Criminal Liability for System Operators

Civil Liability for System Operators

Criminal Liability for System Operators

System Operators (SYSOPs) have a compelling reason to be concerned about the efficient and proper operation of their electronic bulletin board systems (BBS's) or else they could find themselves spending a significant portion of their lives behind bars. Criminal liability is an important issue that SYSOPs must face, particularly in light of the Communications Decency Act (CDA), a poorly thought-out piece of legislation intended to regulate indecency on the Internet.
This paper will first discuss the history of the Internet (the Net) and then compare the Net and electronic bulletin board systems to existing media. Next, it will describe the different types of criminal liability that a SYSOP may encounter, such as lawless action, fighting words, computer crimes, and viruses. However, if a SYSOP faces liability in the near future it will likely be based on a violation of the CDA, therefore, the primary focus of this paper will be a discussion of the CDA, including pros and cons, as well as a history of indecency and obscenity law in the United States. The next topic will be a discussion of the on-line obscenity case law prior to the CDA. The paper will conclude with suggestions as to how the SYSOP can avoid, or at least minimize, their potential criminal liability.
Introduction

Imagine if 10 years ago you fell asleep and you just woke up yesterday. You would probably be shocked at the growth of the personal technology industry. You would find that most of your friends have computers in their homes that can do more than those room filling computers that your remember from 10-15 years ago. At about that same time, the majority of personal computers that were sold, were often used as word processors, in large measure due to the complexity of the software that was available at that time. Now, however, computers can used by the typical, i.e., non-technical, user as more than elaborate typewriters. Today's computers can help even the most computer phobic person reach entire new worlds of information because everything, included the operating system and nearly all software is controlled by graphical user interfaces (GUI's). A GUI makes performing tasks that were tedious in DOS seem like child's play now
because almost all tasks are accomplished by using a mouse to point and click on icons. Prior to GUI's, computer users had to learn text based commands to perform even the most simple operation. For example, printing a paper used to require pressing a series of keys on the keyboard that were proprietary to whatever software package the user had, thus there was very little standardization in the different programs. Now, with the familiar Windows and Windows 95 screens that users have become accustomed to seeing, users need only find the picture of the printer on the screen to print the document that they have created.
Historical Background of the Internet

