CYBERTORTS AND LEGAL LAG: AN EMPIRICAL
ANALYSIS†
MICHAEL L. RUSTAD♦ & THOMAS H. KOENIG*
INTRODUCTION
Sixty-eight years ago, in 1936, a Duke University law student
published an article summarizing the path of automobile liability law.1 He
observed that in 1905 all of American automobile case law could be
contained within a four-page law review article, but three decades later, a
“comprehensive, detailed treatment [of automobile law] would call for an
encyclopedia.”2 That law student was Richard M. Nixon,3 who would later
become President of the United States. His conclusion was that courts
were mechanically extending “horse and buggy law” to this new mode of
transportation in most doctrinal areas.4 However, some judges were
creatively crafting new doctrine in certain subfields of automobile accident
law by “stretch[ing] the legal formulas at their command in order to reach
desired results.”5 Nixon's observation that courts were developing new
rights and remedies to adjust to an emerging technology applies equally
well to the contemporary age of the Internet. Just as in Nixon’s day, the
rise of a new technology requires courts to stretch traditional tort doctrines
as well as to create updated torts to keep pace with new civil wrongs.
In 1922, sociologist William Ogburn noted that the various institutions
of American society do not change at the same rate, thereby creating a
“cultural lag” when one element has not yet accommodated to
developments in another.6 Ogburn observed that with any revolutionary
†
The authors would like to thank Elise Hoffman for her assistance in compiling and analyzing the
sample of 2002 Internet jurisdiction cases. Michael J. Bauer, an Internet Security expert, provided us
with invaluable editorial assistance. Christine Chang, Molly Donohue, Patty Nagle, Karla Ota, Sandra
Paulsson, Kristin Spriano, and Chryss J. Knowles also rendered useful editorial assistance.
♦
Thomas F. Lambert, Jr., Professor of Law & Co-Director of Intellectual Property Law
Concentration, Suffolk University Law School, Boston, Massachusetts.
*
Professor and Acting Chair of Department of Sociology and Anthropology, Northeastern
University, Boston, Massachusetts.
1
Richard M. Nixon, Changing Rules of Liability in Automobile Accident Litigation, 3 LAW &
CONTEMP. PROBS. 476 (1936).
2
See id. at 476.
3
See id.
4
See id.
5
Id. at 485.
6
Professor Ogburn’s argument was that “the various parts of modern culture are not changing at
the same rate, some parts are changing much more rapidly than others; and that since there is a
correlation and interdependence of parts, a rapid change in one part of our culture requires
readjustments through other changes in the various correlated parts of culture.” SOCIAL SCIENCE
QUOTATIONS: WHO SAID WHAT, WHEN & WHERE 175 (David L. Sills & Robert K. Merton eds., 2000)
77
78
Southern California Interdisciplinary Law Journal
[Vol. 13:1
technological invention, “grave maladjustments [were] certain to result.”7
In the case of automobile law, there was a lengthy “legal lag” between the
widespread adoption of the new technology and the development of
modern products liability.8 Rigid tort rules, forged in the “horse and
buggy” era, required several decades to accommodate to the societal impact
of the automobile.9 Similarly, the rapid assimilation of the Internet in
today’s era creates maladjustments between technology and tort law.
Recent technological advances in cyberspace that impact society rapidly
outpace the courts’ ability to adjust.
Automobile law took decades to develop, whereas a substantial body of
cyberspace law has emerged at “Internet speed.” In less than a decade, the
[hereinafter SOCIAL SCIENCE QUOTATIONS] (reporting survey of American life commissioned by
President Herbert Hoover and published during Franklin Roosevelt’s presidency).
7
Id.
8
The field of products liability took form in large part through a series of groundbreaking
automobile liability cases. Judge Benjamin Cardozo, in MacPherson v. Buick Motor Co., 111 N.E.
1050 (1916), was the first judge to lay the foundation for the field of products liability when he
creatively side-stepping the harsh doctrine of privity permitting a consumer to recover for injuries
caused by a collapsed wheel on his Buick roadster. In his famous ruling, Judge Cardozo declared that
“[i]f [the manufacturer] is negligent, where danger is to be foreseen, a liability will follow.” Id. at 1053.
The citadel of privity finally collapsed in yet another automobile liability case forty-four years later.
See Henningsen v. Bloomfield Motors, 161 A.2d 69, 99-100 (1960) (finding no contractual privity for
breach of warranty in accident arising out of a malfunctioning automobile steering system). The first
one hundred-million dollar award for punitive damages was in the Ford Pinto case of Grimshaw v. Ford
Motor Co., 174 Cal. Rptr. 348, 348 (Cal. Ct. App. 1981) (remitting the $125 million punitive damages
to $3.5 million). The jurisprudence of strict liability was in large part a judicial solution to the problem
of reallocating the cost of accidents caused by defective automobiles. For example, the manufacturer’s
duty to recall or retrofit defective products was directly impacted by automobile law. See
RESTATEMENT (THIRD) OF TORTS § 11 (1998). Cf. Reed v. Ford Motor Co., 679 F. Supp. 873, 878-80
(S.D. Ind. 1988) (ruling that because the automobile was defective at the time of sale the fact of a recall
is relevant to the remedy of punitive damages or tolling the statute of limitations). See generally Barry
A. Levanson & Daryl J. Lapp, Plaintiff’s Burden of Proving Enhanced Injury in Crashworthiness
Cases: A Clash Worthy of Analysis, 38 DEPAUL L. REV. 55 (1988).
9
One unobtrusive measure of the lasting impact of automobile law is the number of topics
covered in Prosser’s treatise on tort law. The index for the Fifth Edition lists the following tort
doctrines influenced by automobile law: liability for unavoidable accidents, assured clear distance rule,
gratuitous liability of bailors, vicarious liability for bailors, compensation systems, compulsory liability
insurance, consent statutes, liability of gratuitous donors, incapacitated drivers, entrusting to unsuitable
driver, family immunity, family purpose doctrine, assumption of risk for guests (passengers), statutes,
imputed contributory negligence (bailments, consent statutes, driver and passengers, husband and wife,
joint enterprise, parent and child), joint enterprise, impact of liability insurance, no-fault plans,
vicarious liability of owners, deficiencies of the law (attorneys, delay, fees, inadequate insurance
coverage, liability only for fault, litigation, and uninsured defendants), remedies for deficiencies of law
(Columbia plan, compulsory insurance, financial responsibility laws, full aid insurance, KeetonO’Connell plan, no-fault plans, Saskatchewan plan, security responsibility laws, unsatisfied judgment
funds, voluntary schemes), and injury by thief of unlocked car. W. PAGE KEETON, PROSSER AND
KEETON ON THE LAW OF TORTS 1264-65 (5th ed. 1984).
2003]
Cybertorts and Legal Lag
79
courts have forged new rules for e-commerce patents,10 e-commerce law,11
trademark and domain name conflicts, online copyright infringement,12
jurisdiction in cyberspace, and web site liability for defamation.13 Online
shopping, gambling, music-sharing, exchanging photographs, and locating
lost high school classmates are just a few of the everyday activities that
have the potential for creating groundbreaking litigation. “Internet user
groups, bulletin boards, and web sites have constructed a new arena
wherein political and social norms are proposed, debated, and
determined.”14 The globally-networked world has created new civil
wrongs such as cyberpiracy,15 online gambling,16 pop-up advertising,17
10
No single development has spurred the growth of Internet-related patents more than State Street
Bank & Trust Co. v. Signature Financial Group, Inc., 149 F.3d 1368, 1373 (Fed. Cir. 1998) (holding that
a business method based upon mathematical algorithms was patentable). The Federal Circuit’s
validation of computer-related patents for doing business has had a profound impact on the Internet
economy. In the immediate aftermath of the July 1998 decision, there was a 45% increase in the
number of computer-related patents issued during the patent office’s fiscal year ending on September
30, 1998. John T. Aquino, Patently Permissive: USPTO Filings Up After Ruling Expands Protection for
Business and Net Software, A.B.A. J., May 1999, at 30. Since State Street Bank, the filing of so-called
Internet business method patents has skyrocketed. MICHAEL L. RUSTAD & CYRUS DAFTARY, EBUSINESS LEGAL HANDBOOK § 4.05[F] at 4-187 (2003).
11
The growth of e-commerce involves updating and adapting common law principles to the
Internet. Many states have enacted statutes governing the use of digital signatures, the e-filing of
documents, online licensing, and other e-commerce related legislation. See, e.g., CONN. GEN. STAT. §
19a-25a (1997) (adopting electronic signatures for medical records).
12
See, e.g., A & M Records, Inc. v. Napster, Inc., 239 F.3d 1004, 1014 (9th Cir. 2001) (ruling that
Napster’s enabling subscribers to download music from the Internet violates copyright holder's
exclusive publication right).
13
Online chats may seem relaxed, but a conversation in a chat room, newsgroup, or web site may
become the basis of a defamation lawsuit. A company may be liable for defamation for repeating false
rumors about individuals or entities. Messages on the Internet may be retransmitted and posted to
newsgroups by anonymous individuals, leading to costly lawsuits.
14
Julie Mertus, From Legal Transplants to Transformative Justice: Human Rights and the
Promise of Transnational Civil Society, 14 AM. U. INT’L L. REV. 1335, 1349 (1999).
15
See Panavision Int’l. v. Toeppen, 938 F. Supp. 616, 622 (C.D. Cal. 1996) (holding that
attempting to sell a domain name containing a corporation’s famous trademark was sufficient for
personal jurisdiction in a trademark infringement lawsuit).
16
In Rio Props, Inc. v. Rio Int'l Interlink, 284 F.3d 1007 (9th Cir. 2002), the plaintiff-casino
operator sued the defendant, a foreign Internet gambling business, claiming that the defendant infringed
the plaintiff’s trademark. The plaintiff served the gambling business by regular mail to its attorney and
its international courier, and by email to its Internet address. The gambling business contended that
service was insufficient and that personal jurisdiction was lacking. The Ninth Circuit held that service
of process by e-mail was adequate since the defendant evaded conventional methods of
communications.
17
See E-Commerce Legislative Update, 19 E-COMMERCE LAW & STRATEGY 10 (Dec. 2002)
(citing Six Continents Hotels Inc. v. Gator Corp., No. 1:02cv3065 (N.D. Ga. 2002) complaint filed Nov.
12, 2002, reporting action brought against Internet advertiser for popup ads).
80
Southern California Interdisciplinary Law Journal
[Vol. 13:1
cybersquatting,18
spamming,19
tarnishment
through
linking,20
21
22
cybersmearing, and dot.org hate web sites for which effective legal
remedies are only beginning to evolve.
This Article presents the first empirical study designed to discover the
degree to which courts are innovatively applying traditional tort law
principles in order to adequately address this “legal lag." Part I develops
the first comprehensive statistical portrait of a decade of cybertort cases
decided in both state and federal courts between 1992 and 2002. Our
empirical investigation finds that during this first wave of Internet
litigation, most torts have been stillborn. Intentional torts have been the
first to be adapted to cyberspace law. Part II situates the statistical data in
the larger legal landscape by sketching out a typology of cybertort cases.
We conclude that tort law continues to lag behind the technological
dilemmas created by an increasingly networked society.
I.
AN EMPIRICAL STUDY OF CYBERTORTS: 1992-2002
Have you forgotten the other side of rotten
Picking electronic cotton,
Digging digital ditches
Look out, Look out for the Crash . . . Crash . . . Crash!23
The Internet is a revolutionary medium that permits the development of
new forms of business and social interaction "as diverse as human
thought."24 In the past decade, the Internet has grown from an infant
technology to occupy a central place in the American economy. The seamy
side of the Internet is that this exciting new forum for informal
communication and commercial interchange is also an instrumentality for
many new civil wrongs. Misappropriated data packets do not report to
18
The Anticybersquatting Consumer Protection Act, 15 U.S.C. § 1125(d) (1999), was intended to
prevent "cybersquatting," which refers to the bad faith, abusive registration, and use of the distinctive
trademarks of others as Internet domain names, with the intent to profit from the goodwill associated
with those trademarks.
19
In Cyber Promotions, Inc. v. America Online, Inc., 948 F. Supp. 436, 447 (E.D. Pa. 1996), the
court ruled that a private company did not have a First Amendment right to send massive amounts of
unsolicited, commercial e-mail to Internet subscribers.
20
See Archdiocese of St. Louis v. Internet Entertainment Group, Inc., 34 F. Supp. 2d 1145, 1145
(E.D. Mo. 1999) (enjoining adult entertainment site from using plaintiffs’ trademarks as its Internet
domain name).
21
See Roger M. Rosen & Charles B. Rosenberg, Suing Anonymous Defendants for Internet
Defamation, 19 THE COMPUTER & INTERNET LAWYER 9 (2002) (defining cybersmearing as anonymous
or pseudo-anonymous defamation on the Internet). See also Thomas G. Ciarlone, Cybersmear May Be
Coming to a Web Site Near You, 70 DEF. COUNS. J. 51 (Jan. 3, 2003) (reviewing the law of online
defamation).
22
See generally Sally Greenberg, Threats, Harassment, & Hate On-Line: Recent Developments, 6
B.U. PUB. INT. L.J. 673 (1997).
23
Public Enemy, Crash, on There’ s a Poison Goin’ On (Atomic Pop 1999).
24
Reno v. ACLU, 521 U.S. 844, 852 (1997).
2003]
Cybertorts and Legal Lag
81
customs when they cross national borders on the virtual highway; routers
do not pause to consider whether non-disclosure agreements are being
breached. The Internet provides a venue for new types of sexual
harassment and for vicious hate crimes. This empirical study of cybertorts
demonstrates Ogburn’s thesis of cultural lag applies equally well to the
Internet.
A.
BIRTH OF INTERNET LITIGATION
The Internet, which began as the U.S. Defense Department’s
ARPANET, was designed to link computer networks to various radio and
satellite networks.25 The first judicial opinion to mention the Internet was
United States v. Morris.26 The defendant in Morris was a graduate student
who had released an Internet worm that paralyzed thousands of university
and military computers throughout the United States.27 In the same year,
Robert Riggs was prosecuted for gaining unauthorized access to a Bell
South computer and misappropriating proprietary information about the
telephone company’s 911 system. He subsequently published this
confidential data in a hacker newsletter.28
It was not until 1994 that any plaintiff prevailed in an Internet tort case.
In a controversial decision, an anthropologist was denied tenure at the
A rival
University of West Australia in Rindos v. Hardwick.29
anthropologist, Hardwick, posted a statement supporting the university’s
decision and accusing Rindos of sexual deviance and of research
detrimental to the aboriginal people of Australia.30 Although an Australian
court assessed this first damages award in an Internet tort case, the vast
majority of subsequent cybertorts have been litigated in America. During
the past decade, American tort law is beginning to evolve to address online
injuries such as Internet defamation, e-mail stalking, spamming, and
trespassing on web sites.
This article will empirically examine and evaluate the first decade of
cybertort cases decided in state and federal courts in order to explore how
courts are reshaping tort law. This study explores the type of relief granted,
party characteristics, size of awards, role of jury, post-verdict history,
location of awards, and post-verdict disposition in cybertort litigation. A
close analysis of the first decade of American Internet tort cases will
25
See
Michael
Hauben,
History
of
ARPANET,
available
at
http://www.dei.isep.ipp.pt/docs/arpa.html (last visited Nov. 2, 2003).
26
928 F.2d 504 (2d Cir. 1991) (upholding defendant’s conviction under the Computer Fraud and
Abuse Act, 18 U.S.C. § 1030 (1984)).
27
See id. at 505.
28
See U.S. v. Riggs, 743 F. Supp. 556, 558, 562 (N.D. Ill. 1990) (upholding the hacker’s wire
fraud indictment).
29
940164
(Sup.
Ct.
W.
Austl.
March
31,
1994)
available
at
http://www.law.auckland.ac.nz/research/cases/Rindos.html (last visited Nov. 2, 2003) (unreported
judgment) (on file with authors).
30
Id.
82
Southern California Interdisciplinary Law Journal
[Vol. 13:1
provide academics, policymakers, and jurists with the first available
empirical examination of Internet law-in-action.
B.
SAMPLE SELECTION
Our nationwide database of Internet-related litigation allows the first
systematic audit of the emergent role of tort law. The research universe
consists of all cybertort cases decided in state and federal courts during the
decade of rapid expansion of the Internet following the development of the
World Wide Web.31 No previous study has attempted to trace the path of
Internet tort law in its formative stage.
The Internet law cases were drawn from a variety of published and
unpublished court opinions and orders in the decade from 1992-2002. For
each plaintiff's victory, background information and data were compiled on
the factual foundation that led to the litigation as well as the nature of the
injury. The empirical investigation includes all cases in which a state or
federal court entered an order for either equitable or legal remedies in an
Internet-related case. Caseload characteristics, such as the year the case
was decided, the state or jurisdiction, federal or state court, role of the
judge or jury, plaintiff type, defendant characteristics, the factual setting for
the dispute as well as other variables were collected.
In prior empirical studies of tort cases in traditional fields such as
products liability32 and medical malpractice,33 researchers have examined
the number, size, and post-trial adjustments of verdicts.34 However, the
unique nature of cyberspace litigation calls for a more comprehensive
methodology. Cases in which the plaintiffs received only prospective
relief, such as temporary or permanent injunctions, are included in this
sample along with verdicts. An analysis consisting exclusively of monetary
awards would provide a myopic view of cybertort remedies. Prospective
relief in the form of a preliminary injunction is far more important in the
bytes world than in the bricks and mortar world.
While injunctions are typically reserved for land-use and business tort
cases in “real-space” torts, injunctive or other equitable relief is frequently
31
See Ben Segal, A Short History of Internet Protocols at CERN (Apr. 1995) at
http://wwwinfo.cern.ch/pdp/ns/ben/TCPHIST.html (last visited Sept. 7, 2003). Berners-Lee’s invention
of the World Wide Web in 1989 transformed the Internet from a research tool to an information
technology, which is central to the American economy and to popular culture.
32
See Michael L. Rustad, In Defense of Punitive Damages in Products Liability: Testing Tort
Anecdotes with Empirical Data, 78 IOWA L. REV. 1, 32-36 (1992) [hereinafter In Defense of Punitive
Damages in Products Liability]. See also Thomas H. Koenig & Michael L. Rustad, His and Her Tort
Reform: Gender Injustice in Disguise, 70 WASH. L. REV. 1 (1995) [hereinafter Gender Injustice].
33
See Michael L. Rustad & Thomas H. Koenig, Reconceptualizing Punitive Damages in Medical
Malpractice: Targeting Amoral Corporations, Not “Moral Monsters”, 47 RUTGERS L. REV. 975, 99394 (1995) [hereinafter Reconceptualizing Punitive Damages in Medical Malpractice].
34
See generally Michael L. Rustad, Unraveling Punitive Damages: Current Data and Further
Inquiry, WIS. L. REV. 15 (1998) (summarizing existing empirical research on the remedy of punitive
damages) [hereinafter Unraveling Punitive Damages].
2003]
Cybertorts and Legal Lag
83
the remedy of choice in cybertort cases.35 The goal of many corporate
plaintiffs in Internet cases is to freeze the status quo rather than to obtain
monetary damages. The first plaintiff’s victory in a United States cybertort
case illustrates the importance of prospective relief in Internet litigation. In
Concentric Networks v. Cyber Promotions, Inc.,36 the court enjoined a
commercial e-mailer from transmitting millions of e-mail messages to an
Internet Service Provider’s (“ISP”) customers. The goal of the ISP was to
halt the flood of spam e-mail rather than to collect monetary damages. This
unique feature of cybertorts requires a close analysis of the role of
equitable remedies, not just money damages.
C.
CODING THE CASES
The selection of the cases used in this study required a careful analysis
of the underlying factual circumstances to determine which were truly
cybertort causes of action. The term “Internet” appeared in 1,559 state and
federal opinions issued in 2002, but only a small percentage of these cases
are included in our sample because the role of the Internet was only
tangentially related to the litigation.37 For example, a case in which two
swindlers coordinated their non-Internet-related misdeed through e-mail
messages was excluded in this sample because the gravamen of this action
was not centered on the Internet.38 However, if the nefarious plot had
involved recruiting victims through misleading spam e-mails, the resulting
case would have been classified as Internet-related. This cybertort study
excluded Internet-related small claims actions because there is no reliable
reporting service.39
Since no international, federal or state agency systematically collects
data on Internet-related cases, all available published and unpublished data
sources were searched.
The following sources were exhaustively
examined: (1) trial verdict reporters,40 (2) LEXIS & Westlaw’s federal and
35
See, e.g., Internet America v. Massey, No. 96-10955C (Dallas County Dist. Ct. (Tex.) Oct. 14,
1996) (entering temporary restraining order against defendant for online harassment and defamatory
postings) (on file with authors).
36
See Concentric Networks v. Cyber Promotions Inc., No C-96 20829 (N.D. Cal. Nov. 4, 1996)
(entering into a settlement after injunction was issued prohibited commercial e-mailer from using or
disrupting ISP’s service) (on file with authors).
37
For example, in Kootenai Tribe of Idaho v. Veneman, 313 F. 3d 1094 (9th Cir. 2002), the court
reviewed the United States Forest Service’s “Roadless Area Conservation Rule.” The court’s reference
to the Forest Service’s posting of the rule on its web site is not sufficient to qualify the case for our
cyberspace litigation study.
38
Black’s Law Dictionary defines the gravamen as “the substantial point or essence of a claim,
grievance, or complaint.” BLACK’S LAW DICTIONARY 708 (7th ed. 1999).
39
In the state of Washington, for example, there are newspaper reports of small claims courts
ordering commercial e-mailers to compensate consumers. However, the complete absence of written
opinions or other records makes it impossible to determine what role these informal tribunals play in the
overall Internet litigation landscape.
40
LEXIS’ Combined Jury Verdicts and Settlements database reports verdicts from Alaska,
Alabama, Arizona, Arkansas, California, Connecticut, District of Columbia, Florida, Georgia, Idaho,
Indiana, Kentucky, Louisiana, Maine, Maryland, Massachusetts, New Jersey, New York, Ohio, Oregon,
Pennsylvania, Rhode Island, Tennessee, Texas, Utah, and Vermont. Most state verdict reporters cover
84
Southern California Interdisciplinary Law Journal
[Vol. 13:1
state databases and news services,41 (3) cyberspace research libraries of law
firms,42 (4) national, regional, and local verdict reporters,43 (5) reports of
domain name disputes,44 (6) individual cyberspace cases reported on law
firm web sites,45 (7) law school research centers,46 (8) American Law
Reports (“ALR”) annotations,47 (9) all Internet-related Mealey
publications,48 (10) e-commerce law secondary sources,49 (11) Internet
the entire period of our study, 1992-2002. In addition, we examined the National Jury Verdict Review
& Analysis and the Combined Jury Verdicts and Settlements databases.
41
We examined all decisions in federal district courts, federal appellate courts, and state appellate
courts as reported in Westlaw and LEXIS.
