed Memphis’ daily newspaper, the Commercial Appeal, seeking to identify the authors of roughly ten thousand anonymous comments that have been posted to 45 different stories on the paper’s web site....

The subpoena arises out of a controversy about a proposed consolidation of school districts sought by the county commission. The consolidation has been highly controversial, and attracted extensive coverage by the local media, including many stories in the Commercial Appeal. The comments section of the various Commercial Appeal stories came to be a significant forum for community discussion of the issue. The debate raged in heated terms, with a number of comments reflecting racist views, as some citizens opposed the proposed consolidation because they were afraid that it would increase their children’s exposure to black children. Some comments were posted in sufficiently uncouth terms that the Commercial Appeal removed them for violation of the web site’s terms of service. Eventually the Tennessee Legislature passed a law that interfered with the consolidation plan, authorizing local jurisdictions to vote on whether to establish their own school districts, and Shelby County has sued to block the law, claiming that its purpose is to perpetuate segregation.

Although Shelby County has yet to articulate its precise reason for seeking the subpoena, our best guess is that the identities are being sought to help prove the discriminatory animus behind the legislation. The argument appears to be that, if the comments identify particular members of the public as racist, and if other evidence shows that those same members of the public urged their legislative representatives to pass the anti-consolidation bill, the citizen advocates’ racist views can then be attributed to the legislation which therefore can be struck down.

Now subpoenas aimed at identifying anonymous speakers are sometimes permissible. For instance, if the plaintiff is arguing that an anonymous speaker has libeled him, and there is enough evidence that the statement is indeed potentially libelous — i.e., that it makes a factual assertion, and a jury could reasonably conclude that the assertion is false and defamatory — then the plaintiff needs to be able to identify the defendant. The same may be true in some other cases, such as disclosure of trade secrets.

But here the supposed relevance of the comments to the County’s case is extremely tangential, and in any event the subpoena is vastly overbroad, covering many commenters whose identities couldn’t possibly be relevant. This sort of subpoena is thus both legally unjustified, and reflects poorly on the 8-5 majority of Shelby County commissioners who backed the subpoena when one commissioner asked that it be withdrawn.

I was puzzled, by the way, by this passage from an article in the Memphis Commercial Appeal on the blocked move to withdraw the subpoena:

Commissioners Mike Ritz and Sidney Chism placed partial blame on The Commercial Appeal for reporting the subpoena. “None of us knew about this until we saw the paper Sunday. This is almost a created controversy for The Commercial Appeal,” Ritz said.

Chism said the newspaper “has used this situation as a way to promote their own interests. They’re the most divisive element we’ve got in this town.”

Perhaps this is quoted out of context — please let me know if you know more about what the commissioners were trying to say — but, if accurate and in context, these assertions seem very odd. What exactly is wrong with a newspaper’s reporting the government’s attempt to unmask commenters on the newspaper’s site? Indeed, I should think that anonymous commenters (past and future) deserve to know that their county government might try to do this to them. Reporting on this is in the newspaper’s interest because it is in its readers’ interest and the public interest, it seems to me.

Twenty-three of the forty-nine New York Assembly Republicans, plus one Independent and one Democrat, introduced this bill last Fall but just “unveiled” it yesterday:

1. Definitions. As used in this section, the following words and terms shall have the following meanings:

(a) ["]Anonymous poster["] is any individual who posts a message on a web site including social networks, blogs forums, message boards or any other discussion site where people can hold conversations in the form of posted messages.

(b) “Web site administrator” means any person or entity that is responsible for maintaining a web site or managing the content or development of information provided on a web site including social networks, blogs forums, message boards or any other discussion site where people can hold conversations in the form of posted messages, accessible via a network such as the internet or a private local area network.

2. A web site administrator upon request shall remove any comments posted on his or her web site by an anonymous poster unless such anonymous poster agrees to attach his or her name to the post and confirms that his or her IP address, legal name, and home address are accurate. All web site administrators shall have a contact number or e-mail address posted for such removal requests, clearly visible in any sections where comments are posted.

It’s not clear what it means to “confirm” that one’s IP address, legal name, and home address are accurate; but at the very least, this bill would require a Web site administrator — me, for instance, if I were found to subject to New York jurisdiction — to remove any comment unless the commenter signs his name to it.

Nor would this be limited to comments that allegedly libel someone, or even insult someone (though that would be bad enough), despite all the talk of preventing cyber-bullying by the bill’s backers. Rather, the law would apply any time anyone makes a “request” that a comment be removed, even if the comment doesn’t mention anyone by name but is simply religiously or politically offensive to the “request[er].” The same would apply to anonymous material added to Wikipedia, if Wikipedia were found to be subject to New York jurisdiction, anonymous videos posted to YouTube, and so on.

The bill is unconstitutional, see Talley v. California (1960) and McIntyre v. Ohio Elections Comm’n (1995); the First Amendment, the Supreme Court has held, protects anonymous speech (except in limited conditions related to election campaigns). The proposal is thus a fitting bookend to the four Democratic New York Senators’ paper on, among other things, how “[p]roponents of a more refined First Amendment argue that this freedom should be treated not as a right but as a privilege — a special entitlement granted by the state on a conditional basis that can be revoked if it is ever abused or maltreated,” though more New York Republicans are on board this bandwagon than New York Democrats were on board the other one.

Thanks to Steven Jens for the pointer.

