LEGAL ISSUES FACING THE BBS SYSOP
********************************************
CHAPTER 9: LEGAL ISSUES FACING THE BBS SYSOP
********************************************
Version 0.9 - June 19, 1994.
Copyright (c) 1994 Carl J. Elitz
9.0 Introduction
================
This chapter contains a general discussion of some of the
legal risks facing those who run computer bulletin board systems
(BBS' or boards), along with some suggestions for reducing those
risks. It is not yet in the familiar Q&A format, but may be
modified in future revisions.
Please consider the discussion that follows for educational
purposes only and not as a substitute for legal advice. The
suggestions made below should be used only as a starting point for
your own consideration of the issues presented and may not be
suitable for your individual situation. If you need legal advice,
consult with an attorney licensed to practice in your jurisdiction.
Those with a practical interest in the subject are referred to
Lance Rose's and Jonathan Wallace's book, SYSLAW (2nd Ed. 1992),
(available by calling PC Information Group at 1-800-321-8285). At
present, this is the definitive book on the subject and a good
source of information for the new or experienced sysop. Cost is
about $38.
A more scholarly treatment of many of the same issues can be
found in a law review article written by David J. Loundy, "E-Law:
Legal Issues Affecting Computer Information Systems and System
Operator Liability," 80 Alb. L. J. Sci. & Tech. Vol 3 (1993).
Loundy's article is available in many law libraries and on the
internet via anonymous ftp from the Electronic Frontier Foundation:
ftp.eff.org (path /pub/EFF/policy/Legal/e-law.paper).
Please note: the following does not necessarily apply to BBS'
running outside the United States. Obviously, the laws of other
jurisdictions may be quite different.
Finally, please recognize that this chapter is an evolving
document in its early stages of development. Suggestions for
improvement are welcome. The author can be reached at either of the
following internet address sites: carl.elitz@n9csa.com or
reds@ripco.com.
9.1 The Legal Risks
===================
Your legal exposure as a BBS sysop is not insignificant. Even
if your intentions are good, mistakes or errors in judgment expose
you to both civil and criminal liability. This is due, in large
part, to the fact that there will be so many people calling your
board, each with his or her own agenda. If you fail to educate
yourself on the basic risks, your exposure increases dramatically.
9.1.1 Civil Lawsuits
--------------------
Filing a civil suit in the United States is a relatively
simple and inexpensive process for a plaintiff, usually costing
less than the latest version of your favorite word processing
software. Indeed, a caller or other person who believes she has
a case against you may find an attorney willing to represent her
for a "contingency fee," charging only if the suit results in money
PLEASE NOTE THE CORRECT ADDRESS FOR COMMENTS: I'M ONLY THE MESSENGER!
From: reds@ripco.com (Carl J. Elitz)
Newsgroups: misc.legal
Subject: BBS-LAW-FAQ: Comments Please
Message-ID: <CrvMDn.H29@rci.ripco.com>
Date: Fri, 24 Jun 1994 00:51:21 GMT
Sender: usenet@rci.ripco.com (Net News Admin)
Organization: Ripco Internet BBS, Chicago
Lines: 1093
X-Newsreader: TIN [version 1.2 PL2]
The following is a chapter which is currently being prepared for inclusion
in an upcoming faq on setting up a bulletin board. To date, no one but
myself has read it and I would appreciate any feedback anyone with an
interest in the subject might have.
As the official release date of the FAQ is not yet here, I would appreciate
it if people would hold off on distributing it until it has been edited. I
expect a release date within a few weeks.
I will attempt to respond to all e-mail. My preferred address is
carl.elitz@n9csa.com but mail may be directed to me here at ripco, as well
(reds@ripco.com).
********************************************
CHAPTER 9: LEGAL ISSUES FACING THE BBS SYSOP
********************************************
Version 0.9 - June 19, 1994.
Copyright (c) 1994 Carl J. Elitz
9.0 Introduction
================
This chapter contains a general discussion of some of the
legal risks facing those who run computer bulletin board systems
(BBS' or boards), along with some suggestions for reducing those
risks. It is not yet in the familiar Q&A format, but may be
modified in future revisions.
Please consider the discussion that follows for educational
purposes only and not as a substitute for legal advice. The
suggestions made below should be used only as a starting point for
your own consideration of the issues presented and may not be
suitable for your individual situation. If you need legal advice,
consult with an attorney licensed to practice in your jurisdiction.
Those with a practical interest in the subject are referred to
Lance Rose's and Jonathan Wallace's book, SYSLAW (2nd Ed. 1992),
(available by calling PC Information Group at 1-800-321-8285). At
present, this is the definitive book on the subject and a good
source of information for the new or experienced sysop. Cost is
about $38.
A more scholarly treatment of many of the same issues can be
found in a law review article written by David J. Loundy, "E-Law:
Legal Issues Affecting Computer Information Systems and System
Operator Liability," 80 Alb. L. J. Sci. & Tech. Vol 3 (1993).
Loundy's article is available in many law libraries and on the
internet via anonymous ftp from the Electronic Frontier Foundation:
ftp.eff.org (path /pub/EFF/policy/Legal/e-law.paper).
Please note: the following does not necessarily apply to BBS'
running outside the United States. Obviously, the laws of other
jurisdictions may be quite different.
Finally, please recognize that this chapter is an evolving
document in its early stages of development. Suggestions for
improvement are welcome. The author can be reached at either of the
following internet address sites: carl.elitz@n9csa.com or
reds@ripco.com.