Anyone who has even a modest personal computer (pc), a regular (analog) phone line, and a modem, can connect to a new world called the Internet (the Net). A brief discussion of the Net's history is appropriate to provide a basic understanding of how it has evolved over the last 30 years. The Internet was created in the 1960's by the Defense Department's Advanced Research Projects Agency. The purpose of the Net was to serve as a data network capable of surviving a nuclear attack. There were two major aims: 1. to allow numerous users to simultaneously send data and 2. to ensure that there was never one central computer running the system. The reasons behind these aims were based on the antagonistic relations between the Communist countries and the United States during the Cold War. The Federal Government believed that if the Soviets bombed Washington, the decentralized system would not be destroyed.
The next phase of development of the Internet came in the 1970's when universities and research centers all over the world were given access. The purpose was to allow for the easy dissemination of information. The system allowed scientists who were across the world from one another to communicate almost immediately via electronic mail. By October 1971, experimenters were "logging" onto each others' sites, a remarkable feat at this time.
During the mid 1980's, the National Science Foundation took control of the Net. They created a network of supercomputer centers that would interconnect with autonomous networks serving different communities of researchers, government agencies, and university campus networks. Thus, the Net had gone public.
In the late 1980's the only way to operate within the Net was to use the fairly complex grammar of the UNIX operating system. However, in the last few years, the introduction of the World Wide Web (Web) has dramatically changed the way people interface with the Net. The Web links pages together with hypertext links. A hypertext link allows the user to input what they are looking for and what returns is the document, not the name of the source. This method of operation required that users know the HyperTextMarkupLanguage in order to effectively use the Web. However, from 1993 to the present time major advancements have taken place as programs called Web Browsers have come into existence. A Web Browser allows users to interface with the Net by pointing and clicking on graphics. This innovation has led to the explosion of the Web (which is only a part of the entire Internet system) and has brought millions of people online.
While the Web is the currently the most significant part of the Internet, it is just that, only a part of it. There are two other significant areas of the Net: newsgroups and electronic mail. A newsgroup (the most common is Usenet) is essentially a non-graphical user interface that allows people to chat about specific areas of interest from the Dallas Cowboys to Debbie Does Dallas. More specifically, a user looks at the Usenet area of interest to them and they will see messages posted from people all around the world. Thus, when an individual posts information (pictures, stories, commentary) to Usenet, potentially millions of others will have access to what they've written. Electronic mail (e-mail) allows people to send electronic messages nearly instantaneously to anyone who has an e-mail address. The primary difference between Usenet and e-mail is that e-mail is essentially like a one on one phone call; there is only one recipient of the mail, it is not available for a wide audience, while on Usenet there is a wide audience.
The Net is a virtual storehouse of information on every topic imaginable, including how to cheat at the latest video game, to Butterball's® ideas on what to with leftover Thanksgiving turkey, to continuously updated sports scores, to information about your favorite politician, and on and on and on. However, there are some things that are available on the Net that would probably be rated X by the motion picture industry. For example, Playboy, Penthouse, and Hustler magazines all have sites that are available online with no effective access restrictions. Additionally, there are many other sites that contain even more graphic pictures and stories than the aforementioned magazines.
In addition to the Net, there are private electronic bulletin board systems that operate quite similarly to the Net, but are more limited in scope and access. A computer bulletin board system is the computerized equivalent of the bulletin boards commonly found in the workplace and schools. Instead of hanging on a wall covered with notes pinned up with thumbtacks, computer bulletin boards exist inside the memory of a computer system. A BBS is a private area on an electronic network where users may post messages and read previously posted messages by other users. Another service many BBS's make available is the ability to upload and download files. A BBS providing a section of files for its user to download, can distribute almost any type of computer file, including text, software, pictures, video clips, and sounds. Additionally, some private BBS's solicit their subscribers to upload various items onto the BBS. Uploading is the converse of downloading where the user posts information onto the BBS instead of taking from it. The system is analogous to removing and posting on a regular cork bulletin board.
The largest BBS's in the world today are America Online, CompuServe, Prodigy and the Microsoft Network. Besides these large commercial bulletin board systems, there are literally thousands of other BBS's that are run by private individuals.
For the purposes of this paper, BBS operators and Internet website operators will be viewed as being equivalent regarding the likelihood of liability because they provide the same functions in a nearly identical manner.
Similarities of Electronic BBS's to Existing Mediums

A BBS operator has a great deal in common with both the operator of a book store and a publisher. When a person purchases a book from a bookstore and the book turns out to contain offensive material, it would not be reasonable to hold the bookstore owner responsible for the book's contents because a book store owner can not reasonably be expected to have analyzed every book that runs through his store. Similarly, the argument can be made that SYSOPs can not reasonably be expected to monitor every posting that is put on their BBS' by their users. In contrast, if the SYSOP is only running a small BBS (for example, her own website) then she is more like a publisher because she can control exactly what is being sent out to the consuming public.
Another similarity between BBS's and existing media is the method of the transmission of the information. A BBS is similar in some ways to both broadcast and cable television. It is like broadcast TV because just as the Network TV stations can be received on any television within the viewing area without discrimination, a BBS is available to essentially any pc with a modem. However, a BBS is also like cable TV station in that a viewer can only get to them through an intentional act by the user. In other words, a TV watcher cannot watch Showtime's "Late Night" without first taking the overt step of subscribing to cable television and the Showtime channel specifically. Thus, there is (to some extent) implicit within the subscription of the service, the subscriber is accepting and acknowledging what is available through the service. In other words, a subscriber to ESPN knows that they are going to get sports, similarly a subscriber to the Net or a private BBS also knows what they are getting with their service. Similarly, a net surfer, or a BBS subscriber cannot obtain access to either of those services without first subscribing to them.
The primary difference between cable and broadcast TV is that the consumer needs a supplier to provide the cable television service, but does not need anything more than a television to receive broadcast TV. A similar distinction holds true with the Net and a private BBS. A user needs to have only a basic Internet connection to reach Internet any part of the Internet, but in order to obtain access to a private BBS, the user must first have arranged for the service.
Another similarity can be drawn to fee based telephone calls (e.g. 1-900 or 976 calls). Just as the customer that places the phone call has to make an overt effort to obtain contact with the phone service provider by dialing the phone number, a BBS user has to make a similar effort to dial the number to contact the BBS.
Differences between BBS's and Existing Mediums

A significant difference between a BBS and any other medium is that BBS's are often used for a non-chaperoned exchange of information, data, pictures, etc. In other words, the user can do essentially what ever they wish because there is a strong chance that a BBS operator will be unaware of the activity on his system. Additionally, BBS users are a completely non-captive audience. Even with cable television, subscribers may not realize that when they flip to channel 17 (for example) late at night that there will likely be mature/adult programming being aired. However, by virtue of the lack of organization of the Net and based on the nature of private BBS's, it would be virtually impossible for a user to stumble across anything that he found objectionable. As stated above, the Net is simply a massive conglomeration of computers that are networked together and there is no formal organization; there is no starting, nor ending point. Therefore, finding something on the Net requires either knowing the specific address of the site the user desires to go to or performing a search for the site. Either way, there is very little chance that a user will inadvertently find something that they find to be objectionable. The distinction between the Net and cable television is that while watching cable TV, a viewer can click on the remote to move sequentially up or down the available channels; there is an order to the television channels. However, on the Net, a user cannot more sequentially because there is not a next site in the range. The Net is unlike anything else in existence because there is no other medium that has as little structure and organization as the Net does. Similarly, on a private BBS, the user has to have made the affirmative act of dialing into the BBS; thus, there is a strong likelihood that the person dialing into the BBS knows exactly where she is going. In other words, a BBS customer cannot easily suggest that they had no idea of what was available on the BBS that they dialed into.
There are both similarities and differences between this new means of communicating and existing means. The question remains as to what standard the SYSOP should be held: the book store owner or the publisher?
Speech Advocating Lawless Action

Certain types of speech fall outside of the protection that the First Amendment protects. Speech advocating lawless action is one example of an unprotected type of speech. In Brandenburg v. Ohio the court held that guarantees of free speech do not forbid a state from proscribing advocacy of the use of force or of law violation where such advocacy is directed to inciting or producing imminent lawless action and is likely to incite or produce such action. On a BBS that can be a tricky issue to deal with because there are many times that a posting has been left on a the system for many weeks and if someone reads then reads the posting, a question arises as to whether the action suggested is imminent any more. It is likely not going to be, but the possibility for liability exists.
In the now famous "Jake Baker Case," Jake Baker, a student at the University of Michigan, e-mailed back and forth with another person and posted a story on the Net about a violent sex fantasy. He specifically identified the victim of his fantasy as one of his schoolmates. He was charged with transmitting threatening communications over state lines. A federal district judge in Detroit dismissed the charges; the judge held that while his story might be offensive, it was not a crime.
In another case that arose in Connecticut, a young man was arrested for operating a BBS containing a file that provided bomb-making instructions and advice on how to bomb law enforcement agents. He was charged with inciting injury to persons or property and risk of injury to a minor. The defendant, Michael Elansky, plea bargained with the government and received 28 months in jail, plus five years probation for violations from previous charges. This result is unfortunate because Elansky had a strong case in his defense. The same material that was posted onto his BBS is available in most bookstores in a book entitled The Anarchist Cookbook. Additionally, the United States government published books containing more detailed instructions regarding explosive devices that may be obtained at any military surplus store. The argument is that if a print publisher is permitted to print information that is available to the public, then a SYSOP should not be denied that same freedom. The information that Elansky published was not classified, nor was it illegal; indeed, it is available in every community across the country. Yet another point in Elansky's favor is that he did not create the files that were retrieved from his BBS. Thus, if the Elansky court had followed the rule set forth in Cubby Inc. v. CompuServe or United States v. LaMacchia, Elansky would have been acquitted of the charges pending against him. This is so because the Courts in both CompuServe and LaMacchia threw out the cases on summary judgment because the SYSOPs were found to be only distributors of information that was unknown or unpublished by them. Although Elansky intentionally and knowingly published the information, he was not the author of the information.
Fighting Words

