Daniel T Pascucci ->How Can Bart Simpson Ruin Your Company?
Cybersmearing: Internet Privacy vs. Accountability
© 2000-2001 Gray Cary Ware & Freidenrich LLP
Daniel Pascucci
Perhaps it has happened to you. You may be at risk of it right now. If your reputation is important to you or your business, its consequences can be particularly painful. It may even be happening to you right now without your knowledge. It is called "cybersmearing" and it exists in the gray area where Internet anonymity has outpaced the response time of the law and mainstream business.
The explosion of Internet use in a variety of applications over the past several years almost defies description. The Internet has served as a bridge between main street and Wall Street, allowing school teachers, homemakers, and retirees to conduct transactions and access market tools that a few years ago were reserved for brokers, fund managers, and investment bankers. The Internet has allowed businesses from virtually all industries to directly market and sell products and services to a world-wide audience. In one of its most unnoticed but profound applications, the Internet has served as the largest megaphone in history, allowing public watchdogs, political pundits, and citizen activists to shout their messages to millions with the click of a button.
Men's Room Wall Meets Wall Street
In this explosive growth of the Internet lies a threat that can reach businesses and individuals alike, but can be particularly harmful to publicly-traded companies. Recent months have seen a disturbing increase in instances of the Internet being used to victimize businesses through an abuse called cybersmearing.
Cybersmearing is the practice of using the Internet to broadly and rapidly disseminate defamatory and false statements about a chosen target. Targets can include both businesses and individuals. When the target is your business, the consequences can be particularly painful. Small startups may find a cybersmearing campaign interfering with efforts to raise private funds. Publicly-traded companies can instantly find themselves on the defensive, trying to rebut unfounded accusations made by anonymous accusers. Perhaps most threatening is the rising trend in cybersmear tactics to manipulate stock prices. Even the best efforts to inform investors of the strengths of a company can quickly be undone by the cloud of suspicion a cybersmear campaign can create overnight.
Founders of a startup company may work years to prepare for an IPO and then breathe a sigh of relief when their company is well received by the markets. However, their dreams of rising stock prices and millions in increasing market capitalization may be shattered by someone they have never heard of, cannot identify, and who has no market expertise or credentials whatsoever.
As daunting as it may sound, that is often the hallmark of a blindsiding cybersmear campaign. Just when a startup is positioned to realize its market potential, its name begins appearing on Internet-based bulletin boards. Postings relating to the startup may number in the thousands and can be blatantly defamatory - often with no factual basis whatsoever.
Regardless of the falsity of the accusations levied, they successfully create a cloud of suspicion surrounding the company. Investors without resources to conduct their own due diligence and with numerous startup offerings from which to choose may avoid the stock based on the cloud of suspicion. The stock begins to decline and the authors of the cybersmear postings, who often are shortsellers, cash in. If the company fights back with accurate responses, the responses often are distorted or are insufficient to eliminate the suspicion. If the company is silent, the postings utilize the silence as confirmation of the accusations.
How Can Bart Simpson Ruin Your Company?
The threat of cybersmear tactics is further complicated by the anonymity of the Internet. Often, individuals engaged in these tactics hide behind several layers of false identities. They commonly identify themselves only by character names borrowed from television shows like the Simpsons, movies like the James Bond series or even names based on political scandals. The struggling startup may encounter indefatigable downward pressure, created by an online identity known only as Bart Simpson. In addition to using a fictitious character name, the mudslinger uses a variety of means to evade efforts to locate him or her, including registering Internet service to a false name and leaving trails of false addresses. These "hit-and-hide" tactics are often nothing more than an elaborate effort to avoid accountability. Unfortunately, they often work, especially when the victimized company cannot persevere long enough to reveal its accuser.
The Federal Communications Decency Act: Immunity for ISP's or Unaccountability for Criminal Conduct
Federal law immunizing hosts of Internet bulletin boards from liability for the statements of users may complicate the problems or at least allow the provider to protect the anonymity of its mudslinging members. For example, in one recent case, an innocent individual was targeted by a particularly egregious cybersmear campaign in which anonymous Internet users posted advertisements in the individual's name. The advertisements offered shirts featuring offensive slogans related to the April 19, 1995 bombing of the Alfred P. Murrah Federal Building in Oklahoma City and directed interested parties to the name and phone number of the targeted individual. As a result of the prank, thousands of angry messages and death threats were directed at the targeted individual. He was criticized by local radio stations, and even needed police protection at his residence.
Unable to identify the anonymous sources of the false advertisements, this particular individual resorted to suing America Online for publishing and refusing to remove the defamatory material. AOL raised the broad immunity provisions of the Federal Communications Decency Act and the courts dismissed the suit against AOL, confirming that Internet providers such as AOL have broad immunity from liability for publishing such messages. (Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997).
The decision to dismiss AOL was based on language in the Federal Communications Decency Act that prevents treating a provider of an interactive computer service as the publisher or speaker of any information posted there. The court recognized the strong policies behind Congress's decision to provide such broad immunity to service providers. Congress acted with the goal of maintaining the robust nature of Internet communication and minimizing government interference. The Act was a response to the threat that Internet service providers faced with potential liability for each message posted might choose to restrict the number and types of messages posted.
