American Bar Association
Forum on Communications Law

Cybersmearing and the Problem of Anonymous Online Speech

Bruce P. Smith

As the Internet continues to expand as a vehicle for both information and commerce, corporations have increasingly confronted the problem of cybersmearing, i.e., the use of websites, newsgroups, message boards, and chat rooms to criticize companies and their executives. Numerous Fortune 500 leaders, including Microsoft, Ford, Wal-Mart, and Electronic Data Systems, as well as a host of smaller companies, have been targets of online criticism, ranging from blasts against environmental practices to rumors of financial mismanagement to complaints about unclean restrooms.1 Online critics have accused corporate managers of incompetence and fraud. One executive has even been bedeviled by a website portraying him with the number "666" stamped on his forehead.2

Disparagement of corporations on the Internet raises concerns for investors as well. Within the past year, securities regulators and criminal prosecutors have brought actions against several alleged "cybersmearers" believed to be engaged in stock manipulation through negative online post-ings.3 In the words of one legal expert, "[t]he corporate 'cybersmear' . . . is a problem that is out of control and is likely to get worse."4

From both a practical and legal perspective, a principal problem posed by cybersmearing is that alleged cybersmearers, like many users of the Internet, often choose to remain anonymous or pseudonymous online. In growing numbers, companies have responded to their anonymous or pseudonymous online critics by filing lawsuits against John Doe defendants and then issuing subpoenas to Internet service providers or organizers of message boards seeking to identify the source of the critical speech. A company that identifies an online critic can then respond directly by bringing suit, or by firing the critic, if he or she is employed by the company. In response to such lawsuits, John Doe defendants, aided by private lawyers and civil liberties organizations such as the American Civil Liberties Union, Public Citizen, and the Electronic Privacy Information Center, have argued that alleged cybersmearers have a First Amendment right to speak anonymously, that cybersmearing suits unduly chill online speech, and that most corporate cybersmears should be viewed as nonactionable hyberbole or opinion.

This article examines the emerging law of cybersmearing and the accompanying tension between corporate reputation and First Amendment rights. After discussing the attributes of Internet speech, the article reviews some of the legal claims that companies have pursued against their online critics. Several of the procedural and substantive defenses raised by John Doe defendants who have been accused of cybersmearing are then examined. Finally, the article briefly discusses the role played by government regulators and the marketplace itself in regulating online speech. Although the law of cybersmearing remains in its infancy, the balance that is ultimately struck between corporate reputation and First Amendment rights-and whether that balance will be struck by litigants, by judges, by regulators, or by the marketplace itself-is one of the most critical issues in the emerging field of cyberlaw.

The Promise and Challenge of Internet Speech

The expansion of the Internet has dramatically altered the nature of communication. First, and most strikingly, a person who wishes to disseminate information online has access to a potential audience much larger than that typically reached by a protester speaking in a public park or distributing leaflets on a street corner. Recent estimates of Internet usage suggest that there will be roughly 250 million users worldwide by late-2000.5 Although an individual who pecks a message on his or her keyboard and launches it into cyberspace can reach only a small portion of this potential online audience at any one time, the audience is still far larger than that typically encountered in other readily accessible public forums. Whereas the words expressed in street corner harangues or crudely printed leaflets typically fade away shortly after they are expressed, messages that are communicated online can be far more enduring. Speech in cyberspace can be printed from a personal computer, downloaded to a diskette, or simply left on a website for years to come for persons to read. An e-mail or posting on a message board can also be "republished again and again," giving online communication the "extraordinary capacity . . . to replicate almost endlessly."6

A second striking aspect of speech in cyberspace is that persons who wish to express themselves online face remarkably low barriers to entry. On a free public library terminal or for little or no cost at home, an individual can participate in conversations devoted to sports teams, hobbies, political commentary, or financial trends. For little additional investment in time or money, one can create and maintain an entire website in cyberspace dedicated to a favorite topic, be it a particular professional wrestler, a recreational hockey team, or the perceived misdeeds of a multinational corporation. Moreover, by contrast to traditional print and broadcast media, there are essentially no editorial "filters" to screen the content of online publishers. As Justice Stevens observed in Reno v. ACLU, "[a]ny person or organization with a computer connected to the Internet can 'publish' information."7

Third, a speaker in cyberspace can communicate with other persons who are actually interested in the speaker's subject matter in ways that do not occur so easily in the real world. In a newsgroup or chat room dedicated to a particular topic, even a newcomer to the Internet can share insights on particular restaurants and bargain hotels, exchange reactions to consumer products, or debate the prospects of a certain publicly traded stock. In contrast, the zealot who wishes to expound at length on these particular subjects in a public park or on a busy urban street corner is likely to be met with titters or nervous glances.8

Finally, it is easy-indeed, it is the norm-for speakers in cyberspace to express themselves anonymously or pseudonymously. Although speakers occasionally remain anonymous in the real world, those who insist on speaking anonymously in public settings are aberrations: the terrorist in a balaclava; the racist hidden by a white hood; or the mob informant whose on-air identity is obscured by shadows. In turn, with the exception of certain authors, long-haul truckers, and graffiti artists, the use of pseudonyms in daily life is also relatively rare. In cyberspace, by contrast, it is commonplace to speak without disclosing one's true name. On the Internet, pseudonyms like "hot_ like_wasabe" or "kahuna_ and_ the_ brain" (to choose the online monikers of one alleged cybersmearer) are commonplace.9 For those who wish to remain truly anonymous in cyberspace, "remailers" offer the technological means to strip online messages of their identifying

Each of these four attributes of speech in cyberspace has important consequences for potential targets of online disparagement. The sheer size of the potential audience on the Internet means that the consequences of negative online statements can be severe. An Internet rumor that the apparel designer Tommy Hilfiger had made a racist statement on the Oprah Winfrey Show persisted online for many months, despite the fact that Hilfiger had never even appeared on the show, much less uttered a racist statement.11 Several publicly traded companies, especially "microcap" companies whose shares are traded in low volume, have seen their stock prices plummet after false negative comments were posted on online stock message boards.12

The relative absence of editorial filters on the Internet and the lack of significant barriers to publication also create special challenges. Traditional media sources, aware of the risk of corporate liability, employ fact checkers and lawyers to screen publications for potential misstatements. As one Internet expert has observed, "in the real world individuals without institutional sponsorship or collaboration cannot speak to the world at large. Not so on the Net."13 On the Internet, speech is comparatively spontaneous and unbridled.