Another type of speech that is unprotected by the First Amendment is fighting words. Fighting words are those which by their very utterance inflict or tend to incite an immediate breach of the peace. Fighting words are different from lawless action because there is no imminent requirement for fighting words. The potential liability is therefore significantly greater with fighting words because a user could post something during a momentary loss of composure which could lead to a significant liability issue for the SYSOP. An illustrative case occurred when a college freshman sent an e-mail to President Clinton informing the President that "one of these days I'm going to come to Washington and blow your little head off. I have a bunch of guns, I can do it." The statute used to convict the student does not make any specific distinctions between the means of transportation for the message. As a result, it clearly can be applied to e-mail.
Obviously, the person making the threat is going to find himself in a difficult legal situation, but it is also quite possible that the operator of the bulletin board system could also find herself in an equally messy situation.
Computer Crime

Computer crime covers a number of offenses, such as: the unauthorized accessing of a computer system; the unauthorized accessing of a computer to gain certain kinds of information, accessing a computer and removing, damaging or preventing access to data without authorization, trafficking in stolen computer passwords, spreading computer viruses, and other related offenses (often referred to as hacking).
Viruses

A virus refers to any sort of destructive computer program. Computer virus crime involves an intent to cause damage, "akin to vandalism on a small scale, or terrorism on a grand scale." Viruses can spread through networked computer or by sharing disks between computers. Viruses cause damage by either attacking another file or by filling up the computer's memory or be using the computer's process power. One feature that nearly all viruses have in common is an ability to self-replicate making them disease like (hence the name).
SYSOPs need to actively scan for viruses so that their users, if they discover one, cannot send that virus someplace else to wreak havoc upon a 3rd party computer system. SYSOPs must also worry about being liable to their own customers as a result of viruses which cause a disruption in service. It is also possible that if a serious and potent virus were transmitted down to outside computer, the SYSOP may end up being criminally negligent. However a case on this issue has not arisen as of yet, so the extent of the liability is unknown.
The above crimes can cause liability problems for a SYSOP, but more than likely, if a SYSOP finds herself in trouble it will be because of something relating to either the CDA specifically or pornography generally.
The CDA, Obscenity, Indecency and Pornography

The CDA is intended to restrict the access of minors to indecent and obscene material on the Internet. According to many scholars, the CDA fails miserably in obtaining those goals. However, it has already proven itself to be somewhat effective in chilling free speech.
Senator Jim Exon (D-Nebraska) proposed the Communications Decency Act (CDA), which passed the Senate in June 1995 and Congress in February, 1996. The Act provides that anyone who "makes, transmits, or otherwise makes available any comment, request, suggestion, proposal, image or other communication" that is "obscene, lewd, lascivious, filthy or indecent" using a "telecommunications device" will be subject to a fine of $100,000 or two years in prison. The effects of this act are far reaching because they impose liability on system operators, as well as those who post the communication.
Pros of the CDA

The primary concern according to the supporters of this act is to protect minors from having access to material that may be inappropriate. Additionally, the supporters of this Act believe that the indecent information on the Net: provides a negative image of society; makes women sex objects; encourages deviant behavior; fails to promote healthy male and female relationships; and gives people instructions about how to commit crimes (there is an argument that without such instruction, the individual would not commit the crime). Additionally, the supporters feel that the law is necessary to prevent children from accessing material that they are not able to understand and comprehend. It is true that the Net, as well as private BBS's, contain pornography that is accessible by children, some of it coming from adults explicitly seeking sexual relations with children. Additionally, "parents have legitimate concerns about what their kids are being exposed to and, conversely, what those children might miss if their access to the Internet were cut off." For these reasons, the supporters of the Communications Decency Act are satisfied with the law as written.
Cons of the CDA