9.1 The Legal Risks
===================
Your legal exposure as a BBS sysop is not insignificant. Even
if your intentions are good, mistakes or errors in judgment expose
you to both civil and criminal liability. This is due, in large
part, to the fact that there will be so many people calling your
board, each with his or her own agenda. If you fail to educate
yourself on the basic risks, your exposure increases dramatically.
9.1.1 Civil Lawsuits
--------------------
Filing a civil suit in the United States is a relatively
simple and inexpensive process for a plaintiff, usually costing
less than the latest version of your favorite word processing
software. Indeed, a caller or other person who believes she has
a case against you may find an attorney willing to represent her
for a "contingency fee," charging only if the suit results in money
damages against you.
The costs of litigation for you as the defendant, on the other
hand, will undoubtably be high -- right from the beginning. Unlike
the plaintiff's attorney, your attorney cannot work on a
contingency fee and will insist upon being paid whether you win or
lose, perhaps well before the case is even over. In almost all
cases, you will not be able to recover your attorney's fees, even
if you prevail. So called "reasonable fees" can grow into the
thousands of dollars in a matter of weeks, ending up costing many
more times the price of your entire BBS equipment
and software. Moreover, failure to win a lawsuit can have
devastating implications for you, your business, even your
family. This is because, in the United States at least, the law
gives to a wrongfully injured plaintiff the right to recover all
damages which were "caused" by your improper actions. There are few
limits on the amount that can be recovered in most civil cases.
9.1.2 Criminal Liability
-------------------------
In addition to civil liability, the BBS sysop can encounter
problems with the local, state or federal government under the
criminal laws. This exposure should be obvious. For example, if you
knowingly use your BBS to store or distribute copyrighted material,
obscene photographs, child pornography or stolen information, or if
you encourage others to do so, you may face severe penalties --
perhaps even time in jail.
Your legal exposure in a criminal case is not limited to those
situations, however, where you yourself deliberately commit
criminal acts. If the authorities come to suspect your board
contains evidence necessary to prove a criminal case against one of
your callers, you may find yourself in the middle, trying to
protect yourself from the effects of the investigation.
Do not underestimate the trouble that can be caused by
improper caller conduct. Four years ago federal agents and local
authorities raided boards in twelve cities around the country as
part of something the federal government named "Operation Sun
Devil." Agents conducting the searches carried warrants which gave
them the right to seize computer equipment in an attempt to locate
"hackers" believed to be exchanging stolen credit card numbers
through the use of computer bulletin board systems. Agents searched
both homes and businesses and confiscated computers and peripheral
equipment such as monitors and printers. While there has been just
one conviction relating to computer crime so far, agents have yet
to return all of the equipment.
9.2 The Major Issues and Some Suggestions
=========================================
There is some good news: most of the risks your board faces
can be minimized if you take an active approach to the problem.
Your first step should be to familiarize yourself with the types of
claims that may be brought against you or which may involve your
board, and then proceed with this knowledge in mind.
9.2.1 Negligence
----------------
Negligence actions are the most common type of civil claim
brought in the United States. At the heart of the negligence claim
is the legal concept of "duty." Duty is the standard by which the
law judges a defendant's conduct when a plaintiff is harmed. It is
your "duty" as a sysop that exposes you to liability. If you
violate your duty to your callers or others and create an
"unreasonable risk" which causes harm, you may be held
liable for negligence and be required to pay money damages as
compensation.
Like the BBS technology itself, BBS law is quite new and the
"duties" applicable to BBS sysops and the "unreasonable risks"
callers may face are not well established. In general, and in the
absence of legislation on the subject, it will be judges who will
decide what legal duties systems operators have toward callers. In
making this type of decision, judges will consider the costs of
imposing a specific duty upon a sysop in comparison to the benefits
of imposing that duty in favor of callers and others who may be
affected by the BBS. In the absence of cases on the subject (and
their are very few), judges will simply make the decision based
upon what they believe is reasonable in light of the facts.
There is simply no way of knowing what specific duties a
plaintiff might claim you have breached and, therefore, no easy way
of protecting yourself. This means that you must consider carefully
the possible legal duties judges may one day place upon you as a
BBS system operator. No doubt lawyers will someday argue that a
sysop should have the legal duty to scan for viruses, process
electronic mail in a way that prevents it from being destroyed or
unreasonably delayed and to protect caller passwords. There are no
doubt other potential duties BBS sysops will be required to meet.
In cases where you are accused of violating a legal duty, a jury
could be asked to decide if your failure to meet your duty caused
the defendant harm. In a jurisdiction that allows it, the plaintiff
may be able to claim that a virus destroyed important business
records or that misdelivered mail caused an important meeting to be
missed. Damages for such loses could be extremely costly.
There is no simple or easy way to avoid negligence claims.
However, legal "disclaimers" can help. A disclaimer is a statement
which gives notice to your callers that you do not intend to be
held responsible for specific harm which may occur from the use of
your BBS. For example, you might explain to callers that electronic
mail may be accidentally lost or destroyed and that you will not be
liable for any harm that may come from such an accident. If a
disclaimer is properly made, it can be quite effective in limiting
your liability. Cases filed against defendants are often dismissed
early on the strength of a well written disclaimer. The best
disclaimers clearly describe a specific risk a caller may face and
then state that it is the caller, and not you, who will bear the
risk of any injury.
Admittedly, the law in this area is vague. There is also no
way of knowing for sure what specific duties the law is likely to
place upon you. It is rarely ever a certainty that a particular
disclaimer will be upheld in court. Indeed, even the fact that you
do not charge callers for access may not provide you with a
defense to a negligence claim.
