*
2000 National Conference on Law and Higher Education
Steven J. McDonald
Associate Legal Counsel
The Ohio State University
I. Introduction
The Internet is a powerful and revolutionary tool for communication — powerful in its ability to reach a global audience and revolutionary in its accessibility to those who formerly were only at the receiving end of mass communications. With access to the Internet, anyone
— even a preschool child — can now effectively be an international publisher and broadcaster.
By posting to Usenet or establishing a web page, for example, an Internet user can speak to a larger and wider audience than does the New York Times, NBC, or National Public Radio.
Many Internet users, however, do not realize that that is what they are doing.
Not surprisingly, given these facts, the Internet also has a powerful and revolutionary potential for misuse. Such misuse is particularly prevalent on our campuses, where free access is often mistakenly thought to be the equivalent of free speech , and where free speech rights are in turn often mistakenly thought to include the right to do whatever is technically possible.
This outline addresses two legal questions that arise out of this situation: what are our responsibilities and liabilities, as service providers, when our systems are misused, and just what are the rules of the road of the Information Superhighway in the first place?
In seeking to answer the first of these questions, the most important thing to remember is that, while the Internet itself is relatively new, it is still just another means of distributing information. This same question has arisen with every new communications medium, and a reasonably well-defined set of legal principles has evolved. There is little reason to believe that those principles are, or should be, any different in the Internet context.
In seeking to answer the second of these questions, the most important thing to remember is that the Internet is merely a tool, not another jurisdiction. While having access to that tool may significantly multiply the opportunities for misbehavior, the source of the problem is the user who misuses the tool, not the tool itself. For this reason, Internet misuse raises few, if any, new legal issues and requires few, if any, new rules. The same laws and policies that apply to Internet users in other contexts can and do apply to them when they are “in” cyberspace. While it is impossible to catalog every area of the law that may conceivably apply in the Internet context — which is to say every area of the law — several of the most important and most frequently arising are discussed below.
* Portions of this outline are based on materials that I originally prepared for the General Counsel of
CompuServe Incorporated in 1994. I wish to thank CompuServe for its permission to incorporate those materials into this outline.
1

II. General Standard of Liability for Internet Service Providers
Internet service providers have, quite quickly, become an indispensable part of the “free flow of information,” though, at first glance, their role is not entirely clear. Unlike the traditional media, which generally disseminate their own message, and unlike mail and telephone services, which typically act as common carriers for the messages of others, Internet service providers both serve as a conduit for information created by others and deliver information of their own devising — they are both medium and messenger. What, then, is their legal status for purposes of the libels, obscenities, invasions of privacy and other such misuses committed on their systems?
Traditionally, the standard of liability for such “publication torts” has depended largely upon the degree of editorial control and sponsorship that the defendant assumed and exercised over the publication that was the basis of a claim. The person or entity with the most responsibility was the primary publisher, who created the relevant publication and put it out under the publisher’s own name — for example, a newspaper or television station reporting on a local matter. At common law, lack of knowledge and lack of fault were irrelevant; a publisher was typically strictly liable if its publication was false or obscene. See Bruce Sanford, Libel and
Privacy § 8.2 (2d ed. 1993). (For a discussion of the constitutional abolishment of this doctrine, see § III(A), below.)
Distributors of the relevant publication that had no involvement in its actual creation, but that did have discretion to distribute it or not — such as a bookstore, library or news vendor — had considerably less liability than the publisher. Under the Restatement formulation for defamation, for example, “one who only delivers or transmits defamatory matter published by a third person is subject to liability if, but only if, he knows or has reason to know of its defamatory character.” Restatement (Second) of Torts § 581(1). Moreover, as a general matter, such a distributor was under no duty to investigate the nature or contents of a publication before making it available. Id. at comments d-e.
Common carriers involved simply in the delivery of the publication at issue had virtually no responsibility. Even if they knew the publication to be false and defamatory, they were permitted to deliver it without liability unless they knew or had reason to know that the sender was not protected by any privilege. Restatement (Second) of Torts § 612(2). Moreover, they were entitled to “assume that the sender [was] privileged until [they had] some sufficient affirmative reason to know the contrary.” Id. at comment g.
Finally, those who simply made available the equipment by which the publication was created or distributed — such as a printing press manufacturer or telephone company — had no liability a t all, regardless of the circumstances. “Since it is the user of a telephone rather than the telephone company who is treated as transmitting a telephone message . . ., the company is not subject to liability for a defamatory statement communicated by a c ustomer.”
Id.
See also Restatement (Second) of Torts § 581 comment b; Anderson v. New York
Telephone Co., 345 N.Y.S.2d 740 (App. Div. 1973), rev’d mem. on basis of dissent below, 361
N.Y.S.2d 913 (Ct. App. 1974).
These distinctions among publishers, distributors, common carriers and conduits, which are still part of the common law, have in recent years also been absorbed by constitutional doctrine. In Smith v. California, 361 U.S. 147 (1959), for example, the Supreme Court adopted a similar rationale as a matter of First Amendment law and used it to strike down a California statute that imposed strict criminal liability on bookstore owners who stocked “any obscene or indecent writing”:
2

[T]he constitutional guarantees of the freedom of speech and of the press stand in the way of imposing [this] requirement on the bookseller. By dispensing with any requirement of knowledge of the contents of the book on the part of the seller, the ordinance tends to impose a severe limitation on the public’s access to constitutionally protected matter. For if the bookseller is criminally liable without knowledge of the contents, and the ordinance fulfills its purpose, he will tend to restrict the books he sells to those he has inspected; and thus the State will have imposed a restriction upon the distribution of constitutionally protected as well as obscene literature. . . . And the bookseller’s burden would become the public’s burden, for by restricting him the public’s access to reading matter would be restricted. If the contents of bookshops and periodical stands were restricted to material of which their proprietors had made an inspection, they might be depleted indeed. The bookseller’s limitation in the amount of reading material with which he could familiarize himself, and his timidity in the face of his absolute criminal liability, thus would tend to restrict the public’s access to forms of the printed word which the State could not constitutionally suppress directly. The bookseller’s self-censorship, compelled by the State, would be a censorship affecting the whole public, hardly less virulent for being privately administered.
Through it, the distribution of all books, both obscene and not obscene, would be impeded.
Id. at 152-54 (footnote omitted).
Similarly, in Farmers Educational and Cooperative Union of America v. WDAY, Inc., 360
U.S. 525 (1959), the Supreme Court held that a radio and television station was immune from liability for defamatory statements made on the air by a political candidate who was exercising his statutory right of reply to statements made by his opponents. Noting “this country’s tradition of free expression,” id. at 529, and recognizing the extreme practical difficulties a station faced under such circumstances, the Court found, in effect, that the station was acting simply as a conduit:
The decision a broadcasting station would have to make in censoring libelous discussion by a candidate is far from easy. Whether a statement is defamatory is rarely clear. Whether such a statement is actionably libelous is an even more complex question, involving as it does, consideration of various legal defenses such as “truth” and the privilege of fair comment. Such issues have always troubled courts. Yet, under petitioner’s view of the statute they would have to be resolved by an individual licensee during the stress of a political campaign, often, necessarily, without adequate consideration or basis for decision. Quite possibly, if a station were held responsible for the broadcast of libelous material, all remarks even faintly objectionable would be excluded out of an excess of caution. Moreover, if any censorship were permissible, a station so inclined could intentionally inhibit a candidate’s legitimate presentation under the guise of lawful censorship of libelous matter. Because of the time limitation inherent in a political campaign, erroneous decisions by a station could not be corrected by the courts promptly enough to permit the candidate to bring improperly excluded matter before the public. It follows from all this that allowing censorship, even of the attenuated type advocated here, would almost inevitably force a candidate to avoid controversial issues during political debates over radio and television, and hence restrict the coverage of consideration relevant to intelligent political decision.
3

Id. at 530-31.
These same principles should afford a substantial measure of protection to colleges and universities that provide Internet services. With respect to the information that they (and their employees in the course of their employment) create and disseminate, they will, of course, be treated as traditional publishers. But in large part, college and university Internet providers act primarily as distributors of information created by others. Like any bookseller, library or news vendor, they stock their electronic “shelves” with a wide variety of materials from a wide variety of sources, and, as a practical matter, they cannot prescreen each of those materials and still perform their function of distributing information. Thus, at a minimum, college and university
Internet providers should not be held liable for the content of such materials in the absence of a showing that they know or have reason to know that it is tortious or otherwise illegal in character. Moreover, in many cases — such as e-mail, mailing lists, conferencing services and most student Internet uses
— such providers are more nearly like common carriers or conduits and should arguably be treated accordingly.
The fact that college and university Internet providers may have a right to control the use and content of their systems, see, e.g., Loving v. Boren, 956 F. Supp. 953 (W.D. Okla.
1997), aff'd on other grounds, 133 F.3d 771 (10th Cir. 1998) (state university may limit the use of its computer systems to “academic and research purposes” and is not constitutionally required to provide unrestricted access to the Internet), does not change this calculus. The same is true of any distributor of any type of information. For example, a bookstore may decline to carry a particular book, but its failure to do so does not automatically make it responsible for the book’s content.
More importantly, any such power of editorial control is largely theoretical. Given the vast quantity of information that flows through such systems
— increasingly, much of it encrypted — and the speed with which it flows, a provider’s editorial control is, as a practical matter, largely limited to the power to veto an information source on a wholesale basis, rather than to conduct any actual review or editing or to exercise any real control over specific content.
Even if they could preview everything that flowed through their systems, public colleges and universities would face additional First Amendment restrictions on their ability to make contentbased decisions about what they saw. And, to the extent that the Fourth Amendment, the
Electronic Communications Privacy Act and similar state statutes (discussed in § IV(B), below) prohibit providers from reviewing communications made through their systems, colleges and universities have no editorial control at all. In short, college and university Internet providers actually have far less ability to control content than a bookseller, library or news vendor.
In reality, the imposition of any greater responsibility for publication torts would effectively require colleges and universities simply to turn off their systems. As the court held in a similar context in
Auvil v. CBS “60 Minutes”, 800 F. Supp. 928, 931-32 (E.D. Wash. 1992), a
$75,000,000 defamation case against several local TV stations based on a network broadcast that they had transmitted:
With the possible exception of re-run movies, the content of which is already widely known and/or catalogued, plainti ffs’ construction would force the creation of full time editorial boards at local stations throughout the country which possess sufficient knowledge, legal acumen and access to experts to continually monitor incoming transmissions and exercise on-the-spot discretionary calls or face $75 million dollar lawsuits at every turn. That is not realistic. . . .
4

