Communications Decency Act

A Houston area woman has sued Facebook asking for $123 million because Facebook was slow to take down a fake a profile created by her ex-boyfriend with pornographic images.

You can see the story here


The plaintiff sued Facebook and the ex-boyfriend for negligence, breach of contract, gross negligence, intentional infliction of emotional distress, invasion of privacy and defamation.  The request for $123 million is based on $.10 for every Facebook user.  You can read the amended petition here–Ali v. Facebook petition.

My guess is this case will likely be removed to federal court (both defendants are out of state) and then summarily dismissed as to Facebook.  As regular readers should know by now, website operators like Facebook are not liable for the content created by others under the Section 230 of the Communications Decency Act.  It provides that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” This federal law preempts any state laws to the contrary: “[n]o cause of action may be brought and no liability may be imposed under any State or local law that is inconsistent with this section.”

Although sympathetic to the plight of the plaintiff, Section 230 unquestionably (and may result in sanctions against the plaintiff) immunizes Facebook from the negligence, invasion of privacy, intentional infliction of emotional distress and defamation claims.

It appears the plaintiff is heavily relying upon the fact it took Facebook a long time to take the fake profile down.  Facebook’s community guidelines do prohibit fake profiles. Facebook says it will take down posts and profiles in violation of the guidelines, but it never contractually commits to the users it will quickly police the site.  In fact, Facebook expressly says it will not guarantee an expedient removal stating:

If you see something on Facebook that you believe violates our terms, you should report it to us. Please keep in mind that reporting a piece of content does not guarantee that it will be removed from the site.

It is therefore questionable whether there is any contractual obligation on Facebook to take down offensive or fake profiles.  Regardless, most courts do not allow plaintiffs to artfully plead around the Communications Decency Act and have poured out similar breach of contract claims.

We will keep an eye on this case.  You can listen to my interview with KRLD Radio in Dallas about the case here. facebook lawsuit with Mitch Carr – KRLD is not exactly deserving of sympathy.  Much like Playboy and Hustler pushed the boundaries of the First Amendment in the past, rumor sites like are pushing the limits of Section 230 immunity for online defamation under the Communications Decency Act.

A judge and jury in Kentucky apparently have had enough.  This week, a jury found “encouraged the development of what is offensive” and was therefore liable for the defamatory posts about former Cincinnati Bengals cheerleader Sarah Jones. The jury awarded Jones $38,000 in actual damages and $300,000 in punitive damages.

As a refresher, Section 230 of the CDA provides:  “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”  Because the websites are not the publisher or speaker, the sites can’t be liable for defamation.  Most courts immediately dismiss website operators from defamation suits when the claim is based on user generated content known as UGC.

Although subjects of defamatory posts hate the CDA, the law is good.  There would be no Google, YouTube, Twitter of Facebook if these sites had to defend, let alone be held liable for, each defamatory post by their users.

Jones sued Dirty World Entertainment Recordings which owns  The site, as expected, immediately filed a motion to dismiss the complaint because all claims were based on the UGC.   The trial judge denied the motion arguing the defendant purposefully seeks out and encourages defamatory content.   The court wrote “the very name of the site, the manner in which it is managed, and the personal comments of defendant Richie” shows that the site “specifically encouraged development of what is offensive about the content.”  Therefore, the summary judgment was denied.  With as a defendant, it is not surprising the jury ruled in favor of Jones.

If you have had the unfortunate reason to visit, you know the judge is correct in that they do everything they can to encourage defamatory and offensive content. I have argued before that the CDA should be amended to allow for claims against sites like this that encourage defamation.  I always thought the change would come through the legislative process rather than judicial fiat.  Not surprisingly, is appealing. You can read more about the case here.

What does it mean?

If you run Facebook, the local newspaper site, or a community site regarding butterflies, you still have nothing to worry about.  If you purposefully run an inflammatory site, you need to pay attention to what the court of appeals does with this case. asks people to “submit dirt.”  Their submission form has entries for the “dirt,” and provides a link to upload photographs.  The court seized on the fact that in response to the post about Jones, the site operator wrote “I love how the Dirty Army has a war mentality.”  Facebook and the Christian Science Monitor website don’t do this.

The CDA is usually a slam dunk defense for websites that are sued over UGC.  Plaintiffs first tried to argue the sites actually “created” the content.  Now, plaintiffs will argue the sites are “encouraging” the defamation.  While a good policy, I am not sure it will hold up on appeal without a change to the statute by Congress.

So, what about sites like RipOffReport and  Is the next line of attack that they “encourage” defamatory content?  I would not be surprised if a plaintiff is making that argument right now in response to a motion to dismiss.

We will keep our eye on the appeal.

