sign in sign up
<<
Home , Trespass to chattels

CYBERTORTS AND LEGAL LAG: AN EMPIRICAL ANALYSIS†

♦ * MICHAEL L. RUSTAD & THOMAS H. KOENIG

INTRODUCTION Sixty-eight years ago, in 1936, a Duke University law student published an article summarizing the path of automobile liability law.1 He observed that in 1905 all of American automobile case law could be contained within a four-page law review article, but three decades later, a “comprehensive, detailed treatment [of automobile law] would call for an encyclopedia.”2 That law student was Richard M. Nixon,3 who would later become President of the United States. His conclusion was that courts were mechanically extending “horse and buggy law” to this new mode of transportation in most doctrinal areas.4 However, some judges were creatively crafting new doctrine in certain subfields of automobile accident law by “stretch[ing] the legal formulas at their command in order to reach desired results.”5 Nixon's observation that courts were developing new rights and remedies to adjust to an emerging technology applies equally well to the contemporary age of the Internet. Just as in Nixon’s day, the rise of a new technology requires courts to stretch traditional doctrines as well as to create updated to keep pace with new civil wrongs. In 1922, sociologist William Ogburn noted that the various institutions of American society do not change at the same rate, thereby creating a “cultural lag” when one element has not yet accommodated to developments in another.6 Ogburn observed that with any revolutionary

† The authors would like to thank Elise Hoffman for her assistance in compiling and analyzing the sample of 2002 Internet jurisdiction cases. Michael J. Bauer, an Internet Security expert, provided us with invaluable editorial assistance. Christine Chang, Molly Donohue, Patty Nagle, Karla Ota, Sandra Paulsson, Kristin Spriano, and Chryss J. Knowles also rendered useful editorial assistance. ♦ Thomas F. Lambert, Jr., Professor of Law & Co-Director of Intellectual Law Concentration, Suffolk University Law School, Boston, Massachusetts. * Professor and Acting Chair of Department of Sociology and Anthropology, Northeastern University, Boston, Massachusetts. 1 Richard M. Nixon, Changing Rules of Liability in Automobile Accident Litigation, 3 LAW & CONTEMP. PROBS. 476 (1936). 2 See id. at 476. 3 See id. 4 See id. 5 Id. at 485. 6 Professor Ogburn’s argument was that “the various parts of modern culture are not changing at the same rate, some parts are changing much more rapidly than others; and that since there is a correlation and interdependence of parts, a rapid change in one part of our culture requires readjustments through other changes in the various correlated parts of culture.” SOCIAL SCIENCE QUOTATIONS: WHO SAID WHAT, WHEN & WHERE 175 (David L. Sills & Robert K. Merton eds., 2000)

77 78 Southern California Interdisciplinary Law Journal [Vol. 13:1 technological invention, “grave maladjustments [were] certain to result.”7 In the case of automobile law, there was a lengthy “legal lag” between the widespread adoption of the new technology and the development of modern products liability.8 Rigid tort rules, forged in the “horse and buggy” era, required several decades to accommodate to the societal impact of the automobile.9 Similarly, the rapid assimilation of the Internet in today’s era creates maladjustments between technology and tort law. Recent technological advances in cyberspace that impact society rapidly outpace the courts’ ability to adjust. Automobile law took decades to develop, whereas a substantial body of cyberspace law has emerged at “Internet speed.” In less than a decade, the

[hereinafter SOCIAL SCIENCE QUOTATIONS] (reporting survey of American life commissioned by President Herbert Hoover and published during Franklin Roosevelt’s presidency). 7 Id. 8 The field of products liability took form in large part through a series of groundbreaking automobile liability cases. Judge Benjamin Cardozo, in MacPherson v. Buick Motor Co., 111 N.E. 1050 (1916), was the first judge to lay the foundation for the field of products liability when he creatively side-stepping the harsh doctrine of privity permitting a consumer to recover for injuries caused by a collapsed wheel on his Buick roadster. In his famous ruling, Judge Cardozo declared that “[i]f [the manufacturer] is negligent, where danger is to be foreseen, a liability will follow.” Id. at 1053. The citadel of privity finally collapsed in yet another automobile liability case forty-four years later. See Henningsen v. Bloomfield Motors, 161 A.2d 69, 99-100 (1960) (finding no contractual privity for breach of warranty in accident arising out of a malfunctioning automobile steering system). The first one hundred-million dollar award for punitive was in the Ford Pinto case of Grimshaw v. Ford Motor Co., 174 Cal. Rptr. 348, 348 (Cal. Ct. App. 1981) (remitting the $125 million punitive damages to $3.5 million). The jurisprudence of was in large part a judicial solution to the problem of reallocating the cost of accidents caused by defective automobiles. For example, the manufacturer’s duty to recall or retrofit defective products was directly impacted by automobile law. See RESTATEMENT (THIRD) OF TORTS § 11 (1998). Cf. Reed v. Ford Motor Co., 679 F. Supp. 873, 878-80 (S.D. Ind. 1988) (ruling that because the automobile was defective at the time of sale the fact of a recall is relevant to the remedy of punitive damages or tolling the ). See generally Barry A. Levanson & Daryl J. Lapp, Plaintiff’s Burden of Proving Enhanced Injury in Crashworthiness Cases: A Clash Worthy of Analysis, 38 DEPAUL L. REV. 55 (1988). 9 One unobtrusive measure of the lasting impact of automobile law is the number of topics covered in Prosser’s treatise on tort law. The index for the Fifth Edition lists the following tort doctrines influenced by automobile law: liability for unavoidable accidents, assured clear distance rule, gratuitous liability of bailors, for bailors, compensation systems, compulsory liability insurance, statutes, liability of gratuitous donors, incapacitated drivers, entrusting to unsuitable driver, family immunity, family purpose doctrine, for guests (passengers), statutes, imputed contributory (bailments, consent statutes, driver and passengers, husband and wife, joint enterprise, parent and child), joint enterprise, impact of liability insurance, no-fault plans, vicarious liability of owners, deficiencies of the law (attorneys, delay, fees, inadequate insurance coverage, liability only for fault, litigation, and uninsured defendants), remedies for deficiencies of law (Columbia plan, compulsory insurance, financial responsibility laws, full aid insurance, Keeton- O’Connell plan, no-fault plans, Saskatchewan plan, security responsibility laws, unsatisfied judgment funds, voluntary schemes), and injury by thief of unlocked car. W. PAGE KEETON, PROSSER AND KEETON ON THE LAW OF TORTS 1264-65 (5th ed. 1984).

2003] Cybertorts and Legal Lag 79 courts have forged new rules for e-commerce patents,10 e-commerce law,11 trademark and domain name conflicts, online ,12 jurisdiction in cyberspace, and web site liability for .13 Online shopping, gambling, music-sharing, exchanging photographs, and locating lost high school classmates are just a few of the everyday activities that have the potential for creating groundbreaking litigation. “Internet user groups, bulletin boards, and web sites have constructed a new arena wherein political and social norms are proposed, debated, and determined.”14 The globally-networked world has created new civil wrongs such as cyberpiracy,15 online gambling,16 pop-up advertising,17

10 No single development has spurred the growth of Internet-related patents more than State Street Bank & Trust Co. v. Signature Financial Group, Inc., 149 F.3d 1368, 1373 (Fed. Cir. 1998) (holding that a business method based upon mathematical algorithms was patentable). The Federal Circuit’s validation of computer-related patents for doing business has had a profound impact on the Internet economy. In the immediate aftermath of the July 1998 decision, there was a 45% increase in the number of computer-related patents issued during the patent office’s fiscal year ending on September 30, 1998. John T. Aquino, Patently Permissive: USPTO Filings Up After Ruling Expands Protection for Business and Net Software, A.B.A. J., May 1999, at 30. Since State Street Bank, the filing of so-called Internet business method patents has skyrocketed. MICHAEL L. RUSTAD & CYRUS DAFTARY, E- BUSINESS LEGAL HANDBOOK § 4.05[F] at 4-187 (2003). 11 The growth of e-commerce involves updating and adapting principles to the Internet. Many states have enacted statutes governing the use of digital signatures, the e-filing of documents, online licensing, and other e-commerce related legislation. See, e.g., CONN. GEN. STAT. § 19a-25a (1997) (adopting electronic signatures for medical records). 12 See, e.g., A & M Records, Inc. v. Napster, Inc., 239 F.3d 1004, 1014 (9th Cir. 2001) (ruling that Napster’s enabling subscribers to download music from the Internet violates copyright holder's exclusive publication right). 13 Online chats may seem relaxed, but a conversation in a chat room, newsgroup, or web site may become the basis of a defamation lawsuit. A company may be liable for defamation for repeating false rumors about individuals or entities. Messages on the Internet may be retransmitted and posted to newsgroups by anonymous individuals, leading to costly lawsuits. 14 Julie Mertus, From Legal Transplants to Transformative Justice: Human Rights and the Promise of Transnational Civil Society, 14 AM. U. INT’L L. REV. 1335, 1349 (1999). 15 See Panavision Int’l. v. Toeppen, 938 F. Supp. 616, 622 (C.D. Cal. 1996) (holding that attempting to sell a domain name containing a corporation’s famous trademark was sufficient for personal jurisdiction in a trademark infringement lawsuit). 16 In Rio Props, Inc. v. Rio Int'l Interlink, 284 F.3d 1007 (9th Cir. 2002), the plaintiff-casino operator sued the defendant, a foreign Internet gambling business, claiming that the defendant infringed the plaintiff’s trademark. The plaintiff served the gambling business by regular mail to its attorney and its international courier, and by email to its Internet address. The gambling business contended that service was insufficient and that personal jurisdiction was lacking. The Ninth Circuit held that service of process by e-mail was adequate since the defendant evaded conventional methods of communications. 17 See E-Commerce Legislative Update, 19 E-COMMERCE LAW & STRATEGY 10 (Dec. 2002) (citing Six Continents Hotels Inc. v. Gator Corp., No. 1:02cv3065 (N.D. Ga. 2002) complaint filed Nov. 12, 2002, reporting action brought against Internet advertiser for popup ads).

80 Southern California Interdisciplinary Law Journal [Vol. 13:1 cybersquatting,18 spamming,19 tarnishment through linking,20 cybersmearing,21 and dot.org hate web sites22 for which effective legal remedies are only beginning to evolve. This Article presents the first empirical study designed to discover the degree to which courts are innovatively applying traditional tort law principles in order to adequately address this “legal lag." Part I develops the first comprehensive statistical portrait of a decade of cybertort cases decided in both state and federal courts between 1992 and 2002. Our empirical investigation finds that during this first wave of Internet litigation, most torts have been stillborn. Intentional torts have been the first to be adapted to cyberspace law. Part II situates the statistical data in the larger legal landscape by sketching out a typology of cybertort cases. We conclude that tort law continues to lag behind the technological dilemmas created by an increasingly networked society.

I. AN EMPIRICAL STUDY OF CYBERTORTS: 1992-2002 Have you forgotten the other side of rotten Picking electronic cotton, Digging digital ditches Look out, Look out for the Crash . . . Crash . . . Crash!23 The Internet is a revolutionary medium that permits the development of new forms of business and social interaction "as diverse as human thought."24 In the past decade, the Internet has grown from an infant technology to occupy a central place in the American economy. The seamy side of the Internet is that this exciting new forum for informal communication and commercial interchange is also an instrumentality for many new civil wrongs. Misappropriated data packets do not report to

18 The Anticybersquatting Consumer Protection Act, 15 U.S.C. § 1125(d) (1999), was intended to prevent "cybersquatting," which refers to the bad faith, abusive registration, and use of the distinctive trademarks of others as Internet domain names, with the intent to profit from the goodwill associated with those trademarks. 19 In Cyber Promotions, Inc. v. America Online, Inc., 948 F. Supp. 436, 447 (E.D. Pa. 1996), the court ruled that a private company did not have a First Amendment right to send massive amounts of unsolicited, commercial e-mail to Internet subscribers. 20 See Archdiocese of St. Louis v. Internet Entertainment Group, Inc., 34 F. Supp. 2d 1145, 1145 (E.D. Mo. 1999) (enjoining adult entertainment site from using plaintiffs’ trademarks as its Internet domain name). 21 See Roger M. Rosen & Charles B. Rosenberg, Suing Anonymous Defendants for Internet Defamation, 19 THE COMPUTER & INTERNET LAWYER 9 (2002) (defining cybersmearing as anonymous or pseudo-anonymous defamation on the Internet). See also Thomas G. Ciarlone, Cybersmear May Be Coming to a Web Site Near You, 70 DEF. COUNS. J. 51 (Jan. 3, 2003) (reviewing the law of online defamation). 22 See generally Sally Greenberg, Threats, Harassment, & Hate On-Line: Recent Developments, 6 B.U. PUB. INT. L.J. 673 (1997). 23 Public Enemy, Crash, on There’ s a Poison Goin’ On (Atomic Pop 1999). 24 Reno v. ACLU, 521 U.S. 844, 852 (1997).

2003] Cybertorts and Legal Lag 81 customs when they cross national borders on the virtual highway; routers do not pause to consider whether non-disclosure agreements are being breached. The Internet provides a venue for new types of sexual harassment and for vicious hate crimes. This empirical study of cybertorts demonstrates Ogburn’s thesis of cultural lag applies equally well to the Internet.

A. BIRTH OF INTERNET LITIGATION The Internet, which began as the U.S. Defense Department’s ARPANET, was designed to link computer networks to various radio and satellite networks.25 The first judicial opinion to mention the Internet was United States v. Morris.26 The defendant in Morris was a graduate student who had released an Internet worm that paralyzed thousands of university and military computers throughout the United States.27 In the same year, Robert Riggs was prosecuted for gaining unauthorized access to a Bell South computer and misappropriating proprietary information about the telephone company’s 911 system. He subsequently published this confidential data in a hacker newsletter.28 It was not until 1994 that any plaintiff prevailed in an Internet tort case. In a controversial decision, an anthropologist was denied tenure at the University of West Australia in Rindos v. Hardwick.29 A rival anthropologist, Hardwick, posted a statement supporting the university’s decision and accusing Rindos of sexual deviance and of research detrimental to the aboriginal people of Australia.30 Although an Australian court assessed this first damages award in an Internet tort case, the vast majority of subsequent cybertorts have been litigated in America. During the past decade, American tort law is beginning to evolve to address online injuries such as Internet defamation, e-mail stalking, spamming, and trespassing on web sites. This article will empirically examine and evaluate the first decade of cybertort cases decided in state and federal courts in order to explore how courts are reshaping tort law. This study explores the type of relief granted, party characteristics, size of awards, role of jury, post-verdict history, location of awards, and post-verdict disposition in cybertort litigation. A close analysis of the first decade of American Internet tort cases will

25 See Michael Hauben, History of ARPANET, available at http://www.dei.isep.ipp.pt/docs/arpa.html (last visited Nov. 2, 2003). 26 928 F.2d 504 (2d Cir. 1991) (upholding defendant’s conviction under the Computer and Abuse Act, 18 U.S.C. § 1030 (1984)). 27 See id. at 505. 28 See U.S. v. Riggs, 743 F. Supp. 556, 558, 562 (N.D. Ill. 1990) (upholding the hacker’s wire fraud indictment). 29 940164 (Sup. Ct. W. Austl. March 31, 1994) available at http://www.law.auckland.ac.nz/research/cases/Rindos.html (last visited Nov. 2, 2003) (unreported judgment) (on file with authors). 30 Id.

82 Southern California Interdisciplinary Law Journal [Vol. 13:1 provide academics, policymakers, and jurists with the first available empirical examination of Internet law-in-action.

B. SAMPLE SELECTION Our nationwide database of Internet-related litigation allows the first systematic audit of the emergent role of tort law. The research universe consists of all cybertort cases decided in state and federal courts during the decade of rapid expansion of the Internet following the development of the World Wide Web.31 No previous study has attempted to trace the path of Internet tort law in its formative stage. The Internet law cases were drawn from a variety of published and unpublished court opinions and orders in the decade from 1992-2002. For each plaintiff's victory, background information and data were compiled on the factual foundation that led to the litigation as well as the nature of the injury. The empirical investigation includes all cases in which a state or federal court entered an order for either equitable or legal remedies in an Internet-related case. Caseload characteristics, such as the year the case was decided, the state or jurisdiction, federal or state court, role of the judge or jury, plaintiff type, defendant characteristics, the factual setting for the dispute as well as other variables were collected. In prior empirical studies of tort cases in traditional fields such as products liability32 and medical ,33 researchers have examined the number, size, and post-trial adjustments of verdicts.34 However, the unique nature of cyberspace litigation calls for a more comprehensive methodology. Cases in which the plaintiffs received only prospective relief, such as temporary or permanent injunctions, are included in this sample along with verdicts. An analysis consisting exclusively of monetary awards would provide a myopic view of cybertort remedies. Prospective relief in the form of a preliminary injunction is far more important in the bytes world than in the bricks and mortar world. While injunctions are typically reserved for land-use and business tort cases in “real-space” torts, injunctive or other equitable relief is frequently

31 See Ben Segal, A Short History of Internet Protocols at CERN (Apr. 1995) at http://wwwinfo.cern.ch/pdp/ns/ben/TCPHIST.html (last visited Sept. 7, 2003). Berners-Lee’s invention of the World Wide Web in 1989 transformed the Internet from a research tool to an information technology, which is central to the American economy and to popular culture. 32 See Michael L. Rustad, In Defense of Punitive Damages in Products Liability: Testing Tort Anecdotes with Empirical Data, 78 IOWA L. REV. 1, 32-36 (1992) [hereinafter In Defense of Punitive Damages in Products Liability]. See also Thomas H. Koenig & Michael L. Rustad, His and Her Tort Reform: Gender Injustice in Disguise, 70 WASH. L. REV. 1 (1995) [hereinafter Gender Injustice]. 33 See Michael L. Rustad & Thomas H. Koenig, Reconceptualizing Punitive Damages in Medical Malpractice: Targeting Amoral Corporations, Not “Moral Monsters”, 47 RUTGERS L. REV. 975, 993- 94 (1995) [hereinafter Reconceptualizing Punitive Damages in Medical Malpractice]. 34 See generally Michael L. Rustad, Unraveling Punitive Damages: Current Data and Further Inquiry, WIS. L. REV. 15 (1998) (summarizing existing empirical research on the remedy of punitive damages) [hereinafter Unraveling Punitive Damages].

2003] Cybertorts and Legal Lag 83 the remedy of choice in cybertort cases.35 The goal of many corporate plaintiffs in Internet cases is to freeze the status quo rather than to obtain monetary damages. The first plaintiff’s victory in a United States cybertort case illustrates the importance of prospective relief in Internet litigation. In Concentric Networks v. Cyber Promotions, Inc.,36 the court enjoined a commercial e-mailer from transmitting millions of e-mail messages to an Internet Service Provider’s (“ISP”) customers. The goal of the ISP was to halt the flood of spam e-mail rather than to collect monetary damages. This unique feature of cybertorts requires a close analysis of the role of equitable remedies, not just money damages.