There are several justifications that are advanced regarding limitations on the speech of Netizens, but on the other side of that coin, this law dramatically interferes with the Constitutionally guaranteed right of free speech. Civil libertarians were outraged at the passage of this legislation. Mike Godwin, staff counsel of the Electronic Frontier Foundation, complained the indecency portion of the law transforms the vast library of the Internet into a children's reading room, where only subjects suitable for kids can be discussed. According to Marc Rotenberg, of the Electronic Privacy Information Center, "it's government censorship, the First Amendment shouldn't (sic) end where the Internet begins."
There are several reasons that this law is opposed. The first one is that the Act imposes unconstitutional restrictions on indecent speech online. This restriction on indecency amounts to a total ban on all indecent information in public areas of the Internet, since all users of the Internet know that public areas are accessible to minors. "The United States Supreme Court has held over and over again that indecent material is protected by the First Amendment and may only be regulated with narrowly tailored means that leave adults free to communicate. Senator Exon's law has failed to identify Constitutionally-appropriate means of regulation."
The next reason that the law is opposed is because of the intrusion of the FCC on content and standards in interactive media. Enforcement of the law will require extensive and ongoing FCC proceedings to determine what exactly constitutes Indecency in various interactive media, and how the safe harbor defenses in the law will function. Such regulation will mean that the FCC will need to interfere with the development of all current and future Internet standards for services such as the Web, e-mail, and newsgroups. There is a strong belief that such an influential FCC role will lead to a great deal of delay in the growth of the Net.
Yet another reason for the opposition of the law is that it creates a ludicrous new crime of called Online Annoyance. This new crime would mean that annoying someone using harsh, but not obscene, language over interactive media is a crime, also punishable by $100,000 fines and two year jail terms. Federal, as well as many state laws already criminalize harassment, no matter what the medium, but prohibiting mere annoyance is an infringement on free speech.
The final reason that this law is opposed is because of the unfair service provider liability. Holding service providers liable is not only a violation of the First Amendment right to free speech, but it is simply unfair. Often SYSOPs have no knowledge of what is appearing on their bulletin boards and further, they often do not have any real means of controlling what is being posted.
Case law has tended to protect SYSOP's, particularly when they were not directly responsible for posting the offensive material. However, this law provides for a contrary result. An analogous situation is the case of a library or bookstore. When a person purchases a book in a bookstore and the book turns out to contain offensive material, it would not be reasonable to hold the bookstore owner responsible for that book's contents because a book store owner can not reasonably be expected to have analyzed every book that runs through his store. Similarly the argument can be made that a SYSOP can not reasonably be expected to monitor every posting that is put on their BBS by their users. Additionally, the CDA is in direct conflict with the existing law, as set forth by the Supreme Court. Even if a SYSOP took their entire staff and devoted them to reading all the e-mail, news forums, and chat forms, that provider could never be expected to keep up with the huge volume of information that travels the Internet every day. It is unreasonable to expect a service provider to be responsible for each piece of material that travels through or onto its systems. The current law holds that SYSOPs are not liable:

if they are unaware of the content of the posting by their users,
that possession is not illegal and
some pornographic images are legal if they pass the Miller test.

However, the CDA seemingly overlooks the current laws and has succumbed to the pressure of conservative groups that push for extreme control of the Net.
The CDA calls for the level of discourse on the Net as a whole needs to be reduced to that which is considered appropriate for children. One of the sections of the law effectively makes it illegal to use any of the seven dirty words in public forums on the Net. The result of this Act is that free speech and the blossoming expansion of the Net will be a thing of the past.
The Current Standards of Obscenity and Indecency