42
The Seattle law firm, Perkins, Coie, publishes The Internet Case Digest, which is an online
Internet reporting service that “includes both filed and decided cases to capture the most recent
developments as well as new judicial precedents.” Perkins, Coie, Internet Case Digest, at
http://www.perkinscoie.com/casedigest/default.cfm (last visited Nov. 2, 2003). We also searched the
400-plus Internet Law cases published in the Phillips Nizer Internet Library. See also Phillips, Nizer,
Benjamin,
Krim,
and
Ballon,
Internet
Law
Library,
available
at
http://www.phillipsnizer.com/Internetlib.htm (last visited Nov. 2, 2003).
The law firm of Finnegan, Henderson, Farabow, Garrett & Dunner compiles comprehensive index
summaries of Internet-related trademark cases classified by injury types such as infringement,
tarnishment, or metatags. Finnegan, Henderson, Farabow, Garrett & Dunner, Trademark Case
Summaries, at http://www.finnegan.com/publications/index.cfm?info=trademark (last visited Nov. 2,
2003).
43
We reviewed Westlaw’s Combined Jury Verdicts and Settlements database: (1) Association of
Trial Lawyers of America (ATLA), (2) California Jury Verdicts and Judgments, (3) Florida Jury Verdict
Reporter, and (4) Jury Verdict and Settlement Summaries.
44
We searched for Internet domain name decisions in which courts ordered equitable or legal
relief. The study did not include cases submitted to the Uniform Dispute Resolution Procedures
(UDRP) developed by World Intellectual Property Organization (WIPO). Since the end of 1999, most
domain name disputes have been decided by one- or three-person ADR panels rather than by the federal
courts. As part of the process of registering a domain name, the registrant agrees to submit complaints
filed by third parties to alternative dispute resolution panels. These proceedings are quick, inexpensive,
and adjudicate domain name disputes between litigants in different countries. Panels have the limited
power of ordering the transfer or cancellation of domain names and cannot award damages, attorney’s
fees, or costs. Unlike court cases, UDRP decisions are informal, non-appealable, and not informed by
the doctrine of stare decisis. Litigants prefer UDRP decisions because of the speed, low cost, and desire
to obtain control over domain names promptly. Our sample of domain name cases is limited to those
filed in federal court under the Federal Dilution Act of 1995 and the Anti-Cybersquatting Act of 1998.
45
Searches on Google were conducted to locate unreported decisions in law firm web sites. Law
firms frequently report individual “victories” in their web site marketing materials.
46
The UCLA Online Institute for Cyberspace Law and Policy compiles the leading Internet law
cases by year at http://www.gseis.ucla.edu/iclp/hp.html (last visited Sept. 15, 2003). Another source of
information was the Berkman Center for Internet & Society at Harvard University Law School at
http://cyber.law.harvard.edu/ (last visited Sept. 15, 2003).
47
An online database of all Internet-related annotations in American Law Reports (ALR) was
extensively searched.
48
The content analysis of reported cases focused on CYBER TECH & E-COMMERCE: MEALEY’S
LITIGATION REPORT; EMERGING INSURANCE DISPUTES: MEALEY’S LITIGATION REPORT; INTELLECTUAL
PROPERTY: MEALEY’S LITIGATION REPORT; LITIGATION: MEALEY’S COMBINED REPORTS; PATENTS:
MEALEY’S LITIGATION REPORT; TRADEMARKS: MEALEY’S LITIGATION REPORT.
49
Searches were completed of the literature on commercial law, computer law, and the law of ecommerce. We conducted searches within Matthew Bender’s UCC REPORTER AND DIGEST as well as
the following Matthew Bender treatises: E-COMMERCE AND COMMUNICATIONS: TRANSACTIONS IN
DIGITAL INFORMATION, NIMMER ON COPYRIGHT, GILSON ON TRADEMARK PROTECTION & PRACTICE,
INTELLECTUAL PROPERTY COUNSELING AND LITIGATION, COMPUTER CONTRACTS, COMPUTER LAW,
AND LAW ON THE INTERNET.
2003]
Cybertorts and Legal Lag
85
treatises,50 (12) legal news services,51 (13) Securities & Exchange
Commission filings,52 and (14) general news53 and information services.54
These diverse sources contain the vast majority of cybertort cases in which
plaintiffs obtained some legal or equitable remedy between the years 1992
and 2002.55
D.
EMPIRICAL FINDINGS: EXISTING TORT REMEDIES DO NOT
ADEQUATELY ADDRESS CYBERWRONGS
“There is in our social organizations an institutional inertia,
and in our social philosophies a tradition of rigidity.”56
Civil law has yet to catch up to the technological challenge presented
by the Internet. Cybertort cases, in general, are a thimbleful of lawsuits in
an ocean-full of online disputes. Hardly a day goes by without new media
reports of cyberspace wrongs, yet plaintiff victories remain rare.57 The
50
All of the cases referenced in Michael L. Rustad & Cyrus Daftary’s E-Business Legal
Handbook: 2003 edition and earlier editions were included in the research universe. Cases found in
other Internet-related treatises searched were Millstein’s Doing Business on the Internet, Connolly’s
Law of Internet Security & Privacy, and Ballon’s E-Commerce & Internet Law.
51
The principal source here was the LEXIS library of legal news, newsletters, and publications.
However, we also looked at Westlaw’s General News and Combined News databases. Westlaw
includes all Dow Jones magazines, newspapers, wires, and other magazine databases. Both services
have extensive libraries of newswires and news services providing additional information on case
developments.
52
Corporate recordings in the Securities & Exchange Commission (SEC) were also reviewed.
Corporate annual reports to shareholders were examined on LEXIS’ FEDSEC database as well as the
SEC EDGAR databases. Companies are required to disclose pending or settlement cases that may
affect stock prices. WESTLAW and LEXIS publish SEC filings in which companies disclose lawsuits.
53
Newspapers and popular magazines on many LEXIS and WESTLAW databases were analyzed.
54
We systematically searched the extensive collection of computer law and cyberlaw publications
on LEXIS and Westlaw. Sources include: all Andrew Publications Newsletters on Internet-related
topics, Computer Law newsletters, Leader Publications newsletters, and the published outlines of the
Practicing Law Institute & ALI/ABA.
55
Pretrial settlements short of a preliminary injunction, temporary injunction, or other equitable
relief were not included in the statistical analysis, although qualitative information about the cyberspace
litigation process was obtained by a close reading of American common law cases. Internet cases were
classified as torts if the plaintiff prevailed on any tort cause of action, even if another branch of
substantive law was present in the case.
56
Global Telecommunications Watch Column, Telecommunication Policy and Cultural Lag,
KONG
ECONOMIC
JOURNAL
(Aug.
1992),
available
at
HONG
http://excellent.com.utk.edu/~bates/hkej7.htm (last visited Sept. 30, 2003) (noting that “[i]n 1922,
William F. Ogburn coined the phrase ‘cultural lag’ to describe what happens when related parts of a
culture react to some change to strikingly different degrees, or with different speeds”).
57
See, e.g., Alexandra Frean, Mail-order Degree Scam Closed Down, THE AUSTRALIAN, Mar. 12,
2003, at 19 (“[shutting] down a series of web sites selling invalid degrees from bogus universities which
used an address in Palmers Green, North London, to give their operation a cloak of respectability and
defrauded hundreds of thousands of mostly American customers); E. Scott Reckard, AOL, Cendant
Dismissed From Homestore Suit, L.A. TIMES, Mar. 11, 2003, at 2 (reporting billions of dollars lost by
investors in Internet fraud case); Business Editors, MPEG LA Resolves Apex Lawsuit, BUSINESS WIRE,
Mar. 10, 2003, at 1 (reporting settlement of licensing dispute over royalties for Internet technology).
See also Scott Carlson, North Dakota Professor Sues Former Student and a Web site Over Allegations
in an Article, THE CHRONICLE OF HIGHER EDUCATION, Jan. 19, 2001, at A33; Margaret Cronin Fisk,
Net Libel Verdict is Upheld, NAT’L L.J., Dec. 25, 2000, at A19; Carl Kaplan, Virginia Court’s Decision
86
Southern California Interdisciplinary Law Journal
[Vol. 13:1
paucity of Internet-related torts reformulates Ogburn’s thesis of cultural lag
to account for the dislocation caused by “legal lag.”58 This article focuses
on the potential reasons why cybertorts have not yet developed to counter
the growing number of civil wrongs in cyberspace.
1. The Big Picture: Cybertort Litigation
Table One
Successful Cybertort Cases Over Time
N=114
30
20
Count
10
0
1996
1997
1998
1999
2000
2001
2002
Equitable or Legal Remedy
Cyberspace litigation, on the whole, has taken only its first wobbly
steps and is not yet a significant segment of the overall legal landscape.
Our exhaustive search of all available sources uncovered just 114 cybertort
cases in which a plaintiff obtained a legal or equitable remedy nationwide
between 1992 and 2002.59 The number of plaintiff victories is increasing
annually but from a miniscule base. Sixty-two percent of these Internetrelated tort cases were decided post-1999. The apex of the Internet tort
cases occurred in 2002 with twenty-eight cases in which the plaintiff
prevailed nationwide. Torts in cyberspace may be thought of as a giant
inverse pyramid with an almost endless number of cyberwrongs at the base
as compared to only 114 cybertort plaintiff victories at the pyramid’s tip.
in Online ‘John Doe’ Case Hailed by Free-Speech Advocates, N.Y. TIMES, Mar. 16, 2001, available at
http://www.nytimes.com/2001/03/16/technology/16CYBERLAW.html?ex=1067922000&en=099dfef25
8540e14&ei=5070 (last visited Nov. 2, 2003).
58
SOCIAL SCIENCE QUOTATIONS, supra note 6 at 175.
59
A case was included in the cybertort database only if a court ordered either monetary or
equitable relief at any stage of the proceedings.
2003]
Cybertorts and Legal Lag
87
2. Cybertorts Are Largely Still-Born
Internet torts are dramatically different from the bricks and mortar
world of traditional civil litigation in which family law and personal injury
tort cases predominate.60 In 1992 alone, the overall number of real-space
tort cases was reliably estimated to be “more than 800,000 tort suits…in the
state courts of the United States.”61 Cyberspace tort actions are an
insignificant segment of this overall litigation caseload.
a.
The Rarity of Cybertorts
The failure of cybertort litigation to increase rapidly is counterintuitive
and inconsistent with the daily reports of fraudulent online auctions,
Nigerian money offers, deceptive work-at-home plans, and illegal pyramid
schemes that victimize thousands of Americans on a regular basis.62 The
Federal Trade Commission reported that Internet security attacks rose 37%
in the first quarter of 2003 alone. Internet fraud complaints tripled in 2002
and identity fraud increased by 73%.63 General surveys of American
consumers document “high rates of victimization by Internet offenses
ranging from identity theft to fraud, hacking to harassment.”64 A total of
48,252 fraud complaints were referred to American prosecutors in 2002,
triple the number of the year before.65 The National Consumer League
received 36,802 complaints of Internet fraud in 2002, more than double the
number filed in 2001.66
Clearly, tort law has failed to keep pace with the mushrooming number
of fraudulent schemes on the Internet. Furthermore, there are roadblocks to
60
Many Internet-related cases included several causes of action crosscutting substantive fields of
law. All cases were classified as to the “gist” of the action. In an intellectual property case, for
example, relief may be granted on both a business tort action and under the Lanham Act, which is the
federal trademark statute. One of the complexities of cyber litigation is that multiple causes of action
cross-cutting traditional branches of law were pleaded.
61
Richard A. Posner, Explaining the Variance in the Number of Tort Suits Across U.S. States and
Between the United States and England, 26 J. LEGAL STUD. 477, 477 (1997) (noting that there were an
additional 39,000 federal court tort filings in 1992).
62
See National Fraud Information Center, 2002 Internet Fraud Statistics, available at
http://www.fraud.org/2002intstats.html (last visited Apr. 25, 2003) (reporting that online auctions
constituted 90% of the complaints).
63
See Is Anyone Safe in Cyberspace? Private Financial Information Readily Available to
Professional Hackers on the Web, Vanguard Integrity Professionals Offer Solutions, PR NEWSWIRE,
Apr. 14, 2003.
64
Gene Stephens, Global Trends in Crime, 37 THE FUTURIST 40 (May 2003).
65
Curt Anderson, FBI: Internet Fraud Complaints Tripled 2002, ASSOCIATED PRESS, Apr. 9,
2003, available at http://www.crime-research.org/eng/news/2003/04/Mess1001.html (last visited Nov.
2, 2003).
66
Online Auctions Dominate Consumer Fraud, National Consumer League's Internet Fraud
Watch (Mar. 25, 2003) available at http://www.nclnet.org/internetfraud02.htm (last visited Sept. 16,
2003) (noting that by far the most common type of consumer fraud is online auction scams). See also
Internet Fraud Complaint Center at http://wwww1.ifccfbi.gov/stategy/stats10300.asp (last visited Apr.
29, 2003) (receiving online fraud complaints involving perpetrators from 105 countries, but with 90%
originating in the United States).
88
Southern California Interdisciplinary Law Journal
[Vol. 13:1
the development of Internet privacy actions that could otherwise be used to
counter the increasingly widespread trafficking of the personal information
of Internet users. Overall, tort remedies have yet to develop to protect
consumers in cyberspace.
b.
Explaining the Cybertort Drought
Many factors have contributed to the rarity of tort remedies in
cyberspace cases. The first wave of Internet torts litigation occurred during
a decade of tort retrenchment. Legislative tort retrenchment by state
legislatures has been one of the most successful law reform campaigns in
Anglo-American legal history. The majority of the states have enacted one
or more limitations on tort rights or remedies since 1980.67 Since 1986,
forty-five states and the District of Columbia have enacted at least one
limitation on plaintiffs’ tort remedies.68 Thirty-five states have either
placed new restrictions on or abolished the doctrine of joint and several
liability69 and the remedy of punitive damages.70 In 2001, alone, Florida,
Mississippi, Nevada, Oklahoma, and West Virginia enacted additional tort
limitations.71 The Internet is the newest battleground for the war on tort
rights and remedies. Tort retrenchment, statutory immunities, and judicial
controls combine to retard the development of torts in cyberspace.
3. The Difficulty of Establishing Personal Jurisdiction in the Cyberspace:
a.
Jurisdiction of the Global Internet
Cyberspace places a new twist on the role that technological progress
plays in transforming traditional rules of jurisdiction. In December 2002,
67
Michael L. Rustad & Thomas H. Koenig, Taming the Tort Monster: The American Civil Justice
System as a Battleground of Social Theory, 68 BROOKLYN L. REV. 1, 66-67 (2002) [hereinafter Taming
the Tort Monster].
68
Id. at 69.
69
Id. at 67 (citing American Tort Reform Association statistics).
70
Since the 1970s, all but a few legislatures have enacted one or more limitations on the awarding
of punitive damages. Punitive damages are not recoverable unless a court finds that the defendant owes
a duty to the plaintiff. A few states restrict plaintiff’s counsel from raising punitive damages during
opening and closing statements because it is the court’s role to permit the issue to go to the jury. See
Vanskike v. ACF Indus., Inc., 665 F.2d 188 (8th Cir. 1981) (reversing punitive damages for
inflammatory references in opening argument). A number of states bifurcate punitive damages from the
issue of liability to prevent evidence of the defendant’s reckless or wanton misconduct from tainting the
liability phase. Some states will require the jury to determine compensatory damages and whether
punitive damages are to be assessed in phase one of the trial. In the second phase, the jury hears
evidence of the wealth or financial condition of the defendant to set the size of the punitive damages
award. See, e.g., CAL. CIV. CODE ANN. § 3295(d) (West 2002); CONN. GEN. STAT. ANN. § 52-240(b)
(West 1991) (bifurcating punitive damages in products liability litigation); GA. CODE ANN. § 5112.5.1(d)(2) (Harrison 2000); KAN. STAT. ANN. §§ 60-3702, 60-3402 (2002); MINN. STAT. ANN. §
549.20(4)-(5) (West 2002). A few states bifurcate the entire punitive damages issue, including the
amount from the compensatory phase. See MINN. STAT. ANN. § 549.20(4)-(5) (West 2002); MISS.
CODE ANN. § 11-1-65(1)(b)(d); N.D. CENT. CODE § 32-03.2-11(2-4) (2002).
71
Taming the Tort Monster, supra note 67, at 65.
2003]
Cybertorts and Legal Lag
89
the Australian High Court held that a businessman could sue Barron’s and
Dow Jones, Inc. for libel in the state of Victoria based on evidence that
several hundred people in that state accessed the Dow Jones web site that
had posted an allegedly defamatory article.72 The implications of the Dow
Jones decision are troubling because a company may be subject to
jurisdiction in courts outside the United States for merely posting material
on a web site. Recently, the American journalist whose story was the
subject of the Dow Jones litigation filed a writ with the United Nations
Human Rights Commission, claiming that the Internet defamation lawsuit
violated his right to free speech.73 No international treaty or convention
addresses the issue of how personal or prescriptive jurisdiction rules need
to be updated for the Internet.74 No effective mechanism exists for
enforcing cybertort judgments against foreign defendants outside U.S.
borders. Cyberspace judgments are only collectable if the defendant has
assets subject to legal process in the plaintiff’s forum state.
b.
Stretching Minimum Contacts in U.S. Cases
In Hanson v. Denckla,75 the U.S. Supreme Court observed that “[a]s
technological progress has increased the flow of commerce between States,
the need for jurisdiction has undergone a similar increase.”76 Forty-five
years later, the Court is updating principles of personal jurisdiction with
regard to web sites, e-mail communications, and other online activities. In
the networked world, there will be increasing numbers of disputes between
litigants located in different countries. In State v. Granite Gate Resorts,
Inc.,77 for example, a state court found contacts sufficient to satisfy due
process over a nonresident defendant operating a gambling web site
72
Felicity Barringer, Internet Makes Dow Jones Open to Suit in Australia, N.Y. TIMES, Dec. 11,
2002, at 6.
73
The journalist who filed the action contends that the online defamation case upheld by the High
Court of Australia violates Article 19 of the UN's International Covenant on Civil and Political Rights.
See Australian Law Challenged at UN, SYDNEY MORNING HERALD (Apr. 18, 2003), at
http://www.smh.com.au/articles/2003/04/18/1050172745955.html. (last visited Jan. 28, 2004).
74
The European Union has recognized the challenge of harmonizing Internet jurisdiction rules.
The Brussels Regulation governs jurisdiction in civil and commercial disputes between litigants in the
European Community as well as rules for the enforcement of judgments. Council Regulation 44/2001
of December 22, 2002 revised the Brussels Convention of 1968. Article 2.1 of the Brussels Regulation
sets forth the general rule that “persons domiciled in a Contracting State shall, whatever their
nationality, be sued in the courts of that state.” Council Regulation No. 44/2001 of December 22, 2000,
on Jurisdiction and the Recognition and Enforcement of Judgments in Civil and Commercial Matters, at
Article 2, 2001 O.J. (L 12) 1, 3. Non-nationals of member states are “governed by the rules of
jurisdiction applicable to nationals of that state.” Id. Article 5.1, for example, provides that “in matters
relating to a contract,” jurisdiction is in the place of performance. Article 5.1, 2001 O.J. (L 12) 1, 4.
Consumers in the European Community have a right to sue a supplier if it “pursues commercial or
professional activities in the member state of the consumer’s domicile.” Article 15.1(c), 2001 O.J. (L
12) 1, 6.
75
357 U.S. 235 (1958).
76
Id. at 250-51.
77
568 N.W.2d 715 (Minn. Ct. App. 1997).
90
Southern California Interdisciplinary Law Journal
[Vol. 13:1
through a server located in Belize.78 The court formulated a sliding scale of
jurisdiction in determining whether minimum contacts are satisfied in
Internet-related cases. The amount of online commercial activity is the key
factor distinguishing "passive" from "interactive" web sites.
In general, personal jurisdiction in cyberspace is positively correlated
with commercial activity: the greater the interactivity of a web site, the
more likely a court will find the defendant subject to personal jurisdiction
in an out-of-state forum. Courts frequently apply the “sliding-scale”
analysis first articulated by the court in Zippo Manufacturing Co. v. Zippo
Dot Com, Inc.79 The Zippo court classified all Internet-related cases into
three types:
At one end of the continuum lie businesses or persons who clearly
conduct business over the Internet and have repeated contacts with
the forum state such that the exercise of in personam jurisdiction is
proper . . . At the other end of the continuum are defendants who
have done nothing more than post information or advertising on a
web site that is accessible to users in the forum jurisdiction.80
The middle ground is the borderline between passive and active sites
“occupied by interactive Web sites where a user can exchange information
with the host computer.”81
Since Zippo, courts have refused to find jurisdiction in scores of
cybertort cases, ruling that maintaining a web site alone is an insufficient
basis for finding purposeful availment or meeting other tests of personal
jurisdiction.82 In general, a passive web site without “something more” is
insufficient for personal jurisdiction.83 The Zippo test has been outpaced by
the growth of the Internet, where few contemporary commercial web sites
are purely passive advertisements.
Courts have recently been going beyond the “interactivity test” and
making a comprehensive examination of the defendant’s web site activities,
78
Id. at 721.
952 F. Supp. 1119 (W.D. Pa. 1997) (formulating a “sliding scale” for measuring purposeful
availment consisting of passive and active web sites on each end and a broad middle ground).
80
Alitalia-Linee Aeree Italiane S.A. v. Casinoalitalia.com, 128 F. Supp. 2d 340, 349 (E.D. Va.
2001) (describing Zippo interactivity test).
81
Id.
82
See, e.g., Blakey v. Cont’l Airlines, 730 A.2d 854 (N.J. Sup. Ct. 1999) (dismissing a female
airline pilot’s defamation lawsuit for statements made on Continental Airline’s internal electronic
bulletin board since there was no evidence that defendant-pilots targeted their postings at plaintiff);
Revell v. Lidov, 2001 U.S. Dist. LEXIS 3133 (N.D. Tex. March 20, 2001) (granting motion to dismiss
claims for defamation, intentional infliction of emotional distress, conspiracy, and breach of duty in
publishing article posted on a university web site); Bell v. Imperial Palace Hotel/Casino, Inc., 200 F.
Supp. 2d 1082 (E.D. Mo. 2001) (refusing to exercise jurisdiction over out of state casino because web
site offered only passive information).
83
See Cybersell, Inc. v. Cybersell, Inc., 130 F.3d 414, 420 (9th Cir. 1997) (holding that a
nonresident defendant in a domain name dispute did not have sufficient “minimum contacts” with the
forum state).
79
2003]
Cybertorts and Legal Lag
91
including the functionality of the site.84 Machulsky v. Hall,85 in which the
court found no personal jurisdiction where an eBay customer posted
negative feedback about a seller,86 is illustrative of the steep burden that
plaintiffs must meet in order to satisfy due process in cybertort cases.