More than merely unrealistic in economic terms, it is difficult to imagine a scenario more chilling on the media’s right of expression and the public’s right to know.
III. Libel
A. General Principles
At its most basic level, libel is the dissemination of a false statement of fact about a specific person that is sufficiently serious to damage that person’s reputation. See generally
Restatement (Second) of To rts § 558; Bruce Sanford, Libel and Privacy § 4.2 (2d ed. 1993).
Significantly for Internet service providers, one who “republishes,” or adopts and passes on, a libelous statement is ordinarily equally liable with the statement’s originator. Restatement
(Second) of Torts § 578. (This rule is qualified, however, by the rules governing distributors, common carriers and conduits discussed in § II, above.) Moreover, “[o]ne who intentionally and unreasonably fails to remove defamatory matter that he knows to be exhibited on land or chattels in his possession or under his control” — including, perhaps, publicly accessible web and Usenet servers and the like — “is subject to liability for its continued publication.”
Restatement (Second) of Torts § 577. Cf. Fogg v. Boston & Lowell R.R., 20 N.E. 109 (Mass.
1889) (railroad company may be held liable for libel posted for 40 days on a bulletin board in its ticket office).
Over the years, numerous privileges and defenses have been established as limitations to these general rules. Most important of these has been the abolishment, as a constitutional matter, of strict liability. Under current doctrine, a libel defendant cannot be held liable in the absence of a showing of fault. See generally Restatement (Second) o f Torts §§ 558(c), 580A and 580B; Bruce Sanford, Libel and Privacy, chapter 8 (2d ed. 1993).
The degree of fault necessary to establish liability depends upon the identity of the plaintiff. “Public officials” and “public figures” must prove that the defendant acted with “actual malice” — that is, knowing that the relevant statement was false or having serious, subjective doubts about its truth, a standard similar to the common law standard for distributor liability.
New York Times Co. v. Sullivan, 376 U.S. 254 (1964). See also St. Amant v. Thompson, 390
U.S. 727 (1968). “Private persons” must show at least that the defendant acted negligently in disseminating a libelous statement. Gertz v. Robert Welch, Inc., 418 U.S. 323 (1974).
B. Discussion
Based on the cases to date, it appears that libel suits against the authors of libelous
Internet communications will play out very much like libel suits involving more traditional means of communication. For example, in Rindos v. Hardwick, http://www.jmls.edu/cyber/ cases/rindos.html (W. Austl. S.C. 1994), a professor who had been denied tenure sued another professor who, in a message posted to an electronic bulletin board available to academicians worldwide, implied that the reasons for the denial were that the plaintiff professor was incompetent and engaged in pedophilia. Applying garden variety libel principles, the court found that the message was libelous and awarded the plaintiff professor $40,000 in damages.
As for Internet and other online service providers that transmit such messages, however, the law is less clear; to date, there are few reported decisions, and they appear, at least on their face, to conflict. In the first such case, Cubby, Inc. v. CompuServe Incorporated,
5

776 F. Supp. 135 (S.D.N.Y. 1991), the plaintiff sued CompuServe, a national online information service, on the basis of allegedly false and defamatory statements that were contained in an electronic newsletter available in CompuServe’s Journalism Forum. The newsletter was published by a third party with no connection to CompuServe, and the Forum itself was moderated by an independent contractor who was responsible for its contents. As a practical matter, neither CompuServe nor the moderator had an opportunity to review the contents of the newsletter, which became available to Forum members as soon as the publisher uploaded it into CompuServe’s computer system.
CompuServe sought summary judgment on the grounds that it was an electronic distributor, not the publisher, of the statements at issue; that it did not know or have any reason to know of the allegedly false and defamatory character of the statements when they were made available on its system; and that, as a matter of law, it therefore could not be held liable.
The court agreed and granted CompuServe’s motion:
[CompuServe] is in essence an electronic, for-profit library that carries a vast number of publications and collects usage and membership fees from its subscribers in return for access to the publications. CompuServe and companies like it are at the forefront of the information industry revolution. High technology has markedly increased the speed with which information is gathered and processed; it is now possible for an individual with a personal computer, modem, and telephone line to have instantaneous access to thousands of news publications from across the United States and around the world. While
CompuServe may decline to carry a given publication altogether, in reality, once it does decide to carry a publication, it will have little or no editorial control over that publication’s contents. . . .
. . . CompuServe has no more editorial control over [the publication at issue] than does a public library, book store, or newsstand, and it would be no more feasible for CompuServe to examine every publication it carries for potentially defamatory statements than it would be for any other distributor to do so. . . .
Technology is rapidly transforming the information industry. A computerized database is the functional equivalent of a more traditional news vendor, and the inconsistent application of a lower standard of liability to an electronic news distributor such as CompuServe than that which is applied to a public library, book store, or newsstand would impose an undue burden on the free flow of information. Given the relevant First Amendment considerations, the appropriate standard of liability to be applied to CompuServe is whether it knew or had reason to know of the allegedly defamatory . . . statements.
Id. at 140-41.
By contrast, in Stratton Oakmont, Inc. v. Prodigy Services Co., 1995 N.Y. Misc. LEXIS
229 (Sup. Ct.), reh'g denied, 24 Media L. Rep. (BNA) 1126 (Sup. Ct. 1995), the court held that another national online information service, Prodigy, was potentially liable as a publisher for a series of defamatory messages that an unidentified user had posted to its Money Talk bulletin board. Claiming to be “in full agreement with Cubby,” the court noted a number of differences between the two cases. First, until just a few months before the defamatory postings, Prodigy employees had, in fact, prescreened all messages on its system before allowing them to be posted, though only for obscene, “insulting” or “harassing” language. Second, even after it had
6

abandoned this practice , Prodigy still filtered all messages through its “George Carlin” software, which automatically rejected messages containing such language, and employed “board leaders” who had the power to delete messages that violated its guidelines. Perhaps most importantly, Prodigy had also frequently touted these practices and held itself out to the public as the “family network.” In one nationally distributed article, for example, Prodigy stated that
“‘[c]ertainly no responsible newspaper does less when it chooses the type of advertising it publishes, the letters it prints, the degree of nudity and unsupported gossip its editors tolerate.’”
Id. at *4.
Based on these facts, the court, in effect, took Prodigy at its word and found it to be a
“publisher”:
By actively utilizing technology and manpower to delete notes from its computer bulletin boards on the basis of offensiveness and “bad taste,” for example,
Prodigy is clearly making decisions as to content, and such decisions constitute editorial control. That such control is not complete and is enforced both as early as the notes arrive and as late as a complaint is made, does not minimize or eviscerate the simple fact that Prodigy has uniquely arrogated to itself the role of determining what is proper for its members to post and read on its bulletin boards. . . .
. . . Indeed, it could be said that Prodigy’s current system of automatic scanning, Guidelines and Board Leaders may have a chilling effect on freedom of communication in Cyberspace, and it appears that this chilling effect is exactly what Prodigy wants, but for the legal liability that attaches to such censorship.
Prodigy’s conscious choice, to gain the benefits of editorial control, has opened it up to a greater liability than CompuServe and other computer networks that make no such choice.
Id. at *10-*13 (citations omitted).
To the extent that the Stratton Oakmont decision hinges simply upon Prodigy’s unique public relations campaign, it should make little difference to colleges and universities, which typically do not claim to (and do not) exercise any significant editorial control over their systems.
To the extent that the case holds that prescreening for obscene and offensive language and/or after-the-fact deletion of libelous messages is enough to make t he provider the “publisher” of everything on its system, however, it marks a significant departure from past jurisprudence.
Distributors frequently choose not to carry obscene or other materials, and they have always been required to remove libelous mater ials once they “have reason to know” of their existence, but neither practice has ever before been considered sufficient to turn them into “publishers” of all material that they carry. See, e.g., Spence v. Flynt, 647 F. Supp. 1266 (D. Wyo. 1986);
Maynard v. Port Publications, Inc., 297 N.W.2d 500 (Wisc. 1980). Indeed, to hold otherwise would be, in effect, to eliminate the distributor category altogether.
Ironically, Prodigy might well have been found liable under traditional distributor liability princip les. According to published reports about the case, Prodigy’s customer service department received a complaint about the defamatory postings a few days after they first appeared. Despite this notice, however, Prodigy made no effort to investigate the complaint or to remove the postings until several weeks later, after the lawsuit was filed. Alison Frankel, On-
Line, On The Hook , American Lawyer, Oct. 1995, at 64. Because Prodigy thus “had reason to know” that libelous messages were allegedly on its system, its failure to take action would likely
7

have been sufficient for it to have been found liable even as a distributor. Cf. Spence v. Flynt,
647 F. Supp at 1274 (“This was simply not a case of an innocent magazine seller unwittingly disseminating allegedly libelous material. Rather, we have a distributor who possessed detailed knowledge of the ongoing bitter battle between Hustler and Spence, and who, after receiving a complaint about the magazine, failed to investigate and continued to sell it. . . . The Court finds that these constitute special circumstances and that Park Place Market has failed to show . . . that it is not liable for the alleged injury to the plaintiffs.”).
Regardless of its merits, the Stratton Oakmont decision need no longer be of any significant concern. A provision of the Communications Decency Act that has not been challenged now specifies that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” 47 U.S.C. § 230(c)(1). The legislative history of this provision indicates that it was meant to overrule Prodigy, so that concerns about libel would not discourage Internet service providers from screening for and elimi nating “indecent” materials. See 142 Cong. Rec. H1078,
H1130 (daily ed. Jan. 31, 1996) (H.R. Rep. 104458) (“This section provides ‘Good Samaritan’ protections from civil liability for providers or users of an interactive computer service for actions to restrict or to enable restriction of access to objectionable online material. One of the specific purposes of this section is to overrule Stratton-Oakmont v. Prodigy and any other similar decisions which have treated such providers and users as publishers or speakers of content that is not their own because they have restricted access to objectionable material.”).
Moreover, the New York courts have since all but expressly overruled Stratton Oakmont. See
Lunney v. Prodigy Services Co., 683 N.Y.S.2d 557 (App. Div. 1998), aff’d, 1999 N.Y. Lexis
3746 (“Our . . . holding . . . results in our being in complete harmony with the expanding body of case law which supports the general proposition that an on-line service company such as
Prodigy is not liable for damages when its services are misused by a third party who transmits an offensive or libelous text.”)
The first case to construe the CDA provision indicates that it may provide even greater protections than its language suggests. In Zeran v. America Online, Inc., 958 F. Supp. 1124
(E.D. Va.), aff'd, 129 F.3d 327 (4th Cir. 1997), cert. denied, 118 S. Ct. 2341 (1998), Kenneth
Zeran sued AOL on the basis of a series of messages posted to one of its electronic bulletin boards. The messages, a series of fake advertisements for t-shirts making fun of the
Oklahoma City bombing just days after it occurred, listed Zeran’s name and telephone number and resulted in a flood of abusive and threatening calls. Although AOL promptly deleted each message that Zeran called to its attention, additional such messages continued to appear over the course of a week, and AOL was apparently unable either to determine who was posting them or to prevent them from appearing. Zeran based his suit on a libel “distributor” theory, arguing that once he had informed AOL of the messages, it had a duty to ensure that they stopped. The court dismissed Zeran’s claim, holding that it was preempted by the CDA’s “Good
Samaritan” provision:
The key to answering this question lies in understanding the true nature of so-called distributor liability and its relationship to publisher liability. At the heart of Zeran’s argument is the premise that distributor liability is a common law tort concept different from, and unrelated to, publisher liability. This is not so: distributor liability, or more precisely, liability for knowingly or negligently distributing defamatory material, is merely a species or type of liability for publishing defamatory material. . . .
. . . It follows that Zeran’s attempt to impose distributor liability on AOL is, in effect, an attempt to have AOL treated as the publisher of the defamatory
8

