Chapman Law Review
Consumer Law Symposium
PUNITIVE DAMAGES IN CYBERSPACE: WHERE IN THE WORLD IS THE CONSUMER?
Copyright (c) 2004 Chapman Law Review; Michael L. Rustad
The Internet offers American consumers a global marketplace open 24 hours a day, 365 days a year. By 2004, online commerce is projected to account for nearly seven trillion dollars. Currently, there are 262.3 million English-speaking Internet users with 280 million projected for 2004. The worldwide online population is projected to be between 709 and 945 million. In the United States there are 182.1 million people online, accounting for 65% of that population. “With the ability to reach millions of Internet users simply by establishing a website, tens of thousands of companies are expected to take advantage of electronic commerce, ‘redefining and restructuring the distribution of goods and services.”’
The risks to consumers in this global marketplace are many. Consumers are flooded with virus-infected e-mail, spam, and a variety of fraudulent online scams. Online criminals use the technique of “phishing” to trick consumers into giving their credit card numbers by sending fraudulent e-mails posing as banks, financial service providers, or Internet Service Providers (“ISP”). The e-mails often have direct hyperlinks to unaffiliated web sites that mirror the sites of trusted institutions.
The Internet makes it effortless for impostors to assume false identities, and therefore, it is a seamless haven for identity theft. The seamy side of the Internet is rapidly becoming a global Petri dish for new torts and crimes perpetrated against consumers. Consumers face a multitude of potential risks as the result of unsavory practices by Internet retailers. The following three horror stories illustrate the systematic ways wrongdoers are preying upon consumers in cyberspace:
The Naked Internet Consumer–In June of 2001, Eli Lilly and Co. inadvertently released the e-mail addresses of 669 medical patients who had registered at its web site to receive messages regarding health-related matters, such as reminders to take certain medications. Eli Lilly settled with the states, but no individual obtained a damages award in this significant compromising of consumer privacy.
Consumers as “Phish” Food in Online Auctions–The majority of consumer frauds arise out of online auction sales. This is due in large part to online fraudsters who use a technique called “phishing” to defraud consumers who use eBay. When phishing, a con artist sends a consumer what appears to be an “‘official’ e-mail message directing the person to a counterfeit site where they are encouraged to ‘update their account.”’ The criminal uses the information provided by the consumer to hijack his or her credit card and identity. A survey of Internet fraud found that online auctions accounted for 90% of consumer losses in 2002. The government’s Internet Fraud Complaint Center reports that online auction fraud has comprised 46% of complaint referrals since 2000.
Stalking Children in the Internet’s Red Light District–Con artists frequently target children online. In one instance, a notorious “typosquatter” registered domain names that employed misspellings of other popular Internet domain names for children-oriented websites, such as Teletubbies and Disneyland, in order to attract children to adult entertainment sites. When children accidentally misspelled the domain names for the children’s sites, they were redirected to adult entertainment sites where fees were automatically charged for each child’s click stream.
As demonstrated by the above examples, many of the online injuries suffered by consumers are the product of truly reprehensible wrongdoing deserving of punitive damages. This Article presents the results of the first empirical study of the role that punitive damages have played in redressing consumer injuries during the first decade of Internet-related litigation. It provides definitive data on the number, size, post-verdict history, and factual circumstances underlying punitive damages in cyberspace. Currently, punitive damages play no meaningful role in protecting consumers in cyberspace despite the epidemic of wrongdoing that goes undetected and unpunished by public authorities.
Tort law has always evolved to address new forms of misbehavior. In the latter half of the twentieth century punitive damages were awarded against product manufacturers who knowingly marketed their products with excessive, preventable danger. Tort remedies have the potential of filling the gap left by ineffective criminal sanctions against cyberwrongs such as online stalking. Public enforcement needs to be augmented by consumers operating as “private attorneys general” who pursue punitive justice against corporate wrongdoers. “The primary function of punitive damages is to punish, to deter private actors from making particularly egregious decisions harmful to society.”
Part II examines the case characteristics of Internet lawsuits where plaintiffs initiated causes of action in state and federal courts in the United States between 1992 and 2002. The analysis of plaintiffs’ victories in Internet cases has a domestic focus, employing a database that includes virtually all U.S. plaintiff victories in Internet cases. This database permits the first comprehensive examination of: (1) the frequency of punitive damages in Internet cases; (2) the specific causes of action on which the remedy was based; (3) plaintiff and defendant characteristics; and (4) the role punitive damages plays in the cyber-litigation system. A content analysis of all Internet-related cases reveals that no consumer obtained punitive damages during a decade of cyberlaw litigation.
At present, punitive damages serve as a form of corporate self-help to assist corporations in protecting rights and consolidating market share in cyberspace. Part III explores the reasons why punitive damages have not yet developed as a consumer protection remedy in cyberspace. This Article will demonstrate that punitive damages are a necessary deterrent against Internet wrongdoers where the probability of discovery is low and the harm to consumers is generally undetected and unpunished by public authorities.
II. EMPIRICAL STUDY OF PUNITIVE DAMAGES IN CYBERSPACE
A. Research Methods
To obtain a more complete understanding of the roles that judges and juries play in the rapidly evolving arena of cyberspace litigation, all Internet-related cases in which a plaintiff received a punitive damages award were surveyed. This database of punitive damages awards in cyberspace was drawn from a variety of published and unpublished court opinions from the decade of 1992 to 2002. The appendix to this article describes the research methods and sources consulted to assemble the database on punitive damages in cyberspace. The research universe for this study is all Internet-related cases decided in state and federal courts during the first decade of Internet litigation. Each of the reported findings is drawn from a larger universe of 484 cases in which plaintiffs received legal or equitable relief in an Internet-related case in a U.S. state or federal court between 1992-2002. The research findings reported below focus upon the cases in which prevailing cybertort plaintiffs received a punitive damages award.
B. Research Findings
1. Punitive Damages in Cyberspace Are Increasing and Being Awarded at a Higher Rate than in Traditional Tort Caseloads
Table One depicts the forty-nine Internet related cases in which a plaintiff received a punitive damages award in all state and federal courts for the decade ranging from 1992 to 2002. The overall rate of punitive damages was roughly 10% of all Internet cases (49 of 484) in which either equitable or legal remedies were granted. Punitive damages are far more likely to be awarded in cybertort cases in which at least some monetary award was made. In the 187 cyberspace cases where money damages were awarded, punitive damages were also assessed in 49 cases (26%).
Table One suggests that the overall rate of punitive damages is greater in the Internet realm than in the real space world. All of the empirical studies of punitive damages agree that the rate of punitive damages is less than one in ten in cases where the plaintiff prevailed. The most comprehensive study of punitive damages in state courts was completed by researchers at the Bureau of Justice Statistics (“BJS”). The BJS study of civil courts of seventy-five of the largest American counties found that “[o]f the 12,026 verdicts in the sample, plaintiffs won a total of 364 punitive damages awards,” which was less than 6% of the cases. All prior empirical studies of the rate of punitive damages confirm that the overall rate is substantially lower than in cyberspace cases. The higher overall rate of punitive damages may be explained by the fact that every case involved a defendant whose conduct was intentional. Another explanation would be that many of the cases involved repeat offenders such as spammers, pornographers, or wrongdoers who fled the jurisdiction.
Still, there were less than fifty punitive damages awards in a decade in all state and federal courts. The high-water mark for punitive damages in Internet cases occurred in 2001 with a total of only fifteen awards in all state and federal courts. As these numbers demonstrate, punitive damages are still a thimble-full of cases in the ocean of litigation.
2. Show Me the Money: Punitive Damages Are Mostly Found in Intentional Tort Cases Filed By Businesses To Recoup Economic Loss
The first decade of punitive damages in cyberspace shares common ground with eighteenth-century English law where the elite used the legal system to achieve greater power. Forty-five of the forty-nine punitive damages awards arose out of predominately cybertort cases, but every tort cause of action in the cyberlaw punitive damages sample arose out of an intentional tort. Most punitive awards arose in business tort cases filed by online or bricks-and-mortar businesses. Cybertort punitive damages were predominately awarded in economic loss cases rather than personal injury cases, which are the province of traditional tort law. Punitive damages in Internet-related cases have not yet developed in cases based upon negligence or strict liability.
