Doe v. — Continued

By John Ottaviani

I was finally able to read the complaint. It raises some very interesting issues concerning the obligations of website hosts and Internet service providers to institute and enforce appropriate security measures to decrease the likelihood of harm to users. These harms could occur on line (such as defamation), or in the physical world, as unfortunately occurred here.

The complaint names MySpace, Inc., News Corporation, the parent company of MySpace, Inc. and the man who allegedly committed the sexual assault on the 14-year-old girl.

From the complaint, we see that the predator initially contacted the plaintiff through, but then she gave him her cell phone number. It appears that subsequent communications were by cell phone, including the arrangements for an after-school meeting, during which she was sexually assaulted.

The complaint alleges causes of action against MySpace and its parent, News Corporation, for negligence, gross negligence, fraud, fraud by non-disclosure and negligent misrepresentation. The complaint also alleges assault and intentional infliction of emotional distress claims against the attacker.

The negligence claim is interesting because it raises what I believe is an issue of first impression: does have a duty to institute and enforce appropriate security measures and policies to withstand and substantially decrease the likelihood of danger and harm in the physical world that MySpace posed to the plaintiff? I have been debating this with David Fish, who feels that an Internet site that targets young children and (allegedly) knows of assault problems against these children, certainly has a duty to protect because there is a foreseeable risk of harm. I find it difficult to imagine that, given the enormous policy and economic repercussions for all Internet content providers, a court would impose such a duty, which would expose Internet content providers to liability for the wrongful acts of potentially millions of unknown bad people committed against millions of unknown potential victims. A similar claim was rejected in the early days of the Internet in Lunney v. Prodigy Services Company when the New York Court of Appeals held that there is “no justification” to impose a duty on ISP’s to “employ a process for verification of the bona fides” of all applicants and any credit cards they offer so as to protect against defamatory acts. The Lunney case may serve as an analogous precedent. But remember, the complaint in the lawsuit was filed by a Texas plaintiff in a Texas state court, and Section 230 does not necessarily give a defendant the right to remove to a federal court, so MySpace may be in for a fight on this issue.

The negligence count further alleges that this breach of duty was the proximate cause of the sexual assault of the plaintiff. I have a hard time seeing proximate cause here, where the initial e-mail communications were followed up with cell phone conversations.

Eric and I differ as to whether or not MySpace will be able to successfully assert a Section 230 defense. The relevant portion of Section 230 states: “No provider or user of the interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” Here, however, the plaintiff is alleging that she was injured as a result of actions of her attacker in the physical world, which were caused either by MySpace’s “failure to take action and to protect her” or MySpace’s “misrepresentations about the safety of its site.” None of the claims are based on information posted by the predator or any other third party. Eric still feels there is room for a Section 230 defense, however.

There may be enough muck in the complaint for some of the other causes of action to survive a Motion to Dismiss. MySpace may have better luck going straight to summary judgment.