UPDATE: By the way, say that a Web site with tens of thousands of comments gets a batch of demands from a political opponent of the site: “[R]emove any comments posted on [your] web site by an anonymous poster” — defined as “any individual who posts a message on a web site including social networks, blogs forums, message boards or any other discussion site where people can hold conversations in the form of posted messages” — unless that individual “agrees to attach his or her name to the post and confirms that his or her IP address, legal name, and home address are accurate” (emphasis added). The time and effort it takes to get such “confirm[ation]” from all the commenters, including ones who had signed their names in the first place (recall that “anonymous poster” is defined to mean “any individual who posts a message on a web site,” even if the message is signed with what is ostensibly the poster’s name) might well be prohibitive for many Web site operators, whose only option at that point would be just to delete all the comments.

Ars Technica reports; the New Orleans Times-Picayune reports that the prosecutor is being investigated by the Justice Department for possible violations of Justice Department policies. An excerpt from Ars Technica (read the whole thing, which also includes many links):

A federal investigation involving New Orleans landfill magnate Fred Heebe took a surprising turn this week. Heebe filed a court petition (PDF) claiming a frequent commenter on local-news site NOLA.com was in fact Sal Parricone, one of the prosecutors assigned to his case. Heebe turned out to be right.

The commenter took regular shots at Heebe and his family, seeming to know more about the case than an average reader of the site might....

So Heebe hired a former FBI forensic linguist, James R. Fitzgerald, to analyze 598 comments made over the course of 6 months by a commenter using the handle “Henry L. Mencken1951″. Fitzgerald, who also worked on the arrest and prosecution of Unabomber Ted Kaczynski, compared the comments made by “Mencken1951″ to the language in a 9-page proceeding filed by three Assistant U.S. Attorneys, including Parricone, against the CEO of Heebe’s company, River Birch Landfill. The language was strikingly similar. Given that Parricone was born in 1951, Heebe singled him out in the court petition. On Thursday afternoon, U.S. Attorney Jim Letten confirmed Perricone had used the “Henry L. Mencken1951″ handle.

UPDATE: Parricone has resigned. (Note that he’s eligible for retirement.) Thanks to commenter summerslex for the pointer.

An interesting New York Times article about Facebook and people’s identities:

The writer Salman Rushdie hit Twitter on Monday morning with a flurry of exasperated posts. Facebook, he wrote, had deactivated his account, demanded proof of identity and then turned him into Ahmed Rushdie, which is how he is identified on his passport. He had never used his first name, Ahmed, he pointed out; the world knows him as Salman.

The writer Salman Rushdie objected when Facebook tried to use his name as it appeared on his passport, and nowhere else.

Would Facebook, he scoffed, have turned J. Edgar Hoover into John Hoover? ...

The Twitterverse took up his cause. Within two hours, Mr. Rushdie gleefully declared victory...

The article then goes on to more broadly discuss real-name requirements imposed by social networks such as Facebook, and some of the implications of these requirements — very interesting. Note the closing paragraph:

Mr. Rushdie, who once lived incognito because of death threats, has more recently been busy revealing himself on Twitter. He had to fight for his online name there as well. An imposter was using the Twitter handle @SalmanRushdie earlier this year, and Mr. Rushdie had to ask the company for help reclaiming it. Now his page bears Twitter’s blue “Verified Account” checkmark and quotes Popeye: “I yam what I yam and that’s all that I yam.”

Over the last several years, various courts have held — in cases such as Dendrite Int’l, Inc. v. Doe No. 3 and Doe v. Cahill — that the First Amendment provides substantial, though limited, protection against subpoenas aimed at unmasking anonymous commenters; for more details on that protection, see this EFF analysis. But last week, Doe v. United States (N.D. Cal. Oct. 4, 2011) held that such rules generally do not apply to government investigations, here by the SEC, as opposed to investigations by private litigants. I just thought this was worth noting for readers who follow such matters.

There has been a lot of controversy in the past about whether the government should be free to subpoena library records or bookstore records, or execute search warrants for such records. (See, for instance, this post of Orin’s, this Congressional testimony by Orin, and pp. 30-37 of this article of mine.) I just ran across a case that dealt with this question in an unusual context — where the defendant’s alibi involved his supposedly returning a certain book to the library, State v. Hilton (Wash. Ct. App. Sept. 27, 2011):

Mr. Hilton’s remaining arguments are that the records were private under both Const. art. I, § 7 and the Public Records Act (PRA), chapter 42.56 RCW, and protected by the First Amendment and Const. art. I, § 5. In particular, he cites to RCW 42.56.310, which provides that a library record that “discloses or could be used to disclose the identity of a library user is exempt from disclosure under this chapter.” The emphasized language makes short work of Mr. Hilton’s PRA argument. The PRA provides an exemption from disclosure pursuant to a public records request. It does not create a privilege, let alone a privilege exempt from judicial process. See RCW 42.56.050; Brown v. Johnston, 328 N.W.2d 510 (Iowa), cert. denied, 463 U.S. 1208 (1983). Similarly, Const. art. I, § 7 prohibits intrusion into “private affairs” absent “authority of law.” A subpoena is “authority of law.” Gunwall, 106 Wn.2d at 69. Mr. Hilton’s argument is without merit.

The free speech argument fares no better. Mr. Hilton appears to predicate his claim at least in part on the theory that the SIJ [Special Inqury Judge] proceedings were invalid, an argument we have already rejected. His sole authority is a Colorado case, Tattered Cover, Inc. v. City of Thornton, 44 P.3d 1044 (Colo.2002). That authority is not apropos. That case involved an injunction against a search warrant, not a valid subpoena. The court ultimately concluded that the government had not established a compelling interest justifying the search for records that were recognized as private in Colorado. Id. at 1061. There, also, the bookstore resisted efforts to provide information about its customer. Here, the library provided the records within hours of the subpoena. Mr. Hilton has presented no relevant authority suggesting that this subpoena was invalid for failing to address the particular concerns associated with free speech rights.

