Editor: As one of the leading experts on privacy and data security law, you have focused heavily on cyber-bullying and cyber-hate crimes on the Internet. Would you first describe your practice for our readers?
Wolf: I've been involved with Internet legal issues essentially since the beginning of consumer access to the Internet, which dates back to the early-1990s. My involvement in Internet law was an outgrowth of the work I did for the old MCI Corporation in a protracted litigation involving a failed joint venture project for precursor Internet technology equipment. In the mid-'90s I represented the Washington Post in one of the first copyright challenges to reporters' use of the Internet for downloading materials. The case was brought by the Church of Scientology. Following shortly thereafter were a number of domain name cases and one of the first significant online privacy cases where the U.S. Navy engaged in pretexting to obtain information about a sailor who was suspected of being gay. The U.S. Navy got information from AOL under false pretenses, using it to try to oust the sailor. We brought a lawsuit that blocked his ouster as a challenge under "Don't Ask, Don't Tell." This was one of the first cases in which the court allowed a gay service member to remain in the service - a case we eventually settled with the U.S. Navy.
As the '90s turned into the 2000s, the issues of privacy and data security became the focus of my practice, so much so that I would say today I spend about 60 percent of my practice on privacy and data security matters. I also spend a fair amount of time on Internet public policy issues, co-chairing an advocacy coalition with Mike McCurry, former President Clinton's press secretary, called "Hands-Off the Internet." We are addressing the issue of the need for greater broadband capacity while also advocating against government regulation of broadband providers because we believe that the marketplace will provide both the capacity and the access that is needed for consumers. In my extra-curricular life I am very involved with the Anti-Defamation League (ADL) and the issue of hate on the Internet.
Editor: Please tell us about your work with the ADL.
Wolf: Since the mid-1990s, I have chaired the ADL's Internet Task Force, which addresses the issue of misuse of the Internet by anti-Semites, racists, homophobes and other haters. Just as the Internet is used by decent people for communication, education, entertainment and so forth, the "bad guys" are also using the Internet to spread their messages of hate and to promote real-world hate.
Editor: I appreciate your summary; it clearly deserves even more press in our paper. One of the most recent cases that attracted interest where you were interviewed on Jim Lehrer's program involved the prosecution of Lori Drew, a woman who fabricated her identity to join MySpace in order to torment a teenager, leading to the teenager's death. Would you describe more of the background of this case?
Wolf: This is a case that has been much in the news. It was about a year ago when Megan Meier, a 13-year-old girl in Missouri, went online to MySpace and began communicating with someone whom she thought was a teenage boy. They developed a relationship online. But suddenly the teenage boy named Josh [Evans], a pseudonym, began to torment Megan Meier and engaged in cyber-bullying, suggesting in fact that the world would be better off if Megan Meier were dead. That led to Megan Meier's suicide. It turns out that Josh was in fact a pseudonym for Lori Drew, a woman who was the mother of a friend of Megan Meier's, and it still to this day is not entirely clear what motivated Lori Drew to engage in such heinous behavior. Now the prosecutors in Missouri examined the case and concluded that there was no judiciable case despite how despicable the act was. More recently, federal prosecutors in California, where MySpace is headquartered, brought a prosecution against Lori Drew under the Computer Fraud and Abuse Act (18 USC §1030).
Editor: By what construction of the Act are the prosecutors claiming that a crime has been committed?
Wolf: It appears that they are alleging that Lori Drew fraudulently obtained access to the MySpace network and interacted with Megan Meier through the computer system by portraying herself to be a teenage boy named Josh [Evans], essentially lying to MySpace in violation of the terms of service that control how people can use the MySpace network. This is the first time, to my knowledge, that the Computer Fraud and Abuse Act has been used so expansively to go after a consumer who has misrepresented the facts in order to obtain access to a website. There are many instances in which consumers may not want to reveal information required of them to access a website and will use fictitious information in order to preserve their own privacy. In this case the prosecution is problematic in terms of the intent of the Act, which was originally enacted to deal with hacking and fraudulent conduct by computer thieves. To many of us in the field, it seems that this is a very broad application of that law.
Editor: Perhaps you could give us a brief history of other cases where incitement to crime on the Internet has led to prosecutions and winning verdicts.