The ease with which speakers can communicate with other similarly situated individuals online also creates risks for potential targets of harmful speech, including corporate targets. In the real world, companies have departments devoted to customer service, investor relations, and human resources that address complaints and are equipped to resolve them with minimal attendant publicity. In cyberspace, the complaints of customers, shareholders, and employees can be shared, compared, and fueled by other embittered online contributors-or even studied by plaintiffs' lawyers who can troll the Internet for sources of class action lawsuits. At "," started by a customer angered by the treatment that he allegedly received at a Wal-Mart store in Bangor, Maine, one enters through the doors of a bastardized Wal-Mart storefront to encounter ratings of various Wal-Mart stores and scurrilous attacks on various Wal-Mart employees.14 Another web "attack site" provides tallies of employment-related lawsuits filed against Electronic Data Systems (EDS) that, according to the unnamed sponsor of the site, "could be valuable to EDS employees and others concerned about EDS work conditions and business practices."15

Finally, the Internet's veil of anonymity or pseudonymity can provide speakers with the courage to speak in ways that they might eschew if their words were easily traceable to them. In his book Code and Other Laws of Cyberspace, Professor Lawrence Lessig describes the empowerment that anonymity provides: "Just as anonymity might give you the strength to state an unpopular view, it can also shield you if you post an irresponsible view. Or a slanderous view. Or a hurtful view."16 Professor Lessig describes how one contributor to an online forum at Yale Law School, who signed postings under a pseudonym, issued attacks that were "so vicious and so extensive" that "conversation in the group died."17

Although most anonymous postings are not so intimidating, they can still take unsettling and bizarre forms that would be rare in the "face-to-face" world. The New York Times has recently reported, for example, that a company named permits a customer to send an online curse in the form of a "virtual voodoo doll" to an unsuspecting recipient, while, of course, concealing the identity of the "priest" or "priestess" sending the online hex.18

Corporate Strategies

Ironically, while the Internet enhances the ability to speak, it also increases the capacity to listen. It is certainly possible that companies could hear the angry words of workers on the day that layoffs are announced, of shareholders on the day that a stock crashes, or of customers during the initial weeks of a factory-ordered recall. Because much of this speech is expressed in places such as parking lots, living rooms, or bars that cannot be monitored and as a result, much of this speech never reaches the ears of the company.

In cyberspace, on the other hand, corporations may generally visit the same sites where their employees, investors, and customers vent their candid thoughts. With the assistance of Internet consultants like Cyveillance or the Internet Crimes Group, companies seeking to probe more deeply can systematically "mine" online sites and extract their content.19 Lawyers and public relations firms now routinely advise companies to monitor relevant message boards for disparaging information, either by "mining" or by using software capable of performing robotic scans. At the very least, companies can use the data that are gleaned to learn about concerns that might affect their business operations.20

Companies that come across harmful speech on the Internet and decide to act more aggressively can seek to exploit another attribute of online speech: its accountability. In the real world, it is difficult and often illegal to record communications without the consent of the speaker.21 By contrast, speech in cyberspace leaves an electronic identifier that, in many instances, can be readily traced back to its source. Because persons communicating online typically register with an Internet service provider or an operator of an online message board, a corporation that wishes to identify an anonymous online speaker can bring a lawsuit and seek to subpoena the identifying information from the provider with whom the speaker is registered.

Most companies that have been subjected to online criticism have declined to sue their online critics, perhaps recognizing that lawsuits create the risk of further publicizing the invective and of generating additional negative publicity in traditional media sources. In the past several years, however, at least eighty lawsuits have been filed by companies in federal and state courts against alleged cybersmearers.22 In one recent case, the chairman of Talk Visual Corporation, Michael J. Zwebner, settled a lawsuit against Ramon Silvestre for $1 million after Silvestre, under the alias "Rico Staris," had posted unsubstantiated accusations on stock-related chat lines that Zwebner had engaged in improper stock transactions. Under the terms of the settlement agreement, Zwebner agreed not to enforce the judgment as long as Silvestre did not "attack him or his businesses further."23 Other successes by companies in cybersmearing cases, and the corporate press releases that have trumpeted those victories, suggest that lawsuits against alleged cybersmearers will continue apace.24

Theories of Liability

Companies that have decided to sue cybersmearers have pursued a variety of legal theories, including defamation, trademark infringement or dilution, breach of confidentiality agreements, and tortious interference with business relations. Because many cybersmearing cases are dismissed or settled once the company identifies the anonymous speaker, however, the claims asserted by corporate plaintiffs seldom have been litigated to judgment. It is nonetheless instructive to review the types of claims asserted by companies in these cases.

Libel appears to be the most common claim asserted by companies that sue alleged cybersmearers. To prevail on a claim of libel, a plaintiff must prove that the defendant, acting with some degree of fault, published a statement to a third party that was unprotected by privilege and that tended to lower the plaintiff in the eyes of the community.25 Although claims of libel are notoriously difficult to win on the merits, they are relatively easy to assert, requiring little more than a recitation of the allegedly libelous statement and some general allegations of harm.26 In the past year, several companies have filed lawsuits claiming that they have been libeled by cybersmearers: in February 2000, Quest Net Corporation sued "jollyr," "ADVISORY," "Cats3," and "gman007" after detecting allegedly defamatory postings on the Raging Bull financial bulletin board; Creditrust Corporation sued Enhance Financial Services Group (EFS) in April alleging that an employee of EFS had defamed Creditrust by posting false statements about the company on a Yahoo! message board; and Credit Suisse First Boston filed suit in July 2000 seeking $1 million from eleven anonymous posters who allegedly libeled the company by making derogatory comments about an analyst.27