The general legal advice to website operators who allowed User Generated Content (UGC) in the form of comments, videos or pictures used to be relatively easy.  The Digital Millennium Copyright Act protected you from copyright and Section 230 of the Communication Decency Act protected you from defamation and other liability.  Recent developments are bringing a little more grey into what was previously a black and white world.  Good news for lawyers; bad news for business.


The DMCA provides web hosts and internet service providers a “safe harbor” from copyright infringement claims resulting from content provided from others if certain procedures are followed. If the safe harbor qualifications are met, only the customer or user can be liable and not the actual website operator.

To qualify for the safe harbor protection, the site must: (1) notify the customers of its policy; (2) follow proper notice and take down procedures; (3) designate a copyright agent with the U.S. Copyright Office; (4) not have knowledge that the material or activity is infringing or of the fact that the infringing material exists on its network.

For a new web-based start-up that is going to have UGC, taking advantage of the DMCA is a no brainer.

Was that Sly and the Family Stone in the Background?

A recent decision against music-sharing website Grooveshark suggests that sound recordings prior to 1972 may not be covered by DMCA safe harbor protections.  Universal Music Group sued Grooveshark in New York state court for copyright infringement.  The trigger legal response is that the DMCA means Grooveshark is immune.

Easy, case dismissed.  Then, the New York appellate court reversed the dismissal late last month.  The legal issue hinges on whether the DMCA provides for a “safe harbor” for sound recordings before 1972 because these recordings are governed by state law and not U.S. copyright law or the DMCA.

If you want the legal details which focus on the definition of copyright, you can read this post from Professor Goldman’s Technology and Marketing Law Blog.  The simple answer is the DMCA needs to be fixed by Congress.  This recent decision directly conflicts with another prior decision so it is likely there will be further appeals that may take several years to resolve absent Congressional action.

What you need to know if you have a website with UGC sound recordings is that you may have a problem.  Is it feasible for you to determine whether the uploaded sound recording is Isaac Hayes’ Theme from Shaft (1971) . . .

Marvin Gayes’ Let’s Get it On (1973) . . .

or Don McLean’s American Pie which was recorded in 1971, but became a hit in 1972?

If you start pre-screening for pre-1972 sound recordings do you now have knowledge that the material or activity is infringing or of the fact that the infringing material exists on your network taking you outside of the DMCA safe harbor?

The good news is this case appears to be the outlier.  As long as you know and are willing to accept the risks, you probably do not need to make any wholesale changes.  You have the recent pro-DMCA case in Viacom vs. YouTube, a federal New York decision and a Ninth Circuit Court of Appeals decision that reaches the exact opposite result.

At least I don’t have to worry about defamatory UGC because of Section 230, right?

Section 230 of the Communications Decency Act provides immunity to websites for defamation and related claims based UGC.  It states:

no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

This is the law that prevents Facebook from being sued relentlessly for alleged defamatory posts and also allows sites like RipOff Report and The Dirty to survive.  Based on Section 230, we generally advise sites not to worry about liability for anonymous commenters – at least for now.

The United Kingdom recently passed the Defamation Act 2013 which sets up a notice and take down process for website operators to protect themselves from UGC defamation claims in the UK.  Basically, a plaintiff cannot sue unless the plaintiff sends notice to the website and the website refuses to take it down.

Although ripe for abuse, it does not sound too bad until you get to the part of the law that says websites can only take advantage of this protection if the plaintiff can identify the person who actually posted the offending content forcing websites to authenticate its members.  There goes anonymity.  You can read more details on the law here.

It does restrict “libel tourism” so the local pizza shop in Sugar Land can’t take advantage of this against Yelp for the review by the interloper in New Territory.  But, if the offended person can convince a court in the UK the case should be there, you could be subject to a UK judgment.

So, should you require authentication of all users?  Can you set up your site so that all users from the UK have to authenticate their identities?

The answers are no longer so easy.  For example, what do you do if a UK citizen slanders Roberta Flack on your American-based website while uploading a copy of The First Time Ever I Saw Your Face which was originally a 1957 folk song but recorded by Flack originally in 1969, but re-released in 1972 when it became a number one hit?

It could make your head spin, but that’s why lawyers make the big bucks, right?


The State of Texas may find out and it may be more applicable to your site than you think.  In early filing for the 2013 legislative session, Democratic state Senator Leticia Van de Putte proposed a bill aimed at stopping at stopping human trafficking.  The entire text is here.

It allows for human trafficking victims to bring civil suits against the wrongdoers including websites, that allow advertisements promoting the compelled sex trade.  Specifically, it states a website can be liable if it:

publishes an advertisement that the [website] knows or reasonably should know constitutes promotion of  prostitution or aggravated prostitution and the publication of the advertisement results in compelling prostitution with respect to the victim. 