Even if Washington followed the same compelling interest test, it would be met in this case. A double murder was being investigated. Mr. Hilton had voluntarily told police that he had been at the library that evening and indicated which book he had returned. He had waived any claim of privacy related to Hard Time or his checkout and return records. The compelling State interest in confirming or dispelling his alibi outweighed the privacy interest he had already waived. [Footnote: Moreover, the librarian's testimony concerning when Hard Time was returned to the library was the result of an independent source--the defendant's own admissions to the police--not the subpoena process. Thus, even if the subpoena had been invalid, it would not affect the testimony against the defendant.]

The SIJ subpoena was properly issued. It did not infringe upon any rights belonging to Mr. Hilton. Accordingly, the trial court correctly denied the motion to suppress the evidence.

As I mentioned, this is an unusual situation, and one could argue that the rule should be different if the government were seeking library records in other contexts. But I thought it was still worth noting, just as an example of how the issue might sometimes come up.

James L. Huffman, former Dean of Lewis & Clark Law School and the 2010 Republican nominee for Senate from Oregon, has an op-ed in Monday’s WSJ explaining how his experience as a political candidate convinced him that mandatory disclosure of campaign contributions is a bad idea.

The reality is that public disclosure serves the interests of incumbents running for re-election by discouraging support for challengers. Here’s how it works.

A challenger seeks a contribution from a person known to support candidates of the challenger’s party. The potential supporter responds: “I’m glad you’re running. I agree with you on almost everything. But I can’t support you because I cannot risk getting my business crosswise with the incumbent who is likely to be re-elected.” . . .

Disclosure makes threats possible, and fears of retribution plausible. Within weeks of a contribution of $200 or more, the contributor’s name appears on the public record. Contributors know this, and they know that supporting the challenger can, should the challenger lose, have consequences in terms of future attention to their interests. Of course no incumbent will admit to issuing threats or seeking retribution, but the perception that both exist is widespread.

The reality of that perception alone should give us pause about disclosure requirements. And it would be naïve to believe that the perceptions have no basis in reality.

He makes some good points, but I am not entirely convinced. There are strong arguments for disclosure. Among other things, it gives voters additional information and could make it easier to assess corruption claims. Huffman argues that since federal law caps campaign contributions at $2,400, disclosure does not do much to prevent corruption, but does discourage support of challengers. More to ponder.

So holds Amazon.com v. Lay (W.D. Wash., decided yesterday):

Amazon pursues summary judgment as to its First Amendment claim that the DOR’s request for all information related to Amazon’s sales to North Carolina residents violates the First Amendment. The Court agrees and GRANTS the motion.

The First Amendment protects a buyer from having the expressive content of her purchase of books, music, and audiovisual materials disclosed to the government. Citizens are entitled to receive information and ideas through books, films, and other expressive materials anonymously. In the context of distribution of handbills, the Supreme Court held that anonymity “exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular.” McIntyre v. Ohio Elections Comm’n, 514 U.S. 334, 357 (1995); Talley v. California, 362 U.S. 60, 64 (1960) (protecting anonymity in handing out campaign literature). The fear of government tracking and censoring one’s reading, listening, and viewing choices chills the exercise of First Amendment rights. In a concurring opinion, Justice Douglas highlighted the deleterious effect of governmental meddling in the reading habits of its citizens: “Some will fear to read what is unpopular what the powers-that-be dislike. When the light of publicity may reach any student, any teacher, inquiry will be discouraged.” United States v. Rumely, 345 U.S. 41, 57-58 (1953) (Douglas, J., concurring).

Continue reading ‘North Carolina Department of Revenue’s Demand for Amazon Customer Records Violates the First Amendment’ »

It’s been a pleasure to blog this week.  I hope you’ve enjoyed this conversation and I’d love to continue it.  If you’re interested in reading more, check out our book, Wild West 2.0.  It is the most-discussed Internet policy book of 2010 (Jimmy Wales called it “an invaluable guide” to the “brave new world of the Internet”) and it sold out Amazon.com once already.  Or, contact me directly through my site at davidcthompson.com.  Thanks again to Eugene and the whole Volokh Conspiracy for inviting me to participate this week.

This week, we’ve discussed the “Wild West 2.0” metaphor for the Internet.  Today, I’m going to present a few quick ideas that didn’t make it into this week’s posts.   I don’t have enough space to flesh them all out, but I hope to provoke some thoughts and discussions that will continue beyond this week.

What will widespread surveillance and facial recognition do to privacy?

It’s always been the law in the U.S. that images you take in public are yours to use non-commercially.  There are a few exceptions around security, peeping Toms, and so-called “upskirt” photography, but basically you can take a photo from any public place and make any non-commercial use of it.

There are good reasons for this policy, ranging from a basic respect for the free press and free expression, to the First Amendment.

But, today, facial recognition is quickly becoming available on a wide scale.  For just one example, an application called Face.com allows Facebook users to use photo recognition to find their friends in photos (even if they have not been tagged, or if they have removed their tag).  Using the tool, it’s often possible to find hundreds of untagged photos of your friends (or yourself) posted by other people.

The Face.com developers just released an API (programming interface) to allow other websites to use the same technology.  So far, Face.com has restricted use of the technology to known faces, but nothing technological prevents them from using their database of hundreds of millions of Facebook photos to identify millions of people in public photos.

The results of just one company unleashing photo recognition on the Internet could be huge.  There are more than 3 billion photos on the site Flickr.com  , and billions more in the unstructured Web, on sites like Facebook, and in automated surveillance systems (every time you walk past a security camera, imagine your name being logged).