material. This treatment is contrary to § 230(c)(1) of the CDA and, thus, Zeran’s claim for negligent distribution of the notice is preempted.
Id. at 1133 (footnotes omitted).
A second case, Blumenthal v. Drudge, 992 F. Supp. 44 (D.D.C. 1998), took Zeran ’s analysis one step further, holding that the statutory immunity applies even when an Internet service provider enters into a license agreement with an information content provider, pays the information content provider a royalty for the right to disseminate its content, and retains the right to remove objectionable content, but does not actually create or review the content on which a libel claim subsequently is based:
AOL is not a passive conduit like the telephone company, a common carrier with no control and therefore no responsibility for what is said over the telephone wires. Because it has the right to exercise editorial control over those with whom it contracts and whose words its disseminates, it would seem only fair to hold
AOL to the liability standards applied to a publisher or, at least, like a book store owner or library, to the liability standards applied to a distributor. But Congress has made a different policy choice by providing immunity even where the interactive service provider has an active, even aggressive role in making available content prepared by others. In some sort of tacit quid pro quo arrangement with the service provider community, Congress has conferred immunity from tort liability as an incentive to Internet service providers to selfpolice the Internet for obscenity and other offensive material, even where the self-policing is unsuccessful or not even attempted.
Id. at 44-45 (footnotes omitted).
In Doe v. America Online, Inc., 718 So. 2d 385 (Fla. App. 1997), the court extended
Zeran in another direction, applying it to a claim that AOL had negligently permitted a subscriber to advertise pornographic photographs and videotapes depicting the plaintiff’s minor son, the distribution of which had resulted in severe emotional distress. Although the subscriber had not displayed or transmitted the materials themselves on AOL, the court nevertheless held that § 230(c)(1) preempted the plaintiff’s claim. To hold otherwise, the court stated, “would impose on AOL, as a matter of law, a standard of care that would require AOL to monitor, screen and censor the great volumes of information transmitted over its system by third parties, which are the quintessential activities in which traditional publishers must engage.”
Id. at *7. See also Ben Ezra, Weinstein, and Co. v. America Online, Inc., http://legal.web.aol.com/decisions/dldefam/ezra.html (D.N.M. 1999) (AOL cannot be held liable for disseminating inaccurate stock data provided by a third party);
Truelove v. Mensa Int’l, Ltd., http://legal.web.aol.com/decisions/dldefam/truelove.html (D. Md. 1999) (ISP cannot be held liable for third-party messages on mailing list it carries).
If the holdings of the Zeran line of cases stand, college and university Internet providers will effectively be “conduits” — and therefore effectively immune from liability — for purposes of any third-party libels, and perhaps other torts, committed on their systems — even if they “know or have reason to know” that those materials are libelous.
1 But even if those holdings should
1 Another portion of the “Good Samaritan” provision provides that “[n]othing in this section shall be construed to limit or expand any law pertaining to intellectual property,” 47 U.S.C. § 230(d)(2), so that whatever immunity the CDA extends in other areas apparently will not extend to third-party copyright
9

fall, leaving only Cubby for guidance, the holding of that case should not be taken as the definitive answer for all providers in all contexts. What was an appropriate standard with respect to the proprietary portion of CompuServe’s system, in which CompuServe itself determined what materials to make available, may well be an overly burdensome and inappropriate standard in oth er contexts. For the reasons stated in § II, above, colleges and universities typically have, and typically exercise, less control over the content of their systems and, in many instances, do no more than make the system available for others’ use. In those instances, they arguably are mere “conduits” under existing common law principles and should therefore not be subject to the “distributor” standard.
C. A Note on “Public Figures” in the Information Age
In Gertz v. Robert Welch, Inc., 418 U.S. 323 (1974), the Supreme Court established a general standard for determining “public figure” status:
That designation may rest on either of two alternative bases. In some instances an individual may achieve such pervasive fame or notoriety that he becomes a public figure for all purposes and in all contexts. More commonly, an individual voluntarily injects himself or is drawn into a particular public controversy and thereby becomes a public figure for a limited range of issues. In either case such persons assume special prominence in the resolution of public questions.
Id. at 351. As justification for the constitutional limitations it had imposed on public-figure libel suits, the Court relied in substantial part on the fact that public figures can more readily correct the record than can private individuals:
The first remedy of any victim of defamation is self-help — using available opportunities to contradict the lie or correct the error and thereby to minimize its adverse impact on reputation. Public officials and public figures usually enjoy significantly greater access to the channels of effective communication and hence have a more realistic opportunity to counteract false statements than private individuals normally enjoy. Private individuals are therefore more vulnerable to injury, and the state interest in protecting them is correspondingly greater.
Id. at 344 (footnote omitted).
While applying the publicfigure standard to particular cases “is much like trying to nail a jellyfish to the wall,” Rosanova v. Playboy Enterprises, Inc., 411 F. Supp. 440, 443 (S.D. Ga.
1976), aff’d, 580 F.2d 859 (5th Cir. 1978), it may take on new meaning in the context of electronic defamation. As Mike Godwin, online counsel to the Electronic Frontier Foundation, has noted, the increasing availability of inexpensive, worldwide means of electronic communication has vastly increased the access of individuals to “channels of effective communication” and allows them more readily to “thrust [themselves] into the vortex of . . . publi c issue[s].” Gertz, 418 U.S. at 344 and 352. See Mike Godwin, Libel, Public Figures, and the Net , Internet World, June 1994. As a result, it may become “almost trivially easy to become a public figure on the Net.” Id. infringements. However, Congress subsequently enacted similar protections in the Digital Millennium
Copyright Act, the relevant portions of which are to be codified at 11 U.S.C. § 512.
10

IV. Privacy and Related Issues
A. The Common Law of Privacy
What is commonly referred to as the common law “right of privacy” actually encompasses four distinct torts:
• Intrusion: “One who intentionally intrudes, physically or otherwise, upon the solitude or seclusion of another or his private affairs or concerns, is subject to liability to the other for invasion of his privacy, if the intrusion would be highly offensive to a reasonable person.” Restatement
(Second) of Torts § 652B.
• Misappropriation of Name or Likeness: “One who appropriates to his own use or benefit the name or likeness of another is subject to liability to the other for invasion of his privacy.” Restatement (Second) of Torts
§ 652C.
• Public Disclosure of Private Facts: “One who gives publicity to a matter concerning the private life of another is subject to liability to the other for invasion of his privacy, if the matter publicized is of a kind that (a) would be highly offensive to a reasonable person, and (b) is not of legitimate concern to the public.” Restatement (Second) of Torts § 652D.
• False Light: “One who gives publicity to a matter concerning another that places the other before the public in a false light is subject to liability to the other for invasion of his privacy, if (a) the false light in which the other was placed would be highly offensive to a reasonable person, and (b) the actor had knowledge of or acted in reckless disregard as to the falsity of the publicized matter and the false light in which the other would be placed.” Restatement (Second) of Torts § 652E.
A related tort is the “intentional infliction of emotional distress”: “One who by extreme and outrageous conduct intentionally or recklessly causes severe emotional distress to another is subject to liability for such emotional distress, and if bodily harm to the other results from it, for such bodily harm.” Restatement (Second) of Torts § 46.
Many of the common law and constitutional privileges that have developed in the area of libel have been engrafted onto the law pertaining to these torts. For example, the protections accorded to common carriers and conduits in libel cases also extend to privacy cases.
Restatement (Second) of Torts § 652G. Moreover, the First Amendment limitations on claims by public officials and public figures have also generally been applied. See, e.g., Hustler
Magazine, Inc. v. Falwell, 485 U.S. 46 (1988) (actual malice standard applies to emotional distress claims brought by public figures and public officials). See also Florida Star v. B.J.F.,
491 U.S. 524 (1989) (private facts claim cannot be based on information that is publicly available or of legitimate public concern); Time, Inc. v. Hill, 385 U.S. 374 (1967) (actual malice standard applies to false light claims based on reports concerning newsworthy persons or events).
A number of states have refused to recognize the false light tort altogether, finding it to be simply an attempt to evade constitutional protections in the libel area. See, e.g., M.J.
DiCorpo, Inc. v. Sweeney, 634 N.E.2d 203 (Ohio 1994); Howell v. New York Post Co., 596
11

N.Y.S.2d 350 (N.Y. 1993); Renwick v. News and Observer Publishing Co., 312 S.E.2d 405
(N.C.), cert. denied, 469 U.S. 858 (1984). Similarly, misappropriation has largely been limited to instances involving advertising and other purely commercial contexts. See Restatement
(Second) of Torts § 652C comment b. But cf. Zacchini v. Scripps-Howard Broadcasting Co.,
433 U.S. 562 (1977) (“Wherever the line in particular situations is to be drawn between media reports that are protected and those that are not, we are quite sure that the First and
Fourteenth Amendments do not immunize the media when they broadcast a performer’s entire act without his consent.”).
As has been the case for the traditional media, privacy and related torts should generally not be of overwhelming concern to college and university Internet providers. The constitutional sensitivity for the free flow of information, coupled with the common law rules governing distributors, common carriers and conduits and the inherent limitations of these torts, should provide a substantial measure of protection for good-faith providers.
The effectiveness of these protections is perhaps best demonstrated by the fact that, to date, there have been few reported cases of any significance — and apparently none successful — involving a common law privacy claim against a computer communication service provider. In Stern v. Delphi Internet Services Corp., 626 N.Y.S.2d 694 (Sup. Ct. 1995), for example, radio personality Howard Stern sued Delphi under New York’s version of the misappropriation theory when it published his bare-bottomed photograph in a newspaper ad promoting a newsgroup devoted to his ill-fated candidacy for governor. Citing Cubby v.
CompuServe, the court held that Delphi was engaged in First Amendment-protected activity and rejected Stern’s claim: “Because Stern’s name was used by Delphi to elicit public debate on Stern’s candidacy, logically the subsequent use of Stern’s name and likeness in the advertisement is afforded the same protection as would be afforded a more traditional news disseminator engaged in the advertisement of a newsworthy product. . . . The newsworthy use of a private person’s name or photograph does not give rise to a cause of action under [New
York misappropriation law] as long as the use is reasonably related to a matter of public interest.” Id. at 698-99. See also Leary v. Punzi, 687 N.Y.S.2d 551 (Sup. Ct. 1999) (listing of former employee as a “contact person” for an arts organization is not misappropriation).
In Smyth v. The Pillsbury Co., 914 F. Supp. 97 (E.D. Pa. 1996), Smyth, an at-will employee, was fired after he allegedly sent an internal e-mail message to his supervisor threatening to “kill the backstabbing bastards” in the company’s sales management and referring to the company’s holiday party as the “Jim Jones Koolaid affair.” Smyth then sued the company under the “intrusion” theory of invasion of privacy, arguing that the company had assured its employees that e-mail communications were confidential and would neither be intercepted nor used as a basis for discipline or termination. The court dismissed the complaint for failure to state a cognizable claim:
In the first instance, unlike urinalysis and personal property searches, we do not find a reasonable expectation of privacy in e-mail communications voluntarily made by an employee to his supervisor over the company e-mail system notwithstanding any assurances that such communications would not be intercepted by management. Once plaintiff communicated the alleged unprofessional comments to a second person (his supervisor) over an e-mail system which was apparently utilized by the entire company, any reasonable expectation of privacy was lost. . . . We find no privacy interests in such communications.
12

