Social Networking Sites: to Monitor Or Not to Monitor Users and Their Content?

Intellectual Property& Technology Law Journal

Edited by the Technology and Proprietary Rights Group of Weil, Gotshal & Manges LLP

VOLUME 19 • NUMBER 7 • JULY 2007

Social Networking Sites: To Monitor or Not to Monitor Users and Their Content?

By Roxanne E. Christ, Jeanne S. Berges, and Shannon C. Trevino

everal months ago, a federal district court in Texas constitutional right to free speech remains to be seen, Sdismissed claims brought against the popular social especially in light of a recent federal court ruling that networking Web site MySpace.com . In the case, a 14-year- the Child Online Protection Act violates the First old (Julie Doe) and her mother had sued MySpace for Amendment. negligence and gross negligence in failing to institute Julie Doe registered with MySpace when she was safety measures to protect minors after a 19-year-old 13 years old. MySpace requires that users be 14 years man whom Julie Doe met through the service alleg- of age or older, so Julie Doe evidently lied about her edly assaulted her sexually in a parking lot. In a strongly age in order to join. Pete Solis, a 19-year-old, contacted worded opinion, Judge Sparks noted that imposing Julie Doe through MySpace. She eventually gave Solis an affirmative duty on MySpace to protect minors her telephone number (by this point Julie Doe had from sexual predators lurking on the site would “stop reached the age of 14), and the two engaged in tele- MySpace’s business in its tracks” and that, “if anyone had phone conversations for several weeks. Eventually, Solis a duty to protect Julie Doe, it was her parents,” not the and Julie Doe arranged to meet in person, and Solis social networking site.1 allegedly committed the sexual assault when they met. The MySpace decision serves as an important Julie Doe’s mother contacted law enforcement officials reminder of the immunity afforded to Internet ser- and filed a crime report. Solis was arrested and indicted vice providers under the Communications Decency for sexual assault, a second degree felony. Act (CDA). 2 However, operators of social networking sites should be attuned to recent legislative initiatives Communications Decency Act that could scale back that immunity. If some mem- The CDA protects providers and users of “interactive bers of Congress and state legislators have their way, computer services”3 from being treated as publishers or site operators will be forced to implement measures speakers of content provided by third parties.4 Under that sound politically favorable but will not neces- the CDA, an internet service provider is generally sarily make minors safer. Whether these laws will be immune from liability for publishing defamatory and enacted and withstand challenges that they violate the other harmful material submitted by third party users. Neither of the parties in the MySpace lawsuit contested MySpace’s status as an “interactive computer service” or the individual users’ status as content providers. Roxanne E. Christ is a corporate partner, and Jeanne S. Berges The policies underlying the CDA include promoting and Shannon C. Treviño are associates in the Los Angeles office of Latham & Watkins LLP. They can be reached at [email protected] , free speech on the Internet and fostering the develop- [email protected] , and [email protected] , respectively. ment of the Internet and interactive media. 5 Congress also intended to encourage interactive service providers To be deemed an “innocent infringer” and mount a to monitor their own user communications for obscene successful defense to trademark infringement, a provider and offensive material without risking liability for the must establish that it did not actively engage in infringe- efficacy of their monitoring activities.6 Thus, from its ment itself and that it did not have specific knowledge inception, the CDA was intended to balance promoting of its users’ infringement.14 free speech while encouraging Internet service providers to restrict content in an effort to protect minors. Knowledge of Objectionable Material The CDA has its limits. It does not immunize pro- and Self-Regulation viders from claims for copyright or trademark infringe- In an earlier and oft-cited case, Zeran v. American ment. 7 It is not clear whether the CDA immunizes Online, Inc.,15 Kenneth Zeran received death threats providers against misappropriation of trade secrets or after a user posted on AOL a false ad for T-shirts con- rights of publicity, claims typically considered a mixture taining unsavory slogans related to the Oklahoma City of tort and intellectual property law. The ambiguity arises bombing. The ad instructed people to call Zeran’s home out of the CDA’s reference to “intellectual property number. This led to abusive phone calls, local radio infringement” without defining that term.8 station announcements encouraging listeners to call Zeran’s home number, and police surveillance of Zeran’s Social Networking Sites and the home to protect his safety. In his lawsuit, Zeran claimed Communications Decency Act that AOL had a duty to remove the defamatory posting Julie Doe argued that the CDA did not shield and effectively screen future defamatory material. 16 MySpace from her claims for negligence and gross The Zeran court reiterated the purposes of the CDA. negligence. She claimed that the legislation protects The court also noted that “both the negligent commu- Internet service providers only against content and nication of a defamatory statement and the failure to not conduct. Because she was suing MySpace for fail- remove such a statement when first communicated by ing to police its site and not for the content posted by another party … constitute publication.” 17 Subsequent Julie Doe’s alleged attacker, Julie Doe argued the CDA courts have applied the CDA to bar non-defamation should not apply. claims related to the publication of third-party content The MySpace lawsuit was not the first to be brought or the harms resulting from such publication.18 Zeran against an Internet intermediary that provided a forum laid the groundwork for the MySpace court’s refusal to for third-party users. Courts in the First, Fourth, hold MySpace liable for negligent failure to police its Ninth, and Tenth Circuits have each held Internet site for harmful third-party-provided content. intermediaries immune under the CDA from liability Courts in other cases have upheld the promotion for defamatory and other unlawful content published of free speech on the Internet over self-regulation of on their sites. expression. As the theory goes, if interactive service pro- Courts have also applied the CDA’s immunity to viders were constantly faced with the specter of liability, Internet service providers that failed to withdraw ob- there would be a chilling effect on the availability and jectionable content even when they had prior notice of proliferation of forums for speech on the Internet. 19 the content’s unlawful nature.9 The decision to publish, To address this concern, the CDA does not require withdraw, postpone, or alter content is considered a tra- interactive computer services to self-regulate but instead ditional editorial function of a publisher, the exercise of encourages it by immunizing providers from liability for which cannot be a basis for liability under the CDA.10 removing users’ materials and for claims based on the Thus, the CDA immunizes interactive computer ser- effectiveness of a provider’s self-regulation efforts. 20 vices from liability both for content published by others In Carafano v. Metrosplash.com, Inc., 21 the Ninth and for their own conduct as publishers. Circuit granted Matchmaker.com full immunity under It is important to reiterate that the CDA is not a the CDA after false personal ad listings resulted in the defense to copyright or trademark infringement. The delivery of sexually explicit phone calls, letters, and Digital Millennium Copyright Act 11 and the Lanham notes to the plaintiff. The plaintiff, an actress, sued Act’s innocent-infringer provisions12 can shield Internet for invasion of privacy, defamation, negligence, and service providers from liability for copyright and trade- misappropriation.22 The court’s holding centered on mark infringement, respectively, if they meet certain the fact that Matchmaker itself did not provide the requirements. To be eligible for the DMCA’s defense, essential published content, even though users gener- a provider must take actions to remove the infringing ated some of the content in response to a Matchmaker content upon receiving notice from rights owners.13 questionnaire.23