Courts are beginning to craft more sophisticated “economic realities” tests
that focus on actual sales in the forum or other features of the web site,
rather than mere interactivity.87
4. Empirical Examination of Internet Jurisdiction
The difficulty of establishing personal jurisdiction is a major barrier to
the development of cyberspace litigation in general and cybertorts in
particular. In order to empirically evaluate the role of jurisdictional barriers
in cyberspace cases, a content analysis was performed on sixty-seven
federal court decisions handed down in 2002 where there was a preliminary
challenge based on personal jurisdiction.88 Federal courts dismissed 63%
of the Internet-related cases in 2002, on the grounds of lack of personal
jurisdiction.
Our analysis found that obtaining personal jurisdiction in Internet cases
is a formidable task in every substantive area of cyberlaw. In intellectual
property-related disputes, plaintiffs were successful in obtaining in
personam jurisdiction over the defendant in only ten out of the thirty cases.
Six out of fifteen plaintiffs in e-commerce or Internet-related contracts
cases were successful in clearing the hurdle of personal jurisdiction. Fewer
than 40% of plaintiffs in Internet-related tort cases were able to obtain
personal jurisdiction over defendants (11 of 29). The data demonstrates
that the paucity of Internet cases may be explained in part by the
difficulties of obtaining jurisdiction.
84
See, e.g., Coastal Video Communications Corp. v. Staywell Corp., 59 F. Supp. 2d 562, 571-72
(E.D. Va. 1999) (examining factors beyond interactivity in determining personal jurisdiction of a web
site-defendant).
85
210 F. Supp. 2d 531 (D. N.J. 2002).
86
See id. at 544.
87
See, e.g., Euromarket Designs, Inc. v. Crate & Barrell Ltd., 96 F. Supp. 2d 824, 833-39 (N.D. Ill.
2001) (basing jurisdiction upon actual sales of products over the web site to forum residents in addition
to the Zippo test and the effects test). See generally Michael Geist, Relatively Recent Jurisdiction
Decisions Said to be Falling Behind Web Technologies, INTERNET LAW & REG. (PIKE & FISHER) (June
5, 2001) (observing that “it is often difficult to determine whether a site is active or passive and that
courts are moving away from the Zippo standard to a more target-based approach to jurisdiction”).
88
Cases were included in the “personal jurisdiction in cyberspace” study only if there was a
substantial discussion of the “minimum contacts” framework applied to cyberspace. The sample of
sixty-seven judicial opinions constituted the bulk of significant personal jurisdiction cases in 2002. In
our 2002 sample of Internet-related cases, we found forum-related activities to be critically important
for a finding of personal jurisdiction. Courts were likely to apply the sliding scale analysis or the
effects test to determine whether the defendant purposefully availed itself of the privilege of conducting
business from within the forum. A web site's exceptionally interactive design is a key factor in favor of
personal jurisdiction as noted by the court in Stewart v. Hennessey, 214 F. Supp. 2d 1198 (D. Utah
2002). Defendants may be unlikely to successfully challenge jurisdiction where the web site is open to
residents in the forum and receives "hits" from the forum. See ComputerUser.com, Inc. v. Tech.
Publ’ns., 2002 U.S. Dist. LEXIS 13453 (D. Minn. July 20, 2002).
92
Southern California Interdisciplinary Law Journal
a.
[Vol. 13:1
Cybertorts are Largely Intentional Torts
Table Two
Cybertort Causes of Action
N=114
Property-Based Torts
28%
Negligence
3%
Defamation
27%
Privacy Torts
4%
Misc. Intentional
Business Torts
3%
35%
Most of the cybertorts that have evolved are publication or
informational torts filed by corporate plaintiffs as compared to the mostly
personal injury cases that predominate in a traditional tort caseload.89 The
U.S. Supreme Court describes the Internet as a massive disseminator of
information:
Through the use of chat rooms, any person with a phone line can
become a town crier with a voice that resonates farther than it
could from any soapbox. Through the use of web pages, mail
exploders, and newsgroups, the same individual can become a
pamphleteer.90
As Table Two reveals, 27% (N=31) of the cybertorts are classified as
defamation or injurious falsehood claims.91 The four most common
89
In the traditional tort arena, economic loss cases are becoming more common. Empirical
studies confirm that punitive damages are larger and more frequent in financial injury and business
contracts cases including fraud cases. Rustad, supra note 34, at 37-40.
90
Reno v. ACLU, 521 U.S. 844, 870 (1997).
91
Online defamation is the use of e-mail or Internet web sites to transmit false and damaging
information about persons. When corporations or other entities are disparaged by false or misleading
information transmitted online, they seek relief through the allied torts of trade libel or injurious
falsehoods.
2003]
Cybertorts and Legal Lag
93
Internet-related actions were business torts (35%, N=40), personal property
torts, including trespass to chattels or conversion (28%, N=32), and online
defamation (27%, N=31). Ninety-seven percent of the 114 cybertorts were
intentional tort cases, in contrast to the negligence cases dominating
traditional caseloads.92 No real property damage, personal injury, or
wrongful death claims were successfully pleaded in cyberspace lawsuits, in
dramatic contrast to the world of real-space torts. No cybertorts arose out
of claims based upon strict liability.93
Internet torts are different from bricks and mortar torts largely because
of the nature of damages suffered by plaintiffs. The predominant injury in
a cybertort case is a financial loss rather than personal injury or physical
damage to property. Torts in cyberspace arose out of e-mail, web site, or
software distribution, rather than traditional categories of injury such as
automobile accidents, slip and fall mishaps, premises liability, operating
room malpractice, and injuries due to dangerously defective products.
The predominance of intentional cybertorts depicted in Table Two is
reminiscent of the tort law found in eighteenth-century England with its
overwhelming emphasis on intentional torts.94 When Blackstone wrote his
Commentaries on the Laws of England (1765-68), his formulation of
"private wrongs" was designed for a legal system that provided
compensation largely for intentional torts.95 In pre-industrial England, tort
law was chiefly a legal institution to provide remedies for intentionally
inflicted injuries against persons and their property.
The intentional torts protecting personal property described by William
Blackstone serve a special function in the age of the Internet. In
eighteenth-century England, the action for trespass to chattels was used to
provide compensation for the dispossession of tangible personal property.
Today, this ancient remedy has been resurrected to apply to invasions of
web sites by spam e-mailers, web scrapers, and other virtual trespassers.
Trespass to chattels is also employed by large companies to protect
92
In one of the largest empirical studies of tort litigation, the Institute for Civil Justice found that
negligence-based motor vehicle claims accounted for almost two in three cases. Marc Galanter, Real
World Torts: Antidote to Anecdote, 55 MD. L. REV. 1093, 1102 (1996) (citing study by the Rand
Institute for Civil Justice) [hereinafter Real World Torts].
93
See also Sanders v. Acclaim Entm’t, Inc., 188 F. Supp. 2d 1264 (D. Colo. 2002) (dismissing
actions based on negligence and strict liability in lawsuit filed in the Columbine school shooting case in
which it was claimed that the killers were “fanatical consumers of violent video games and movies
distributed on the Internet”); James v. Meow Media, Inc., 90 F. Supp. 2d 798, 819 (W.D. Ky. 2000)
(dismissing product liability claims, finding that information “products” were not encompassed in
Kentucky’s strict products liability statute “because thoughts, ideas, and expressions contained within
defendants' movie, games, and web site materials did not constitute a ‘product’ within the realm of the
strict liability doctrine”).
94
Intentional torts are injuries committed with the purpose to bring about a desired result or a
substantial certainty that a desired consequence will occur: "One who intentionally causes injury to
another is subject to liability to the other for that injury, if his conduct is generally culpable and not
[privileged]." RESTATEMENT (SECOND) TORTS § 870 (1979). Battery, assault, false imprisonment,
intentional infliction of emotional distress, conversion, trespass to land, and trespass to chattels are
examples of intentional torts.
95
Taming the Tort Monster, supra note 67, at 10.
94
Southern California Interdisciplinary Law Journal
[Vol. 13:1
information on their web sites from being extracted by bots or spiders.96
Intentional torts dominate the cyberspace litigation landscape in sharp
contrast to negligence in the real-space world.97
b.
Business Torts
In the real-space world, business torts account for many of the megacases: “[The] biggest verdicts [in 2000] included a $324 million verdict in
a patent infringement claim, a $233 million verdict in a securities fraud
case, and a $181 million verdict in a breach-of-contract suit.”98 The great
majority of business torts in cyberspace are based upon intentional
misconduct rather than negligence or strict liability. Corporate plaintiffs
file cybertort cases pleading business torts such as fraud, misappropriation,
or the interference with contract. Spam-related tort cases arise when a
commercial e-mailer overloads computer networks by sending out massive
amounts of unwanted and unsolicited bulk e-mail.
The tort of
misappropriation consists of the unauthorized interference with or
extraction of valuable and time-sensitive information.99 The intentional
torts of fraud, deceit, or misrepresentation are information torts because the
plaintiff has suffered loss in relying upon false or misleading statements
made by defendants.
c.
Invasion of Privacy
The development of new technologies for harvesting personal
information creates the potential for widespread invasions of privacy.
Seventy percent of Americans report they are seriously concerned that
businesses are not adequately protecting their online privacy,100 yet only a
handful of plaintiffs have successfully pleaded an action for any privacybased tort. As yet, no plaintiff has been able to redress the invasion of
privacy that results when personal information is gathered and sold to
Internet advertisers.
96
Whatis.comglossary, available at http://whatis.techtarget.com (last visited April. 12, 2003)
(describing “bot” as shorthand for robot and referring to programs such as “spiders” or “crawlers” that
simulate human actions); EF Cultural Travel BV v. Zefer Corp., 318 F.3d 58, 61 (1st Cir. 2003); eBay,
Inc. v. Bidder’s Edge, Inc., 100 F. Supp. 2d 1058, 1073 (N.D. Cal. 2000) (ordering preliminary
injunction to enjoin Bidder’s Edge from using spiders or bots to extract data from eBay’s web site).
97
Tort law in the real-space world was also slow to develop during the Industrial Revolution. Tort
law as a substantive field of law did not evolve until the nineteenth-century with the rise of negligence.
G. Edward White, The Intellectual Origins of Torts in America, 86 YALE L.J. 671, 678-83 (1977).
98
Gregory D. Hopp, IT Perspective: Questionable Claims Finding Some Success in Court, BUS.
INS., June 18, 2001, at G12.
99
See generally Mark Sableman, Link Law Revisited: Internet Linking Law at Five Years, 16
BERKELEY TECH. L. J. 1273, 1284 (2001).
100
Matthew Kinsman, One-Way Street, PROMO, April 1, 2003.
2003]
Cybertorts and Legal Lag
95
Increasingly, online advertisers use “web bugs”101 to track an
individual’s activity on a web site and when an Internet user opens, reads,
and forwards an e-mail, but the courts have yet to recognize remedies for
these online intrusions.102 A New York federal court dismissed a class
action suit filed against DoubleClick, Inc., described as “the largest
provider of Internet advertising products and services in the world.”103
Doubleclick uses its software to harvest personal information such as
names and e-mail addresses of Internet users in order to create cookies.104
The court concluded that Doubleclick’s use of cookies to collect
information did not violate federal statutes including the Electronic
Communications Privacy Act, the Wiretap Act, and the Computer Fraud
and Abuse Act.105 No tort remedy was available because the common law
has not yet evolved to address the wholesale collection and sale of
personally identifiable information.
A growing number of companies are monitoring e-mail and Internet
communications of their employees. More than three-quarters of major
U.S. companies routinely record and review employee communications and
activities on the job, including their telephone calls, e-mail, and computer
files.106 Private employees have no constitutional right to privacy because
there is no state action.107 In a decade of Internet-related workplace privacy
cases, private employers have prevailed in every case.108
101
A “web bug” is typically a text file or graphic embedded in a web page or in an e-mail’s HTML
code. Web bugs are also known as “invisible GIFs,” “clear GIFs,” or “1-by-1 pixels.”
102
Marc S. Roth and Kathleen Fay, Playing ‘Hide and Seek’ with Web Bugs, 10 E-COMMERCE L.
& STRATEGY 6 (Feb. 2001).
103
In re Doubleclick Privacy Litigation, 154 F. Supp. 2d 497, 500 (S.D. N.Y. 2001) (the federal
district court found no cause of action in favor of Internet users whose personal information such as
names, e-mail addresses, telephone numbers, searches performed and other personal information was
being systematically collected by the defendant’s cookies. The court dismissed all federal and state
claims finding it implausible that web site visitors did not consent to the use of cookies).
104
Cookies “are computer programs commonly used by Web sites to store useful information such
as usernames, passwords, and preferences, making it easier for users to access Web pages in an efficient
manner. [The DoubleClick] cookies collect . . . [personal] ‘information such as names, e-mail
addresses, home and business addresses, telephone numbers, searches performed on the Internet, Web
pages or sites visited on the Internet . . .’” Id. at 502.
105
The Computer Fraud and Abuse Act provides litigants with a private cause of action for
unauthorized access to computer systems and electronic information. 18 U.S.C. § 1030 (2002).
106
2001 American Management Survey, Workplace Monitoring & Surveillance, Summary of Key
Findings, at http://www.amanet.org/rsearch/pdfs/ems_short2001.pdf (last visited April 1, 2002) (stating
that over three-quarters of firms have disciplined employees for misuse of information technologies and
another 31% have dismissed individuals for those reasons).
107
Cf. O’Connor v. Ortega, 480 U.S. 709 (1987) (holding that the test of “reasonableness” applies
to public employers, rather than the usual Fourth Amendment requirement of a warrant supported by
“probable cause”); Leventhal v. Knapek, 266 F.3d 64 (2d Cir. 2001) (finding that investigatory searches
by agency did not violate employee’s Fourth Amendment rights).
108
See, e.g., Smyth v. Pillsbury Co., 914 F. Supp. 97 (E. D. Pa. 1996) (finding company’s interest
in preventing inappropriate e-mail activity on its own system outweighs any employee privacy interest);
McLaren v. Microsoft Corp., 1999 Tex. App. LEXIS 4103 (Tex. App. Dallas May 28, 1999) (holding
that employee had no reasonable expectation of privacy in e-mail messages transmitted over the
company’s network accessible by third parties); Garrity v. John Hancock Mut. Life Ins. Co., 2002 U.S.
96
[Vol. 13:1
Southern California Interdisciplinary Law Journal
5. Cybertorts Tend to Be Judge-Determined Federal Cases
Table Three
Type of Court Disposition
N=114
Default Judgment
30%
Jury
36%
Judge
34%
The jury plays a much less central role in cyberspace litigation than in
real-space torts. Of the 114 cases involving a cybertort, 36% (N=41) were
decided by a jury, 34% (N=39) were decided by judges, and 30% (N=34)
were default judgments. America Online, Inc., alone, won sixteen cases
against spam e-mailers in which the defendant defaulted.109 In addition, a
number of cybertort defendants simply vanished after unsuccessfully
contesting large awards.110 The jury played no role in cases where the
defendant failed to appear in court.
More than 95% of traditional tort cases are filed in state courts; the rest
are diversity cases decided in federal district courts.111 A majority of
cyberspace tort cases (61%, N=70), in contrast, are decided in federal court
Dist. LEXIS 8343 (D. Mass., May 7, 2002) (granting summary judgment in favor of employer in case
where e-mails were read by management).
109
See, e.g., America Online, Inc., v. National Healthcare Disc., Inc., 174 F. Supp. 2d 890 (N.D.
Iowa 2001) (awarding $319,500 in compensatory damages and $100,000 in punitive damages where a
defendant defaulted in a judgment based upon trespass to chattels where the commercial e-mailer
ignored repeated requests to stop the sending of junk e-mail to AOL and its members).
110
See, e.g., Kremen v. Cohen, 314 F.3d 1127, 1040 (9th Cir. 2003).
111
See Real-World Torts, supra note 92, at 1105 (reporting “a small portion (less than five percent)
of all tort filings, but considerably larger portions of product liability and mass tort claims, are in federal
courts”). See also Michael J. Saks, Do We Really Know Anything About the Behavior of the Tort
Litigation System—And Why Not? 140 U. PA. L. REV. 1149, 1156 (1992) (observing that “far less is
known about the approximately 98% of tort cases that are litigated at the state level”).
2003]
Cybertorts and Legal Lag
97
because the Internet, by its very nature, produces diversity cases.112
Cyberspace makes close neighbors of litigants in distant lands.
Cyberspace litigation will increasingly require new rules for choice of
law, choice of forum, jurisdiction, enforcement of judgments, as well as
substantive rules of tort law that reconcile radically different legal
traditions. For example, a French court's ruling that Yahoo! must
“eliminate French citizens' access to any material on the Yahoo.com
auction site that offers for sale any Nazi objects” was found to violate the
First Amendment of the U.S. Constitution.113 As the global Internet
evolves into a seamless worldwide bazaar, many other cross-national
clashes over legal norms will occur.
6. Cybertorts are More Developed in Information Technology Centers
Empirical studies of the U.S. civil litigation system have consistently
found substantial variation — hot spots and cold spots — in tort law
caseloads within and between jurisdictions.114 Judge Richard Posner, for
example, reports “enormous variance across jurisdictions in the number of
tort cases filed, even when the laws in the different jurisdictions are
similar.”115 A U.S. Department of Justice study in 1992 found punitive
damages to vary significantly by jurisdiction within the nation’s seventyfive most populous counties.116
Cybertorts are concentrated in the same “hot spots” as traditional tort
litigation.117 Only twenty-five states of the fifty-one civil jurisdictions had
even a single cybertort plaintiff victory during this decade of Internet112
“Tort law in America is built on a bed rock of state common law.” Robert L. Rabin,
Federalism & the Tort System, 50 RUTGERS L. REV. 1, 2 (1997).
113
Yahoo! Inc. v. La Ligue Contre Le Racisme et L'Antisemitisme, 169 F. Supp. 2d 1181, 1184,
1194 (N.D. Cal. 2001) (refusing to enforce Paris judgment against Internet Service Provider on public
policy grounds).
114
See, e.g., STEPHEN DANIELS & JOANNE MARTIN, CIVIL JURIES AND THE POLITICS OF REFORM
(Northwestern Univ. Press 1995) (finding jurisdictional differences in state jury verdicts in forty-seven
counties within eleven states); DEBORAH HENSLER & ERIK MOLLER, TRENDS IN PUNITIVE DAMAGES:
PRELIMINARY DATA FROM COOK COUNTY, ILLINOIS AND SAN FRANCISCO, CALIFORNIA (Institute for
Civil Justice 1995) (finding jurisdictional differences in awards across jurisdictions); MICHAEL L.
RUSTAD, DEMYSTIFYING PUNITIVE DAMAGES IN PRODUCTS LIABILITY CASES: A SURVEY OF A
QUARTER CENTURY OF TRIAL VERDICTS (Lee Hays Romano ed., Papers of Roscoe Pound Foundation
1995) (noting that five states accounted for 47% of all punitive awards in a quarter century of products
liability cases) [hereinafter DEMYSTIFYING PUNITIVE DAMAGES]; Reconceptualizing Punitive Damages
in Medical Malpractice, supra note 33 (finding that five states accounted for nearly half of all punitive
damages in three decades of medical malpractice litigation).
115
Richard A. Posner, Explaining the Variance in the Number of Tort Suits Across U.S. States and
Between the United States and England, 26 J. LEGAL STUD. 477, 477 (1997) (demonstrating
jurisdictional difference within the United States and cross-nationally).
116
Carol Defrances et al., U.S. Dept. of Justice, Bureau of Justice Statistics, Special Report, Civil
Jury Cases and Verdicts in Large Counties (1995). See also Theodore Eisenberg et al., The
Predictability of Punitive Damages, 26 J. LEGAL STUD. 623 (1997).
117
See DEMYSTIFYING PUNITIVE DAMAGES, supra note 114. See also Unraveling Punitive
Damages, supra note 34 (summarizing studies demonstrating that the number and size of punitive
damages awards varies significantly by jurisdiction).
98
Southern California Interdisciplinary Law Journal
[Vol. 13:1
related litigation.118 Seventy percent of the cybertorts were decided in only
five states: California (33%, N=38), Texas (13%, N=15), Virginia (13%,
N=15), New York (6%, N=7) and Illinois (4%, N=5). The number of
cybertort cases reflects the degree to which the jurisdiction’s economy is
information-based. California’s disproportionate number of Internet torts is
largely attributable to the dominance of Hollywood entertainment, high
technology, and the software industry. Virginia’s heavy Internet tort
caseload may be explained by America Online’s multiple filings against
spam e-mailers in the Northern District of Virginia. States with the largest
number of cybertorts tended to be those whose economies are the most
information-based.
7. Corporations Predominate as Cybertort Plaintiffs
Table Four
Type of Cybertort Plaintiff
N=114
Other Organizations
2%
Int'l or Nat'l Corp.
24%
Individual
39%
Medium Corporation
18%
Small Corp/Website
18%
Large U.S. corporations with the economic, human, and legal resources
to protect their economic interests were the most frequent plaintiffs in
Internet tort litigation. Marc Galanter has argued that “repeat players” such
as these litigants have a great competitive advantage over “one-shotters.”119
National or international corporations filed one in four successful cybertort
cases (24%, N=27). Medium-sized companies filed another 18% (N=21)
118
Id.
Marc Galanter, Why the “Haves” Come Out Ahead: Speculations on the Limits of Legal
Change, 9 LAW & SOC’Y REV. 95, 97, 106 (1974).
119
2003]
Cybertorts and Legal Lag
99
of the cybertort cases—a number nearly matched by small companies (18%
N=20). Non-profit organizations accounted for only 2% (N=2) of the
Internet tort cases.
Thirty-nine percent of the successful cybertort plaintiffs were
individuals (N=44) whose chief causes of action were generally based on
online defamation, employment-related torts, or, to a lesser extent, the
invasion of privacy.120 Internet-related defamation cases, whether filed by
companies as trade libel actions or by individuals vindicating their personal
reputations, frequently arose out of incendiary discussions on news groups
or listservs. Ex-employees of Varian Medical Systems, Inc., for example,
posted “scathing remarks about the company and their supervisors” on
Internet web sites. “Through some 14,000 Internet postings on 100
message boards and their own Web site, the former employees falsely
accused managers at Varian . . . of having extramarital affairs, being a
danger to children, being homophobic, videotaping office bathrooms,
discriminating against pregnant women, being chronic liars, and
hallucinating.”121
A California jury awarded the company $775,000 in damages and
enjoined the defendants from further libelous postings. In a strange turn of
events, the defendants then began receiving anonymous threatening e-mails
warning them not to appeal the verdict.122 These e-mails contained
intimidating statements such as: "I heard Mikey will have a hard time
appealing his case after he's DEAD. Count the days, loser . . . you're going
to suffer and someone will laugh."123 Companies are increasingly
employing such defamation actions to restraint cybersmearers.
120
The typical defendant in a products liability case is a large corporation, not a small business.
See In Defense of Punitive Damages in Products Liability, supra note 32. In a study of tort litigation in
state courts, the Justice Department found that the typical litigant was an individual suing a business.
Businesses constituted nearly all of the defendants in cases involving toxic substances, products
liability, sales, and employment torts. See Unraveling Punitive Damages, supra note 34, at 54
(confirming that the typical plaintiff is an individual suing a business).