C. CODING THE CASES The selection of the cases used in this study required a careful analysis of the underlying factual circumstances to determine which were truly cybertort causes of action. The term “Internet” appeared in 1,559 state and federal opinions issued in 2002, but only a small percentage of these cases are included in our sample because the role of the Internet was only tangentially related to the litigation.37 For example, a case in which two swindlers coordinated their non-Internet-related misdeed through e-mail messages was excluded in this sample because the gravamen of this action was not centered on the Internet.38 However, if the nefarious plot had involved recruiting victims through misleading spam e-mails, the resulting case would have been classified as Internet-related. This cybertort study excluded Internet-related small claims actions because there is no reliable reporting service.39 Since no international, federal or state agency systematically collects data on Internet-related cases, all available published and unpublished data sources were searched. The following sources were exhaustively examined: (1) trial verdict reporters,40 (2) LEXIS & Westlaw’s federal and

35 See, e.g., Internet America v. Massey, No. 96-10955C (Dallas County Dist. Ct. (Tex.) Oct. 14, 1996) (entering temporary restraining order against defendant for online harassment and defamatory postings) (on file with authors). 36 See Concentric Networks v. Cyber Promotions Inc., No C-96 20829 (N.D. Cal. Nov. 4, 1996) (entering into a settlement after injunction was issued prohibited commercial e-mailer from using or disrupting ISP’s service) (on file with authors). 37 For example, in Kootenai Tribe of Idaho v. Veneman, 313 F. 3d 1094 (9th Cir. 2002), the court reviewed the United States Forest Service’s “Roadless Area Conservation Rule.” The court’s reference to the Forest Service’s posting of the rule on its web site is not sufficient to qualify the case for our cyberspace litigation study. 38 Black’s Law Dictionary defines the gravamen as “the substantial point or essence of a claim, grievance, or complaint.” BLACK’S LAW DICTIONARY 708 (7th ed. 1999). 39 In the state of Washington, for example, there are newspaper reports of small claims courts ordering commercial e-mailers to compensate consumers. However, the complete absence of written opinions or other records makes it impossible to determine what role these informal tribunals play in the overall Internet litigation landscape. 40 LEXIS’ Combined Jury Verdicts and Settlements database reports verdicts from Alaska, Alabama, Arizona, Arkansas, California, Connecticut, District of Columbia, Florida, Georgia, Idaho, Indiana, Kentucky, Louisiana, Maine, Maryland, Massachusetts, New Jersey, New York, Ohio, Oregon, Pennsylvania, Rhode Island, Tennessee, Texas, Utah, and Vermont. Most state verdict reporters cover

84 Southern California Interdisciplinary Law Journal [Vol. 13:1 state databases and news services,41 (3) cyberspace research libraries of law firms,42 (4) national, regional, and local verdict reporters,43 (5) reports of domain name disputes,44 (6) individual cyberspace cases reported on law firm web sites,45 (7) law school research centers,46 (8) American Law Reports (“ALR”) annotations,47 (9) all Internet-related Mealey publications,48 (10) e-commerce law secondary sources,49 (11) Internet the entire period of our study, 1992-2002. In addition, we examined the National Jury Verdict Review & Analysis and the Combined Jury Verdicts and Settlements databases. 41 We examined all decisions in federal district courts, federal appellate courts, and state appellate courts as reported in Westlaw and LEXIS. 42 The Seattle law firm, Perkins, Coie, publishes The Internet Case Digest, which is an online Internet reporting service that “includes both filed and decided cases to capture the most recent developments as well as new judicial precedents.” Perkins, Coie, Internet Case Digest, at http://www.perkinscoie.com/casedigest/default.cfm (last visited Nov. 2, 2003). We also searched the 400-plus Internet Law cases published in the Phillips Nizer Internet Library. See also Phillips, Nizer, Benjamin, Krim, and Ballon, Internet Law Library, available at http://www.phillipsnizer.com/Internetlib.htm (last visited Nov. 2, 2003). The law firm of Finnegan, Henderson, Farabow, Garrett & Dunner compiles comprehensive index summaries of Internet-related trademark cases classified by injury types such as infringement, tarnishment, or metatags. Finnegan, Henderson, Farabow, Garrett & Dunner, Trademark Case Summaries, at http://www.finnegan.com/publications/index.cfm?info=trademark (last visited Nov. 2, 2003). 43 We reviewed Westlaw’s Combined Jury Verdicts and Settlements database: (1) Association of Trial Lawyers of America (ATLA), (2) California Jury Verdicts and Judgments, (3) Florida Jury Verdict Reporter, and (4) Jury Verdict and Settlement Summaries. 44 We searched for Internet domain name decisions in which courts ordered equitable or legal relief. The study did not include cases submitted to the Uniform Dispute Resolution Procedures (UDRP) developed by World Intellectual Property Organization (WIPO). Since the end of 1999, most domain name disputes have been decided by one- or three-person ADR panels rather than by the federal courts. As part of the process of registering a domain name, the registrant agrees to submit complaints filed by third parties to alternative dispute resolution panels. These proceedings are quick, inexpensive, and adjudicate domain name disputes between litigants in different countries. Panels have the limited power of ordering the transfer or cancellation of domain names and cannot award damages, attorney’s fees, or costs. Unlike court cases, UDRP decisions are informal, non-appealable, and not informed by the doctrine of stare decisis. Litigants prefer UDRP decisions because of the speed, low cost, and desire to obtain control over domain names promptly. Our sample of domain name cases is limited to those filed in federal court under the Federal Dilution Act of 1995 and the Anti-Cybersquatting Act of 1998. 45 Searches on Google were conducted to locate unreported decisions in law firm web sites. Law firms frequently report individual “victories” in their web site marketing materials. 46 The UCLA Online Institute for Cyberspace Law and Policy compiles the leading Internet law cases by year at http://www.gseis.ucla.edu/iclp/hp.html (last visited Sept. 15, 2003). Another source of information was the Berkman Center for Internet & Society at Harvard University Law School at http://cyber.law.harvard.edu/ (last visited Sept. 15, 2003). 47 An online database of all Internet-related annotations in American Law Reports (ALR) was extensively searched. 48 The content analysis of reported cases focused on CYBER TECH & E-COMMERCE: MEALEY’S LITIGATION REPORT; EMERGING INSURANCE DISPUTES: MEALEY’S LITIGATION REPORT; INTELLECTUAL PROPERTY: MEALEY’S LITIGATION REPORT; LITIGATION: MEALEY’S COMBINED REPORTS; PATENTS: MEALEY’S LITIGATION REPORT; TRADEMARKS: MEALEY’S LITIGATION REPORT. 49 Searches were completed of the literature on commercial law, computer law, and the law of e- commerce. We conducted searches within Matthew Bender’s UCC REPORTER AND DIGEST as well as the following Matthew Bender treatises: E-COMMERCE AND COMMUNICATIONS: TRANSACTIONS IN DIGITAL INFORMATION, NIMMER ON COPYRIGHT, GILSON ON TRADEMARK PROTECTION & PRACTICE, INTELLECTUAL PROPERTY COUNSELING AND LITIGATION, COMPUTER , COMPUTER LAW, AND LAW ON THE INTERNET.

2003] Cybertorts and Legal Lag 85 treatises,50 (12) legal news services,51 (13) Securities & Exchange Commission filings,52 and (14) general news53 and information services.54 These diverse sources contain the vast majority of cybertort cases in which plaintiffs obtained some legal or equitable remedy between the years 1992 and 2002.55

D. EMPIRICAL FINDINGS: EXISTING TORT REMEDIES DO NOT ADEQUATELY ADDRESS CYBERWRONGS “There is in our social organizations an institutional inertia, and in our social philosophies a tradition of rigidity.”56 Civil law has yet to catch up to the technological challenge presented by the Internet. Cybertort cases, in general, are a thimbleful of lawsuits in an ocean-full of online disputes. Hardly a day goes by without new media reports of cyberspace wrongs, yet plaintiff victories remain rare.57 The

50 All of the cases referenced in Michael L. Rustad & Cyrus Daftary’s E-Business Legal Handbook: 2003 edition and earlier editions were included in the research universe. Cases found in other Internet-related treatises searched were Millstein’s Doing Business on the Internet, Connolly’s Law of Internet Security & Privacy, and Ballon’s E-Commerce & Internet Law. 51 The principal source here was the LEXIS library of legal news, newsletters, and publications. However, we also looked at Westlaw’s General News and Combined News databases. Westlaw includes all Dow Jones magazines, newspapers, wires, and other magazine databases. Both services have extensive libraries of newswires and news services providing additional information on case developments. 52 Corporate recordings in the Securities & Exchange Commission (SEC) were also reviewed. Corporate annual reports to shareholders were examined on LEXIS’ FEDSEC database as well as the SEC EDGAR databases. Companies are required to disclose pending or settlement cases that may affect stock prices. WESTLAW and LEXIS publish SEC filings in which companies disclose lawsuits. 53 Newspapers and popular magazines on many LEXIS and WESTLAW databases were analyzed. 54 We systematically searched the extensive collection of computer law and cyberlaw publications on LEXIS and Westlaw. Sources include: all Andrew Publications Newsletters on Internet-related topics, Computer Law newsletters, Leader Publications newsletters, and the published outlines of the Practicing Law Institute & ALI/ABA. 55 Pretrial settlements short of a preliminary injunction, temporary injunction, or other equitable relief were not included in the statistical analysis, although qualitative information about the cyberspace litigation process was obtained by a close reading of American common law cases. Internet cases were classified as torts if the plaintiff prevailed on any tort cause of action, even if another branch of substantive law was present in the case. 56 Global Telecommunications Watch Column, Telecommunication Policy and Cultural Lag, HONG KONG ECONOMIC JOURNAL (Aug. 1992), available at http://excellent.com.utk.edu/~bates/hkej7.htm (last visited Sept. 30, 2003) (noting that “[i]n 1922, William F. Ogburn coined the phrase ‘cultural lag’ to describe what happens when related parts of a culture react to some change to strikingly different degrees, or with different speeds”). 57 See, e.g., Alexandra Frean, Mail-order Degree Scam Closed Down, THE AUSTRALIAN, Mar. 12, 2003, at 19 (“[shutting] down a series of web sites selling invalid degrees from bogus universities which used an address in Palmers Green, North London, to give their operation a cloak of respectability and defrauded hundreds of thousands of mostly American customers); E. Scott Reckard, AOL, Cendant Dismissed From Homestore Suit, L.A. TIMES, Mar. 11, 2003, at 2 (reporting billions of dollars lost by investors in Internet fraud case); Business Editors, MPEG LA Resolves Apex Lawsuit, BUSINESS WIRE, Mar. 10, 2003, at 1 (reporting settlement of licensing dispute over royalties for Internet technology). See also Scott Carlson, North Dakota Professor Sues Former Student and a Web site Over Allegations in an Article, THE CHRONICLE OF HIGHER EDUCATION, Jan. 19, 2001, at A33; Margaret Cronin Fisk, Net Libel Verdict is Upheld, NAT’L L.J., Dec. 25, 2000, at A19; Carl Kaplan, Virginia Court’s Decision

86 Southern California Interdisciplinary Law Journal [Vol. 13:1 paucity of Internet-related torts reformulates Ogburn’s thesis of cultural lag to account for the dislocation caused by “legal lag.”58 This article focuses on the potential reasons why cybertorts have not yet developed to counter the growing number of civil wrongs in cyberspace. 1. The Big Picture: Cybertort Litigation

Table One Successful Cybertort Cases Over Time

N=114 30

20

10 t

oun 0 C 1996 1997 1998 1999 2000 2001 2002

Equitable or Legal Remedy

Cyberspace litigation, on the whole, has taken only its first wobbly steps and is not yet a significant segment of the overall legal landscape. Our exhaustive search of all available sources uncovered just 114 cybertort cases in which a plaintiff obtained a legal or equitable remedy nationwide between 1992 and 2002.59 The number of plaintiff victories is increasing annually but from a miniscule base. Sixty-two percent of these Internet- related tort cases were decided post-1999. The apex of the Internet tort cases occurred in 2002 with twenty-eight cases in which the plaintiff prevailed nationwide. Torts in cyberspace may be thought of as a giant inverse pyramid with an almost endless number of cyberwrongs at the base as compared to only 114 cybertort plaintiff victories at the pyramid’s tip.

in Online ‘John Doe’ Case Hailed by Free-Speech Advocates, N.Y. TIMES, Mar. 16, 2001, available at http://www.nytimes.com/2001/03/16/technology/16CYBERLAW.html?ex=1067922000&en=099dfef25 8540e14&ei=5070 (last visited Nov. 2, 2003). 58 SOCIAL SCIENCE QUOTATIONS, supra note 6 at 175. 59 A case was included in the cybertort database only if a court ordered either monetary or equitable relief at any stage of the proceedings.

2003] Cybertorts and Legal Lag 87

2. Cybertorts Are Largely Still-Born Internet torts are dramatically different from the bricks and mortar world of traditional civil litigation in which family law and personal injury tort cases predominate.60 In 1992 alone, the overall number of real-space tort cases was reliably estimated to be “more than 800,000 tort suits…in the state courts of the United States.”61 Cyberspace tort actions are an insignificant segment of this overall litigation caseload.

a. The Rarity of Cybertorts

The failure of cybertort litigation to increase rapidly is counterintuitive and inconsistent with the daily reports of fraudulent online auctions, Nigerian money offers, deceptive work-at-home plans, and illegal pyramid schemes that victimize thousands of Americans on a regular basis.62 The Federal Trade Commission reported that Internet security attacks rose 37% in the first quarter of 2003 alone. Internet fraud complaints tripled in 2002 and identity fraud increased by 73%.63 General surveys of American consumers document “high rates of victimization by Internet offenses ranging from identity to fraud, hacking to harassment.”64 A total of 48,252 fraud complaints were referred to American prosecutors in 2002, triple the number of the year before.65 The National Consumer League received 36,802 complaints of Internet fraud in 2002, more than double the number filed in 2001.66 Clearly, tort law has failed to keep pace with the mushrooming number of fraudulent schemes on the Internet. Furthermore, there are roadblocks to

60 Many Internet-related cases included several causes of action crosscutting substantive fields of law. All cases were classified as to the “gist” of the action. In an intellectual property case, for example, relief may be granted on both a business tort action and under the Lanham Act, which is the federal trademark statute. One of the complexities of cyber litigation is that multiple causes of action cross-cutting traditional branches of law were pleaded. 61 Richard A. Posner, Explaining the Variance in the Number of Tort Suits Across U.S. States and Between the United States and England, 26 J. LEGAL STUD. 477, 477 (1997) (noting that there were an additional 39,000 federal court tort filings in 1992). 62 See National Fraud Information Center, 2002 Internet Fraud Statistics, available at http://www.fraud.org/2002intstats.html (last visited Apr. 25, 2003) (reporting that online auctions constituted 90% of the complaints). 63 See Is Anyone Safe in Cyberspace? Private Financial Information Readily Available to Professional Hackers on the Web, Vanguard Integrity Professionals Offer Solutions, PR NEWSWIRE, Apr. 14, 2003. 64 Gene Stephens, Global Trends in Crime, 37 THE FUTURIST 40 (May 2003). 65 Curt Anderson, FBI: Internet Fraud Complaints Tripled 2002, ASSOCIATED PRESS, Apr. 9, 2003, available at http://www.crime-research.org/eng/news/2003/04/Mess1001.html (last visited Nov. 2, 2003). 66 Online Auctions Dominate Consumer Fraud, National Consumer League's Internet Fraud Watch (Mar. 25, 2003) available at http://www.nclnet.org/internetfraud02.htm (last visited Sept. 16, 2003) (noting that by far the most common type of consumer fraud is online auction scams). See also Internet Fraud Complaint Center at http://wwww1.ifccfbi.gov/stategy/stats10300.asp (last visited Apr. 29, 2003) (receiving online fraud complaints involving perpetrators from 105 countries, but with 90% originating in the United States).

88 Southern California Interdisciplinary Law Journal [Vol. 13:1 the development of Internet privacy actions that could otherwise be used to counter the increasingly widespread trafficking of the personal information of Internet users. Overall, tort remedies have yet to develop to protect consumers in cyberspace.

b. Explaining the Cybertort Drought

Many factors have contributed to the rarity of tort remedies in cyberspace cases. The first wave of Internet torts litigation occurred during a decade of tort retrenchment. Legislative tort retrenchment by state legislatures has been one of the most successful law reform campaigns in Anglo-American legal history. The majority of the states have enacted one or more limitations on tort rights or remedies since 1980.67 Since 1986, forty-five states and the District of Columbia have enacted at least one limitation on plaintiffs’ tort remedies.68 Thirty-five states have either placed new restrictions on or abolished the doctrine of joint and several liability69 and the remedy of punitive damages.70 In 2001, alone, Florida, Mississippi, Nevada, Oklahoma, and West Virginia enacted additional tort limitations.71 The Internet is the newest battleground for the war on tort rights and remedies. Tort retrenchment, statutory immunities, and judicial controls combine to retard the development of torts in cyberspace. 3. The Difficulty of Establishing Personal Jurisdiction in the Cyberspace: a. Jurisdiction of the Global Internet

Cyberspace places a new twist on the role that technological progress plays in transforming traditional rules of jurisdiction. In December 2002,

67 Michael L. Rustad & Thomas H. Koenig, Taming the Tort Monster: The American Civil Justice System as a Battleground of Social Theory, 68 BROOKLYN L. REV. 1, 66-67 (2002) [hereinafter Taming the Tort Monster]. 68 Id. at 69. 69 Id. at 67 (citing American Tort Reform Association statistics). 70 Since the 1970s, all but a few legislatures have enacted one or more limitations on the awarding of punitive damages. Punitive damages are not recoverable unless a court finds that the defendant owes a duty to the plaintiff. A few states restrict plaintiff’s counsel from raising punitive damages during opening and closing statements because it is the court’s role to permit the issue to go to the jury. See Vanskike v. ACF Indus., Inc., 665 F.2d 188 (8th Cir. 1981) (reversing punitive damages for inflammatory references in opening argument). A number of states bifurcate punitive damages from the issue of liability to prevent of the defendant’s reckless or wanton misconduct from tainting the liability phase. Some states will require the jury to determine compensatory damages and whether punitive damages are to be assessed in phase one of the trial. In the second phase, the jury hears evidence of the wealth or financial condition of the defendant to set the size of the punitive damages award. See, e.g., CAL. CIV. CODE ANN. § 3295(d) (West 2002); CONN. GEN. STAT. ANN. § 52-240(b) (West 1991) (bifurcating punitive damages in products liability litigation); GA. CODE ANN. § 51- 12.5.1(d)(2) (Harrison 2000); KAN. STAT. ANN. §§ 60-3702, 60-3402 (2002); MINN. STAT. ANN. § 549.20(4)-(5) (West 2002). A few states bifurcate the entire punitive damages issue, including the amount from the compensatory phase. See MINN. STAT. ANN. § 549.20(4)-(5) (West 2002); MISS. CODE ANN. § 11-1-65(1)(b)(d); N.D. CENT. CODE § 32-03.2-11(2-4) (2002). 71 Taming the Tort Monster, supra note 67, at 65.

2003] Cybertorts and Legal Lag 89 the Australian High Court held that a businessman could sue Barron’s and Dow Jones, Inc. for libel in the state of Victoria based on evidence that several hundred people in that state accessed the Dow Jones web site that had posted an allegedly defamatory article.72 The implications of the Dow Jones decision are troubling because a company may be subject to jurisdiction in courts outside the United States for merely posting material on a web site. Recently, the American journalist whose story was the subject of the Dow Jones litigation filed a writ with the United Nations Human Rights Commission, claiming that the Internet defamation lawsuit violated his right to free speech.73 No international treaty or convention addresses the issue of how personal or prescriptive jurisdiction rules need to be updated for the Internet.74 No effective mechanism exists for enforcing cybertort judgments against foreign defendants outside U.S. borders. Cyberspace judgments are only collectable if the defendant has assets subject to legal process in the plaintiff’s forum state.

b. Stretching Minimum Contacts in U.S. Cases

In Hanson v. Denckla,75 the U.S. Supreme Court observed that “[a]s technological progress has increased the flow of commerce between States, the need for jurisdiction has undergone a similar increase.”76 Forty-five years later, the Court is updating principles of personal jurisdiction with regard to web sites, e-mail communications, and other online activities. In the networked world, there will be increasing numbers of disputes between litigants located in different countries. In State v. Granite Gate Resorts, Inc.,77 for example, a state court found contacts sufficient to satisfy due process over a nonresident defendant operating a gambling web site

72 Felicity Barringer, Internet Makes Dow Jones Open to Suit in Australia, N.Y. TIMES, Dec. 11, 2002, at 6. 73 The journalist who filed the action contends that the online defamation case upheld by the High Court of Australia violates Article 19 of the UN's International Covenant on Civil and Political Rights. See Australian Law Challenged at UN, SYDNEY MORNING HERALD (Apr. 18, 2003), at http://www.smh.com.au/articles/2003/04/18/1050172745955.html. (last visited Jan. 28, 2004). 74 The European Union has recognized the challenge of harmonizing Internet jurisdiction rules. The Brussels Regulation governs jurisdiction in civil and commercial disputes between litigants in the European Community as well as rules for the enforcement of judgments. Council Regulation 44/2001 of December 22, 2002 revised the Brussels Convention of 1968. Article 2.1 of the Brussels Regulation sets forth the general rule that “persons domiciled in a Contracting State shall, whatever their nationality, be sued in the courts of that state.” Council Regulation No. 44/2001 of December 22, 2000, on Jurisdiction and the Recognition and Enforcement of Judgments in Civil and Commercial Matters, at Article 2, 2001 O.J. (L 12) 1, 3. Non-nationals of member states are “governed by the rules of jurisdiction applicable to nationals of that state.” Id. Article 5.1, for example, provides that “in matters relating to a ,” jurisdiction is in the place of performance. Article 5.1, 2001 O.J. (L 12) 1, 4. Consumers in the European Community have a right to sue a supplier if it “pursues commercial or professional activities in the member state of the consumer’s domicile.” Article 15.1(c), 2001 O.J. (L 12) 1, 6. 75 357 U.S. 235 (1958). 76 Id. at 250-51. 77 568 N.W.2d 715 (Minn. Ct. App. 1997).

90 Southern California Interdisciplinary Law Journal [Vol. 13:1 through a server located in Belize.78 The court formulated a sliding scale of jurisdiction in determining whether minimum contacts are satisfied in Internet-related cases. The amount of online commercial activity is the key factor distinguishing "passive" from "interactive" web sites. In general, personal jurisdiction in cyberspace is positively correlated with commercial activity: the greater the interactivity of a web site, the more likely a court will find the defendant subject to personal jurisdiction in an out-of-state forum. Courts frequently apply the “sliding-scale” analysis first articulated by the court in Zippo Manufacturing Co. v. Zippo Dot Com, Inc.79 The Zippo court classified all Internet-related cases into three types: At one end of the continuum lie businesses or persons who clearly conduct business over the Internet and have repeated contacts with the forum state such that the exercise of in personam jurisdiction is proper . . . At the other end of the continuum are defendants who have done nothing more than post information or advertising on a web site that is accessible to users in the forum jurisdiction.80 The middle ground is the borderline between passive and active sites “occupied by interactive Web sites where a user can exchange information with the host computer.”81 Since Zippo, courts have refused to find jurisdiction in scores of cybertort cases, ruling that maintaining a web site alone is an insufficient basis for finding purposeful availment or meeting other tests of personal jurisdiction.82 In general, a passive web site without “something more” is insufficient for personal jurisdiction.83 The Zippo test has been outpaced by the growth of the Internet, where few contemporary commercial web sites are purely passive advertisements. Courts have recently been going beyond the “interactivity test” and making a comprehensive examination of the defendant’s web site activities,

78 Id. at 721. 79 952 F. Supp. 1119 (W.D. Pa. 1997) (formulating a “sliding scale” for measuring purposeful availment consisting of passive and active web sites on each end and a broad middle ground). 80 Alitalia-Linee Aeree Italiane S.A. v. Casinoalitalia.com, 128 F. Supp. 2d 340, 349 (E.D. Va. 2001) (describing Zippo interactivity test). 81 Id. 82 See, e.g., Blakey v. Cont’l Airlines, 730 A.2d 854 (N.J. Sup. Ct. 1999) (dismissing a female airline pilot’s defamation lawsuit for statements made on Continental Airline’s internal electronic bulletin board since there was no evidence that defendant-pilots targeted their postings at plaintiff); Revell v. Lidov, 2001 U.S. Dist. LEXIS 3133 (N.D. Tex. March 20, 2001) (granting motion to dismiss claims for defamation, intentional infliction of emotional distress, , and breach of duty in publishing article posted on a university web site); Bell v. Imperial Palace Hotel/Casino, Inc., 200 F. Supp. 2d 1082 (E.D. Mo. 2001) (refusing to exercise jurisdiction over out of state casino because web site offered only passive information). 83 See Cybersell, Inc. v. Cybersell, Inc., 130 F.3d 414, 420 (9th Cir. 1997) (holding that a nonresident defendant in a domain name dispute did not have sufficient “minimum contacts” with the forum state).

2003] Cybertorts and Legal Lag 91 including the functionality of the site.84 Machulsky v. Hall,85 in which the court found no personal jurisdiction where an eBay customer posted negative feedback about a seller,86 is illustrative of the steep burden that plaintiffs must meet in order to satisfy due process in cybertort cases. Courts are beginning to craft more sophisticated “economic realities” tests that focus on actual sales in the forum or other features of the web site, rather than mere interactivity.87 4. Empirical Examination of Internet Jurisdiction The difficulty of establishing personal jurisdiction is a major barrier to the development of cyberspace litigation in general and cybertorts in particular. In order to empirically evaluate the role of jurisdictional barriers in cyberspace cases, a content analysis was performed on sixty-seven federal court decisions handed down in 2002 where there was a preliminary challenge based on personal jurisdiction.88 Federal courts dismissed 63% of the Internet-related cases in 2002, on the grounds of lack of personal jurisdiction. Our analysis found that obtaining personal jurisdiction in Internet cases is a formidable task in every substantive area of cyberlaw. In intellectual property-related disputes, plaintiffs were successful in obtaining in personam jurisdiction over the defendant in only ten out of the thirty cases. Six out of fifteen plaintiffs in e-commerce or Internet-related contracts cases were successful in clearing the hurdle of personal jurisdiction. Fewer than 40% of plaintiffs in Internet-related tort cases were able to obtain personal jurisdiction over defendants (11 of 29). The data demonstrates that the paucity of Internet cases may be explained in part by the difficulties of obtaining jurisdiction.

84 See, e.g., Coastal Video Communications Corp. v. Staywell Corp., 59 F. Supp. 2d 562, 571-72 (E.D. Va. 1999) (examining factors beyond interactivity in determining personal jurisdiction of a web site-defendant). 85 210 F. Supp. 2d 531 (D. N.J. 2002). 86 See id. at 544. 87 See, e.g., Euromarket Designs, Inc. v. Crate & Barrell Ltd., 96 F. Supp. 2d 824, 833-39 (N.D. Ill. 2001) (basing jurisdiction upon actual sales of products over the web site to forum residents in addition to the Zippo test and the effects test). See generally Michael Geist, Relatively Recent Jurisdiction Decisions Said to be Falling Behind Web Technologies, INTERNET LAW & REG. (PIKE & FISHER) (June 5, 2001) (observing that “it is often difficult to determine whether a site is active or passive and that courts are moving away from the Zippo standard to a more target-based approach to jurisdiction”). 88 Cases were included in the “personal jurisdiction in cyberspace” study only if there was a substantial discussion of the “minimum contacts” framework applied to cyberspace. The sample of sixty-seven judicial opinions constituted the bulk of significant personal jurisdiction cases in 2002. In our 2002 sample of Internet-related cases, we found forum-related activities to be critically important for a finding of personal jurisdiction. Courts were likely to apply the sliding scale analysis or the effects test to determine whether the defendant purposefully availed itself of the privilege of conducting business from within the forum. A web site's exceptionally interactive design is a key factor in favor of personal jurisdiction as noted by the court in Stewart v. Hennessey, 214 F. Supp. 2d 1198 (D. Utah 2002). Defendants may be unlikely to successfully challenge jurisdiction where the web site is open to residents in the forum and receives "hits" from the forum. See ComputerUser.com, Inc. v. Tech. Publ’ns., 2002 U.S. Dist. LEXIS 13453 (D. Minn. July 20, 2002).

92 Southern California Interdisciplinary Law Journal [Vol. 13:1

a. Cybertorts are Largely Intentional Torts

Table Two

Cybertort Causes of Action

N=114

Property-Based Torts Defamation 28% 27%

Negligence Privacy Torts 3% 4% Misc. Intentional Business Torts 3% 35%

Most of the cybertorts that have evolved are publication or informational torts filed by corporate plaintiffs as compared to the mostly personal injury cases that predominate in a traditional tort caseload.89 The U.S. Supreme Court describes the Internet as a massive disseminator of information: Through the use of chat rooms, any person with a phone line can become a town crier with a voice that resonates farther than it could from any soapbox. Through the use of web pages, mail exploders, and newsgroups, the same individual can become a pamphleteer.90 As Table Two reveals, 27% (N=31) of the cybertorts are classified as defamation or injurious falsehood claims.91 The four most common

89 In the traditional tort arena, economic loss cases are becoming more common. Empirical studies confirm that punitive damages are larger and more frequent in financial injury and business contracts cases including fraud cases. Rustad, supra note 34, at 37-40. 90 Reno v. ACLU, 521 U.S. 844, 870 (1997). 91 Online defamation is the use of e-mail or Internet web sites to transmit false and damaging information about persons. When corporations or other entities are disparaged by false or misleading information transmitted online, they seek relief through the allied torts of trade libel or injurious falsehoods.

2003] Cybertorts and Legal Lag 93

Internet-related actions were business torts (35%, N=40), torts, including to chattels or (28%, N=32), and online defamation (27%, N=31). Ninety-seven percent of the 114 cybertorts were cases, in contrast to the negligence cases dominating traditional caseloads.92 No real property damage, personal injury, or wrongful death claims were successfully pleaded in cyberspace lawsuits, in dramatic contrast to the world of real-space torts. No cybertorts arose out of claims based upon strict liability.93 Internet torts are different from bricks and mortar torts largely because of the nature of damages suffered by plaintiffs. The predominant injury in a cybertort case is a financial loss rather than personal injury or physical damage to property. Torts in cyberspace arose out of e-mail, web site, or software distribution, rather than traditional categories of injury such as automobile accidents, mishaps, premises liability, operating room malpractice, and injuries due to dangerously defective products. The predominance of intentional cybertorts depicted in Table Two is reminiscent of the tort law found in eighteenth-century England with its overwhelming emphasis on intentional torts.94 When Blackstone wrote his Commentaries on the Laws of England (1765-68), his formulation of "private wrongs" was designed for a legal system that provided compensation largely for intentional torts.95 In pre-industrial England, tort law was chiefly a legal institution to provide remedies for intentionally inflicted injuries against persons and their property. The intentional torts protecting personal property described by William Blackstone serve a special function in the age of the Internet. In eighteenth-century England, the action for trespass to chattels was used to provide compensation for the dispossession of tangible personal property. Today, this ancient remedy has been resurrected to apply to invasions of web sites by spam e-mailers, web scrapers, and other virtual . Trespass to chattels is also employed by large companies to protect

92 In one of the largest empirical studies of tort litigation, the Institute for Civil Justice found that negligence-based motor vehicle claims accounted for almost two in three cases. Marc Galanter, Real World Torts: Antidote to Anecdote, 55 MD. L. REV. 1093, 1102 (1996) (citing study by the Rand Institute for Civil Justice) [hereinafter Real World Torts]. 93 See also Sanders v. Acclaim Entm’t, Inc., 188 F. Supp. 2d 1264 (D. Colo. 2002) (dismissing actions based on negligence and strict liability in lawsuit filed in the Columbine school shooting case in which it was claimed that the killers were “fanatical consumers of violent video games and movies distributed on the Internet”); James v. Meow Media, Inc., 90 F. Supp. 2d 798, 819 (W.D. Ky. 2000) (dismissing claims, finding that information “products” were not encompassed in Kentucky’s strict products liability statute “because thoughts, ideas, and expressions contained within defendants' movie, games, and web site materials did not constitute a ‘product’ within the realm of the strict liability doctrine”). 94 Intentional torts are injuries committed with the purpose to bring about a desired result or a substantial certainty that a desired consequence will occur: "One who intentionally causes injury to another is subject to liability to the other for that injury, if his conduct is generally culpable and not [privileged]." RESTATEMENT (SECOND) TORTS § 870 (1979). , , , intentional infliction of emotional distress, conversion, , and trespass to chattels are examples of intentional torts. 95 Taming the Tort Monster, supra note 67, at 10.

94 Southern California Interdisciplinary Law Journal [Vol. 13:1 information on their web sites from being extracted by bots or spiders.96 Intentional torts dominate the cyberspace litigation landscape in sharp contrast to negligence in the real-space world.97

b. Business Torts

In the real-space world, business torts account for many of the mega- cases: “[The] biggest verdicts [in 2000] included a $324 million verdict in a patent infringement claim, a $233 million verdict in a securities fraud case, and a $181 million verdict in a breach-of-contract suit.”98 The great majority of business torts in cyberspace are based upon intentional misconduct rather than negligence or strict liability. Corporate plaintiffs file cybertort cases pleading business torts such as fraud, misappropriation, or the interference with contract. Spam-related tort cases arise when a commercial e-mailer overloads computer networks by sending out massive amounts of unwanted and unsolicited bulk e-mail. The tort of misappropriation consists of the unauthorized interference with or extraction of valuable and time-sensitive information.99 The intentional torts of fraud, deceit, or misrepresentation are information torts because the plaintiff has suffered loss in relying upon false or misleading statements made by defendants.

c. Invasion of Privacy

The development of new technologies for harvesting personal information creates the potential for widespread invasions of privacy. Seventy percent of Americans report they are seriously concerned that businesses are not adequately protecting their online privacy,100 yet only a handful of plaintiffs have successfully pleaded an action for any privacy- based tort. As yet, no plaintiff has been able to redress the invasion of privacy that results when personal information is gathered and sold to Internet advertisers.

96 Whatis.comglossary, available at http://whatis.techtarget.com (last visited April. 12, 2003) (describing “bot” as shorthand for robot and referring to programs such as “spiders” or “crawlers” that simulate human actions); EF Cultural Travel BV v. Zefer Corp., 318 F.3d 58, 61 (1st Cir. 2003); eBay, Inc. v. Bidder’s Edge, Inc., 100 F. Supp. 2d 1058, 1073 (N.D. Cal. 2000) (ordering preliminary injunction to enjoin Bidder’s Edge from using spiders or bots to extract data from eBay’s web site). 97 Tort law in the real-space world was also slow to develop during the Industrial Revolution. Tort law as a substantive field of law did not evolve until the nineteenth-century with the rise of negligence. G. Edward White, The Intellectual Origins of Torts in America, 86 YALE L.J. 671, 678-83 (1977). 98 Gregory D. Hopp, IT Perspective: Questionable Claims Finding Some Success in Court, BUS. INS., June 18, 2001, at G12. 99 See generally Mark Sableman, Link Law Revisited: Internet Linking Law at Five Years, 16 BERKELEY TECH. L. J. 1273, 1284 (2001). 100 Matthew Kinsman, One-Way Street, PROMO, April 1, 2003.

2003] Cybertorts and Legal Lag 95

Increasingly, online advertisers use “web bugs”101 to track an individual’s activity on a web site and when an Internet user opens, reads, and forwards an e-mail, but the courts have yet to recognize remedies for these online intrusions.102 A New York federal court dismissed a class action suit filed against DoubleClick, Inc., described as “the largest provider of Internet advertising products and services in the world.”103 Doubleclick uses its software to harvest personal information such as names and e-mail addresses of Internet users in order to create cookies.104 The court concluded that Doubleclick’s use of cookies to collect information did not violate federal statutes including the Electronic Communications Privacy Act, the Wiretap Act, and the Computer Fraud and Abuse Act.105 No tort remedy was available because the common law has not yet evolved to address the wholesale collection and sale of personally identifiable information. A growing number of companies are monitoring e-mail and Internet communications of their employees. More than three-quarters of major U.S. companies routinely record and review employee communications and activities on the job, including their telephone calls, e-mail, and computer files.106 Private employees have no constitutional right to privacy because there is no state action.107 In a decade of Internet-related workplace privacy cases, private employers have prevailed in every case.108

101 A “web bug” is typically a text file or graphic embedded in a web page or in an e-mail’s HTML code. Web bugs are also known as “invisible GIFs,” “clear GIFs,” or “1-by-1 pixels.” 102 Marc S. Roth and Kathleen Fay, Playing ‘Hide and Seek’ with Web Bugs, 10 E-COMMERCE L. & STRATEGY 6 (Feb. 2001). 103 In re Doubleclick Privacy Litigation, 154 F. Supp. 2d 497, 500 (S.D. N.Y. 2001) (the federal district court found no cause of action in favor of Internet users whose personal information such as names, e-mail addresses, telephone numbers, searches performed and other personal information was being systematically collected by the defendant’s cookies. The court dismissed all federal and state claims finding it implausible that web site visitors did not consent to the use of cookies). 104 Cookies “are computer programs commonly used by Web sites to store useful information such as usernames, passwords, and preferences, making it easier for users to access Web pages in an efficient manner. [The DoubleClick] cookies collect . . . [personal] ‘information such as names, e-mail addresses, home and business addresses, telephone numbers, searches performed on the Internet, Web pages or sites visited on the Internet . . .’” Id. at 502. 105 The Computer Fraud and Abuse Act provides litigants with a private cause of action for unauthorized access to computer systems and electronic information. 18 U.S.C. § 1030 (2002). 106 2001 American Management Survey, Workplace Monitoring & Surveillance, Summary of Key Findings, at http://www.amanet.org/rsearch/pdfs/ems_short2001.pdf (last visited April 1, 2002) (stating that over three-quarters of firms have disciplined employees for misuse of information technologies and another 31% have dismissed individuals for those reasons). 107 Cf. O’Connor v. Ortega, 480 U.S. 709 (1987) (holding that the test of “reasonableness” applies to public employers, rather than the usual Fourth Amendment requirement of a warrant supported by “probable cause”); Leventhal v. Knapek, 266 F.3d 64 (2d Cir. 2001) (finding that investigatory searches by agency did not violate employee’s Fourth Amendment rights). 108 See, e.g., Smyth v. Pillsbury Co., 914 F. Supp. 97 (E. D. Pa. 1996) (finding company’s interest in preventing inappropriate e-mail activity on its own system outweighs any employee privacy interest); McLaren v. Microsoft Corp., 1999 Tex. App. LEXIS 4103 (Tex. App. Dallas May 28, 1999) (holding that employee had no reasonable in e-mail messages transmitted over the company’s network accessible by third parties); Garrity v. John Hancock Mut. Life Ins. Co., 2002 U.S.

96 Southern California Interdisciplinary Law Journal [Vol. 13:1

5. Cybertorts Tend to Be Judge-Determined Federal Cases

Table Three

Type of Court Disposition

N=114

Default Judgment 30% Jury 36%

Judge 34%

The jury plays a much less central role in cyberspace litigation than in real-space torts. Of the 114 cases involving a cybertort, 36% (N=41) were decided by a jury, 34% (N=39) were decided by judges, and 30% (N=34) were default judgments. America Online, Inc., alone, won sixteen cases against spam e-mailers in which the defendant defaulted.109 In addition, a number of cybertort defendants simply vanished after unsuccessfully contesting large awards.110 The jury played no role in cases where the defendant failed to appear in court. More than 95% of traditional tort cases are filed in state courts; the rest are diversity cases decided in federal district courts.111 A majority of cyberspace tort cases (61%, N=70), in contrast, are decided in federal court

Dist. LEXIS 8343 (D. Mass., May 7, 2002) (granting summary judgment in favor of employer in case where e-mails were read by management). 109 See, e.g., America Online, Inc., v. National Healthcare Disc., Inc., 174 F. Supp. 2d 890 (N.D. Iowa 2001) (awarding $319,500 in compensatory damages and $100,000 in punitive damages where a defendant defaulted in a judgment based upon trespass to chattels where the commercial e-mailer ignored repeated requests to stop the sending of junk e-mail to AOL and its members). 110 See, e.g., Kremen v. Cohen, 314 F.3d 1127, 1040 (9th Cir. 2003). 111 See Real-World Torts, supra note 92, at 1105 (reporting “a small portion (less than five percent) of all tort filings, but considerably larger portions of product liability and mass tort claims, are in federal courts”). See also Michael J. Saks, Do We Really Know Anything About the Behavior of the Tort Litigation System—And Why Not? 140 U. PA. L. REV. 1149, 1156 (1992) (observing that “far less is known about the approximately 98% of tort cases that are litigated at the state level”).

2003] Cybertorts and Legal Lag 97 because the Internet, by its very nature, produces diversity cases.112 Cyberspace makes close neighbors of litigants in distant lands. Cyberspace litigation will increasingly require new rules for choice of law, choice of forum, jurisdiction, enforcement of judgments, as well as substantive rules of tort law that reconcile radically different legal traditions. For example, a French court's ruling that Yahoo! must “eliminate French citizens' access to any material on the Yahoo.com auction site that offers for sale any Nazi objects” was found to violate the First Amendment of the U.S. Constitution.113 As the global Internet evolves into a seamless worldwide bazaar, many other cross-national clashes over legal norms will occur. 6. Cybertorts are More Developed in Information Technology Centers Empirical studies of the U.S. civil litigation system have consistently found substantial variation — hot spots and cold spots — in tort law caseloads within and between jurisdictions.114 Judge Richard Posner, for example, reports “enormous variance across jurisdictions in the number of tort cases filed, even when the laws in the different jurisdictions are similar.”115 A U.S. Department of Justice study in 1992 found punitive damages to vary significantly by jurisdiction within the nation’s seventy- five most populous counties.116 Cybertorts are concentrated in the same “hot spots” as traditional tort litigation.117 Only twenty-five states of the fifty-one civil jurisdictions had even a single cybertort plaintiff victory during this decade of Internet-

112 “Tort law in America is built on a bed rock of state common law.” Robert L. Rabin, Federalism & the Tort System, 50 RUTGERS L. REV. 1, 2 (1997). 113 Yahoo! Inc. v. La Ligue Contre Le Racisme et L'Antisemitisme, 169 F. Supp. 2d 1181, 1184, 1194 (N.D. Cal. 2001) (refusing to enforce Paris judgment against Internet Service Provider on public policy grounds). 114 See, e.g., STEPHEN DANIELS & JOANNE MARTIN, CIVIL JURIES AND THE POLITICS OF REFORM (Northwestern Univ. Press 1995) (finding jurisdictional differences in state jury verdicts in forty-seven counties within eleven states); DEBORAH HENSLER & ERIK MOLLER, TRENDS IN PUNITIVE DAMAGES: PRELIMINARY DATA FROM COOK COUNTY, ILLINOIS AND SAN FRANCISCO, CALIFORNIA (Institute for Civil Justice 1995) (finding jurisdictional differences in awards across jurisdictions); MICHAEL L. RUSTAD, DEMYSTIFYING PUNITIVE DAMAGES IN PRODUCTS LIABILITY CASES: A SURVEY OF A QUARTER CENTURY OF TRIAL VERDICTS (Lee Hays Romano ed., Papers of Roscoe Pound Foundation 1995) (noting that five states accounted for 47% of all punitive awards in a quarter century of products liability cases) [hereinafter DEMYSTIFYING PUNITIVE DAMAGES]; Reconceptualizing Punitive Damages in Medical Malpractice, supra note 33 (finding that five states accounted for nearly half of all punitive damages in three decades of medical malpractice litigation). 115 Richard A. Posner, Explaining the Variance in the Number of Tort Suits Across U.S. States and Between the United States and England, 26 J. LEGAL STUD. 477, 477 (1997) (demonstrating jurisdictional difference within the United States and cross-nationally). 116 Carol Defrances et al., U.S. Dept. of Justice, Bureau of Justice Statistics, Special Report, Civil Jury Cases and Verdicts in Large Counties (1995). See also Theodore Eisenberg et al., The Predictability of Punitive Damages, 26 J. LEGAL STUD. 623 (1997). 117 See DEMYSTIFYING PUNITIVE DAMAGES, supra note 114. See also Unraveling Punitive Damages, supra note 34 (summarizing studies demonstrating that the number and size of punitive damages awards varies significantly by jurisdiction).

98 Southern California Interdisciplinary Law Journal [Vol. 13:1 related litigation.118 Seventy percent of the cybertorts were decided in only five states: California (33%, N=38), Texas (13%, N=15), Virginia (13%, N=15), New York (6%, N=7) and Illinois (4%, N=5). The number of cybertort cases reflects the degree to which the jurisdiction’s economy is information-based. California’s disproportionate number of Internet torts is largely attributable to the dominance of Hollywood entertainment, high technology, and the software industry. Virginia’s heavy Internet tort caseload may be explained by America Online’s multiple filings against spam e-mailers in the Northern District of Virginia. States with the largest number of cybertorts tended to be those whose economies are the most information-based.

7. Corporations Predominate as Cybertort Plaintiffs

Table Four

Type of Cybertort Plaintiff

N=114

Other Organizations 2% Int'l or Nat'l Corp. 24% Individual 39%

Medium Corporation

18% Small Corp/Website 18%

Large U.S. corporations with the economic, human, and legal resources to protect their economic interests were the most frequent plaintiffs in Internet tort litigation. Marc Galanter has argued that “repeat players” such as these litigants have a great competitive advantage over “one-shotters.”119 National or international corporations filed one in four successful cybertort cases (24%, N=27). Medium-sized companies filed another 18% (N=21)

118 Id. 119 Marc Galanter, Why the “Haves” Come Out Ahead: Speculations on the Limits of Legal Change, 9 LAW & SOC’Y REV. 95, 97, 106 (1974).

2003] Cybertorts and Legal Lag 99 of the cybertort cases—a number nearly matched by small companies (18% N=20). Non-profit organizations accounted for only 2% (N=2) of the Internet tort cases. Thirty-nine percent of the successful cybertort plaintiffs were individuals (N=44) whose chief causes of action were generally based on online defamation, employment-related torts, or, to a lesser extent, the invasion of privacy.120 Internet-related defamation cases, whether filed by companies as trade libel actions or by individuals vindicating their personal reputations, frequently arose out of incendiary discussions on news groups or listservs. Ex-employees of Varian Medical Systems, Inc., for example, posted “scathing remarks about the company and their supervisors” on Internet web sites. “Through some 14,000 Internet postings on 100 message boards and their own Web site, the former employees falsely accused managers at Varian . . . of having extramarital affairs, being a danger to children, being homophobic, videotaping office bathrooms, discriminating against pregnant women, being chronic liars, and hallucinating.”121 A California jury awarded the company $775,000 in damages and enjoined the defendants from further libelous postings. In a strange turn of events, the defendants then began receiving anonymous threatening e-mails warning them not to appeal the verdict.122 These e-mails contained intimidating statements such as: "I heard Mikey will have a hard time appealing his case after he's DEAD. Count the days, loser . . . you're going to suffer and someone will laugh."123 Companies are increasingly employing such defamation actions to restraint cybersmearers.