The figures above don’t even count the fact that some forms of advocacy corporate surveillance would increase in a world with easy facial recognition.  Why would anti-abortion groups not photograph every person who walks into an abortion clinic, use facial recognition to identify them, and use public name-and-address databases (see below) to target mailings (or harassment) to each person’s home?  Why would anti-gay advocates not do the same for people who frequent gay bars, or liberals target “Tea Party” activists, or statists target libertarians, etc?  Or insurance companies outside bars to monitor drinking and driving, smoking, or any other risk factor that could increase rates?

What does this mean for privacy?   If the freedom to take and post photos cannot or should not be changed, should there be regulation of the uses of facial recognition software?  Should it be a privacy tort to publicly identify private citizens by name if they are walking into an abortion clinic, a gay bar, a Tea Party rally, a divorce lawyer’s office, a police station (to “snitch”), or a substance abuse treatment facility?  What does it mean when Google indexes a list of these names and it comes up first for a search for your name?  How will it affect job prospects, inter-personal relations, and more?

Will we all just get over it and not care that our friends are getting abortions or divorces?  Will anti-gay groups get over the fact that some people visit gay bars?  Will political opponents stop harassing each other?   I hope so, but my hopes are dim.

The end result might be that we all wear low-fitting baseball caps each day, or the aptly-named “FlickrBlockrs” sunglasses that started as an art project but might fill a real need.   But should individuals have to proactively monitor their public image so fiercely?  (Read more about our ideas for privacy in the book, Wild West 2.0.)

Will the future allow a binary public/private distinction?

Right now, the law generally recognizes facts as “public” or “private” with very little gray area in between.  This has caused problems in the Fourth Amendment context, where seemingly-private facts (like your bank account information) are not considered “private” for Fourth Amendment purposes (thanks to the “third party doctrine,” the government simply ask your bank; many scholars find this doctrine problematic).

The Internet sharpened this problem by making “public-but-obscure” facts readily available online.  Privacy interests were often supported by practical obscurity; a court may have a list of all cases and convictions, but very few people bothered to trudge to the courthouse to find out.  The county clerk’s office may have a hardcopy list of home owners and their property values, but nobody actually checks.

But online, these records are being rapidly digitized and made searchable.  And because they are all “public” information for privacy purposes, there is currently no restriction on how the information can be displayed.  So far, no case of which I am aware has held that online “white pages” or “dossier” sites (like Spokeo.com, WhitePages.com, Intelius.com, and many others) cannot create a dossier of private-seeming information like your income, hobbies, credit score, home address, phone number, political contributions, and more—just so long as each data point was drawn from a “public” source.

The result of the end of practical obscurity has turned a lot of privacy upside-down.  Criminals now routinely use public records databases for identity theft purposes (itself illegal, but hard to catch), to stalk their victims at home (same), and to identify candidates for burglary or other attacks.  Millions of people (below) now casually flip through their neighbors’ dirty laundry online, ranging from bankruptcy filings to property records to divorce records.  Maybe this information has always been “public,” but it was never so readily available.

Will the law continue to recognize only “public” and “private” information?  Or will it develop shades of gray to recognize that obscurity can protect privacy while allowing “legitimate” uses.  Scholars have discussed ways to limit data like property records to their original purpose (making sure property taxes are apportioned fairly) by encouraging states to strip names from the data before publication; of course, this works only if there are no other records that correlate names to addresses.  Will that be enough?  Or is it a good thing that all these facts are public?

Does the Law Recognize the 300 Million Little Brothers Problem?

The section above should suggest it, but her it is expressly: we no longer live in a nation of Big Brother; we live in a nation of 300 million Little Brothers.

Much of our law is based around fear of surveillance by the government (Big Brother).  The Fourth Amendment is the easiest example; it is based around a fear of an overly intrusive government acting in its role as sovereign.  Statutory law like the Electronic Communications Privacy Act also seeks to protect individual privacy against the government.  And laws like the Stored Communications Act and HIPPA prohibit corporations from revealing certain information about you.

But now an equally real risk is 300 million Little Brothers.  We’ve moved from the Panopticon—where the guards can see everything—to a suburb of glass houses where everyone can see each other.  This is a powerful development for politics (we can now watch the watchers), but it has changed inter-personal privacy as well.  What laws (if any) should be updated to reflect this new reality?  Or should we all just get used to living in public–to quote Google CEO Eric Schmidt “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.“  The power of the Internet is increasingly moving toward making sure that everybody knows what everybody does.  Is this the right direction?

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.

Thanks again for the great responses in comments.  I’ve learned a lot about how people think about the Internet of 2010 and whether it fits the “Wild West 2.0” model.

On Monday, we discussed why the Internet of 2010 resembles the closing of the Wild West frontier.  On Tuesday, we talked about whether CDA 230 is appropriate for the Internet of 2010.  Yesterday, we talked about why CDA 230 is a subsidy to online libel.

Today, I want to present some ideas to preserve the best parts of anonymous free expression, while fixing the subsidy that Section 230 of the Communications Decency Act gives to libelous speech.  I’d love to hear your thoughts.

Online Anonymous Speech is a Good Thing

Anonymous online speech can be powerful and beneficial.  You are free to leave anonymous or pseudonymous comments on this site, which encourages free discussion of political issues.  Protesters in Iran can spread ideas, corporate whistleblowers can speak out, and the government is deterred from at least one form of intrusion into personal life.  On a personal level, you can explore your identity, research controversial causes or issues, or just vent frustration.  All of these are good things and worthy of preservation.

But in the offline world there is also accountability for anonymous speech that is libelous or invasive of privacy.  By taking control of the media away from The New York Times and putting it in the hands of individual bloggers, the Internet have empowered free expression and opinion, but also empowered hundreds of millions of people to anonymously libel each other and invade each others’ privacy.

Updating the Assumptions Underlying CDA 230

CDA 230 was based on a number of guesses about how the Internet of the then-future would work.  We’ve had almost fifteen years to test those assumptions.

