Blog 2: Policy Considerations in Connection with Cyberstalking and Cyberharassment Laws

Policy Considerations in Connection with Cyberstalking and Cyberharassment Laws

1.         Difficulty of Enforcement

Several factors make it difficult to prevent cyberstalking, cyberthreats, and cyberharassment.  First, aggressors can engage in stalking and harassment on the internet with complete anonymity.  When it is impossible to identify the harasser, the next logical step in the enforcement process would be to seek assistance from the internet service provider to stop the harassment.  However, ISP’s have little incentive to provide such assistance because the safe harbor provision of the Communications Decency Act grants them broad immunity against liability for words posted by their users.[1] The safe harbor provision, 47 U.S.C. § 230(c)(1), provides: “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”  In Zeran v. AOL, 129 F.3d 327 (4th Cir. 1997), an anonymous AOL user posted a series of insensitive and inflammatory messages about the Oklahoma City bombings, identified him- or herself as plaintiff Zeran, and posted Zeran’s phone number.  As a result, Zeran received abusive phone calls, including death threats.  Zeran sued AOL for negligence.  The court held that pursuant to 47 U.S.C. § 230(c), AOL was immune to liability even though it knew of the postings and did not remove them.

ISP’s can break the shield of 47 U.S.C. § 230(c) if they promise to remove content posted by a third party but then fail to do so.  See, e.g., Barnes v. Yahoo!, 2009 WL 1232367 (9th Cir. 2009) (holding Yahoo liable on theory of promissory estoppels where Yahoo promised to remove nude photos and contact information of plaintiff posted by plaintiff’s disgruntled ex-boyfriend).  Thus, ISP’s are completely disincentivized from offering to police their users.  To avoid opening themselves up to liability, most ISP’s simply ignore reports of abuse.[2]

It is difficult to think of a way around this particular enforcement problem.  Perhaps the trouble is not so much with the immunity of ISP’s as with the cracks in their immunity.  Maybe if the legislature made the immunity absolute and also provided some kind of affirmative incentive to ISP’s to do their own policing, ISP’s could become an effective force against abuse on the internet.

2.         Harm in the Physical World and Constitutional Issues

A common policy argument against cyberstalking laws is that such laws might criminalize some innocent behavior because they are not sufficiently grounded in conduct in the physical world.  Cyberstalking and cyberharassment are carried out largely through the use of words, and Americans are extremely cautious when it comes to criminalizing speech.  We have extended First Amendment protection to many kinds of offensive, hateful, damaging, and threatening speech.  Even speech advocating the use of force against the government is protected unless it is likely to incite imminent action.[3] Our laws governing speech betray a strong preference for basing criminal liability on action over words.

Most cyberstalking laws include something like the “imminence” standard found in First Amendment case law – i.e., the credible threat requirement.  Under Florida law, for example, a cyberstalker will not be subject to more than one year in prison unless he or she makes a credible threat of bodily injury or death.[4] The inclusion of the credible threat requirement was likely motivated in part by evidentiary concerns, under the theory that a particular kind of action is a more solid evidentiary basis than a particular kind of feeling.  If the standard for imposing criminal liability were a certain level of fear on the part of the victim, the only way to prove that fear would be testimony, and testimony about feelings can be unreliable given that emotions can be highly individualized and given the human tendencies to forget, understate, overstate, be inarticulate, lie, and disbelieve.  A particular kind of threat, on the other hand, is documentable.  It is a good and natural impulse, I think, to want a solid basis for taking away someone’s freedom for more than a year.

The problem is that many cyberstalkers do not operate in such clumsy, heavy-handed way as to make a documentable death threat.  In fact, those who do are probably the least dangerous, because they are the least subtle, the least manipulative, and the least intelligent of stalkers.  Smart stalkers can inflict abject terror without resorting to a particular kind of threat.  The policy argument on this side of the coin is that (a) the object of the criminal justice system is justice for victims as much as for the accused; (b) it is unjust to allow one person to terrorize another based solely on the method or instrument used; and (c) thus the criminal justice system must expand to address new instruments of harm as they are introduced in the world.  When a cyberstalker posts on the internet the code to bypass a victim’s home security system and instructs fellow internet users on how to break into her house, has that victim not been placed in imminent, “real world” danger?[5]

The question then is how to serve the interests of victims without burdening lawful speech.  To do so, we might apply “[t]he same logic that licenses legal intervention before the criminal act is fully consummated” in inchoate crimes such as attempt and conspiracy and certain crimes involving reckless behavior.[6] Criminal liability for inchoate crimes still rests on certain kinds of conduct, which satisfies the evidentiary imperative, but society has determined that the required conduct need only be of a type to indicate impending criminal action.[7] For example, the inchoate crime of conspiracy might even be said to criminalize words, since one element of the crime is the agreement.  Yet we still accept laws criminalizing conspiracy as constitutional because such laws also require an affirmative act.  In the cyberstalking context, could the requisite act or conduct be accessing a computer or wire network with intent to stalk or harass or threaten?  I will leave that an open question for now and come back to the issue when I discuss wire fraud.

[1] Shaheen Shariff, Confronting Cyber-Bullying: What Schools Need to Know to Control Misconduct and Avoid Legal Consequences 85(2009).


[2] Id. at 86.

[3] Brandenburg v. Ohio, 395 U.S. 444 (1969).

[4] §§ 784.048, 775.082(4)(a) and (3)(d), Florida Statutes (2009).

[5] A man named Gary Dellapenta actually did this to a woman in California after she rejected his romantic advances.  Stephen J. Morewitz, Stalking and Violence: New Patterns of Trauma and Obsession 21 (2003).

[6] Meir Dan-Cohen, Harmful Thoughts: Essays on Law, Self, and Morality 172 (2002)

[7] Id.


~ by cstockard on October 29, 2009.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: