Cyber-Defamation: What Is It and How Should Businesses Respond?By Thomas J. Mew IV – November 11, 2013
All businesses deal with criticism, whether from a competitor or from a dissatisfied customer. There is, however, a difference between legitimate criticism and defamation. An increasingly common issue for businesses is “cyber defamation.” Although the details of a particular incident may vary, cyber-defamation attacks share common features. First, the negative statement is communicated over the Internet, perhaps in a blog, in the comments section of a website, via Twitter, or in an online review. Second, the party making the allegedly defamatory statement typically does so anonymously with perhaps only a screen name to identify him or her.
With just a few keystrokes and access to the Internet, a party can craft and publish a defamatory statement to a vast audience of other Internet users. Such statements can have devastating consequences for a business. This article offers guidance on what constitutes cyber defamation and on potential options for businesses facing this issue.
Elements of Cyber Defamation
The elements of a cyber-defamation claim are essentially the same as a traditional defamation claim and typically include
(a) a false and defamatory statement concerning another;
(b) an unprivileged publication to a third party;
(c) fault amounting at least to negligence on the part of the publisher; and
(d) either actionability of the statement irrespective of special harm or the existence of special harm caused by the publication.
Restatement (Second) of Torts § 558.
“A communication is defamatory if it tends so to harm the reputation of another as to lower him in the estimation of the community or to deter third persons from associating or dealing with him.” Id. § 559. Thus, although a plaintiff must ultimately establish the same factors to prevail on a cyber-defamation case as in a traditional defamation action, the Internet context and the typically anonymous nature of the communication raise distinct issues and challenges.
False and defamatory statement. Online speech can blur the already difficult distinction between actionable statements of fact and mere opinions. Online speech is often informal and replete with acronyms, relaxed grammatical standards, and hyperbole more often associated with opinions than actionable statements of fact. See, e.g., Global Telemedia Int’l, Inc. v. Doe 1, 132 F. Supp. 2d 1261, 1267 (C.D. Cal. 2001) (noting that “the postings are full of hyperbole, invective, short-hand phrases and language not generally found in fact-based documents”); SPX Corp. v. Doe, 253 F. Supp. 2d 974, 981 (N.D. Ohio 2003) (“[S]tatements appearing in such locations as forum and commentary newspaper sections, or other venues often associated with ‘cajoling, invective, and hyperbole,’ are more likely opinion.”).
Although the Internet context is an important consideration, courts have also refused to excuse otherwise defamatory statements simply because they were made online. In Cohen v. Google, Inc., 887 N.Y.S.2d 424, 429 (N.Y. Sup. Ct. 2009), the court rejected a blogger’s argument that because “Internet blogs serve as a modern day forum for conveying personal opinions” words such as “skank,” “ho,” and “whoring” could not reasonably be understood to be statements of fact. See also In re Subpoena Duces Tecum to Am. Online, Inc., 52 Va. Cir. 26, 2000 WL 1210372, at *8 (Va. Cir. Ct. 2000) (noting that “[i]n that the Internet provides a virtually unlimited, inexpensive, and almost immediate means of communication with tens, if not hundreds, of millions of people, the dangers of its misuse cannot be ignored. . . . Those who suffer damages as a result of tortious or other actionable communications on the Internet should be able to seek appropriate redress.”), rev’d on other grounds sub nom. Am. Online v. Anonymous Publicly Traded Co., 542 S.E.2d 377 (Va. 2001). Businesses should carefully consider the context of the statement in evaluating whether it is an actionable statement of fact or simply an expression of opinion.
Unprivileged publication. For a statement to be defamatory, it must not be privileged. The same privileges that apply to traditional defamation cases typically apply to cyber-defamation claims as well. Businesses should be mindful of any privileges afforded under applicable laws and recognize that, as in any defamation case, a defendant’s right to conduct discovery on a defense such as truth may expose the business to additional expense and potential embarrassment.
Fault on the part of the publisher. One question that often arises in the cyber-defamation context is who may be considered a publisher. In particular, are service providers such as Yahoo! liable for defamatory content communicated over their services? The answer typically is no.