120 The typical defendant in a products liability case is a large corporation, not a small business. See In Defense of Punitive Damages in Products Liability, supra note 32. In a study of tort litigation in state courts, the Justice Department found that the typical litigant was an individual suing a business. Businesses constituted nearly all of the defendants in cases involving toxic substances, products liability, sales, and employment torts. See Unraveling Punitive Damages, supra note 34, at 54 (confirming that the typical plaintiff is an individual suing a business). 121 Louis Pechman, The Employer Strikes Back, 227 N. Y. L. J. 4 (June 25, 2002). 122 Shannon Lafferty, FBI Investigating Death Threats in Varian Libel Case, THE RECORDER, Aug. 1, 2002, available at http://www.law.com/regionals/ca/stories/020801f.shtml (last visited Nov. 2, 2003). 123 Id.

100 Southern California Interdisciplinary Law Journal [Vol. 13:1

8. The Typical Cybertort Defendant is a Small Company — Not a Deep Pocketed National Corporation Table Five N=114

Type of Cybertort Defendant

Other Organizations 4% Int'l or Nat'l Corp. 10% Medium Corporation 12% Individual 20%

Small Corp/Website 54%

Most cybertorts were business-to-business (B2B) actions brought by large corporations against smaller companies. Fifty-four percent of defendants in cybertort cases were small corporations or start up e- commerce web sites (N=61). Another 12% (N=14) of the defendants were medium corporations. Individuals constituted only 20% of the defendants (N=23). Miscellaneous defendants such as activist groups and trade organizations constituted the remaining 4% of cybertort defendants (N=5). The individual cases (none of which were consumer litigation) frequently arose out of acrimonious e-mail, web site, and listserv postings. Large corporations were cybertort defendants in only 10% of the decided cases (N=11). Most Internet tort defendants were online businesses, spammers, or pornographers. Online sales and services constituted 31% (N=35) of the cybertort defendant industries. Spammers and online pornographers constituted 29% (N=33) of the cybertort defendants. Bricks and mortar businesses with a web site presence accounted for another 18% (N=21) of the cybertort defendants. Individuals were defendants in another 18%

2003] Cybertorts and Legal Lag 101

(N=20) of the Internet tort cases. Miscellaneous entities, including activist organizations, comprised 4% (N=5) of cybertort defendants. 9. Prospective or Injunctive Relief is a Favored Remedy in Cybertort Cases. A unique aspect of these cyberspace cases was the important role that equitable remedies played in the preliminary stage.124 Plaintiffs in cyberspace cases frequently sought equitable relief rather than monetary damages.125 In 59% of the cybertort actions, the plaintiff obtained some form of equitable relief (N=67). The goal of the plaintiff was to freeze the status quo or to enjoin the defendant, rather than to obtain compensation.126 In the real-space world, in contrast, injunctions and other forms of equitable relief are proper only if the plaintiff proves the “inadequacy of damages.”127 Many of the high profile victories were obtained at the preliminary injunction stage or through summary judgment.128 Of the 114-cybertort cases, only 41% of the cases (N=47) were purely monetary awards. In thirty-seven cases (33%), plaintiffs received monetary relief as well as a preliminary injunction or other equitable relief. In 26% of the cases, plaintiff received only prospective or injunctive relief (N=30). Many of the non-monetary award cases were comprised of preliminary injunctions against spam e-mailers, business tort claims within a trademark dispute, or requests for prospective relief for right of publicity or privacy. In many high profile cases, injunctive relief was sought because of the “prospective nature of online injuries.”129 In Michaels v. Internet

124 Uta Kohl, Injunctions v. Damages (The Age of the Internet): Old Battles of Remedies Revisited, 11(2) J. OF L. & INFO. SCI. 160 (2001) (arguing that the role of extraordinary remedies such as injunctions needs to be re-examined and reassessed in cyberspace litigation). 125 In Internet-related trademark litigation, equitable relief may take the form of corrective advertising, de-listing of web sites from search engines, posting notices of court orders on web sites, or court-ordered web site disclaimers. See Finnegan, Henderson, Farabow, Garrett & Dunner, L.L.P., Internet Trademark Case Summaries, at http://www.finnegan.com/publications/index.cfm?info=trademark&id=74 (last visited April 12, 2003). 126 Kohl argues, “[I]njunctions are much better suited to the online environment. Unlike damages, they often provide a more effective remedy to the plaintiff, may be less draconian to the defendant and less inhibitory in their overall effect on electronic communications.” See Kohl, supra 124, at 160. 127 Id. at 161. 128 In many other fields of cyberspace law, injunctive or equitable relief is the primary objective of the plaintiff. For example, in the leading constitutional cases in cyberspace, the whole point is to enjoin enforcement of a statute. See, e.g., Ashcroft v. ACLU, 535 U.S. 564 (2002) (enjoining enforcement of the Child Online Protection Act which incorporated community standards to identify material harmful to minors). See also Reno v. ACLU, 521 U.S. 844 (1997) (holding portions of the Communications Decency Act of 1996 to be unconstitutional). Injunctive relief is the chief remedy sought in anti-spam cases. See, e.g., America Online, Inc. v. Nat'l Health Care Disc., Inc., 174 F. Supp. 2d 890 (N.D. Iowa 2001) (entering preliminary injunction against mass commercial e-mail firm violating AOL’s terms of service agreement). Many of the tort cases in cyberspace also focus on injunctive relief. See Register.com, Inc. v. Verio, Inc., 126 F. Supp. 2d 238 (S.D. N.Y. 2000) (demonstrating a likelihood of success on the merits and irreparable harm without such relief based upon contract law, trespass to chattels, and violations of computer fraud and trademark laws). 129 See Kohl, supra note 124, at 165-66.

102 Southern California Interdisciplinary Law Journal [Vol. 13:1

Entertainment Group, Inc.,130 for example, the federal court was asked to issue an injunction to prevent irreparable injury that would result from the Internet sale of a videotape depicting actress Pamela Anderson Lee and rock musician Brett Michaels engaging in intimate activities. The Michaels court issued an injunction enjoining the adult entertainment web site from displaying still images of the couple engaged in sexual intercourse on the grounds that the publication violated their right of publicity under California law.131 Monetary damages are difficult to establish in an online environment because many of the injuries are difficult to value. Fledgling e-businesses find it almost impossible to establish damages based on lost profits because they lack a financial track record.132 Courts face the challenging task of assessing damages for “spoofing” or transmitting massive amounts of junk e-mail using false identifiers. In a typical spam e-mail case, the ISP incurs costs by responding to complaints by its customers who are inconvenienced by reading and deleting fraudulent or illegal e-mail messages. For example, in Earthlink v. Carmack,133 a Georgia court assessed damages of $2.00 per spam e-mail against a defendant who hijacked 343 e-mail accounts and used them to transmit an average of one million spam e- messages per day. An ongoing campaign launched by America Online, Inc., (“AOL”) to stop the transmission of unsolicited, commercial e-mail messages is an example of a tort for which damages are difficult to compute. Although AOL’s customers are clearly inconvenienced in being subjected to a barrage of pornographic images, get-rich-quick schemes, health products, and other annoying “spam,” finding an appropriate level of compensation is a difficult task. In America Online, Inc. v. National Health Care Discount, Inc.,134 the defendant developed software to harvest e-mail addresses in order to transmit massive numbers of spam advertisements. The defendant e-mailed 276 million pieces of unsolicited spam to subscribers, using software that evaded AOL’s filters. While damages are trivial at the subscriber level, if each subscriber took a few seconds to delete the unwanted e-mail, the aggregate cost in damages could be in the millions of dollars. In many cases, the ISP seeks damages for the cost of responding to subscriber complaints, for storing large numbers of messages, and for transmitting electronic communications. AOL, for example, claimed that

130 5 F. Supp. 2d. 828 (C.D. Cal. 1998). 131 See also Lee v. Internet Entm’t Group, Inc., 33 Fed. Appx. 886 (9th Cir. 2002) (finding an issue of material fact as to whether a settlement and release entered into by celebrities and an entertainment organization covered only Internet distribution of an allegedly stolen videotape depicting them engaged in intimate acts or whether it extended to distribution of the tape on VHS and DVD via retail stores). 132 See, e.g., C.P. Interests, Inc. v. California Pools, Inc., 238 F.3d 690, 696 (5th Cir. 2001) (vacating business disparagement award and injunction for failure to establish pecuniary loss). 133 2003 U.S. Dist. LEXIS 9963 (N.D. Ga. May 7, 2003) (assessing damages based on millions of unsolicited spam e-mail messages per day). 134 174 F. Supp. 2d. 890 (N.D. Iowa 2001).

2003] Cybertorts and Legal Lag 103 its cost “for delivering each piece of e-mail sent to an AOL member is $.00078 (i.e., 78 [cents] per thousand pieces of e-mail). This computation would result in damages to AOL of $105,300 ($.00078 times 135,000,000).”135 However, the court found that AOL’s suggested method of measuring damages would dramatically overcompensate the ISP, and consequently fashioned its own formula for calculating damages.136 In addition, the court awarded $100,000 in punitive damages under Virginia state law.137 This anti-spam case illustrates the difficulty courts have in assessing damages; individual AOL users may be annoyed by spam, but suffer no significant monetary damages for the inconvenience of repeatedly hitting the delete key. The ISPs’ lawsuits are based on the provider’s costs of responding to consumer complaints about the spam. 10. No Litigation Crisis Exists in Cyberspace; Size of Compensatory Awards is Modest Although a few compensatory awards were quite large, there is no evidence of a litigation crisis in cybertorts. For the eighty-four decisions that included compensatory damages in a cybertort case, the awards ranged from $1 to $177,000,000. The mean compensatory award in the cybertort cases was $6,266,078 and the median award was $287,761. Thirty-three of the eighty-four compensatory damages awards (39%) exceeded one million dollars. Very large awards are rare: a total of twelve cybertort awards were each greater than ten million dollars. Only three of the eighty-four compensatory damage cybertort awards (4%) exceeded one hundred million dollars.138 a. Punitive Damages are Rare and Often Less Than Compensatory Damages The rate of punitive damage awards was higher in cyberspace than in the real-space world principally because of the predominance of intentional torts in cyberspace.139 Forty percent of the cybertort cases (N=45) resulted in a punitive damages award. An additional four punitive damages awards were uncovered that were based upon federal statutes and thus outside of the cybertort analysis. Punitive damages for the forty-five cybertort awards

135 Id. at 900. 136 Id. at 901 (concluding that “while an award of 78 [cents] per thousand pieces of [commercial e- mail] . . . sent to AOL members would not adequately compensate AOL for damages, $8.56 per thousand pieces of UBE [unsolicited bulk e-mail] would dramatically overcompensate AOL[.]”). 137 Id. at 902. 138 Michael L. Rustad & Thomas H. Koenig, Internet Tort Database: 1992-2003 (on file with authors). 139 A study by the researchers at the Bureau of Justice Statistics (BJS) and the National Center for State Courts study of civil courts in the seventy-five largest American counties provides a useful cross- section of punitive damages activity during 1992. Of the 12,026 verdicts in the sample, plaintiffs won a total of 364 punitive damages awards (5.9% of the cases). Real World Torts, supra note 92, at 1127 (citing study of National Center for State Courts).

104 Southern California Interdisciplinary Law Journal [Vol. 13:1 ranged from $1,486 to $460,000,000.140 In the bricks and mortar world, fewer than 10% of tort damage cases resulted in punitive damages. When punitive damages are awarded in traditional torts, the amounts are generally quite modest in relationship to the size of the compensatory damages award.141 The median award in of the forty-five cybertort punitive awards was $435,000. The size of the occasional large verdict exaggerates the importance of punitive damages in cyberspace since the extreme awards are almost certainly uncollectible. The year 2001 witnessed the bumper crop for punitive damages in cybertort cases with a mere fourteen cases in all jurisdictions. Moreover, only fifteen state courts rendered even a single punitive damage cybertort award over the entire decade. Only three states had more than three punitive awards in a decade: California (15), Texas (8), and Virginia (4).142 Punitive damage awards were more likely to be handed down in state courts than in federal courts, despite the fact that 60% of the overall cybertort cases were decided in federal forums. Six in ten punitive damage awards in cybertort cases (N=27) were handed down in state courts, in contrast to punitive damages in traditional torts, which are overwhelmingly awarded in state courts.143

b. Mathematical Ratios and Due Process in Cyberspace

In April of 2003, the U.S. Supreme Court decided State Farm Mutual Automobile Insurance Co. v. Campbell.144 The Court reversed a punitive damages jury verdict, further articulating guidelines for assessing the constitutionality of high-ratio awards.145 At trial, the jury had awarded the plaintiffs $2.6 million in compensatory damages and $145 million in punitive damages, which was remitted to $1 million and $25 million respectively.146 The Utah Supreme Court then reinstated the entire punitive damages award after applying the guideposts of BMW v. Gore.147 The U.S.

140 A nationwide study of punitive damages in products liability revealed that the median award was $625,000 for cases decided between 1965 and 1990. See In Defense of Punitive Damages in Products Liability, supra note 32, at 46. 141 A meta-analysis of all empirical studies of punitive damages reveals that the overall rate and level of punitive damages awards is low in traditional torts. See Unraveling Punitive Damages, supra note 34, at 17-33 (summarizing the results of nine scientific studies of punitive damages). 142 These are generally the same states, which were punitive damages hot spots in nationwide studies of products liability and medical malpractice. See Unraveling Punitive Damages, supra note 34, at 33-36 (reporting empirical studies of punitive damages in products liability and medical malpractice). 143 Marc Galanter, Real World Torts: An Antidote to Anecdote, 55 MD. L. REV. 1093, 1105 (1996) (noting that only a small percentage of tort filings are in federal courts). 144 123 S. Ct. 1513 (2003). 145 Id. at 1520-26. 146 Id. at 1519. 147 517 U.S. 559 (1996) (formulating three guideposts to determine whether punitive damages awards are violative of a defendant’s substantive due process rights: (1) degree of reprehensibility, (2) ratio between punitive award and plaintiff's actual harm, and (3) legislative sanctions provided for comparable misconduct).

2003] Cybertorts and Legal Lag 105

Supreme Court granted the defendant’s writ of certiorari.148 The Court, in a 6-3 decision, reversed the judgment of the Utah Supreme Court, finding the high-ratio punitive damages award violated State Farm’s due process rights.149 The Court reasoned that the punitive damages award was grossly disproportionate to the wrong.150 The punitive damages were found to be “an irrational, arbitrary, and unconstitutional deprivation of the property of the insurer.”151 Justice Kennedy, writing for the majority, observed “few awards exceeding a single-digit ratio between punitive and compensatory damages. . . will satisfy due process.”152 This single-digit multiplier test comes close to a per se rule, making all high ratio awards suspect: “single-digit multipliers are more likely to comport with due process, while still achieving the State's goals of deterrence and retribution, than awards with ratios in range of 500 to 1, or, in this case, of 145 to 1.”153 Although the wrongdoing in Campbell took place in the real-space world, the nature of the injury parallels the typical harm suffered by plaintiffs in cyberspace.154 In Campbell, the Court reaffirmed its view that high ratio punitive damages awards might be more acceptable in physical injury cases than where the harm is purely economic.155 In cybertort cases, the harm generally takes the form of economic injuries.156 While no punitive damages awards in cyberspace arose out of physical injury, extremely reprehensible conduct led to punitive damages in the vast majority of cyberspace cases.157

148 Id. 149 123 S. Ct. 1513, 1526. 150 Id. 151 Id. at 1524. 152 Id. 153 Id. 154 “The harm [in Campbell] arose from a transaction in the economic realm, not from some physical assault or trauma; there were no physical injuries and State Farm paid the excess verdict before the complaint was filed, so the Campbells suffered only minor economic injuries for the 18-month period in which State Farm refused to resolve the claim against them.” Id. at 1517-19. 155 Id. at 1518 (citing BMW v. Gore). 156 The primary exceptions to the general pattern of financial injury cases are cases involving online defamation and the invasion of privacy. 157 A few cyberspace cases did involve physical injury. See, e.g., Jewish Defense Org., Inc. v. Superior Court of Los Angeles County, 85 Cal. Rptr. 2d 611, 614 (Cal. Ct. App. 1999) (describing web site dispute that escalates into physical violence).

106 Southern California Interdisciplinary Law Journal [Vol. 13:1

Table Six Ratio of Punitive $ to Compensatory $

N=45

PDs Mor e 3X CDs 11%

PDs less than CDs PDs 1 to 3 Times CDs 53% 36%

Table Six shows that punitive damages in cybertort cases generally comply with Justice Kennedy’s single-digit test for excessive ratios.158 The punitive damages to compensatory damages ratio in cybertort cases ranged from .01 to 16.88. In sharp contrast to real world torts, a majority of the punitive damages awards (53%, N=24) were actually less than the corresponding compensatory damages. The median punitive damages award in cyberspace is only 82% of the size of the accompanying compensatory damages, with the mean award a mere 1.7 times the size of the compensatory component. Punitive damages were one to three times the compensatory damages in 36% of the cases in which punitive damages were awarded (N=16). In only five cases were the punitive damages more than three times the compensatory damages. In a decade of cybertort cases, only one punitive damages award was more than ten times the compensatory damages.

158 See Unraveling Punitive Damages, supra note 34, at 50.

2003] Cybertorts and Legal Lag 107

c. Large Cyberlaw Punitive Damages Awards are Either Default Judgments or Strictly Scrutinized by Reviewing Courts

Table Seven: Post-Trial Outcomes of Cybertorts Greater Than $5 Million in Punitive Damages

Case Name Award Size Post/Trial Basis for Disposition Judicial Control [1] John Does v. Compensatory Trial judge Defendant was Franco Damages: entered not reachable by Productions, $46 million; default legal process 2002 U.S. Dist. Punitive judgment LEXIS 24032 Damages: (N.D. Ill. Nov. $460 million 25, 2002) (invasion of privacy) [2]Trovan Inc. v. Compensatory Vacated Court vacated Pfizer Inc., 23 Damages: Permanent permanent Fed. Appx. 1671 $8 million; Injunction, injunction after (9th Cir. 2001) Punitive Ordered new (1) ordering a (unfair Damages: trial new trial as to competition, $135 million liability, and (2) palming off, ruling punitive federal damages not trademark available infringement) [3] Konanykhine Compensatory Trial court Defendant made v. Izvestia Damages: entered no appearance at Newspaper, $3.5 million; default trial. Court 2000 JAS Punitive judgment entered default Publications, Damages: judgment in Metro Verdicts $30 million favor of plaintiff Monthly (Arlington City, (Va. Dec. 13, 1999) (defamation) (on file with authors)

108 Southern California Interdisciplinary Law Journal [Vol. 13:1

[4] Neon Compensatory Trial court Parties entered Systems, Inc. v. Damages: entered into confidential New Era of $14 million; judgment; settlement. Networks of Punitive Appellant Denver, 2001 Damages: filed motion Tex. App. $25 million dismissing LEXIS 7538 appeal. (Tex. Ct. App. Nov. 8, 2001) (business tort)159 [5] Kremen v. Compensatory Trial judge Defendant fled Cohen, 314 F.3d Damages: entered country 1127 (9th Cir. $40 million; default 2003) Punitive judgment (conversion Damages: action for theft $25 million of domain name) [6] Earthlink Compensatory Permanent Networks, Inc. v. Damages: injunction Smith, 13 $12.4 million; ordered; no Internet Law & Punitive post-verdict n/a Litigation (Pike Damages: history and Fischer) 94 $24.85 million available (N.D. Ga. 2002) (RICO, trespass to chattels) (on file with authors) [7] Simon Compensatory Trial court set Remitted Property Group Damages: aside its $11.5 compensatory v. MySimon $16.8 million; million award damages; Inc., 282 F.3d Punitive of profits, Applied Indiana 986 (7th Cir. Damages: reduced tort reform 2002) $10 million punitive limiting punitive (dismissing damages from damages to judgment) $10 million to three-times the (trademark $50,000, and compensatory dilution, unfair ordered a damages competition) retrial

159 See also Big Verdicts of 2001 Went as High as $140 million; $39 million in Dispute over ‘NEON’ Trademark, NATIONAL LAW JOURNAL, Jan. 21, 2002, at C5; NLJ Verdicts 100; Verdicts at a Glance, NATIONAL LAW JOURNAL, Feb. 4, 2002, at C24.