In the second instance, even if we found that an employee had a reasonable expectation of privacy in the contents of his e-mail communications over the company e-mail system, we do not find that a reasonable person would consider the defendant’s interception of these communications to be a substantial and highly offensive invasion of his privacy. Again, we note that by intercepting such communications, the company is not, as in the case of urinalysis or personal property searches, requiring the employee to disclose any personal information about himself or invading the employee’s person or personal effects. Moreover, the company’s interest in preventing inappropriate and unprofessional comments or even illegal activity over its e-mail system outweighs any privacy interest the employee may have in those comments.
Id. at 101.
Most recently, in McLaren v. Microsoft Corp., 1999 Tex. App. Lexis 4103, a terminated employee of Microsoft (a company well known for its interest in privacy issues) sued the company for invasion of privacy after it accessed a folder marked “personal” on “his” office computer during an investigation of sexual harassment charges against him. The court quickly disposed of the claim:
McLaren’s workstation was provided to him by Microsoft so that he could perform the functions of his job. In connection with that purpose and as alleged in
McLaren’s petition, part of his workstation included a company-owned computer that gave McLaren the ability to send and receive e-mail messages. Thus, contrary to his argument on appeal, the e-mail messages contained on the company computer were not McLaren’s personal property, but were merely an inherent part of the office environment. . . . [W]e cannot conclude that McLaren, even by creating a personal password, manifested – and Microsoft recognized – a reasonable expectation of privacy in the contents of the e-mail messages such that Microsoft was precluded from reviewing the messages.
Id. at *11 -* 12.
While common law privacy principles need not be of major concern to good-faith
Internet service providers, there may well be a surge of privacy cases against system users as the Internet continues to grow, and the protections available to the media will not likely be available. For example, while the media are rarely, if ever, found liable for the public disclosure of private facts — if an item appears in the press, it is, almost by definition, deemed to be of public concern — courts likely will be less deferential to the "news judgment" of, say, the authors of Usenet messages concerning sensitive personal matters. Cf. Aware Woman Center for Choice v. Raney, Case No. 99-5-CV-ORL-19C (M.D. Fla.) (pending case, based in part on private facts theory, brought by an abortion clinic against various Internet service providers that provided anti-abortion activists with access to databases containing personal information).
Similarly, "fan" web pages, which are increasingly common, could become a fertile source of misappropriation cases. Cf. Louder v. CompuServe Incorporated, Case No. BC153274 (Cal.
Super. Ct.) (pending misappropriation case brought by a class of "aspiring and beginning models" whose photographs were made available in a collection of "California Girls" images available in a CompuServe forum). A number of such cases have been filed, and many of them have been settled on undisclosed terms.
13

B. Statutory Privacy
Despite the dearth of common law cases in this area, one statutory variant of the tort of intrusion is receiving increased attention as the use of e-mail and similar services continues to grow. In the Electronic Communications Privacy Act of 1986 (the “ECPA”), Congress extended the provisions of the Federal Wiretap Statute to “electronic communications,” which it defined ge nerally as “any transfer of signs, signals, writing, images, sounds, data, or intelligence of any nature transmitted in whole or in part by a wire, radio, electromagnetic, photoelectronic or photooptical system that affects interstate or foreign commerce”. 18 U.S.C. § 2510(12).
As thus revised, the Federal Wiretap Statute, “which is famous (if not infamous) for its lack of clarity,” Steve Jackson Games, Inc. v. United States Secret Service, 36 F.3d 457 (5th
Cir. 1994) 2 , now generally prohibits the actual o r attempted “intentional” interception, disclosure or use of an electronic communication by “any person” — including an “electronic communication service”. 18 U.S.C. § 2511(1)(a)-(d).
There are, however, a number of exceptions to this general prohibition. Of most importance, an “electronic communication service” may intercept communications that flow through its system when:
• the “electronic communication system . . . is configured so that such electronic communication is readily accessible to the genera l public” — as is the case with the Web, Usenet and most bulletin board and conferencing systems. 18 U.S.C. § 2511(2)(g)(i).
• “one of the parties to the communication has given prior consent to such interception[,] unless such communication is intercepted for the purpose of committing any criminal or tortious act in violation of the Constitution or laws of the United States or of any State.” 18 U.S.C. § 2511(2)(d). Note, however, that some state analogs to the Federal Wiretap Statute require both partie s to a communication to consent before an “interception” may be made. E.g.
, Cal. Penal Code §§ 631-32.
• “an officer, employee, or agent of a provider of . . . electronic communication service, whose facilities are used in the transmission of a[n] . . . electronic communication, . . . [is acting] in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service.” 18 U.S.C. § 2511(2)(a)(i). Such persons may also “disclose” and “use” the intercepted electronic communications under the same circumstances, id
., and may “divulge the contents of any such communication . . . with the lawful consent of the originator or any addressee or intended recipient of such communication
. . . [or] to a person employed or authorized, or whose facilities are used, to forward such communication to its destination.” 18 U.S.C.
§ 2511(3)(b)(ii)-(iii).
2 “[T]he Fifth Circuit . . . might have put the matter too mildly.” U.S. v. Smith, 155 F.3d 1051, 1055 (9th Cir.
1998), cert. denied, 525 U.S. 1071 (1999).
14

The ECPA provides somewhat less prot ection to communications that are in “electronic storage,” see 18 U.S.C. § 2510(17), rather than in actual transmission. For example, an electronic communications service provider is apparently free, at least as a statutory matter, to access communication s stored on its system. 18 U.S.C. § 2701(c)(1). See also Bohach v. City of Reno , 932 F. Supp. 1232, 1236 (D. Nev. 1996) (“§ 2701(c)(1) allows service providers to do as they wish when it comes to accessing communications in electronic storage.”). Moreover, while ECPA prohibits providers of electronic communication service to the general public from disclosing the content of stored communications, see 18 U.S.C. § 2702(a)(1), but contains no such restriction on “proprietary” providers, see Anderson Consulting LLP v. UOP, 991 F. Supp.
1041 (N.D. Ill. 1998).
In addition, the ECPA draws a sharp distinction between the contents of an electronic communication and the log files that merely record its existence and transmission. Thus, for example, “a provider of electronic communication service [may] record the fact that a[n] . . . electronic communication was initiated or completed in order to protect such provider, another provider furnishing service toward the completion of the . . . electronic communication, or a user of that service, from fraudulent, unlawful or abusive use of such service.” 18 U.S.C.
§ 2511(2)(h)(ii). Similarly, “a provider of electronic communication service . . . may disclose a record or other information pertaining to a subscriber to or customer of such service (not including the contents of communications covered by . . . this section) to any person other than a governmental entity.” 18 U.S.C. § 2703(c)(1)(A). See U.S. v. Hambrick, 55 F. Supp. 2d 504,
507 (W.D. Va. 1999) (“ECPA’s concern for privacy extends only to government invasions of privacy. ISPs are free to turn . . . transactional records over to nongovermental entities.”);
McVeigh v. Cohen, 983 F. Supp. 215 (D.D.C. 1998) (a governmental entity may obtain access to such records only with a specified warrant, court order, or subpoena or with subscriber consent).
While the scope of the ECPA is not yet entirely clear, it does appear that an “electronic communication service” may not routinely monitor all “electronic communications” that it carries, at least without its users’ consent. Well-drafted computer use policies and user notifications should prevent any misunderstandings in this regard.
C. Constitutional Privacy
Public colleges and universities must also consider Fourth Amendment issues, though, again, the case law is sparse. As with the ECPA, however, “reasonable expectations of privacy” appear to be the key. See generally O’Connor v. Ortega, 480 U.S. 709, 722-26 (1987)
(“In our view, requiring [a government] employer to obtain a warrant whenever the employer wished to enter an employee’s office, desk, or file cabinets for a work-related purpose would seriously disrupt the routine conduct of business and would be unduly burdensome. . . .
[P]ublic employer intrusions on the constitutionally protected privacy interests of government employees for noninvestigatory, work-related purposes, as well as for investigations of workrelated misconduct, should be judged by the standard of reasonableness under all the circumstances.”). Compare Bohach v. City of Reno, 932 F. Supp at 1235 (No objectively reasonable expectation of privacy exists in a computer system that was “installed to allow communications among police personnel, and between police personnel and the press, about police matters; that it can be used to send private communications between police personnel is incidental to its primary function.”) with United States v. Maxwell, 45 M.J. 406 (C.M.A. 1996)
(“While implicit promises or contractual guarantees of privacy by commercial entities do not guarantee a constitutional expectation of privacy, we conclude that under the circumstances here appellant possessed a reasonable expectation of privacy, albeit a limited one, in the e-mail
15

messages that he sent and/or received on AOL.”). Thus, the issue can likely be resolved in computer use policies and user notifications.
Public institutions must also consider whether the information that they are collecting and disseminating over the Internet is subject to a constitutional right of informational privacy.
See Whalen v. Roe, 429 U.S. 589, 60506 (1977) (“We are not unaware of the threat to privacy implicit in the accumulation of vast amounts of personal information in computerized data banks or other massive government files. . . . The right to collect and use such data for public purposes is typically accompanied by a concomitant statutory or regulatory duty to avoid unwarranted disclosures. Recognizing that in some circumstances that duty arguably has its roots in the Constitution, nevertheless New York's statutory scheme, and its implementing administrative procedures, evidence a proper concern with, and protection of, the individual's interest in privacy. We therefore need not, and do not, decide any question which might be presented by the unwarranted disclosure of accumulated private data -- whether intentional or unintentional -- or by a system that did not contain comparable security provisions.”); Nixon v.
Administrator of General Services, 433 U.S. 425, 457-59 (1977).
Early indications suggest that any such restrictions will be slight. In Akella v. Michigan
Dept. of State Police, 67 F. Supp. 2d 716 (E.D. Mich. 1999), several persons required to register as sex offenders under Michigan’s version of “Megan’s Law” challenged Michigan’s decision to make that information available on the Internet, in part on common law invasion of privacy grounds. The court made quick work of the claim, holding that “plaintiffs do not have a
‘legitimate privacy interest in preventing compilation and dissemination of truthful information that is already, albeit less conveniently, a matter of public record.’ . . . [T]he Court concludes that dissemination of sex offender registration materials [over the Internet] does not violate any constitutional ly protected privacy interest of plaintiffs.” Id. at 729 (citation omitted).
D. FOIA and Public Records Statutes
In addition to the numerous privacy protections for electronic records, public colleges and universities must also grapple with the equally confusing, and often seemingly conflicting, requirements imposed upon them by applicable freedom of information and public records statutes. These statutes, which exist in every state, typically apply to all records regardless of their form; rather, it generally is the substance of a record that governs its status as public or not. See, e.g., State, ex rel. WilsonSimmons v. Lake County Sheriff’s Dept., 693 N.E.2d 789,
793 n.1 (Ohio 1998) (“In . . . holding [that a particular e-mail message is not subject to Ohio’s public records statute], we reject the sheriff's department's broader assertion that no public office e-mail would ever be public records . . . . [I]t is unnecessary for an expression to be in a particular medium for it to be a public record.”) However, while legislatures and courts have had little trouble determining that electronic records are subject to these statutes in general, they have had considerable trouble determining just what constitutes an electronic record in particular. The case s are just beginning to consider whether “cookies”, “metadata”, and other such “extra-textual” materials should be considered part of the public record, and it likely will be years before all of the policy and practical issues are sorted out. See, e.g., Putnam Pit, Inc. v.
City of Cookeville, 23 F. Supp. 2d 822 (M.D. Tenn. 1998) (considering, but not deciding, whether “cookies” are subject to Tennessee’s records statute); Public Citizen v. Carlin, 184
F.3d 900, 910 (D.C. Cir. 1999) (“a paper printout of an electronic mail record is not an "extra copy" within the meaning of [the Federal Records Act] if it does not include transmission data, such as the names and addresses of both the recipient and the author and the date the message was sent--the electronic equivalents of the address, return address, and date on correspondence sent by conventional mail”) .
16