The following are suggestions that you should consider:
1. Tell your callers what you will do and what you will not do
in your role as sysop and be sure to follow through on your
commitments to your callers. Give your users fair notice when you
decide to change your policies.
2. Keep copious records as to the board's formal policies,
including when changes are made and any problems you may have in
enforcing rules. If you discover a caller violating the rules,
record the details of what has happened and put these records in a
safe place. Law suits sometimes are filed long after an event
happens. Three months later you might not otherwise remember the
incident.
3. Put BBS disclaimers in a prominent location. Consider using
capital and/or bold letters to emphasize the risk of harm callers
may face from using your board. Get some form of affirmative act
from each caller that indicates they have read the disclaimers --
this will be useful someday should you ever need to show that the
caller was aware of its terms. While this does not have to be on
paper, each caller should at some point have to proceed through a
screen in which he or she acknowledges having read the
disclaimers and agrees to them. In an ideal world, your BBS
software would create a log of this event and store it
permanently.
4. Recognize that you can not disclaim certain legal duties
and do not put too much faith in any disclaimer -- you can never be
sure what will and will not be legally enforceable. Consider the
disclaimer as additional protection, not your first line of
defense.
5. Finally, if some factual situation arises which has the
potential to harm your callers, react promptly to take control of
the situation. Think of your BBS as an extension of your home and
your callers as your guests. If you believe that there is something
or someone who may expose your callers to an "unreasonable risk" of
harm or loss, recognize the fact that it is you who could be
ultimately liable.
9.2.2 Breach of Contract
------------------------
Another very common type of civil suit is one based upon
contract law. In many ways a breach of contract case is similar to
a negligence case. Indeed, often a plaintiff will allege both
breach of contract and negligence claims in the same suit.
Contrary to what some may think, there is no general
requirement that contracts be signed or that they be in writing.
One requirement of every contract, however, is "consideration." You
generally cannot be held liable in a contract action unless you
have somehow agreed to do something for your callers AND your
callers have agreed, as a corresponding obligation, to do something
for you.
Note that a sysop who asks nothing from his callers is
unlikely to be faced with a contract claim. In such a situation the
callers cannot claim to have provided the sysop any "consideration"
sufficient to create a contract. One way a sysop can reduce legal
liability, therefore, is to run a "free" board open to anyone who
wishes to use it.
Many sysops recognize the liabilities that may attach if they
enter into a contractual relationship with callers. In order to
avoid doing so they ask for "donations" instead of payments. Be
aware, however, that if you grant access to special areas of your
BBS to "donating" members or provide them with special services,
you may be creating a contract with them. In such a situation, you
give access to the restricted area in return for the donation. The
fact that the payment is called a "donation" does not prevent it
from being "consideration" sufficient to support the creation of a
contract.
Be aware also that consideration does not have to be in the
form of money. By way if illustration, consider the fact that many
boards have upload/download ratios whereby a caller's download
privileges are set proportionally to the number or amount of data
he uploads to the board. A good argument can be made that the
caller's uploaded data constitutes legal consideration for a
contract with the sysop. The sysop's BBS receives the benefit of
the uploaded data. In return, the caller has the right to receive
the downloaded data.
If you and your callers have a contractual relationship, it is
important for you to recognize what your obligations toward your
callers are. For example, if you tell callers that mail dropped off
on your board will be uploaded to a network at least four times a
day, do not be surprised if users come to rely upon your
representation and begin to consider it part of the services you
contractually agreed to provide to them. If you accept payment from
callers for a month of BBS access, you have an obligation to see
that the board, in fact, remains open for that month.
As noted, one way to avoid liability is to avoid entering into
any contractual arrangements with callers. A better approach,
however, is to deliberately enter into a contractual relationship
with your callers, being very specific about what obligations you
will and will not assume and what benefits you expect your callers
to provide to you. By stating up front what rules govern the use of
your board and what obligations you are willing to take on, and by
making clear to callers that these rules are a condition of using
your board, you create the "consideration" necessary to make a
contract.
An example of one possible caller contract is found in the
SYSLAW book mentioned in the introduction above. There is no magic
formula, however, for creating a formal caller contract. Before
investing in a BBS, call around and take a look at what other
sysops require from their callers. At a minimum, a "caller
contract" should include:
(1) a statement recognizing that your BBS receives some
tangible benefit from callers. Remember, consideration must run in
two directions for a valid contract to exist. If your callers
provide payment to you, this is sufficient. If you do not charge
callers, you have to be more creative in stating what it is that
your board receives. If you do not charge callers, caller
"participation" in your board may be sufficient.
(2) an indication that callers must comply with the rules of
the BBS as a condition of using the board;
(3) a statement that the rules may be changed as the sysop
feels necessary;
(4) a provision that caller questions about the agreement will
be answered by the sysop and changes to the agreement will be made
if necessary;
(5) a description of the BBS and its various services and
areas, including a statement indicating that these may be changed
at the sysop's discretion (see below for special provisions
regarding "adult" areas);
(6) the costs to the caller of using the system, including any
"upload/download" ratio requirements;
(7) a statement regarding how electronic mail will be treated
(see below);
(8) an indication that the law governing any dispute will be
the law of the place where the BBS is located (as opposed to the
law of the place where the caller is located);
(9) notice that you reserve the right to shut the BBS down and
refund any payments made by callers, as well as a provision giving
notice to callers that you reserve the right to ban callers for
violating the board's rules as you deem necessary.
In creating a caller contract, keep in mind that plain
language that your callers can understand is far better than any
"legalese." If your callers are incapable of understanding the
language of your agreement, it is possible that the agreement would
not be enforced in your favor, should you ever need to rely upon
it.
