Unlike other industries, where owners of businesses can easily find out what is legally expected of them, Cyberspace system operators (sysops) quickly come to realize exactly how little precedent relates to computers and computer crime. In fact, the few cases that have been decided, like Cubby, Inc. v. CompuServe, Inc. or Steve Jackson Games, Inc. v. United States Secret Service are district-court cases, setting binding precedent in only one part of the country. However, by combining cases like these with important cases from other areas of the law, it is possible to gain a fairly detailed picture of the responsibilities and risks associated with being a sysop of a single, disconnected system.
Unfortunately, the great benefits of Cyberspace lie in the interconnection of many small machines into large networks like Usenet or the Internet. Issues like a sysop's responsibility for postings that do not originate on his system are just now starting to become important. Even groups like the Electronic Frontier Foundation have little concrete legal advice in these areas.
This paper starts by taking a look at issues sysops of single systems face, focusing on the rationale for various points of view where there is disagreement. Then, these issues are expanded to include problems specific to networks. Finally, conclusions are drawn.
These regulations impose a significant responsibility on sysops of systems that carry sexually explicit material: they are responsible for making sure their material is not obscene in any of the fifty states where it could be used. (Loundy 122) While this problem may appear to be insurmountable, 1-900 services have always dealt with the diversity of community standards
Even if a sysop's material is not obscene, it may be
indecent. Indecent language is language that
"describes, in terms patently offensive as measured by community
standards ... sexual or excretory activities and organs . . . ."
(Loundy 124, quoting F.C.C. V. Pacifica probably insufficient. He suggests that for-pay
systems require payment by credit card. According to Loundy,
F.C.C. phonesex regulations also allow indecent material to be
transmitted scrambled in such a way that a descrambler is required, or
a password can be sent by mail after age verification. (143)
Another potential danger is child pornography. Materials that
visually portray minors engaged in "sexually explicit conduct," is
child pornography. (Godwin "Sex") Since these statutes are designed
to prevent exploitation of children, images of children engaged
sexually explicit conduct, generated without using real children, are
not illegal under the federal child pornography statute. Obviously, a
sysop is responsible for child pornography that he knows is on his
system, or that he knowingly distributes. What about child
pornography that is on the computer system unbeknownst to the
sysop?
According to Loundy, the statute criminalizes "anyone who
knowingly possesses " three or more copies of child pornography and
the knowing transportation of child pornography. (102) This
requirement should insulate sysops from the activities of users that
they are not aware of. However, sysops are probably obligated to
remove any child pornography they find. This requirement of knowledge
should alleviate the concerns of sysops whose systems fall under the
Electronic Communications Privacy Act (ECPA). (Godwin "Sex") Since
these sysops aren't expected to read email, they are unlikely to know
of any child pornography passing through their system's electronic
mail.
Besides concerns about adult-oriented material, sysops also
have to be concerned about their liability for defamation. In
Cubby V. Compuserve, a district court ruled that because
Compuserve had no knowledge of defamatory comments in one of their
forums, they were not accountable for this comment. (Godwin
"Internet") In his opinion, the judge likened Compuserve to a book
store, referring to Smith v. California, an obscenity
case in which a book store owner was not held liable for a small number
of books that he didn't realize were obscene. (Loundy 128--129) While
this case did not set the standard of liability for the book store
owner, a later decision established a "know or have reason to know,"
standard. Presumably, if the distributor analogy is extended to
computer systems, then a sysop would only be liable for content that he
could reasonably know.
Because the judge relied on a obscenity case to base his
opinion on a defamation case, it is likely that the same logic could
be applied to a obscenity case involving computers. A sysop must
not exercise editorial control over the forum in which the
libelous material is published in order to be protected by this
argument. For example, this excludes services like Prodigy that make
a practice of editing their fora. (Godwin "Internet")
The final area of concern is the great void of copyrights. Unlike
crimes like obscenity, child pornography and defamation, there is no
requirement that someone have reason to know that they are infringing
a copyright before they are held accountable. (Loundy 126)
Exceptions to the copyright act allow public archives such as
libraries to make material available for the public to copy. (Loundy
129) In
addition, the fair use doctrine allows end users to make copies of this
information under some conditions.
While these exceptions to the copyright act may give sysops
protection in some situations, particularly when end users make
improper use of material legally provided on a system, they hinge on
the sysop having legally obtained a copy of the material. Thus, the
sysop's liability for software uploaded by a user without knowledge of
the sysop is unclear. (Loundy 125) To understand the issues
involved, take the example of the Washington University Archive (
wuarchive.wustl.edu) while their README for
MSDOS uploads admonishes users not to upload pirated software,
uploads are available for download as soon as they are completed. It is often difficult to find a user, or prove that
they uploaded a particular copyrighted work. If the sysop is not
responsible for infringing material on his system, then the copyright
holder may find it difficult to recover damages.
