Social Networking: to monitor or not to monitor


In recent months, hardly a day has passed by without the name of a social networking site appearing in major headlines.

Operators of social networking sites have enjoyed, and should continue to enjoy, immunity from liability for the content posted to their sites under the Communications Decency Act. If some members of Congress and state legislators have their way, however, site operators will be forced to implement measures that sound politically favorable but will not necessarily make minors safer. Whether these laws will be enacted and withstand challenges that they violate the constitutional right to free speech remains to be seen, especially in light of a recent federal court ruling that the Child Online Protection Act violates the First Amendment.

Entertainment companies that own and operate social networking sites need to keep a close eye on legislative efforts to increase minors' safety. Implementing more effective measures for protecting minors makes good business sense, but it is not an immediate legal requirement.

The CDA Shield of Immunity
The CDA, codified at 47 U.S.C. §230, protects providers and users of "interactive computer services" from being treated as publishers or speakers of content provided by third parties. Under the CDA, an Internet service provider generally is immune from liability for publishing defamatory and other harmful material submitted by third-party users.

Even where ISPs fail to withdraw objectionable content after receiving notice of the content's unlawful nature, courts apply immunity because the decision to publish, withdraw, postpone or alter content is considered a traditional editorial function of a publisher, the exercise of which cannot be a basis for liability under the CDA. See, e.g., Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997).

The CDA has its limits. It does not immunize providers from claims for copyright or trademark infringement (47 U.S.C. § 230 (e)). It is not clear whether the CDA immunizes providers from claims for trade secret misappropriation or the right of publicity -- claims typically considered a mixture of tort and intellectual property law. The ambiguity arises out of the CDA's reference to "intellectual property infringement" without defining the scope of that term.

The goals of the CDA included promoting free speech on the Internet and fostering the development of the Internet and interactive media. Congress also sought to encourage interactive service providers to monitor user communications for obscene and offensive material without risking liability for the efficacy of their monitoring activities.

The most restrictive portions of the CDA, which imposed criminal sanctions for sending or making available obscene or indecent material to minors, were struck by courts under the First Amendment as vague and overbroad, and they were not narrowly tailored to protecting minors from sexually explicit material on the Web.

The MySpace Decision
The recent decision in Doe v. MySpace, Inc., No. A-06-CA-983-SS (W.D. Tex Feb. 13 2007) illustrates the unwillingness of courts to impose an affirmative duty on networking sites to monitor users and their content.

In that case, a federal district court in Texas dismissed negligence and other claims brought against after an alleged sexual assault upon a 14-year-old who met her assailant on MySpace. In the strongly worded opinion, Judge Sam Sparks noted that imposing an affirmative duty on MySpace to protect minors from sexual predators lurking on the site would "stop MySpace's business in its tracks" and that "if anyone had a duty to protect (the teenager), it was her parents," not the social networking site.

In the MySpace case, Julie Doe argued that MySpace failed to protect minors and encouraged users to post photographs and personal information on their individual Web pages. Following precedent in the 1st, 4th, 9th and 10th Circuits, however, the MySpace court considered such actions to be taken by MySpace's operator in its capacity as a publisher and consequently immunized it from liability under the CDA.

Recent decisions continue to immunize Internet intermediaries from liability for content supplied by others and refuse to impose an affirmative obligation to monitor and screen Web sites for objectionable content, including even child pornography.

The key factor is whether a third party, and not the site operator, created or developed the unlawful content. Placement of advertising on a Web site or mere alteration of the size of unlawful photographs does not transform a site operator into a creator or developer of content.

Other plaintiffs unsuccessfully have tried to assert that traditional ISPs provide "culpable assistance" to users who engage in unlawful behavior on their sites. The music industry has relied on the concept of culpable assistance in contributory copyright infringement actions to allege that certain software distributors foster music piracy.

However, no court has extended the concept to sites that merely provide links and a registration system for users who independently post unlawful content. Social networking sites should be able to rebut claims that they supply culpable assistance to third-party content providers as long as they avoid taking affirmative steps to foster harmful postings, such as by advertising their services as a forum for adults to meet minors or for posting child pornography.

Not So Fast: COPA Stopped Cold
Congress passed COPA in 1998 in an attempt to address directly the constitutional flaws of the CDA. On March 22, 2007, a federal court issued a permanent injunction against COPA's enforcement after ruling in ACLU v. Gonzales, Civ. No. 98-5591 (E.D. Pa. March 22 2007) that the legislation violated the First Amendment.

Like the CDA, COPA did not survive judicial scrutiny because although it served a compelling government interest, Congress did not narrowly tailor the law to its purpose. COPA would have imposed criminal sanctions on Web site operators for offering material considered "harmful to minors" -- a term difficult to define and also covering a broad range of material that is valuable to adults.

Moreover, the affirmative defenses to COPA -- restricting minor access to harmful material through (1) credit card, debit accounts, adult access codes and adult personal identification numbers, (2) accepting a digital certificate that verifies age or (3) any other reasonably feasible measure to verify age -- were inadequate to overcome constitutional problems because they failed to screen out minors and were not the least restrictive alternative for protecting minors from sexually explicit material on the Internet.

The most striking aspects of the court's decision were the following conclusions:

• Currently available filtering tools are 95% effective in restricting minors' access to sexually explicit material and are less restrictive means for protecting youth than COPA.

• There is no evidence that age-verification services reliably establish or verify age. Moreover, age verification is cost prohibitive for many Web site operators, can lead to a loss of users and will chill speech.

These findings alleviate the pressure on social networking site operators and others to attempt to affirmatively monitor and restrict minors' use of their services through age verification. In a foreshadowing of what might be a permissible move for legislators, the court stated that the government may give incentives or mandate that ISPs provide filtering tools.

The Legislative Landscape
In the meantime, Congress and states have been busy introducing legislation that would impose various obligations on interactive service providers to protect minors.

The Deleting Online Predators Act died in the Senate last year but was re-introduced in the House in February. Sen. Ted Stevens, R-Ala., recently introduced the Protecting Children in the 21st Century Act (S. 49), which would incorporate DOPA.

DOPA would amend the Communications Act of 1934 to require schools and libraries receiving federal funding to restrict minors' access to social networking sites and chat rooms. Minors would still be able to access such sites under adult supervision for educational purposes.

Additional federal legislation includes the Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act of 2007. The SAFETY Act would make it a federal offense for Internet content hosting providers to knowingly engage in conduct which the provider knows or has reason to know facilitates access to child pornography.

It also would impose strict penalties on service providers who fail, even negligently, to report child pornography and require sites to place warning labels where sexually explicit material can be found. Sites that do not select or alter content, which presumably includes social networking sites, would be exempt from the label requirement.

Like DOPA, the Social Networking Web Site Prohibition Act proposed in Illinois targets venues that typically provide minors with access to social networking sites and does not threaten to expose the owners or operators of such sites to increased liability. Other states such as Georgia, North Carolina and Connecticut have introduced legislation aimed at site operators.

These bills, if enacted, would require operators of social networking sites to obtain parental permission before a minor can establish a user profile. Because the laws would in effect impose an age-verification requirement on social networking sites and there is no way to actually verify age, they are not likely to pass constitutional muster in light of the court's decision in ACLU v. Gonzales.

Several state attorneys general have demanded that social networking sites somehow implement age-verification procedures, require parental consent before minors may establish user profiles, establish mechanisms for screening out child pornography and develop plans for devoting more resources to screening posted content.

Although these demands ultimately may not achieve legal force given the reluctance of federal courts to uphold age-verification mandates, they do signify public support for increased protective measures.

Recommended Best Practices
Operators of social networking sites and other sites can, for the time being, take comfort that the CDA provides immunity from liability for content posted by their users. Additionally, the age-verification methods currently available on the market are not sufficiently accurate and remain cost prohibitive, especially for sites offering free access to material.

Nevertheless, the cost and threat of litigation persists, and public support for measures to protect minors is growing. The federal judiciary has likewise agreed that protecting minors from exposure to sexually explicit material on the Internet is a compelling government interest. What remains is for Congress and state legislatures to devise a narrowly tailored and least restrictive approach for protecting minor safety on the Internet.

Interactive computer services should consider taking two steps to reduce the risk of litigation:

Promote online safety. Sites should partner with online safety groups, parents and educators to develop and distribute effective online safety educational tools. Sites also should work collaboratively to develop and implement better online safety tools.

Lobby state legislatures and Congress. Site operators should consider pushing legislators to devote greater financial resources to law enforcement to hire more investigators, increase the training of personnel and purchase technological tools to identify and apprehend individuals who are using the Internet to harm others.

About the authors: Roxanne Christ, top, is a corporate intellectual property partner at Latham & Watkins in Los Angeles who has advised social network operators on liability issues. Shannon Curreri Treviño is an associate at the firm.

Latham associate Jeanne Berges contributed to this article.