V. Obscenity and Indecency
A. General Principles
The 1994 discovery of more than 90,000 hard-core pornographic images stored on a computer at the Lawrence Livermore nuclear weapons laboratory, see Reuter, Two Employees at Nuclear Lab Face Pornography Charges, Washington Post, August 19, 1994, at A20, highlighted the growing problem of — and growing interest in — computer pornography. Many of the most popular newsgroups and bulletin board services are devoted to sex, and it has become extraordinarily simple to digitize and transfer pornographic images. See, e.g., Playboy
Enterprises, Inc. v. Frena, 839 F. Supp. 1552 (M.D. Fla. 1993) (copyright infringement case involving centerfolds that had been scanned onto a bulletin board system).
Virtually every state and municipality has a statute prohibiting the sale or distribution of obscenity, and the federal government prohibits its interstate transportation. Although these statutes have tended to be haphazardly enforced (except at election time), they pose a potential minefield for Internet service providers, which, like officials at Lawrence Livermore, will often have no idea that obscene material is on their systems.
The First Amendment again offers some protection. In Miller v. California, 413 U.S. 15
(1973), the Supreme Court significantly narrowed the permissible scope of obscenity statutes:
We acknowledge . . . the inherent dangers of undertaking to regulate any form of expression. State statutes designed to regulate obscene materials must be carefully limited. As a result, we now confine the permissible scope of such regulation to works which depict or describe sexual conduct. That conduct must be specifically defined by the applicable state law, as written or authoritatively construed. A state offense must also be limited to works which, taken as a whole, appeal to the prurient interest in sex, which portray sexual conduct in a patently offensive way, and which, taken as a whole, do not have serious literary, artistic, political, or scientific value.
The basic guidelines for the trier of fact must be: (a) whether “the average person, applying contemporary community standards,” would find that the work, taken as a whole, appeals to the prurient interest; (b) whether the work depicts or describes, in a patently offensive way, sexual conduct specifically defined by the applicable state law; and (c) whether the work, taken as a whole, lacks serious literary, artistic, political, or scientific value.
Id. at 23-24 (footnote and citations omitted). Moreover, in Smith v. California, 361 U.S. 147
(1959) (discussed in § II, above), the Court held that obscenity laws could not constitutionally be applied to an unknowing distributor of obscene materials.
B. Discussion
Unlike privacy, the issue of obscenity has been the focus of considerable litigation in the
Internet context. Most prominently, the operators of the “Amateur Action” electronic bulletin board service were recently convicted, under federal law, of transmitting obscene images electronically from California to Memphis, Tennessee. The images on which the conviction was based were found to have violated the “contemporary community standards” of Memphis, although they apparently would have passed that test in California. United States v. Thomas,
17

74 F.3d 701, reh’g en banc denied, 1996 U.S. App. LEXIS 4529 (6th Cir.), cert. denied, 117 S.
Ct. 74 (1996). See also United States v. Thomas, Case No. 96-4099 (D. Utah 1997)
(subsequent conviction of same defendant in Utah). Moreover, there have been numerous obscenity and child pornography “stings,” and several convictions, in recent years. See, e.g.,
United States v. Delmarle, 99 F.3d 80 (2d Cir. 1996), cert. denied, 117 S. Ct. 1097 (1997)
(criminal conviction for computer transmission of child pornography); United States v. Maxwell,
45 M.J. 406 (C.M.A. 1996) (court martial for computer transmission of obscenity and child pornography). Individuals who engage in the creation and dissemination of computer pornography should take note of these developments.
Given the holdings of Miller and Smith, however, obscenity statutes should not be a serious concern for college and university Internet providers, which, at least with respect to obscenity, typically act, at most, as distributors or conduits for materials created by others. Cf. generally Brian T. v. Pacific Bell, 258 Cal. Rptr. 707 (App. 1989), review denied, 1989 Cal.
LEXIS 4189 (common carrier could not be held liable in tort for damages resulting from dial-a-porn services that it carried). They should, however, take prompt action to investigate and, if necessary, delete any obscene material on their system when it is brought to their attention.
The Telecommunications Act of 1996, which included a number of provisions designed to protect minors from computer “indecency,” would have been of greater concern had those provisions survived judicial scrutiny. The relevant provisions had their genesis in two competing bi lls: the Communications Decency Act, which sought essentially to ban all “indecent” material from the Internet, and the Online Family Empowerment Act, which sought instead to encourage technical, rather than legal, solutions to the problem. Apparently unable to reach an acceptable compromise, Congress simply passed both. Thus, the Telecommunications Act included a
Congressional finding that “[t]he Internet and other interactive computer services have flourished, to the benefit of all Americans, with a min imum of government regulation,” 47 U.S.C.
§ 230(a)(4); a statement that “[i]t is the policy of the United States to preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services, unfettered by Federal or State regulation,” 47 U.S.C. § 230(b)(2); and a new criminal provision prohibiting the use of the Internet to transmit “indecent” material, 47 U.S.C. § 223(a) and (d).
The Act also contained a number of defenses that would have limited college and university liability, including, most significantly, the socalled “good-faith provider” defense:
(e) In addition to any other defenses available by law: . . .
(5) It is a defense to a prosecution under subsection (a)(1)(B) or (d), or under subsection (a)(2) with respect to the use of a facility for an activity under subsection (a)(1)(B) that a person --
(A) has taken, in good faith, reasonable, effective, and appropriate actions under the circumstances to restrict or prevent access by minors to a communication specified in such subsections, which may involve any appropriate measures to restrict minors from such communications, including any method which is feasible under available technology; or
18

(B) has restricted access to such communication by requiring use of a verified credit card, debit account, adult access code, or adult personal identification number.
47 U.S.C. § 223. However, while credit card restrictions and adult access codes might have helped commercial providers avoid liability, they would have been of little use to colleges and universities, and the Act offered no guidance as to what other measures, short of banning all minor access or imposing password restrictions on all arguably “indecent” material, would have sufficed.
Within minutes after President Clinton signed the Telecommunications Act into law, the
ACLU and 19 coplaintiffs filed an action seeking to block enforcement of its “indecency” provisions, and at least one other, similar action was filed soon afterward by the publisher of an electronic newspaper. Both actions were heard by three-judge district court panels, pursuant to a special judicial review provision of the Act, and both resulted in unanimous, strongly worded decisions finding the “indecency” provisions to be unconstitutional. ACLU v. Reno, 929 F.
Supp. 824 (E.D. Pa. 1996); Shea v. Reno, 930 F. Supp. 916 (S.D.N.Y. 1996). In an opinion that was unusually critical both of Congress and of the government’s arguments, the Supreme
Court affirmed. Reno v. ACLU, 521 U.S. 844 (1997). Noting that the Internet is a “new marketplace of ideas,” id. at 885, the Court held that “there is no basis for qualifying the level of
First Amendment scrutiny that should be applied to this medium,” id. at 870, and found the provisions to b e of “wholly unprecedented” overbreadth, id. at 877.
Notwithstanding some of the more breathless press reports about the decision, however, it should not be taken as holding that the government can never regulate the Internet.
The First Amendment is not absolute and, as the Supreme Court itself stated, laws that are
“narrowly tailored” to serve a “compelling governmental interest” will still be permissible.
Moreover, the Supreme Court expressly recognized that existing obscenity laws can and do apply to the Internet. Id. at 2350. Still, post-Reno efforts to regulate sexually oriented material online have been largely unsuccessful. See, e.g., Cyberspace Communications, Inc. v. Engler,
55 F. Supp. 2d 737 (E.D. Mich. 1999) (Michigan statute prohibiting transmission to minors of material that is “harmful to minors” held unconstitutional); ACLU v. Reno, 31 F. Supp. 2d 473
(E.D. Pa. 1999) (preliminarily enjoining enforcement of the federal Child Online Protection Act, a.k.a. “CDA II”); ACLU v. Johnson, 4 F. Supp. 2d 1029 (D.N.M. 1998), aff’d, 194 F.3d 1149
(10th Cir. 1999) (New Mexico statute prohibiting online dissemination of material that is “harmful to minors” held unconstitutional); Mainstream Loudoun v. Loudoun County Library, 24 F. Supp.
2d 552 (E.D. Va. 1998) (policy requiring use of filtering software on public library computers held unconstitutional); American Library Ass'n v. Pataki, 969 F. Supp. 160 (S.D.N.Y. 1997)
(New York statute prohibiting online dissemination of material that is “harmful to minors” held unconstitutional); People v. Barrows, 677 N.Y.S.2d 672 (N.Y. Sup. Ct. 1998) (New York statute prohibiting transmission to minors of material that is “harmful to minors” held unconstitutional).
But see Urofsky v. Gilmore, 167 F.3d 191 (4th Cir. 1999) (Virginia statute prohibiting use of stateowned computers to “access, download, print or store any information infrastructure files or services having sexually explicit content” held constitutional as an appropriate restriction of public employee speech); ApolloMedia Corp. v. Reno, 19 F. Supp. 2d 1081 (N.D. Cal. 1998), aff’d mem., 119 S. Ct. 1450 (1999) (CDA provision prohibiting dissemination of “indecent” materials “with an intent to annoy” construed to apply only to obscenity and, on that basis, held constitutional).
19

VI. Sexual Harassment
A. General Principles
Even after Reno , “indecency” can — and sometimes must — be restricted under some circumstances. Under Title VII and Title IX, sexual harassment, including hostile environment sexual harassment, is prohibited, and colleges and universities have an obligation to maintain an atmosphere free of such harassment. Moreover, according to the guidelines recently issued by the Office of Civil Rights of the Department of Education, a college or university is liable even for peer harassment if it “knows or should have known of the harassment” and fails to take
“immediate and appropriate corrective action.” 62 Fed. Reg. 12039 (1997).
The standard for what constitutes hostile environment sexual harassment is, finally, becoming settled. As the Supreme Court stated in the employment context in Harris v. Forklift
Systems, Inc., 510 U.S. 17 (1993) (citations omitted):
When the workplace is permeated with “discriminatory intimidation, ridicule, and insult” that is “sufficiently severe or pervasive to alter the conditions of the victim’s employment and create an abusive working environment,” Title VII is violated.
This standard . . . takes a middle path between making actionable any conduct that is merely offensive and requiring the conduct to cause a tangible psychological injury. . . . “[M]ere utterance of an . . . epithet which engenders offensive feelings in an employee” does not sufficiently affect the conditions of employment to implicate Title VII. Conduct that is not severe or pervasive enough to create an objectively hostile or abusive work environment — an environment that a reasonable person would find hostile or abusive — is beyond
Title VII’s purview. Likewise, if the victim does not subjectively perceive the environment to be abusive, the conduct has not actually altered the conditions of the victim’s employment, and there is no Title VII violation.
But Title VII comes into play before the harassing conduct leads to a nervous breakdown. A discriminatorily abusive work environment, even one that does not seriously affect employees’ psychological well-being, can and often will detract from employees’ job performance, discourage employees from remaining on the job, or keep them from advancing in their careers. Moreover, even without regard to these tangible effects, the very fact that the discriminatory conduct was so severe or pervasive that it created a work environment abusive to employees because of their race, gender, religion, or national origin offends
Title VII’s broad rule of workplace equality.
Id. at 370-71. See also Oncale v. Sundowner Offshore Services, Inc., 118 S. Ct. 998,
10021003 (1998) (“Title VII [is not] . . . a general civility code. . . . [T]he statute does not reach genuine but innocuous differences in the ways men and women routinely interact . . . . The prohibition of harassment on the basis of sex requires neither asexuality nor androgyny in the workplace; it forbids only behavior so objectively offensive as to alter the " conditions" of the victim's employment.”).
20

