Backing Off the Bullies

by Jonathan Wallace jw@bway.net

Since 1995, there has been a lot of rhetoric touting the Internet as the ultimate democratizing medium, a global Hyde Park corner where anyone can, with equal access and equal volume, express any viewpoint, no matter how unpopular.

This meme, though beautiful, is false in many respects; it is a view of the "ought" of things, not the "is". A significant weakness in the metaphor is that, while we walk into Hyde Park on our own two legs, we are projected into the virtual agora via technical means under someone else's control. Most of us enter the Internet via a commercial Internet Service Provider (ISP), and have our web pages located on a server owned either by our ISP or a web hosting company. These entities can, and sometimes will, revoke our Hyde Park privileges.

People who would suppress speech on the Internet figured out long ago that the most effective way to accomplish their goals was to bully ISP's and web hosting services into dropping that speech. Your HTML essay on the evils of the Vader Corporation may be truthful, phrased in limpid, beautiful prose, of extreme social value to the public, and thus entitled to the maximum protection of the First Amendment. The problem is that the First Amendment only protects us against government action. It does not protect against Vader Corp. writing to your ISP, falsely charging libel and demanding that the ISP pull the plug on your essay. If this happens, the chances are good your ISP will comply. It is a for profit business, and there is no profit to be made defending your speech, or even spending time investigating whether Vader's charges are true.

There have been numerous instances in the last five years of companies and individuals using libel and copyright charges as a way of bullying ISP's and web hosting services. While in a few cases these claimants have prevailed on the underlying legal grounds, in many more they had no cognizable legal claim and were using a false charge as a way of frightening the ISP or host into cancelling the offending speech. Since most of these cases never make it to court, many bullies have gotten away with this behavior and continue to act with impunity.

When I first got on the web in 1994, there was a wonderful Anne Frank page, compiled by a student at a U.S. university. The site included quotes from the diary, and a few pictures. In my opinion, the use of the excerpts, and probably also of the photos, were a fair use under U.S. copyright law. A few months later, the site was down, with a note from the university that it had been taken offline due to the protests of the organization which owns the rights to Anne Frank. Most people don't know it, but Anne Frank's memory (like Dr. Martin Luther King's) is essentially being exploited today as a for profit enterprise. Since 1995, I have heard of scores of other cases of companies, individuals, and organizations using this approach to frighten ISP's and hosting services.

While (as I have often argued) the best way to make rules for new technology is to look at those for older, similar technology, sometimes this approach can be misleading. If I make controversial phone calls about Microsoft, Bill Gates doesn't have the right to contact Verizon and ask them to cut off my service. That's because Verizon, by statute, is a common carrier, required to act as a conduit for all my communications, but exempt from any liability for them. Congress has never passed a law designating ISP's or hosting services common carriers. It did, as the only benign part of the Communications Decency Act, create a shield against holding them liable for user speech of which they haven't been notified. Once the bully sends the threatening letter, that immunity ends.

When the ISP or host pulls the plug, there is usually very little the author of the offending speech can do, except look for another provider to get the speech back on-line. His relationship with the provider is governed by contract (if there is one), and by the terms of service (TOS), which usually say that the provider reserves the right to delete any pages, postings or email at its own discretion. Here the Hyde Park Corner metaphor breaks down irretrievably: someone has the legal right to press a key or two and make you disappear from the park, and there's nothing you can do about it.

Controversial speakers have resorted to defensive practices, such as posting material on Usenet or anonymously. In some cases, when speech has been threatened, webmasters of other sites have sprung forward to mirror it, in case it disappears from the original server.

