E-Commerce Law Week, Issue 479

The Debate Over Website Immunity for Third-Party Content Heats Up

Courts have generally interpreted section 230(c)(1) of the Communications Decency Act as giving websites and other "provider[s] or user[s] of an interactive computer service" broad immunity from suits that "treat[]" them as the "publisher or speaker of any information provided by another information content provider." Reaffirming the traditionally broad interpretation of this liability shield, a federal court in Arizona ruled in Global Royalties, Ltd., v. Xcentric Ventures, LLC, that section 230 protected the defendant against liability for allegedly defamatory statements that a third party had posted to the defendant's "Ripoff Report" website -- even though the defendant supplied the title for one of the third party's postings. But another federal court added to a steady trickle of cases in which courts have begun to question the sweeping application of CDA immunity. In FTC v. Accusearch, Inc., a district court in Wyoming held that the CDA was no defense against the Federal Trade Commission's charges that Accusearch violated the FTC Act's prohibition of "unfair" business practices by "obtaining and selling confidential customer phone records without the affected customers' authorization." The court found that immunizing Accusearch for its web-based delivery of phone records to paying customers would be contrary to "the legislative intent and statutory purpose of the CDA’s immunity provision." Along with other recent cases, Xcentric Ventures and Accusearch indicate that debate over the proper scope of CDA immunity has begun in earnest.

Third Circuit Says FCC Acted within Its Discretion when Deregulating DSL

The Third Circuit has upheld the Federal Communication Commission's decision to deregulate services, such as DSL, that provide broadband Internet access over "wireline" telephone networks. As we previously reported, the FCC's 2005 Wireline Broadband Order reclassified facilities-based wireline broadband Internet access as an "information service" (rather than a “telecommunications service”) under the Communications Act, thereby removing several regulatory requirements formerly applicable to wireline broadband providers, including the "common carrier" obligation to provide competitors with nondiscriminatory access to network transmission services at cost-based rates. In Time Warner Telecom, Inc. v. FCC, several Internet providers, telecommunications service providers, cable modem providers, and public interest organizations asked the Third Circuit to review this order, contending that it "allow[ed] telephone companies to deny competitors access to their wirelines, thereby resulting in decreased competition and consumer choice in the market for broadband Internet service." The Third Circuit denied their petition, finding that the order was "based on a reasonable interpretation of the Communications Act of 1934 ... and a proper exercise of agency discretion." On its way to this conclusion, the Third Circuit reaffirmed the FCC's authority to regulate providers of broadband Internet service as "information services" under the Communications Act, but as "telecommunications carriers" for the purposes of the Communications Assistance for Law Enforcement Act.

Court Adds to Disagreement over When Access to Computer is "Authorized"

Companies that want to go after former employees who pilfered or destroyed company data on the way out the door are increasingly turning to the Computer Fraud and Abuse Act (CFAA). There are many ways to state a claim under this statute, including by showing that the former employee's access to the information was "without authorization" (sections (a)(5)(A)(ii-iii)), or that the employee transmitted a command that "intentionally cause[d] damage without authorization" to a company computer (section (a)(5)(A)(i)). However, courts disagree over whether an employee with authorization to access a company computer can be said to act without authorization when, while still employed with the company, he or she surreptitiously steals information from, or causes damage to, such a computer. In B&B Microscopes v. Armogida, a federal court in Pennsylvania deepened this split, finding that former B&B employee Luigi Armogida did not access his company laptop without authorization when he deleted files from his computer, since he was still employed by B&B at the time of the access. But, because the damage Armogida intentionally caused was not authorized, the court still ruled that he had violated the CFAA. Given the unsettled nature of the law on unauthorized access, CFAA plaintiffs may want to follow B&B's lead by pursuing an additional claim for unauthorized damage.

Questions and comments about E-Commerce Law Week are always welcome.  Please send your feedback to Sally Albertazzie.