B. Discussion
The DOE standard for vicarious liability for sexual harassment appears to be similar to the distributor standard of liability for libel and related torts. As a result, it also appears that colleges and universities will not be liable for sexual harassment merely because it happens to have taken place on their computer systems.
It seems clear, however, that Internet communications can create or constitute part of a hostile environment. Under the Harris standard, an isolated, sexually oriented “flame” is, by itself, unlikely to constitute legally actionable sexual harassment, regardless of how offensive it may be. On the other hand, the constant display of pornographic images on the terminals in an in stitution’s only public computer lab, like the display of centerfolds on an office wall, may make some students sufficiently uncomfortable that they cannot remain in the lab to complete their own work. Similarly, repeated, sexually derogatory e-mail messages directed to a specific student, like a steady stream of sexist remarks and epithets from colleagues, could substantially impair that student’s learning environment.
The question, as in other contexts, is one of degree. The following are some of the cases in which the question has arisen in the Internet context:
1) The Santa Rosa case. In 1992, a journalism professor at Santa Rosa Junior
College established a computer bulletin board on which his students could post messages in “conferences” devoted to various subject matters. In response to student requests, the professor created two gender-restricted conferences, one for male students only and one for female students only. He also established a rule requiring that messages posted to those conferences be kept confidential.
Following a controversy about a sexually suggestive ad in the campus newspaper, some of the participants in the male-only conference posted anatomically explicit and sexually derogatory messages about two women who had spoken out on the issue. Notwithstanding the confidentiality rule, another of the participants in the conference informed the women, and they obtained copies of the messages. They then complained to the college administration, which, upon investigation, found that they had not been subjected to a hostile educational environment, but did take steps to ensure that similar incidents would not happen in the future.
The women then took their complaint to OCR. Although the matter was ultimately settled, OCR did make preliminary findings on the issue of hostile environment. Applying Harris-like standards, OCR preliminarily determined that no such environment had been created as to one of the women, who, though initially frightened by the messages, stated that they had not directly impacted her ability to continue her studies. OCR did preliminarily determine, however, that such an environment had been created for the other woman, who had worked on the campus paper with the men, but was unable to continue to do so effectively after she learned of the messages.
OCR also preliminarily determined that the gender-restriction was itself a violation of 34 C.F.R. § 106.34, which prohibits a recipient of federal funds from carrying out educational programs or activities separately on the basis of sex.
2) Cornell and the “75 Reasons”. In 1995, four freshman at Cornell composed and emailed to a few of their friends a list of “75 reasons why women (bitches) should not have freedom of speech.” The list contained a number of sexist, derogatory and
21

vulgar statements, such as, “If she can’t speak, she can’t cry rape.” Unfortunately for the authors, their friends, who did not consider the list to be harassment, then disseminated it (complete with the authors’ names and e-mail addresses) to others, who in turn disseminated it to still others, and so on, until it had made its way around the world. In response, Cornell was flooded with e-mail demands to punish the authors, as well as email threats to “mailbomb” Cornell’s computer system if it did. The authors themselves also received a flood of e-mail complaints, including a few death threats.
Cornell’s Judicial Administrator ultimately determined that the authors had not violated Cornell’s sexual harassment policy, since they were not responsible for its distribution to those who considered it harassment. (In fact, most of the list’s wide distribution had been effected by those who were offended by it.) The students did, however, voluntarily apologize for the effect that their actions had had on the Cornell community.
3) Knox v. Indiana, 93 F.3d 1327 (7th Cir. 1996). Kristi Knox, a correctional officer at a state prison in Indiana, sued the state under Title VII for sexual harassment committed by her supervisor, Robert Stewart. The basis for her complaint was a lengthy course of misconduct by Stewart that included numerous e-mail messages asking her for sex or an “HGTWM,” by which he meant a “horizontal good time with me”.
Although the court considered Stewart’s actions to constitute “blatant sexual harassment,” the jury found for the state on Knox’s quid pro quo and hostile environment claims, apparently on the ground that the state had not known of Stewart’s actions at the time and had responded adequately when it learned of them. The jury did, however, award Knox $40,000 on her retaliation claim, apparently on the ground that the state did not properly respond to the actions taken against her by co-workers in retaliation for her complaint.
4) Owens v. Morgan Stanley & Co., 1997 U.S. Dist. LEXIS 10351, modified,
1997 U.S. Dist. LEXIS 20493 (S.D.N.Y.). A white employee of Morgan Stanley circulated an e-mail message containing racist jokes to other white employees of the company. When two African-American employees sued, the court dismissed their case, holding "that, as a matter of law, this single incident, while entirely reprehensible, cannot form the basis for a claim of hostile work environment". The court based its decision, in part, on the fact that the message had not been directed to the plaintiffs. However, when the plaintiffs amended their complaint to include allegations of ostracism and retaliatory treatment in the aftermath of the incident, the court held that their claims could proceed to trial.
5) Blaber v. University of Victoria, 123 D.L.R.4th 255 (B.C. S.C. 1995). Robyn
Blaber, a student at the University of Victoria in British Columbia, was found to be in violation of the harassment provision of the university’s computer use policy, and various sanctions were imposed u pon him, after he posted the following “open letter” to another student on an electronic newsgroup:
Dear Miss Hardy,
Since being elected to the Board of Governors, I charge that you have done virtually nothing to benefit the student body other than to create an atmosphere of gender hatred.
22

You have not used this medium, the internet to inform we the students of UVic of any of your sundry albeit useless exploits in the realm of student politics.
I charge that you are not only incompetent as a member of the board of governors, but a waste of space on the ballot. It sickens me to think that you will use this position on your resume without explaining how inept you actually were.
Pheh!
Robyn Blaber
“And I will execute great vengeance upon them with furious rebukes, and they shall know that I am the LORD, when I shall lay my vengeance upon them.” Ezekiel 25:17
Blaber then sued the university, arguing that its actions violated Canada’s
Charter of Rights and Freedoms. The court dismissed his claim upon what appear to be primarily procedural grounds. In the course of its ruling, however, the court noted that the wording of the university’s policy “does appear to fall outside the ambit of constitutionally acceptable infringements of Charter rights”.
VII. “Negligent Publication”
A. General Principles
Newspaper, book and magazine publishers have frequently been sued for damages that allegedly result from a reader’s reliance on inaccurate, erroneous, or otherwise dangerous or
“defective” information, under a variety of product liability, negligent misrepresentation and related theories. Almost uniformly, however, these cases have been dismissed as a matter of law on the ground that a publisher is not a guarantor of accuracy and that ideas are not
“products”. For example, in Winter v. G.P. Putnam’s Sons, 938 F.2d 1033 (9th Cir. 1991), the court dismissed the claims of a group of mushroom enthusiasts who became seriously ill after eating mushrooms that they had identified from a book the defendant had published:
Although there is always some appeal to the involuntary spreading of costs of injuries in any area, the costs in any comprehensive cost/benefit analysis would be quite different were strict liability concepts applied to words and ideas. We place a high priority on the unfettered exchange of ideas. We accept the risk that words and ideas have wings we cannot clip and which carry them we know not where. The threat of liability without fault . . . could seriously inhibit those who wish to share thoughts and theories . . . .
. . . Guided by the First Amendment and the values embodied therein, we decline to extend liability under [a products liability or negligence] theory to the ideas and expression contained in a book.
. . . We conclude that the defendants have no duty to investigate the accuracy of the contents of the books it publishes.
23

Id. at 1035-37. See also Way v. Boy Scouts of America, 856 S.W.2d 230 (Tex. App. 1993)
( Boys’ Life feature on shooting sports, which allegedly resulted in death of plaintiff’s son, was not a “dangerous product” for purposes of products liability claim); Gutter v. Dow Jones, Inc.,
490 N.E.2d 898, syll. (Ohio 1986) (“A complaint alleging that a newspaper reader or subscriber relied to his detriment in making securities investments based on a negligent and inaccurate report in a newspaper does not state a cause of action in tort against the newspaper’s publisher for ‘negligent misrepresentation.’”).
In a few rare instances involving egregious circumstances, courts have imposed such liabilities. Thus, for example, one case awarded damages against Soldier of Fortune magazine on the basis of an advertisement that it had carried for a contract killer. Even then, however, the court imposed strict limitations on the scope of liability:
[W]e conclude that the First Amendment permits a state to impose upon a publisher liability for compensatory damages for negligently publishing a commercial advertisement where the ad on its face, and without the need for investigation, makes it apparent that there is a substantial danger of harm to the public. The absence of a duty requiring publishers to investigate the advertisements they print and the requirement that the substance of the ad itself must warn the publisher of a substantial danger of harm to the public guarantee that the burden placed on publishers will not impermissibly chill protected commercial speech.
Braun v. Soldier of Fortune Magazine, Inc., 968 F.2d 1110, 1119 (11th Cir. 1992) (footnote omitted), cert. denied, 506 U.S. 1071 (1993). See also Rice v. Paladin Enterprises, Inc., 128
F.3d 233 (4th Cir. 1997), cert. denied, 118 S. Ct. 1515 (1998) (publisher of a "hit man" manual, which knew and intended that the manual would be used to commit crimes, may constitutionally be held civilly liable for aiding and abetting the wrongful death of the victims of a reader of the manual); Norwood v. Soldier of Fortune Magazine, Inc., 651 F. Supp. 1397, 1398 (W.D. Ark.
1987) (magazine not entitled to summary judgment on claim based on classified ad reading
“GUN FOR HIRE: 37 year-old professional mercenary desires jobs. . . . Discreet and very private. . . . All jobs considered.”). Cf. Eimann v. Soldier of Fortune Magazine, Inc., 880 F.2d
830, 834 (5th Cir. 1989), cert. denied, 493 U.S. 1024 (1990) (liability cannot constitutionally be imposed on basis of “facially innocuous ad”).
B. Discussion
Daniel v. Dow Jones & Co., 520 N.Y.S.2d 334 (N.Y.C. Civ. Ct. 1987), which appears to be the earliest and still one of the only reported “negligent publication” cases involving a computer communication service, 3 established that these same principles apply to the providers of such services. In that case, the plaintiff, a securities investor (and law student), subscribed to Dow Jones News/Retrieval, a service that provides a large database of financial and investment information. Based on a news item that he obtained from the service, the plaintiff invested in a Canadian corporation. When his investment soured, he sued Dow Jones, claiming that it had negligently published false and misleading information about the Canadian corporation.
3 Doe v. America Online, Inc., discussed in § III(B), above, arose out of a similar factual context, but was decided on different grounds.
24