9.2.3 Viruses
-------------
Viruses present one of the most well-known problems facing the
on-line community. These programs are often written to produce
unexpected or disastrous results for an unwary user such as
erasing the user's hard drive. Hiding viruses inside other programs
and then uploading the contaminated programs to a BBS is a favorite
way of spreading a computer virus.
Fortunately, there are programs that search for, and then
eliminate, most computer viruses. Many BBS sysops provide, as a
service to callers, basic virus scanning. This service allows
callers to exchange programs with some degree of protection.
Scanning for viruses is probably a good idea. Many callers
expect it and it is possible that the law could hold you to such a
duty. What is not a good idea, however, is misrepresenting to your
callers the extent of what can be done to protect them from such
programs. Viruses are often written with the goal of avoiding
detection. There is always a degree of risk that scanning may fail
and you should be up-front with your callers about this
possibility.
To protect yourself, consider the following suggestions:
1. Scan for viruses regularly and do not post programs for
general use until they have undergone a virus scan. Do not assume
that commercially produced programs or programs distributed on CD
ROM are virus-free.
2. Let your callers know that you cannot guarantee that
programs on your board are safe. Disclose prominently that there
are risks that the virus scanning program you use may miss
something harmful.
3. If you are unwilling or unable to scan for viruses, make
this fact clearly known and include it in your contract with
callers.
9.2.4 Public Messages and Defamation
------------------------------------
A defamation is a false statement made publicly which has the
effect of harming another's reputation. Sometimes defamation is
referred to as "libel" or "slander".
While the First Amendment of the U.S. Constitution guarantees
the right of individuals to say almost anything they desire, the
First Amendment does not always protect a speaker from being held
liable for the harm caused by his or her speech. Thus, a person
whose reputation has been wrongly injured may bring suit against
those who "publish" the statement, even if the "publisher" is not
the original speaker.
Note that a "publisher" does not have to "print" the
defamation. For example, radio and television stations have been
sued for "publishing" defamatory statements. You may be surprised
to find that defendants can be sued for defamation even when the
statements made by the defendant are reported in the form of an
accurate quotation of another's words. Put in a slightly different
way, accurate "re-publications" of a defamatory statement may
create liability for the re-publisher.
There are several defenses a publisher of a statement may have
against a plaintiff claiming defamation. For example, the U.S.
constitution protects a publisher from law suits by "public
figures" to a certain extent. Those who have deliberately become
"public figures" may sue for defamation only if able to show that
the defendant published the statement with actual knowledge that
the statement was false or with "reckless disregard" of whether it
was false. This constitutional defense protects defendants from
being sued by famous people for things said about them reasonably
believed by the speaker to be true.
Notice that a defendant who makes defamatory statements about
someone who is not a "public figure" does not get the same
constitutional protections. In other words, you can be liable for
making false statements about a private person, even if you
believed the statements were true when you made them. Obviously,
you must be careful what you "publish" on your board about anyone
whose reputation might be harmed.
There are other important defenses a "publisher" may have.
Simple name-calling is not defamatory as a general rule, even when
it is offensive. Such statements are not thought to bring actual
harm to a person's reputation.
A defendant who can show that the statement alleged to be
defamatory is truthful will also prevail in a defamation suit
because a defamation is, by definition, an untrue statement.
Another useful rule to keep in mind is that the dead cannot be
defamed, at least not in most jurisdictions.
There are many other defenses. The savvy sysop will not,
however, rely upon legal defenses to protect herself against
defamation suits. It may cost nearly as much to defend a defamation
suit as it would to settle a case with a caller or other third
person. It is far better to prevent yourself from becoming a legal
target in the first place.
In order to protect yourself from a defamation claims before
the fact, consider these suggestions:
1. Think carefully about the two types of defamation risks you
face as a sysop before you act. These are the risk that you may:
(1) directly defame a caller or some other person, either through
a deliberate or carelessly made statement and (2) re-publish a
defamatory statement initially made by one of your callers or
someone else. Passing on a false rumor can amount to actionable
defamation.
2. Actively discourage callers from "flaming" one another in
public message areas. Some callers take great pride in using sharp
wit to make others look stupid. Such comments quickly deteriorate
into personal attacks. Personal attacks can quickly deteriorate
into libel.
3. Keep in mind that your callers may not be who they say they
are and that some callers may be using aliases. This means that you
must be particularly careful. Posting a public notice that you have
banned a caller who you name because "he has been uploading
child pornography" may seem like a perfectly reasonable thing to
announce a system bulletin, until it turns out that the person you
have named has never logged onto your board and that an imposter is
the real culprit. In handling sensitive matters, discretion is
always the best advice.
9.2.5 E-mail, Privacy, and ECPA
-------------------------------
Unlike public messages, callers who send e-mail to specific
individuals do not expect their messages to be publicized or read
by anyone but the intended recipient. Many sysops are concerned,
however, that without monitoring caller e-mail they cannot be sure
that users are not violating the law and exposing their board to
legal risk such as that faced by the sysops in the Operation Sun
Devil raids.
Before you make any policy for your BBS involving electronic
mail, you should consider federal legislation called the Electronic
Communications Privacy Act or "ECPA." ECPA is a federal law which
governs electronic mail in all 50 states.
Under ECPA, BBS communications are protected under federal
wiretapping laws. BBS callers now have the statutory right to
expect that their electronic mail will not be intercepted or read
by others. This means that you, as a BBS sysop, have a federally
mandated obligation to keep caller communications private. Only the
sender or intended recipient may make the message public.