2003] Cybertorts and Legal Lag 109

As in products liability litigation, punitive damages in cybertort cases have a high mortality rate.160 Table Seven describes the post-verdict fate of the seven cybertort verdicts or default judgments in which the punitive damages were greater than $5 million. Large or high-ratio punitive awards are rarely, if ever, collectible because of rigorous judicial review, defaulting defendants, and post-verdict settlements. Unlike the bricks and mortar world, relatively few cybertort awards were appealed. Cybertort defendants who contested high-ratio or large punitive damage verdicts enjoyed great success in reducing or vacating the award. In thirty-four of the forty-five punitive damages awards, there was no post-verdict review or adjustment. Still, as Table Seven reveals, the largest awards were often reduced or eliminated in the post-verdict stage. Of the eleven punitive damages awards reviewed at the appellate level, only one verdict was affirmed in whole. As in traditional tort litigation, judicial scrutiny of large punitive damages awards is rigorous. Plaintiffs in cybertort litigation face an additional obstacle not often found in products liability cases — the disappearing defendant. In many cybertort judgments, there was no post-verdict review because the defendant filed for bankruptcy, fled the jurisdiction or was otherwise beyond the reach of judicial process. A product manufacturer with physical production facilities and distribution channels generally has tangible assets that are reachable. Many cybertort defendants, in contrast, may easily conceal their physical assets with the click of a mouse. In Kremen v. Cohen,161 for example, the defendant who misappropriated the domain name sex.com fled the country with the proceeds of a court-supervised bank account to avoid paying the judgment. Table Seven documents the short and unhappy post-verdict history of large punitive awards handed down in Internet tort litigation. Punitive damages of $5 million or greater were generally uncollectible or set aside by reviewing courts. Clearly, the judiciary strictly scrutinized the few large punitive damages verdicts in cyberspace even prior to State Farm Mutual Automobile Insurance Co. v. Campbell.162 Empirical studies of judicial control of punitive damages in traditional torts also conclude that punitive damages are subject to strict post-verdict review on grounds other than excessiveness.163 Tort reformers and some legal academics have praised

160 A study of post-verdict adjustments in products liability found that 4 in 10 punitive damages were settled in the post-trial period. For cases settling prior to appeal, the plaintiff received the full amount of punitive damages in only half of the cases studied. Appellate courts affirmed a quarter of the punitive damages awards in products liability. Nearly one-third of verdicts were reversed or remitted. See Unraveling Punitive Damages, supra note 34, at 42. 161 314 F.3d 1127 (9th Cir. 2003). 162 123 S. Ct. 1513 (2003). 163 A secondary analysis of a study cited by the defendant in Honda Motor Co. v. Oberg, 512 U.S. 415 (1995), reveals that post-trial adjustment of punitive damages in million dollar cases were rarely based on excessiveness. Reversals or reductions in punitive damages were generally ordered because of

110 Southern California Interdisciplinary Law Journal [Vol. 13:1 the strict scrutiny applied to tort damages. Stephen Sugarman, who favors an administrative alternative to tort law, praises the judiciary for increasingly “un-making” new torts by subjecting them to rigorous oversight.164 In cyberspace cases, the punitive damage awards handed down by both judges and juries were generally modest in amount and proportional to compensatory damages. The only cyberspace punitive award in which a court reversed and remanded a high-ratio award for an excessiveness review was a non-tort case awarded under the Freedom of Access to Clinics Entrance Act (“FACE”) case of Planned Parenthood of the Columbia/Williamette, Inc. v. American Coalition of Life Activists.165 In Planned Parenthood, the medical provider and its affiliated doctors were portrayed on a web site in Old West-style "wanted" posters. These virtual wanted posters provided the physicians’ names and addresses and charged them with crimes against humanity. When a doctor who performed abortions was murdered, the web site displayed the doctor’s name with a line drawn through it. Planned Parenthood filed an action against the anti-abortion activists who developed the web site, contending that the wanted posters constituted a true threat of imminent harm. The plaintiff won a $109 million verdict against the pro-life organization and its officers, including punitive damages. The trial court also granted a permanent injunction prohibiting the defendants from publishing the posters or contributing materials to the pro-life web site because such publication was made with intent to harm.166 The Planned Parenthood court awarded a multi-million dollar punitive damages award in favor of the physicians.167 This 98 to 1 high ratio verdict was remanded to the district court for a review for constitutional excessiveness. A three-judge panel of the Ninth Circuit reversed the entire judgment, but the decision was in turn reversed when an en banc panel ruled that the online “wanted-type poster” could be actionable. The Ninth Circuit panel reinstated the compensatory damages but reversed the punitive damages award. The court found that the "Nuremberg Files" web site constituted a true threat or predicate offense under FACE in the way that lines were drawn through the names of murdered doctors. The issue of punitive damages was remanded to the

trial errors, judicial errors, rather than because the award was excessive. See Unraveling Punitive Damages, supra note 34, at 61-65. 164 Stephen D. Sugarman, Judges as “Un-Makers”: Recent California Experience with “New Torts”, 49 DEPAUL L. REV. 455 (1999). 165 290 F.3d 1058 (9th Cir. 2002) (en banc opinion reinstating compensatory damages and remanding punitive damages award for a determination of whether it was excessive in light of federal constitutional standards). 166 Planned Parenthood, Inc. v. Am. Coalition of Life Activists, Inc., 41 F. Supp. 2d 1130, 1155 (D. Or. 1999) (finding that the “actions of the defendants in preparing, publishing and disseminating these true threats objectively and subjectively were not protected speech under the First Amendment” and issuing a permanent injunction). 167 Id.

2003] Cybertorts and Legal Lag 111 federal district court on whether they were constitutionally excessive under the BMW v. Gore guideposts.168 Many of the largest cybertort awards were uncollectible because the defendant was beyond the reach of process or enforcement of judgments. In Konanykhine v. Izvestia Newspaper,169 a jury handed down a punitive damages verdict that was 8.6 times the compensatory damages. In Konanykhine, a prominent Russian newspaper was assessed $30 million for accusing a Russian businessman of organized crime involvement, an assertion which ruined his attempts to obtain foreign financing for his business ventures. This case involved no judicial review for excessiveness since it was a default judgment with no chance of being collected. Off-shore web sites may easily evade civil law enforcement by disappearing. In John Does v. Franco Productions,170 young college athletes were awarded $506 million against Internet distributors for compensatory and punitive damages based upon invasion of privacy, unlawful use of the plaintiffs' images for monetary gain, and mail and wire fraud under civil RICO laws.171 In Franco Productions, the defendants used hidden cameras to film college athletes in locker rooms, restrooms, and wrestling meets.172 The secret videotapes were advertised as "hot young dudes" and sold on the Internet. The tapes carried names like "Straight Off the Mat" and "Voyeur Time" and depicted hundreds of young athletes in various degrees of nudity. The federal district court had previously held that the ISP was not liable for any tort action because of the broad immunity granted to providers by Section 230 of the Communications Decency Act (“CDA”).173 The federal court’s default judgment against the primary defendants was uncollectible because they fled to an offshore haven.174 The enforcement of cybertort judgments is often problematic because the defendant may have only a virtual presence and no traceable assets to seize.175

168 Planned Parenthood of the Colombia/Willamette, Inc. v. Am. Coalition of Life Activists, 290 F.3d 1058 (9th Cir. 2002) (summarizing procedural history of Nuremberg files case). 169 2000 JAS Publications, Metro Verdicts Monthly, No. 97-1139 (Arlington City, Va. Dec. 13, 1999) (awarding $30 million in punitive damages in default judgment for defamation to Russian businessman) (on file with authors). 170 2000 U.S. Dist. LEXIS 8645 (N.D. Ill. June 21, 2000). 171Id. 172 Id. 173 See John Doe v. GTE Corp., 2003 U.S. App. LEXIS 21345 (7th Cir. Oct. 21, 2003). 174 College Athletes Sue over Videos Made by Hidden Cameras, LEGAL INTELLIGENCER, July 28, 1999, at 4. 175 The Seventh Circuit, in John Doe v. GTE Corp., 2003 U.S. App. LEXIS 21345 (7th Cir. Oct. 21, 2003), affirmed the district court's dismissal of the liability claims of GTE, web host and ISP, for hosting the illicit distribution of the tapes of college athletes. The Seventh Circuit agreed with the lower court that Section 230 of the Communication Decency Act immunized the web host, even though it enabled the pornographer to post illicit content invading the privacy of the college athletes.

112 Southern California Interdisciplinary Law Journal [Vol. 13:1

11. Summary of Empirical Findings about Cybertorts Table Eight summarizes the qualities of cybertorts and contrasts them with real world torts. Cybertorts are predominately information-based economic loss cases rather than the personal injury negligence litigation that constitutes the bulk of traditional tort caseloads. In real world tort cases, “general damages are awarded to compensate plaintiffs for physical pain, mental suffering, disability, disfigurement, loss of enjoyment of life, and other similar harms.”176 The most significant category of personal injury damages is lost wages or imputed earnings.177 The largest category of tort litigation is automobile accident cases,178 followed by premises liability, medical malpractice, products liability, toxic torts, and slander.179 In contrast, the cyber world caseload is disproportionately composed of business and publication torts, with few negligence-based actions and no strict liability torts.

176 Roselle L. Wissler, Ailen J. Hart & Michael J. Saks, Decisionmaking About General Damages: A Comparison of Jurors, Judges, and Lawyers, 98 MICH. L. REV. 751, 757 (1999). 177 Id. 178 U.S. Department of Justice, Civil Justice Survey of State Courts, BUREAU OF JUSTICE STATISTICS (1992). 179 Id.

2003] Cybertorts and Legal Lag 113

Table Eight: Cybertorts vs. Brick and Mortar Torts

PREDOMINANT CYBERTORTS180 BRICK & ATTRIBUTE MORTAR TORTS181 No strict liability and few Automobile liability, Type of Cases negligence cases; premises liability, predominantly intentional medical malpractice, tort cases products liability, fraud, and a lesser role for intentional torts182 Frequency of Tort Insignificant segment of the Important sector of legal landscape legal landscape183 Cases

Predominant Intentional torts with few Predominately negligence and no strict negligence-based and Branch liability causes of action fewer strict liability and intentional torts184 Role of Punitive Punitive damages awarded Awarded in less than in approximately forty 10% of cases;185 Damages percent of the cybertort high-ratio punitive cases. Punitive damages awards are more were generally less than common but awards compensatory damages or are generally

180 All of the data underlying the findings about cybertorts are drawn from Michael L. Rustad & Thomas H. Koenig’s Internet Tort Database: 1992-2003 (on file with authors). 181 The “brick and mortar” comparison is largely drawn from the empirical studies of torts conducted by the National Center for State Courts. See STEVEN K. SMITH ET AL., TORT CASES IN LARGE COUNTIES, BUREAU OF JUSTICE STATISTICS BULLETIN (NCJ-153177) (Apr. 1995), available at http://www.lectlaw.com/files/lit15.htm (last visited Nov. 2, 2003). 182 Saks, supra note 111, at 1208 (citing National Center for State Court study concluding that the U.S. “tort caseload is dominated by auto torts, accounting for 46.1% of filings”). 183 Deborah R. Hensler, Trends in Tort Litigation: Findings from the Institute for Civil Justice's Research, 48 OHIO ST. L.J. 479, 481 (1987) (citing empirical research on the stability of automobile personal injury claims and the growth of claims in product liability, medical, and other emergent areas). 184 Dan B. Dobbs, THE LAW OF TORTS 2, 3 (2000) (discussing three bases of traditional tort liability and observing that tort liability is most commonly predicated upon negligence). 185 See Unraveling Punitive Damages, supra note 34, at 22 (citing GAO study finding punitive damages in only 7.5% of products liability cases). See also Stephen Daniels & Joanne Martin, Myth and Reality in Punitive Damages, 75 MINN. L. REV. 1, 28 (1990).

114 Southern California Interdisciplinary Law Journal [Vol. 13:1

reasonably proportional proportional to actual damages186 Typical Plaintiff Mix of large companies and Predominately individuals individuals187 Typical Defendant Mix of small companies and Individuals and large individuals companies188 Remedy Sought Greater role of prospective Predominately relief and other equitable monetary damages189 remedies Role of Jury Less central in cybertort Most personal injury litigation trials are decided by juries190 Locale Litigation hot spots are in Traditional torts California, Texas, and other hotspots are in the advanced industrial states same jurisdictions as

186 See In Defense of Punitive Damages in Products Liability, supra note 32, at 50 (finding punitive damages were ten times or greater than compensatory damages in 10% of products liability cases). 187 See Smith, supra note 181 (noting that vast majority (94%) of state tort cases had an individual as plaintiff); In Defense of Punitive Damages in Products Liability, supra note 32, at 50. Similarly, every successful plaintiff in the field of medical malpractice who obtained a punitive damages award in the period 1963-1993 was an individual. See generally Gender Injustice, supra note 32. See also Michael L. Rustad, Nationalizing Tort Law: The Republican Attack on Women, Blue Collar Workers, and Consumers, 48 RUTGERS L. REV. 673 (1996) (arguing that tort reform limiting remedies will benefit corporate America at the expense of the rights of women, consumers and working class Americans). 188 See Smith, supra note 181 (reporting that half of the tort cases the defendant was an individual). See also Unraveling Punitive Damages, supra note 34, at 45 (reporting mix of individual and corporate defendants in tort litigation study). 189 See Smith, supra note 181 (noting “that tort litigation primarily involves claims or damages related to personal injury”). See, e.g., GUIDO CALABRESI, THE COST OF ACCIDENTS: A LEGAL AND ECONOMIC ANALYSIS 26 (1970) (noting that it is "axiomatic that the principal function of accident law is to reduce the sum of the costs of accidents and the costs of avoiding accidents"). 190 Empirical studies confirm that most cases settle before resolution by the jury or bench trial. See Smith, supra note 181. “The National Center for State Courts (‘Center’) has undertaken a project to develop a profile of litigation in state courts over time. At present, the published data, authored by Ostrom et al., are limited to a single year, 1992, but the findings provide a good snapshot of jury trials. Based on a sampling of 75 of the nation's largest counties, Ostrom estimated that the courts of general jurisdiction disposed of 762,000 tort, contract, and real property cases in that year. Juries decided only 2% of these cases. The largest group of cases decided by juries involved torts, 79%, with contract cases constituting 18%, and the remainder being real property cases.” Neil Vidmar, The Performance of the American Civil Jury: An Empirical Perspective, 40 ARIZ. L. REV. 849, 851 (1998). Although there is almost no empirical data on the percentage of cases decided by juries versus judges, our studies of punitive damages confirm the continuing centrality of the jury. A jury rather than a judge assessed virtually every punitive damage award in a products liability case. See generally In Defense of Punitive Damages in Products Liability, supra note 32.

2003] Cybertorts and Legal Lag 115

in cybertort litigation191 Type of Damages Predominately economic Predominately loss cases personal injury192 Judicial Control of Fewer defendants appeal Punitive damages are Punitive Damages their punitive damages frequently reversed verdicts; For the few awards or remitted by appealed, great judicial appellate judges193 scrutiny of large awards Tort Filings: State Cybertort cases are Traditional torts are versus Federal frequently filed in federal primarily governed Court court by state law because Dispositions. tort litigation is largely decided in state courts194

II. TOWARDS A CYBERTORT TYPOLOGY The birth rate for Internet cases is great, but the attrition rate at an early stage appears vast.195 Just as in traditional torts, most cyber lawsuits are abandoned, dismissed, settled short of the verdict stage, or simply disappear.196 This section will explore the reasons why cybertorts, much like the fate of hatchling sea turtles, fail to reach the maturation stage. Part II develops a typology based upon the first decade of U.S. cybertort cases. The cybertort caseload may be sub-divided into three ideal type197 categories: (1) intentional torts, where the Internet is merely an

191 Unraveling Punitive Damages, supra note 34, at 34-36 (concluding that Texas, California, Florida, Illinois, and other hot spots predominated in traditional tort litigation). 192 All plaintiffs in products liability actions seeking punitive damages sought compensatory damages for personal injury rather than economic loss. See In Defense of Punitive Damages in Products Liability, supra note 32. Business torts plaintiffs, in contrast, are only seeking economic loss. Personal injury cases in cyberspace are unlikely to ever be a significant segment of the caseload. 193 All empirical studies of post-verdict outcomes in tort litigation confirm that trial and appellate judges tightly control punitive damages. See Unraveling Punitive Damages, supra note 34, at 40-44. 194 See generally DAN B. DOBBS, THE LAW OF TORTS 1-2 (2000). 195 Traditional torts also face many barriers, which screen out most tort filings prior to verdict. See Richard E. Miller & Austin Sarat, Grievances, Claims and Disputes: Assessing the Adversary Culture, 17 LAW & SOC’Y REV. 525, 544 (1980-81) (documenting high rate of attrition of tort claims). 196 See generally Real World Torts, supra note 92 (portraying the tort dispute pyramid). 197 The term “ideal type” was invented by German Sociologist Max Weber to explain his methodology for historical research. The ideal type involves “the abstract synthesis of those traits which are common to numerous concrete phenomena” in order to create discrete conceptual categories that can be more easily analyzed. MAX WEBER, THE METHODOLOGY OF THE SOCIAL SCIENCES 92 (Edward A. Shils & Henry A. Finch eds., Free Press) (1949). Through this epistemological device, complex, real world phenomena can be compared and contrasted by treating the conceptual groupings as if they are discrete categories that do not overlap. Id. at 90-94.

116 Southern California Interdisciplinary Law Journal [Vol. 13:1 instrumentality for civil wrongs, (2) traditional causes of action modified or reshaped significantly by the Internet, and (3) the missing category of new cybertort duties and causes of action. Plaintiffs have prevailed in many Internet tort cases classifiable into the first category. Category two includes cases that have stretched traditional doctrine by applying personal property torts such as the trespass to chattels, misappropriation of trade secrets, and conversion to intangibles. New cybertorts and duties, category three cases, have yet to develop due to a combination of statutory immunities, tort reforms, and judicial concern about opening the floodgates of cybertorts litigation.

A. OLD WINE IN NEW BOTTLES: NEW APPLICATIONS FOR INTENTIONAL TORTS Many courts are simply mechanically extending traditional tort doctrines to the Internet. In Mathis v. Cannon,198 the Georgia Supreme Court held that the state’s retraction statute developed in the bricks and mortar world also applied to the Internet. In the controversy over the prospective location of a recycling facility and landfill in Crisp County Georgia, an anonymous poster had accused the plaintiff of being a thief and a crook.199 The Mathis court found that Georgia’s retraction statute applied to a "publication" involving the Internet and a non-media defendant.200 Since the plaintiff had not requested a correction or retraction in writing before filing his complaint, he was not entitled to recover punitive damages.201 Moreover, the plaintiff was not entitled to summary judgment because he was a limited-purpose public figure, having participated in an Internet bulletin board debate regarding a solid waste recovery facility.202 Similarly, in Leary v. Punzi,203 a New York court ruled that a plaintiff had no action for right of publicity because she was unable to show that the defendant had used her name for a commercial purpose. Here, the court found no right of publicity where the plaintiff's name was inadvertently posted on a web site developed by a third party. The court noted that the potential rewards to the defendant would be too remote and speculative to satisfy a claim for commercial appropriation under New York law.

198 276 Ga. 16 (2002). 199 Id. at 24. The plaintiff in Mathis was able to determine the identity of the individual responsible for the poster and sued him for the allegedly libelous postings. However, the plaintiff did not seek a retraction, a precondition for punitive damages under Georgia tort law. The court reasoned that the plaintiff was a limited public figure because he injected himself into the controversy. Further, the plaintiff in Mathis failed to meet the heavy evidentiary burden of demonstrating by clear and convincing evidence that the Internet user published false and defamatory statements knowing that they were false or acting in reckless disregard of their truth or falsity. Id. 200 Id. at 28 (holding that statute requiring retraction applied equally well to the Internet); Cf. Cards v. Fushetto, 193 Wis. 2d 429 (Wis. 1995) (ruling that a network bulletin board was not a periodical subject to Wisconsin’s retraction statute). 201 Id. 202 Id. at 25. 203 179 Misc. 2d 1025, 687 N.Y.S.2d 551 (Sup. Ct. 1999).

2003] Cybertorts and Legal Lag 117

The majority of plaintiff’s victories in cyberspace cases require only a straightforward extension of bricks and mortar tort principles to information technologies. An ISP, for example, was sued for failing to pay a commission and finder’s fees to an ex-employee.204 This garden-variety contract dispute is an Internet case only because the defendant company was an ISP. Similarly, a fraudulent get-rich-quick investment scheme promoted through a spam e-mail campaign merely uses a new medium to carry out a scam previously executed by mail, telephone, or even older technologies.205 A large percentage of these traditional torts in a new information technology arise out of incendiary exchanges by e-mail, web site postings, or listserv threads. “Flaming” sessions on the Internet are the functional equivalent of public verbal lashings.206 Quarrels can easily escalate into a sustained campaign of e-mail harassment, online stalking, or personal attacks on web sites. In Bagwell v. Phillips,207 for example, the defendant published an Internet web page with photographs of his neighbor’s children accompanied by defamatory statements. This conflict was an outgrowth of a dispute over property damage allegedly caused by water runoff.208 An Internet flaming session can degenerate into physical violence just as in the bricks and mortar world. In Jewish Defense Organization Inc. v. Superior Court of Los Angeles County,209 the defendant defamed a rival activist on his web site by charging that the man was a “government snitch,” a dangerous psychopath who had tried to kill his mother, and a kidnapper. The defendant had hired ISPs to develop seven web sites devoted to defaming the plaintiff and registered the man’s personal name as a domain name. In retaliation, the plaintiff later slammed a steaming bowl of soup on the defendant’s head. The case escalated further when one of the parties opened fire, wounding an innocent bystander. In KNB Enterprises v. Matthews,210 the California Court of Appeals held that the state law right of publicity claims were not preempted by the

204 Adams v. Delphi Internet Servs. Corp., 1998 Mass. Super. LEXIS 579, *2-3 (Mass. Super. Ct., Nov 16, 1998). 205 Andrews v. Tutornet Euburn Forde, No. 956-A (E.D. Va. Aug. 22, 2002), at http://www.verdictsearch.com/news/verdicts/special/top100/nlj100-2.jsp (awarding $177,000,000 against company for promoting fraudulent scheme). See also Shannon Henry & Kenneth Bredemeier, Virginia Dot-Com’s Promises Mask Legal Turmoil, WASHINGTON POST, August 11, 2000, at A01. 206 “On the Internet, flaming is giving someone a verbal lashing in public. Often this is on a Usenet newsgroup, but it could be on a Web forum or perhaps even as e-mail with copies to a distribution list. Unless in response to some rather obvious flamebait, flaming is poor netiquette.” Searchwebservices.com, Definitions: flaming, at http://searchwebservices.techtarget.com/sDefinition/0,,sid26_gci212129,00.html (last visited Nov. 2, 2003). 207 2000 FLORIDA JURY VERDICT REPORTER, No. 97-13631 (Broward Fla. Nov. 23, 1998) (on file with authors). 208 Id. See also Griffis v. Luban, 646 N.W.2d 527, 536-37 (Minn. 2002) (refusing to enforce Alabama verdict won by teacher alleging defamation and invasion of privacy for statements made by Minnesota resident on the Internet). 209 85 Cal. Rptr. 2d 611, 614 (Cal. Ct. App. 1999). 210 92 Cal. Rptr. 2d 713, 723 (Cal. Ct. App. 2000).