121
Louis Pechman, The Employer Strikes Back, 227 N. Y. L. J. 4 (June 25, 2002).
122
Shannon Lafferty, FBI Investigating Death Threats in Varian Libel Case, THE RECORDER, Aug.
1, 2002, available at http://www.law.com/regionals/ca/stories/020801f.shtml (last visited Nov. 2, 2003).
123
Id.
100
Southern California Interdisciplinary Law Journal
[Vol. 13:1
8. The Typical Cybertort Defendant is a Small Company — Not a Deep
Pocketed National Corporation
Table Five
N=114
Type of Cybertort Defendant
Other Organizations
4%
Int'l or Nat'l Corp.
10%
Medium Corporation
12%
Individual
20%
Small Corp/Website
54%
Most cybertorts were business-to-business (B2B) actions brought by
large corporations against smaller companies. Fifty-four percent of
defendants in cybertort cases were small corporations or start up ecommerce web sites (N=61). Another 12% (N=14) of the defendants were
medium corporations. Individuals constituted only 20% of the defendants
(N=23). Miscellaneous defendants such as activist groups and trade
organizations constituted the remaining 4% of cybertort defendants (N=5).
The individual cases (none of which were consumer litigation) frequently
arose out of acrimonious e-mail, web site, and listserv postings. Large
corporations were cybertort defendants in only 10% of the decided cases
(N=11).
Most Internet tort defendants were online businesses, spammers, or
pornographers. Online sales and services constituted 31% (N=35) of the
cybertort defendant industries. Spammers and online pornographers
constituted 29% (N=33) of the cybertort defendants. Bricks and mortar
businesses with a web site presence accounted for another 18% (N=21) of
the cybertort defendants. Individuals were defendants in another 18%
2003]
Cybertorts and Legal Lag
101
(N=20) of the Internet tort cases. Miscellaneous entities, including activist
organizations, comprised 4% (N=5) of cybertort defendants.
9. Prospective or Injunctive Relief is a Favored Remedy in Cybertort
Cases.
A unique aspect of these cyberspace cases was the important role that
equitable remedies played in the preliminary stage.124 Plaintiffs in
cyberspace cases frequently sought equitable relief rather than monetary
damages.125 In 59% of the cybertort actions, the plaintiff obtained some
form of equitable relief (N=67). The goal of the plaintiff was to freeze the
status quo or to enjoin the defendant, rather than to obtain compensation.126
In the real-space world, in contrast, injunctions and other forms of
equitable relief are proper only if the plaintiff proves the “inadequacy of
damages.”127
Many of the high profile victories were obtained at the preliminary
injunction stage or through summary judgment.128 Of the 114-cybertort
cases, only 41% of the cases (N=47) were purely monetary awards. In
thirty-seven cases (33%), plaintiffs received monetary relief as well as a
preliminary injunction or other equitable relief. In 26% of the cases,
plaintiff received only prospective or injunctive relief (N=30). Many of the
non-monetary award cases were comprised of preliminary injunctions
against spam e-mailers, business tort claims within a trademark dispute, or
requests for prospective relief for right of publicity or privacy.
In many high profile cases, injunctive relief was sought because of the
“prospective nature of online injuries.”129 In Michaels v. Internet
124
Uta Kohl, Injunctions v. Damages (The Age of the Internet): Old Battles of Remedies Revisited,
11(2) J. OF L. & INFO. SCI. 160 (2001) (arguing that the role of extraordinary remedies such as
injunctions needs to be re-examined and reassessed in cyberspace litigation).
125
In Internet-related trademark litigation, equitable relief may take the form of corrective
advertising, de-listing of web sites from search engines, posting notices of court orders on web sites, or
court-ordered web site disclaimers. See Finnegan, Henderson, Farabow, Garrett & Dunner, L.L.P.,
Internet
Trademark
Case
Summaries,
at
http://www.finnegan.com/publications/index.cfm?info=trademark&id=74 (last visited April 12, 2003).
126
Kohl argues, “[I]njunctions are much better suited to the online environment. Unlike damages,
they often provide a more effective remedy to the plaintiff, may be less draconian to the defendant and
less inhibitory in their overall effect on electronic communications.” See Kohl, supra 124, at 160.
127
Id. at 161.
128
In many other fields of cyberspace law, injunctive or equitable relief is the primary objective of
the plaintiff. For example, in the leading constitutional cases in cyberspace, the whole point is to enjoin
enforcement of a statute. See, e.g., Ashcroft v. ACLU, 535 U.S. 564 (2002) (enjoining enforcement of
the Child Online Protection Act which incorporated community standards to identify material harmful
to minors). See also Reno v. ACLU, 521 U.S. 844 (1997) (holding portions of the Communications
Decency Act of 1996 to be unconstitutional). Injunctive relief is the chief remedy sought in anti-spam
cases. See, e.g., America Online, Inc. v. Nat'l Health Care Disc., Inc., 174 F. Supp. 2d 890 (N.D. Iowa
2001) (entering preliminary injunction against mass commercial e-mail firm violating AOL’s terms of
service agreement). Many of the tort cases in cyberspace also focus on injunctive relief. See
Register.com, Inc. v. Verio, Inc., 126 F. Supp. 2d 238 (S.D. N.Y. 2000) (demonstrating a likelihood of
success on the merits and irreparable harm without such relief based upon contract law, trespass to
chattels, and violations of computer fraud and trademark laws).
129
See Kohl, supra note 124, at 165-66.
102
Southern California Interdisciplinary Law Journal
[Vol. 13:1
Entertainment Group, Inc.,130 for example, the federal court was asked to
issue an injunction to prevent irreparable injury that would result from the
Internet sale of a videotape depicting actress Pamela Anderson Lee and
rock musician Brett Michaels engaging in intimate activities. The Michaels
court issued an injunction enjoining the adult entertainment web site from
displaying still images of the couple engaged in sexual intercourse on the
grounds that the publication violated their right of publicity under
California law.131
Monetary damages are difficult to establish in an online environment
because many of the injuries are difficult to value. Fledgling e-businesses
find it almost impossible to establish damages based on lost profits because
they lack a financial track record.132 Courts face the challenging task of
assessing damages for “spoofing” or transmitting massive amounts of junk
e-mail using false identifiers. In a typical spam e-mail case, the ISP incurs
costs by responding to complaints by its customers who are inconvenienced
by reading and deleting fraudulent or illegal e-mail messages. For
example, in Earthlink v. Carmack,133 a Georgia court assessed damages of
$2.00 per spam e-mail against a defendant who hijacked 343 e-mail
accounts and used them to transmit an average of one million spam emessages per day.
An ongoing campaign launched by America Online, Inc., (“AOL”) to
stop the transmission of unsolicited, commercial e-mail messages is an
example of a tort for which damages are difficult to compute. Although
AOL’s customers are clearly inconvenienced in being subjected to a
barrage of pornographic images, get-rich-quick schemes, health products,
and other annoying “spam,” finding an appropriate level of compensation is
a difficult task. In America Online, Inc. v. National Health Care Discount,
Inc.,134 the defendant developed software to harvest e-mail addresses in
order to transmit massive numbers of spam advertisements. The defendant
e-mailed 276 million pieces of unsolicited spam to subscribers, using
software that evaded AOL’s filters. While damages are trivial at the
subscriber level, if each subscriber took a few seconds to delete the
unwanted e-mail, the aggregate cost in damages could be in the millions of
dollars.
In many cases, the ISP seeks damages for the cost of responding to
subscriber complaints, for storing large numbers of messages, and for
transmitting electronic communications. AOL, for example, claimed that
130
5 F. Supp. 2d. 828 (C.D. Cal. 1998).
See also Lee v. Internet Entm’t Group, Inc., 33 Fed. Appx. 886 (9th Cir. 2002) (finding an issue
of material fact as to whether a settlement and release entered into by celebrities and an entertainment
organization covered only Internet distribution of an allegedly stolen videotape depicting them engaged
in intimate acts or whether it extended to distribution of the tape on VHS and DVD via retail stores).
132
See, e.g., C.P. Interests, Inc. v. California Pools, Inc., 238 F.3d 690, 696 (5th Cir. 2001)
(vacating business disparagement award and injunction for failure to establish pecuniary loss).
133
2003 U.S. Dist. LEXIS 9963 (N.D. Ga. May 7, 2003) (assessing damages based on millions of
unsolicited spam e-mail messages per day).
134
174 F. Supp. 2d. 890 (N.D. Iowa 2001).
131
2003]
Cybertorts and Legal Lag
103
its cost “for delivering each piece of e-mail sent to an AOL member is
$.00078 (i.e., 78 [cents] per thousand pieces of e-mail). This computation
would result in damages to AOL of $105,300 ($.00078 times
135,000,000).”135 However, the court found that AOL’s suggested method
of measuring damages would dramatically overcompensate the ISP, and
consequently fashioned its own formula for calculating damages.136 In
addition, the court awarded $100,000 in punitive damages under Virginia
state law.137 This anti-spam case illustrates the difficulty courts have in
assessing damages; individual AOL users may be annoyed by spam, but
suffer no significant monetary damages for the inconvenience of repeatedly
hitting the delete key. The ISPs’ lawsuits are based on the provider’s costs
of responding to consumer complaints about the spam.
10. No Litigation Crisis Exists in Cyberspace; Size of Compensatory
Awards is Modest
Although a few compensatory awards were quite large, there is no
evidence of a litigation crisis in cybertorts. For the eighty-four decisions
that included compensatory damages in a cybertort case, the awards ranged
from $1 to $177,000,000. The mean compensatory award in the cybertort
cases was $6,266,078 and the median award was $287,761. Thirty-three of
the eighty-four compensatory damages awards (39%) exceeded one million
dollars. Very large awards are rare: a total of twelve cybertort awards were
each greater than ten million dollars. Only three of the eighty-four
compensatory damage cybertort awards (4%) exceeded one hundred
million dollars.138
a. Punitive Damages are Rare and Often Less Than Compensatory
Damages
The rate of punitive damage awards was higher in cyberspace than in
the real-space world principally because of the predominance of intentional
torts in cyberspace.139 Forty percent of the cybertort cases (N=45) resulted
in a punitive damages award. An additional four punitive damages awards
were uncovered that were based upon federal statutes and thus outside of
the cybertort analysis. Punitive damages for the forty-five cybertort awards
135
Id. at 900.
Id. at 901 (concluding that “while an award of 78 [cents] per thousand pieces of [commercial email] . . . sent to AOL members would not adequately compensate AOL for damages, $8.56 per
thousand pieces of UBE [unsolicited bulk e-mail] would dramatically overcompensate AOL[.]”).
137
Id. at 902.
138
Michael L. Rustad & Thomas H. Koenig, Internet Tort Database: 1992-2003 (on file with
authors).
139
A study by the researchers at the Bureau of Justice Statistics (BJS) and the National Center for
State Courts study of civil courts in the seventy-five largest American counties provides a useful crosssection of punitive damages activity during 1992. Of the 12,026 verdicts in the sample, plaintiffs won a
total of 364 punitive damages awards (5.9% of the cases). Real World Torts, supra note 92, at 1127
(citing study of National Center for State Courts).
136
104
Southern California Interdisciplinary Law Journal
[Vol. 13:1
ranged from $1,486 to $460,000,000.140 In the bricks and mortar world,
fewer than 10% of tort damage cases resulted in punitive damages. When
punitive damages are awarded in traditional torts, the amounts are generally
quite modest in relationship to the size of the compensatory damages
award.141 The median award in of the forty-five cybertort punitive awards
was $435,000. The size of the occasional large verdict exaggerates the
importance of punitive damages in cyberspace since the extreme awards
are almost certainly uncollectible.
The year 2001 witnessed the bumper crop for punitive damages in
cybertort cases with a mere fourteen cases in all jurisdictions. Moreover,
only fifteen state courts rendered even a single punitive damage cybertort
award over the entire decade. Only three states had more than three
punitive awards in a decade: California (15), Texas (8), and Virginia (4).142
Punitive damage awards were more likely to be handed down in state
courts than in federal courts, despite the fact that 60% of the overall
cybertort cases were decided in federal forums. Six in ten punitive damage
awards in cybertort cases (N=27) were handed down in state courts, in
contrast to punitive damages in traditional torts, which are overwhelmingly
awarded in state courts.143
b. Mathematical Ratios and Due Process in Cyberspace
In April of 2003, the U.S. Supreme Court decided State Farm Mutual
Automobile Insurance Co. v. Campbell.144 The Court reversed a punitive
damages jury verdict, further articulating guidelines for assessing the
constitutionality of high-ratio awards.145 At trial, the jury had awarded the
plaintiffs $2.6 million in compensatory damages and $145 million in
punitive damages, which was remitted to $1 million and $25 million
respectively.146 The Utah Supreme Court then reinstated the entire punitive
damages award after applying the guideposts of BMW v. Gore.147 The U.S.
140
A nationwide study of punitive damages in products liability revealed that the median award
was $625,000 for cases decided between 1965 and 1990. See In Defense of Punitive Damages in
Products Liability, supra note 32, at 46.
141
A meta-analysis of all empirical studies of punitive damages reveals that the overall rate and
level of punitive damages awards is low in traditional torts. See Unraveling Punitive Damages, supra
note 34, at 17-33 (summarizing the results of nine scientific studies of punitive damages).
142
These are generally the same states, which were punitive damages hot spots in nationwide
studies of products liability and medical malpractice. See Unraveling Punitive Damages, supra note 34,
at 33-36 (reporting empirical studies of punitive damages in products liability and medical malpractice).
143
Marc Galanter, Real World Torts: An Antidote to Anecdote, 55 MD. L. REV. 1093, 1105 (1996)
(noting that only a small percentage of tort filings are in federal courts).
144
123 S. Ct. 1513 (2003).
145
Id. at 1520-26.
146
Id. at 1519.
147
517 U.S. 559 (1996) (formulating three guideposts to determine whether punitive damages
awards are violative of a defendant’s substantive due process rights: (1) degree of reprehensibility, (2)
ratio between punitive award and plaintiff's actual harm, and (3) legislative sanctions provided for
comparable misconduct).
2003]
Cybertorts and Legal Lag
105
Supreme Court granted the defendant’s writ of certiorari.148
The Court, in a 6-3 decision, reversed the judgment of the Utah
Supreme Court, finding the high-ratio punitive damages award violated
State Farm’s due process rights.149 The Court reasoned that the punitive
damages award was grossly disproportionate to the wrong.150 The punitive
damages were found to be “an irrational, arbitrary, and unconstitutional
deprivation of the property of the insurer.”151 Justice Kennedy, writing for
the majority, observed “few awards exceeding a single-digit ratio between
punitive and compensatory damages. . . will satisfy due process.”152 This
single-digit multiplier test comes close to a per se rule, making all high
ratio awards suspect: “single-digit multipliers are more likely to comport
with due process, while still achieving the State's goals of deterrence and
retribution, than awards with ratios in range of 500 to 1, or, in this case, of
145 to 1.”153
Although the wrongdoing in Campbell took place in the real-space
world, the nature of the injury parallels the typical harm suffered by
plaintiffs in cyberspace.154 In Campbell, the Court reaffirmed its view that
high ratio punitive damages awards might be more acceptable in physical
injury cases than where the harm is purely economic.155 In cybertort cases,
the harm generally takes the form of economic injuries.156 While no
punitive damages awards in cyberspace arose out of physical injury,
extremely reprehensible conduct led to punitive damages in the vast
majority of cyberspace cases.157
148
Id.
123 S. Ct. 1513, 1526.
150
Id.
151
Id. at 1524.
152
Id.
153
Id.
154
“The harm [in Campbell] arose from a transaction in the economic realm, not from some
physical assault or trauma; there were no physical injuries and State Farm paid the excess verdict before
the complaint was filed, so the Campbells suffered only minor economic injuries for the 18-month
period in which State Farm refused to resolve the claim against them.” Id. at 1517-19.
155
Id. at 1518 (citing BMW v. Gore).
156
The primary exceptions to the general pattern of financial injury cases are cases involving
online defamation and the invasion of privacy.
157
A few cyberspace cases did involve physical injury. See, e.g., Jewish Defense Org., Inc. v.
Superior Court of Los Angeles County, 85 Cal. Rptr. 2d 611, 614 (Cal. Ct. App. 1999) (describing web
site dispute that escalates into physical violence).
149
106
Southern California Interdisciplinary Law Journal
[Vol. 13:1
Table Six
Ratio of Punitive $ to Compensatory $
N=45
PDs More 3X CDs
11%
PDs less than CDs
PDs 1 to 3 Times CDs
53%
36%
Table Six shows that punitive damages in cybertort cases generally
comply with Justice Kennedy’s single-digit test for excessive ratios.158 The
punitive damages to compensatory damages ratio in cybertort cases ranged
from .01 to 16.88. In sharp contrast to real world torts, a majority of the
punitive damages awards (53%, N=24) were actually less than the
corresponding compensatory damages.
The median punitive damages award in cyberspace is only 82% of the
size of the accompanying compensatory damages, with the mean award a
mere 1.7 times the size of the compensatory component. Punitive damages
were one to three times the compensatory damages in 36% of the cases in
which punitive damages were awarded (N=16). In only five cases were the
punitive damages more than three times the compensatory damages. In a
decade of cybertort cases, only one punitive damages award was more than
ten times the compensatory damages.
158
See Unraveling Punitive Damages, supra note 34, at 50.
2003]
Cybertorts and Legal Lag
c.
107
Large Cyberlaw Punitive Damages Awards are Either
Default Judgments or Strictly Scrutinized by Reviewing
Courts
Table Seven: Post-Trial Outcomes of Cybertorts Greater Than
$5 Million in Punitive Damages
Case Name
Award Size
Post/Trial
Disposition
Basis for
Judicial
Control
Defendant was
not reachable by
legal process
[1] John Does v.
Franco
Productions,
2002 U.S. Dist.
LEXIS 24032
(N.D. Ill. Nov.
25, 2002)
(invasion of
privacy)
[2]Trovan Inc. v.
Pfizer Inc., 23
Fed. Appx. 1671
(9th Cir. 2001)
(unfair
competition,
palming off,
federal
trademark
infringement)
[3] Konanykhine
v. Izvestia
Newspaper,
2000 JAS
Publications,
Metro Verdicts
Monthly
(Arlington City,
(Va. Dec. 13,
1999)
(defamation) (on
file with authors)
Compensatory
Damages:
$46 million;
Punitive
Damages:
$460 million
Trial judge
entered
default
judgment
Compensatory
Damages:
$8 million;
Punitive
Damages:
$135 million
Vacated
Permanent
Injunction,
Ordered new
trial
Court vacated
permanent
injunction after
(1) ordering a
new trial as to
liability, and (2)
ruling punitive
damages not
available
Compensatory
Damages:
$3.5 million;
Punitive
Damages:
$30 million
Trial court
entered
default
judgment
Defendant made
no appearance at
trial. Court
entered default
judgment in
favor of plaintiff
108
Southern California Interdisciplinary Law Journal
[4] Neon
Systems, Inc. v.
New Era of
Networks of
Denver, 2001
Tex. App.
LEXIS 7538
(Tex. Ct. App.
Nov. 8, 2001)
(business tort)159
[5] Kremen v.
Cohen, 314 F.3d
1127 (9th Cir.
2003)
(conversion
action for theft
of domain name)
[6] Earthlink
Networks, Inc. v.
Smith, 13
Internet Law &
Litigation (Pike
and Fischer) 94
(N.D. Ga. 2002)
(RICO, trespass
to chattels) (on
file with authors)
[7] Simon
Property Group
v. MySimon
Inc., 282 F.3d
986 (7th Cir.
2002)
(dismissing
judgment)
(trademark
dilution, unfair
competition)
[Vol. 13:1
Compensatory
Damages:
$14 million;
Punitive
Damages:
$25 million
Trial court
entered
judgment;
Appellant
filed motion
dismissing
appeal.
Parties entered
into confidential
settlement.
Compensatory
Damages:
$40 million;
Punitive
Damages:
$25 million
Trial judge
entered
default
judgment
Defendant fled
country
Compensatory
Damages:
$12.4 million;
Punitive
Damages:
$24.85 million
Permanent
injunction
ordered; no
post-verdict
history
available
Compensatory
Damages:
$16.8 million;
Punitive
Damages:
$10 million
Trial court set
aside its $11.5
million award
of profits,
reduced
punitive
damages from
$10 million to
$50,000, and
ordered a
retrial
n/a
Remitted
compensatory
damages;
Applied Indiana
tort reform
limiting punitive
damages to
three-times the
compensatory
damages
159
See also Big Verdicts of 2001 Went as High as $140 million; $39 million in Dispute over
‘NEON’ Trademark, NATIONAL LAW JOURNAL, Jan. 21, 2002, at C5; NLJ Verdicts 100; Verdicts at a
Glance, NATIONAL LAW JOURNAL, Feb. 4, 2002, at C24.
2003]
Cybertorts and Legal Lag
109
As in products liability litigation, punitive damages in cybertort cases
have a high mortality rate.160 Table Seven describes the post-verdict fate of
the seven cybertort verdicts or default judgments in which the punitive
damages were greater than $5 million. Large or high-ratio punitive awards
are rarely, if ever, collectible because of rigorous judicial review, defaulting
defendants, and post-verdict settlements.
Unlike the bricks and mortar world, relatively few cybertort awards
were appealed. Cybertort defendants who contested high-ratio or large
punitive damage verdicts enjoyed great success in reducing or vacating the
award. In thirty-four of the forty-five punitive damages awards, there was
no post-verdict review or adjustment. Still, as Table Seven reveals, the
largest awards were often reduced or eliminated in the post-verdict stage.
Of the eleven punitive damages awards reviewed at the appellate level,
only one verdict was affirmed in whole. As in traditional tort litigation,
judicial scrutiny of large punitive damages awards is rigorous.
Plaintiffs in cybertort litigation face an additional obstacle not often
found in products liability cases — the disappearing defendant. In many
cybertort judgments, there was no post-verdict review because the
defendant filed for bankruptcy, fled the jurisdiction or was otherwise
beyond the reach of judicial process. A product manufacturer with physical
production facilities and distribution channels generally has tangible assets
that are reachable. Many cybertort defendants, in contrast, may easily
conceal their physical assets with the click of a mouse. In Kremen v.
Cohen,161 for example, the defendant who misappropriated the domain
name sex.com fled the country with the proceeds of a court-supervised
bank account to avoid paying the judgment.
Table Seven documents the short and unhappy post-verdict history of
large punitive awards handed down in Internet tort litigation. Punitive
damages of $5 million or greater were generally uncollectible or set aside
by reviewing courts. Clearly, the judiciary strictly scrutinized the few large
punitive damages verdicts in cyberspace even prior to State Farm Mutual
Automobile Insurance Co. v. Campbell.162 Empirical studies of judicial
control of punitive damages in traditional torts also conclude that punitive
damages are subject to strict post-verdict review on grounds other than
excessiveness.163 Tort reformers and some legal academics have praised
160
A study of post-verdict adjustments in products liability found that 4 in 10 punitive damages
were settled in the post-trial period. For cases settling prior to appeal, the plaintiff received the full
amount of punitive damages in only half of the cases studied. Appellate courts affirmed a quarter of the
punitive damages awards in products liability. Nearly one-third of verdicts were reversed or remitted.