However, the courts also have recognized that the policies supporting immunity for Internet service providers should not be stretched to provide immunity or even anonymity to parties who post defamatory statements. As the Zeran court observed, none of the Congressional policies require that "the original culpable party who posts defamatory messages would escape accountability." In fact, the Federal Communications Decency Act specifically announced a national policy to insure "vigorous enforcement of federal criminal laws to deter and punish trafficking in obscenity, stalking, and harassment by means of computer." As the court recognized, Congress acted to preserve direct enforcement against the culpable parties while immunizing the Internet services that provide their sounding board.
"Private But Accountable"
A new battleground is emerging which may force legislators to address the balance between accountability for culpable mudslingers and immunity for ISPs. Businesses facing cybersmear campaigns are learning the lesson taught by the Zeran case. Instead of suing the ISPs and running straight into the broad federal immunity provisions, most cybersmear plaintiffs are suing the unidentified individuals who post the messages, and issuing subpoenas to the ISPs to learn their real-world identities. As straightforward as this approach may appear, it often is met with resistance. ISPs, concerned with violating privacy rights of their members or exposing themselves to liability to their members, often refuse to turn over identity information regarding members.
The ensuing dispute between targeted companies and ISPs raises the question of whether the law does or should protect the anonymity of individuals who post defamatory messages on Internet bulletin boards.
Congress recognized the national policy of enforcing federal criminal laws in enacting the Federal Communications Decency Act. Because members of Internet bulletin boards often use their anonymity to manipulate stock prices without accountability, their anonymity has become a device to violate federal securities laws preventing stock manipulation. Anonymity can also be an unwitting accomplice in violation of numerous other federal and state laws concerning defamation, deceptive advertising, and unfair competition. Ultimately, it will prove impossible to meet the announced policy of ensuring vigorous enforcement of federal criminal laws so long as individuals can violate those laws under false names and preserve their anonymity.
At the same time, ISPs currently find themselves in a difficult position of either protecting the anonymity of their members and thereby facilitating the continued abuses, or disclosing confidential information and risking a lawsuit by the member. Often, the ISPs choose the safer route of fighting lawful subpoenas unless and until ordered to disclose information by a court. The Decency Act does not expressly immunize ISPs from liability for disclosing the identity of posting members. While a reasonable interpretation of provisions protecting ISPs from liability for efforts to restrict offensive materials would appear to provide the ISPs such protection, the protection is not express and, in the ISPs' final analysis, the privacy concerns often prevail.
The Decency Act can easily be revised to strike a balance between these competing interests. Adoption of a "private but accountable" standard can protect the ISPs while providing cybersmear victims a means of assuring accountability. The immunity to ISPs can be expanded to protect ISPs from any action based on compliance with a lawfully issued subpoena seeking information pertaining to members who post defamatory information. Such a provision can be drafted to provide a gatekeeper function for state and federal courts, who can evaluate evidence to determine whether there is a sufficient basis to issue the subpoena. The immunity of ISPs under the Decency Act also can be conditioned upon compliance with lawfully issued subpoenas, so that ISP's faced with a subpoena would have a simple decision-comply with the subpoena and secure broad immunity or ignore the subpoena and jeopardize that immunity.
These provisions and existing laws concerning subpoenas and consumer rights would serve all of the interests articulated by Congress and the courts in this area. The laws would create no chilling effect on ISPs providing the media for robust Internet communications. In fact, the expanded immunity would clarify the one area of uncertainty and provide bright line decisions for ISPs. At the same time, the "private but accountable" provisions would assure that companies and individuals targeted by cybersmear campaigns have a rapid and reliable means for identifying perpetrators of unlawful conduct on the Internet. To assure that this means provides accurate information, the Act could require ISPs to obtain and maintain identity and address information on members and to terminate, without liability, accounts where subpoenas of identification information reveal the account to be registered to a false identity or address.
By broadening the immunity provisions of the Federal Communications Decency Act and expressly providing for subpoena procedures, Congress can appropriately balance the interests of robust communications on the Internet, the privacy of law-abiding Internet users, and the accountability rights of victims of Internet fraud. The balance would assist in the battle against unlawful hit-and-hide tactics while allowing Internet users to remain private but accountable.
Daniel Pascucci is an attorney in our Litigation Group. He specializes in telecommunications litigation, Internet litigation, unfair competition and false advertising. Mr. Pascucci may be reached at (619) 699-3559 or dpascucci@graycary.com.
"Copyright 2000 Daily Journal Corp. Posted with Permission. This file cannot be downloaded from this page."
These materials have been prepared for educational and information purposes only. They are not legal advice or legal opinions on any specific matters. Transmission of the information is not intended to create, and receipt does not constitute, a lawyer-client relationship between FindLaw, the author(s), or the publisher (Law Firm, Bar Association or other legal publisher) and you. Internet subscribers and online readers should not act upon this information without seeking professional counsel. The opinions expressed in the articles found on Library are those of the author(s), or the publisher (Law Firm, Bar Association or other legal publisher) and not those of FindLaw. |