118 Southern California Interdisciplinary Law Journal [Vol. 13:1

U.S. Copyright Act. The copyright owner of erotic photographs, which had been displayed without authorization and for profit on an Internet web site, brought suit against the web site's operator, asserting a misappropriation claim under a California statute. Courts in these cases are simply accommodating old causes of action to the new legal environment of the Internet. Courts have had little difficulty in adapting traditional jurisdictional rules — initially developed for the bricks-world — to the bytes-world.211

B. RECONSTRUCTING TRADITIONAL TORTS FOR CYBERSPACE For other cases, judges are not entering a new hermetically sealed arena when deciding torts in cyberspace, but are tailoring traditional tort principles for an online setting.212 In Butler v. Continental Express, Inc.,213 Rainer Krebs, a pilot for Continental Express, took a photograph of a female pilot and used a software application to superimpose the plaintiff’s face onto nude pictures of women in sexually suggestive poses. He posted these pornographic images on the Internet and the airline’s intranet. The target of this virtual sexual harassment was awarded damages for defamation per se, intentional infliction of emotional distress, invasion of privacy, and punitive damages for acting with malice.214 On one level, this

211 Many U.S. courts have found that a plaintiff in an Internet-related case satisfies due process by a showing that: (1) the defendant purposefully took advantage of the privilege of conducting activities in the forum state by invoking the benefits and protections of the forum state's laws, (2) the plaintiff's claim arises out of the defendant's forum-related activities, and (3) the exercise of jurisdiction over the out-of-state defendant is reasonable. MICHAEL L. RUSTAD & CYRUS DAFTARY, supra note 10, at § 7.03. A LEXIS search within the federal and state cases database revealed that courts have applied a purposeful availment test in at least 246 Internet-related cases. The California Supreme Court held that merely posting a program for decrypting DVDs on the Internet did not subject a Texas resident to personal jurisdiction. Pavlovich v. Superior Court, 59 Cal. 4th 262, 277 (2002). The court in Pavlovich found that the fact that a Texas resident knew that his conduct was injuring the motion picture industry in California was an insufficient basis for personal jurisdiction. Id. The Ninth Circuit has adapted traditional jurisdictional tests for determining whether an out-of-state web site operator's activities amount to purposeful availment of the forum state to render the exercise of personal jurisdiction over the out-of-state web site operator constitutionally permissible: (1) the sliding scale approach, and (2) the effects test, endorsed by the U.S. Supreme Court in Calder v. Jones, 465 U.S. 783 (1984). See Northwest Healthcare Alliance, Inc. v. Healthgrades.com, Inc., 50 Fed. Appx. 339 (9th Cir. 2002). In Millennium Enterprises, Inc. v. Millennium Music, Inc., a court granted a web site's motion to dismiss, finding that the court lacked general and specific jurisdiction over the defendant. 33 F. Supp. 2d 907 (D. Or. 1999). The South Carolina defendant sold music in its retail and Internet web sites using the Millennium Music® trademark. The Millennium court ruled that there was no purposeful availment based upon sporadic sales in the forum. The defendants had sold only fifteen compact discs to nine customers in six states and one foreign country. The only sale within the forum state was made to a friend of the plaintiff's counsel upon his instruction. The court found no purposeful availment upon this "manufactured" contact, dismissing the action. Id. 212 Lawrence Lessig warns against divorcing traditional principles from cyberspace by viewing it as a totally new arena. LAWRENCE LESSIG, CODE & OTHER LAWS OF CYBERSPACE (1999) (arguing that traditional legal principles are sufficiently malleable to regulate the Internet). 213 2002 NLP IP Company — American Lawyer Media, J: 98: 05227, No. 96-1204096 (Montgomery, Texas June 8, 1998) (on file with authors). 214 Cf. Blakey v. Cont’l Airlines, Inc., 730 A.2d 854 (N.J. 1999) (dismissing female pilots’ defamation, invasion of privacy, sexual harassment and other claims based upon postings by male pilots

2003] Cybertorts and Legal Lag 119 case is simply applying well-established intentional tort theories to cyberspace. On another level, it involves an entirely new category of mortifying injury that does damage of a greater magnitude than would otherwise be possible in the traditional workplace. In Classified Venturers v. Softcell Marketing,215 Classified Ventures successfully enjoined the defendant from using the cars.com name and mark in connection with Softcell’s pornographic spam e-mail messages.216 Classified Ventures’ cars.com web site included advertising of new and used automobiles for sale, as well as editorial reviews, interest rates, price reports, and other information relating to automobiles. Softcell sent massive numbers of commercial e-mails advertising Internet pornography services using messages such as "Hi," "Do it for free," "don'y fay [sic] for Video," "not kidding! . . . Really Free," "free this time," and "Got your note."217 Each e-mail bore the same deceptive return address: [email protected]. The pornographic web site’s predatory conduct relied upon consumer confusion about the origin of the messages. In EBay, Inc. v. Bidder's Edge, Inc.,218 the leading Internet-based auction trading site obtained a preliminary injunction preventing an Internet auction aggregate-site from accessing eBay’s web site with spiders, or automated querying software programs.219 The court was asked to apply the eighteenth-century tort of trespass to chattels220 to "the electronic signals generated by the [defendants'] activities.”221 The defendant responded that the spider’s data mining activities were not sufficiently tangible to support a trespass cause of action.222 The eBay court disagreed, finding the defendant “trespassed” on eBay’s web site because it breached the terms of service agreement.223 on airline’s intranet bulletin board on personal jurisdictional grounds), rev’d and remanded, 751 A.2d 538 (N.J. 2000) (holding that postings might have been so closely related to workplace environment that continuation of harassment on forum should be regarded as part of the workplace). 215 109 F. Supp. 2d 898 (N.D. Ill. 2000). 216 Id. at 901. 217 Id. at 899. 218 100 F. Supp. 2d 1058 (N.D. Cal. 2000). 219 Id. at 1073. 220 “Eighteenth-century tort law validated property owners' rights to the full enjoyment and use of their chattels and land. Personal property consisted of all moveable chattels. Actions for dispossessed chattels were divided into actions for taking personal property away and ‘for detaining them, though the original taking might be lawful.’ The rights of personal property owners were vindicated in an action for the deprivation of, or damage to, chattels. Originally, trespass covered the wrongful taking of a chattel, in contrast to , which covered the wrongful detention of personal property. was a common law action for the recovery of personal property. Trover was a far more flexible writ than detinue because it permitted an action against a defendant who unlawfully exercised dominion or control over the personal property of another by any means. If, for example, a neighbor borrowed a horse and did not return it, the owner could bring a writ for any damage done to the horse and to compensate for the loss of the horse's services.” Taming the Tort Monster, supra note 67, at 22-23. 221 EBay, 100 F. Supp. 2d at 1069. See also Hotmail Corp. v. Van Money Pie, Inc., 1998 WL 388389 (N.D. Ca. April 16, 1998) (granting preliminary injunction on grounds of trespass to chattels and unfair competition as well as other claims). 222 EBay, 100 F. Supp. 2d at 1069. 223 Id. at 1070.

120 Southern California Interdisciplinary Law Journal [Vol. 13:1

If eBay had not been successful in restraining this comparison shopping service from data mining its auctions, the company might have been driven out of business. Since information about auctions on all major web sites would be available through a single site, Bidder’s Edge, sellers would choose the lowest cost auction forum, eliminating eBay’s competitive advantage of having gathered the largest community of potential purchasers. In a similar vein, the First Circuit affirmed an order for injunctive relief against the creator of a web site scraper tool used to extract information from a student travel Internet site in EF Cultural Travel v. Zefer Corp.224 Court decisions applying personal property torts to cyberspace demonstrate the validity of Richard Nixon’s observation that judges sometimes stretch the law to accommodate social change. Extending eighteenth-century torts to cyberwrongs demands a rethinking of personal property torts in the context of the Internet. The ancient tort of trespass to chattels was stretched to enjoin a former Intel employee from sending spam e-mails to all current employees of the company in Intel Corp. v. Hamidi.225 In Hamidi, a disgruntled ex- employee flooded Intel’s company-wide computer system by transmitting six separate e-mails to 29,000 current employees. When Intel was unable to block or otherwise filter out the unwanted messages, it sent a letter demanding that the defendant cease sending the e-mails criticizing the company. The trial court enjoined the commercial e-mail campaign on a theory of trespass to chattels, rejecting the defendant’s argument that he had a First Amendment right to transmit mass e-mailings.226 A dissenting judge found that Intel suffered no damages from the unsolicited e-mail on the grounds that there was no injury to the owner’s possessory interest in the computer system. The judge reasoned, “the majority would apply the tort of trespass to chattels to the transmittal of unsolicited electronic mail that causes no harm to the private computer system that received it by modifying the tort to dispense with any need for injury, or by deeming the mere reading of an unsolicited e-mail to constitute the requisite injury.”227 The dissenting judge found that no trespass to chattels may be claimed because the only injury was “the time employees spent in reading an e-mail.”228 The California Court of Appeals upheld the lower court’s injunction, agreeing that the ex-employees’ unwanted e-mails constituted a sufficient intermeddling to constitute trespass to chattels.229 In Hamidi v. Intel, 230 the

224 2003 U.S. App. LEXIS 1336 (1st Cir. Jan. 28, 2003) (affirming preliminary injunction enjoining software program used as scraper tool on web site). 225 94 Cal. App. 4th 325 (2001). 226 Id. at 328. 227 Id. 228 Id. 229 “A trespass to chattels may be committed by intentionally: (a) dispossessing another of the chattel, or (b) using or intermeddling with a chattel in the possession of another.” RESTATEMENT (SECOND) OF TORTS § 217 (1965). No dispossession of Intel’s computer system could be argued because the company always retained control of its system. The issue confronting the courts was

2003] Cybertorts and Legal Lag 121

California Supreme Court reversed the intermediate court, ruling that Intel had not met its evidentiary burden of proving that Hamidi’s e-mails had caused actual damages, an essential element of the tort of trespass to chattels. The court found that Hamidi’s e-mails to current employees had not caused any physical damage, disrupted Intel’s computers, nor prevented the company from accessing its computers’ e-mail messages.231 The Hamidi case also raises the issue of whether a company’s enjoining of physically non-disruptive e-mail messages violates the free speech guarantees of the California and U.S. Constitutions.232 The lower court's refusal to extend state action to a corporation's e-mail system is an example of mechanistic jurisprudence as it fails to recognize a cyberspace commons.233 Members of the judiciary need to rethink how tort law should be applied to the “virtual world.” The tort of conversion is defined as the unlawful exercise of dominion or control over the personal property of another. The tort was originally conceptualized to defend against the permanent dispossession or destruction of personal property. Courts have now stretched the eighteenth- century tort of conversion to redress the unauthorized theft of a domain name. In Kremen v. Cohen,234 the Ninth Circuit recently ruled that a tangible document representing the intangible interest of a domain name may be converted.235 Kremen, the original owner of sex.com, filed suit against Cohen for forging a letter to Network Solutions Inc., allowing him to obtain ownership of the sex.com domain name.236 Cohen used the purloined domain name to launch an Internet pornographic empire.237 In 2001, the U.S. District Court for the Northern District of California ordered the domain name returned to Kremen and handed down a $65 million judgment against Cohen.238 After Cohen fled the country, Kremen filed suit against VeriSign, charging it with conversion for the unauthorized transfer of the domain

whether Intel suffered damages since there was no real impairment or loss of value to its computer system. 230 71 P.3d 296 Cal. 2003). 231 Id. at 311. 232 Id. (stating that refusal to transmit electronic messages did not violate the First Amendment because there was no state action). 233 The lower court’s decision extending real-space trespass law to computer systems has been criticized for blindly assuming that trespass to land is a functional equivalent to a computer intrusion. Jonathan Blavins, The Evolution of Internet: Metaphors in Law & Community, 16 HARV. J.L. & TECH. 265, 283 (2002) (arguing that “new space” is different from “real-space” and that courts need to consider the difference). 234 337 F.3d 1024 (9th Cir. 2003) (holding that domain name registrar may be liable for conversion in fraudulent transfer of domain name to third party). 235 Id. 236 Kremen v. Cohen, 2000 U.S. Dist. LEXIS 21490, *4-8 (N.D. Cal. Nov. 27, 2000). 237 Id. 238 Kremen, 337 F.3d 1024, 1027 (9th Cir. 2003) (noting that court restored registration of sex.com to plaintiff).

122 Southern California Interdisciplinary Law Journal [Vol. 13:1 name.239 The District Court granted summary judgment in favor of VeriSign, concluding that a domain name was not protected intangible property that could be converted.240 In Kremen’s appeal to the Ninth Circuit, the court considered the question of whether the domain name registrar was liable for conversion under California law.241 The Ninth Circuit certified this question to the California Supreme Court, which denied the certification, returning the case to the Ninth Circuit without an opinion.242 In July of 2003, the Ninth Circuit ruled that the district court erred in concluding that domain names, although a form of property, were intangibles not subject to conversion. The Ninth Circuit became the first to rule that an intangible such as a domain name was protected by the tort of conversion.243 Whether judges are willing to extend traditional tort causes of action to the Internet in cases such as Kremen will shape the future path of the law.

C. THE MYSTERY OF THE MISSING TORTS “Is there any point to which you would wish to draw my attention? To the curious incident of the dog in the night-time. The dog did nothing in the night-time. That was the curious incident.”244 Sherlock Holmes’ famous observation regarding the significance of the dog that did not bark245 is also a key to understanding the mystery of the missing Internet tort. Most torts that are common in the bricks and mortar world have yet to develop in cyberspace. Traditional tort law has three branches: (1) intentional torts, (2) negligence, and (3) strict liability. In a decade of cybertort cases, no plaintiff has successfully pleaded a case based upon strict liability. To date, there have been few successful negligence- based actions arising in cyberspace. In the real-space world, in contrast, the vast majority of torts are based on negligence. Similarly, the remedies for privacy-based torts have not been extended to punish and deter violations of Internet security, data mining, or the invasion of privacy. 1. Anonymity, Pseudonymity & Cybertorts Verizon Internet Services has recently mounted a constitutional challenge against enforcement of a recording industry subpoena under § 512(h) of the Digital Millennium Copyright Act (“DMCA”). The subpoena

239 Kremen, 314 F.3d 1127 (noting that VeriSign is the successor corporation to Network Solutions which was duped into making the unauthorized domain name transfer name to Cohen). 240 Id. 241 Kremen, 314 F. 3d at 3. 242 Kremen, 2003 Cal. LEXIS 1342 (Cal. Feb. 25, 2003). 243 Kremen, 337 F.3d 1024, 1029-30 (9th Cir. 2003) (ruling that California’s law of conversion does not adopt the doctrine of merger favored by RESTATEMENT (SECOND) OF TORTS). 244 ARTHUR CONAN DOYLE, SILVER BLAZE (1892) cited in William Safire, Holmes’ Horse Dog, N.Y. TIMES, Feb. 7, 2002, at 29A. 245 See id.

2003] Cybertorts and Legal Lag 123 seeks the identity of Verizon customers who have downloaded massive amounts of music from the Internet.246 If ISPs are required to divulge personally identifiable information about subscribers, the privacy of Internet users will be severely compromised.247 ISPs presently enjoy blanket immunity against privacy torts and are resisting attempts to reveal personal information about their customers.248 Individual plaintiffs are also attempting to require ISPs to unveil the identity of authors of Internet postings or other tortfeasors. Many of the primary defendants in cybertorts are spiteful individuals who use anonymous or pseudonymous identities to perpetrate their wrongdoing.249 A heated conversation in a chat room, newsgroup, or web site may become the basis of a defamation lawsuit.250 Anonymous individuals may use the Internet to post information and tarnish the reputation of a company or an individual by posting false information on an electronic bulletin board.251 Courts are developing new procedural thresholds for John Doe subpoenas.252 In a case of first impression, a corporation brought suit against AOL to force the ISP to divulge the identities of John Doe defendants who allegedly defamed the company and published confidential information in Internet chat rooms.253 In Immunomedics, Inc. v. Doe,254 the court held that a biopharmaceutical company may subpoena the records of an ISP in order to learn the identity of an anonymous Internet poster who revealed confidential information about the company on an ISP managed bulletin board. In contrast to the litigants in the bricks and mortar world, cybertort defendants are frequently untraceable.

246 Verizon Stresses Constitutional Violations in 2nd Subpoena Case, 4 WASH. INTERNET DAILY 1, March 19, 2003. 247 “Anyone with a claim of copyright infringement can demand identifying information — names, home phone numbers, addresses and the like — about a potentially unlimited number of Americans.” Jonathan Sidener, Piracy vs. Privacy; Is the Entertainment Industry Going too Far to Fight File-Sharers? SAN DIEGO UNION TRIB., March 24, 2003, at E1. 248 See, e.g., Doe v. GTE Corp., 2003 U.S. App. LEXIS 21345 (7th Cir. Oct. 21, 2003) (dismissing privacy-based tort against web host on grounds of Section 230 immunity); Carafano v. Metrosplash.com, Inc., 339 F. 3d 1119 (9th Cir. 2003) (dismissing ISP on grounds of Section 230 immunity in privacy action arising out of identity theft). 249 This conclusion is based upon our database where individual plaintiffs filed lawsuits against other individuals. See, e.g., Bagwell v. Phillips, 2000 FLORIDA JURY VERDICT REPORTER, No. 97- 13631 (Broward Fla. Nov. 23, 1998) (on file with authors). 250 Denis Keller, Blaming the Messenger, IRISH TIMES, May 3, 1999, at 18. 251 See Bochan v. LaFontaine, 68 F. Supp. 2d 692 (E.D. Va. 1999) (holding that a nonresident who posted allegedly defamatory statements about a Virginia resident on a Usenet server had sufficient contact with the forum to satisfy state’s long arm statute and federal due process). 252 Dendrite Int’l, Inc. v. Doe, 775 A.2d 756 (N.J. Super. Ct. App. Div. 2001). 253 America Online, Inc. v. Anonymous Publicly Traded Co., 542 S.E.2d 377 (Va. 2001). 254 775 A.2d 773 (N.J. 2001).

124 Southern California Interdisciplinary Law Journal [Vol. 13:1

2. Internet Service Providers Enjoy Tort Immunity Corporations that post content developed by third parties, as well as ISPs, are generally shielded from cybertort liabilities.255 Section 230 of the Communications Decency Act (“CDA”) was originally enacted to protect the infant industry of ISPs, such as AOL, CompuServe, and Prodigy, that faced an uncertain future because of unpredictable rulings on defamation.256 Section 230 was designed to “promote the continued development of the Internet and other interactive computer services and other interactive media” and “to preserve the vibrant and competitive free market” for such services.257 3. Classifying ISPs as Distributors Congress chose to classify providers of interactive computers services as distributors rather than publishers.258 Publishers are traditionally held liable for defamatory statements contained in published works, even without a showing that they had prior knowledge of the objectionable content. In contrast, distributors are not liable for defamatory statements absent a showing of actual knowledge of the defamatory statements.259 Prior to the passage of the CDA, courts decided whether ISPs were liable as publishers or distributors based upon whether they exercised editorial control over the content of postings.260 Section 230 of the CDA immunizes ISPs for torts committed by subscribers and third parties.261 Congress was lobbied heavily by large ISPs, such as AOL, CompuServe, and Prodigy,

255 See, e.g., PatentWizard, Inc. v. Kinko’s Inc., 163 F. Supp. 2d 1069 (S.D. 2001) (holding Kinko’s immune from liability for disparaging comments made about company in chat room). 256 47 U.S.C. §§ 230(a) - 230(b) (2001). 257 47 U.S.C. §§ 230(b)(1) - 230(b)(2) (2001). 258 The CDA applies not only to large-scale providers of interactive computer services such as America Online but also to web sites where content is posted by third parties. Section 230 broadly extends liability: “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” 47 U.S.C. § 230(c)(1) (2001). Information content providers is also defined broadly to include “any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service.” 47 U.S.C. § 230(f)(3) (2001). 259 W. PAGE KEETON, PROSSER AND KEETON ON THE LAW OF TORTS 810-11 (5th ed. 1984). 260 Cubby, Inc. v. CompuServe, Inc., 776 F. Supp. 135 (S.D. N.Y. 1991) (holding that an ISP was not liable for defamatory statements because it was merely a distributor of third party content, not a publisher); Stratton Oakmont, Inc. v. Prodigy Servs. Co., 1995 N.Y. Misc. LEXIS 229 (N.Y. Sup. Ct. May, 24 1995) (finding ISP to be a publisher rather than a distributor because it exercised some editorial control over content posted by third parties). 261Although Section 230 creates a federal immunity to tort actions that would make service providers liable for information originating from third parties, this section of the CDA does not impose liability if the ISP exercises editorial functions or corrects errors before publishing information provided by third parties. See Ben Ezra, Weinstein, & Co. v. America Online, Inc., 206 F.3d 980 (10th Cir. 2000) (holding that AOL was immunized for claims based on defamation and negligence since it was a content provider). Defendant-ISPs have largely been successful in arguing that they are entitled to Section 230 immunities despite having a close connection to a content provider. In 2002, a California court ruled that an ISP was not entitled to Section 230 because the web site was more than a mere conduit of information. Carafano v. Metrosplash, Inc., 207 F. Supp.2d 1055 (C.D. Calif. 2002) (holding that the ISP was an “information content provider”).

2003] Cybertorts and Legal Lag 125 which argued that such immunity was required to avoid being swallowed in a sea of litigation.262 4. Judicial Expansion of ISP Immunity: a. Extension to Most Intentional Torts

Tort law in the nineteenth-century was as pro-defendant as today’s cybertort regime. Courts constructed a complex web of tort defenses, immunities, privileges, and no-duty rules that blocked the expansion of liability.263 The doctrine of privity of contract prevented the development of products liability actions against manufacturers.264 Justice Lemuel Shaw of the Supreme Judicial Court of Massachusetts formulated the harsh “fellow servant” rule that prevented recovery if a co-worker in any way contributed to the injury265 and the “assumption of risk” doctrine that held that employees injured in the workplace could not recover for ordinary risks of the job.266 The absence of many cybertort categories may be explained by legislatively created immunities protecting emerging information industries. Torts in cyberspace operate on the assumption that ISPs should be immunized from liability. Like nineteenth century robber barons, today’s media moguls have an effective escape clause from most tort liability.267 Prior to the CDA’s enactment, it was uncertain as to whether ISPs could be liable for defamation committed by third parties on their web sites.268 Congress enacted Section 230 to “create a federal immunity to any

262 See 47 U.S.C. § 230(c)(1) (2001) (stating that “[n]o provider…of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider”). 263 Taming the Tort Monster, supra note 67, at 37. 264 The privity of contract defense was formulated in Winterbottom v. Wright, 152 Eng. Rep. 402 (1842) (developing the rule that no manufacturer or seller of a product was liable to any other party in the chain of distribution other than the retailer). 265 Farwell v. Boston & Worcester R.R. Corp., 45 Mass (4 Met.) 49 (1842) (finding that the railroad was not liable for injuries sustained by a railway engineer caused by a switch tender employed by the same company). 266 LAWRENCE M. FRIEDMAN, A HISTORY OF AMERICAN LAW 301-02 (1973) (discussing development of , assumption of risk, and the fellow servant rule as regressive doctrines benefiting industry). 267 See Smith v. Intercosmos Media Group, Inc., 2002 U.S. Dist. LEXIS 24251 (E.D. La. Dec. 17, 2002) (denying relief for defamation, libel, or negligence based on allegedly defamatory web sites set up by its customers); One v. Oliver, 792 A.2d 911 (Conn. App. 2002) (holding ISP immune from improper e-mail messages sent to plaintiff mother’s employer); Marczeski v. Law, 122 F. Supp. 2d 315 (D. Conn. 2000) (holding individual defendants who created chat room were immunized by Section 230); Schneider v. Amazon.com, Inc., 108 Wash. App. 454 (Wash. Ct. App. 2001) (dismissing defamation lawsuit against Amazon.com for third party’s posting negative comments about the author’s book on site). 268 Compare Stratton Oakmont, Inc. v. Prodigy Services Co., 1995 WL 323710 (N.Y. Sup. Ct. 1995) (finding ISP liable for defamatory statements because it exercised some editorial control and did not promptly take down statement made on Internet forum labeling company’s stock option as fraudulent and its actions as criminal), with Cubby, Inc. v. CompuServe, Inc., 776 F. Supp. 135 (S.D.