In cases where confidential information has been posted on the Internet, companies have also pursued legal claims arising out of the employment relationship. Several companies have sued John Doe defendants alleging that the negative online postings appear to originate from employees and thus violate corporate nondisclosure agreements. In Xircom, Inc. v. Doe, Xircom, a manufacturer and supplier of mobile communications products, sued an anonymous poster known as "A_View_From_ Within" who had allegedly posted information critical of the company on a Yahoo! message board in violation of a nondisclosure agreement.28 Under the terms of the settlement reached by the parties, the defendant's counsel agreed to reveal the client's name to several senior executives at Xircom and to confirm that "A_View_from_ Within" was not a current employee and was not employed by Xircom at the time of the postings.29 In August 2000, Thomas & Betts Corporation dismissed a suit against twelve John Doe defendants who had posted information online that the company considered to be confidential, after law-yers for Public Citizen came to the assistance of one of the pseudonymous defendants.30

In other cases, corporations attacked on the Internet have asserted claims of trademark infringement, cybersquatting, violations of securities laws, or tortious interference with prospective contractual relations.31 Given the tactics used by companies in litigating these cases and the settlement agreements that have been reached, it appears that most companies targeted by cybersmearers are primarily focused on determining the source of the disparaging speech and then squelching the speech. A recent case brought by Raytheon Corporation in Massachusetts state court demonstrates one possible outcome. After filing suit in February 1999 against twenty-one John Doe defendants who had allegedly disclosed Raytheon's confidential information on an Internet message board, Raytheon dismissed its suit after determining the names of the anonymous posters. Not surprisingly, several of the John Doe defendants who were found to be Ray-heon employees left the company shortly thereafter.32

Scope of Liability

At first glance, it may seem strange for companies to take such lengths to sue individual John Doe defendants, many of whom are not likely to be able to satisfy judgments for damages. Recent developments in Congress and in the courts, however, have provided little encouragement for companies interested in seeking deeper pockets.

In two major decisions in the 1990s, courts in New York addressed the issue of whether companies that provide Internet-related services could be held accountable for the harmful speech of their subscribers. In Cubby, Inc. v. Compu-Serve Inc., filed in the U.S. District Court for the Southern District of New York, the developers of a computer database system sought to hold the Internet service provider CompuServe liable for certain disparaging statements posted on an online news and gossip site carried by CompuServe.33 The court dismissed the claim, holding that CompuServe was akin to a "distributor" of information that had "little or no editorial control" over the contents of the publications that it carried, and thus could not be held liable unless it knew or had reason to know of the alleged defamatory statements, knowledge that the plaintiff failed to demonstrate.34

By contrast, in Stratton Oakmont v. Prodigy Services Co., decided in 1995, a state court in New York concluded that the Internet service provider Prodigy was liable for certain defamatory statements made by an anonymous poster on a Prodigy bulletin board called "Money Talk."35 The court held that Prodigy was a "publisher" of the information, not merely a "distributor," because Prodigy exercised a degree of editorial control over the bulletin board's contents.36

In 1996, Congress attempted to resolve the uncertain state of the law in
§ 230 of the Communications Decency Act.37 Section 230 effectively immunizes Internet service providers from liability for information originating with third-party users of the service. Since the Act's passage, several courts have applied § 230 to dismiss claims seeking to hold Internet service providers liable for the actions of third parties.38

Moreover, a recent decision from New York's highest court suggests that the common law may provide Internet service providers with further protection from liability. In Lunney v. Prodigy Services Co., decided in December 1999, the New York State Court of Appeals dismissed claims against Prodigy brought by a father whose son's name had been used by an impostor to post vulgar messages and profane e-mail on a Prodigy message board. The court concluded that Prodigy had a qualified privilege under the common law that protected it from liability for transmitting e-mail, that Prodigy "was not a publisher of the electronic message board messages," and that the company was not negligent in failing to detect the impostor earlier.39 The Lunney court reached this conclusion without addressing the contested issue of whether § 230 should be applied retroactively to immunize Prodigy's conduct. The U.S. Supreme Court has recently denied certiorari in Lunney, thereby clearing the way for other courts to immunize Internet service providers from liability under common law principles without reaching the issue of retroactive application of § 230.40

Identifying John Doe

In seeking to identify and combat cybersmearers, companies targeted by anonymous online critics have thus tended to view Internet service providers and operators of online message boards as allies rather than adversaries. Individuals who open accounts with Internet service providers or message board hosts must typically provide certain information for purposes of billing, including name, e-mail address, and Internet protocol address. Although most online providers agree to protect the privacy of their subscribers, the applicable service terms and privacy policies usually permit the provider to disclose subscriber information in response to a subpoena duces tecum . Corporate plaintiffs seeking to secure subscriber information pursuant to subpoena have come to expect prompt compliance from most online service providers, that now regularly employ individuals engaged in responding to subpoenas.41

Defendants and the courts, however, have begun to raise obstacles to companies seeking to obtain information about anonymous online critics. In a series of amicus briefs filed on behalf of alleged cybersmearers, public interest organizations have argued strenuously that anonymous online speech is protected by the First Amendment.42 These arguments rely heavily on the U.S. Supreme Court's 1995 decision in McIntyre v. Ohio Elections Commission, which declared unconstitutional an Ohio statute prohibiting the distribution of anonymous campaign literature.43 In McIntyre, Justice Stevens stated that "an author's decision to remain anonymous, like other decisions concerning omissions or additions to the content of a publication, is an aspect of the freedom of speech protected by the First Amendment."44

Several courts have applied McIntyre in concluding that prohibitions against anonymous or pseudonymous speech constitute content-based restrictions that should be subject to strict scrutiny.45 In ACLU v. Miller, for example, a federal court in Georgia held that a Georgia statute attempting to prohibit individuals from "falsely identifying" themselves on the Internet was an impermissible content-based restriction that "prohibit[ed] such protected speech as the use of false identification to avoid social ostracism, to prevent discrimination and harassment, and to protect privacy."46 Arguing that "compelled identification of anonymous speakers trenches on their First Amendment right to remain anonymous," lawyers for alleged cybersmearers have argued that courts should require identification of anonymous cybersmearers only when disclosure "goes to the heart" of the company's case, when all other elements of the company's case can be established, and when the company has exhausted "all other means" of proving the element for which disclosure is deemed necessary.47

