Web site operator liable for encouraging third-party publication of illicit content to its site

Federal law has been interpreted as protecting the operators of Web sites from liability for content posted by unrelated third parties – like commenters on Web site bulletin boards – but even that broad grant of immunity has its outer limits.

Last week, a federal appeals court ruled that a company offering access to people’s private telephone records could not hide behind the liability shield of the Communications Decency Act (a/k/a Section 230) by claiming to be no more than a conduit for information gathered by third parties. That’s because the “third parties” were investigators hired by the Web site operator, Accusearch, Inc., for the express purpose of digging up private information for Accusearch’s customers.

The ruling, Federal Trade Commission v. Accusearch, Inc., No. 08-8003, (10th Cir. June 29, 2009), upholds a district court ruling that allowed the FTC to levy civil penalties and obtain an injunction ordering Accusearch to cease offering access to confidential phone records.

Several aspects of the Accusearch ruling may prove to be important to the broader publishing community, and will bear watching to see how they are applied.

The Tenth Circuit found that Accusearch was “responsible” for the illicit content – and therefore, could not claim to be merely a conduit for content created by others – because Accusearch “knew that its researchers were obtaining the information through fraud or other illegality.”

More broadly, the court went on to say that “a service provider is ‘responsible’ for the development of offensive content only if it in some way specifically encourages development of what is offensive about the content.”

At first blush, this standard appears to be safe for the vast majority of plain-vanilla content providers. However, the terms “knew” and “encourage” are critical here, and they may imply a broader ruling that risks misapplication in future cases.

In Accusearch’s case, the court seems to have concluded not just that Accusearch “knew” of the impropriety or “encouraged” it, but actually committed the impropriety through hired agents (a bit like a murderer using a hit-man). And that is a deeper level of involvement than merely “knowing” or “encouraging.”

The distinction could be decisive in certain cases. For instance, where does the Accusearch ruling leave a Web site such as www.wikileaks.com, which acknowledges on its home page that at least some of the documents posted by third parties are classified? The operators of the site clearly did not engage in Accusearch-type conduct – they did not fill orders from people wishing to pay for documents sneaked out of government offices. But can the Web site’s administrators feel confident that a future court will not decide that they “specifically encouraged” the theft of stolen secrets their users post? Taking it a step further, what if the site is not wikileaks.com – in which a substantial portion of the content is indisputably legal and legitimately obtained – but stolen_pentagon_documents.com?

A site like Wikileaks should have no worries, since Accusearch indicates there is no liability unless the site is “responsible for the development of the specific content that was the source of the alleged liability,” which is a level of hands-on participation beyond merely providing the conduit. But the wording of the opinion is sufficiently loose that it may invite mischievous future applications – or, at least, make it harder for a legitimate Web site operator to get a case dismissed at the earliest stages without a factual inquiry into its dealings (or lack of dealings) with the content creator.

That is the point made by Judge Timothy M. Tymkovich in a concurring opinion in Accusearch. Tymkovich saw no need to raise the sticky issue of what level of “responsibility” for editorial content would cause CDA protection to be lost. Rather, he would have decided the case on the simpler basis that the FTC was penalizing Accusearch for its conduct, not for what it posted online.

In Tymkovich’s view, the FTC violation was complete when Accusearch paid researchers to deceitfully obtain metadata associated with private telephone accounts and then sold the results. That the information was conveyed on a Web site was irrelevant. In other words, you can’t shoot somebody and claim CDA immunity by broadcasting the crime on a Web site. Tymkovich’s analysis may be oversimplified – there are times when the CDA immunizes offenses committed on a Web site that would be punishable if committed anywhere else – but it at least avoids a messy inquiry into the motives and level of knowledge of the Web site proprietor.

As a final point of significance, the Accusearch court gave a skeptical reception to the FTC’s dangerously broad argument that the CDA protects only Web sites with user interactivity. As the court pointed out, that view could strip CDA immunity from, for instance, a Web site that republishes articles from medical journals, if the site does not enable reader comments. Regrettably for publishers, the court discredited the FTC’s interpretation but did not drive a stake through its heart. Unless the agency takes the hint and changes its interpretation, we may have to await a future FTC enforcement case against a luckless publisher to resolve the matter conclusively.

Frank LoMonte, SPLC Executive Director