126 Southern California Interdisciplinary Law Journal [Vol. 13:1 cause of action that would make service providers liable for information originating with a third party user of the service.”269 The downside of Section 230 is that it leaves the victims of anonymous Internet attacks without a tort remedy. Section 230, like nineteenth-century tort law, is a subsidy that protects infant industries from excessive liability during their formative stages.270 Congress enacted Section 230 “to maintain the robust nature of Internet communication and, accordingly, to keep government interference in the medium to a minimum.”271 However, Section 230 does not provide sufficient incentives to encourage ISPs to develop new technologies that would help detect or control third party wrongdoing on their networks.272 Section 230 also immunizes ISPs and access providers that fail to screen out potential tortuous third parties.273 Judicial decision-makers have stretched Section 230 to expand ISP immunity. In Green v. America Online, Inc.,274 an AOL subscriber alleged that anonymous defendants defamed him by typing the messages, such as “SHELLS CAREFUL LAWYER IS BI” and “LAWYER NO IMS FOR GAY SEX THX:),” in a chat room titled “Romance in New Jersey Over 30.”275 He argued that AOL was liable for doing nothing to stop the online defamation after he “faxed AOL a log of the chat room showing ‘LegendaryPOLCIA’ defaming him.”276 The complaint also alleged that on two occasions LawyerKiii impersonated Green by entering a chat room and “asking guys in the chat room for gay sex.”277 The Third Circuit affirmed the dismissal of all tort claims against AOL by premising the ISP's immunity under Section 230 of the Communications

N.Y. 1991) (finding that ISP was not liable for statements made in electronic bulletin board since it did not exercise editorial control). 269 Zeran v. America Online, Inc., 129 F.3d 327, 330 (4th Cir. 1997). 270 MORTON HORWITZ, THE TRANSFORMATION OF AMERICAN LAW: 1780-1860 99-101 (1977). Cf. Gary T. Schwartz, Tort Law and the Economy in Nineteenth Century America: A Reinterpretation, 90 YALE L.J. 1773 (1981) (arguing that nineteenth-century courts found ways to bypass harsh doctrines in cases where the plaintiff was sympathetic). 271 Zeran v. America Online, Inc., 129 F.3d 327, 330 (4th Cir. 1997). 272 The Section 230 immunity for tort liability for ISPs is reminiscent of how the courts constructed harsh doctrines such as contributory negligence, the assumption of risk, and the fellow servant rule to protect nascent industry during the industrialization of America. See generally HOROWITZ, supra note 270, at 63-108 (arguing that the courts subsidized economic growth through the legal system by replacing just compensation for limited liability in tort and other substantive fields of law). 273 Section 230 of the CDA immunizes ISPs for publisher liability when the information originates from a third party content provider. The provision "precludes courts from entertaining claims that would place a computer service provider in a publisher's role," and therefore bars "lawsuits seeking to hold a service provider liable for its exercise of a publisher's traditional editorial functions — such as deciding whether to publish, withdraw, postpone, or alter content." Zeran v. America Online, Inc., 129 F.3d 327, 330 (4th Cir. 1997). 274 318 F.3d 465 (3rd Cir. 2003). 275 Id. at 469. 276 Id. 277 Id.

2003] Cybertorts and Legal Lag 127

Decency Act.278 Moreover, the court found AOL’s user agreement and guidelines did not confer any rights on the customer, and that the ISP did not promise to protect the customer from the acts of other subscribers.279 Finally, the court found the First Amendment claim to be without merit, because “AOL [was] a private, for-profit company and [was] not subject to constitutional free speech guarantees.”280 Defendant ISPs have largely been successful in arguing that they are entitled to Section 230 protection even when they have a close connection to the third party content provider.281 The courts have subsequently stretched Section 230 by extending the immunity to all information-related torts such as invasion of privacy,282 negligence,283 and the intentional infliction of emotional distress.284 In addition to tort immunity, ISPs also enjoy a shield against liability for vicarious or contributory copyright infringement, provided they comply with the procedural requirements of Section 512 of the Digital Millennium Copyright Act.285 To qualify for the DMCA’s safe harbor provisions, the service provider must demonstrate that it “does not have actual knowledge that the material”286 — or an activity using the material stored on its web site infringes — nor an awareness of “facts or circumstances from which infringing activity is apparent.”287 Second, the service provider must show

278 See id. at 472. 279 Id. 280 Id. 281 Blumenthal v. Drudge, 992 F. Supp. 44, 50 (D. D.C. 1998) (holding that AOL was not classifiable as a content provider even though it exercised editorial functions and had exclusive control to publish the Drudge Report, which falsely accused a White House aide of having a history of spousal abuse). 282 See John Does v. Franco Prods., 2000 U.S. Dist. LEXIS 8645, *13-14 (N.D. Ill. Jun. 22, 2000) (holding that ISPs that host web sites are not liable for postings by customers). See also John Does v. Franco Prods., 2001 U.S. Dist. LEXIS 8397, *5 (N.D. Ill. June 20, 2001) (granting plaintiff’s claim but restricting class action to injunctive relief only). 283 In Lunney v. Prodigy Services, 723 N.E.2d. 539, 543 (N.Y. 1999), the court held that Prodigy was not negligent in failing to prevent an imposter from opening up an account in a minor’s name, posting vulgar messages, and sending threatening emails. The court recognized that if a duty were imposed on an ISP to prevent people from opening up false accounts and committing these types of defamatory acts, it would require an inordinate amount of time and money to study the transactions of millions of subscribers. The court reasoned that if Prodigy were held liable for the actions of third- parties, it would “open an ISP to liability for the wrongful acts of countless potential tortfeasors committed against countless potential victims.” Id. at 543. 284 See Smith v. Intercosmos Media Group, Inc., 2002 U.S. Dist. LEXIS 24251, *14-15 (E.D. La. Dec. 17, 2002) (holding that the ISP was entitled to immunity under the 1996 Communications Decency Act for both damages and injunctive relief for defamation, libel, or negligence based on allegedly defamatory web sites set up by its customers). See also Jane Doe v. Oliver, 755 A.2d 1000 (Conn. Super. Ct. 2001) (holding ISP immune from improper e-mail messages sent to plaintiff mother’s employer); Marczeski v. Law, 122 F. Supp. 2d 315, 327 (D. Conn. 2000) (holding that individual defendants who created chat room were immunized by Section 230); Schneider v. Amazon.com, Inc., 31 P.3d 37, 42-43 (Wash. Ct. App. 2001) (dismissing defamation lawsuit against Amazon.com for third party’s posting of negative comments about the plaintiff author’s book on defendant’s site). 285 Digital Millennium Copyright Act, 17 U.S.C. § 512 (2000). 286 Id. at § 512 (c)(1)(A)(i). 287 Id. at § 512(c)(1)(A)(ii).

128 Southern California Interdisciplinary Law Journal [Vol. 13:1 it “does not receive a financial benefit directly attributable to the infringing activity” if the service provider has “the right and ability to control such activity.”288 Finally, the service provider must prove that it responded quickly to remove the material in question upon receiving notification of the claimed infringement.289 One possible solution to the dilemma of too much tort immunity under the Communications Decency Act would be to institute a tort “safe harbor” provision similar to that of the DMCA.

b. Extension of ISP Immunity to Negligent Cybertorts

The online auction site, eBay, was the first ISP to receive immunity from negligence.290 A California court held that the web site was immunized by the CDA’s Section 230 from a lawsuit charging that eBay was negligent in permitting third parties to sell “bootleg” musical recordings on its online auction site.291 Similarly, the Florida Supreme Court upheld the lower court’s dismissal of a negligence action against an ISP for maintaining a chat room used to market obscene photographs and videotapes depicting minors engaging in sexual activities with adults.292 The plaintiff filed an action against the ISP claiming it was negligent and violated criminal statutes by permitting pedophiles to distribute advertisements for child pornography.293 The court held that the trial court did not err in dismissing all causes of action on the grounds that they were barred by Section 230 of the CDA.294

c. Inadequate Remedies for Gender Injustice

Tort law has yet to develop a sufficient remedy to punish and deter gender-based injuries, such as online stalking. Online stalking does not fit squarely into the traditional tort of assault because a remote transmission lacks the immediacy, or imminence, element. Plaintiffs will frequently find it difficult to prove that they were in apprehension of an imminent battery because of a remotely transmitted Internet posting. In Blakey v. Continental Airlines,295 Continental Airlines' first female pilot of an Airbus sued the airline in federal court for sexual harassment, discrimination, and defamation.296 Discovery revealed that a number of Continental pilots posted pornographic pictures and insulting comments about their female colleague on the pilots’ online computer bulletin board.297 Despite such

288 Id. at § 512(c)(1)(B). 289 Id. at § 512(c)(1)(C). 290 Stoner v. eBay, Inc., 2000 WL 1705637 (Cal. Super. 2000). 291 Id. 292 Jane Doe v. America Online, Inc., 783 So. 2d 1010 (Fla. 2001). 293 Id. 294 Id. 295 Blakey v. Cont’l Airlines, Inc., 992 F. Supp. 731 (D. N.J. 1998). 296 Id. at 733-34. 297 Id.

2003] Cybertorts and Legal Lag 129 clear-cut facts, the plaintiff was forced to endure a five-year jurisdictional battle to litigate her defamation, sexual harassment, business libel, and emotional distress claims.298 To date, the plaintiff has not received any remedy for the defamatory harassment that took place on the airline’s electronic bulletin board. The first personal injury Internet case was a wrongful death action in Remsburg v. Docusearch, Inc.299 In Remsburg, the representative of the decedent, a young female murder victim, filed a lawsuit against an Internet- based investigative service, which had sold the victim’s personal information to her killer.300 Causes of action were based on intrusion upon seclusion, commercial appropriation of private information and violations of the Federal Fair Credit Reporting Act301 and the New Hampshire Consumer Protection Act.302 The ISP was found to be immune from tort liability under Section 230 of the CDA, but the court refused to dismiss the action, ruling that there was a sufficient basis for personal jurisdiction. In addition, the court found that the plaintiff had established a basis for the claim of invasion of the murder victim's privacy.303 To date, however, no court has found an Internet web site or employer liable for providing information to assist online stalkers in locating their prey. Tort remedies need to be developed to protect against cyberstalking and threatening e-mail transmissions from angry ex-husbands, spurned boyfriends, or infatuated strangers.304 No reported case has yet granted redress for online stalking. Internet wrongdoers have harmed women by, among other things, maliciously posting personal information on sadomasochistic web sites and by using new morphing technologies to superimpose their victim’s face on pornographic images. Too much legislative immunity granted to ISPs has left many consumers without an adequate remedy for cyberspace wrongdoing.

298 Blakey v. Cont’l Airlines Inc., 1995 U.S. Dist. LEXIS 21855 (D. N.J. Nov. 3, 1995) (denying plaintiff’s motion to amend complaint against airline); Blakey v. Cont’l Airlines Inc., 1996 U.S. Dist. LEXIS 21911 (D. N.J. Sept. 4, 1996) (ruling that an expert on sexual harassment should be permitted to testify); Blakey v. Cont’l Airlines Inc., 1997 U.S. Dist. LEXIS 22-67 (D. N.J. Feb. 25, 1997) (denying airline’s motion to compel discovery of plaintiff’s individual tax return); Blakey v. Cont’l Airlines, Inc., 992 F. Supp. 731 (D. N.J. 1998) (finding jury award to plaintiff in sex discrimination action to be excessive in relation to the injuries); Blakey v. Cont’l Airlines, Inc., 164 N.J. 38 (2000) (reversing judgment and remanding matter on issue of whether pilots are subject to personal jurisdiction and whether airline had a duty to remedy the harassment). 299 149 N.H. 148 (2002). 300 Id. at 152-54. 301 2002 DNH 35, *1 (D. N.H. Jan. 31, 2002). 302 149 N.H. at 155. 303 2002 DNH at *19-20. 304 To date, no court has found an Internet web site or employer liable for providing information to assist online stalkers in locating their prey.

130 Southern California Interdisciplinary Law Journal [Vol. 13:1

d. No New Privacy-Based Cybertorts

Internet technologies that track the individual’s activities on web sites raise serious privacy concerns. E-marketers routinely use “web bugs” to trace an individual’s activity on a web site.305 The Internet is creating a transparent society: We are placed in the uncomfortable position of not knowing who might have access to our personal and business e-mails, our medical and financial records, or our cordless and cellular telephone conversations.306 Computerized medical records, for example, permit improved accuracy, but can also result in the loss of privacy at the click of a mouse. Despite daily reports about covert data mining, online espionage, and identity theft, only a handful of plaintiffs have received an injunction or money damages for invasion of privacy.307 A growing number of software vendors market products that monitor e-mail or Internet usage.308 The e- mail and Internet communications of millions of employees are systematically monitored or intercepted by employers, yet there has never been a successful privacy tort action against an employer.309 Finally, consumer fraud on the Internet is rampant. Fraudulent credit card activity may account for as much as “39% of total attempted order revenue.”310 Consumers have yet to obtain any tort judgment for misrepresentation or fraud arising out of online transactions.311 Courts have been unwilling to find the publishing of disciplinary action on a web site to be an invasion of privacy where the information is part of a

305 Marc S. Roth & Kathleen Fay, Playing “Hide and Seek” With Web Bugs, 10 E-COMMERCE 6 (Feb. 2001). A “web bug” is typically a text file or graphic embedded in a web page or in an e-mail HTML code. Web bugs are known in the information industry as “invisible GIFs.” 306 Bartnicki v. Vopper, 532 U.S. 514, 541 (2001) (Rehnquist, C.J., dissenting). 307 Many states recognize four types of interests protected by a person’s right to privacy: (1) unreasonable intrusions upon the seclusion of another, (2) appropriation of the other’s name or likeness, (3) unreasonable publicity given to the other’s private life, and (4) publicity that unreasonably places the other in a before the public. RESTATEMENT (SECOND) OF TORTS § 652(B) (1977). 308 Surf Control is an example of a tool used to monitor employee’s online activities and another type is able to recognize explicit adult image files. Surf Control Releases Latest E-Mail Filtering Tool and Best Practices Guide on Workplace E-Mail Usage, PRESSWIRE, Nov. 11, 2001, at M2. 309 See Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir. 2003) (holding that airline did not violate U.S. Wiretap Act because airline did not intercept electronic communications during transmission, but only in storage). See also Smyth v. Pillsbury Co., 914 F. Supp. 97 (E.D. Pa. 1996) (finding company’s interest in preventing inappropriate e-mail activity on its own computer system outweighed any employee privacy interest); Bourke v. Nissan Motor Corp., No. B068705 (Cal. Ct. App. July 26, 1993) (rejecting privacy claim because employee signed agreement that e-mail could be monitored) (on file with authors). 310 Steven W. Klebe, Evaluating Online Credit Fraud with Artificial Intelligence, WEB COMMERCE TODAY 11, June 15, 1998, available at http://www.wilsonweb.com/wct1/980615ai-screen.htm (last visited Nov. 2, 2003). 311 As in the real-space world, most injuries do not result in viable tort claims. Richard L. Abel, The Real Tort Crisis — Too Few Claims, 48 OHIO ST. L.J. 443, 448-449 (1987).

2003] Cybertorts and Legal Lag 131 public record.312 A Washington state court ruled that the nature of e-mail and of online chats implies consent for secret recordings by law enforcement officials.313 Selling, transferring, transmitting, and manipulating personal data is the life-blood of e-commerce and such activities are mostly beyond the reach of tort actions. The Ninth Circuit commented on the rise of new forms of electronic surveillance: Something as commonplace as furnishing our credit card number, social security number, or bank account number puts each of us at risk. Moreover, when we employ electronic [means] of communication we often leave electronic ‘fingerprints’ [that] can be traced back to us. Whether we are surveilled by our government, by criminals, or by our neighbors, it is fair to say that never has our ability to shield our affairs from prying eyes been at such a low ebb.314 The misuse of Internet-based surveillance tools threatens our society as much as telephone wiretaps in the first decades of the twentieth-century when the tort of privacy was first recognized. Privacy-based torts have yet to evolve to address the widespread surveillance of Internet usage in the U.S. workplace. Courts have universally rejected the claim that employees have an expectation of privacy in their e-mail communications.315 The right of publicity has been slow to develop remedies for the appropriation of images online. A New York court even rejected a misappropriation claim arising out of the defendant’s publication of a photograph of radio shock jock Howard Stern’s bare buttocks on a computer bulletin board.316 Courts could recognize remedies for privacy-based cyberwrongs that do not fit established tort categories by adopting the concept of the prima facie tort. A prima facie tort, sometimes called an innominate tort, was adopted in the Restatement (Second) of Torts as a residual category of liability for intentional injuries where the defendant can demonstrate no justification or excuse.317 Few courts have adopted this innominate intentional tort, which would permit recovery where the defendant has been

312 See, e.g., Mack v. State Bar of Cal., 112 Cal. Rptr. 2d 341 (2001) (holding publishing disciplinary action against attorney on a web site was not a violation of privacy right, due process right, or violation of equal protection). 313 State of Washington v. Townsend, 105 Wn. App. 622, 629-30 (2001) (holding that Washington was inapplicable to recording e-mail and online chats). 314 Bernstein v. U.S. Dep’t of Justice, 176 F.3d 1132, 1146 (9th Cir. 1999). 315 Courts routinely rule that e-mail or Internet systems owned by companies are company property and therefore employees have no reasonable expectation of privacy in stored messages. See, e.g., Privacy Claim Rejected in Employer Access to E-mail Files, 16 COMP. & ONLINE LITIG. REP. 9 (June 15, 1999). See, e.g., McLaren v. Microsoft Corp., 1999 Tex. App. LEXIS 4103 (Tex. Ct. App. 5th Dist. May 28, 1999) (rejecting employee’s privacy claim against company for “breaking into” personal folders on his company computer). See also Smyth v. Pillsbury Co., 914 F. Supp. 97, 101 (E.D. Pa. 1996) (holding that plaintiff has no reasonable expectation of privacy in e-mail message stored on company owned computer system). 316 The court rejected Mr. Stern’s claim of invasion of privacy and commercial misappropriation ruling that he was running for New York governor and the publication concerned the public interest. See Stern v. Delphi Internet Servs. Corp., 626 N.Y.S.2d 694, 700 (N.Y. Sup. Ct. 1995). 317 See, e.g., RESTATEMENT (SECOND) OF TORTS § 870 (1979).

132 Southern California Interdisciplinary Law Journal [Vol. 13:1 malicious but where not all of the elements of a traditional intentional tort are present.318 The development of the Internet is too recent for cybertorts to have evolved definite contours.319

e. Deconstructing Mrs. Palsgraf in Cyberspace

Negligence is conduct that falls below a standard of care for the protection of others in society, the claim of which may be defeated by negating the presence of a duty.320 The definition of a by one member of society to another is a legal question determined by the court.321 “In the usual run of cases, a general duty to avoid negligence is assumed, and there is no need for the court to undertake a detailed analysis of precedent and policy.”322 Judges use public policy as well as precedent to reject arguments that information products or web sites can be held liable for inciting harm. In James v. Meow Media, Inc.,323 the court dismissed all claims that the makers of violent Internet video games were liable for inciting a Kentucky school shooting.324 The parents of the murdered children argued that the makers of the games owed a duty of care because of the foreseeability that the games would incite violence.325 The court rejected the negligence claim, finding no duty of care because the killer's actions were unforeseeable or, alternatively, constituted a superseding cause.326 The court reasoned that imposing a duty on media-defendants would have a chilling effect on artistic speech even if such products might “adversely affect emotionally troubled individuals.”327 The courts’ ability to cut off new channels of liability through a “no duty” determination is the ultimate form of judicial contraception against cybertort expansion. Even if an Internet defendant negligently injures a consumer, there is no liability unless a court is willing to find that duties of

318 New York has adopted the “prima facie tort” but has added additional elements to restrict this action. Kenneth J. Vandevelde, Prima Facie Tort, 19 HOFSTRA L. REV. 447, 494 (1990). 319 Comment (d) to Section 870 notes that “a prime example of a tort presently not fully developed is intentional infliction of emotional distress; its contours are not yet fully clear. Other categories of fairly recent development include injurious falsehood, interference with contractual relations and interference with prospective economic advantage. The more mature the stage of the development the more definite the contours of the tort and of the privileges that may be defenses to it.” RESTATEMENT (SECOND) OF TORTS § 870, cmt. d (1979). 320 See Mt. Zion State Bank & Trust v. Consolidated Communications, Inc., 660 N.E.2d 863, 867- 68 (Ill. 1991) (noting that courts approach the essential elements of a negligence claim in a hierarchical fashion beginning with whether the defendant owed the plaintiff a duty). 321 Hamilton v. ACCU-TEK, 62 F. Supp. 2d 802, 818 (E.D. N.Y. 1999). 322 Id. 323 90 F. Supp. 2d 798, 819 (W.D. Ky. 2000) (granting defendants’ motion to dismiss claim that manufacturers of violent Internet games owed plaintiff’s “no legal duty of care since [the killer's] actions were unforeseeable”). 324 Id. at 819. 325 Id. at 800. 326 Id. at 805. 327 Id.