The CDA has set forth language that is clearly in direct conflict with existing case law set forth by the Supreme Court. The existing law may have problems adapting to this new medium, but that does not mean that Congress has the right to dismiss the underlying standards for obscenity and indecency. "Judicial attempts to create a clear test by which obscenity determinations may be based have produced an evolving standard." In 1957 the Supreme Court, based on a presumption that obscenity is utterly without social importance, held that the proper test of obscenity to be: "whether . . . the average person, applying contemporary community standards, the dominant theme of the material taken as a whole appeals to a prurient interest." The Supreme Court faced this issue again less than a decade later in Memoirs v. Massachusetts and they held that there is not a presumption that obscenity lacks social importance. The Court created a test based on three factors: "(1) the dominant theme of the material taken as a whole appeals to a prurient interest in sex; (2) the material is patently offensive because it affronts contemporary community standards relating to the description or representation of sexual matters; and (3) the material is utterly without redeeming social value." Instead of presuming obscenity to be without social value, the Court made the question of its value an element of the test. In 1967, the Court once again changed how the legality of obscenity should be looked upon in Miller v. California. In Miller, the Court established a three part test that permitted regulation without evaluating the social value of the material. The criteria that the Court laid out is:
(a) whether "the average person applying contemporary community standards" would find the work taken as a whole, appeals to the prurient interest...; (b) whether the work depicts or describes in a patently offensive manner sexual conduct specifically defined by applicable state law; and (c) whether the work taken as a whole lacks serious literary, artistic, political or scientific value.

Additionally, in the Miller case, the Court implied that lower courts must use local community standards to determine whether material is obscene. In 1987, the Court changed that test by holding that lower courts should apply local community standards to the first and second element of the test, but a "reasonable person" standard to the third element.
There is a set of factors that can be used to determine if an individual's speech is obscene, but there remains a question of what specifically constitutes a speech. An additional question remains as to whether the local community standards test should apply to the individual(s) disseminating the speech or the individual(s) receiving the speech.
Regarding what constitutes a speech, the Courts have consistently held that the freedom of speech is afforded a great deal of latitude in the written form (print medium), but it is given less protection when the speech is made via television (broadcast medium). This is best explained by the FCC:
broadcasting requires special treatment because of four important considerations: (1) children have access to radios and in many cases are unsupervised by parents; (2) radio receivers are in the home, a place where people's privacy interest is entitled to extra deference . . . ; (3) unconsenting adults may tune in a station without any warning that offensive language is being or will be broadcast; and (4) there is a scarcity of spectrum space, the use of which the government must therefore license in the public interest.