To give a little perspective, in 1996, when Section 230 of the Communications Decency Act was passed, the first search engines like AltaVista and Lycos were just getting started, the Google founders were still in college, Netscape Navigator was the most popular browser, the first version of Microsoft Internet Explorer had just been released, and OS/2 was considered a viable operating system.

In 1996, many people assumed that CDA 230 was necessary to a functioning Internet.  They believed that if hosts* had any liability (under any circumstances) for any content, they would stop providing platforms for user interaction.  * I use “hosts” to mean primarily websites that host user-generated content, like Facebook, discussion forums and blog hosts.

But in fifteen years of experience, we’ve seen that CDA 230 is not required for a thriving Internet.  Europe does not have a statute equivalent to CDA 230, the U.K. has stricter libel laws than the United States, and Directive 2000/31/EC requires EU member nations to enforce libel laws online.  But some estimates suggest that Internet use is actually higher in the U.K. than the U.S.  The same goes for Japan (hosts may be liable if they have knowledge of libel, higher Internet use than the U.S.) and Canada (hosts immune only if “innocent dissemination,” higher Internet use than U.S.).  Fast-growing nations like Brazil have experienced ten-fold increases in Internet use in the last decade, even without a local version of CDA 230.

Many people like the “Internet routes around  damage” metaphor to claim that CDA 230 is irrelevant. But right now, the US is the only major country with CDA 230 immunity.  There will always be jurisdictions like Sealandia, but the vast majority of the commercial Internet is based in the U.S., E.U., and Pacific Rim.  There will always be Freenet-type projects that evade all jurisdictions and have no commercial connections, but the vast majority of the network relies on advertising dollars.  And the mostly-effective U.S. online gambling ban suggests that the legal regime does matter after all.

We can also learn from the DCMA: we’ve seen that over-use of DMCA takedowns can lead to chilling effects.  (disclosure: My employer, ReputationDefender, does not send DMCA takedown notices.)  But we’ve also seen that even despite periodic abuses of the DCMA, the user-generated Internet has bloomed.  The DMCA did not, despite itself, kill the Internet.

The drafters of CDA 230 worked in an era when a user’s ISP and forum host were the same.  The Prodigy case led directly to CDA 230.  The cased turned on the actions of a Prodigy subscriber on a Prodigy-run message board inside Prodigy’s “walled-garden.”  Back then, it would have been easy to find the original defendant: Prodigy ran the forums and had a billing relationship with every poster.  The same was true of services like CompuServe and AOL.

Today, there is no connection between ISP and content host.  Instead of Prodigy serving as both ISP and forum host, today Comcast (as ISP) has no relationship with BlogSpot (as content host).  Because of the separation, it became near-impossible find the original defendant in many online libel cases.

Another faulty assumption of CDA 230 is that it would encourage websites to filter their content and produce a more civilized online world.  In the Prodigy case, the service as found liable in part because it selectively removed some libelous and obscene comments (the court: “Prodigy’s conscious choice, to gain the benefits of editorial control, has opened it up to a greater liability”).  The hope for CDA 230 was that, by removing any penalty for taking editorial control, more sites would exercise discretion and remove harmful content.

Of course, the last 15 years have taught us that CDA 230 has been used to support immunity for inaction as much as action.  Many sites have taken the grant of immunity intended to encourage editorial control and used it to abdicate responsibility.

Finally, CDA 230 is a law that assumed the Internet needed a subsidy to grow.  Almost fifteen years of open frontier Internet later, the Internet is approaching maturity (or at least its petulant teenage years) and it is questionable whether the Internet now deserves a special subsidy that no other form of media gets.  Even if the CDA 230 subsidy made sense in 1996, the assumption does not hold in 2010.

Market Solutions are Part of the Answer, But Not All of It

We’ve already seen some market influence toward record-keeping, such as the trend toward services like Facebook Connect.  Sites use identification to discourage users from abusing other users.  But as long as there is no barrier to entry and as long as humans love scandal, the market will not be able to fully correct for the race-to-the-tabloid-bottom effect of sites that benefit from the libel subsidy and encourage users to attack others.

There are also commercial services that help victims recover from online attacks, but these also do not substitute for a legal regime that discourages attacks in the first place.  (Disclosure: My employer provides services that help people build their online reputation before it is damaged, recover from attacks, keep their personal and professional lives separate, and protect their privacy.)  These services can be expensive, some forms of attack can never be fully eliminated, and mitigation does not take the place of prevention.  They cannot replace the proper legal regime, even if they help mitigate damages after the fact.

A Proposal to Keep the Best and Jettison the Rest

How do we keep the best parts of online anonymous speech while jettisoning the ability of site owners to actively encourage libel or invasion of privacy?

This is not a balance between anonymity and accountability.  There will always be anonymity online thanks to services like Anonymizer and TOR.

I propose an opt-in system for web hosts:

Hosts that make a good-faith effort to keep sufficient records to locate content creators are granted CDA-style immunity, even if they have knowledge of liability-creating content.  Sites that do not keep records are immune unless they know that there is liability-creating content.  Good-faith attempts to filter shall not create knowledge liability for what is missed.

The system preserves the right to speak anonymously in both cases; nothing requires sites to reveal any information except on subpoena.  The system still allows sites to choose not to keep any records; if a site wants to allow completely anonymous interactions then it may do so.   No liability is ever imposed without knowledge of the content.  And the original goal of CDA 230 (to fix the filtering glitch in Prodigy) is respected without creating another race-to-the-bottom.

The system preserves First Amendment and free expression values while also respecting the right of non-speakers to privacy and quiet solitude.  It removes a subsidy to libel, and puts the Internet on even footing with other forms of media.  It is technologically neutral, and imposes no new burdens on sites that don’t currently have knowledge of liability-creating material.  And it harmonizes US and foreign law, to make cross-border websites easier to maintain.

