The Cartman Technique: How a Fraud Exception will Mine the ISP Safe Harbor

[A]ll it takes to kill a show forever, is to get one episode pulled. If we convince the network to pull this episode for the sake of Muslims, then the Catholics can demand a show they don't like get pulled . . . and so on and so on, until Family Guy is no more - it's exactly what happened to Laverne & Shirley.- Eric Cartman, South Park , Cartoon Wars I

It doesn’t take much to whittle away a law. One need only use the Cartman technique – ask for one exception and wait for others to follow. It is death by a thousand cuts on the legal stage.

After being manhandled by the housing market and countless Ponzi schemes, investors are tired of being victimized. In an effort to hobble unscrupulous economic predators, the House is considering the Investor Protection Act of 2009, which generally bolsters SEC oversight. This is a good thing. However, the Act also carves out a Fraud exception from Section 230 of the Communication Decency Act, which protects ISPs from liability for the actions of third-party users. And that’s where the trouble lies.

It is difficult for ISP’s to know exactly what their customers are doing. Much like the Post Office, ISP’s do not inspect every piece of mail that finds its way to their series of tubes. In order to make sure that ISP’s do not have to routinely violate the privacy of their customers, and in order to allow the Internet Forum to exist sans Prior Restraint, we immunize ISP’s from the uncivil, jackassery perpetrated on the Internet. So if a website defames you, you sue the defamer and not the webhost. The same is true of web scams, mutatis mutandis.

But that will no longer be true if and when the Investor Protection Act of 2009 passes. Section 508 of that law will hold ISPs liable for the actions of scam artists passing themselves off as members of the Securities Investor Protection Corporation (a quasi-governmental entity that provides funds to investors who have lost assets in financially troubled brokerage firms):

‘(2) INTERNET SERVICE PROVIDERS.—Any Internet service provider that, on or through a system or network controlled or operated by the Internet service provider, transmits, routes, provides connections for, or stores any material containing any misrepresentation of the kind prohibited in paragraph (1) shall be liable for any damages caused thereby, including damages suffered by SIPC, if the Internet service provider—
‘‘(A) has actual knowledge that the material contains a misrepresentation of the kind prohibited in paragraph (1), or
‘‘(B) in the absence of actual knowledge, is aware of facts or circumstances from which it is apparent that the material contains a misrepresentation of the kind prohibited in paragraph (1), and upon obtaining such knowledge or awareness, fails to act expeditiously to remove, or disable access to, the material.

Several other commentators have already pointed out that the act is vague and that blocking fake SIPC sites will be impossible. Critics have pointed out that SIPC-related takedown notices will become the new tool of choice for entities looking to pull down web content or silence their online critics (alongside bogus DMCA actions). While these are important concerns, I am more concerned with the wider system effects of carving out individual exceptions to §230.

Granting a fraud exception invites other deserving groups to tear holes in §230’s protections.  The parents of abused children have repeatedly sued social networking sites such as MySpace, claiming that these sites negligently facilitate the molestation and sexual assault of minors. Surely if we except fraud, we can except actions that lead to rape. Or how about cyber-bullying? The Lori Drew case certainly focused attention on the problem. In the wake of Megan Meier’s suicide, numerous states have passed tough anti-cyber-bullying laws. Why not make ISP’s liable for transmitting these harmful (and sometimes fatal) taunts?

If you don’t believe that this ripple effect will likely follow a simple fraud exception, I point you towards the Federal Rules of Civil Procedure.  Rule 8 establishes a broad pleading standard, meaning that a plaintiff can plead a case without knowing all the facts (after all, facts are supposed to be revealed during discovery). But there is a very narrow exception, the heightened specificity standard of Rule 9(b), which attaches in cases alleging fraud. Complaints falling under 9(b) must lay out the particulars of fraud with a much greater level of detail than other claims.

While 9(b) was supposed to apply only to fraud, courts soon began expanding it to all sorts of litigation: for example, in Cash Energy, Inc. v. Weiner, 768 F. Supp. 892 (D. Mass. 1991) the court expanded Rule 9(b) to cover CERCLA (an environmental protection statute).  This sort of expansion has been so rampant that the Supreme Court has twice needed to remind everyone  that the fraud exception applies only to fraud, not civil rights abuses, Leatherman v. Tarrant County Narcotics Intelligence and Coordination Unit, 507 U.S. 163 (1993), and not employment discrimination, Swierkiewicz v. Sorema N.A., 534 U.S. 506 (2002).

So yes, the Cartman technique is alive and well. To grant a special exception from §230 for a particular type of fraud is to order a slow evisceration of the entire shield. I am sympathetic to defrauded investors, but their protection should not come at the cost of §230. Perhaps the act should require SIPC to maintain a list of all its endorsed websites. Or to widely publicize (just as in the early days of AOL) that it will never approach individual users with amazing deals that require their banking passwords and social security numbers. The death by a thousand Cartmans is a sorry sight. We should do what we can to prevent it.

(Andrew Moshirnia is a second-year law student at Harvard Law School. He loves cheesy poofs. If he didn't eat cheesy poofs he'd be lame.)

Subject Area: