On Oct. 29, 1969, an electronic transmission was sent via ARPANET, the government defense project which was the precursor to the modern-day Internet. Most consider this initial computer-to-computer communication the day the Internet was born. The first message sent? The word, “login.” Few, if any, could have predicted the profound impact the Internet would eventually have on our daily lives. This is no less true in the law; and while our legislators and courts have been playing catch-up from day one, certain key pieces of federal legislation have had a profound impact on the creation and evolution of our modern-day Internet. This excerpt will briefly discuss three, which every business with an online presence should consider:
1. The Computer Fraud and Abuse Act (CFAA)
2. Section 230 of the Communications Decency Act (CDA)
3. Section 512, or the “Safe Harbor” provisions, of the Copyright Act
Computer Fraud and Abuse Act (CFAA)
The CFAA creates federal civil and criminal causes of action against those who intentionally access a computer either without authorization or in excess of authorized use. For civil causes of action, unauthorized access must cause a “loss” of at least $5,000. “Loss” includes the costs associated with responding to the unauthorized access, assessing damage, restoring data lost as a result and the loss of revenue. While the fate of many small businesses does not depend on the performance of a Web site, one can imagine how some businesses may quickly encounter $5,000 or more in “losses” from unauthorized use. The cost of consultants, IT specialists and lost profits due to decreased production/sales are all recoverable under this statute; and an organization with a business model heavily reliant on the Internet may want to consider the CFAA’s applicability when responding to unauthorized use/users.
As for the CFAA’s criminal cause of action, courts still grapple with the breadth of the statute, disagreeing on the definition of “unauthorized use.” For example, when a Missouri teen committed suicide after having been bullied by her classmate’s mom via MySpace, prosecutors in California brought charges under the CFAA. They alleged the mother’s actions constituted unauthorized use because they violated MySpace’s terms of service. While the mother did create an entirely fictitious persona via MySpace, the California court declined to find she violated the CFAA, primarily because it believed defining “unauthorized use” to include fibbing about one’s self on a social networking site would make nearly all social networking site users technical violators. Still, the statute remains in effect and has been used where one’s use constitutes a less common or more egregious deviation. Indiana has a CFAA counterpart that defines as a Class A misdemeanor the knowing or intentional access of any part of a computer system or network without consent of its owner. Thus, where a business’ site is plagued by an unauthorized user, a call to the local, state or federal prosecutor’s office may likewise aid in protecting against future infringements to online security and/or productivity of your business.
Section 230 of the Communications Decency Act (CDA)
Section 230 of the CDA places Web site hosts outside the definition of “publisher” for purposes of defamation law. To maintain an action for libel (written defamation), one must show that the defamatory statement was published to at least one other party. The law, therefore, makes it impossible to prove defamation. At times, this immunity has created what many believe to be unjust results. Yet, it has been vital in encouraging and supporting the free flow of user-generated content over the Internet as Web site providers have incredibly limited exposure for the content of their user’s statements. This was no less evident than in a case decided by our own 7th U.S. Circuit Court of Appeals. A community activist group sued Craigslist when its users requested roommates based on illegal criteria under the Fair Housing Act (e.g., race, gender, etc.). The court revealed the power of Section 230, holding Craigslist was a mere messenger, and only the individual posters could be liable. For businesses with Web sites that allow users to post their own content, this law – in most instances – provides absolute immunity for defamatory statements made by such users. Accordingly, organizations need not worry whether their Web sites’ users’ libelous posts will engender liability for them.
The “Safe Harbor Provision” Section 512 of the Copyright Act
Finally, Section 512 of the Copyright Act, commonly referred to as the “Safe Harbor” provision, provides immunity for certain types of copyright infringement for Web sites that comply with the requirements of the Act. Qualification for protection requires, among other things, that a business adopt, implement and communicate a policy for terminating infringement on its Web site. This means employing what is referred to as a “notice and takedown” procedure whereby the site provides its users an avenue to notify the business when allegedly infringing material has been posted. Nowhere on the Internet is this law more prevalent than on YouTube. In fact, YouTube has gone above and beyond the typical eligibility requirements; often erring on the side of exclusion. This response is not unique, however, and many Internet lawyers/lobbyists believe a new balance must be struck between the copyright holder’s legitimate property interest and the societal benefits embodied by the free flow of information. Nevertheless, if your business permits the posting of user-generated material, it would behoove you to consider whether implementing the practices and procedures of Section 512 would be advisable to avoid exposure for copyright infringement.
The Internet is still an exceptional and rapidly changing place. These qualities make curtailing harmful uses/users even more difficult. Its ease of use, coupled with the fact there is no centralized control makes the task of creating legal constraints calculated to prevent misuse without hindering further development incredibly difficult. Given the foregoing, it looks as if Congress has done an admirable job, but it is up to you to make sure your sites are carefully managed, organized and monitored to avail your business the protections afforded by the statutes discussed above.
This article was written by Kyle R. Rudolph, an associate with Rudolph, Fine, Porter & Johnson, LLP (www.rfpj.com) in Evansville, Indiana. For additional information, you may contact Kyle at 812-422-9444 (email: firstname.lastname@example.org). His practice areas include environmental law, products liability and insurance defense. This article is intended solely as an information source and its contents should not be used as legal advice. Readers should not act upon the information presented without professional counsel.