The Laws of Blogging, Re-Explained

This story by the Post-Gazette about "cheap shots by anonymous bloggers" offers some entertaining anecdotes and quotes from solid expert sources, but it leaves the layperson wondering what, exactly to take away. When it comes to blogging and commenting, what are the rules of the legal road? The following quick-and-dirty guide applies to blogs, bloggers, and those who comment at blogs; to message boards and chat rooms; and to social networking sites that allow commenting, such as Facebook.

A disclaimer: This is not legal advice; I am not your lawyer (or anyone's lawyer!).

There are two, related legal areas: rules relating to anonymity, and rules relating to the responsibilities of the site or blog owner, author, and/or host. Let's take the second question first, even though it isn't the focus of the PG article.

The basic rule is that someone who provides or uses what's called an "interactive computer service" is not legally liable for content posted by another provider or user of that interactive computer service. The rule is found in section 230 of the federal Communications Decency Act of 1996 . The idea is that if you host a site, and someone else comes on to that site and says something defamatory, then you aren't legally responsible for what that other person said. That rule requires a little bit of explanation, because its meaning isn't obvious, and because there are some exceptions.

First, what is an "interactive computer service"? Congress wrote the law in 1995 and 1996, before blogs and social networking became popular; Congress was looking at message boards and things like Compuserve and the old AOL. So courts have taken the idea that Congress was looking at -- online services run by one person or enterprise so that other people could chime in there -- and extended it to today's media. Blogs are "interactive computer services," most of the time, and companies that host blogs, like Google, are also "interactive computer services," most of the time. ISPs are "interactive computer services." Both the Facebook company and individual Facebook profiles are likely to be treated by courts as "interactive computer services."

Second, what kinds of things are the site owner, or host, or author off the hook for? The owner/host/author is not considered to be the "publisher" or "speaker" of content that is provided by someone else. The language of "publishing" and "speaking" is a clue that the law is mostly concerned here with defamatory statements and invasions of privacy and related things. In the offline world, say the world of newspapers, if the newspaper publishes a defamatory letter to the editor, then the newspaper is legally liable for the defamation, because (among other things), the newspaper "published" the letter - even though the letter was written by someone else. In the online world, section 230 means that the online equivalent of the newspaper - say, the blog - is *not* liable for the content of a defamatory comment, because the law says that the blog did not "publish" the comment. (As in many areas, the law is using conversational terms in a non-conversational way.)

There is an important limitation here: If the site owner (host/author, etc.) does anything to the comment or information "provided" by others -- anything that means that the host/author etc. is not merely "passively" receiving the information on the site -- then there is a risk that a defamation plaintiff would claim that the immunity from liability provided by section 230 no longer applies. Simply screening comments before posting them is usually not enough to defeat the application of section 230, but any kind of editing or editorial scrutiny might cross the line. In other words, section 230 creates a kind of perverse incentive for blog owners and hosts to ignore the content of what commenters and other posters say. The more active the host, the more risk the host buys.

Third, what are the important exceptions? The fact that Section 230 doesn't apply to "active" blog owners and hosts, who are still potentially liable for defamatory statements by other users or commenters, is one important exception. The other big exception is that Section 230 provides no immunity if the plaintiff in the lawsuit is complaining about a violation of intellectual property rights. In other words, a blog owner or message board (or, say, peer-to-peer service) has no immunity under section 230 if users or commenters are infringing copyrights, patents, or trademarks. That doesn't mean that blog owners, etc. are automatically liable; regular copyright, patent, and trademark law applies. It just means that the special rule of section 230 does not apply.

Note, then, that there is another kind of perversity at work: Victims of defamation and invasions of privacy - which are almost always individuals - have fewer rights against blog owners and message board operators than owners of copyrights, patents, and trademarks - which are almost always corporate interests. And enterprises that want to innovate in technologies that enable consumers to be productive and creative with content floating around in our culture - say, modern updates of things like the Sony Betamax - don't have the kinds of legal protection for their efforts that the promoters of, say, Facebook do.

Hmmm. The PG story mentions a little bit of the history of section 230, and quotes my law professor friend Dan Solove, a privacy law specialist, for the proposition that the statute has gone too far and should be cut back. Dan says that a service provider that has reason to know that a statement is defamatory should be liable for the defamation. There is a formal logic to that argument; the problem is that the "reason to know" concept is incredibly difficult to work with in practice. I have other law professor friends, telecommunications law specialists, who believe that section 230 has done a good job at fulfilling its purpose: encouraging lots of speech on the Internet, without the chilling effect of over-zealous plaintiffs' lawyers.

Now to the second question: anonymity. Anyone who runs a message board, chat room, or blog deals with anonymous and pseudonymous commenters and posters who sometimes test the boundaries of good taste - and who sometimes leap far beyond it. Not all claims and cries of "defamation!" are flung by thin-skinned folks who can't take sharp criticism or parody; there are real victims out there (including Ken Zeran, who was the the unfortunate victim of some genuine abuse in the leading case interpreting section 230).

Because of Section 230, most of the time those victims cannot sue the site owner or host - even though the site owner or host usually has more resources to compensate the victim, is easier to find than the source of the defamation, and in many cases is in a better position than anyone else to keep the defamation from appearing in the first place. The real defendant has to be the person who posted the comment. But because the allegedly defamatory comment or post was made anonymously or pseudonymously, the plaintiff has relatively few ways to find out who that defendant is. The best way, often, is to ask the site owner or host or author, and in lots of cases that information -- the commenter's name, if the site owner knows it, or the commenter's IP address -- will be supplied voluntarily. But for a variety of good reasons, the site owner may not be willing to turn over the information voluntarily. So the plaintiff files a lawsuit, names the "real" defendant by a John Doe pseudonym, and then tries to use a subpoena -- legal process -- to require the site owner or host, which may be a non-defendant third party, to turn over whatever information the owner or host has regarding the poster's identity. Often, that's just an IP address, and even with the IP address in hand, the plaintiff may still have a lot of work to do to connect an IP address to an actual human being, including further subpoenas and consulting with forensic IT experts.

This skirmishing takes place *before* the plaintiff has proved that the comment or statement was defamatory. So, site owners and hosts that resist the subpoenas have gone to court to "quash" them, arguing that the First Amendment protects the right to speak anonymously, and unmasking the identities of anonymous speakers before the defamatory character of their speech has been proved would pose an unwarranted threat of "chilling" legally protected speech. These are pretty standard arguments with a lot of support in precedent, so courts have developed a variety of "balancing" tests. These vary a bit from jurisdiction to jurisdiction. Generally, a plaintiff can defeat the First Amendment argument and enforce the subpoena if the plaintiff can show that the relevant anonymous defendant can be specifically tied to specific statements that are highly likely to turn out to be defamatory.

Of course, if you're a blogger or message board operator or host of a site that permits comments and contributions, there are a lot of things that you can do to minimize the risk that any of this will rise up to bite you. You can try to enforce a "no anonymous commenting" policy, which is highly imperfect but which sends a message to most people that certain standards of civility apply. You can permit anonymity but screen comments for bad behavior, either before they are posted or after they are posted, or both. (As I noted above, this brings certain risks in terms of liability, but it may also decrease the likelihood that a dispute will come up, or that a dispute will escalate.) You can ensure that your own contributions set a tone that doesn't cross the line in the first place, so that you don't invite tit-for-tat responses. You can do these things in a variety of combinations.

But there are no guarantees. Know your rights, on all sides of the playground.