The court granted summary judgment to Dow Jones, holding as a matter of law “that a news service is not liable to its readers for negligent false statements.” Id. at 336. The fact that the service was online, the court held, made no difference:
There is no functional difference between defendant’s service and the distribution of a moderate circulation newspaper or subscription newsletter. The instantaneous, interactive, computeriz ed delivery of defendant’s service does not alter the facts . . . .
. . . A free press must operate without the imposition of such “intolerable burdens” on reporting. The First Amendment guarantees that society will be able to receive news limited, if at all, only by the most carefully imposed, narrowly constructed, finely drawn, restraints . . . .
Id. at 337-39.
While Dow Jones apparently had acted essentially as a publisher, selecting and in some cases creating the information that it presented through its service, another case, Brian T. v.
Pacific Bell, 258 Cal. Rptr. 707 (App. 1989), review denied, 1989 Cal. LEXIS 4189, suggests that computer communication service providers that act primarily as distributors or conduits may have an additional protection against negligent publication claims. The case involved a 12year-old boy who called a dial-a-porn service from a church telephone and listened for 2 1/2 hours. Two weeks later, he forced a four-year-old girl to perform oral sex on him. Their parents sued both the service and the telephone company through which the service operated, claiming that they had negligently incited the act.
Pacific Bell, the defendant telephone company, had previously attempted to obtain regulatory permission to disconnect such services, but had been unsuccessful. Under its existing tariff with the California Public Utilities Commission, it therefore had no choice but to carry the service. On that basis, the court dismissed the claim against Pacific Bell, holding, in effect, that it was immune from suit as a common carrier. To the extent that college and university Internet providers act essentially as common carriers and conduits or otherwise lack knowledge of content — as, for example, with many newsgroup, e-mail and conferencing systems — they, too, are arguably protected from such claims under a similar rationale.
The rationale of the Soldier of Fortune line of cases is, however, still viable in cyberspace. In Planned Parenthood v. American Coalition of Life Activists, 41 F. Supp. 2d
1130 (D. Ore. 1999), for example, the court considered the “Nuremberg Files Internet Project”, which involved the posting to the Internet of the names, pictures, home addresses, and other personal information of abortion clinic owners and employees, abortion rights supporters, and law enforcement officials, judges, and politicians, along with other information suggesting that they were “wanted”. Moreover, the names of those persons who had been killed in attacks on abortion clinics were crossed out, and the names of those wounded were shaded in gray. The court found that the site crossed the line from political advocacy to a “true threat” to kill and enjoined its continuation on that basis.
VIII. Jurisdictional Issues
United States v. Thomas
(discussed in § V(B), above), in which a California bulletin board operator was convicted on obscenity charges in Tennessee, raises a perplexing and potentially dangerous question for Internet service providers and users: where, for jurisdictional
25

purposes, is cyberspace located? To whose laws are the providers and users subject? Once connected to the Internet — or merely to a telephone line — a service provider’s system will generally be available to anyone with a computer and a modem anywhere on the globe.
Moreover, the provider will often have little, if any, effective control over who obtains access to its system, and a user may similarly have little, if any, effective control over who views his or her communication. Are Internet service providers and users subject to suit in every jurisdiction in the world, on that basis alone?
A. Jurisdiction Within the United States
1. Adjudicatory Jurisdiction
Within the United States, personal jurisdiction for purposes of litigation is largely a question of “fundamental fairness” under the Due Process Clause. A defendant cannot constitutionally be sued unless it has sufficient “minimum contacts” with the forum state such that “he should reasonably anticipate being haled into court there”. World-Wide Volkswagen
Corp. v. Woodson, 444 U.S. 286, 297 (1980).
Physical contacts with the forum state are important, but are not an absolute prerequisite to the valid assertion of jurisdiction:
Jurisdiction . . . may not be avoided merely because the defendant did not physically enter the forum State. Although territorial presence frequently will enhance a potential defendant’s affiliation with a State and reinforce the reasonable foreseeability of suit there, it is an inescapable fact of modern commercial life that a substantial amount of business is transacted solely by mail and wire communications across state lines, thus obviating the need for physical presence within a State in which business is conducted. So long as a commercial actor’s efforts are “purposefully directed” toward residents of another
State, we have consistently rejected the notion that an absence of physical contacts can defeat personal jurisdiction there.
Burger King Corp. v. Rudzewicz, 471 U.S. 462, 476 (1985) (emphasis in original).
By itself, “[t]he mere act of transmitting information through the use of interstate communication facilities is not . . . sufficient to establish [general] jurisdiction over the sender.”
California Software, Inc. v. Reliability Research, Inc., 631 F. Supp. 1356, 1360 (C.D. Cal. 1986).
For purposes of specific jurisdiction, however, electronic contacts may be sufficient if they are
“purposefully directed” into the forum state and have a significant connection to the relevant litigation. Thus, in one such case, the Associated Press was found to be subject to Mississippi jurisdiction for purposes of a libel claim when it “beamed its erroneous report into Mississippi only, for the purpose of disseminating it in the logically relevant market”. Edwards v.
Associated Press, 512 F.2d 258, 262 (5th Cir. 1975). See also Brown v. Flowers Industries,
Inc., 688 F.2d 328 (5th Cir. 1982), cert. denied, 460 U.S. 1023 (1983) (jurisdiction was appropriate when defendant made the statements on which the suit was based in a phone call into the forum state); Pegler v. Sullivan, 432 P.2d 593, 597 (Ariz. Ct. App. 1967) (Ed Sullivan subject to jurisdiction in Arizona for purposes of an invasion of privacy suit based on his television show; nationwide broadcast was “voluntary, purposeful, reasonably foreseeable and calculated to have an effect in Arizona”); United Medical Laboratories v. Columbia Broadcasting
System, Inc., 256 F. Supp. 570 (D. Ore. 1966) (Oregon court had personal jurisdiction over
CBS and Walter Cronkite for purposes of a defamation lawsuit based on a national news
26

broadcast). See generally Keeton v. Hustler Magazine, Inc., 465 U.S. 770 (1984) (jurisdiction over libel suit was validly founded on defendant’s regular circulation of 10,000 to 15,000 copies of its magazine into the forum state).
Under these principles, most large, commercial Internet service providers, which typically advertise nationwide; have numerous subscribers in every state; and often have sales or other personnel and telecommunications equipment located throughout the country, will likely be subject to nationwide personal jurisdiction for claims based on the information that they actively distribute. In California Software, Inc. v. Reliability Research, Inc., for example, a
Nevada software manufacturer that operated a nationwide bulletin board service was held subject to California jurisdiction in part on the ground that allegedly defamatory messages it had posted to its service were available to its subscribers in California:
Through the use of computers, corporations can now transact business and communicate with individuals in several states simultaneously. Unlike communication by mail or telephone, messages sent through computers are available to the recipient and anyone else who may be watching. Thus, while modern technology has made nationwide commercial transactions simpler and more feasible, even for small businesses, it must broaden correspondingly the permissible scope of jurisdiction exercisable by the courts.
631 F. Supp. at 1363.
College and university Internet providers, however, arguably should not be subject to such general, nationwide jurisdiction. Such providers typically operate from a single system in a single state, do not have “subscribers” in other states, and, for the most part, do not actively disseminate the information that is posted on their systems to other states. Rather, they simply make those systems passively available to those who choose to come and browse. Just as a local newspaper would not be subject to jurisdiction in a state to which a purchaser happened to take a copy, cf. World-Wide Volkswagen, 444 U.S. at 295-98 (New York car dealer was not subject to jurisdiction in Oklahoma merely because a customer foreseeably drove a car there; a
“seller of chattels [does not] in effect appoint the chattel his agent for service of process”), a college or university Internet provider should not be required to subject itself to a different jurisdiction every time its computer receives a “hit” from out of state.
A line of libel cases based on interstate telephone interviews offers considerable support for this proposition. For example, in Ticketmaster-New York v. Alioto, 26 F.3d 201 (lst Cir.
1994), a reporter for the Boston Globe called Joseph Alioto, a California attorney, for an interview about a case involving an affiliate of the plaintiff. When the paper subsequently published an article in Massachusetts quoting Alioto, the plaintiff attempted to sue him there for libel. The court dismissed the suit for lack of personal jurisdictio n: “It hardly seems fair, on the strength of a single remark uttered in the course of a single unsolicited telephone call from a
Massachusetts-based journalist, to compel a California resident to defend a tort suit in a court
3000 miles away.” Id. at 212.
Similarly, in Madara v. Hall, 916 F.2d 1510 (11th Cir. 1990), a California reporter for
Music Connection magazine called singer Daryl Hall in New York for an interview in which Hall discussed the plaintiff. A small number of copies of the issue in which Hall was quoted were distributed in Florida, where the plaintiff (a California resident) then sued. Relying on
World-Wide Volkswagen, the district court dismissed the case, and the court of appeals affirmed: “Simply giving an interview to a reporter is not enough to cause Hall to anticipate being haled into court in Florida.” 916 F.2d at 1519. See also Wilson v. Belin, 20 F.3d 644,
27

649 (5th Cir.), cert. denied , 513 U.S. 930 (1994) (Defendants “took no planned action to inject themselves or their opinions into the Texas forum. Each simply received one unsolicited phone call from Texas.”); McBreen v. Beech Aircraft Corp., 543 F.2d 26, 30 (7th Cir. 1976)
(Interviewee “was not, in the ordinary course of his affairs, deliberately placing his statements into t he ‘stream of commerce’ so that we would be justified in presuming that he had purposefully availed himself of the benefits and protections afforded by Illinois law.”); McDonald v. St. Joseph’s Hospital of Atlanta, Inc., 574 F. Supp. 123 (N.D. Ga. 1983) (Defendant doctor, a
Tennessee resident, was called several times from Georgia for consultation; “the court cannot conclude that the quality and nature of [his] contacts are such that he purposefully availed himself of the benefits and protections of Georgia law or that [he] should have reasonably foreseen being haled into court in Georgia.”).
Additionally, several cases have held that the users of Internet-like computer communication services are not subject to jurisdiction in the provider’s state on the basis of their electronic contacts alone, because those contacts are ordinarily casual and often made without knowledge of exactly where the provider is located. In Pres-Kap v. System One, Direct
Access, Inc., 636 So. 2d 1351 (Fla. App.), review denied, 645 So. 2d 455 (Fla. 1994), for example, the court dismissed an action against an out-of-state travel agency that used the plaintiff’s computer reservation database extensively: “There is no showing on this record that the defendant was even aware of the exact electronic location of the subject computer database, as this clearly would have been of little importance to it.” Id. at 1353. See also
CompuServe Incorporated v. Patterson, 1994 U.S. Dist. LEXIS 20352 at *20 (S.D. Ohio), reconsideration denied, 1995 U.S. Dist. LEXIS 7530 (S.D. Ohio), rev’d on other grounds, 89
F.3d 1257 (6th Cir. 1996), reh'g en banc denied , 1996 U.S. App. LEXIS 24796 (6th Cir.) (“If this were simply a suit brought by CompuServe to collect a small amount of user fees from a
Texas resident who, while seated at his computer terminal, became a member of the
CompuServe network, the Court would have a very difficult time concluding that the exercise of jurisdiction over that customer in the State of Ohio was proper.”). But cf. CompuServe
Incorporated v. Trionfo, 91 Ohio App. 3d 157 (1993) (discussing standards for personal jurisdiction over out of-state user; on remand, trial court found that such jurisdiction existed).
By the same reasoning, college and university Internet providers should not be subject to jurisdiction in every state from which their services are accessed. They, too, generally have no knowledge of where the user lives, and they cannot easily prevent calls from a specific jurisdiction in which they would prefer not to “do business”. See World-Wide Volkswagen, 444
U.S. at 29798 (“The Due Process Clause, by ensuring the ‘orderly administration of the laws,’ gives a degree of predictability to the legal system that allows potential defendants to structure their primary conduct with some minimum assurance as to where that conduct will and will not render them liable to suit. . .
. [T]he mere ‘unilateral activity of those who claim some relationship with a nonresident defendant cannot satisfy the requirement of contact with the forum State.’”) (citations omitted).
The Thomas case, discussed in § V(B), above, is arguably consistent with this theory.
(Technically, Thomas involved venue under a federal obscenity statute, not personal jurisdiction under the “minimum contacts” test, but the analysis is similar.) In holding that venue was appropriate in Tennessee, even though the defendants’ business was in California, the court appeared to draw a distinction between private, subscription-based computer communication services and “open” services such as the Internet:
This is not a situation where the bulletin board operator had no knowledge or control over the jurisdictions where materials were distributed for downloading or printing. Access to the Defendants’ [bulletin board system] was limited.
28