Tomorrow: Future Problems in Reputation and Privacy

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.

In the early Internet, it was impossible to find isolated references to people, places, and things.   Many users navigated using directories like the original Yahoo, and early search tools like Gopher (structured documents) and Archie (FTP) were limited .

The search engines changed everything.  Starting with Lycos and AltaVista, information was freed from obscurity.  Suddenly, no matter where on the Internet your name might be mentioned, a search engine could find it.

On Monday, we discussed why the Internet is a new frontier.  On Tuesday ,we questioned whether Section 230 of the Communications Decency Act of 1996 still fits the Internet of 2010.  Today, I’ll explain how the rise of search engines since 1996 has changed reputation and privacy, and why CDA 230 subsidizes libel by preventing speakers and facilitators from internalizing the costs of their actions.

Google Has Changed How Information is Consumed

I don’t think Google is evil.

But Google is far from perfect.  Google creates the illusion that just ten search results reflect some meaningful judgment on a person’s life.  For example, the top five Google search results for any search term get 88% of the clicks.  The over-attention given to the first few Google results is partly user error, but it’s also a form of rational ignorance on the part of searchers: Google gives good enough results most of the time, so there is little incentive to look deeper.

The attention given to the first few Google results would be fine if Google always provided accurate, balanced, and relevant information.  Unfortunately, it doesn’t.  Google has no way to measure whether websites contain information that is true, fair, or proportionate.  Instead, Google uses rough heuristics—most notably the number of links to a page—to try to calculate a page’s popularity.  Popularity substitutes for relevancy, often with comical results (remember “miserable failure?”).

Online, Google search drops users onto a website with no context or history of the site.  There’s no indication whether a site is a parody (witness Salon being fooled by Landover Baptist), populated by anonymous trolls, a personal rant, or anything else.  Of course, it is possible for users to perform this research for each and every site they visit–but the evidence is that they simply don’t (witness the Times of London being fooled by anonymous postings on a soccer website).

Rational ignorance?  Possibly. Through experience, I’ve learned with law-related sites are reliable, which are tabloid, and which are garbage—but I haven’t had reason or opportunity to do the same for medicine, sports, fashion, or any of hundreds of other areas, and it’s questionable whether we should subsidize it further.

Google has Leveled the Playing Field – For Better and Worse

Google has elevated the ramblings of a lone speaker to the same visibility as the New York Times.  This is a wonderful development for politics and freedom.  It is a frightening development for personal privacy.

In the old days, the major media (think New York Times) was very unlikely to write about you.  Your privacy was generally at the mercy of your neighbors and acquaintances—who often had to stake their own reputations when they chose to attack yours.  If something rose to the level of defamation, it was usually easy to find the defendant and fight it out in court.

But today, anybody with a blog can (and all too often does) smear you, defame you, or invade your privacy.  Their motivations are many: politics (if you read VC, you might have strong opinions), envy (think job promotion), mischief (think 4chan), etc.  If you don’t have a big presence in Google before being attacked, Google will inevitably find the smear and bring it to the top of your search results: and tabloid material often rises to the top of a Google search because it gets the most clicks and attention.

This mechanism takes place even if the same content offline would undoubtedly be considered libelous or invasive-of-privacy.  (If you disagree with offline liability for libel and invasion of privacy, you probably won’t agree with this either.)  In many cases, you can’t find the original poster (it would take a lawyer, two subpoenas, and months).  The host shrugs and says “CDA 230, not my problem” and rationally declines to name the creator (his customer).

Further, online defamation and privacy invasions can outlive the original speaker.  In the offline world, most libelers stop once they are found.  Online, hosts need not remove libelous or privacy-invasive information even after it has been found to be liability-creating.  “Zombie content” lives on even after the original creator wants it gone (much to privacy advocates’ chagrin, Facebook does not delete all content when you delete your account), or even if the original creator has passed away or gone offline.

This has real consequences for real people.  Consider false-but-hard-to-disprove allegations.  How do you respond if a political opponent, a personal enemy, or simply a random stranger creates a blog claiming that you harassed or had an affair with a subordinate?  What do people think when they see that in the first three Google results?  It’s true that more speech can help push the false information down in search results, but it is near-impossible to prove the negative.  And once that seed of doubt is planted (“did Obama shake hands with the President of Iran?” “was Kerry at a rally with Jane Fonda?”  ) your name is forever tarnished.

Or consider the case of true-but-private information.   Some anti-libertarians may question the Fourth Amendment by asking “If you have nothing to hide, then why should you care if we search you?”  But should we cede our privacy so easily?  What if a “peeping tom” photo of you ends up at the top of a search for your name?  Your daughter’s name?  It may be clearly illegal offline, but that doesn’t stop it from being distributed online without recourse.

CDA 230 Removes the Internalization of the Cost of Libel

I agree with commenters who have pointed out that stopping free speech online is (1) impractical, (2) inconsistent with the First Amendment, and (3) a bad idea.

But, consider how CDA 230 is subsidizing libel.  Speech liability (libel, slander, invasion of privacy, etc) exists to make sure that a speaker can’t impose certain forms of harm on others (unfairly ruining a reputation) without feeling some cost herself.  In the offline world, this risk of speech liability is largely internalized by the speaker and knowing facilitators: would-be authors of libelous publications know that they will be found and sued, and newspapers stop running advertisements they know to be false in order to stay out of court.

But online, the speakers often disappear thanks to anonymity and the lack of effective record-keeping by hosts.  And, thanks to CDA 230, hosts suffer no liability even if they know that users are using the platform to defame others, profit from the resulting tabloid attention.  CDA 230 goes so far that, under current law, a site owner could knowingly create a site that expressly encourages users to create false and malicious information.