Usenet is a distributed, "headless" entity: there is no one source you can go to cut off an offending message. Early attempts, including some by the Church of Scientology, to hold server owners responsible for passing through Usenet messages, have failed on the grounds that the server is just a conduit, and does not have the ability to pre-screen the hundreds of thousands of Usenet postings that are distributed daily. However, under the common sense notice rule, an ISP may still be responsible for failing to delete a particular posting after receiving the "bully" letter. Since no-one has the time or resources to pursue every server distributing Usenet newsgroups worldwide, the trick is to identify the server through which the offending message originated. (Having once received a phone call and a letter from the Church of Scientology about something I had written, I will note that the Church has actually prevailed in some cases on copyright grounds, obtaining rulings that the uploading of entire Church documents via Usenet was not a fair use.)

In a pending New York case, an upstate ISP is being prosecuted for failure to delete an entire child porn newsgroup after receiving notice of its existence from an undercover cop.

Activists have sometimes mirrored threatened sites as a way of proving the axiom that "the Internet interprets censorship as damage, and routs around it." I personally have been involved in two mirroring efforts: I assisted in translating a French book which made political disclosures which the French government was trying to hush, and I posted a copy of a Canadian anonymous political page which fell afoul of a Canadian government rule that political speech can't be anonymous. There have, however, been other instances when I refused to participate in mirroring efforts, because I detested the speech being mirrored (a Canadian Nazi site--I believe that a mirror is an implied endorsement) or could not take the legal risk involved. Shutting down twenty mirror sites is hardly beyond the resources of a large company.

Anonymity may protect the speaker from liability, but usually has no role in keeping the ISP or host from deleting the speech. While anonymous speech has the deepest First Amendment protection and played an honored role in the development of both British and American democracy, it is usually regarded as a poor stepchild without a protector on the Internet. In 1994, when I first logged on, there were numerous remailers, sites from which one could send an anonymous message. It didn't take long before they came under substantial legal pressure. The Church of Scientology subpoenaed one of the most famous remailer webmasters, Johan Helsingius, to identify an anonymous user, and he subsequently closed his site, anon.penet.fi, after the government of Finland opined that there were no privacy rights in email communications. Today, it is hard to find a working remailer.

While services such as AOL and Hotmail allow you to set up pseudonymous accounts quite easily (or even force you to do so; I am Montaukconsult@aol.com because my own name was not available), these services also give you up in a heartbeat when a bully comes looking for you. For years, AOL was notorious for disclosing user identities immediately upon receipt of a subpoena, and sometimes even without one. However, in two recent cases, speakers have used their anonymity to turn the tables on the bullies.

In a November 2000 press release, the ACLU describes a Pennsylvania case in which Allegheny County State Superior Court Judge Joan Orie Melvin found anonymous comments critical of her on a website entitled "Grant Street 1999." She commenced a defamation lawsuit (characterized by ACLU as frivolous) against the site to force it to reveal the identity of the speaker. ACLU intervened and was granted a protective order by state judge R. Stanton Weddick, who held that he would not permit the speaker's identity to be revealed until a hearing was held on whether the defamation claim had merit. Typically, a plaintiff gets to hold discovery first, then prove merit (or not) later. Weddick noted that "anonymous Internet speakers, unlike the national media, are vulnerable because they lack power or money. Without anonymity, speakers will be less willing to express controversial positions because of fears of reprisal."

I hope that the Grant Street case will be the beginning of a wave of reaction to the bullies. The Electronic Frontier Foundation more recently asked a California court to quash a subpoena issued by Rural/Metro Corp. seeking to reveal the identities of two people who posted comments allegedly critical of Rural/Metro on a Yahoo! message board. EFF and its co-counsel, the Liberty Project, asked the court to utilize a test under which the Court would first have to determine that the plaintiff has a valid claim, and then balance the harm to the anonymous speakers against the plaintiff's need to discover the identity of the speaker.

Not every speaker will have the resolution or the resources to employ an attorney when the bully first contacts his ISP or host; nonprofits like the ACLU or EFF will not be available to become involved in every case. Nevertheless, an immediate hearing, whenever a speaker can obtain one, is an effective counter-move: rapidly establishing the frivolity of the claim will simultaneously back off the bully and re-assure the ISP or host of the speech's validity. These two cases may be the beginnings of a beautiful trend.