The good news is that ECPA mandates a higher level of
protection for you and your callers against authorities who want to
search your BBS for evidence of criminal activity. Because of ECPA
and the existence of electronic mail on your board, authorities are
theoretically limited by ECPA in the types of searches they may
lawfully conduct against you.
ECPA does not mean that a sysop is prohibited from viewing
caller e-mail. The law creates a specific exception for sysops who
provide "electronic communication services." The exception is
narrow, however, and there is the potential for a sysop to get into
trouble if he or she does not treat caller e-mail with a certain
degree of care and professionalism.
Under ECPA, a sysop may intercept and view user e-mail,
disclose its contents to others or use information found there ONLY
to the extent necessary for the operation of the board and/or for
the protection of the sysop. While sysops may monitor callers to
ensure that they are not transmitting copyrighted materials or
violating some other aspect of the law, they must act like the
doctor or lawyer who learns a client secret. The information must
be kept in confidence.
THIS POINT BEARS REPEATING: You may not use information you
learn from your caller's private messages to your advantage or
disclose e-mail to others outside of what is necessary to protect
yourself and your property. This requires the sysop to exercise a
fair degree of restraint. The fact that your girlfriend would be
interested in the material is not a defense under the federal
legislation. Bear in mind, ECPA is a CRIMINAL statute, with
CRIMINAL penalties.
Suggestions in this area include:
1. Monitor electronic mail, but do so only occasionally and to
the extent necessary to assure yourself that there is nothing
improper occurring on the board. Resist the urge to disclose or
otherwise comment on items you discover through reading your
callers' e-mail. Again, it is important that you act with a high
degree of professionalism and DO NOT use information learned in
reading electronic mail to your own personal or business advantage.
2. Do not put too much faith in any disclaimer you may make
about there not being any facilities for "private" e-mail. While
many sysops appear to have bought into the idea that the ECPA
privacy requirements may be avoided by stating that there "are no
facilities provided for private electronic mail," there are not yet
any cases discussing the legal effect of these disclaimers. It is
possible that such disclaimers may not be upheld in court.
3. Process all e-mail in the same way and in a routine manner
and do not delay in processing mail. Your rights to monitor
electronic mail under ECPA apply only to your activities undertaken
"in the normal course" of running your board.
9.2.6 Encryption
----------------
Perhaps the "hottest" topic right now in the BBS privacy area
concerns "encryption." Encryption allows a user to scramble e-mail
messages so that only the person who knows a secret key can read
the message. Sysops who understand their legal exposure are
rightfully nervous about encryption. No doubt drug cartels,
racketeers and terrorists are using this new technology. It is now
widely believed that encryption technology has gotten to the point
where even the U.S. government is unable to "break the code" and
the uses to which encryption programs can be put will not be lost
on those who are determined to break the law.
It is reasonable to assume that callers who cannot encrypt
their messages are less likely to violate the law when using your
BBS. This means that the use of encryption on your BBS increases
your legal exposure. If encryption creates exposure, should you ban
encryption from use on your board? Some would argue that you
should. After all, why take unnecessary chances?
Others are not so quick to ban encryption. While encryption
may allow abuses to occur on your board, encryption also allows
law-abiding people the opportunity to transact business and conduct
discussions of a private nature without fear that someone may be
eavesdropping. Lawyers can exchange information with clients.
People can transmit their credit card numbers without fear of
having this information stolen. Americans have long-claimed to
cherish the right to express ideas freely and to associate with
others in privacy and without interference. While there is no
general prohibition whatsoever against a sysop denying his callers
the right to use encryption, there is something distasteful about
such a rule.
To help protect yourself against the improper use of your
board by callers who encrypt messages consider the following:
1. Pay attention to who is using encryption and consider why
this may be necessary for the specific caller. It should be a rare
caller who feels the need to encrypt all outgoing messages or who
receives only encrypted messages.
2. If you decide to allow encrypted messages, try to gauge
whether there is an unusual volume of encrypted traffic and, if
suspicious, feel free to call a user's attention to your concerns.
You are within your rights to ask the caller for the encryption key
to messages that pass through the board if you wish (although you
will certainly then have a legal duty to protect that key if you
accept it). If you are still uncomfortable after discussing the
issue with a specific caller, let him or her know that you will no
longer allow the posting of encrypted messages. If he or she
complains, refer them to another board and, if necessary, refund
any fees paid to you for the use of the BBS.
3. Set out your policies regarding encryption up-front, along
with other BBS rules. Make clear if you allow encryption that you
reserve the right to take any action you feel necessary to protect
your BBS.
4. Inform yourself about an encryption program currently being
distributed called PGP. PGP stands for "Pretty Good Privacy" and
the use of PGP on computer bulletin boards is quickly growing in
popularity. While there is probably little chance of being sued for
distributing recent copies of PGP, you should be aware that early
versions of program may violate U.S. patent laws. Moreover, PGP has
been classified by the U.S. government as a "munition" (a weapon or
military supply) due to its high level of sophistication. It is
currently illegal to export this program and it is unclear what
liabilities a sysop may have for making it available to callers who
are located outside the United States.
9.2.7 Copyright Infringement
----------------------------
To a large extent, copyright law is what the name implies: the
exclusive right to copy something. Only the holder of the copyright
may reproduce her work. There are other rights enjoyed by the
copyright holder. These include the exclusive right to distribute
the work and the exclusive right to modify the work. Those who
violate these exclusive rights are said to "infringe" the
copyright.
Copyright infringement is rampant in the BBS world: computer
programs, magazine and newspaper articles, scanned photographs from
magazines, music and video files. As a sysop, it is important for
you to keep in mind that any "original work" that is put in
electronic form IS copyrighted. This point is lost on many people:
ANY ORIGINAL WORK IS COPYRIGHTED FROM THE MOMENT IT IS PUT IN
TANGIBLE FORM, SUCH AS ON PAPER OR ON A FLOPPY DISK OR HARD DRIVE.
There is nothing "official" that the creator of copyrighted
material must do to create a copyright, although there are certain
advantages to labelling the material as copyrighted and to filing
notice of the copyright with the federal government.
If almost all original works are copyrighted, does this mean
you cannot distribute or copy other people's work in running your
BBS? Certainly not. You may use someone else's work, but you must
have some form of permission to do so or some form of legally
recognized privilege. You will not infringe another's copyright,
for example, if the person who owns the copyright gives you
permission to use the work and if you actually use the work in
conformity with that permission. This permission is most often
called a "license."
Sometimes, an author may give permission to the whole world to
use her work, as when she places the work into the "public domain."
In such a case, the author actually gives up all of her rights and
allows anyone to use the work in any way they wish. The government
publishes a huge amount of material that is put in the public
domain. There are also any number of computer programs that have
been placed into the public domain solely because the author of the
program wanted to see the program widely used.
Public domain programs are sometimes referred to as
"freeware." If something has been placed in the public domain, you
may copy it, distribute it or modify it as you please: it is no
longer copyrighted. The word "freeware" is sometimes used in a
different way, however, indicating that the program can be "freely"
distributed and used without cost, but with certain restrictions.
For example, you may be allowed to use the program for free, but be
prohibited from modifying it in any way. Such programs are still
technically "copyrighted."
"Shareware" is another example of copyrighted material that
may be used in conformity with the copyright law. Shareware always
comes with restrictions on use which typically involves requiring
that a payment be made to the author after the program is used for
a short period of time. The law requires those who use or copy this
material to abide by these rules.
Some copyrighted material is too old to be protected.
Eventually, all copyrights expire. In general, modern copyrights
last for the life of the work's author, plus 50 years.
Note that something does not have to be created in the United
States to be copyrighted in the U.S. The United States has signed
the "Berne Convention" treaty with a large number of other
countries. Under this agreement, each signing government has agreed
to recognize the copyright rights of foreign citizens.
The key to avoiding copyright liability is good faith. Do not
allow your users to upload documents, programs, pictures or any
other "original work" which you believe the creator of the work
would not want you to copy or distribute. Failure to act promptly
to avoid copyright infringement could result in your board being
shut down. If you are egregious in the way in which you violate the
copyright law, your board may be shut down permanently and you
could be exposed to criminal penalties.
Here are some suggestions for you to consider so as to avoid
copyright infringement:
1. Read and save a copy of Terry Carroll's "Frequently Asked
Questions About Copyright." This should be required reading for
every BBS sysop. The most current copy is available through the
internet via anonymous ftp from charon.amdahl.com, in
pub/misc.legal/Copyright-FAQ. You can also get a copy of this
document via anonymous ftp at ftp.eff.org, in directory
pub/CAF/law. It is also posted periodically to the Usenet
newsgroups misc.legal, misc.legal.computing, and misc.int-property.
2. React promptly to anything that should put you on notice of
infringing material. Do not ignore messages from callers who tell
you that something is copyrighted. While you only face copyright
liability for "knowing" violations of the law, you do not have the
right to ignore the obvious.
9.2.8 Obscene Material, Child Pornography and Indecent Speech
-------------------------------------------------------------
Almost all forms of communication are granted some level of
constitutional protection. The exception is obscene communication,
often simply referred to as "obscene speech." If something on your
board is obscene, federal, state or local governments are within
their power in making its promotion or distribution a criminal
offense.
One of the many difficulties in the obscenity area is that the
laws governing obscenity are so varied. One guidepost, however, is
the United States Supreme Court's declaration on what may and may
not be treated as obscene. The three part test for obscene material
is:
(1) whether the average person, applying contemporary
community standards would find the work, taken as a whole, appeals
to the prurient interest;
(2) whether the work depicts or describes, in a patently
offensive way, sexual conduct specifically defined by the
applicable state law; and
(3) whether the work, taken as a whole, lacks serious
literary, artistic, political or scientific value.
Notice that all three parts of the test must be met before
something may be considered obscene. The first and second parts of
the test have been held to be issues for local juries to decide.
The third part is within the province of local or federal judges.
Because of the vagueness of this test, and because of its reliance
upon "community standards," there is really no way to tell for sure
whether particular material is or is not obscene. If there is a law
describing the conduct or acts depicted in the material, and if the
work does not have obvious "value," there is the risk that those
who distribute the work may be prosecuted under an obscenity
statute. Clearly, the standards in San Francisco or New York City
are different than might exist in Salt Lake City or Lancaster.
By the way, "prurient" as used in the first part of the three-
part test has been unhelpfully defined as being "sexual responses
over and above those that would be characterized as normal."
The bad new for sysops: there is no national obscenity
standard and very few "safe havens" of conduct when it comes to
adult material. Arguably, the law of the place where the obscene
material is received may govern whether the download or upload is
unlawful. Indeed, the federal government is currently prosecuting
a California BBS for material that was downloaded in Tennessee. As
a practical matter, this means that the BBS that offers "adult"
type material are at risk of being prosecuted criminally from suit
anywhere a caller may be located.
"Child pornography" is classified differently than obscene
material. The tests are less vague and the penalties, as a
practical matter, more extreme because of the need to prevent the
exploitation and sexual abuse of children. The federal government
has specifically enacted a statute which governs child pornography
in all fifty states. The act makes it a criminal offense to
knowingly transport or receive "by any means" visual depictions of
minors engaged in sexually explicit conduct. Such "conduct"
includes the "lascivious exhibition of the genitals or pubic area
of any person." Under the statute, the mere knowing possession of
three or more visual depictions of child pornography may result in
serious fines or imprisonment for up to five years. For purposes of
the statute, a child is anyone under the age of 18. The fact that
the sysop believes a model is over 18 is not a defense to
prosecution.
"Indecent" material is yet a third area of interest to sysops.
Indecent material falls short of being obscene, but it may be
regulated by the government. As practical matter, it is probably
safe to say that most of the "adult" material available
electronically is "indecent." Under one interpretation of current
Federal Communication Commission regulations, BBS' must take an
active role in prohibiting the dissemination of indecent materials
to minors.
If your board contains an adult area, this probably presents
your greatest legal exposure. To minimize risk of prosecution:
1. Subscribe to a BBS newsletter such as Computer Underground
Digest or EFFector. The law in this area is changing rapidly. If
you run an adult area, you cannot afford to not stay on top of
developments. These newsletters, and others, may be the quickest
way for you to find out about a development in this area. Further
information on Computer Underground Digest and EFFector may be
found at the end of this chapter.
2. Be wary of uploaded material and do not make uploads
available to callers until you have had a chance to review them
yourself. If you allow adult area uploads, discontinue this option
when you are unable to supervise your board, as when you go away on
vacation. The child pornography laws are particularly unforgiving.
If someone uploads something you feel may be "obscene," do not post
it. (You cannot be prosecuted for possessing obscene material, only
distributing or knowingly receiving it.) If someone uploads
something you feel may be child pornography, destroy it immediately
and take action to assure yourself that it does not happen again --
remember, you commit a CRIMINAL act when you knowingly possess
three such "depictions." You simply cannot afford to trust callers
not to upload unlawful material.
3. Be prepared to shut down the adult section quickly, if
necessary. This might be necessary, for example, should you
discover new legislation applicable to the material you carry. A
common technique to minimize exposure in this area is not to charge
callers for access to the adult area, but instead, make this area
available as a "bonus" to callers who can verify their adult
status. If the adult area is truly run as a "bonus" area, and if
callers are given clear notification of this fact, you can
discontinue this section of the board with little or no notice to
your callers, if necessary.
4. Carefully verify caller ages who are given access to the
adult area. The F.C.C. regulations mentioned above state that you
have a defense to prosecution under the provisions of the federal
Communications Act if you: take reasonable steps to confirm that
callers are 18 years of age and then: (1) require payment by credit
card for BBS services or (2) obtain a written (on paper)
application from callers who desire access to the adult areas of
your board and mail a special access code to them allowing access.
If the second option is used, it is also necessary that you
establish a procedure where the special access code can be
cancelled "immediately" upon being notified that the code has been
lost, stolen, used by someone under 18, or if the caller simply no
longer desires access.
9.2.9 Regulated Activities
---------------------------
There is only a minor point to be made here, but one which you
cannot afford to overlook. Keep in mind that your status as a BBS
sysop does not give you the right to do things that you otherwise
might not be permitted to do in person or over the phone. Areas
regulated by law may not always be so obvious to you, so you must
be careful. For example, in some states you may need a license to
buy, sell or trade used automobile parts or give counseling advice.
It is possible to get yourself in trouble even if you do not set
out to charge for services. If you plan to do something outside the
ordinary, good advice is to proceed with a heightened level of
caution.
9.2.10 Taxes
-----------
If your BBS is run strictly as a hobby without charging your
callers, it is unlikely you will face any issues relating to taxes.
Once you charge money or receive services from your callers,
however, the IRS and state governments are likely to consider these
"payments" to be part of your taxable income.
Obviously, it is impossible to summarize the tax laws in such
a short article. Nonetheless, this is an area of the law which
should not be overlooked. Even if you run your board strictly for
fun, you should keep careful and accurate records as to how much is
spent to set-up and maintain the board. It is entirely possible
that you may one day decide to charge your callers and the costs
involved in setting up and maintaining the BBS will be important
for you in computing your tax liabilities.
There are also a host of state and local taxes which may be
applied to your BBS. Again, it is unlikely that you will face any
form of tax burden for running a "free" board. Local sales taxes
often apply to bulletin boards, however, and if you charge your
callers the state government is likely to claim a fraction of your
revenue through some form of sales tax.
The following suggestions will help protect you from
unexpected tax liability:
1. Carefully record the costs you incur in running your BBS.
Try, as best possible, to differentiate between other expenses
related to your personal use of your computer, and costs related to
your BBS.
2. Review your expenses and revenues with whomever prepares
your tax returns. If you are concerned about a certain tax issue,
consult with an accountant or call the relevant taxing authority
for help.
3. Save your receipts and keep them organized. Remember, you
may someday need to explain what each receipt was for in some
degree of detail.
4. If you charge your callers for access to your BBS, or any
special areas of the BBS, contact your state's Secretary of State
office and request information on what state taxes may be
applicable. Seek advise from someone who you trust with experience
in the tax area. This person may be an accountant or attorney, or
perhaps a local businessperson you know who has experience in
paying local taxes. It is likely that any taxes applicable to local
businesses are also applicable to your board if you run your board
for profit.