Some courts that have addressed claims of alleged cybersmearing have required companies to clear procedural hurdles before permitting the identities of anonymous online speakers to be disclosed. In Columbia Insurance Co. v., the U.S. District Court for the Northern District of California, the district in which Yahoo! is located, considered the plaintiff's discovery request seeking the address of an individual who had registered certain Internet domain names that allegedly infringed and diluted the plaintiff's trademarks.48 The court held that certain "limiting principles should apply to the determination of whether discovery to uncover the identity of a defendant is warranted" and applied a four-part test to ensure that the discovery would not be used "to harass or intimidate."49

Under the four-part test adopted by the court, a plaintiff is required to: (1) "identify the missing party with sufficient specificity" to permit the court to determine that the defendant "is a real person or entity who could be sued in federal court," (2) "identify all previous steps taken to locate the elusive defendant," (3) "establish to the court's satisfaction that plaintiff's suit against defendant could withstand a motion to dismiss," and (4) file a discovery request with the court "along with a statement of reasons justifying the specific discovery requested."50

Recent briefs filed on behalf of alleged cybersmearers have cited the decision in with approval and have argued that the four-part test should apply to the defendants as well.51 Although it remains unclear if other courts will adopt the strict showing required by the court in, some courts have experimented with procedural innovations designed to preserve the anonymity of alleged cybersmearers, at least in the preliminary stages of an action.52 For example, a state judge in New Jersey has received praise from civil libertarians for requiring a corporate plaintiff to post notice of its suit on a Yahoo! message board to provide the alleged cybersmearers with the opportunity to oppose identification.53

In an area of the law that remains so unsettled, it seems likely that courts will continue to experiment with procedural innovations. Although cases that involve the disclosure of a company's trade secrets on the Internet might remain strong candidates for identifying anonymous posters, it is conceivable that other cases could be litigated satisfactorily in their initial stages without requiring the identification of individual John Doe defendants.54

It is also uncertain whether Internet service providers and message board operators will comply as promptly as they have in the past with subpoenas issued by corporate plaintiffs that seek disclosure of individual subscriber information. Although "most online service providers respond [to subpoenas] by providing the requested information," providers appear to have become more "careful about ensuring that they provide no information except in response to a facially valid subpoena."55

Online providers may become even more protective of the privacy rights of their subscribers depending on the outcome of a case filed several months ago in federal district court in California by a plaintiff known as "Aquacool_2000."56 The complaint alleges that, on or before October 1999, "Aquacool_2000," named after a brand of office water cooler, posted comments on a Yahoo! message board criticizing the management of a particular publicly traded consulting company.57 According to the complaint, the comments referred to specific company executives in extremely disparaging terms. Several months later, the company targeted by these jibes sued several John Doe defendants for defamation and issued a subpoena to Yahoo! seeking disclosure of the posters' identities. Yahoo! disclosed the information pursuant to the subpoena and the consulting firm then terminated Aquacool_2000 after filing a second lawsuit against him in federal court.

Aquacool_2000's complaint alleges that Yahoo! violated his privacy interest by furnishing information in response to his employer's subpoena without first notifying him of the subpoena and providing him with an opportunity to oppose the disclosure. The complaint alleges that Yahoo! "practices lax standards for responding to subpoenas" and that the actions of Yahoo! constitute invasion of privacy, breach of contract, false advertising, and negligent misrepresentation.

The prospect that Internet service providers might once again be exposed to liability in cases alleging online defamation may encourage them to become more scrupulous in notifying subscribers that a subpoena seeking their identifying information has been served. Notably, it has been reported that Yahoo! now provides its subscribers with fifteen days' notice before divulging personal information in response to a subpoena.58

Substantive Defenses: Hyperbole and Opinion

Because most cybersmearing cases have been settled, dismissed, or remain in the early stages of litigation, it is difficult to predict how courts or juries will assess the actual merits of the legal theories asserted in these cases. Nonetheless, several defendants accused of cyberlibel have articulated an intriguing defense: that speech on the Internet is, by its nature, language of hyperbole and opinion and thus not actionable under traditional principles of libel law. Characterizing negative online speech in this manner has important legal ramifications because, in the words of one prominent scholar of defamation, "[c]ommon law tradition has combined with constitutional principles to clothe the use of epithets, insults, name-calling, and hyperbole with virtually impenetrable legal armor."59 Moreover, under the U.S. Supreme Court's holding in Milkovich v. Lorain Journal, statements of opinion cannot be defamatory because they are not capable of being proven true or false, unless the opinion somehow conceals the existence of undisclosed facts.60

In the words of counsel for Aquacool_2000, comments posted about companies online tend to be "colloquial in tone, opinionated, speculative, and frequently caustic and derogatory," and "anyone who frequents the message boards interprets what is posted accordingly."61 Indeed, strident criticism on the Internet is so common that users have coined the term "flaming" to describe "e-mail or other electronic communication that expresses exaggerated hostility."62 Given the prevalence of flaming and other outrageous forms of online speech, some scholars have argued that online readers are attuned to these rhetorical devices and view online criticism as mere "rhetorical hyperbole or subjective speculation rather than a sober recitation of actual facts."63 With these conventions in mind, defendants accused of online defamation have argued that flaming and other intemperate online rhetoric should be nonactionable in the same way that epithets like "sleazebag" or "screwball" have been deemed by courts to be nonactionable in cases alleging libel in the real world.64

In a similar vein, defendants accused of cybersmearing have also argued that the spontaneous bursts of speech dispatched into cyberspace most closely resemble gossip, rumor, "buzz," and opinion rather than verifiable factual statements.65 Under Milkovich and its progeny, a statement that is published in a forum where readers expect to find assertions of verifiable fact is more likely to be deemed capable of being proven true or untrue, and thus actionable in defamation. By contrast, a statement uttered in a forum where readers expect to find gossip, rumor, or "buzz" is more likely to be construed as opinion, and thus nonactionable.66 As one recent decision assessing liability for Internet speech has concluded, "words have different meanings depending on the context in which they are used."67 In light of the particular context of the Internet, the court in that case held that a statement on a website that accused a company of relying on "pseudo research" was not actionable "because it constitutes an expression of opinion based on disclosed or readily available facts."68