In these cases, CDA 230 acts as a subsidy by removing liability (cost internalization) away from the speaker and host.  There’s no incentive for hosts to keep records about their users; in a race to attract users, hosts have rationally advertised their lack of record-keeping–even though the lack of records imposes an external cost on defamation and privacy victims.  There’s no incentive for hosts to remove content; Google rewards them (with web traffic) for keeping libelous material online–even though the material imposes external costs on victims.  And there’s no incentive for users to not create libelous materials; in many cases there’s little practical chance of being found—even though it can take a victim years to clean up the damage.

The result has been a high-speed race to the tabloid bottom online among many content hosts.  In a race to stand out in Google’s search results, which deliver users without context or background, some sites have encouraged tabloid anonymity (think JuicyCampus) rather than thought-through content (think VC).  Maybe the market will correct the imbalance, but so far it has responded to the subsidy for libelous speech by producing more of it.

Tomorrow: Fixing the CDA 230 subsidy

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.

(Thanks for the great comments!  I’ll be speaking in Las Vegas this afternoon 3:45 pm today at the EduComm conference at the Mirage, Ballroom D.)

Anonymous and pseudonymous speech dates back at least to the early days of the printing press.   Anonymous online speech has been a powerful force for change in situations ranging from simple campus disputes to political protests in Iran.  And the technology of the Internet makes it unlikely that any attempt to eliminate anonymous speech could succeed.

That said, the fact that there always will be anonymous online communication does not tell us whether it deserves subsidy.  Yesterday, I explained why the Internet is a new frontier.  Today, I challenge that Section 230 the Communications Decency Act of 1996 provides a subsidy to anonymous online speech, and ask whether that subsidy is sustainable in the closed frontier era of the Internet.

To be clear: I am in favor of anonymous online speech, and sometimes I’m also a user of it.  I disagree strongly with Eric Schmidt’s opinion of privacy and anonymity.  My goal this week is not to destroy anonymous online speech, but instead to figure out how to best preserve its value while curbing abuses, especially in light of the growing regulatory pressure that arises at the close of a frontier.

Offline Speech Combines Practical Anonymity with Legal Accountability

Offline, speech has never been absolute.  In the offline world, the right to speak comes also comes with the responsibility of the familiar speech torts.  If someone publishes false statements about you, you can sue them for libel.  If someone publishes “peeping tom” photos of you or other true-but-private information, you may sue them for invasion of privacy (and they may also be criminally prosecuted).  And so on.

What makes this legal regime possible is the fact that offline anonymity is imperfect: we leave traces of our identity in every interaction.  You may seem anonymous when you pay cash to buy a pack of gum at a grocery store, but the transaction is anonymous only so long as it is inconsequential; if you passed a counterfeit $100 bill, you would quickly discover that you could be tracked by your fingerprints, your DNA, and by your image on store cameras.  Conscious attempts to preserve anonymity offline are tolerated only so long as no laws are broken; and even then there are limits on social toleration of anonymity (compare wearing masks at a political rally with wearing masks at a bank).

In the offline world, the result is a reasonably well-balanced system: it is possible to speak anonymously for political or personal reasons, but the worst abuses are deterred.

The Online World Provides Near-Perfect Anonymity, Less Accountability

Online, things aren’t so simple.

Unlike in the offline world, anonymity is the default online, and near-perfect anonymity is easily achieved.  Unless you choose to identify yourself, there are very few clues to who you are when posting online.  And some of these clues (such as IP address logs) are intentionally swept away by websites; there is no requirement that websites store IP logs or any other pseudo-identifying information, and some sites advertise that they provide perfectly anonymous services.

Practically, if you are defamed online, you are at least several steps away from finding your attacker–at a minimum, it requires getting a lawyer, filing a lawsuit, and issuing a subpoena to the web host and another to an ISP (more on this tomorrow).  Neither is required to keep any records, and many choose not to.  The same is true if your privacy is violated by a peeping tom and the photos posted online, if your child is threatened, and so forth.  In all too many cases, the trail has gone cold before redress can be sought.  These aren’t cases of political protest or uprising; they are shocking cases where defamation liability is certain if the defendant can be found.

What’s even more peculiar is that online, the U.S. legal system allows site owners to continue profit from hosting content they know to be illegal, even after they have been notified of its illegality—and, in fact, even after a (rare) underlying libel lawsuit has been completed.

This surprising result occurs because of Section 230 of the Communications Decency Act.  Congress set out to regulate online indecency, but the majority of the Act was struck down on First Amendment grounds in 1997.  Section 230 survived.  It limits the liability of “interactive computer service providers” for “information provided by another information content provider,” with a statutory exception for intellectual property and child pornography.   This vague language has been widely interpreted as giving almost-complete immunity to blogs and forums for the actions of their users, no matter how vile that content may be.

This immunity for hosts is a sharp distinction from the offline world.   In the offline world, “hosts” are often held liable for content provided by others: book publishers are liable for illegal content provided by authors, newspapers can be liable for content provided by advertisers, and even swap meets can be liable for infringing content sold by vendors.

Against this default of host liability, CDA 230 was expressly designed as a subsidy to encourage growth of the fledgling Internet of 1996.  It was thought necessary to allow some level of frontier anarchy, some level of protection from the lawyers.  By subsidizing online speech, it was hoped that the Internet would blossom into the communications medium it has become.  In that light, CDA 230 was probably a good law for 1996.