While this argument is new to copyright cases, it is common in
defamation cases: publishers are generally held liable in addition to
authors, because they are more likely to have resources to compensate
the victim. (Godwin "Libel") According to Loundy, one author
proposed extending the idea to computer bulletin boards, even when the
sysop is not acting as a publisher. (154)
The case may provide a first step in determining some of these
legal questions. LaMACCHIA, while a MIT junior, ran an
Internet service that allowed users to anonymously upload and download
files. The indictment alleges:
Several Usenet news groups, like
alt.binaries.pictures.erotica,
alt.sex.pictures.male and
alt.sex.pictures.female were created to transport
sexually explicit images. A large portion of the hard-core
pornography distributed in these groups is illegal. (Godwin "Sex")
However, unlike a file section on a single-user bulletin board,
no one sysop has control over these news groups. There is enough
traffic on these news groups that it is unlikely that the average
system administrator has time to monitor the traffic in these news
groups to delete obscene articles. When a sysop becomes aware of an
obscene article, she can delete the article from her system. However,
she is probably aware that at least some articles at a given time are
legally obscene. Should she be liable for these articles? Under the
know or have reason to know standard, the answer is unclear: she is
aware that there are violations of the law, but has not taken time to
discover these violations.
In order to avoid these sticky issues, some sights decide not
to carry these news groups. In a single-system environment this works
well, and the user's access to these materials is restricted.
However, it isn't that simple on the Internet: many sights allow users
to use FTP or to reconfigure news reading software to use a
non-default server. Since there are public access news servers that
carry these news groups, and pornographic FTP sights, it is trivial
for users to circumvent these restrictions. The Internet is designed
to stay open; no central access control mechanisms exist. Also, there
are multiple paths to the same information. In order for a system to
make it impossible to get to unhealthy or illegal information, it must
limit the user's access to a well defined set of sanitized
information. In many cases, this is unacceptable.
The problem of jurisdiction is also serious. Obscenity law
depends on community standards. However, the Internet and
other large networks span many communities and are influenced by their
community standards. This became important in a recent federal
obscenity case: the prosecution of the sysops of the Amateur Action
BBS, a system run out of California. However, the sysops were
prosecuted under Tennessee law because their material was accessible
there. Soon after a guilty verdict was announced, there was
discussion of what this meant for Internet sights. In comp.org.eff.talk, Karl
Denninger, sysop of MCSNet, an Internet service provider in Chicago
expressed his concerns with the decision:
Within Chicago what is on the net wouldn't violate community standards,
especially given what I can rent at the local video store . . . In
Memphis, on the other hand....... (Denninger)
It is unlikely in the near future that a legal system will
develop and be accepted that are independent of geopolitical
distinctions. However, crimes can be viewed in the jurisdiction where
they were committed. For example, when a file is uploaded, the
uploader should be liable for transmitting the file in his or her own
jurisdiction. If the sysop keeps the file, he should be liable for
it. Downloaders should be liable for moving the file into their
jurisdiction, but not the sysop. In other words, it would
be illegal to upload a file that is obscene in the uploader's
jurisdiction, and illegal to download the file into a jurisdiction
where it is illegal. With this system, there is still significant
room for gray areas, but it is a step in the right direction.
Denninger, Karl. ``AA BBS trial--jury out'' Usenet news groups: comp.org.eff.tlak, et al.
F.C.C. v. Pacifica Foundation, 438 U.S. 726, reh'g
denied, 439 U.S. 883 (1978).
Godwin, Mike. " Internet Libel: Is the provider responsible?"
Internet WOrld, Nov./Dec., 1993.
Godwin, Mike. "Libel, Public Figures, and the Net" Internet World, June 1994.
Godwin, Mike. " Sex and the Single Sysadmin:
The Risks of Carrying Graphic Sexual Material." Internet World, Mar/Apr, 1994.
Loundy, David. "E-LAW: LEGAL ISSUES AFFECTING COMPUTER INFORMATION SYSTEMS AND
SYSTEM OPERATOR LIABILITY." Albany Law Journal of Science and
Technology, Vol. 3, Number 1. pp. 79--154
Steve Jackson Games, Inc. v. United States Secret Serv., 816
F. Supp. 432 (W.D. TEX. 1993).
UNITED STATES OF AMERICA V. David M. Lamachia. CR. No. 94-10092-RGS. The David Lamachia Defense Fund has placed several documents about the case on the web, including the indictment, a motion to dismiss filed by the defense, a press release by the U.S. attorney, and the defense's response.
Defendant David Lamachia . . . set up . . . operated and participated
in the operation of a computer bulletin board system . . . to permit
and facilitate, on an international scale, the illegal copying and
distribution of copyrighted software, without payment of software
licensing fees or the software purchase price.
Depending on how this case is resolved, a legal opinion on sysop
liability for copyright infringement.
Networks and Sysop Responsibility
Two features of networks effect the legal
accountability of sysops. First, First, the individual sysop finds
that if they want to grant access to the majority of the net, they
quickly lose the ability to limit access to specific information on
the net. This leads to the second problem: who has jurisdiction over
a user's actions? The issue of pornography on the net provides an
excellent case study, although the legal and ethical problems can be
expanded to other areas where sysops have liability.
This is a serious case folks. We're going to be talking to the lawyers
IMMEDIATELY here, as the ramifications of this may be that we can no longer
sell accounts to users across state or even local boundary lines -- or we
may have to drop all the erotic material on the net!
The problem of jurisdiction is minor in the US, when compared
to other countries. For example, if an erotic image is requested by
someone in Britain from a server in Finland, and the packet is routed
through Iraq, whose laws apply?
Conclusions
The Internet, and Cyberspace in general, transcend geopolitical
boundaries: it's almost as easy to connect to a system half way around
the world as to a system across the room. In order to work smoothly
and coexist with Cyberspace, laws will have to recognize the
triviality of geopolitical distinctions on Cyberspace. Bibliography
Cubby, Inc. v. CompuServe, Inc., 776 F. Supp. 135
(S.D.N.Y. 1991).