Whether alleged cybersmearers will have the resources to litigate the contours of the hyberbole and opinion defenses, or the range of other substantive defenses that might be pleaded in cases involving negative online speech, remains another question altogether. On the one hand, persons who engage in cybersmearing are a particularly hardy bunch. Some alleged cybersmearers who have been sued have pursued counterclaims against their accusers or have sought information through discovery capable of substantiating their online criticisms.69 It should perhaps come as little surprise that a John Does Anonymous Foundation has been formed to "identify and expose . . . civil liberty violations . . . [by] various corporate entities, . . . [to] assist 'Does' in locating competent legal counsel," and to provide Internet service providers with a certification seal that acknowledges the Foundation's "approval that the licensed website meets [the Foundation's] higher standards of privacy and security."70 The Foundation's website also provides a "Legal Update" that reports on recent cases involving John Doe defendants, including a case in Oregon in which the corporate plaintiff agreed to donate $40,000 to the Foundation after being hit with a spate of counterclaims by the alleged cybersmearers.71

Nonetheless, although support groups may encourage some alleged cbersmearers to pursue their First Amendment rights in court, it seems inevitable that many defendants will face the grim prospects of litigating cases on their own. Some will be fortunate enough to attract lawyers from public interest groups or private firms, but others will face strong inducements to settle or simply default. Although so-called anti-SLAPP (Strategic Lawsuits Against Public Participation) statutes exist in several states to check frivolous defamation suits, it is not clear that these laws will adequately protect individuals accused of attacking corporate targets. A California court, for example, recently denied a defense motion to strike the complaint of, Inc., in a cybersmearing case under California's anti-SLAPP statute on the grounds that the suit did not fall within the scope of the statute.72

Conclusion: The Future of Cybersmearing

In the early days of online speech, Internet pioneers often argued that the Internet should remain an area unbounded by law and that the norms of individual users should govern. Although Internet service providers continue to post rules against offensive and defamatory speech, the recent proliferation of private lawsuits against cybersmearers suggests that the possibility of a self-regulated idyll, if ever such an idyll were possible, has long since passed.73

It is not clear at this stage what type of legal regime governing online speech will emerge from the judgments and settlements secured by private litigants. For the moment, the immunity afforded Internet service providers strongly suggests that the burden of litigating cases of alleged cybersmearing will fall on individual John Does. It seems clear, as well, that although John Doe defendants and public interest organizations have proved resilient, much of modern First Amendment law has been forged by well-financed media defendants with the resources to pay for costly litigation. Whether individual online publishers accused of cybersmearing will be able to mount the vigorous defenses of their media counterparts remains an open question.

Recent developments indicate, moreover, that the results achieved by private litigants are not the only forces regulating online speech. In the past few years, for example, federal and state securities regulators have become keenly aware that many personal investors now look to the Internet as their primary source of information about publicly traded companies. The Internet Enforcement Office of the Securities and Exchange Commission (SEC) is actively monitoring cybersmearing and has issued warnings about thinly traded "microcap" stocks that are especially susceptible to rumors and dramatic price fluctuations.74 In recent months, the SEC and criminal prosecutors have brought several high-profile suits against individuals accused of stock manipulation and other securities violations, including an enterprise organized by a ring of law students in Washington, D.C., and the recent hoax involving a false press release about the company Emulex.75 State securities regulators have also been active: regulators in California recently concluded an investigation of a man who posed on a Yahoo! message board as the former chairman and chief executive officer of Metro-Goldwyn-Mayer, Inc., allegedly in an attempt to affect the stock price.76

Technology also plays a critical role in governing online speech. As Professor Lessig has convincingly argued, "code," the architecture of software and hardware that constitutes the Internet, is a powerful and pervasive governor of cyberspace.77 If private lawsuits or governmental regulation prove unsatisfactory, companies interested in regulating online speech may instead seek to address the issue through technological innovation in the marketplace.

In this respect, the most important battle between advocates of the First Amendment and those wishing to curtail harmful online speech may be a technological one, involving the ability of remailers to strip messages of their identifying information, of Internet consultants to mine sites for content and electronic footprints, and of encryption specialists and code breakers.

The choices made by software and hardware manufacturers are also likely to play a vital role in determining the future of online speech. It is possible to imagine a computer, for example, that could function only after first scanning the fingerprint or retina of its owner. A message sent from this computer would provide the recipient with instant verifiable information as to the source. 78 It is easy to see how foolproof authentication could be a critically useful tool to validate purchase orders, provide access to confidential information, or deter online fraud. But technology of this sort would also provide companies with the ability to authenticate the sources of hostile speech.79

In considering the capacity of technology or code to regulate online speech, it is important to remember that "[t]he First Amendment prevents the outlawing of true anonymity, although it only prevents governmental interference with anonymous messages."80 Put differently, constitutional protections have limits. Considering the stakes involved, citizens have a strong interest in ensuring that the balance between corporate reputation and free speech is struck through vigorous public debate, and not only in the hushed private world of civil settlements and market forces.


1. See, e.g., John Roemer, Chatroomer, Unmask Thyself, Net Law (Aug. 1, 2000) ; Mike France & Joann Muller, A Site for Soreheads, Bus. Wk., Apr. 12, 1999, at 86, available in LEXIS, News Library, Buswk File; Elinor Abreu, Yahoo Postings Prompt More Lawsuits, Standard (July 14, 2000) .

2. See Greg Miller, Disgruntled Use Cybersmearing on Corporate Enemies, Augusta Chron. (visited Aug. 18, 2000) .

3. See, e.g., SEC Warns of Increased Cybersmearing, Fin. Net News, Dec. 13, 1999, at 2, available in LEXIS, News Library, Curnws File. For a useful discussion of postings on stock message boards and their implications for defamation law, see Lyrissa Barnett Lidsky, Silencing John Doe: Defamation & Discourse in Cyberspace, 49 Duke L.J. 855 (2000).