9.3 Incorporation
=================
One of the best ways to protect yourself from personal
liability is to incorporate your BBS. Incorporation works by
setting up a fictitious legal barrier between you and the BBS. If
your BBS is an incorporated entity, you technically own the
corporation, not the BBS. The law will consider the company itself
as liable in many situations for your mistakes or errors in
judgment. Only the company's assets will be at risk should you be
sued. In effect, incorporating your BBS provides a fairly low-cost
type of insurance.
Incorporating is not a difficult thing to do. In general, you
simply request the appropriate forms from your state's Secretary of
State's office and file them. Self-incorporation is not
recommended, however, unless you are willing to take the time and
effort to do it carefully and correctly. Failure to incorporate
properly or to perform the necessary tasks to keep the corporation
in good standing will have the effect of destroying the corporate
shell. In effect, you will have wasted your time and money.
Nonetheless, there are many widely available books that describe
how to do it.
A corporation is usually required to pay a small fee up-front
and then to pay corporate taxes each year. In most states the
corporation must also hold formal "meetings" of the corporation's
directors and keep "minutes" of the corporation's affairs. These
are not generally too burdensome, but again, these tasks must be
done correctly. It is also important for the BBS sysop to establish
a separate bank account for the corporation and pay all necessary
bills from the BBS' corporate account. Finally, callers must also
be put on notice in some way that they are not dealing with you
personally when they call your board, but rather, your corporation.
After considering what must be done and the extra paperwork
and costs, many sysops conclude incorporating is simply not worth
the effort, particularly when the budget is tight. This is not an
irrational decision, but one that should be made carefully. There
is always the risk that you could be sued. At such a time you may
be quite relieved to know that it is only the BBS and its
associated assets that are at risk.
In making the decision on whether to incorporate, ask
yourself:
1. Do I have significant assets that need to be protected from
a lawsuit such as a house, investments or another business? Keep in
mind that one of the first things a plaintiff will often do after
filing suit against you is to require you to formally list your
assets. The more money or other assets the defendant has, the less
likely the plaintiff will be to drop the suit and the more
important it is that the BBS be incorporated.
2. Am I running the board for profit, or fun? If you are
running your BBS as a business, incorporation may make sense. The
costs associated with incorporating are relatively small, perhaps
only a few hundred dollars a year. Corporate status may also make
your board seem more professional to callers. Keep in mind that the
more callers you have, the more likely it is that you could be
sued.
9.4 Closing Thoughts and Some Legal Resources
=============================================
Perhaps the most important way of avoiding legal liability in
running your BBS is to stay informed as to what is happening in the
BBS world. Keep in contact with other sysops and your callers and
discuss the issues covered in this chapter. As mentioned, a good
place to start is by reading Computer Underground Digest and
EFFector:
Computer Underground Digest
"An open forum dedicated to sharing information among
computerists and to the presentation and debate of
diverse views."
Editor(s): Jim Thomas and Gordon Meyer <TK0JUT2@NIU.BITNET>
Format: ASCII text
Gopher: ftp.etext.org:/CuD
gopher.cic.net:/e-serials/alphabetic/c/cud
FTP: ftp.etext.org:/pub/CuD
aql.gatech.edu:/pub/eff/cud
ftp.ee.mu.oz.au:/pub/text/CuD
nic.funet.fi:pub/doc/cud
ftp.warwick.ac.uk:pub/cud
ftp.cic.net:/pub/e-serials/alphabetic/c/cud
Usenet: comp.society.cu-digest
Compuserve: DL0 and DL4 of the IBMBBS SIG, DL1 of LAWSIG, DL1
of TELECOM
America Online: PC Telecom forum under "computing newsletters"
FidoNet: File Request from 1:11/70
Other: GEnie: PF*NPC RT libraries, VIRUS/SECURITY library
Delphi: General Discussion database of the Internet
SIG
PC-EXEC BBS (+1 414 789 4210)
Rune Stone BBS (IIRG WHQ) (+1 203 832 8441)
NUP:Conspiracy
RIPCO BBS (+1 312 528 5020)
ComNet in LUXEMBOURG BBS (+352 466893)
Bits against the Empire BBS (+39 461 980493)
(Italy)
Phone: +1 815 753 0303
Fax: +1 815 753 6302
Postal: Jim Thomas, Department of Sociology, NIU, DeKalb,
IL 60115, USA
EFFector:
"EFFector Online is a bi-weekly electronic-only
publication, available on Usenet's comp.org.eff.news, or
via mailing list subscription. To subscribe to the list,
send a message containing `subscribe eff-news' to
eff@eff.org."
Another resource of which sysops should take advantage is the
Electronic Frontier Foundation (EFF). The Electronic Frontier
Foundation is a non-profit organization founded to assist and
promote the issues affecting the on-line community. Part of EFF's
mission statement provides:
LEGAL SERVICES. EFF was born to defend the rights of
computer users against overzealous and uninformed law
enforcement officials. This continues to be an important
focus of EFF's work. We provide legal information to
individuals who request it and support for attorneys who
are litigating. We maintain print and online legal
archives, disseminate this information, and make it
available for downloading.
Anyone seriously considering starting a BBS should contact EFF and
ask for any information that may be available. In addition, anyone
facing specific legal issues is well advised to contact EFF
lawyers. EFF is a particularly good resource for attorneys whose
clients face legal issues related to maintaining a BBS.
EFF can be contacted by writing:
Electronic Frontier Foundation
1001 G St., NW
Suite 950 East
Washington, DC 20001
+1 202 347 5400
+1 202 393 5509 FAX
Comments
Post a Comment