2003] Cybertorts and Legal Lag 133 care exist for web site activities. Courts frequently find that First Amendment interests outweigh the tort claimant’s interest in being protected from online defamation.328 Tort law expansion cannot occur in the absence of a judicial decision that finds that a cybertort defendant owes the plaintiff a duty of care.329 As Judge Cardozo explained in the famous Palsgraf case: "The range of reasonable apprehension is at times a question for the court, and[,] at times, if varying inferences are possible, a question for the jury."330 In the context of cyberspace, judges determine whether to impose a duty by balancing the factors of risk, foreseeability, and the likelihood of injury against the social utility of the conduct in question. Substantive types of potential cybertorts will be stillborn unless a court recognizes a strong public policy basis for establishing an Internet defendant’s liability for a particular act. Courts are exercising “no-duty” determinations to foreclose the development of many cybertorts. In Lunney v. Prodigy Services Co.,331 the court held that Prodigy was not negligent in failing to prevent an imposter from opening an account under a minor’s name, posting vulgar messages, and sending threatening emails.332 This case arose out of offensive and threatening e-mails transmitted on a Prodigy e-mail account opened in the name of a 15 year-old Boy Scout.333 The plaintiff’s legal representative filed a lawsuit against Prodigy for libel, negligence, and harassment.334 The New York Court of Appeals upheld a lower court’s ruling dismissing the claims against the Internet Service Provider.335 The court reasoned that if Prodigy were held liable for the actions of third parties, the result would be to “open an ISP to liability for the wrongful acts of countless potential tortfeasors committed against countless potential victims.”336 As a matter of public policy, the court was unwilling to impose a new duty of care requiring ISPs screen millions of e-mail communications to minimize tort liability.337 Judges have yet to stretch the duty of care to cyberspace for many other legally protected interests. New civil causes of action have yet to develop for negligent Internet security, computer hacking, releasing viruses338 or

328 See, e.g., Horsley v. Feldt, 304 F.2d 1125 (11th Cir. 2003) (dismissing defamation complaint arising out of wire services article, TV broadcast, and web posting that charge anti-abortion organization with inciting the murder of physician who performed abortions). 329 The well-established no-duty rule has its origins "in the early common law distinction between misfeasance and nonfeasance." RESTATEMENT (SECOND) OF TORTS § 314 (1965). 330 Palsgraf v. Long Island R.R., Co., 162 N.E. 99, 101 (1928). 331 723 N.E.2d. 539 (N.Y. 1999). 332 Id. at 246. 333 Id. at 246-47. 334 Id. at 244. 335 Id. at 252. 336 Id. at 543. 337 Id. at 249. 338 Bradley S. Davis, It's Virus Season Again, Has Your Computer Been Vaccinated? A Survey of Computer Crime Legislation as a Response to Malevolent Software, 72 WASH. U. L.Q. 411 (1994) (describing case in which malevolent software was introduced into a company computer by an ex- employee who gained access by using his revoked password and security clearance).

134 Southern California Interdisciplinary Law Journal [Vol. 13:1 worms,339 denial of service attacks,340 and other Internet-related vulnerabilities. Consider the potential tort liability for the following Internet-related hypothetical: Harry the Hacker, angry because he's been fired, decides to put his computing skills to work for nefarious purposes. During his cracking spree, Harry's escapades include using the unsecure system of We Care Hospital to launch an attack against a bank, stealing the credit card numbers of customers of an online porn company, and obtaining the medical records of his former boss (revealed therein to have tested positive for HIV). Harry then posts those records on the Internet. Finally, he flees the country with millions of dollars, leaving a path strewn with victims of identity theft, privacy breaches, and, of course, staggering financial losses. Soon thereafter, finger pointing ensues.341 Where inadequate security results in injuries to third parties, a company could theoretically be held liable for breaching a standard of care by failing to prevent hackers from stealing proprietary information. Tort actions for Internet security are particularly needed where companies suffer substantial financial losses.

f. No Successful Cybertort Cases for Viruses

Courts have not extended the standard of care owed to third parties to include the duty to develop precautions against the deliberate spread of viruses,342 even though corporations were hit with “a monthly average of 113 virus infections for every 1,000 computers they owned in 2001.”343 A 2001 survey found that nearly a third of companies reported at least one instance of a virus disaster, defined as “any event in which a single virus infects more than twenty-five machines, files, or pieces of storage media in roughly the same time.”344 Losses from Internet viruses have continued to multiply since the study. “Klez.h” was the most costly and virulent

339 On January 25, 2003, a virus-like attack on vulnerable computers on the Internet exploited a known flaw in popular database software from Microsoft Corp. called “SQL Server 2000.” Within a few hours, the world's digital pipelines were overwhelmed, slowing down Web browsing and e-mail delivery. “Monitors reported detecting at least 39,000 infected computers, which transmitted floods of spurious signals that disrupted the operations of hundreds of thousands of other systems.” Ted Bridis, Virus-Like Attack Slows Web Traffic, ASSOCIATED PRESS, Jan. 25, 2003. 340 See Margaret Jane Radin, Distributed Denial of Service Attacks: Who Pays?, 6 No. 9 CYBERSPACE 2 (2001) (noting that courts have yet to recognize a duty of web sites owed to third parties for allowing their computer systems to be used in computer attacks). 341 Lisa M. Bowman, Lawyers See Security Suit Riddled Future, CNET NEWS.COM, April 15, 2003, available at http://news.com/2100-1009-996935.html (last visited Feb. 2, 2004). 342 See Hamilton v. Accu-Tek, 62 F. Supp. 2d 802, 819 (E.D. N.Y. 1999) (suggesting that courts in the real-space world are also reluctant to impose a duty to anticipate tortious or criminal acts of third- parties). 343 Sam Costello, Virus Problem Expanded in 2001, Continued Growth Expected, INFOWORLD DAILY NEWS, March 7, 2002 (reporting results of seventh annual survey of virus prevalence in the enterprise conducted by ICSA Labs, a division of security services firm TruSecure). 344 Id.

2003] Cybertorts and Legal Lag 135 computer virus of all time, causing massive economic losses.345 To date, no plaintiff has prevailed in a tort action to recover for losses incurred as the result of destructive software code. The next wave of Internet torts will require courts to carve out new duties of care to prevent the misuse or abuse of medical images or video intercepted by hackers.346 Courts have yet to extend professional standards of care to software designers who develop web sites or computer code that lacks adequate security.347 Future Internet litigation may raise questions as to whether a web site may be sued for negligent security for its unwitting role in distributing viruses.348 Too much tort liability will have a chilling effect on Internet speech.

g. No Strict Liability in Cyberspace

Strict products liability cases are a significant branch of traditional tort law. In contrast, no cybertorts-plaintiff has received either an equitable or legal remedy based upon any theory of strict liability.349 No court has recognized strict liability as a cause of action in a cybertort case and there are relatively few cases predicated upon negligence.350 Moreover, judges have steadfastly refused to extend strict products liability351 to software,

345 Matt Loney, Klez.h Wins Sibling Rivalry, CNET NEWS.COM, May 28, 2002. 346 Most states prohibit consultations with another physician located outside the state with restricted limited consultation exemptions. Among the many issues that are raised by this expanded use of telemedicine are: Does a web doctor incur malpractice liability for providing misleading information on a web site?; at what point does participation in a video-conference create a doctor/patient relationship?; should a local or national standard apply to Internet consultations?; is there vicarious liability for Internet referrals?; will the hub medical provider incur institutional liability for a physician’s malpractice over the Internet?; what is the extent of the duty of informed consent in a remote rendering of medical care?; what is the duty of telemedicine provider for Internet security?; must interconnected health care providers package patient data in an encrypted envelope? 347 See generally Susan C. Lyman, Civil Remedies for the Victims of Computer Viruses, 21 SW. U. L. REV. 1169 (1992). 348 See Margaret Jane Radin, supra note 340 (arguing that third parties have potential liability). See also Cheryl Massingale & A. Faye Borthick, Risk Allocation for Computer System Security Breaches: Potential Liability for Providers of Computer Services, 12 W. NEW ENG. L. REV. 167, 175-76 (1990). 349 Courts have generally refused to extend strict liability theories to intangible information. Strict products liability evolved out of the societal judgment “that people need more protection from dangerous products than is afforded by the law of warranty.” East River Steamship Corp. v. Transamerica Delaval Inc., 476 U.S. 858, 866 (1986). 350 The third branch of tort law is strict liability, which imposes liability without a showing of fault or negligence. At common law, for example, a landowner who harbored wild animals on his land was strictly liable for the consequences if the animal escaped. Similarly, a nuclear processing plant is strictly liable for the escape of plutonium, even if it complied with federal nuclear regulatory regulations. Strict liability is based on a public policy decision that those who engage in certain risky activities should bear the cost of wrongdoing, irrespective of the amount of care taken by the defendant. It is no defense to strict liability that the defendant followed statutory or industry standards of care. 351 Product liability is a hybrid of both warranty and tort law. In the early 1960s, courts began to apply strict product liability to defective products. American courts began to recognize that a commercial seller of any product having a manufacturing defect should be liable in tort for harm caused by the defect, regardless of the plaintiff's ability to maintain a traditional negligence or warranty action.

136 Southern California Interdisciplinary Law Journal [Vol. 13:1 media products,352 or other intangibles in general.353 Courts have yet to extend products liability theories to bad software,354 computer viruses, or web sites with inadequate security or defective design.355

h. Professional Standards of Care in Cyberspace

Medical malpractice is another traditional category of tort liability that has failed to evolve to address online injuries. Given the widespread adoption of telemedicine throughout the United States, it is surprising that no court has rendered a medical malpractice stemming from an online consultation.356 Courts have been wary of extending professional standards of care to medical web sites, medical software licensors, or other purveyors of information-age health products.357

352 James v. Meow Media, Inc., 90 F. Supp. 2d 798, 811 (W.D. Ky. 2000) (dismissing plaintiffs' products liability claims based on argument that violent Internet games caused school killings because thoughts, ideas, and expressions contained within defendants' movie, games, and web site materials were not “products” “within the realm of the strict liability doctrine”). See also Davidson v. Time Warner, Inc., 1997 U.S. Dist. LEXIS 21559 (S.D. Tex. 1997) (dismissing argument that violent rap music had led to the murder of a state trooper. The court explained that, because the element of foreseeability was absent under Texas’ balancing test, no duty existed); McCollum v. CBS, Inc., 202 Cal. App. 3d 989 (1988) (rejecting argument that Ozzie Osbourne’s song, entitled “Suicide Solution,” caused a 19 year-old boy to commit suicide). 353 Courts are far more likely to extend products liability standards to hardware failure resulting in personal injury, which has yet to occur in an Internet-related case. 354 RESTATEMENT (THIRD) OF TORTS. Products liability applies to distributors of defective computer hardware and may also apply to software. It was approved by the American Law Institute in 1997, and adopts new, more restrictive rules for design defects. It replaces strict products liability with negligence-based standards in design and failure to warn cases. Section 2 defines a design defect as that which occurs when the foreseeable risks of harm posed by the product could have been reduced or avoided by the adoption of a “reasonable alternative design.” The definition replaces Section 402(a) of the Restatement Second’s “consumer expectation” test with the “risk/utility test.” Similarly, Section 2(c) imposes a negligence-like standard in failure to warn cases. A product is defective if “the foreseeable risks of harm posed by the product could have been reduced or avoided by the provision of reasonable instructions or warnings by the seller.” See RESTATEMENT (THIRD) OF TORTS, § 2(c) (2003). 355 The Economic Loss Rule (ELR) bars recovery in products liability actions where the loss is purely economic, that is, direct economic loss to the product itself as opposed to personal injury or damage to other property. If the product itself is harmed, the purchaser must seek a remedy in contract, not tort. See, e.g., Imaging Fin. Servs. v. Lettergraphics Detroit, Inc., 1999 U.S. App. LEXIS 2405 (6th Cir. Feb. 9, 1999). See also Neibarger v. Universal Coops., Inc., 486 N.W.2d 612, 615 (1992) (observing that the economic loss rule “provides that where a purchaser’s expectations in a sale are frustrated because the product he bought is not working properly, his remedy is said to be in contract alone, for he has suffered only ‘economic’ losses”); Nielsen Media Research, Inc. v. Microsystems Software Inc., 2002 U.S. Dist. LEXIS 18261 (S.D. N.Y. 2002) (holding that a plaintiff could recover for breach of warranty if it is determined that the contract was for goods, but could not recover for negligence). 356 Contrary to the claims of tort reformers, the states have responded to a perceived punitive damages crisis by enacting comprehensive limitations on awards. 357 Michael L. Rustad & Lori E. Eisenschmidt, The Commercial Law of Internet Law, 10 HIGH TECH. L.J. 213 (1995) (arguing that duties of care should extend to Internet security). See also Stephen E. Henderson & Matthew E. Yarbrough, Suing the Insecure?: A Duty of Care in Cyberspace, 32 N.M. L. REV. 11 (2002) (arguing that web sites owe a duty of care to third parties injured by distributed denial of service attacks).

2003] Cybertorts and Legal Lag 137

Courts have yet to recognize an action for professional negligence filed against software engineers who construct insecure web sites.358 Hospitals and other health care providers are increasingly using the Internet to transmit medical images or provide medical consultations,359 a process that has the potential of producing a large amount of tort litigation. Satellite technology permits telemedicine to occur across continents with “global Internet access, two-way digital communications, video conferencing, telemedicine, and residential voice and data communications.”360

i. No Computer Malpractice Actions

As the field of information technology matures, it is likely that software developers, web site designers and Internet security specialists will begin to professionalize by developing industry standards of care.361 The judiciary is wary of expanding or modifying new causes of action for negligent Internet security, computer malpractice,362 or strict liability for information products.363 Many traditional tort categories have been stillborn because courts are unwilling to expand duties of care to redress wrongdoing that does not squarely fit within the boundaries of well- established torts.364

358 Negligence is conduct that departs from the reasonable standard of care imposed by law for the protection of others. The elements of a negligence cause of action are (1) duty of care, (2) breach of a duty of care, (3) between breach of the duty of care, and (4) damages. “Negligence” is an act or omission where there is a failure to use ordinary care; it is the failure to do that which a person of ordinary prudence would have done under the same or similar circumstances. 359 Telemedicine may involve a physician answering a question on a web site or take a more complex form such as having an emergency room physician in Milwaukee consult with a colleague in New York. The Internet makes it possible for a cardiologist to hear sounds of the heart and lung of a patient located in a small rural hospital. See generally Telemedicine, Health Web Projects, at http://www.lib.uiowa.edu/hw/telemed/proj.html (last visited Nov. 2, 2003). 360 Teledesic v. FCC, 275 F. 3d 75, 78 (D.C. Cir. 2001). 361 Nielsen Media Research, Inc. v. Microsystems Software, Inc., 2002 U.S. Dist. LEXIS 18261 (S.D. N.Y. 2002). 362 See id. (entering summary judgment in favor of defendant in computer consultancy agreement because the agreement represented a veiled attempt to state a professional computer malpractice claim). 363 Winter v. G.P. Putnam’s Sons, 938 F. 2d 1033, 1036 (9th Cir. 1991) (observing that courts distinguish between the tangible containers of ideas from their communicative element for purposes of strict liability). 364 The most recent new tort to be judicially recognized was the intentional infliction of emotional distress, developed in the 1940s. The tort of outrage evolved because the legally protected interest of being safe from the deliberate infliction of severe emotional distress was not vindicated by existing torts. The tort of assault, for example, was not available in cases of outrage because this tort requires that the actor “put the other in apprehension of an imminent contact.” Dickens v. Puryear, 276 S.E.2d 325, 331 (1981). “Most states now recognize intentional infliction of emotional distress as an independent tort.” JERRY PHILLIPS ET. AL., TORT LAW: CASES, MATERIALS, PROBLEMS 136 (3d. ed. 2002).

138 Southern California Interdisciplinary Law Journal [Vol. 13:1

j. No Successful Cybertort Class Actions

No cybertort class action has yet been certified in federal or state court. Recently, a class action was filed against a California software manufacturer who used Internet advertising banners masquerading as computer error messages with headings that read "security alert," "warning," and "message alert."365 The manufacturer created a demand for its protective software with notices designed to frighten web surfers with warnings such as, "Your computer is currently broadcasting an Internet IP address. With this address, someone can immediately begin attacking your computer."366 The class action sought to enjoin these advertisements and also sought damages under tort law for deceptive business practices, fraud/intentional misrepresentation, public and private , trespass to chattel, and invasion of privacy.367 No certified class of plaintiffs has recovered for an Internet-related injury due to fraudulent advertisements.

k. Judicial Resistance to Modern Intentional Torts

Judges have yet to extend the most recent intentional torts to cyberspace. To date, no or claims have succeeded. The tort of negligent spoliation has not yet developed to punish and deter the destruction or alteration of smoking gun e-documents. The signature crimes of Internet wrongdoers include the use of pseudonyms, false identities, forged e-mail addresses, and encryption to alter or eliminate records.368 New computer software has been developed that automatically destroys records containing e-mail messages.369 The tort of spoliation could theoretically be used to punish the destruction of electronic evidence. The advantage of having a separate tort of spoliation is that private plaintiffs will have a private cause of action for the destruction of electronic evidence. The judiciary will be reluctant to extend this relatively new tort to the Internet legal environment. On the whole, Internet tort litigation may be visualized as a ruthless process of natural selection in which judges allow few cases to survive summary judgment because emergent civil wrongs rarely fit traditional tort categories.

365 See Lukins & Annis, PS, Bonzi Class Action, at http://www.lukins.com/bonzi/index.php?pid=home (last visited Nov. 2, 2003) (announcing settlement was achieved on May 25, 2003). 366 James Niccolai, Lawsuit Targets ‘Deceptive’ Banner Ads, InfoWorld Daily News, Dec. 7, 2002, at http://archive.infoworld.com/articles/hn/xml/02/12/05/021205hnsuit.xml?s=IDGNS (last visited Nov. 2, 2003). 367 Id. 368 See generally Michael L. Rustad, Private Enforcement of on the Electronic Frontier, 11 So. Calif. Interdiscip. L. J. 63, 64-66 (2001) (citing examples of anonymous ). 369 This E-Mail Will Self-Destruct in Three Days, USA TODAY, Feb. 18, 2002, available at http: //222.usatoday.com/tech/news/2002/02/18/self-shredding-e-mail.htm. (last visited Feb. 4, 2004).

2003] Cybertorts and Legal Lag 139

CONCLUSION Contemporary tort law emerged as a response to the mass injuries that accompanied America’s rapid industrialization during the nineteenth century. Lawrence Friedman argues that the modern law of torts “must be laid at the door of the industrial revolution, whose machines had a marvelous capacity for smashing the human body.”370 We are in the midst of another period of rapid change spurred by the widespread adoption of the software industry and the Internet. This empirical study confirms that there is a “legal lag” occurring in tort law as an economy centered on the mass production of durable goods is now being displaced by the information age. U.S. Internet torts have yet to evolve to curb new risks and dangers arising out of the misuse of new information technologies such as e-mail, browsers, and web site scrapers. The failure of tort law remedies to keep pace with new cyberwrongs is a legal lag, which will persist until the common law catches up with good sense. The growing impact of information technologies “is already creating a tremendous cultural lag, making nonsense of existing laws.”371 As of yet, the progressive principles of tort law have played relatively little role in cyberspace. Courts have yet to develop cybertort remedies for negligent computer security, spam, or failing to prevent unauthorized computer intrusions. The United States has not yet experienced an “electronic Pearl Harbor” in which lives have been lost by “shutting down medical services networks, power grids, or financial services nationwide or even worldwide.”372 Judges have yet to confront the question of whether they will impose a duty of care for companies to implement measures to protect against hacking, virus attacks, or even terrorism. A whole new body of tort law based upon economic loss is emerging in response to the Internet. Cybertort law is structured to accommodate the economic interests of AOL, CompuServe, Walt Disney, and Hollywood. The “legal lag” is that these early formulations of Internet torts have not benefited consumers in any significant way. Tort remedies have not yet been developed to redress the invasion of privacy, consumer fraud, and other online injuries suffered by individuals. The next decades will see more developments in cyberspace that will require courts to rethink the parameters of cybertort duties. Justice Holmes’ cogent comment, “in moving water there is life and health; in stagnant pools, decay and death,”373 is applicable to cybertorts.

370 LAWRENCE M. FRIEDMAN, A HISTORY OF AMERICAN LAW 467 (2d ed. 1985). 371 N.D. Batra, Space, Cyberspace, and Inner Space, THE STATESMAN, Dec. 26, 1999 (arguing that the digital technologies are creating lags in law and ethical standards). 372 Gene Stephens, Global Trends in Crime: Crime Varies Greatly Around the World, Statistics Show, but New Tactics Have Proved Effective in the United States, 37 THE FUTURIST 40, 41-45 (May 1, 2003) (noting that the U.S. government has predicted an Internet-related or electronic Pearl Harbor since the 1990s). 373 Thomas F. Lambert, Jr., Reviews of Leading Cases, 30 NACCA L. J. 33, 45 (1963).

140 Southern California Interdisciplinary Law Journal [Vol. 13:1

Judicial stagnation, tort reform, and Section 230 of the CDA have prevented the common law of torts from readily accommodating to the Internet. The Section 230 blanket immunity will need to be reconceptualized as the Internet matures. Today, the information industry is insulated from paying the true cost of their wrongdoing much like the railroads, canals, utilities, and assembly- line factory industries of nineteenth-century America. Cybertort remedies must expand in order to perform their traditional function of social control in the information age, an era in which the nature of injuries is being transformed. Even in cyberspace, tort law exists to vindicate, not veto, consumer protection. Outmoded immunities, no-duty rules, and defenses should be consigned to the ashbin of history. As the court in Intel Corporation v. Hamidi observed: “The common law adapts to human endeavor. For example, if rules developed through judicial decisions for railroads prove nonsensical for automobiles, courts have the ability and duty to change them.”374

374 114 Cal. Rptr. 2d 244, 247 (Cal. Ct. App. 2001).