4. Blake A. Bell, Dealing with False Internet Rumors: A Corporate Primer

(visited Aug. 23, 2000) .

5. See Susan Mirmira, Business Law: Lunney v. Prodigy Services Co ., 15 Berkeley Tech. L.J. 437 (2000). As one author has noted, computer message boards "allow the instant transmission of thoughts and ideas to millions of potential readers." Paul R. Niehaus, Comment, Cyberlibel: Workable Liability Standards?, 1996 U. Chi. Legal F. 617.

6. Lidsky, supra note 3, at 864.

7. 521 U.S. 844, 853 (1997).

8. As one commentator has observed, "the Internet allows John Doe to target a message to an audience with common interests and concerns, the very audience likely to be most receptive to his comments." Lidsky, supra note 3, at 884. See also Jonathan Zittrain, The Rise and Fall of Sysopdom, 10 Harv. J.L. & Tech. 495, ¶ 10 (Summer 1997) ("The few real-world analogies to the type of interaction possible within newsgroups and their kin-clubs, churches, neighborhood cafes-are, sadly, in decline.").

9. See SEC Charges Internet Message Board Poster with Securities Fraud, SEC Litig. Release No. 16493 (discussing SEC v. Moldofsky, No. 00 Civ. 2425 (S.D.N.Y.)) (Mar. 30, 2000) (visited Aug. 28, 2000) .

10. On remailers and other companies that seek to protect online anonymity, see Jeffrey Rosen, The Unwanted Gaze: The Destruction of Privacy in America 173-78 (2000); Anne Wells Branscomb, Anonymity, Autonomy, and Accountability: Challenges to the First Amendment in Cyberspace, 104 Yale L.J. 1639, 1643 (1995); and Michael H. Spencer, Anonymous Internet Communi-cation and the First Amendment: A Crack in the Dam of National Sovereignty, 3 Va. J.L. & Tech. 1, ¶¶ 26-27 (1998).

11. See, e.g., Howard Kleinberg, Destroying Reputations in Cyberspace, Chattanooga Times/Free Press, Apr. 16, 2000, at F4, available in LEXIS, News Database, Curnws File. The e-mail hoax is set forth at (visited Aug. 30, 2000).

12. The fraud involving the electronics company Emulex is only the most recent example. Shares of Emulex initially lost roughly $2.5 billion in value after a former employee of Internet Wire, an online news service, allegedly sent a bogus press release to the service. See Alex Berenson, Arrest in Stock Fraud That Used Fake News Release, N.Y. Times, Sept. 1, 2000, at A1.

13. See Zittrain, supra note 8, ¶ 28.

14. Deborah Turcotte, Bangor Man Targets Wal-Mart on Internet (visited Aug. 22, 2000) .

15. See (visited Aug. 18, 2000).

16. Lawrence Lessig, Code and Other Laws of Cyberspace 80 (1999).

17. Id. at 81.

18. Joyce Cohen, Revenge Among the Nerds, N.Y. Times, Aug. 24, 2000, at E1.

19. The website of Cyveillance, for example, touts the company's "ability to mine and analyze the Internet's billions of pages." See . The services offered by the Internet Crimes Group, Inc., include identifying "[a]nonymous message or newsgroup posters," "[p]rotest or hate website . . . ownership analysis," and "Internet rumor (cyber-smear) origination." See .

20. Some companies apparently have attempted to preempt hostile criticism by registering domain names containing the words "sucks," "Ihate," or "isnotfair." Here, too, companies may face challenges. The Consumer Project on Technology has asked the Internet Corporation for Assigned Names and Numbers (ICANN) to prohibit this practice and to establish top-level domain names that would actually encourage protest. See John P. Mello, Bad. Publicity., CFO, Apr. 15, 2000, available in LEXIS, News Library, Curnws File.

21. The saga involving the recordings made by Linda Tripp is one prominent recent example. See Del Quentin Wilber, Tripp Wiretap Charges Dropped; Judge Excluded Lewinsky Testimony, Doomed Md. Case, Balt. Sun, May 25, 2000, at 1A, available in LEXIS, News Library, Curnws File.

22. Roemer, supra note 1. For a list of corporate cybersmear lawsuits, see, Corporate Cybersmear Lawsuits (visited Aug. 23, 2000) lawsuits/cases_corporate_cybersmears.htm>.

23. See, e.g., Talk Visual Chairman Michael J. Zwebner Obtains a Second Lawsuit Award of $1 Million Against Internet Poster, Bus. Wire, July 25, 2000, available in LEXIS, News Library, Curnws File; Settlement Ends Litigation over Anonymous Internet Messages, 6.11 EPIC Alert (Electronic Information Privacy Ctr. (EPIC)) (July 15, 1999) .

24. See, e.g., Imaging Diagnostic Obtained Injunction in Cybersmear Lawsuit, PR Newswire, July 14, 2000, available in LEXIS, News Library, Curnws File (discussing entry of final judgment against defendant Steven Cortopassi a/k/a "docpatel" enjoining Cortopassi from publishing false or defamatory statements concerning developer of laser-based imaging device).

25. Because publicly traded companies are likely to be considered public figures for purposes of defamation law, the company must typically demonstrate that the statement was published with knowledge of its falsity or with reckless disregard for the statement's truth in order to prevail.

26. This is not to suggest that plaintiffs can be careless in pleading the elements of libel, including setting forth the alleged defamatory words. Nonetheless, the decision of several state legislatures to pass statutes designed to deter frivolous libel claims testifies to the relative ease of asserting this type of reputational injury.

27. See, e.g., Quest Net Granted Another Injunction in Cybersmear Lawsuit, Bus. Wire, May 8, 2000, available in LEXIS, News Library, Curnws File; Internet Postings Are Protected by First Amendment, Says Insurer, E-Trading Legal Alert, July 21, 2000, available in LEXIS, News Library, Curnws File; Abreu, supra note 1.