The Supreme Court has broadened this FCC interpretation to include television, in that radio and television programming can potentially invade the sanctity of the home of the unsuspecting listener. "The Court interpreted the First Amendment to provide only limited protection for indecent broadcast speech, making regulation permissible when the government can show a compelling interest."
The Supreme Court distinguished speech made via telephone lines in Sable Communication of Cal., Inc. v. FCC. The Court found that the service that Sable offered it's audience was different than that of broadcast radio or television where the audience is comprised of unsuspecting listeners. Sable's customers dial into Sable's telephone system and take affirmative steps to access the messages, such as dialing the number and entering a credit card number or an access code.
Another Supreme Court decision established a limit on the government's power to proscribe admittedly obscene material. In Stanley v. Georgia, a jury found certain movies taken from the defendant's home by police to be obscene. The Court held that the private possession of these obscene materials was not a punishable offense. The Court said: "whatever may be the justifications for other statutes regulating obscenity, we do not think they reach into the privacy of one's home. If the First Amendment means anything, it means that a State has no business telling a man, sitting alone in his own house, what books he may read or what films he may watch. Therefore, mere possession of obscene material is outside the reach of anti-obscenity laws, which can now only regulate the distribution.
This leads to the question of whether or not the current laws are adequate to deal with the issues that are coming up on the Internet. Questions such as whether data transmissions from a bulletin board operator to an individual's home computer are more like broadcast or are they more like print? In other words, when a computer user logs onto someone's website and the data from the website is transmitted down to the user's computer, is that transmission of information more like the flow of information in a television broadcast or is it more like the flow of information in a book or a telephone call? These questions have not been clearly decided.
In response to the question of whether the current laws are sufficient to control the Net, the answer appears to be no, they are not sufficient. This is so because there is little consistency within the method of receiving and sending online communications. For example, the Net is somewhat similar to the written and telephonic medium in how speech is delivered. More specifically, in written and telephonic speech, there is no captive audience. The audience selects the information that they wish to receive and it is transmitted to them. For example, if someone was interested in making a phone sex call or purchasing a pornographic magazine, that individual is making a choice to do so. The Net is similar in that users only get the information that they request. It is dissimilar to television or radio because in those mediums, there is less choice involved. Despite the fact that one can change channels, they still run the risk of eventually running across a channel that contains pornography. Chances are quite slim that a user would accidentally find a pornographic website based simply on the complexity of the organization of the Net. The Net is similar to telephonic speech as it relates to the role of the disseminator and the recipient. Just as in telephonic speech, the recipient of the pornographic information is often the one making the phone call. Thus, there is no room for an invasion of privacy argument if the recipient of the pornography made the call voluntarily. Additionally, the Net is analogous to telephonic speech in that an examination of the local community standards could be ruinous for both telephonic speech and Net speech. The recipient of the pornographic speech is the one who's community is likely to be examined for community standards violations, if the recipient has made a complaint about the speech. The effect of this is that the disseminators would have to screen every community in the country in order to ensure that they are not violating any community standards.
However, different aspects of the Net mimic different media. For example, should e-mail messages being sent across the Net to specific mail boxes be treated as mail or instead, as phone calls? Should BBS's where users leave messages for the general public be treated the same as e-mail? These questions are not easily answered.
The Internet presents so many new and novel issues that there likely needs to be a new approach to its regulation. Current laws are not the answer, though they give strong guidance towards a method of achieving appropriate regulations. The regulation of the Net should follow the broad guidelines the Supreme Court has provided in previous cases regarding printed pornography. In those cases, the Supreme Court has stated that the possession of pornography is not a violation of the law, that distributors are not liable when they are unaware of the content and that, in many instances, even the aware distributors are protected if the pornography can pass the Miller test. Additionally, the Court has found that if a distributor knows about the pornographic material, he or she may avoid criminal liability if they have taken proper precautions to limit the access of files that contain indecent or pornographic materials to adults through the use of access codes, encryption devices, and /or credit card payments. Several cases that have come before the courts that have attempted to reconcile the non-congruous nature of the Net versus other mediums of communication.
An illustrative case of the application of the current problem with existing law is the U.S. v. Thomas. In this case, a Tennessee court convicted two SYSOPs of distributing pornography via interstate telephone lines. Robert and Carleen Thomas operated a computer BBS that carried files that featured some rather unusual sexual pictures, including bestiality and adults having sex with prepubescent children. The Thomas's operated their members only BBS from their home in California, but they were indicted, prosecuted and convicted in Memphis, Tennessee. Many SYSOPs were quite concerned with this result because the Thomas's were prosecuted in the community where the material was received rather than where it originated. The material was found to be obscene based on the contemporary community standards of Memphis, not California, where the couple originally published the material.

The results of the prior cases have not been consistent and provide little guidance in how the current laws should be applied. Some cases suggest that the company or individual is immune from liability as an unknowing distributor, but some cases are suggesting that liability should be imposed for distributors. Therefore, the issue presented is that online services link users in different locales across the world, so a standard based on any one given community's views is unfair. "The reason for this is unique to our age of technology. Networked communications never actually enter any physical community. People and/or companies generally have no contacts with many of the recipient communities, and they do not advertise in them and often the distributors comply with the laws of the distributing state." Thus, the conclusion for the SYSOP is that they are likely going to be found liable for even unknowingly being the conduit of obscene and/or indecent material. A conclusion that is unfair, but until new laws are drafted that more appropriately deal with the community standards problem, a result that is likely.
What Can A SYSOP Do to Protect themselves?

This section will provide general suggestions as to how SYSOP's can avoid or minimize criminal liability. It will then detail various methods of risk management.
Mike Godwin suggests that SYSOPs should take the same precautions and practices that an adult book store owner would take in preparing for business:

Hire a lawyer.
Conduct research on state laws and regulations so that you are not shocked and surprised if the cops raid the place, but rather you have factored it in as one of the risks of doing business.
Follow the guidelines created by the FCC involving 1-900 services. They list precautions that the government finds acceptable, such as asking for a credit card for validation and implementing procedures to remove suspected minors immediately.