The Bill and Section 230

I’ll parse through the language below, but first I want to discuss how this law may interact with Section 230 of the Communications Decency Act.  Section 230 provides the operators of websites with immunity from any suits caused by the content created by others.  It states:

no provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

It usually shields sites from defamation claims, but it has been applied to almost all claims that stem from the content  created by others.

So what happens if a website simply allows anyone to create ads, specifically adult services ads without having any say as to the content?  Would the CDA trump this Texas proposal?  Online adult listing companies have already prevailed on several related suits in MissouriWashington and Illinois.  If Texas passes the law, it is likely to legislate its way into a lawsuit. 

Numerous local and state officials have attempted to crack down on at least one known adult-listing service without much success.  The passage of the law in Texas could be a symbolic statement increasing the fervor for Congress to make changes to the CDA.  The CDA already expressly excludes liability for federal criminal laws including child pornography.  Thus, Congress could carve out a similar exemption as it relates to human trafficking.

The Language of the Texas Bill 

If the proposed law were to survive CDA and other challenges, it could present some interesting trial issues.  First, you have to parse through the definitions.  “Promotion of prostitution” is essentially pimping for one person.  “Aggravated promotion of prostitution” is running a pimping enterprise of more than one prostitute.  So, to be liable, the media company would have to know, or reasonably show know, that the advertisement is for promotion of prostitution (i.e., pimping). 

A successful plaintiff would not have to show, however, that the website operator knew the pimp was engaging in “compelling prostitution.”  Compelled prostitution means that through force or threat of force, you force someone to commit prostitution or cause a minor to commit prostitution–the human trafficking aspect.

While crass, the law essentially means that an advertisement for a “reputable pimp” who does not engage in “compelling prostitution” would be OK.  But, if you think that the advertising pimp is “reputable” and they turn out not to be because they force people or use minors, the website would be in trouble. 

Also interesting is that if you are the actual prostitute and you advertise, then the media company cannot be held liable because you are not engaging in “promotion of prostitution.”   

How would this apply to my site?

You may be thinking that I don’t run an adult classified listing site, so while interesting, I don’t care.  If you run any interactive site that allows for user generated content or messages, you may want to think again.  Under this provision, “advertisement” is defined to include communications that promote a commercial service on websites “operated for a commercial purpose.”  Read broadly, that could apply to every website that makes any money regardless of whether you accept classified listings or allow users to advertise, as we normally think of the term, on your site.  In other words, the “advertisement” that creates liability, could be a comment a user posted on your blog that makes some money.

So, if a pimp takes to Facebook and posts a free message promoting human trafficking, could Facebook be held liable?  Their liability would all come down to what did Facebook know or should it have known?

Human trafficking is a serious issue.  According to reports, adult classified that may involve adult trafficking is also serious business.  Without action from Congress, any efforts by Texas or other states to crack down on online advertising is likely to lead straight to the courthouse.

In my last three posts, we covered online defamation from the business owner’s perspective.  Today, we look at it from the consumer’s perspective.

The local NBC affiliate in Houston interviewed me and others for a story about it you can watch here.



The way the story was edited, it almost appeared I support suing consumers when “sounding off crosses the line when it goes beyond personal and turns factual.”  It really should be that when it goes beyond opinion and you state facts that are not true, you can get sued. 

An example I used in the interview not aired was if you said I was a lousy lawyer, I couldn’t sue you for that opinion.  But, if you said I stole your money or was even a fraudster or a criminal (things that can be proven), I might have a claim.

It’s almost a Hobson’s Choice for the consumer.  From my own personal experience, I prefer reviews that state why the customer was not pleased.  I want to know why you think they are horrible with specifics which is a way you can cross the line and get in trouble if you stretch the truth.  

And this goes without saying, it is certainly a bad idea to write a fake review about your competitor.

Finally, it’s not all bad for consumers.  As discussed in my series and in this post, Texas’ version of the anti-SLAPP should act as a deterrent to any companies who overstep their bounds by wrongfully suing a  consumer over a review.

It was interesting to be juxtaposed with Ed Magedson of RipOff Report when at the end we basically agreed that if you simply state your opinion, you should be safe. 

If this was a point-counterpoint, I might respond to Mr. Magedson that although I am as big a fan of the First Amendment as the next guy, RipOff Report is no saint and hasn’t won all of its cases on pure First Amendment grounds.  Instead, RipOff Report thrives because of Section 230 of the Communications Decency Act which prevents you from suing the website operator for the content posted there by others.  The merits of that immunity can be debated another day.