28. See Settlement Ends Litigation, supra note 23; see also Megan E. Gray & Gregory L. Vinson, John Doe Suits Challenge the Right to Anonymity on the Internet, LDRC LibelLetter (Libel Defense Resource Ctr.), July 2000, at 15. Ms. Gray represented the defendant John Doe in the Xircom case.

29. A copy of the press release accompanying the settlement is set forth in an e-mail from attorney Megan Gray to the Cyberia Listserve, an online service concerned with cyberlaw issues. See CYBERIA-L@LISTSERV.AOL.COM, available at .

30. See Thomas & Betts Voluntarily Dismisses "John Doe" Suit (Public Citizen) (visited Aug. 24, 2000) .

31. See, e.g., H-Quotient, Inc., Files Suit Against Alleged Stock Manipulators, PR Newswire, Aug. 4, 2000, available in LEXIS, News Library, Curnws File (discussing lawsuit filed in Virginia federal court alleging stock manipulation).

32. See Firm Ends 'John Doe' Lawsuit After Learning Identities, 6.08 EPIC Alert (Electronic Information Privacy Ctr. (EPIC)), June 1, 1999 available at .

33. 776 F. Supp. 135 (S.D.N.Y. 1991). See also Sheri Hunter, Defamation and Privacy Laws Face the Internet, 17 Comm. Law. 3 (1999) available at ; Robert T. Langdon, Note, The Communications Decency Act § 230: Make Sense? or Nonsense?-A Private Person's Inability to Recover If Defamed in Cyberspace, 73 St. John's L. Rev. 829, 837-38 (1999).

34. Cubby, 776 F. Supp. at 140-41.

35. Stratton Oakmont Inc. v. Prodigy Servs., 24 Media L. Rep. (BNA) 1794 (N.Y. Sup. Ct. 1995).

36. Id.

37. 47 U.S.C. § 230.

38. See, e.g., Blumenthal v. Drudge, 992 F. Supp. 44, 50 (D.D.C. 1998); Zeran v. Americaa Online, Inc ., 129 F.3d 327, 332 (4th Cir. 1997), cert. denied, 524 U.S. 937 (1998 ). See also John C. Turner, Latest Appellate Ruling Absolves ISPs from Defamation Liability, Conn. Law Trib., May 29, 2000, available in LEXIS, News Library, Curnws File (discussing recent decision in Doe v. Oliver, 755 A.2d 1000 (Conn. Super. Ct. 2000), holding that § 230 immunized Internet service provider from liability).

39. Lunney v. Prodigy Servs. Co., 723 N.E.2d 539 (N.Y. 1999), cert. denied, 120 S. Ct. 1832 (2000).

40. See Stephen Williams, Law Sides with Web Providers, Newsday, May 2, 2000, at A39, available in LEXIS, News Library, Curnws file.

41. See, e.g., Rosen, supra note 10, at 176 (discussing group of employees at Yahoo! responsible for responding to subpoenas).

42. See, e.g., Memorandum of Public Citizen as Amicus Curiae in Opposition to the Requested Discovery, Dendrite Int'l, Inc. v. John Does Nos. 1 through 4, No. MRSC-129-00 (N.J. Super. Ct.) (Public Citizen) (visited Aug. 24, 2000) ("It is well-established that the First Amendment protects the right to speak anonymously."); Memorandum of Points and Authorities in Support of Special Motion to Strike (Code Civ. Proc., § 425.16), Thomas & Betts Corp. v. Does 1 through 50, No. GIC 748128 (Cal. Super. Ct.) (Public Citizen) (visited Aug. 24, 2000) (same); Memorandum in Opposition to Motion for Preliminary Injunction and in Support of Motion to Dismiss, Circuit City Stores, Inc. v. Shane, No. C-1-00-0141 (S.D. Ohio) (Public Citizen) (visited Aug. 24, 2000) (claiming that holding alleged cybersmearer liable for trademark violations "would violate the First Amendment"); Defendant's Memorandum in Opposition to the Motion for a Preliminary Injunction and in Support of Her Motion to Dismiss, ServiceMaster Co. v. Virga, No. 99-2866-TUV (W.D. Tenn.) (Public Citizen) (visited Aug. 24, 2000) (arguing that "consumer commentary" of alleged cybersmearer was "protected by the First Amendment").

43. 514 U.S. 334 (1995).

44. McIntyre, 514 U.S. at 342.

45. See, e.g., American KKK v. City of Goshen, 50 F. Supp. 2d 835, 842 (N.D. Ind. 1999) ("By prohibiting anonymity, it is a direct regulation of the content of speech or expression.").

46. 977 F. Supp. 1228, 1233 (N.D. Ga. 1997).

47. See, e.g., Memorandum of Public Citizen as Amicus Curiae in Opposition to the Requested Discovery, supra note 42.

48. 185 F.R.D. 573 (N.D. Cal. 1999).

49., 185 F.R.D. at 578.

50. Id. at 578-80.

51. See, e.g., Memorandum of Public Citizen as Amicus Curiae in Opposition to the Requested Discovery, supra note 42.

52. The test applied in has been criticized as "drastic" and "largely unworkable" by at least one practitioner. Jeffrey B. Rudman et al., D&O Liability in Cyberspace: Taking Advantage of Technology Without Tripping Over the Federal Securities Laws (Part III of III), E-Trading Legal Alert, July 21, 2000, at 3, available in LEXIS, News Library, Curnws File. The decision in has been cited with approval, however, by another court in the Ninth Circuit, in a case involving a suit against the FBI and five John Doe defendants. See Stewart v. FBI, No. CV-97-1595-ST, 1999 U.S. Dist. LEXIS 18784 (D. Or. Oct. 13, 1999).

53. See, e.g., Memorandum of Public Citizen as Amicus Curiae in Opposition to the Requested Discovery, supra note 42 ("Public Citizen commends the Court for its sua sponte decision requiring the plaintiff to publish a notice on the Yahoo message boards . . . thus giving the anonymous posters an opportunity to appear before this Court to defend their right to anonymity.").