The Communications Decency Act (CDA) states in part that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” 47 U.S.C. § 230(c)(1). The CDA defines “interactive computer service” as “any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server, including specifically a service or system that provides access to the Internet and such systems operated or services offered by libraries or educational institutions.” 47 U.S.C. § 230(f)(2). An “information content provider” is “any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service.” 47 U.S.C. § 230(f)(3). Thus, under the CDA, service providers are generally not liable for a third party’s use of their service to make defamatory statements.
Damages. As in a traditional defamation case, the content of the communication will be important in determining whether the plaintiff must show special harm caused by the statement. Damages also can be an important issue in a court’s decision whether to compel revelation of an anonymous party. See, e.g., Dendrite Int’l, Inc. v. Doe No. 3, 775 A.2d 756 (N.J. Super. App. Div. 2001) (denying plaintiff’s request to compel identification of defendant where plaintiff failed to show that defendant’s comments damaged plaintiff).
Responding to Cyber Defamation
Businesses have a variety of potential responses available when faced with defamatory online statements, each of which offers its own potential risks. These options range from doing nothing to filing a lawsuit. The issues and risks of each option are explored below.
Ignoring the statement. The simplest option is to ignore the statement. A negative statement or posting may often be offset by other, positive comments or reviews. Moreover, astute readers typically read negative Internet statements in context, particularly if they appear alongside positive or more balanced comments in a comments section or in a review site. In addition, if the statements are outlandish or over the top, readers may well dismiss such statements as deliberately inflammatory “trolling” or as simply irrational and not worthy of credence, especially when the statements are posted anonymously.
Ignoring a defamatory statement, however, may not be an acceptable option. For example, a publicly traded company may be compelled to rebut certain statements that threaten its value or that allege criminal activities. Or a statement or series of statements may so threaten the viability of a company’s brand or product that the business may determine that some action is required. In such cases, businesses have various options but must consider the risks involved with each course of action.
Seeking removal of the statement. One option for responding to the statement is to request that the service provider remove it. This strategy has the best chance of success if the business can credibly allege that the statement violates copyright or trademark law or that it otherwise violates the service provider’s terms of service. There is, of course, no guarantee that the service provider will agree, especially given its protection under the CDA as described above. Moreover, simply removing the statement does little to deter the party who made the statement, who can always simply repost it in another forum.
Rebutting the statement. Under some circumstances, especially if it is unsuccessful at convincing the service provider to remove the statement, a business may choose to rebut the statement, either through a formal press release or by responding directly to the party making the statement (through a cease-and-desist letter, if the party’s identity is known, or perhaps by responding to an anonymous party in the same forum as the statement appeared). Any such response, however, runs a risk of exacerbating the situation. First, it may appear to give credence to the defamatory statement. Second, it may invite further scrutiny and public attention to the statement. Third, should a business directly respond to a comment or posting, it may increase the posting’s visibility in search results. Thus, businesses should carefully consider whether the risk of responding outweighs the risk of inaction.
Filing a legal action. Another option is for the business to pursue legal action against the party making the allegedly defamatory statement. This action typically takes the form of a defamation suit; if the defendant is a competing business, the suit may also include unfair competition or similar claims. Depending on the nature of the statement and the party making the statement, trademark infringement claims or claims for breach of a confidentiality agreement or of a restrictive covenant may also be an option.
First Amendment issues. First Amendment issues—such as whether the plaintiff is a public figure and whether the speech at issue constitutes political or commercial speech—apply equally to Internet communications. Reno v. ACLU, 521 U.S. 844, 870 (1997) (“[O]ur cases provide no basis for qualifying the level of First Amendment scrutiny that should be applied to this medium.”).
One distinctive aspect of Internet speech is that the speaker is often anonymous. As a result, the first and most essential challenge in many cyber-defamation actions is to discover the true identity of the party who made the defamatory statement. The United States Supreme Court has held that “an author’s decision to remain anonymous . . . is an aspect of the freedom of speech provided by the First Amendment.” McIntyre v. Ohio Elections Comm’n, 514 U.S. 334, 341–42 (1995). A speaker’s right to speak anonymously is an important component in whether a plaintiff can compel disclosure of an anonymous party’s identity.
Cyber-investigation firms and similar services offer a variety of techniques to capture the party’s identity. A business may also wish to employ this avenue as part of its pre-litigation due diligence to decide whether further action is worth pursuing. An important concern in this context is the potential use of “pretexting” (supplying false information) to gain information from the anonymous party. Attorneys must take care to avoid being a party to any conduct that would violate legal or ethical standards. See ABA Model Rules of Professional Conduct 8.4, 4.1, and 5.3, which proscribe dishonest conduct and require attorneys to ensure that non-lawyers over whom they have supervisory authority comply with professional standards.
A business may also choose to file a “John Doe” lawsuit against the as-yet unknown defendant and then issue subpoenas to the relevant service providers to identify the defendant. Similarly, state procedural rules may provide for pre-litigation discovery in certain contexts. See Cohen, 887 N.Y.S.2d 424 (permitting the plaintiff to seek pre-litigation discovery under New York rules).
The service provider or the anonymous party (after receiving notice that a subpoena has been issued) may object to the subpoena, and courts have applied different standards in determining whether a plaintiff is entitled to an order compelling disclosure of identifying information. These standards typically seek to balance the plaintiff’s interest in discovering the identity of an anonymous defendant against the defendant’s right to communicate anonymously.
In this context, courts have applied a variety of tests, some more demanding than others. See, e.g., In re Subpoena Duces Tecum to Am. Online, Inc., 52 Va. Cir. 26, 2000 WL 1210372, at *8 (holding that a party seeking to compel disclosure of an anonymous online speaker’s identity must make a satisfactory showing through “the pleadings or evidence” that it has “a legitimate, good faith basis to contend that it may be the victim of conduct actionable in the jurisdiction where suit was filed”); Dendrite Int’l, 775 A.2d at 760–61 (applying a four-part test under which the plaintiff must produce sufficient prima facie evidence to support each element of its claim); Doe v. Cahill, 884 A.2d 451 (Del. 2005) (adopting, in part, the Dendrite four-part test and applying the summary judgment inquiry under Delaware law); In re Anonymous Online Speakers, 661 F.3d 1168 (9th Cir. 2011) (relying heavily on the nature of the speech at issue and describing the Cahill test as the “most exacting” but too rigorous for cases not involving political speech). Numerous other courts have addressed the issue of what standards apply when a plaintiff seeks to compel identification of an anonymous party. Practitioners should carefully analyze what standards apply in the relevant forum. See chapter 11 in George B. Delta & Jeffrey H. Matsura, Law of the Internet (2013), for a more detailed description of several such cases.
Even if a party succeeds in enforcing its subpoenas, more sophisticated anonymous parties may still be able to thwart identification or at least add substantial cost to the process. For example, the party may use a virtual private network or other methods to avoid or substantially complicate detection. In addition, if the communication originated from a public computer such as those found in libraries, identification of a specific individual may be extremely difficult if not impossible.
Cyber-defamation actions present a number of particular concerns in addition to the risks inherent in any litigation. First, by taking action against an individual, the business risks being perceived as a bully out to stifle any criticism. (This risk is, of course, reduced or eliminated if the other party is also a business.)
Second, the defendant may file a counterclaim. Perhaps the most common counterclaim in cyber-defamation actions is under state anti-SLAPP (strategic litigation against public participation) laws, which typically permit a defendant to dismiss a lawsuit if the conduct at issue arose from the defendant’s exercise of free speech in connection with a public issue and if the plaintiff cannot show a probability of success on the claims. See, e.g., Global Telemedia Int’l, 132 F. Supp. 2d at 1265 (dismissing lawsuit under California’s anti-SLAPP law and awarding defendants their attorney fees). In addition, businesses should be careful that a lawsuit does not violate relevant whistleblower laws or, if the alleged defamatory statement is made by an employee, the National Labor Relations Act.
Finally, even if the lawsuit succeeds, an individual defendant will likely lack the resources to pay a judgment of any significance. Thus, it may be wise to pursue settlement, the terms of which could include an apology and removal of the offending statement.
Cyber defamation is a problem that businesses will continue to face. Businesses must be vigilant and must continually monitor the Internet for potential defamatory statements. The proper response depends on timely identification of the statement and an informed analysis of the communication.
Keywords: litigation, business torts, unfair competition, defamation, Internet, discovery, anti-SLAPP, freedom of speech, anonymity
Thomas J. Mew IV is with Rogers & Hardin LLP in Atlanta, Georgia.