See Unraveling Punitive Damages, supra note 34, at 42.
161
314 F.3d 1127 (9th Cir. 2003).
162
123 S. Ct. 1513 (2003).
163
A secondary analysis of a study cited by the defendant in Honda Motor Co. v. Oberg, 512 U.S.
415 (1995), reveals that post-trial adjustment of punitive damages in million dollar cases were rarely
based on excessiveness. Reversals or reductions in punitive damages were generally ordered because of
110
Southern California Interdisciplinary Law Journal
[Vol. 13:1
the strict scrutiny applied to tort damages. Stephen Sugarman, who favors
an administrative alternative to tort law, praises the judiciary for
increasingly “un-making” new torts by subjecting them to rigorous
oversight.164
In cyberspace cases, the punitive damage awards handed down by both
judges and juries were generally modest in amount and proportional to
compensatory damages. The only cyberspace punitive award in which a
court reversed and remanded a high-ratio award for an excessiveness
review was a non-tort case awarded under the Freedom of Access to Clinics
Entrance Act (“FACE”) case of Planned Parenthood of the
Columbia/Williamette, Inc. v. American Coalition of Life Activists.165 In
Planned Parenthood, the medical provider and its affiliated doctors were
portrayed on a web site in Old West-style "wanted" posters. These virtual
wanted posters provided the physicians’ names and addresses and charged
them with crimes against humanity. When a doctor who performed
abortions was murdered, the web site displayed the doctor’s name with a
line drawn through it.
Planned Parenthood filed an action against the anti-abortion activists
who developed the web site, contending that the wanted posters constituted
a true threat of imminent harm. The plaintiff won a $109 million verdict
against the pro-life organization and its officers, including punitive
damages. The trial court also granted a permanent injunction prohibiting
the defendants from publishing the posters or contributing materials to the
pro-life web site because such publication was made with intent to harm.166
The Planned Parenthood court awarded a multi-million dollar punitive
damages award in favor of the physicians.167 This 98 to 1 high ratio verdict
was remanded to the district court for a review for constitutional
excessiveness. A three-judge panel of the Ninth Circuit reversed the entire
judgment, but the decision was in turn reversed when an en banc panel
ruled that the online “wanted-type poster” could be actionable.
The Ninth Circuit panel reinstated the compensatory damages but
reversed the punitive damages award.
The court found that the
"Nuremberg Files" web site constituted a true threat or predicate offense
under FACE in the way that lines were drawn through the names of
murdered doctors. The issue of punitive damages was remanded to the
trial errors, judicial errors, rather than because the award was excessive. See Unraveling Punitive
Damages, supra note 34, at 61-65.
164
Stephen D. Sugarman, Judges as “Un-Makers”: Recent California Experience with “New
Torts”, 49 DEPAUL L. REV. 455 (1999).
165
290 F.3d 1058 (9th Cir. 2002) (en banc opinion reinstating compensatory damages and
remanding punitive damages award for a determination of whether it was excessive in light of federal
constitutional standards).
166
Planned Parenthood, Inc. v. Am. Coalition of Life Activists, Inc., 41 F. Supp. 2d 1130, 1155 (D.
Or. 1999) (finding that the “actions of the defendants in preparing, publishing and disseminating these
true threats objectively and subjectively were not protected speech under the First Amendment” and
issuing a permanent injunction).
167
Id.
2003]
Cybertorts and Legal Lag
111
federal district court on whether they were constitutionally excessive under
the BMW v. Gore guideposts.168
Many of the largest cybertort awards were uncollectible because the
defendant was beyond the reach of process or enforcement of judgments.
In Konanykhine v. Izvestia Newspaper,169 a jury handed down a punitive
damages verdict that was 8.6 times the compensatory damages. In
Konanykhine, a prominent Russian newspaper was assessed $30 million for
accusing a Russian businessman of organized crime involvement, an
assertion which ruined his attempts to obtain foreign financing for his
business ventures. This case involved no judicial review for excessiveness
since it was a default judgment with no chance of being collected.
Off-shore web sites may easily evade civil law enforcement by
disappearing. In John Does v. Franco Productions,170 young college
athletes were awarded $506 million against Internet distributors for
compensatory and punitive damages based upon invasion of privacy,
unlawful use of the plaintiffs' images for monetary gain, and mail and wire
fraud under civil RICO laws.171 In Franco Productions, the defendants
used hidden cameras to film college athletes in locker rooms, restrooms,
and wrestling meets.172 The secret videotapes were advertised as "hot
young dudes" and sold on the Internet. The tapes carried names like
"Straight Off the Mat" and "Voyeur Time" and depicted hundreds of young
athletes in various degrees of nudity. The federal district court had
previously held that the ISP was not liable for any tort action because of the
broad immunity granted to providers by Section 230 of the
Communications Decency Act (“CDA”).173 The federal court’s default
judgment against the primary defendants was uncollectible because they
fled to an offshore haven.174 The enforcement of cybertort judgments is
often problematic because the defendant may have only a virtual presence
and no traceable assets to seize.175
168
Planned Parenthood of the Colombia/Willamette, Inc. v. Am. Coalition of Life Activists, 290
F.3d 1058 (9th Cir. 2002) (summarizing procedural history of Nuremberg files case).
169
2000 JAS Publications, Metro Verdicts Monthly, No. 97-1139 (Arlington City, Va. Dec. 13,
1999) (awarding $30 million in punitive damages in default judgment for defamation to Russian
businessman) (on file with authors).
170
2000 U.S. Dist. LEXIS 8645 (N.D. Ill. June 21, 2000).
171
Id.
172
Id.
173
See John Doe v. GTE Corp., 2003 U.S. App. LEXIS 21345 (7th Cir. Oct. 21, 2003).
174
College Athletes Sue over Videos Made by Hidden Cameras, LEGAL INTELLIGENCER, July 28,
1999, at 4.
175
The Seventh Circuit, in John Doe v. GTE Corp., 2003 U.S. App. LEXIS 21345 (7th Cir. Oct.
21, 2003), affirmed the district court's dismissal of the liability claims of GTE, web host and ISP, for
hosting the illicit distribution of the tapes of college athletes. The Seventh Circuit agreed with the lower
court that Section 230 of the Communication Decency Act immunized the web host, even though it
enabled the pornographer to post illicit content invading the privacy of the college athletes.
112
Southern California Interdisciplinary Law Journal
[Vol. 13:1
11. Summary of Empirical Findings about Cybertorts
Table Eight summarizes the qualities of cybertorts and contrasts them
with real world torts. Cybertorts are predominately information-based
economic loss cases rather than the personal injury negligence litigation
that constitutes the bulk of traditional tort caseloads. In real world tort
cases, “general damages are awarded to compensate plaintiffs for physical
pain, mental suffering, disability, disfigurement, loss of enjoyment of life,
and other similar harms.”176 The most significant category of personal
injury damages is lost wages or imputed earnings.177 The largest category
of tort litigation is automobile accident cases,178 followed by premises
liability, medical malpractice, products liability, toxic torts, and slander.179
In contrast, the cyber world caseload is disproportionately composed of
business and publication torts, with few negligence-based actions and no
strict liability torts.
176
Roselle L. Wissler, Ailen J. Hart & Michael J. Saks, Decisionmaking About General Damages:
A Comparison of Jurors, Judges, and Lawyers, 98 MICH. L. REV. 751, 757 (1999).
177
Id.
178
U.S. Department of Justice, Civil Justice Survey of State Courts, BUREAU OF JUSTICE
STATISTICS (1992).
179
Id.
2003]
113
Cybertorts and Legal Lag
Table Eight: Cybertorts vs. Brick and Mortar Torts
PREDOMINANT
ATTRIBUTE
Type of Cases
Frequency of Tort
CYBERTORTS180
No strict liability and few
negligence cases;
predominantly intentional
tort cases
Insignificant segment of the
legal landscape
BRICK &
MORTAR
TORTS181
Automobile liability,
premises liability,
medical malpractice,
products liability,
fraud, and a lesser
role for intentional
torts182
Important sector of
legal landscape183
Cases
Predominant
Branch
Role of Punitive
Damages
Intentional torts with few
negligence and no strict
liability causes of action
Punitive damages awarded
in approximately forty
percent of the cybertort
cases. Punitive damages
were generally less than
compensatory damages or
Predominately
negligence-based and
fewer strict liability
and intentional
torts184
Awarded in less than
10% of cases;185
high-ratio punitive
awards are more
common but awards
are generally
180
All of the data underlying the findings about cybertorts are drawn from Michael L. Rustad &
Thomas H. Koenig’s Internet Tort Database: 1992-2003 (on file with authors).
181
The “brick and mortar” comparison is largely drawn from the empirical studies of torts
conducted by the National Center for State Courts. See STEVEN K. SMITH ET AL., TORT CASES IN
LARGE COUNTIES, BUREAU OF JUSTICE STATISTICS BULLETIN (NCJ-153177) (Apr. 1995), available at
http://www.lectlaw.com/files/lit15.htm (last visited Nov. 2, 2003).
182
Saks, supra note 111, at 1208 (citing National Center for State Court study concluding that the
U.S. “tort caseload is dominated by auto torts, accounting for 46.1% of filings”).
183
Deborah R. Hensler, Trends in Tort Litigation: Findings from the Institute for Civil Justice's
Research, 48 OHIO ST. L.J. 479, 481 (1987) (citing empirical research on the stability of automobile
personal injury claims and the growth of claims in product liability, medical, and other emergent areas).
184
Dan B. Dobbs, THE LAW OF TORTS 2, 3 (2000) (discussing three bases of traditional tort
liability and observing that tort liability is most commonly predicated upon negligence).
185
See Unraveling Punitive Damages, supra note 34, at 22 (citing GAO study finding punitive
damages in only 7.5% of products liability cases). See also Stephen Daniels & Joanne Martin, Myth
and Reality in Punitive Damages, 75 MINN. L. REV. 1, 28 (1990).
114
Southern California Interdisciplinary Law Journal
reasonably proportional
Typical Plaintiff
Typical Defendant
Remedy Sought
Role of Jury
Locale
Mix of large companies and
individuals
Mix of small companies and
individuals
Greater role of prospective
relief and other equitable
remedies
Less central in cybertort
litigation
Litigation hot spots are in
California, Texas, and other
advanced industrial states
[Vol. 13:1
proportional to actual
damages186
Predominately
individuals187
Individuals and large
companies188
Predominately
monetary damages189
Most personal injury
trials are decided by
juries190
Traditional torts
hotspots are in the
same jurisdictions as
186
See In Defense of Punitive Damages in Products Liability, supra note 32, at 50 (finding
punitive damages were ten times or greater than compensatory damages in 10% of products liability
cases).
187
See Smith, supra note 181 (noting that vast majority (94%) of state tort cases had an individual
as plaintiff); In Defense of Punitive Damages in Products Liability, supra note 32, at 50. Similarly,
every successful plaintiff in the field of medical malpractice who obtained a punitive damages award in
the period 1963-1993 was an individual. See generally Gender Injustice, supra note 32. See also
Michael L. Rustad, Nationalizing Tort Law: The Republican Attack on Women, Blue Collar Workers,
and Consumers, 48 RUTGERS L. REV. 673 (1996) (arguing that tort reform limiting remedies will
benefit corporate America at the expense of the rights of women, consumers and working class
Americans).
188
See Smith, supra note 181 (reporting that half of the tort cases the defendant was an
individual). See also Unraveling Punitive Damages, supra note 34, at 45 (reporting mix of individual
and corporate defendants in tort litigation study).
189
See Smith, supra note 181 (noting “that tort litigation primarily involves claims or damages
related to personal injury”). See, e.g., GUIDO CALABRESI, THE COST OF ACCIDENTS: A LEGAL AND
ECONOMIC ANALYSIS 26 (1970) (noting that it is "axiomatic that the principal function of accident law
is to reduce the sum of the costs of accidents and the costs of avoiding accidents").
190
Empirical studies confirm that most cases settle before resolution by the jury or bench trial. See
Smith, supra note 181. “The National Center for State Courts (‘Center’) has undertaken a project to
develop a profile of litigation in state courts over time. At present, the published data, authored by
Ostrom et al., are limited to a single year, 1992, but the findings provide a good snapshot of jury trials.
Based on a sampling of 75 of the nation's largest counties, Ostrom estimated that the courts of general
jurisdiction disposed of 762,000 tort, contract, and real property cases in that year. Juries decided only
2% of these cases. The largest group of cases decided by juries involved torts, 79%, with contract cases
constituting 18%, and the remainder being real property cases.” Neil Vidmar, The Performance of the
American Civil Jury: An Empirical Perspective, 40 ARIZ. L. REV. 849, 851 (1998). Although there is
almost no empirical data on the percentage of cases decided by juries versus judges, our studies of
punitive damages confirm the continuing centrality of the jury. A jury rather than a judge assessed
virtually every punitive damage award in a products liability case. See generally In Defense of Punitive
Damages in Products Liability, supra note 32.
2003]
115
Cybertorts and Legal Lag
Type of Damages
Judicial Control of
Punitive Damages
Tort Filings: State
versus Federal
Court
Dispositions.
II.
Predominately economic
loss cases
Fewer defendants appeal
their punitive damages
verdicts; For the few awards
appealed, great judicial
scrutiny of large awards
Cybertort cases are
frequently filed in federal
court
in cybertort
litigation191
Predominately
personal injury192
Punitive damages are
frequently reversed
or remitted by
appellate judges193
Traditional torts are
primarily governed
by state law because
tort litigation is
largely decided in
state courts194
TOWARDS A CYBERTORT TYPOLOGY
The birth rate for Internet cases is great, but the attrition rate at an early
stage appears vast.195 Just as in traditional torts, most cyber lawsuits are
abandoned, dismissed, settled short of the verdict stage, or simply
disappear.196 This section will explore the reasons why cybertorts, much
like the fate of hatchling sea turtles, fail to reach the maturation stage. Part
II develops a typology based upon the first decade of U.S. cybertort cases.
The cybertort caseload may be sub-divided into three ideal type197
categories: (1) intentional torts, where the Internet is merely an
191
Unraveling Punitive Damages, supra note 34, at 34-36 (concluding that Texas, California,
Florida, Illinois, and other hot spots predominated in traditional tort litigation).
192
All plaintiffs in products liability actions seeking punitive damages sought compensatory
damages for personal injury rather than economic loss. See In Defense of Punitive Damages in
Products Liability, supra note 32. Business torts plaintiffs, in contrast, are only seeking economic loss.
Personal injury cases in cyberspace are unlikely to ever be a significant segment of the caseload.
193
All empirical studies of post-verdict outcomes in tort litigation confirm that trial and appellate
judges tightly control punitive damages. See Unraveling Punitive Damages, supra note 34, at 40-44.
194
See generally DAN B. DOBBS, THE LAW OF TORTS 1-2 (2000).
195
Traditional torts also face many barriers, which screen out most tort filings prior to verdict. See
Richard E. Miller & Austin Sarat, Grievances, Claims and Disputes: Assessing the Adversary Culture,
17 LAW & SOC’Y REV. 525, 544 (1980-81) (documenting high rate of attrition of tort claims).
196
See generally Real World Torts, supra note 92 (portraying the tort dispute pyramid).
197
The term “ideal type” was invented by German Sociologist Max Weber to explain his
methodology for historical research. The ideal type involves “the abstract synthesis of those traits
which are common to numerous concrete phenomena” in order to create discrete conceptual categories
that can be more easily analyzed. MAX WEBER, THE METHODOLOGY OF THE SOCIAL SCIENCES 92
(Edward A. Shils & Henry A. Finch eds., Free Press) (1949). Through this epistemological device,
complex, real world phenomena can be compared and contrasted by treating the conceptual groupings
as if they are discrete categories that do not overlap. Id. at 90-94.
116
Southern California Interdisciplinary Law Journal
[Vol. 13:1
instrumentality for civil wrongs, (2) traditional causes of action modified or
reshaped significantly by the Internet, and (3) the missing category of new
cybertort duties and causes of action.
Plaintiffs have prevailed in many Internet tort cases classifiable into the
first category. Category two includes cases that have stretched traditional
doctrine by applying personal property torts such as the trespass to chattels,
misappropriation of trade secrets, and conversion to intangibles. New
cybertorts and duties, category three cases, have yet to develop due to a
combination of statutory immunities, tort reforms, and judicial concern
about opening the floodgates of cybertorts litigation.
A.
OLD WINE IN NEW BOTTLES: NEW APPLICATIONS FOR INTENTIONAL
TORTS
Many courts are simply mechanically extending traditional tort
doctrines to the Internet. In Mathis v. Cannon,198 the Georgia Supreme
Court held that the state’s retraction statute developed in the bricks and
mortar world also applied to the Internet. In the controversy over the
prospective location of a recycling facility and landfill in Crisp County
Georgia, an anonymous poster had accused the plaintiff of being a thief and
a crook.199 The Mathis court found that Georgia’s retraction statute applied
to a "publication" involving the Internet and a non-media defendant.200
Since the plaintiff had not requested a correction or retraction in writing
before filing his complaint, he was not entitled to recover punitive
damages.201 Moreover, the plaintiff was not entitled to summary judgment
because he was a limited-purpose public figure, having participated in an
Internet bulletin board debate regarding a solid waste recovery facility.202
Similarly, in Leary v. Punzi,203 a New York court ruled that a plaintiff
had no action for right of publicity because she was unable to show that the
defendant had used her name for a commercial purpose. Here, the court
found no right of publicity where the plaintiff's name was inadvertently
posted on a web site developed by a third party. The court noted that the
potential rewards to the defendant would be too remote and speculative to
satisfy a claim for commercial appropriation under New York law.
198
276 Ga. 16 (2002).
Id. at 24. The plaintiff in Mathis was able to determine the identity of the individual
responsible for the poster and sued him for the allegedly libelous postings. However, the plaintiff did
not seek a retraction, a precondition for punitive damages under Georgia tort law. The court reasoned
that the plaintiff was a limited public figure because he injected himself into the controversy. Further,
the plaintiff in Mathis failed to meet the heavy evidentiary burden of demonstrating by clear and
convincing evidence that the Internet user published false and defamatory statements knowing that they
were false or acting in reckless disregard of their truth or falsity. Id.
200
Id. at 28 (holding that statute requiring retraction applied equally well to the Internet); Cf.
Cards v. Fushetto, 193 Wis. 2d 429 (Wis. 1995) (ruling that a network bulletin board was not a
periodical subject to Wisconsin’s retraction statute).
201
Id.
202
Id. at 25.
203
179 Misc. 2d 1025, 687 N.Y.S.2d 551 (Sup. Ct. 1999).
199
2003]
Cybertorts and Legal Lag
117
The majority of plaintiff’s victories in cyberspace cases require only a
straightforward extension of bricks and mortar tort principles to
information technologies. An ISP, for example, was sued for failing to pay
a commission and finder’s fees to an ex-employee.204 This garden-variety
contract dispute is an Internet case only because the defendant company
was an ISP. Similarly, a fraudulent get-rich-quick investment scheme
promoted through a spam e-mail campaign merely uses a new medium to
carry out a scam previously executed by mail, telephone, or even older
technologies.205
A large percentage of these traditional torts in a new information
technology arise out of incendiary exchanges by e-mail, web site postings,
or listserv threads. “Flaming” sessions on the Internet are the functional
equivalent of public verbal lashings.206 Quarrels can easily escalate into a
sustained campaign of e-mail harassment, online stalking, or personal
attacks on web sites. In Bagwell v. Phillips,207 for example, the defendant
published an Internet web page with photographs of his neighbor’s children
accompanied by defamatory statements. This conflict was an outgrowth of
a dispute over property damage allegedly caused by water runoff.208
An Internet flaming session can degenerate into physical violence just
as in the bricks and mortar world. In Jewish Defense Organization Inc. v.
Superior Court of Los Angeles County,209 the defendant defamed a rival
activist on his web site by charging that the man was a “government
snitch,” a dangerous psychopath who had tried to kill his mother, and a
kidnapper. The defendant had hired ISPs to develop seven web sites
devoted to defaming the plaintiff and registered the man’s personal name as
a domain name. In retaliation, the plaintiff later slammed a steaming bowl
of soup on the defendant’s head. The case escalated further when one of
the parties opened fire, wounding an innocent bystander.
In KNB Enterprises v. Matthews,210 the California Court of Appeals
held that the state law right of publicity claims were not preempted by the
204
Adams v. Delphi Internet Servs. Corp., 1998 Mass. Super. LEXIS 579, *2-3 (Mass. Super. Ct.,
Nov 16, 1998).
205
Andrews v. Tutornet Euburn Forde, No. 956-A (E.D. Va. Aug. 22, 2002), at
http://www.verdictsearch.com/news/verdicts/special/top100/nlj100-2.jsp
(awarding
$177,000,000
against company for promoting fraudulent scheme). See also Shannon Henry & Kenneth Bredemeier,
Virginia Dot-Com’s Promises Mask Legal Turmoil, WASHINGTON POST, August 11, 2000, at A01.
206
“On the Internet, flaming is giving someone a verbal lashing in public. Often this is on a
Usenet newsgroup, but it could be on a Web forum or perhaps even as e-mail with copies to a
distribution list. Unless in response to some rather obvious flamebait, flaming is poor netiquette.”
Searchwebservices.com,
Definitions:
flaming,
at
http://searchwebservices.techtarget.com/sDefinition/0,,sid26_gci212129,00.html (last visited Nov. 2,
2003).
207
2000 FLORIDA JURY VERDICT REPORTER, No. 97-13631 (Broward Fla. Nov. 23, 1998) (on file
with authors).
208
Id. See also Griffis v. Luban, 646 N.W.2d 527, 536-37 (Minn. 2002) (refusing to enforce
Alabama verdict won by teacher alleging defamation and invasion of privacy for statements made by
Minnesota resident on the Internet).
209
85 Cal. Rptr. 2d 611, 614 (Cal. Ct. App. 1999).
210
92 Cal. Rptr. 2d 713, 723 (Cal. Ct. App. 2000).
118
Southern California Interdisciplinary Law Journal
[Vol. 13:1
U.S. Copyright Act. The copyright owner of erotic photographs, which had
been displayed without authorization and for profit on an Internet web site,
brought suit against the web site's operator, asserting a misappropriation
claim under a California statute. Courts in these cases are simply
accommodating old causes of action to the new legal environment of the
Internet.