Despite all of the attention that the CDA received when it was passed, there is little chance that it will survive much longer, so this is one place where SYSOPs can relax. There was a temporary restraining order placed against the CDA within days of its passage into law. Additionally, the Attorney General has announced that she will not investigate nor prosecute anyone under the statute until the CDA's constitutionality has been determined. Additionally, Patricia Shroeder (D-Colorado), recently introduced legislation that would make the CDA less restrictive, as have several other legislators.
A general proposition is that a SYSOP can read a user's e-mail to help minimize their liability by providing them with inside information about their users. Why would a SYSOP want to read his user's e-mail? There are three likely reasons: idle curiosity, fear that the user is doing something inappropriate or dangerous, and finally, during the course of system maintenance.
However, if a SYSOP determines that reading the e-mail is the appropriate course of action to follow, how do they deal with invasion of privacy issues that would likely come up? A common practice among SYSOPs is to post disclaimers that state that there is no private e-mail under the provisions of the Electronic Communications Privacy Act. However, these disclaimers may not survive a court challenge and in effect SYSOPs who attempt to exempt themselves from the ECPA are waiving all of the rights and protections against a government search and seizure. Instead of protecting the SYSOP's rights, the disclaimer may actually end up making things worse than they otherwise would have been.
If a SYSOP has problems with a specific user the Electronic Frontier Foundation suggests several options:

talk to the individual, pull them into chat or call them on the phone. Often the user is unaware that they are causing a problem and will agree to stop doing the offending act.
have an attorney send a cease and desist letter
file a civil lawsuit against the user
file a criminal case, if necessary.

The SYSOP may offend the problem user by the confrontation, but it is her BBS and potentially her livelihood on the line.
Risk Management

"There is some good news: most of the risks your board faces can be minimized if you take an active approach to the problem." The SYSOP has several options that are available to them to help them manage the risk that they face. According to Wake Forest University Professor of Law Thomas M. Steele, there are 5 methods of risk management that a SYSOP can employ:

Avoid the risk. This means simply, do not engage in the risk promoting activity. This may not be a feasible solution for the mass SYSOP population, but in extreme cases where the risk is quite high as compared to the benefit received, it may be an appropriate.
Manage the risk. Managing the risk involves taking preventative measures, such as liability releases signed by the user, that requires the user to accept liability for their actions. Additionally, Professor Steele suggests that good record keeping can help assuage a potentially volatile situation for the SYSOP.
Transfer the risk. Currently this option is not as widely available as it will likely be in the next few years. However, if an insurance policy is available, this is an ideal means for a SYSOP to deal with their potential liability. Their are two types of policies that are currently used to offer some protection for SYSOPs: liability insurance policies and errors and omissions policies. The liability policy is, as it suggests, essentially indemnification from liability. Generally these liability policies are not specifically designed for SYSOPs, so a careful review of the policy is necessary to ensure that the purchaser of the policy will be covered to the extent that they are expecting. The other type of policy, the error and omissions policy is similar to an all risk liability policy that used to be available, except that it is intended to cover virtually everything that is not covered by the primary insurance policy and nothing that is covered.
Risk transfer to others. Essentially the idea behind this is to transfer the risk to some other organization that is immune from liability, such as a government agency. If this is not possible, consider creating a shell organization that has no assets, under which the BBS can be run. The advantage to doing this is that the shell organization has minimal assets and thus it would not be an attractive defendant to a suit. A potential concern is if a corporation is formed for this purpose, a potential claimant against the BBS may be able to pierce the corporate veil and have the court award the damages through the operator or the organization which is in actuality behind the BBS.
Share the risk. Professor Steele recommends creating an insurance pool. This would help defer some of the costs of insuring the BBS. Basically this works the same way that an insurance company works, but without a 3rd party insurance company reaping the massive profits. This approach has not been actively employed by SYSOPs, but it should be considered because it is an effective to minimize the costs of liability.

Conclusion

The criminal liability that a SYSOP faces is growing and may be somewhat daunting to those who are currently SYSOPs or those who desire to create a BBS. A SYSOP with a strong understanding of the Internet, as well as an awareness of the similarities and differences of BBS systems to other existing media will be more equipped to face potential criminal liability if they heed the suggestions set forth in this paper as to how to avoid, or at least minimize, the risk associated with operating a BBS.