2 Intellectual Property & Technology Law Journal Volume 19 • Number 7 • July 2007 In the MySpace case, Julie Doe argued that MySpace operator’s registration and link system came nowhere had failed to protect minors and had “prompted” users close to meeting the standard for active inducement of to post photographs and personal information on their unlawful behavior.34 personal Web pages.24 As in Zeran and Carafano, how- Social networking sites should be able to rebut claims ever, the MySpace court considered such actions to be that they supply culpable assistance to third-party con- taken by MySpace’s operator in its capacity as a pub- tent providers as long as they avoid taking affirmative lisher and consequently immunized the operator from steps to foster harmful postings, such as by advertising liability under the CDA. their services as a forum for adults to meet minors or Recent decisions continue to immunize Internet for posting illegal child pornography. intermediaries from liability for content supplied by others and refuse to impose an affirmative obligation to The Claimed Duty to Protect: monitor and screen Web sites for objectionable content, State Law Claims for Negligence including even child pornography. or Gross Negligence The Eastern District of Texas decided Doe v. Bates25 The MySpace court dismissed the plaintiffs’ claims for approximately six weeks prior to the MySpace decision, negligence or gross negligence because in general there dismissing claims against Yahoo! Inc. for negligence, is no duty to protect another person from the criminal intentional infliction of emotional distress, invasion of acts of a third person. 35 One exception to the general privacy, and civil conspiracy. The individual defendant, rule is where a special relationship, such as that between Mark Bates, was the moderator of the “Candyman” employer-employee or parent-child, exists between the e-group in which thousands of participants shared and actor and third person.36 The court held that no such posted hard-core, illegal child pornography. 26 Sexually relationship existed between MySpace and Julie Doe. explicit photos of minor Johnny Doe were among the Accordingly, Judge Sparks refused to impose liability pornographic images posted to the e-group.27 for negligence. One of the key allegations lodged by the plaintiffs was that Yahoo! “breached its duty of reasonable care COPA Stopped Cold to Johnny Doe by permitting the Candyman web site Congress passed COPA in 1998 in an attempt to to serve as a platform for the uploading, download- address directly the constitutional flaws of the CDA ing and large-scale distribution of hard-core child (COPA is distinct from COPPA, the Child Online pornography through its servers without oversight Privacy Protection Act, which requires Web site opera- or intervention because it was profitable to do so.” 28 tors to obtain parental permission before collecting per- However, because Yahoo! played no role in the cre- sonal information from children under 13). On March ation or development of the images, it was immune 22, 2007, a federal court issued a permanent injunction from liability under the CDA, even if Yahoo! placed against COPA’s enforcement after ruling in ACLU advertising on the Web site or modified or enlarged v. Gonzales) Civ. No. 98-5591 (E.D. Pa. Mar. 22, 2007)) the photographs. 29 that the legislation violated the First Amendment. In the latest CDA case, Universal Communications Like the CDA, COPA did not survive judicial scruti- Systems v. Lycos, Inc., 30 the First Circuit followed suit by ny because although it served a compelling government applying immunity to Lycos for content posted by third interest, Congress did not narrowly tailor the law to its parties. Universal Communications Systems (UCS) sued purpose. COPA would have imposed criminal sanctions Lycos after numerous postings on a Lycos-operated on Web site operators for offering material considered message board disparaged the financial performance and “harmful to minors,” a term not only difficult to define integrity of UCS.31 but which also covered a broad range of material that UCS attempted to plead around the fact that third is valuable to adults. parties and not Lycos had provided the content by Moreover, the affirmative defenses to COPA— asserting that Lycos supplied “culpable assistance” to restricting minor access to harmful material through the service’s subscribers. 32 The music industry has relied (1) credit card, debit accounts, adult access codes, on the concept of “culpable assistance” in contributory and adult personal identification numbers, (2) ac- copyright infringement actions to allege that certain cepting a digital certificate that verifies age, or (3) software distributors foster piracy.33 The First Circuit any other reasonably feasible measure to verify refused to apply the concept to negate Lycos’ immunity. age—were inadequate to overcome the law’s consti- The court also noted that, even if providing “culpable tutional problems because they failed to screen out assistance” could bar CDA immunity, the Web site minors and were not the least restrictive alternative