54. In theory, it is not necessary to disclose an individual's name to determine whether personal jurisdiction exists in the forum state. Motions to dismiss for failure to state a claim, which primarily turn on legal and not factual issues, also would not necessarily require identification of the defendant. For a general discussion of John Doe litigation, see Joan Steinman, Public Trial, Pseudonymous Parties: When Should Litigants Be Permitted to Keep Their Identities Confidential?, 37 Hastings L.J. 1 (1985).

55. See Steven Lieberman, A Review of Some Practical Aspects Concerning How Interactive Computer Services Deal With Complaints (Defamation, Invasion of Privacy, etc.) Regarding Third-Party Content, (Libel Defense Research Ctr.) (visited Aug. 29, 2000) . Lieberman suggests that the decision in McVeigh v. Cohen, 983 F. Supp. 215 (D.D.C. 1998), which concluded that America Online had improperly provided information relating to Timothy McVeigh to the U.S. Navy without a warrant, provoked Internet service providers to exercise greater care in responding to subpoenas.

56. See, e.g., Michael D. Goldhaber, Associates: Cybersmear Pioneer, Nat'l L.J. (July 10, 2000); see also Lauren Gard, Yahoo Hit with Novel Privacy Suit, Legal Intelligencer, May 16, 2000, at 4, available in LEXIS, News Database, Curnws File; Anonymous Message Board Poster Sues Yahoo! for Disclosures, 7.09 EPIC Alert (/Electronic Information Privacy Ctr. (EPIC)), May 15, 2000 (visited Aug. 23, 2000) .

57. Complaint, Doe v. Yahoo! (N.D. Cal. 2000), available at .

58. Abreu, supra note 1.

59. James J. Sack, Libel, Slander and Other Related Problems § 2.4.7 (3d ed. 2000).

60. 497 U.S. 1 (1990).

61. Complaint, supra note 57.

62. Lessig, supra note 16, at 253 n.31.

63. Lidsky, supra note 3, at 919. As another expert in Internet norms has argued, "[i]t is unclear that, as a matter of policy, we would want to hold individuals' rant-ings-no matter how much exposure they get-to the same standards we hold those of professional publishers." Zittrain, supra note 8, ¶ 31.

64. See, e.g., ACLU Seeks Dismissal of Judge's Libel Lawsuit Against Internet Author (ACLU) (visited Aug. 28, 2000) .

65. See, e.g., Memorandum of Points and Authorities in Support of Special Motion to Strike, supra note 42 (arguing that "casual statements about a company on a Yahoo! message board express opinions, rather than facts" akin to "'stock tips' in financial publications, or commentary in financial newsletters").

66. Sack, supra note 59, §

67. Agora, Inc. v. Axxess, Inc., 90 F. Supp. 2d 697, 702 (D. Md. 2000) (internal quotation omitted). Accord, Zittrain, supra note 8, ¶ 31 ("Indeed, identical words conveyed in different media by different entities might have quite different meanings or impacts.").

68. Agora, 90 F. Supp. 2d at 703.

69. See, e.g., Blake A. Bell, On the Internet; Plaintiff Corporations Face Reprisals from Cybersmear Defendants, Corp. Counsellor, Jan. 2000, at 1, available in LEXIS, News Library, Curnws File.

70. The site is accessible at .

71. The case involved a suit brought by ITEX Corp. against roughly 100 John Doe defendants. See Legal Update (John Does Anonymous Foundation) (visited Aug. 24, 2000) .

72. See Defendant's Motion to Strike Cybersmear Complaint as Improper SLAPP Denied by Court, 2 CyberSecuritiesLaw Trib., Aug. 21, 2000 .

73. For example, Yahoo!'s terms of service prohibit "unlawful, harmful, threatening, abusive, harassing, tortious, defamatory, vulgar, obscene, libelous . . . [or] hateful" speech, including speech that is "racially, ethnically or otherwise objectionable" or "invasive of another's privacy." Yahoo! Terms of Service (visited Aug. 28, 2000) . The Rules of User Conduct of America Online prohibit speech that is "unlawful, threatening, abusive, harrassing [sic], defamatory, libelous, deceptive, fraudulent . . . tortious" speech that is "invasive of another's privacy, . . . [or] victimizes, harasses, degrades, or intimidates an individual or group of individuals." From AOL.COM Rules of User Conduct (visited Aug. 28, 2000) .

74. See, e.g., About Microcap Fraud (SEC) (visited Aug. 28, 2000) ; see also Microcap Stock: A Guide for Investors (SEC) (visited Aug. 28, 2000) ; Blake A. Bell, E-Broker Chat Rooms and Federal Securities Laws (visited Aug. 23, 2000) .

75. See, e.g., SEC Sues Washington, DC-Area Law Students for Internet Price Manipulation Scheme; Scheme Architect's Mother-a Colorado Springs, CO City Councilwoman-Also Charged (SEC) (visited Aug. 28, 2000) ; SEC Files New and Expanded Charges Against Two Defendants in NEI Webworld Internet Stock Manipulation Case; Both Plead Guilty to Criminal Charges, SEC Litig. Release No. 16620 (discussing SEC v. Golshani, No. 99-13139 (C.D. Cal.)) (visited Aug. 28, 2000) ; Berenson, supra note 12.

76. California Regulators Settle with Man Who Posed as MGM's Frank Mancuso Online, 2 CyberSecuritiesLaw Trib., Aug. 15, 2000 .

77. Lessig, supra note 16, passim.

78. See Rosen, supra note 10, at 180 (discussing fingerprinting and retinal scans). For a recent assessment of technological innovations and online anonymity, see Hearing before the House Subcomm. on Courts and Intellectual Property of the House Judiciary Comm. (June 29, 2000) (statement of Jonathan Zittrain, Executive Director, Berkman Center for Internet & Society, Harvard Law School), available at .

79. "As the Net is being remade to fit the demands of commerce, architectures are being added to make it serve commerce more efficiently. Regulability will be a by-product of these changes. Or put differently, the changes that make commerce possible are also changes that will make regulation easy." Lessig, supra note 16, at 30.

80. Branscomb, supra note 10, at 1641.


Bruce P. Smith ( is an associate at Covington & Burling in Washington, D.C. The views expressed are those of the author and do not necessarily represent those of Covington & Burling or its clients.

Back to Table of Contents