Courts have had little difficulty in adapting traditional
jurisdictional rules — initially developed for the bricks-world — to the
bytes-world.211
B. RECONSTRUCTING TRADITIONAL TORTS FOR CYBERSPACE
For other cases, judges are not entering a new hermetically sealed arena
when deciding torts in cyberspace, but are tailoring traditional tort
principles for an online setting.212 In Butler v. Continental Express, Inc.,213
Rainer Krebs, a pilot for Continental Express, took a photograph of a
female pilot and used a software application to superimpose the plaintiff’s
face onto nude pictures of women in sexually suggestive poses. He posted
these pornographic images on the Internet and the airline’s intranet. The
target of this virtual sexual harassment was awarded damages for
defamation per se, intentional infliction of emotional distress, invasion of
privacy, and punitive damages for acting with malice.214 On one level, this
211
Many U.S. courts have found that a plaintiff in an Internet-related case satisfies due process by
a showing that: (1) the defendant purposefully took advantage of the privilege of conducting activities
in the forum state by invoking the benefits and protections of the forum state's laws, (2) the plaintiff's
claim arises out of the defendant's forum-related activities, and (3) the exercise of jurisdiction over the
out-of-state defendant is reasonable. MICHAEL L. RUSTAD & CYRUS DAFTARY, supra note 10, at § 7.03.
A LEXIS search within the federal and state cases database revealed that courts have applied a
purposeful availment test in at least 246 Internet-related cases. The California Supreme Court held that
merely posting a program for decrypting DVDs on the Internet did not subject a Texas resident to
personal jurisdiction. Pavlovich v. Superior Court, 59 Cal. 4th 262, 277 (2002). The court in Pavlovich
found that the fact that a Texas resident knew that his conduct was injuring the motion picture industry
in California was an insufficient basis for personal jurisdiction. Id. The Ninth Circuit has adapted
traditional jurisdictional tests for determining whether an out-of-state web site operator's activities
amount to purposeful availment of the forum state to render the exercise of personal jurisdiction over
the out-of-state web site operator constitutionally permissible: (1) the sliding scale approach, and (2) the
effects test, endorsed by the U.S. Supreme Court in Calder v. Jones, 465 U.S. 783 (1984). See
Northwest Healthcare Alliance, Inc. v. Healthgrades.com, Inc., 50 Fed. Appx. 339 (9th Cir. 2002). In
Millennium Enterprises, Inc. v. Millennium Music, Inc., a court granted a web site's motion to dismiss,
finding that the court lacked general and specific jurisdiction over the defendant. 33 F. Supp. 2d 907
(D. Or. 1999). The South Carolina defendant sold music in its retail and Internet web sites using the
Millennium Music® trademark. The Millennium court ruled that there was no purposeful availment
based upon sporadic sales in the forum. The defendants had sold only fifteen compact discs to nine
customers in six states and one foreign country. The only sale within the forum state was made to a
friend of the plaintiff's counsel upon his instruction. The court found no purposeful availment upon this
"manufactured" contact, dismissing the action. Id.
212
Lawrence Lessig warns against divorcing traditional principles from cyberspace by viewing it
as a totally new arena. LAWRENCE LESSIG, CODE & OTHER LAWS OF CYBERSPACE (1999) (arguing that
traditional legal principles are sufficiently malleable to regulate the Internet).
213
2002 NLP IP Company — American Lawyer Media, J: 98: 05227, No. 96-1204096
(Montgomery, Texas June 8, 1998) (on file with authors).
214
Cf. Blakey v. Cont’l Airlines, Inc., 730 A.2d 854 (N.J. 1999) (dismissing female pilots’
defamation, invasion of privacy, sexual harassment and other claims based upon postings by male pilots
2003]
Cybertorts and Legal Lag
119
case is simply applying well-established intentional tort theories to
cyberspace. On another level, it involves an entirely new category of
mortifying injury that does damage of a greater magnitude than would
otherwise be possible in the traditional workplace.
In Classified Venturers v. Softcell Marketing,215 Classified Ventures
successfully enjoined the defendant from using the cars.com name and
mark in connection with Softcell’s pornographic spam e-mail messages.216
Classified Ventures’ cars.com web site included advertising of new and
used automobiles for sale, as well as editorial reviews, interest rates, price
reports, and other information relating to automobiles. Softcell sent
massive numbers of commercial e-mails advertising Internet pornography
services using messages such as "Hi," "Do it for free," "don'y fay [sic] for
Video," "not kidding! . . . Really Free," "free this time," and "Got your
Each e-mail bore the same deceptive return address:
note."217
stione@cars.com. The pornographic web site’s predatory conduct relied
upon consumer confusion about the origin of the messages.
In EBay, Inc. v. Bidder's Edge, Inc.,218 the leading Internet-based
auction trading site obtained a preliminary injunction preventing an Internet
auction aggregate-site from accessing eBay’s web site with spiders, or
automated querying software programs.219 The court was asked to apply
the eighteenth-century tort of trespass to chattels220 to "the electronic
signals generated by the [defendants'] activities.”221 The defendant
responded that the spider’s data mining activities were not sufficiently
tangible to support a trespass cause of action.222 The eBay court disagreed,
finding the defendant “trespassed” on eBay’s web site because it breached
the terms of service agreement.223
on airline’s intranet bulletin board on personal jurisdictional grounds), rev’d and remanded, 751 A.2d
538 (N.J. 2000) (holding that postings might have been so closely related to workplace environment
that continuation of harassment on forum should be regarded as part of the workplace).
215
109 F. Supp. 2d 898 (N.D. Ill. 2000).
216
Id. at 901.
217
Id. at 899.
218
100 F. Supp. 2d 1058 (N.D. Cal. 2000).
219
Id. at 1073.
220
“Eighteenth-century tort law validated property owners' rights to the full enjoyment and use of
their chattels and land. Personal property consisted of all moveable chattels. Actions for dispossessed
chattels were divided into actions for taking personal property away and ‘for detaining them, though the
original taking might be lawful.’ The rights of personal property owners were vindicated in an action
for the deprivation of, or damage to, chattels. Originally, trespass covered the wrongful taking of a
chattel, in contrast to detinue, which covered the wrongful detention of personal property. Trover was a
common law action for the recovery of personal property. Trover was a far more flexible writ than
detinue because it permitted an action against a defendant who unlawfully exercised dominion or
control over the personal property of another by any means. If, for example, a neighbor borrowed a
horse and did not return it, the owner could bring a writ for any damage done to the horse and to
compensate for the loss of the horse's services.” Taming the Tort Monster, supra note 67, at 22-23.
221
EBay, 100 F. Supp. 2d at 1069. See also Hotmail Corp. v. Van Money Pie, Inc., 1998 WL
388389 (N.D. Ca. April 16, 1998) (granting preliminary injunction on grounds of trespass to chattels
and unfair competition as well as other claims).
222
EBay, 100 F. Supp. 2d at 1069.
223
Id. at 1070.
120
Southern California Interdisciplinary Law Journal
[Vol. 13:1
If eBay had not been successful in restraining this comparison
shopping service from data mining its auctions, the company might have
been driven out of business. Since information about auctions on all major
web sites would be available through a single site, Bidder’s Edge, sellers
would choose the lowest cost auction forum, eliminating eBay’s
competitive advantage of having gathered the largest community of
potential purchasers. In a similar vein, the First Circuit affirmed an order
for injunctive relief against the creator of a web site scraper tool used to
extract information from a student travel Internet site in EF Cultural Travel
v. Zefer Corp.224 Court decisions applying personal property torts to
cyberspace demonstrate the validity of Richard Nixon’s observation that
judges sometimes stretch the law to accommodate social change.
Extending eighteenth-century torts to cyberwrongs demands a
rethinking of personal property torts in the context of the Internet. The
ancient tort of trespass to chattels was stretched to enjoin a former Intel
employee from sending spam e-mails to all current employees of the
company in Intel Corp. v. Hamidi.225 In Hamidi, a disgruntled exemployee flooded Intel’s company-wide computer system by transmitting
six separate e-mails to 29,000 current employees. When Intel was unable
to block or otherwise filter out the unwanted messages, it sent a letter
demanding that the defendant cease sending the e-mails criticizing the
company. The trial court enjoined the commercial e-mail campaign on a
theory of trespass to chattels, rejecting the defendant’s argument that he had
a First Amendment right to transmit mass e-mailings.226
A dissenting judge found that Intel suffered no damages from the
unsolicited e-mail on the grounds that there was no injury to the owner’s
possessory interest in the computer system. The judge reasoned, “the
majority would apply the tort of trespass to chattels to the transmittal of
unsolicited electronic mail that causes no harm to the private computer
system that received it by modifying the tort to dispense with any need for
injury, or by deeming the mere reading of an unsolicited e-mail to
constitute the requisite injury.”227 The dissenting judge found that no
trespass to chattels may be claimed because the only injury was “the time
employees spent in reading an e-mail.”228
The California Court of Appeals upheld the lower court’s injunction,
agreeing that the ex-employees’ unwanted e-mails constituted a sufficient
intermeddling to constitute trespass to chattels.229 In Hamidi v. Intel, 230 the
224
2003 U.S. App. LEXIS 1336 (1st Cir. Jan. 28, 2003) (affirming preliminary injunction
enjoining software program used as scraper tool on web site).
225
94 Cal. App. 4th 325 (2001).
226
Id. at 328.
227
Id.
228
Id.
229
“A trespass to chattels may be committed by intentionally: (a) dispossessing another of the
chattel, or (b) using or intermeddling with a chattel in the possession of another.” RESTATEMENT
(SECOND) OF TORTS § 217 (1965). No dispossession of Intel’s computer system could be argued
because the company always retained control of its system. The issue confronting the courts was
2003]
Cybertorts and Legal Lag
121
California Supreme Court reversed the intermediate court, ruling that Intel
had not met its evidentiary burden of proving that Hamidi’s e-mails had
caused actual damages, an essential element of the tort of trespass to
chattels. The court found that Hamidi’s e-mails to current employees had
not caused any physical damage, disrupted Intel’s computers, nor prevented
the company from accessing its computers’ e-mail messages.231
The Hamidi case also raises the issue of whether a company’s
enjoining of physically non-disruptive e-mail messages violates the free
speech guarantees of the California and U.S. Constitutions.232 The lower
court's refusal to extend state action to a corporation's e-mail system is an
example of mechanistic jurisprudence as it fails to recognize a cyberspace
commons.233 Members of the judiciary need to rethink how tort law should
be applied to the “virtual world.”
The tort of conversion is defined as the unlawful exercise of dominion
or control over the personal property of another. The tort was originally
conceptualized to defend against the permanent dispossession or
destruction of personal property. Courts have now stretched the eighteenthcentury tort of conversion to redress the unauthorized theft of a domain
name. In Kremen v. Cohen,234 the Ninth Circuit recently ruled that a
tangible document representing the intangible interest of a domain name
may be converted.235 Kremen, the original owner of sex.com, filed suit
against Cohen for forging a letter to Network Solutions Inc., allowing him
to obtain ownership of the sex.com domain name.236 Cohen used the
purloined domain name to launch an Internet pornographic empire.237 In
2001, the U.S. District Court for the Northern District of California ordered
the domain name returned to Kremen and handed down a $65 million
judgment against Cohen.238
After Cohen fled the country, Kremen filed suit against VeriSign,
charging it with conversion for the unauthorized transfer of the domain
whether Intel suffered damages since there was no real impairment or loss of value to its computer
system.
230
71 P.3d 296 Cal. 2003).
231
Id. at 311.
232
Id. (stating that refusal to transmit electronic messages did not violate the First Amendment
because there was no state action).
233
The lower court’s decision extending real-space trespass law to computer systems has been
criticized for blindly assuming that trespass to land is a functional equivalent to a computer intrusion.
Jonathan Blavins, The Evolution of Internet: Metaphors in Law & Community, 16 HARV. J.L. &
TECH. 265, 283 (2002) (arguing that “new space” is different from “real-space” and that courts need to
consider the difference).
234
337 F.3d 1024 (9th Cir. 2003) (holding that domain name registrar may be liable for conversion
in fraudulent transfer of domain name to third party).
235
Id.
236
Kremen v. Cohen, 2000 U.S. Dist. LEXIS 21490, *4-8 (N.D. Cal. Nov. 27, 2000).
237
Id.
238
Kremen, 337 F.3d 1024, 1027 (9th Cir. 2003) (noting that court restored registration of sex.com
to plaintiff).
122
Southern California Interdisciplinary Law Journal
[Vol. 13:1
name.239 The District Court granted summary judgment in favor of
VeriSign, concluding that a domain name was not protected intangible
property that could be converted.240 In Kremen’s appeal to the Ninth
Circuit, the court considered the question of whether the domain name
registrar was liable for conversion under California law.241 The Ninth
Circuit certified this question to the California Supreme Court, which
denied the certification, returning the case to the Ninth Circuit without an
opinion.242 In July of 2003, the Ninth Circuit ruled that the district court
erred in concluding that domain names, although a form of property, were
intangibles not subject to conversion. The Ninth Circuit became the first to
rule that an intangible such as a domain name was protected by the tort of
conversion.243 Whether judges are willing to extend traditional tort causes
of action to the Internet in cases such as Kremen will shape the future path
of the law.
C.
THE MYSTERY OF THE MISSING TORTS
“Is there any point to which you would wish to draw my attention?
To the curious incident of the dog in the night-time.
The dog did nothing in the night-time.
That was the curious incident.”244
Sherlock Holmes’ famous observation regarding the significance of the
dog that did not bark245 is also a key to understanding the mystery of the
missing Internet tort. Most torts that are common in the bricks and mortar
world have yet to develop in cyberspace. Traditional tort law has three
branches: (1) intentional torts, (2) negligence, and (3) strict liability. In a
decade of cybertort cases, no plaintiff has successfully pleaded a case based
upon strict liability. To date, there have been few successful negligencebased actions arising in cyberspace. In the real-space world, in contrast,
the vast majority of torts are based on negligence. Similarly, the remedies
for privacy-based torts have not been extended to punish and deter
violations of Internet security, data mining, or the invasion of privacy.
1. Anonymity, Pseudonymity & Cybertorts
Verizon Internet Services has recently mounted a constitutional
challenge against enforcement of a recording industry subpoena under §
512(h) of the Digital Millennium Copyright Act (“DMCA”). The subpoena
239
Kremen, 314 F.3d 1127 (noting that VeriSign is the successor corporation to Network Solutions
which was duped into making the unauthorized domain name transfer name to Cohen).
240
Id.
241
Kremen, 314 F. 3d at 3.
242
Kremen, 2003 Cal. LEXIS 1342 (Cal. Feb. 25, 2003).
243
Kremen, 337 F.3d 1024, 1029-30 (9th Cir. 2003) (ruling that California’s law of conversion
does not adopt the doctrine of merger favored by RESTATEMENT (SECOND) OF TORTS).
244
ARTHUR CONAN DOYLE, SILVER BLAZE (1892) cited in William Safire, Holmes’ Horse Dog,
N.Y. TIMES, Feb. 7, 2002, at 29A.
245
See id.
2003]
Cybertorts and Legal Lag
123
seeks the identity of Verizon customers who have downloaded massive
amounts of music from the Internet.246 If ISPs are required to divulge
personally identifiable information about subscribers, the privacy of
Internet users will be severely compromised.247 ISPs presently enjoy
blanket immunity against privacy torts and are resisting attempts to reveal
personal information about their customers.248
Individual plaintiffs are also attempting to require ISPs to unveil the
identity of authors of Internet postings or other tortfeasors. Many of the
primary defendants in cybertorts are spiteful individuals who use
anonymous or pseudonymous identities to perpetrate their wrongdoing.249
A heated conversation in a chat room, newsgroup, or web site may become
the basis of a defamation lawsuit.250 Anonymous individuals may use the
Internet to post information and tarnish the reputation of a company or an
individual by posting false information on an electronic bulletin board.251
Courts are developing new procedural thresholds for John Doe
subpoenas.252 In a case of first impression, a corporation brought suit
against AOL to force the ISP to divulge the identities of John Doe
defendants who allegedly defamed the company and published confidential
information in Internet chat rooms.253 In Immunomedics, Inc. v. Doe,254 the
court held that a biopharmaceutical company may subpoena the records of
an ISP in order to learn the identity of an anonymous Internet poster who
revealed confidential information about the company on an ISP managed
bulletin board. In contrast to the litigants in the bricks and mortar world,
cybertort defendants are frequently untraceable.
246
Verizon Stresses Constitutional Violations in 2nd Subpoena Case, 4 WASH. INTERNET
DAILY 1, March 19, 2003.
247
“Anyone with a claim of copyright infringement can demand identifying information —
names, home phone numbers, addresses and the like — about a potentially unlimited number of
Americans.” Jonathan Sidener, Piracy vs. Privacy; Is the Entertainment Industry Going too Far to
Fight File-Sharers? SAN DIEGO UNION TRIB., March 24, 2003, at E1.
248
See, e.g., Doe v. GTE Corp., 2003 U.S. App. LEXIS 21345 (7th Cir. Oct. 21, 2003) (dismissing
privacy-based tort against web host on grounds of Section 230 immunity); Carafano v.
Metrosplash.com, Inc., 339 F. 3d 1119 (9th Cir. 2003) (dismissing ISP on grounds of Section 230
immunity in privacy action arising out of identity theft).
249
This conclusion is based upon our database where individual plaintiffs filed lawsuits against
other individuals. See, e.g., Bagwell v. Phillips, 2000 FLORIDA JURY VERDICT REPORTER, No. 9713631 (Broward Fla. Nov. 23, 1998) (on file with authors).
250
Denis Keller, Blaming the Messenger, IRISH TIMES, May 3, 1999, at 18.
251
See Bochan v. LaFontaine, 68 F. Supp. 2d 692 (E.D. Va. 1999) (holding that a nonresident who
posted allegedly defamatory statements about a Virginia resident on a Usenet server had sufficient
contact with the forum to satisfy state’s long arm statute and federal due process).
252
Dendrite Int’l, Inc. v. Doe, 775 A.2d 756 (N.J. Super. Ct. App. Div. 2001).
253
America Online, Inc. v. Anonymous Publicly Traded Co., 542 S.E.2d 377 (Va. 2001).
254
775 A.2d 773 (N.J. 2001).
124
Southern California Interdisciplinary Law Journal
[Vol. 13:1
2. Internet Service Providers Enjoy Tort Immunity
Corporations that post content developed by third parties, as well as
ISPs, are generally shielded from cybertort liabilities.255 Section 230 of the
Communications Decency Act (“CDA”) was originally enacted to protect
the infant industry of ISPs, such as AOL, CompuServe, and Prodigy, that
faced an uncertain future because of unpredictable rulings on
defamation.256 Section 230 was designed to “promote the continued
development of the Internet and other interactive computer services and
other interactive media” and “to preserve the vibrant and competitive free
market” for such services.257
3. Classifying ISPs as Distributors
Congress chose to classify providers of interactive computers services
as distributors rather than publishers.258 Publishers are traditionally held
liable for defamatory statements contained in published works, even
without a showing that they had prior knowledge of the objectionable
content. In contrast, distributors are not liable for defamatory statements
absent a showing of actual knowledge of the defamatory statements.259
Prior to the passage of the CDA, courts decided whether ISPs were liable
as publishers or distributors based upon whether they exercised editorial
control over the content of postings.260 Section 230 of the CDA immunizes
ISPs for torts committed by subscribers and third parties.261 Congress was
lobbied heavily by large ISPs, such as AOL, CompuServe, and Prodigy,
255
See, e.g., PatentWizard, Inc. v. Kinko’s Inc., 163 F. Supp. 2d 1069 (S.D. 2001) (holding
Kinko’s immune from liability for disparaging comments made about company in chat room).
256
47 U.S.C. §§ 230(a) - 230(b) (2001).
257
47 U.S.C. §§ 230(b)(1) - 230(b)(2) (2001).
258
The CDA applies not only to large-scale providers of interactive computer services such as
America Online but also to web sites where content is posted by third parties. Section 230 broadly
extends liability: “No provider or user of an interactive computer service shall be treated as the
publisher or speaker of any information provided by another information content provider.” 47 U.S.C.
§ 230(c)(1) (2001). Information content providers is also defined broadly to include “any person or
entity that is responsible, in whole or in part, for the creation or development of information provided
through the Internet or any other interactive computer service.” 47 U.S.C. § 230(f)(3) (2001).
259
W. PAGE KEETON, PROSSER AND KEETON ON THE LAW OF TORTS 810-11 (5th ed. 1984).
260
Cubby, Inc. v. CompuServe, Inc., 776 F. Supp. 135 (S.D. N.Y. 1991) (holding that an ISP was
not liable for defamatory statements because it was merely a distributor of third party content, not a
publisher); Stratton Oakmont, Inc. v. Prodigy Servs. Co., 1995 N.Y. Misc. LEXIS 229 (N.Y. Sup. Ct.
May, 24 1995) (finding ISP to be a publisher rather than a distributor because it exercised some editorial
control over content posted by third parties).
261
Although Section 230 creates a federal immunity to tort actions that would make service
providers liable for information originating from third parties, this section of the CDA does not impose
liability if the ISP exercises editorial functions or corrects errors before publishing information provided
by third parties. See Ben Ezra, Weinstein, & Co. v. America Online, Inc., 206 F.3d 980 (10th Cir. 2000)
(holding that AOL was immunized for claims based on defamation and negligence since it was a
content provider). Defendant-ISPs have largely been successful in arguing that they are entitled to
Section 230 immunities despite having a close connection to a content provider. In 2002, a California
court ruled that an ISP was not entitled to Section 230 because the web site was more than a mere
conduit of information. Carafano v. Metrosplash, Inc., 207 F. Supp.2d 1055 (C.D. Calif. 2002) (holding
that the ISP was an “information content provider”).
2003]
Cybertorts and Legal Lag
125
which argued that such immunity was required to avoid being swallowed in
a sea of litigation.262
4. Judicial Expansion of ISP Immunity:
a.
Extension to Most Intentional Torts
Tort law in the nineteenth-century was as pro-defendant as today’s
cybertort regime. Courts constructed a complex web of tort defenses,
immunities, privileges, and no-duty rules that blocked the expansion of
liability.263 The doctrine of privity of contract prevented the development of
products liability actions against manufacturers.264 Justice Lemuel Shaw of
the Supreme Judicial Court of Massachusetts formulated the harsh “fellow
servant” rule that prevented recovery if a co-worker in any way contributed
to the injury265 and the “assumption of risk” doctrine that held that
employees injured in the workplace could not recover for ordinary risks of
the job.266
The absence of many cybertort categories may be explained by
legislatively created immunities protecting emerging information
industries. Torts in cyberspace operate on the assumption that ISPs should
be immunized from liability. Like nineteenth century robber barons,
today’s media moguls have an effective escape clause from most tort
liability.267 Prior to the CDA’s enactment, it was uncertain as to whether
ISPs could be liable for defamation committed by third parties on their web
sites.268 Congress enacted Section 230 to “create a federal immunity to any
262
See 47 U.S.C. § 230(c)(1) (2001) (stating that “[n]o provider…of an interactive computer
service shall be treated as the publisher or speaker of any information provided by another information
content provider”).
263
Taming the Tort Monster, supra note 67, at 37.
264
The privity of contract defense was formulated in Winterbottom v. Wright, 152 Eng. Rep. 402
(1842) (developing the rule that no manufacturer or seller of a product was liable to any other party in
the chain of distribution other than the retailer).