Volume 19 • Number 7 • July 2007 Intellectual Property & Technology Law Journal 3 for pr otecting minors from sexually explicit material reason to know facilitates access to child pornography.39 on the Internet. The SAFETY Act would make it a federal offense The most striking aspects of the court’s decision for Internet content hosting providers to knowingly were the following conclusions: engage in conduct which the provider knows or has reason to know facilitates access to child pornography. It • Currently available filtering tools are 95 percent would also impose strict penalties on service providers effective in restricting minors access to sexually who fail, even negligently, to report child pornography explicit material and are less restrictive means for and require sites to place warning labels where sexu- protecting youth than COPA. ally explicit material can be found. Sites that do not select or alter content, which presumably includes so- • There is no evidence that age verification services cial networking sites, would be exempt from the label reliably establish or verify age. Moreover, age verifica- requirement. tion is cost prohibitive for many Web site operators, Like DOPA, the Social Networking Website can lead to a loss of users and will chill speech. Prohibition Act proposed in Illinois, 40 targets venues that typically provide minors with access to social net- These findings alleviate the pressure on social working sites and does not threaten to expose the own- networking site operators and others to attempt to ers or operators of such sites to increased liability. Other affirmatively monitor and restrict minors’ use of their states, such as Georgia and North Carolina, have intro- services through age verification. In a foreshadowing duced legislation aimed at site operators.41 These bills, if of what might be a permissible move for legislators, enacted, would require operators of social networking the court stated that the government may give incen- sites to obtain parental permission before a minor can tives or mandate that Internet service providers supply establish a user profile. Because the laws would in effect filtering tools. impose an age verification requirement on social networking sites and there is no way to actually verify age, The Legislative Landscape they are not likely to pass constitutional muster in light Ultimately, Congress or state legislators may act to of the court’s decision in ACLU v. Gonzales. impose a statutory duty of care on interactive service At the state level, several attorneys general have de- providers. Pending legislation will probably not affect manded that various social networking sites implement operators of social networking sites; however, the pro- more effective age verification procedures, mechanisms posed laws evidence growing support for measures to for screening out child pornography, and plans for de- increase the safety of minors who use the Internet. voting more resources to screening posted content. 42 The Deleting Online Predators Act (DOPA) was Connecticut Attorney General Richard Blumenthal originally introduced into the House of Representatives also recently spearheaded a coalition of 44 states urging in 2006 but died in the Senate. Representative Kirk several social networking sites to require age verification (R-Illinois) re-introduced the bill in the House on and parental consent before allowing minors to post February 16, 2007.37 Senator Ted Stevens (R-Alaska) also profiles. 43 Although these demands may not ultimately recently introduced the Protecting Children in the 21st achieve legal force given the reluctance of federal courts Century Act (S. 49) on January 4, 2007, which incorpo- to uphold age verification mandates, they do signify rates DOPA. DOPA would amend the Communications public support for increased protective measures. Act of 1934 to require schools and libraries receiving federal funding to restrict minors’ access to social Recommended Best Practices networking sites and chat rooms. Minors would still for Social Networking Sites be able to access such sites under adult supervision for Operators of social networking sites and other sites educational purposes. can, for the time being, take comfort that the CDA Additional federal legislation includes the Internet provides immunity from liability for content posted by Stopping Adults Facilitating the Exploitation of Today’s their users. Additionally, the age verification methods Youth Act (SAFETY) of 2007, introduced in the House currently available on the market are not sufficiently of Representatives on February 6, 2007.38 The SAFETY accurate and remain cost prohibitive, especially for Act would make it a federal offense for Internet con- sites offering free access to material. Nevertheless, the tent hosting providers (the definition of which likely cost and threat of litigation persists, and public sup- includes operators of social networking sites) to engage port for increased safety measures to protect minors knowingly in conduct that the provider knows or has is growing.