Wolf: Obviously the First Amendment provides a great deal of latitude with respect to what can and cannot be said on the Internet, and prosecutors have been very reluctant to bring actions for Internet hate speech. But laws that were enacted even before the Internet era prohibiting obscene materials, threats of imminent violence or violations of civil rights have been applied to the Internet and the application has been upheld. The majority of the reported cases result from emailed messages that contained threats. There was one case where there was a barrage of online anti-Asian epithets directed at Asian college students that resulted in the successful prosecution of the sender. Another case involved a college student who proclaimed he hated homosexuals and threatened to shoot them in the back of the head, which resulted in the student being successfully enjoined from continuing to disseminate that hate speech. The landmark case that sought to establish the dividing line with respect to hate speech online involved Neil Horsely in conjunction with the American Coalition of Life Activists (ACLA) which created an anti-abortion site known as the Nuremberg Files. That site offered extensive personal information about abortion providers, including pictures, addresses, phone numbers, license plate numbers, social security numbers and so forth, and the viewers of the site were exhorted to send photos, videotapes and other data collected on the abortionists, including pictures of their cars, their houses, their friends and anything else of interest. The site proclaimed that the information would be used to prosecute abortion providers when abortion becomes illegal. But the list of the abortion providers read like a list of targets for assassination. In fact, the names listed in plain black lettering were of doctors who were still working, the names in gray were of doctors who were wounded and those whose names were crossed out indicated doctors who had been murdered. The trial court wrestled with the issue of whether the Nuremberg Files website constituted protected speech. The trial court found that it was in fact targeting abortion providers for murder. And the case went back and forth to the Ninth Circuit which ultimately concluded that the language on the site was not protected speech because it was an imminent and true threat of force. The site was shut down and damages were upheld. There are a number of other cases, but I must again say that they are the exception, not the rule. Most hate speech has not been prosecuted. The only exception is where there has been a credible threat to an individual or to a specific group. Otherwise hate speech essentially goes unchecked in this country as compared with Europe where there are specific prohibitions.
Editor: What is the status of ISP providers in terms of aiding and abetting cyber-crimes?
Wolf: ISP providers have great immunity from liability under two sets of laws passed by Congress. The first one is Section 230 of the Communications Decency Act, which essentially immunizes ISPs from liability for the content provided by third parties. The other is the Digital Millennium Copyright Act which provides a safe harbor for copyright violations. But the bottom line is that ISPs typically are not responsible for the content of third parties unless they participate in crafting the content. Most recently, Senator Joe Lieberman has sent a letter to Google and to YouTube with respect to terrorist websites inciting terrorist acts asking ISPs to enforce their own terms of service voluntarily. And that probably is as far as lawmakers can go because it would be very difficult to draw the line between what is acceptable speech and what is prohibited hate-speech or even terroristic speech. There was a prosecution against a professor in Idaho claiming that he was encouraging terrorism, but when it was pointed out that a professor at Princeton had much of the same content online for academic purposes, the jury acquitted the former. So it is very difficult for the law to be used as a tool in prosecuting hate speech or even terroristic speech.
Editor: Today's New York Times featured an article regarding three ISPs that have agreed to totally eradicate such sites relating to child pornography from their service. This could be a very helpful thing, though it does encroach on the realm of free speech.
Wolf: There is no reason why lawmakers and policymakers cannot ask the online companies and ISPs of the world to voluntarily assist in setting online standards. In fact, it's perfectly appropriate and should be encouraged that ISPs play a role in policing that kind of content as well as online hate-content. Recently, Network Solutions took down the website of a right-wing Dutch Parliamentarian who had a video that was inflammatory toward the Muslim religion. Network Solutions concluded that in the Internet community that it wishes to create that kind of content is not acceptable - a perfectly appropriate role for ISPs to play. Frankly, the marketplace can serve as a check on whether the ISPs are playing their role appropriately. Again, the law may not have a specific role to play in this area of speech, but that does not mean that there are not things for ISPs and citizens to do with respect to hate speech online.
Editor: The right to privacy has been one long recognized by the Supreme Court since the time of Justice Brandeis, yet social networks such as MySpace do not seem to be constrained by anything more than their own self-policing policies. Is there a sentiment that they should be subjected to more policing by regulators?
Wolf: When you're dealing with children under thirteen, there is a federal law known as the Children's Online Privacy Protection Act (COPPA) that applies with full force. And the attorneys general of a number of states have worked hand-in-hand with the online social networking sites like MySpace and Facebook to make sure that COPPA is complied with and that underage children are not participating in turning over private data. COPPA should be enforced on-line in whatever format or web 2.0 application involved. Beyond that, it is really up to individuals to be aware of how turning over information can come back to haunt them. We're all aware of teenagers posting pictures of themselves in compromising positions or saying things about themselves that may later impede their ability to be admitted to schools or even get a job. It is important that teenagers as well as adults be educated about the full impact of the Internet since the Internet creates a permanent record. In the state of Virginia there is a law that requires teaching Internet etiquette to kids in school so that they understand what it is that they are doing online and what the repercussions may be.
Editor: In summary, would you tell us how you think hate crimes on the Internet can be contained and eventually eliminated?
Wolf: I don't think that hate crimes can ever be eliminated, unfortunately. But hate on the Internet needs to be an issue that is raised to a higher level on the public agenda, both on the public policy agenda and on the agenda of ISPs and the Internet community at large. There needs to be more information, there needs to be greater sensitivity to it, and children need to be taught from an early age that hateful words are not appropriate. The Anti-Defamation League (ADL), with which I'm quite involved, has a program against cyber-bullying for students, teachers, and their parents that needs to be expanded and made available to more people. But beyond that, the ISPs have a role to play in policing hate-filled content and, as Justice Brandeis said "the best disinfectant is sunlight" or counter speech. More people should take the time to rebut and react to hate speech, condemning it and exposing the hate speech for the lies it contains. Only in that way will people eventually see a diminution of hate speech online.