265
Farwell v. Boston & Worcester R.R. Corp., 45 Mass (4 Met.) 49 (1842) (finding that the
railroad was not liable for injuries sustained by a railway engineer caused by a switch tender employed
by the same company).
266
LAWRENCE M. FRIEDMAN, A HISTORY OF AMERICAN LAW 301-02 (1973) (discussing
development of contributory negligence, assumption of risk, and the fellow servant rule as regressive
doctrines benefiting industry).
267
See Smith v. Intercosmos Media Group, Inc., 2002 U.S. Dist. LEXIS 24251 (E.D. La. Dec. 17,
2002) (denying relief for defamation, libel, or negligence based on allegedly defamatory web sites set
up by its customers); One v. Oliver, 792 A.2d 911 (Conn. App. 2002) (holding ISP immune from
improper e-mail messages sent to plaintiff mother’s employer); Marczeski v. Law, 122 F. Supp. 2d 315
(D. Conn. 2000) (holding individual defendants who created chat room were immunized by Section
230); Schneider v. Amazon.com, Inc., 108 Wash. App. 454 (Wash. Ct. App. 2001) (dismissing
defamation lawsuit against Amazon.com for third party’s posting negative comments about the author’s
book on site).
268
Compare Stratton Oakmont, Inc. v. Prodigy Services Co., 1995 WL 323710 (N.Y. Sup. Ct.
1995) (finding ISP liable for defamatory statements because it exercised some editorial control and did
not promptly take down statement made on Internet forum labeling company’s stock option as
fraudulent and its actions as criminal), with Cubby, Inc. v. CompuServe, Inc., 776 F. Supp. 135 (S.D.
126
Southern California Interdisciplinary Law Journal
[Vol. 13:1
cause of action that would make service providers liable for information
originating with a third party user of the service.”269 The downside of
Section 230 is that it leaves the victims of anonymous Internet attacks
without a tort remedy.
Section 230, like nineteenth-century tort law, is a subsidy that protects
infant industries from excessive liability during their formative stages.270
Congress enacted Section 230 “to maintain the robust nature of Internet
communication and, accordingly, to keep government interference in the
medium to a minimum.”271 However, Section 230 does not provide
sufficient incentives to encourage ISPs to develop new technologies that
would help detect or control third party wrongdoing on their networks.272
Section 230 also immunizes ISPs and access providers that fail to screen
out potential tortuous third parties.273
Judicial decision-makers have stretched Section 230 to expand ISP
immunity. In Green v. America Online, Inc.,274 an AOL subscriber alleged
that anonymous defendants defamed him by typing the messages, such as
“SHELLS CAREFUL LAWYER IS BI” and “LAWYER NO IMS FOR
GAY SEX THX:),” in a chat room titled “Romance in New Jersey Over
30.”275 He argued that AOL was liable for doing nothing to stop the online
defamation after he “faxed AOL a log of the chat room showing
‘LegendaryPOLCIA’ defaming him.”276 The complaint also alleged that on
two occasions LawyerKiii impersonated Green by entering a chat room and
“asking guys in the chat room for gay sex.”277
The Third Circuit affirmed the dismissal of all tort claims against AOL
by premising the ISP's immunity under Section 230 of the Communications
N.Y. 1991) (finding that ISP was not liable for statements made in electronic bulletin board since it did
not exercise editorial control).
269
Zeran v. America Online, Inc., 129 F.3d 327, 330 (4th Cir. 1997).
270
MORTON HORWITZ, THE TRANSFORMATION OF AMERICAN LAW: 1780-1860 99-101 (1977).
Cf. Gary T. Schwartz, Tort Law and the Economy in Nineteenth Century America: A Reinterpretation,
90 YALE L.J. 1773 (1981) (arguing that nineteenth-century courts found ways to bypass harsh doctrines
in cases where the plaintiff was sympathetic).
271
Zeran v. America Online, Inc., 129 F.3d 327, 330 (4th Cir. 1997).
272
The Section 230 immunity for tort liability for ISPs is reminiscent of how the courts
constructed harsh doctrines such as contributory negligence, the assumption of risk, and the fellow
servant rule to protect nascent industry during the industrialization of America. See generally
HOROWITZ, supra note 270, at 63-108 (arguing that the courts subsidized economic growth through the
legal system by replacing just compensation for limited liability in tort and other substantive fields of
law).
273
Section 230 of the CDA immunizes ISPs for publisher liability when the information originates
from a third party content provider. The provision "precludes courts from entertaining claims that would
place a computer service provider in a publisher's role," and therefore bars "lawsuits seeking to hold a
service provider liable for its exercise of a publisher's traditional editorial functions — such as deciding
whether to publish, withdraw, postpone, or alter content." Zeran v. America Online, Inc., 129 F.3d 327,
330 (4th Cir. 1997).
274
318 F.3d 465 (3rd Cir. 2003).
275
Id. at 469.
276
Id.
277
Id.
2003]
Cybertorts and Legal Lag
127
Decency Act.278 Moreover, the court found AOL’s user agreement and
guidelines did not confer any rights on the customer, and that the ISP did
not promise to protect the customer from the acts of other subscribers.279
Finally, the court found the First Amendment claim to be without merit,
because “AOL [was] a private, for-profit company and [was] not subject to
constitutional free speech guarantees.”280
Defendant ISPs have largely been successful in arguing that they are
entitled to Section 230 protection even when they have a close connection
to the third party content provider.281 The courts have subsequently
stretched Section 230 by extending the immunity to all information-related
torts such as invasion of privacy,282 negligence,283 and the intentional
infliction of emotional distress.284 In addition to tort immunity, ISPs also
enjoy a shield against liability for vicarious or contributory copyright
infringement, provided they comply with the procedural requirements of
Section 512 of the Digital Millennium Copyright Act.285
To qualify for the DMCA’s safe harbor provisions, the service provider
must demonstrate that it “does not have actual knowledge that the
material”286 — or an activity using the material stored on its web site
infringes — nor an awareness of “facts or circumstances from which
infringing activity is apparent.”287 Second, the service provider must show
278
See id. at 472.
Id.
Id.
281
Blumenthal v. Drudge, 992 F. Supp. 44, 50 (D. D.C. 1998) (holding that AOL was not
classifiable as a content provider even though it exercised editorial functions and had exclusive control
to publish the Drudge Report, which falsely accused a White House aide of having a history of spousal
abuse).
282
See John Does v. Franco Prods., 2000 U.S. Dist. LEXIS 8645, *13-14 (N.D. Ill. Jun. 22, 2000)
(holding that ISPs that host web sites are not liable for postings by customers). See also John Does v.
Franco Prods., 2001 U.S. Dist. LEXIS 8397, *5 (N.D. Ill. June 20, 2001) (granting plaintiff’s claim but
restricting class action to injunctive relief only).
283
In Lunney v. Prodigy Services, 723 N.E.2d. 539, 543 (N.Y. 1999), the court held that Prodigy
was not negligent in failing to prevent an imposter from opening up an account in a minor’s name,
posting vulgar messages, and sending threatening emails. The court recognized that if a duty were
imposed on an ISP to prevent people from opening up false accounts and committing these types of
defamatory acts, it would require an inordinate amount of time and money to study the transactions of
millions of subscribers. The court reasoned that if Prodigy were held liable for the actions of thirdparties, it would “open an ISP to liability for the wrongful acts of countless potential tortfeasors
committed against countless potential victims.” Id. at 543.
284
See Smith v. Intercosmos Media Group, Inc., 2002 U.S. Dist. LEXIS 24251, *14-15 (E.D. La.
Dec. 17, 2002) (holding that the ISP was entitled to immunity under the 1996 Communications Decency
Act for both damages and injunctive relief for defamation, libel, or negligence based on allegedly
defamatory web sites set up by its customers). See also Jane Doe v. Oliver, 755 A.2d 1000 (Conn.
Super. Ct. 2001) (holding ISP immune from improper e-mail messages sent to plaintiff mother’s
employer); Marczeski v. Law, 122 F. Supp. 2d 315, 327 (D. Conn. 2000) (holding that individual
defendants who created chat room were immunized by Section 230); Schneider v. Amazon.com, Inc.,
31 P.3d 37, 42-43 (Wash. Ct. App. 2001) (dismissing defamation lawsuit against Amazon.com for third
party’s posting of negative comments about the plaintiff author’s book on defendant’s site).
285
Digital Millennium Copyright Act, 17 U.S.C. § 512 (2000).
286
Id. at § 512 (c)(1)(A)(i).
287
Id. at § 512(c)(1)(A)(ii).
279
280
128
Southern California Interdisciplinary Law Journal
[Vol. 13:1
it “does not receive a financial benefit directly attributable to the infringing
activity” if the service provider has “the right and ability to control such
activity.”288 Finally, the service provider must prove that it responded
quickly to remove the material in question upon receiving notification of
the claimed infringement.289 One possible solution to the dilemma of too
much tort immunity under the Communications Decency Act would be to
institute a tort “safe harbor” provision similar to that of the DMCA.
b.
Extension of ISP Immunity to Negligent Cybertorts
The online auction site, eBay, was the first ISP to receive immunity
from negligence.290 A California court held that the web site was
immunized by the CDA’s Section 230 from a lawsuit charging that eBay
was negligent in permitting third parties to sell “bootleg” musical
recordings on its online auction site.291 Similarly, the Florida Supreme
Court upheld the lower court’s dismissal of a negligence action against an
ISP for maintaining a chat room used to market obscene photographs and
videotapes depicting minors engaging in sexual activities with adults.292
The plaintiff filed an action against the ISP claiming it was negligent and
violated criminal statutes by permitting pedophiles to distribute
advertisements for child pornography.293 The court held that the trial court
did not err in dismissing all causes of action on the grounds that they were
barred by Section 230 of the CDA.294
c.
Inadequate Remedies for Gender Injustice
Tort law has yet to develop a sufficient remedy to punish and deter
gender-based injuries, such as online stalking. Online stalking does not fit
squarely into the traditional tort of assault because a remote transmission
lacks the immediacy, or imminence, element. Plaintiffs will frequently find
it difficult to prove that they were in apprehension of an imminent battery
because of a remotely transmitted Internet posting. In Blakey v.
Continental Airlines,295 Continental Airlines' first female pilot of an Airbus
sued the airline in federal court for sexual harassment, discrimination, and
defamation.296 Discovery revealed that a number of Continental pilots
posted pornographic pictures and insulting comments about their female
colleague on the pilots’ online computer bulletin board.297 Despite such
288
Id. at § 512(c)(1)(B).
Id. at § 512(c)(1)(C).
290
Stoner v. eBay, Inc., 2000 WL 1705637 (Cal. Super. 2000).
291
Id.
292
Jane Doe v. America Online, Inc., 783 So. 2d 1010 (Fla. 2001).
293
Id.
294
Id.
295
Blakey v. Cont’l Airlines, Inc., 992 F. Supp. 731 (D. N.J. 1998).
296
Id. at 733-34.
297
Id.
289
2003]
Cybertorts and Legal Lag
129
clear-cut facts, the plaintiff was forced to endure a five-year jurisdictional
battle to litigate her defamation, sexual harassment, business libel, and
emotional distress claims.298 To date, the plaintiff has not received any
remedy for the defamatory harassment that took place on the airline’s
electronic bulletin board.
The first personal injury Internet case was a wrongful death action in
Remsburg v. Docusearch, Inc.299 In Remsburg, the representative of the
decedent, a young female murder victim, filed a lawsuit against an Internetbased investigative service, which had sold the victim’s personal
information to her killer.300 Causes of action were based on intrusion upon
seclusion, commercial appropriation of private information and violations
of the Federal Fair Credit Reporting Act301 and the New Hampshire
Consumer Protection Act.302 The ISP was found to be immune from tort
liability under Section 230 of the CDA, but the court refused to dismiss the
action, ruling that there was a sufficient basis for personal jurisdiction. In
addition, the court found that the plaintiff had established a basis for the
claim of invasion of the murder victim's privacy.303 To date, however, no
court has found an Internet web site or employer liable for providing
information to assist online stalkers in locating their prey.
Tort remedies need to be developed to protect against cyberstalking and
threatening e-mail transmissions from angry ex-husbands, spurned
boyfriends, or infatuated strangers.304 No reported case has yet granted
redress for online stalking. Internet wrongdoers have harmed women by,
among other things, maliciously posting personal information on
sadomasochistic web sites and by using new morphing technologies to
superimpose their victim’s face on pornographic images. Too much
legislative immunity granted to ISPs has left many consumers without an
adequate remedy for cyberspace wrongdoing.
298
Blakey v. Cont’l Airlines Inc., 1995 U.S. Dist. LEXIS 21855 (D. N.J. Nov. 3, 1995) (denying
plaintiff’s motion to amend complaint against airline); Blakey v. Cont’l Airlines Inc., 1996 U.S. Dist.
LEXIS 21911 (D. N.J. Sept. 4, 1996) (ruling that an expert on sexual harassment should be permitted to
testify); Blakey v. Cont’l Airlines Inc., 1997 U.S. Dist. LEXIS 22-67 (D. N.J. Feb. 25, 1997) (denying
airline’s motion to compel discovery of plaintiff’s individual tax return); Blakey v. Cont’l Airlines, Inc.,
992 F. Supp. 731 (D. N.J. 1998) (finding jury award to plaintiff in sex discrimination action to be
excessive in relation to the injuries); Blakey v. Cont’l Airlines, Inc., 164 N.J. 38 (2000) (reversing
judgment and remanding matter on issue of whether pilots are subject to personal jurisdiction and
whether airline had a duty to remedy the harassment).
299
149 N.H. 148 (2002).
300
Id. at 152-54.
301
2002 DNH 35, *1 (D. N.H. Jan. 31, 2002).
302
149 N.H. at 155.
303
2002 DNH at *19-20.
304
To date, no court has found an Internet web site or employer liable for providing information to
assist online stalkers in locating their prey.
130
Southern California Interdisciplinary Law Journal
d.
[Vol. 13:1
No New Privacy-Based Cybertorts
Internet technologies that track the individual’s activities on web sites
raise serious privacy concerns. E-marketers routinely use “web bugs” to
trace an individual’s activity on a web site.305 The Internet is creating a
transparent society:
We are placed in the uncomfortable position of not knowing who
might have access to our personal and business e-mails, our
medical and financial records, or our cordless and cellular
telephone conversations.306
Computerized medical records, for example, permit improved accuracy, but
can also result in the loss of privacy at the click of a mouse.
Despite daily reports about covert data mining, online espionage, and
identity theft, only a handful of plaintiffs have received an injunction or
money damages for invasion of privacy.307 A growing number of software
vendors market products that monitor e-mail or Internet usage.308 The email and Internet communications of millions of employees are
systematically monitored or intercepted by employers, yet there has never
been a successful privacy tort action against an employer.309 Finally,
consumer fraud on the Internet is rampant. Fraudulent credit card activity
may account for as much as “39% of total attempted order revenue.”310
Consumers have yet to obtain any tort judgment for misrepresentation or
fraud arising out of online transactions.311
Courts have been unwilling to find the publishing of disciplinary action
on a web site to be an invasion of privacy where the information is part of a
305
Marc S. Roth & Kathleen Fay, Playing “Hide and Seek” With Web Bugs, 10 E-COMMERCE 6
(Feb. 2001). A “web bug” is typically a text file or graphic embedded in a web page or in an e-mail
HTML code. Web bugs are known in the information industry as “invisible GIFs.”
306
Bartnicki v. Vopper, 532 U.S. 514, 541 (2001) (Rehnquist, C.J., dissenting).
307
Many states recognize four types of interests protected by a person’s right to privacy: (1)
unreasonable intrusions upon the seclusion of another, (2) appropriation of the other’s name or likeness,
(3) unreasonable publicity given to the other’s private life, and (4) publicity that unreasonably places
the other in a false light before the public. RESTATEMENT (SECOND) OF TORTS § 652(B) (1977).
308
Surf Control is an example of a tool used to monitor employee’s online activities and another
type is able to recognize explicit adult image files. Surf Control Releases Latest E-Mail Filtering Tool
and Best Practices Guide on Workplace E-Mail Usage, PRESSWIRE, Nov. 11, 2001, at M2.
309
See Konop v. Hawaiian Airlines, Inc., 302 F.3d 868 (9th Cir. 2003) (holding that airline did not
violate U.S. Wiretap Act because airline did not intercept electronic communications during
transmission, but only in storage). See also Smyth v. Pillsbury Co., 914 F. Supp. 97 (E.D. Pa. 1996)
(finding company’s interest in preventing inappropriate e-mail activity on its own computer system
outweighed any employee privacy interest); Bourke v. Nissan Motor Corp., No. B068705 (Cal. Ct. App.
July 26, 1993) (rejecting privacy claim because employee signed agreement that e-mail could be
monitored) (on file with authors).
310
Steven W. Klebe, Evaluating Online Credit Fraud with Artificial Intelligence, WEB COMMERCE
TODAY 11, June 15, 1998, available at http://www.wilsonweb.com/wct1/980615ai-screen.htm (last
visited Nov. 2, 2003).
311
As in the real-space world, most injuries do not result in viable tort claims. Richard L. Abel,
The Real Tort Crisis — Too Few Claims, 48 OHIO ST. L.J. 443, 448-449 (1987).
2003]
Cybertorts and Legal Lag
131
public record.312 A Washington state court ruled that the nature of e-mail
and of online chats implies consent for secret recordings by law
enforcement officials.313 Selling, transferring, transmitting, and
manipulating personal data is the life-blood of e-commerce and such
activities are mostly beyond the reach of tort actions. The Ninth Circuit
commented on the rise of new forms of electronic surveillance:
Something as commonplace as furnishing our credit card number,
social security number, or bank account number puts each of us at
risk.
Moreover, when we employ electronic [means] of
communication we often leave electronic ‘fingerprints’ [that] can
be traced back to us. Whether we are surveilled by our
government, by criminals, or by our neighbors, it is fair to say that
never has our ability to shield our affairs from prying eyes been at
such a low ebb.314
The misuse of Internet-based surveillance tools threatens our society as
much as telephone wiretaps in the first decades of the twentieth-century
when the tort of privacy was first recognized. Privacy-based torts have yet
to evolve to address the widespread surveillance of Internet usage in the
U.S. workplace. Courts have universally rejected the claim that employees
have an expectation of privacy in their e-mail communications.315 The right
of publicity has been slow to develop remedies for the appropriation of
images online. A New York court even rejected a misappropriation claim
arising out of the defendant’s publication of a photograph of radio shock
jock Howard Stern’s bare buttocks on a computer bulletin board.316
Courts could recognize remedies for privacy-based cyberwrongs that
do not fit established tort categories by adopting the concept of the prima
facie tort. A prima facie tort, sometimes called an innominate tort, was
adopted in the Restatement (Second) of Torts as a residual category of
liability for intentional injuries where the defendant can demonstrate no
justification or excuse.317 Few courts have adopted this innominate
intentional tort, which would permit recovery where the defendant has been
312
See, e.g., Mack v. State Bar of Cal., 112 Cal. Rptr. 2d 341 (2001) (holding publishing
disciplinary action against attorney on a web site was not a violation of privacy right, due process right,
or violation of equal protection).
313
State of Washington v. Townsend, 105 Wn. App. 622, 629-30 (2001) (holding that Washington
privacy law was inapplicable to recording e-mail and online chats).
314
Bernstein v. U.S. Dep’t of Justice, 176 F.3d 1132, 1146 (9th Cir. 1999).
315
Courts routinely rule that e-mail or Internet systems owned by companies are company
property and therefore employees have no reasonable expectation of privacy in stored messages. See,
e.g., Privacy Claim Rejected in Employer Access to E-mail Files, 16 COMP. & ONLINE LITIG. REP. 9
(June 15, 1999). See, e.g., McLaren v. Microsoft Corp., 1999 Tex. App. LEXIS 4103 (Tex. Ct. App. 5th
Dist. May 28, 1999) (rejecting employee’s privacy claim against company for “breaking into” personal
folders on his company computer). See also Smyth v. Pillsbury Co., 914 F. Supp. 97, 101 (E.D. Pa.
1996) (holding that plaintiff has no reasonable expectation of privacy in e-mail message stored on
company owned computer system).
316
The court rejected Mr. Stern’s claim of invasion of privacy and commercial misappropriation
ruling that he was running for New York governor and the publication concerned the public interest.
See Stern v. Delphi Internet Servs. Corp., 626 N.Y.S.2d 694, 700 (N.Y. Sup. Ct. 1995).
317
See, e.g., RESTATEMENT (SECOND) OF TORTS § 870 (1979).
132
Southern California Interdisciplinary Law Journal
[Vol. 13:1
malicious but where not all of the elements of a traditional intentional tort
are present.318 The development of the Internet is too recent for cybertorts
to have evolved definite contours.319
e.
Deconstructing Mrs. Palsgraf in Cyberspace
Negligence is conduct that falls below a standard of care for the
protection of others in society, the claim of which may be defeated by
negating the presence of a duty.320 The definition of a duty of care by one
member of society to another is a legal question determined by the court.321
“In the usual run of cases, a general duty to avoid negligence is assumed,
and there is no need for the court to undertake a detailed analysis of
precedent and policy.”322 Judges use public policy as well as precedent to
reject arguments that information products or web sites can be held liable
for inciting harm.
In James v. Meow Media, Inc.,323 the court dismissed all claims that the
makers of violent Internet video games were liable for inciting a Kentucky
school shooting.324 The parents of the murdered children argued that the
makers of the games owed a duty of care because of the foreseeability that
the games would incite violence.325 The court rejected the negligence
claim, finding no duty of care because the killer's actions were
unforeseeable or, alternatively, constituted a superseding cause.326 The
court reasoned that imposing a duty on media-defendants would have a
chilling effect on artistic speech even if such products might “adversely
affect emotionally troubled individuals.”327
The courts’ ability to cut off new channels of liability through a “no
duty” determination is the ultimate form of judicial contraception against
cybertort expansion. Even if an Internet defendant negligently injures a
consumer, there is no liability unless a court is willing to find that duties of
318
New York has adopted the “prima facie tort” but has added additional elements to restrict this
action. Kenneth J. Vandevelde, Prima Facie Tort, 19 HOFSTRA L. REV. 447, 494 (1990).
319
Comment (d) to Section 870 notes that “a prime example of a tort presently not fully developed
is intentional infliction of emotional distress; its contours are not yet fully clear. Other categories of
fairly recent development include injurious falsehood, interference with contractual relations and
interference with prospective economic advantage. The more mature the stage of the development the
more definite the contours of the tort and of the privileges that may be defenses to it.” RESTATEMENT
(SECOND) OF TORTS § 870, cmt. d (1979).
320
See Mt. Zion State Bank & Trust v. Consolidated Communications, Inc., 660 N.E.2d 863, 86768 (Ill. 1991) (noting that courts approach the essential elements of a negligence claim in a hierarchical
fashion beginning with whether the defendant owed the plaintiff a duty).
321
Hamilton v. ACCU-TEK, 62 F. Supp. 2d 802, 818 (E.D. N.Y. 1999).
322
Id.
323
90 F. Supp. 2d 798, 819 (W.D. Ky. 2000) (granting defendants’ motion to dismiss claim that
manufacturers of violent Internet games owed plaintiff’s “no legal duty of care since [the killer's]
actions were unforeseeable”).
324
Id. at 819.
325
Id. at 800.
326
Id. at 805.
327
Id.
2003]
Cybertorts and Legal Lag
133
care exist for web site activities. Courts frequently find that First
Amendment interests outweigh the tort claimant’s interest in being
protected from online defamation.328
Tort law expansion cannot occur in the absence of a judicial decision
that finds that a cybertort defendant owes the plaintiff a duty of care.329 As
Judge Cardozo explained in the famous Palsgraf case: "The range of
reasonable apprehension is at times a question for the court, and[,] at times,
if varying inferences are possible, a question for the jury."330 In the context
of cyberspace, judges determine whether to impose a duty by balancing the
factors of risk, foreseeability, and the likelihood of injury against the social
utility of the conduct in question. Substantive types of potential cybertorts
will be stillborn unless a court recognizes a strong public policy basis for
establishing an Internet defendant’s liability for a particular act.
Courts are exercising “no-duty” determinations to foreclose the
development of many cybertorts. In Lunney v. Prodigy Services Co.,331 the
court held that Prodigy was not negligent in failing to prevent an imposter
from opening an account under a minor’s name, posting vulgar messages,
and sending threatening emails.332 This case arose out of offensive and
threatening e-mails transmitted on a Prodigy e-mail account opened in the
name of a 15 year-old Boy Scout.333 The plaintiff’s legal representative
filed a lawsuit against Prodigy for libel, negligence, and harassment.334 The
New York Court of Appeals upheld a lower court’s ruling dismissing the
claims against the Internet Service Provider.335 The court reasoned that if
Prodigy were held liable for the actions of third parties, the result would be
to “open an ISP to liability for the wrongful acts of countless potential
tortfeasors committed against countless potential victims.”336 As a matter of
public policy, the court was unwilling to impose a new duty of care
requiring ISPs screen millions of e-mail communications to minimize tort
liability.337
Judges have yet to stretch the duty of care to cyberspace for many other
legally protected interests. New civil causes of action have yet to develop
for negligent Internet security, computer hacking, releasing viruses338 or
328
See, e.g., Horsley v. Feldt, 304 F.2d 1125 (11th Cir. 2003) (dismissing defamation complaint
arising out of wire services article, TV broadcast, and web posting that charge anti-abortion
organization with inciting the murder of physician who performed abortions).
329
The well-established no-duty rule has its origins "in the early common law distinction between
misfeasance and nonfeasance." RESTATEMENT (SECOND) OF TORTS § 314 (1965).
330
Palsgraf v. Long Island R.R., Co., 162 N.E. 99, 101 (1928).
331
723 N.E.2d. 539 (N.Y. 1999).
332
Id. at 246.
333
Id. at 246-47.
334
Id. at 244.
335
Id. at 252.
336
Id. at 543.
337
Id. at 249.
338
Bradley S. Davis, It's Virus Season Again, Has Your Computer Been Vaccinated? A Survey of
Computer Crime Legislation as a Response to Malevolent Software, 72 WASH. U. L.Q. 411 (1994)
(describing case in which malevolent software was introduced into a company computer by an exemployee who gained access by using his revoked password and security clearance).
134
Southern California Interdisciplinary Law Journal
[Vol. 13:1
worms,339 denial of service attacks,340 and other Internet-related
vulnerabilities. Consider the potential tort liability for the following
Internet-related hypothetical:
Harry the Hacker, angry because he's been fired, decides to put his
computing skills to work for nefarious purposes. During his
cracking spree, Harry's escapades include using the unsecure
system of We Care Hospital to launch an attack against a bank,
stealing the credit card numbers of customers of an online porn
company, and obtaining the medical records of his former boss
(revealed therein to have tested positive for HIV). Harry then posts
those records on the Internet. Finally, he flees the country with
millions of dollars, leaving a path strewn with victims of identity
theft, privacy breaches, and, of course, staggering financial losses.
Soon thereafter, finger pointing ensues.341
Where inadequate security results in injuries to third parties, a company
could theoretically be held liable for breaching a standard of care by failing
to prevent hackers from stealing proprietary information. Tort actions for
Internet security are particularly needed where companies suffer substantial
financial losses.
f.
No Successful Cybertort Cases for Viruses
Courts have not extended the standard of care owed to third parties to
include the duty to develop precautions against the deliberate spread of
viruses,342 even though corporations were hit with “a monthly average of
113 virus infections for every 1,000 computers they owned in 2001.”343 A
2001 survey found that nearly a third of companies reported at least one
instance of a virus disaster, defined as “any event in which a single virus
infects more than twenty-five machines, files, or pieces of storage media in
roughly the same time.”344 Losses from Internet viruses have continued to
multiply since the study. “Klez.h” was the most costly and virulent
339
On January 25, 2003, a virus-like attack on vulnerable computers on the Internet exploited a
known flaw in popular database software from Microsoft Corp. called “SQL Server 2000.” Within a
few hours, the world's digital pipelines were overwhelmed, slowing down Web browsing and e-mail
delivery. “Monitors reported detecting at least 39,000 infected computers, which transmitted floods of
spurious signals that disrupted the operations of hundreds of thousands of other systems.” Ted Bridis,
Virus-Like Attack Slows Web Traffic, ASSOCIATED PRESS, Jan. 25, 2003.
340
See Margaret Jane Radin, Distributed Denial of Service Attacks: Who Pays?, 6 No. 9
CYBERSPACE 2 (2001) (noting that courts have yet to recognize a duty of web sites owed to third parties
for allowing their computer systems to be used in computer attacks).
341
Lisa M. Bowman, Lawyers See Security Suit Riddled Future, CNET NEWS.COM, April 15,
2003, available at http://news.com/2100-1009-996935.html (last visited Feb. 2, 2004).
342
See Hamilton v. Accu-Tek, 62 F. Supp. 2d 802, 819 (E.D. N.Y. 1999) (suggesting that courts in
the real-space world are also reluctant to impose a duty to anticipate tortious or criminal acts of thirdparties).
343
Sam Costello, Virus Problem Expanded in 2001, Continued Growth Expected, INFOWORLD
DAILY NEWS, March 7, 2002 (reporting results of seventh annual survey of virus prevalence in the
enterprise conducted by ICSA Labs, a division of security services firm TruSecure).
344
Id.
2003]
Cybertorts and Legal Lag
135
computer virus of all time, causing massive economic losses.345 To date, no
plaintiff has prevailed in a tort action to recover for losses incurred as the
result of destructive software code.
The next wave of Internet torts will require courts to carve out new
duties of care to prevent the misuse or abuse of medical images or video
intercepted by hackers.346 Courts have yet to extend professional standards
of care to software designers who develop web sites or computer code that
lacks adequate security.347 Future Internet litigation may raise questions as
to whether a web site may be sued for negligent security for its unwitting
role in distributing viruses.348 Too much tort liability will have a chilling
effect on Internet speech.
g.
No Strict Liability in Cyberspace
Strict products liability cases are a significant branch of traditional tort
law. In contrast, no cybertorts-plaintiff has received either an equitable or
legal remedy based upon any theory of strict liability.349 No court has
recognized strict liability as a cause of action in a cybertort case and there
are relatively few cases predicated upon negligence.350 Moreover, judges
have steadfastly refused to extend strict products liability351 to software,
345
Matt Loney, Klez.h Wins Sibling Rivalry, CNET NEWS.COM, May 28, 2002.
Most states prohibit consultations with another physician located outside the state with
restricted limited consultation exemptions. Among the many issues that are raised by this expanded use
of telemedicine are: Does a web doctor incur malpractice liability for providing misleading information
on a web site?; at what point does participation in a video-conference create a doctor/patient
relationship?; should a local or national standard apply to Internet consultations?; is there vicarious
liability for Internet referrals?; will the hub medical provider incur institutional liability for a
physician’s malpractice over the Internet?; what is the extent of the duty of informed consent in a
remote rendering of medical care?; what is the duty of telemedicine provider for Internet security?;
must interconnected health care providers package patient data in an encrypted envelope?
347
See generally Susan C. Lyman, Civil Remedies for the Victims of Computer Viruses, 21 SW. U.
L. REV. 1169 (1992).
348
See Margaret Jane Radin, supra note 340 (arguing that third parties have potential liability).
See also Cheryl Massingale & A. Faye Borthick, Risk Allocation for Computer System Security
Breaches: Potential Liability for Providers of Computer Services, 12 W. NEW ENG. L. REV. 167, 175-76
(1990).
349
Courts have generally refused to extend strict liability theories to intangible information. Strict
products liability evolved out of the societal judgment “that people need more protection from
dangerous products than is afforded by the law of warranty.” East River Steamship Corp. v.
Transamerica Delaval Inc., 476 U.S. 858, 866 (1986).
350
The third branch of tort law is strict liability, which imposes liability without a showing of fault
or negligence. At common law, for example, a landowner who harbored wild animals on his land was
strictly liable for the consequences if the animal escaped. Similarly, a nuclear processing plant is
strictly liable for the escape of plutonium, even if it complied with federal nuclear regulatory
regulations. Strict liability is based on a public policy decision that those who engage in certain risky
activities should bear the cost of wrongdoing, irrespective of the amount of care taken by the defendant.
It is no defense to strict liability that the defendant followed statutory or industry standards of care.
351
Product liability is a hybrid of both warranty and tort law. In the early 1960s, courts began to
apply strict product liability to defective products. American courts began to recognize that a
commercial seller of any product having a manufacturing defect should be liable in tort for harm caused
by the defect, regardless of the plaintiff's ability to maintain a traditional negligence or warranty action.
346
136
Southern California Interdisciplinary Law Journal
[Vol. 13:1
media products,352 or other intangibles in general.353 Courts have yet to
extend products liability theories to bad software,354 computer viruses, or
web sites with inadequate security or defective design.355
h.
Professional Standards of Care in Cyberspace
Medical malpractice is another traditional category of tort liability that
has failed to evolve to address online injuries. Given the widespread
adoption of telemedicine throughout the United States, it is surprising that
no court has rendered a medical malpractice stemming from an online
consultation.356 Courts have been wary of extending professional standards
of care to medical web sites, medical software licensors, or other purveyors
of information-age health products.357
352
James v. Meow Media, Inc., 90 F. Supp. 2d 798, 811 (W.D. Ky. 2000) (dismissing plaintiffs'
products liability claims based on argument that violent Internet games caused school killings because
thoughts, ideas, and expressions contained within defendants' movie, games, and web site materials
were not “products” “within the realm of the strict liability doctrine”). See also Davidson v. Time
Warner, Inc., 1997 U.S. Dist. LEXIS 21559 (S.D. Tex. 1997) (dismissing argument that violent rap
music had led to the murder of a state trooper. The court explained that, because the element of
foreseeability was absent under Texas’ balancing test, no duty existed); McCollum v. CBS, Inc., 202
Cal. App. 3d 989 (1988) (rejecting argument that Ozzie Osbourne’s song, entitled “Suicide Solution,”
caused a 19 year-old boy to commit suicide).
353
Courts are far more likely to extend products liability standards to hardware failure resulting in
personal injury, which has yet to occur in an Internet-related case.
354
RESTATEMENT (THIRD) OF TORTS. Products liability applies to distributors of defective
computer hardware and may also apply to software. It was approved by the American Law Institute in
1997, and adopts new, more restrictive rules for design defects. It replaces strict products liability with
negligence-based standards in design and failure to warn cases. Section 2 defines a design defect as
that which occurs when the foreseeable risks of harm posed by the product could have been reduced or
avoided by the adoption of a “reasonable alternative design.” The definition replaces Section 402(a) of
the Restatement Second’s “consumer expectation” test with the “risk/utility test.” Similarly, Section
2(c) imposes a negligence-like standard in failure to warn cases. A product is defective if “the
foreseeable risks of harm posed by the product could have been reduced or avoided by the provision of
reasonable instructions or warnings by the seller.” See RESTATEMENT (THIRD) OF TORTS, § 2(c) (2003).
355
The Economic Loss Rule (ELR) bars recovery in products liability actions where the loss is
purely economic, that is, direct economic loss to the product itself as opposed to personal injury or
damage to other property. If the product itself is harmed, the purchaser must seek a remedy in contract,
not tort. See, e.g., Imaging Fin. Servs. v. Lettergraphics Detroit, Inc., 1999 U.S. App. LEXIS 2405 (6th
Cir. Feb. 9, 1999). See also Neibarger v. Universal Coops., Inc., 486 N.W.2d 612, 615 (1992)
(observing that the economic loss rule “provides that where a purchaser’s expectations in a sale are
frustrated because the product he bought is not working properly, his remedy is said to be in contract
alone, for he has suffered only ‘economic’ losses”); Nielsen Media Research, Inc. v. Microsystems
Software Inc., 2002 U.S. Dist. LEXIS 18261 (S.D. N.Y. 2002) (holding that a plaintiff could recover for
breach of warranty if it is determined that the contract was for goods, but could not recover for
negligence).
356
Contrary to the claims of tort reformers, the states have responded to a perceived punitive
damages crisis by enacting comprehensive limitations on awards.
357
Michael L. Rustad & Lori E. Eisenschmidt, The Commercial Law of Internet Law, 10 HIGH
TECH. L.J. 213 (1995) (arguing that duties of care should extend to Internet security). See also Stephen
E. Henderson & Matthew E. Yarbrough, Suing the Insecure?: A Duty of Care in Cyberspace, 32 N.M.
L. REV. 11 (2002) (arguing that web sites owe a duty of care to third parties injured by distributed denial
of service attacks).
2003]
Cybertorts and Legal Lag
137
Courts have yet to recognize an action for professional negligence filed
against software engineers who construct insecure web sites.358 Hospitals
and other health care providers are increasingly using the Internet to
transmit medical images or provide medical consultations,359 a process that
has the potential of producing a large amount of tort litigation. Satellite
technology permits telemedicine to occur across continents with “global
Internet access, two-way digital communications, video conferencing,
telemedicine, and residential voice and data communications.”360
i.
No Computer Malpractice Actions
As the field of information technology matures, it is likely that
software developers, web site designers and Internet security specialists
will begin to professionalize by developing industry standards of care.361
The judiciary is wary of expanding or modifying new causes of action for
negligent Internet security, computer malpractice,362 or strict liability for
information products.363 Many traditional tort categories have been
stillborn because courts are unwilling to expand duties of care to redress
wrongdoing that does not squarely fit within the boundaries of wellestablished torts.364
358
Negligence is conduct that departs from the reasonable standard of care imposed by law for the
protection of others. The elements of a negligence cause of action are (1) duty of care, (2) breach of a
duty of care, (3) proximate cause between breach of the duty of care, and (4) damages. “Negligence” is
an act or omission where there is a failure to use ordinary care; it is the failure to do that which a person
of ordinary prudence would have done under the same or similar circumstances.
359
Telemedicine may involve a physician answering a question on a web site or take a more
complex form such as having an emergency room physician in Milwaukee consult with a colleague in
New York. The Internet makes it possible for a cardiologist to hear sounds of the heart and lung of a
patient located in a small rural hospital. See generally Telemedicine, Health Web Projects, at
http://www.lib.uiowa.edu/hw/telemed/proj.html (last visited Nov. 2, 2003).
360
Teledesic v. FCC, 275 F. 3d 75, 78 (D.C. Cir. 2001).
361
Nielsen Media Research, Inc. v. Microsystems Software, Inc., 2002 U.S. Dist. LEXIS 18261
(S.D. N.Y. 2002).
362
See id. (entering summary judgment in favor of defendant in computer consultancy agreement
because the agreement represented a veiled attempt to state a professional computer malpractice claim).
363
Winter v. G.P. Putnam’s Sons, 938 F. 2d 1033, 1036 (9th Cir. 1991) (observing that courts
distinguish between the tangible containers of ideas from their communicative element for purposes of
strict liability).
364
The most recent new tort to be judicially recognized was the intentional infliction of emotional
distress, developed in the 1940s. The tort of outrage evolved because the legally protected interest of
being safe from the deliberate infliction of severe emotional distress was not vindicated by existing
torts. The tort of assault, for example, was not available in cases of outrage because this tort requires
that the actor “put the other in apprehension of an imminent contact.” Dickens v. Puryear, 276 S.E.2d
325, 331 (1981). “Most states now recognize intentional infliction of emotional distress as an
independent tort.” JERRY PHILLIPS ET. AL., TORT LAW: CASES, MATERIALS, PROBLEMS 136 (3d. ed.
2002).
138
Southern California Interdisciplinary Law Journal
j.
[Vol. 13:1
No Successful Cybertort Class Actions
No cybertort class action has yet been certified in federal or state court.
Recently, a class action was filed against a California software
manufacturer who used Internet advertising banners masquerading as
computer error messages with headings that read "security alert,"
"warning," and "message alert."365 The manufacturer created a demand for
its protective software with notices designed to frighten web surfers with
warnings such as, "Your computer is currently broadcasting an Internet IP
address. With this address, someone can immediately begin attacking your
computer."366 The class action sought to enjoin these advertisements and
also sought damages under tort law for deceptive business practices,
fraud/intentional misrepresentation, public and private nuisance, trespass to
chattel, and invasion of privacy.367 No certified class of plaintiffs has
recovered for an Internet-related injury due to fraudulent advertisements.
k.
Judicial Resistance to Modern Intentional Torts
Judges have yet to extend the most recent intentional torts to
cyberspace. To date, no abuse of process or malicious prosecution claims
have succeeded. The tort of negligent spoliation has not yet developed to
punish and deter the destruction or alteration of smoking gun e-documents.
The signature crimes of Internet wrongdoers include the use of
pseudonyms, false identities, forged e-mail addresses, and encryption to
alter or eliminate records.368
New computer software has been developed that automatically destroys
records containing e-mail messages.369 The tort of spoliation could
theoretically be used to punish the destruction of electronic evidence. The
advantage of having a separate tort of spoliation is that private plaintiffs
will have a private cause of action for the destruction of electronic
evidence. The judiciary will be reluctant to extend this relatively new tort
to the Internet legal environment. On the whole, Internet tort litigation may
be visualized as a ruthless process of natural selection in which judges
allow few cases to survive summary judgment because emergent civil
wrongs rarely fit traditional tort categories.
365
See
Lukins
&
Annis,
PS,
Bonzi
Class
Action,
at
http://www.lukins.com/bonzi/index.php?pid=home (last visited Nov. 2, 2003) (announcing settlement
was achieved on May 25, 2003).
366
James Niccolai, Lawsuit Targets ‘Deceptive’ Banner Ads, InfoWorld Daily News, Dec. 7, 2002,
at http://archive.infoworld.com/articles/hn/xml/02/12/05/021205hnsuit.xml?s=IDGNS (last visited Nov.
2, 2003).
367
Id.
368
See generally Michael L. Rustad, Private Enforcement of Cybercrime on the Electronic
Frontier, 11 So. Calif. Interdiscip. L. J. 63, 64-66 (2001) (citing examples of anonymous cybercrimes).
369
This E-Mail Will Self-Destruct in Three Days, USA TODAY, Feb. 18, 2002, available at http:
//222.usatoday.com/tech/news/2002/02/18/self-shredding-e-mail.htm. (last visited Feb. 4, 2004).
2003]
Cybertorts and Legal Lag
139
CONCLUSION
Contemporary tort law emerged as a response to the mass injuries that
accompanied America’s rapid industrialization during the nineteenth
century. Lawrence Friedman argues that the modern law of torts “must be
laid at the door of the industrial revolution, whose machines had a
marvelous capacity for smashing the human body.”370 We are in the midst
of another period of rapid change spurred by the widespread adoption of
the software industry and the Internet. This empirical study confirms that
there is a “legal lag” occurring in tort law as an economy centered on the
mass production of durable goods is now being displaced by the
information age. U.S. Internet torts have yet to evolve to curb new risks
and dangers arising out of the misuse of new information technologies such
as e-mail, browsers, and web site scrapers.
The failure of tort law remedies to keep pace with new cyberwrongs is
a legal lag, which will persist until the common law catches up with good
sense. The growing impact of information technologies “is already
creating a tremendous cultural lag, making nonsense of existing laws.”371
As of yet, the progressive principles of tort law have played relatively little
role in cyberspace.
Courts have yet to develop cybertort remedies for negligent computer
security, spam, or failing to prevent unauthorized computer intrusions. The
United States has not yet experienced an “electronic Pearl Harbor” in
which lives have been lost by “shutting down medical services networks,
power grids, or financial services nationwide or even worldwide.”372
Judges have yet to confront the question of whether they will impose a duty
of care for companies to implement measures to protect against hacking,
virus attacks, or even terrorism.
A whole new body of tort law based upon economic loss is emerging in
response to the Internet. Cybertort law is structured to accommodate the
economic interests of AOL, CompuServe, Walt Disney, and Hollywood.
The “legal lag” is that these early formulations of Internet torts have not
benefited consumers in any significant way. Tort remedies have not yet
been developed to redress the invasion of privacy, consumer fraud, and
other online injuries suffered by individuals. The next decades will see
more developments in cyberspace that will require courts to rethink the
parameters of cybertort duties.
Justice Holmes’ cogent comment, “in moving water there is life and
health; in stagnant pools, decay and death,”373 is applicable to cybertorts.
370
LAWRENCE M. FRIEDMAN, A HISTORY OF AMERICAN LAW 467 (2d ed. 1985).
N.D. Batra, Space, Cyberspace, and Inner Space, THE STATESMAN, Dec. 26, 1999 (arguing that
the digital technologies are creating lags in law and ethical standards).
372
Gene Stephens, Global Trends in Crime: Crime Varies Greatly Around the World, Statistics
Show, but New Tactics Have Proved Effective in the United States, 37 THE FUTURIST 40, 41-45 (May 1,
2003) (noting that the U.S. government has predicted an Internet-related or electronic Pearl Harbor
since the 1990s).
373
Thomas F. Lambert, Jr., Reviews of Leading Cases, 30 NACCA L. J. 33, 45 (1963).
371
140
Southern California Interdisciplinary Law Journal
[Vol. 13:1
Judicial stagnation, tort reform, and Section 230 of the CDA have
prevented the common law of torts from readily accommodating to the
Internet.
The Section 230 blanket immunity will need to be
reconceptualized as the Internet matures.
Today, the information industry is insulated from paying the true cost
of their wrongdoing much like the railroads, canals, utilities, and assemblyline factory industries of nineteenth-century America. Cybertort remedies
must expand in order to perform their traditional function of social control
in the information age, an era in which the nature of injuries is being
transformed.
Even in cyberspace, tort law exists to vindicate, not veto, consumer
protection. Outmoded immunities, no-duty rules, and defenses should be
consigned to the ashbin of history. As the court in Intel Corporation v.
Hamidi observed: “The common law adapts to human endeavor. For
example, if rules developed through judicial decisions for railroads prove
nonsensical for automobiles, courts have the ability and duty to change
them.”374
374
114 Cal. Rptr. 2d 244, 247 (Cal. Ct. App. 2001).