4 Intellectual Property & Technology Law Journal Volume 19 • Number 7 • July 2007

The federal judiciary has likewise agreed that protect- 17. Id. at 332. 18. Doe v. MySpace, Inc., No. A-06-CA-983-SS, at *8 (W.D. ing minors from exposure to sexually explicit material Tex. Feb. 13, 2007) (citing Ben Ezra, Weinstein & Co. v. on the Internet is a compelling governmental interest. American Online, Inc., 206 F.3d 980, 986 (10th Cir. 2000); What remains is for Congress and state legislatures to Zeran, 129 F.3d at 330; Doe v. Bates, 2006 WL 3813758, at *5 devise a narrowly tailored and least restrictive approach (E.D. Tex. Dec. 27, 2006); Beyond Sys., Inc. v. Keynetics, Inc., for protecting minor safety on the Internet. Interactive 422 F. Supp. 2d 523, 536 (D. Md. 2006); Barnes v. Yahoo!, computer services should consider taking two steps to Inc., No. Civ. 05-926-AA, 2005 WL 3005602, at *4 (D. Or. reduce the risk of litigation and to take the lead on in- Nov. 8, 2005). creasing the safety of minors who use their services: 19. Zeran, 129 F.3d at 331. 20. 47 U.S.C. § 230(c)(2)(A) states that “[n]o provider or user • Promote online safety. Sites should partner with on- of an interactive computer service shall be held liable on line safety groups, parents and educators to develop account of—(A) any action voluntarily taken in good faith to and distribute effective online safety educational tools. restrict access to or availability of material that the provider Sites should also work collaboratively to develop and or user considers to be obscene, lewd, lascivious, filthy, exces- implement better online safety tools. sively violent, harassing, or otherwise objectionable.” 21. Carafano v. Metrosplash.com, Inc., 339 F.3d 1119 (9th Cir. • Lobby state legislatures and Congress. Site operators 2003). should consider pushing legislators to devote greater 22. Id. at 1122. financial resources to law enforcement to hire more 23. Id. at 1124. investigators, increase the training of personnel, and 24. Verified Complaint at 3, Doe v. MySpace, Inc ., No. A-06- purchase technological tools to identify and apprehend CA-983-SS (W.D. Tex. Feb. 13, 2007).