Membership was necessary and applications were submitted and screened before passwords were issued and materials were distributed. Thus, Defendants had in place methods to limit user access in jurisdictions where the risk of a finding of obscenity was greater than that in California. They knew they had a member in Memphis; the member’s address and local phone number were provided on his application form. If Defendants did not wish to subject themselves to liability in jurisdictions with less tolerant standards for determining obscenity, they could have refused to give passwords to members in those districts, thus precluding the risk of liability.
United States v. Thomas, 74 F.3d 701, 711, reh’g en banc denied, 1996 U.S. App. LEXIS 4529
(6th Cir.), cert. denied, 117 S. Ct. 74 (1996). However, while web pages and other Internet materials generally are available to anyone with an Internet connection, they can theoretically be restricted to authorized users or subscribers. Thus, while the first sentence of the above quotation offers college and university Internet providers some comfort, the last sentence could be read to require them to employ such restrictions if they wish to avoid nationwide jurisdiction.
Subsequent cases have struggled to resolve the specific jurisdictional implications of web sites. In Bensusan Restaurant Corp. v. King, 937 F. Supp. 295 (S.D.N.Y. 1996), aff'd, 126
F.3d 25 (2d Cir. 1997), for example, the New York-based owner of the Blue Note jazz club brought a trademark infringement action, in New York, against the Missouri-based owner of another, unrelated Blue Note club. The sole jurisdictional allegation was that the defendant had established a web site in Missouri on which it promoted its club and that was available to New
York residents. The court held that fact to be insufficient to support New York jurisdiction:
King has done nothing to purposefully avail himself of the benefits of New York.
King, like numerous others, simply created a Web site and permitted anyone who could find it to access it. Creating a site, like placing a product into the stream of commerce, may be felt nationwide — or even worldwide — but, without more, it is not an act purposefully directed toward the forum state. There are no allegations that King actively sought to encourage New Yorkers to access his site, or that he conducted any business — let alone a continuous and systematic part of its business — in New York. There is in fact no suggestion that King has any presence of any kind in New York other than the Web site that can be accessed worldwide. Bensusan’s argument that King should have foreseen that users could access the site in New York and be confused as to the relationship of the two Blue Note clubs is insufficient to satisfy due process.
937 F. Supp. at 301 (citations omitted).
By contrast, however, the court in Maritz, Inc. v. CyberGold, Inc., 947 F. Supp. 1328
(E.D. Mo. 1996), found jurisdiction to exist on nearly identical facts:
Although CyberGold characterizes its activi ty as merely maintaining a “passive website,” its intent is to reach all internet users, regardless of geographic location. Defendant’s characterization of its activity as passive is not completely accurate. . . . Through its website, CyberGold has consciously decided to transmit advertising information to all internet users, knowing that such information will be transmitted globally. Thus, CyberGold’s contacts are of such a quality and nature, albeit a very new quality and nature for personal jurisdiction jurisprudence, that they favor the exercise of personal jurisdiction over defendant.
29

Id. at 1333.
As more and more such cases are being decided, the courts are beginning to delineate a clearer set of jurisdictional principles. One recent case summarized the current state of the law as follows:
The Internet makes it possible to conduct business throughout the world entirely from a desktop. With this global revolution looming on the horizon, the development of the law concerning the permissible scope of personal jurisdiction based on Internet use is in its infant stages. The cases are scant. Nevertheless, our review of the available cases and materials reveals that the likelihood that personal jurisdiction can be constitutionally exercised is directly proportionate to the nature and quality of commercial activity that an entity conducts over the
Internet. This sliding scale is consistent with well developed personal jurisdiction principles. At one end of the spectrum are situations where a defendant clearly does business over the Internet. If the defendant enters into contracts with residents of a foreign jurisdiction that involve the knowing and repeated transmission of computer files over the Internet, personal jurisdiction is proper.
At the opposite end are situations where a defendant has simply posted information on an Internet Web site which is accessible to users in foreign jurisdictions. A passive Web site that does little more than make information available to those who are interested in it is not grounds for the exercise [of] personal jurisdiction. The middle ground is occupied by interactive Web sites where a user can exchange information with the host computer. In these cases, the exercise of jurisdiction is determined by examining the level of interactivity and commercial nature of the exchange of information that occurs on the Web site.
Zippo Mfg. Co. v. Zippo Dot Com, Inc., 952 F. Supp. 1119, 1123-24 (W.D. Pa. 1997) (footnote and citations omitted). See also Cybersell, Inc. v. Cybersell, Inc., 130 F.3d 414 (9th Cir. 1997).
Even if a defendant’s electronic contacts with a state would be sufficient for purposes of due process, the assertion of jurisdiction may nevertheless be inappropriate under the state’s long-arm statute. In Tavoulareas v. Comnas, 720 F.2d 192 (D.C. Cir. 1983), for example, thenJudge Scalia held that the defendant’s allegedly defamatory telephone calls into the
District of Columbia were not an act “in” the District, as required by its statute. Judge Scalia noted tha t the court had previously “rejected the contention that [such] calls amounted to tortious acts in the District of Columbia, concluding that ‘[u]nless we wish to delve into a magical mystery tour of “projecting presences,” we must find that no jurisdiction can be afforded by virtue of’” the statute. Id. at 194 (citation omitted). See also Dietrich v. Wisconsin Patients
Compensation Fund, 485 N.W.2d 614, 618 (Wis. App.), review denied, 491 N.W.2d 766 (Wis.
1992) (“[T]elephone calls received by a defendant do not, standing alone, constitute contact with Wisconsin sufficient to establish a basis for personal jurisdiction” under the relevant statute.); Wheeler v. Teufel , 443 N.W.2d 555, 557 (Minn. App. 1989) (“In Minnesota, telephone conversations and mail exchanges alone have generally not been found sufficient for the assertion of personal jurisdiction” under the state’s long-arm statute.).
2. Regulatory Jurisdiction
The existence of personal jurisdiction over an Internet service provider or user for litigation purposes does not necessarily render the provider or user subject to state regulation
30

for all purposes. In Quill Corp. v. North Dakota, 504 U.S. 298 (1992), for example, the
Supreme Court held that a state cannot compel an out-of-state mail-order seller to collect use tax on sales to residents of the state. The Court acknowledged that the seller’s “deluge of catalogs” and numerous sales within the state would be sufficient for purposes of personal jurisdiction, but nevertheless held that the Commerce Clause prohibited the state from imposing a collection requirement, because it created an undue burden on interstate commerce. Id. at
313.
Similar arguments could protect Internet service providers and users from overzealous attempts to regulate them from across state lines. In American Library Ass'n v. Pataki, 969 F.
Supp. 160 (S.D.N.Y. 1997), for example, the court used just such a rationale to strike down
New York’s “mini-CDA,” which purported to apply to communications occurring partly or even entirely between persons outside of New York:
[S]tate regulation of those aspects of commerce that by their unique nature demand cohesive national treatment is offensive to the Commerce Clause. . . .
. . . [T]he Internet is one of those areas of commerce that must be marked off as a national preserve to protect users from inconsistent legislation that, taken to its most extreme, could paralyze development of the Internet altogether. Thus, the Commerce Clause ordains that only Congress can legislate in this area, subject, of course, to whatever limitations other provisions of the Constitution (such as the First Amendment) may require.
Id. at 169. See also Cyberspace Communications, Inc. v. Engler, 55 F. Supp. 2d 737 (E.D.
Mich. 1999) (Michigan statute prohibiting online dissemination of material that is “harmful to minors” held unconstitutional, in part on Commerce Clause grounds); ACLU v. Johnson, 4 F.
Supp. 2d 1029 (D.N.M. 1998), aff’d, 194 F.3d 1149 (10th Cir. 1999) (New Mexico statute prohibiting online dissem ination of material that is “harmful to minors” held unconstitutional, in part on Commerce Clause grounds); People v. Barrows, 677 N.Y.S.2d 672 (N.Y. Sup. Ct. 1998)
(New York statute prohibiting transmission to minors of material that is “harmful to minors” held unconstitutional, in part on Commerce Clause grounds).
B. International Jurisdiction
More troubling than the prospect of nationwide jurisdiction is that of international jurisdiction. While nationwide jurisdiction within the United States may prove inconvenient, the relevant law generally does not vary significantly from state to state. In the international arena, however, the law can be dramatically different and often offers substantially less protection to information distributors. For example, libel remains a strict liability tort in the United Kingdom and many other common law countries. See, e.g., Vizetelly v. Mudie’s Select Library, Ltd.,
[1900] 2 Q.B. 170, 179 (Romer, L.J.) (“For many years it has been well settled law that a man who publishes a libel is liable to an action, although he is really innocent in the matter, and guilty of no negligence.”). See generally Bruce Sanford, Libel and Privacy, chapter 2 (2d ed.
1993). Canada recently made it a crime to “communicate statements” that “wilfully promote hatred against any identifiable group,” see R. v. Keegstra, 61 C.C.C.3d 1 (Can. S.C. 1990), and broadly extended its obscenity statutes to any materials that “unduly exploit sex,” see R. v.
Butler, 89 D.L.R.4th 449 (1993).
While it is impossible to catalog the jurisdictional rules of every country from which U.S.
Internet services can be accessed, two Canadian cases point out the dangers. In Pindling v.
31

National Broadcasting Corp., 49 O.R.2d 58 (1984), and Jenner v. Sun Oil Co., [1952] O.R. 240,
Ontario courts exercised jurisdiction over American broadcasters whose allegedly defamatory broadcasts could be heard and seen in Canada. In Pindling, the court specifically noted that
“[t]he real advantage to the plaintiff [the Prime Minister of the Bahamas] in bringing the action in
Ontario is that it is not necessary to establish ‘actual malice,’” but nevertheless declined to dismiss the case. 49 O.R.2d at 65.
If an Internet service provider or user lacks significant assets abroad (which typically will be the case for colleges and universities), the prospect of defending international litigation may be somewhat less threatening. American courts may refuse to enforce foreign judgments if the forum nation’s law does not offer sufficient protections to the free flow of information. In
Bachchan v. India Abroad Publications, Inc., 585 N.Y.S.2d 661 (Sup. Ct. 1992), for example, an
Indian national won a libel judgment in England against a New York company, on the basis of an article that the company published in India, and sought to enforce the judgment in New York.
The New York court refused to do so, holding that “[t]he protection to free speech and the press embodied in [the First Amendment] would be seriously jeopardized by the entry of foreign libel judgments granted pursuant to standards deemed appropriate in England but considered antithetical to the protections afforded the press by the U.S. Constitution.” Id. at 665. See also
Matusevitch v. Telnikoff , 877 F. Supp. 1, 2 (D.D.C. 1995) (“Because recognition and enforcement of a foreign judgment, based on libel standards that are repugnant to the public policies of the State of Maryland and the United States, would deprive the plaintiff of his First and Fourteenth Amendment rights, the court grants summary judgment for the plaintiff as a matter of law.”).
Of course, jurisdictional rules that seem troubling when applied to U.S.-based defendants by foreign courts may prove useful when applied in reverse. For example, in
Playboy Enterprises, Inc. v. Chuckleberry Publishing, Inc., 939 F. Supp. 1032, reconsideration denied, 1996 U.S. Dist. LEXIS 9865 (S.D.N.Y.), the defendant was the Italian publisher of
“Playmen”, a “male sophisticate magazine” with its own web site. Id. at 1033. Although the web site was physically located in Italy, it was available throughout the world, including the
United States. When Playboy filed a trademark infringement claim in a U.S. court, the court found infringement and readily granted an injunction requiring the defendan t to “either shut down [its web site] completely or prohibit United States users from accessing the site in the future”. Id. at 1044. But cf. Weber v. Jolly Hotels, Inc., 977 F. Supp. 327, 334 (D.N.J. 1997)
("exercising jurisdiction over a [foreign] defendant who merely advertises its services or product on the Internet would violate the Due Process Clause"). Given the dramatic growth of the
Internet and its borderless nature, such international conflicts are likely to arise with increasing frequency.
32