But after nearly 15 years of CDA 230, many think that it has run its course.  The Internet has matured and no longer needs a special exemption from offline law.  Any law consistent with the First Amendment will preserve vibrant online discussion.  And, through nearly 15 years of experience, we’ve seen the good and the bad sides of CDA 230: sites like Volokh.com seek to inform and support positive discussions, but also CDA 230 has also empowered cesspools that profit from encouraging commenters to libel and defame outsiders.  These sites often advertise their consequence-free policies, and profit from the resulting tabloid attention they receive.

Why Does the Frontier Metaphor Matter?

I talked about the frontier yesterday because CDA Section 230 is fundamentally a law made for the open frontier.  It is a law that subsidizes the growth of the frontier and the experimentation with new models of communication, at the direct expense of enforcement of existing laws.  The problem for CDA 230 is that the frontier days are coming to an end: sex, drugs, and gambling have all been shut down, will CDA 230 be next?

Just like at the end of the Old West, online today there is a culture clash between the early and late arrivers.  Those who have been using the Internet for years like the current system (call it “it might be anarchy, but it’s our anarchy”).  The newcomers want the Internet to be more like the rest of society; safe, stable, and predictable.  The concept of self-defense online is foreign to them, and they wonder why law enforcement hasn’t done more to protect them.

People who didn’t grow up with the Internet will inevitably want to curb the abuses (which do undoubtedly exist, more on that tomorrow). Proposals by Internet outsiders to regulate online abuses have ranged from an “internet ID card” requirement (China and UAE), to calls to ban some forms of online  speech based on their “hate speech” content (United States), to a plan to license journalists and bloggers (Michigan), to rejiggering the Internet Protocol to end anonymity (United Nations), to an online aggregator tax (United States — call it a Stamp Tax for the Reddit Generation).

There’s plenty to dislike about all of the above proposals; it’s hard to come up with a less libertarian set of policy ideas.  But the increasing frequency of these proposals suggests there is a strong push for reform.

Perhaps the best way to preserve the core value of free speech is to limit the special subsidy given by CDA 230?  Thursday, I’ll present some ideas on how to protect the right to anonymous speech while addressing the abuses that CDA 230 has encouraged.

Tomorrow: Why Google changed everything, and why Section 230 matters so much

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.

TechCrunch reports on this subpoena issued to Twitter, seeking the identity of two twitterers that had apparently been critical of Corbett.

The striking thing is that this is a subpoena to provide evidence in a criminal investigation. If it had been a subpoena related to a civil libel lawsuit, then either Twitter or the anonymous poster could try to quash the subpoena, and then the court would have to decide whether the plaintiff had, at least, a legally sufficient libel case (i.e., the statements were factual allegations and not opinions, and there was some reason to think the factual allegations were false). If the plaintiff did have such a case, then the plaintiff would indeed be able to discover the identity of the defendant, so he could know whom to sue, and so he could get further factual information relevant to the case (such as what the defendant knew about whether the statements were true or false). That’s the emerging rule in many states (though there are important variations in detail). There are no Pennsylvania appellate cases on the subject, but I expect that Pennsylvania courts will follow this rule, as several Pennsylvania trial courts in fact have.

But this is a grand jury subpoena, so presumably the theory is that the subpoenas are relevant to some criminal investigation. My sense is that one should be able to quash such a subpoena as well, if there is no legally sufficient basis for the investigation, or for the conclusion that the information would be relevant to the investigation. Yet that requires us to know what is being investigated. It can’t be an investigation of libel, since Pennsylvania doesn’t have a criminal libel statute. In principle, since some tweets from the relevant twitterers might be read as accusing Corbett of criminal misconduct, the twitterers’ identities might be relevant so they could be asked for further evidence of such misconduct. But I have no reason to think that Corbett is indeed being so investigated.

So this looks like an interesting case; I hope Twitter does move to quash the subpoena, so we can get some better sense of whether the subpoena indeed has a legal basis. And if you have any further information you can share about the underlying investigation, please let me know. Thanks Steve Piercy for the pointer.

There’s been a lot of debate about anonymous comments. Some journalists are calling on newspapers to not allow anonymous comments, and I understand the sentiment — anonymity sometimes does encourage rudeness and worse.

At the same time, modern tort law and antidiscrimination law can potentially make it very dangerous for people to comment under their own names. Consider, for instance, this post from the New York Post:

A 2009 study concluded that 45% of employers were checking social-networking sites before deciding whether to hire someone. That’s shocking: only 45%? (A similar study the previous year reported that only 22% of employers were checking. Note the trend, and how quickly it’s moving.)

The news gets worse: of that 45% who bothered to check, 80% subsequently decided not to offer a job to someone based on info found on the sites. Facebook: the great job killer of the 21st century.

As an employer, you’re taking a chance when you hire someone. No one wants to hire a dud, but the stakes are larger than that. What if someone has a history of, say, posting rude sex jokes about women on his Facebook “wall” and turns out to be much the same around the coffee pot at work? No sex-harassment lawyer is going to fail to tell the jury that the company would have known it was making a hostile-workplace hire if only it had Googled Mr. Rufus T. Pervinator before putting him on the payroll.

Now it may well be that employers would have searched for prospective employees’ online statements, and would have refused to hire employees based on such statements, even without the pressure imposed by the law. My sense is that there would be some of that, but not as much. At the same time, there’s nothing like the risk of liability to make an employer avoid someone, especially when there are lots of other applicants for the same job. (Of course, when the applicant is head and shoulders above the rest, or is one of the few people qualified for the task, an employer might take a chance; but often that won’t be so.)

And the searches might well go beyond Facebook — and beyond “rude sex jokes.” What if you make political statements that some employer might see as sexist? Racist? Anti-Muslim? Racial and religious harassment claims are a litigation risk, just as sexual harassment claims are.

Nor is the danger just harassment law; negligent hiring law might cause problems as well.

Continue reading ‘Anonymous Comments and Modern Tort Law and Antidiscrimination Law’ »