individuals who are using the Internet to harm others. 25. Doe v. Bates, 2006 WL 3813758 (E.D. Tex. Dec. 27, 2006). 26. Id. at *5-6. 27. Id. at *6. Notes 28. Id. at *16. 1. Doe v. MySpace, Inc., No. A-06-CA-983-SS (W.D. Tex. Feb. 29. Id. at *17. 13, 2007). 30. Universal Communications Systems v. Lycos, Inc., 2007 U.S. 2. The Communications Decency Act of 1996, 47 U.S.C. App. LEXIS 3946 (1st. Cir. Feb. 23, 2007). § 230. In response to a series of court decisions striking 31. Id. at *5-6. down provisions of the CDA as unconstitutional on First 32. Id. at *19. Amendment grounds, Congress repealed most provisions of 33. See, e.g., MGM Studios, Inc. v. Grokster, Ltd., 545 U.S. 913, 919 the legislation, though § 230 still remains effective. (2005) (“one who distributes a device with the object of pro- 3. 47 U.S.C. § 230(f)(2). moting its use to infringe copyright, as shown by clear expres- 4. 47 U.S.C. § 230(c). sion or other affirmative steps taken to foster infringement, is 5. See Batzel v. Smith, 333 F.3d 1018, 1027 (9th Cir. 2003) liable for the resulting acts of infringement by third parties.”). (discussing the legislative history and intent of the CDA). 34. Id. at *21-22. 6. See id. (citing 47 U.S.C. § 230(b)(4) and 141 Cong. Rec. 35. Doe v. MySpace, Inc., No. A-06-CA-983-SS, at *10 (W.D. H8469-70 (statements of Reps. Cox, Wyden, and Barton). Tex. Feb. 13, 2007). 7. 47 U.S.C. § 230(e). 36. Id. 8. Id. 37. H.R. 1120, 110th Cong. (2007). 9. See, e.g., Zeran v. American Online, Inc., 129 F.3d 327, 332- 38. H.R. 837, 110th Cong. 333 (4th Cir. 1997); Universal Commun. Sys. v. Lycos, Inc., 39. H.R. 837, § 4(a). 2007 U.S. App. LEXIS 3946, at *17 (1st. Cir. Feb. 23, 2007). 40. S.B. 1682, 95th Gen. Assemb. (Ill. 2007). 10. Zeran, 129 F.3d at 330. 41. S.B. 59, 2007-2008 Gen. Assemb., Reg. Sess. (Ga. 2007); 11. 17 U.S.C. § 512(c). Protect Children from Sexual Predators Act, S.B. 132, 2007 12. 15 U.S.C. § 1114(2). Gen. Assemb., Reg. Sess. (N.C. 2007). 13. 17 U.S.C. § 512(c)(1)(A) and 17 U.S.C. § 512(c)(1)(C) 42. E.g., Letter dated May 22, 2006, from Greg Abbott, (DMCA safe harbor provisions requiring providers to remove Attorney General of Texas, to Christopher DeWolfe, access to infringing material upon receiving notice of such CEO of MySpace, Inc., John Hiller, CEO of Xanga. material or obtaining actual knowledge of infringement). com , Mark Zukerberg, CEO of TheFacebook, Inc., and 14. 15 U.S.C. § 1114(2). See also Hendrickson v. eBay , 165 F. Jonathan Abrams, CEO of Friendster, Inc., in Verified Supp. 2d 1082, 1095 (C.D. Cal. 2001). Complaint, Exhibit D, Doe v. MySpace, Inc., No. A- 15. Zeran v. American Online, Inc., 129 F. 3d 327 (4th Cir. 1997). 06-CA-983-SS (W.D. Tex. Feb. 13, 2007); “ AG Reilly 16. Id. at 330. Demands Changes to MySpace.com Website to Protect

Volume 19 • Number 7 • July 2007 Intellectual Property & Technology Law Journal 5 Teens from Online Predators, ” http://www.ago.state.ma.us to Christine Varney of Hogan & Hartson LLP, in Verified (Media Center, May 2, 2006); Letter dated Mar. 24, 2006, Complaint, Exhibit A, Doe v. MySpace, Inc., No. A-06- from Jim Petro, Attorney General of Ohio, to Chris CA-983-SS (W.D. Tex. Feb. 13, 2007). DeWolfe, CEO of MySpace, Inc., in Verified Complaint, 43. Lindsay Martell, “MySpace Age Verification Bill Proposed,” Exhibit B, Doe v. MySpace, Inc., No. A-06-CA-983-SS Mar. 8, 2007, http://news.yahoo.com/s/nf/20070308/ (W.D. Tex. Feb. 13, 2007); Letter dated Mar. 20, 2006, from tc_nf/50607. Richard Blumenthal, Attorney General of Connecticut,

Reprinted from Intellectual Property & Technology Law Journal July 2007, Volume 19, Number 7, pages 13-17, with permission from Aspen Publishers, Inc., Wolters Kluwer Law & Business, New York, NY, 1-800-638-8437, www.aspenpublishers.com