Much to the chagrin of my law firm, I often encourage people not to take legal action when they are defamed on an online review site.  The issue has become more prevalent as consumers (or is it possibly competitors or people with personal vendettas) spew their ire negatively rating doctors and other professionals who only have their good reputations to sell.  Some of these folks are now trying to be proactive about it.

Some Choices After the Fact

If the negative review is already there, litigation can be difficult because you often can’t sue the websites themselves because the Communications Decency Act gives the site immunity from contents posted by others.  You can sue the actual poster of the review, if you know who it is.  You can also embark on a “John Doe”  lawsuit and attempt to identify who the poster is.  That can easily surpass $5,000 in costs just to find out an IP address.  If the defamer is sophisticated, they can probably mask their identity no matter how much discovery you obtain.

Another option is to do your own campaign.  The common method is to push the negative results down on the search engine page by strategically placing more current content about yourself that search engines will place above the review site.  A more sophisticated approach includes customer surveys used to find any raving fans you may have.  You can then encourage them to go on to the specific site and counter the negative review with positive ones.  You have to be careful not to run afoul of the FTC online endorsement guides by giving the customer something of value not disclosed in exchange for the positive review.  And, many of the review sites are like search engines and will erase positive reviews if they are suddenly bombarded with ten on the same day or more than one from the same IP address.

For more on these approaches, you can read my Visibility Magazine column on how to address online defamation and several past posts about online defamation and anonymity.

The Proactive Approach

Now that doctors and other professionals (who presumably have money and care more about their professional goodwill) are targets, several companies have sprung up to act as reputation managers or defenders.  I have to confess I have no first or second hand knowledge of anyone who has used these services, but the likes of Medical Justice caught my attention because of the legality aspect.

They encourage doctors, for example, to include provisions in their agreements with patients (tucked into the HIPAA disclosure you sign off on, but never read) whereby the patient agrees to one or more of the following:  (1) not to post a negative review online unless first shared with the doctor so they can ensure there is no misunderstanding – and identify the poster; (2) not to post on any sites that allow it to be  done anonymously; (3) not to post anonymously; (4) to allow the doctor to request removal at the doctor’s discretion; and/or (5) the assignment of all copyright interests in any reviews done by the patient of the doctor.   This last one allows the doctor to have the negative review removed through a Digital Millenium Copyright Act take down notice.

For an agreement to be enforceable there has to be what lawyers call consideration.  In other words, what does the patient get out of the deal from agreeing to those terms?  Some could argue the medical services are sufficient.  Others suggest the patient is ensured additional privacy because doctors cannot discuss medical issues in responding to the reviews. 

Other than anecdotal evidence about the use of these provisions, I have not seen one of these challenged in a court of law.  I would not be surprised to see one soon.  They have been castigated, however, in the court of public opinion with criticism of Medical Justice and others.

UPDATED  7/25/2011

Looper Reed Board Certified Health Law Lawyer and author of Darrell Armer recommends doctors contractually take some protection against the online review phenomena although not as far as some of the options above.  “Doctors are not allowed to publicly discuss the medical treatment of an identified patient without their permission.  This makes it difficult for doctors to respond to online review,” he said.  “We, therefore, recommend doctors include a provision in their privacy notice that grants the doctor permission to discuss the treatment should the patient post an online review.” was sued last week because a male user sexually abused a female user on the second date.  Facebook and MySpace already warded off similar suits from parents of children who were stalked online based, at least in part, on Section 230 Communications Decency Act immunity.

These stories are indeed tragic, but it reminds me of the famous defense theme: 

Tragedy Strikes – Blame is Quick to Follow

No amount of technical or legal safeguards can prevent evildoers from doing evil.  These sites do not guarantee the safety of the users and often include such disclaimers in their terms of service.  That fine print you agree to when you create an account does matter and is usually enforced.  There is a reason these sites are free to use.

In the suit, the Jane Doe plaintiff claims she was abused on the second date.  At that point, she did her own due diligence discovering he had a record of sexual assault.  Interestingly, the plaintiff is not seeking damages — right now.  Instead, she is seeking an order that would shut down the site until comes up with a way to determine the background of its users (suggesting it tie in to a credit card at sign up).

While it sounds like a reasonable idea, how far do you want to take it?  Bars are popular places where people meet, should they be required to run checks on their patrons?  How much information are you willing to give to before you create a profile? 

The answer appears to be a market one and not a legal one.  It appears there is a void in the market for a dating site that guarantees the background of the users.  If that is what people want, then there should be a site out there where all users are run through a criminal background check with the posted results for all to see.  Should we run a credit report too?  Would you pay to be on that site?  

You can listen to my radio interview with KRLD Radio on the case.

4-19-11 Update:  Despite concerns that a background check will provide a false sense of security, released a statement late Sunday night that it was going to try and check its customers against the national sex offender regitsry.