The few cases where individuals obtained punitive damages often were in cases involving reputation or privacy injuries. In fact, online defamation cases alone accounted for 29% of all punitive damages awarded in cyberspace cases during the ten-year period of the study. For example, a doctor defamed by an Internet posting charging him with taking kickbacks led to a punitive damages award. In another case, a University of North Dakota physics professor won a large punitive damages award against a former graduate student who accused him in online postings “of being a pedophile and having odd sexual habits.” In a Florida case awarding punitive damages, an Internet web page contained numerous defamatory postings pertaining to the plaintiff and his children.
The most interesting aspect of Table Two is the missing cybertort remedies that have yet to develop. No consumer was awarded punitive damages in a products liability action for bad software, the transmittal of a virus, or a faulty Internet security product. No consumer prevailed in a medical malpractice case arising out of telemedicine. Moreover, not a single punitive damages award was handed out in any substantive area of the law predicated upon either negligence or strict liability.
Surprisingly, there were no personal injury lawsuits arising out of a decade of Internet sales or services. Punitive damages in cyberspace cases were predicated upon intentional tort causes of action, generally in business disputes. The business tort cases, which accounted for nearly half of the punitive damages awards (45%), included actions for the intentional interference with contract, unfair and deceptive trade practices, intentional interference with economic opportunities, intentional interference with noncommercial opportunities, unfair competition, fraudulent misrepresentation, and the misappropriation of trade secrets. However, most of the Internet-related business tort cases involved large companies suing rivals or other companies interfering with their businesses.
A typical business tort case where punitive damages were awarded occurred when one dot-com company sued another dot-com over a generic domain name. Punitive damages were also awarded in a wrongful discharge case against a former dot-com company. Bitter internecine business disputes between online companies and employees accounted for another large segment of cases.
The legally protected interest in the vast majority of cybertort awards was to protect intellectual property interests such as trademarks, domain names, or trade secrets. A court levied a $65 million judgment against an online pornographer for pirating the sex.com domain name. The court’s award included $25 million in punitive damages to punish the defendant’s fraudulent scheme perpetrated by a forged letter to a domain name registrar.
In Brookfield Communications, Inc. v. West Coast Entertainment Corp., the Ninth Circuit reversed the district court’s denial of an injunction prohibiting a competitor’s use of its rival’s trademark in a domain name as well as in metatags on its web site. The dispute grew out of the defendant’s use of metatags with its rival’s trademark to increase the traffic to another web site. The court compared the misuse of metatags and the diversion of web traffic from the rightful trademark owner’s site to “posting a sign with another’s trademark in front of one’s store.” On remand, the District Court denied summary judgment for punitive damages, holding that there was a triable fact as to whether West Coast was aware of Brookfield’s rights at the time.
The dataset demonstrates that punitive damages have not yet evolved as a sanction to punish and deter unfair or deceptive practices against consumers in cyberspace. Few plaintiffs found any legal remedy for violations of Internet security, data mining, or the invasion of privacy, although hardly a day passes when there is not a media account of some egregious breach of Internet privacy.
3. Punitive Damages Do Not Arise Out of Consumer Transactions
Many individual plaintiffs obtained punitive damages for aggravated misconduct growing out of the employment relationship. Although individuals were the largest prevailing plaintiff category, these cases did not arise out of business-to-consumer transactions. For example, no consumer won an award against an Internet seller or renderer of services in a decade of cyberlaw cases. Rather, 100% of the punitive damages awarded to individuals in cyberlaw cases were non-consumer in nature. It is remarkable that for a ten year period, in all U.S. federal and state courts, not a single consumer prevailed in a cyberlaw case in which punitive damages were awarded.
Individuals were the plaintiffs in one of every two punitive damages verdicts in Internet tort cases. However, punitive damages in cyberlaw cases played no meaningful role as a means of consumer protection for individuals. In a decade of punitive damages awards, no case arose out of an online sale or service which could be classified as a consumer transaction. Punitive damages, for example, were not awarded for the failure of online merchants to deliver goods or defective software. Furthermore, no consumer received punitive damages for non-consented transfers of their personal information.
Punitive damages awarded in favor of individuals arose out of non-consumer contexts such as the employment relationship or in disputes between individuals. When punitive damages were awarded to individuals, it was often in the context of incendiary exchanges on listservs, web sites, or e-mails. Nasty neighborhood disputes sometimes morphed into full-scale punitive damages warfare. The category of cases awarding punitive damages to individuals involved online stalkers, vengeful neighbors, and sexual harassers. For example, when a neighbor published derogatory statements on an Internet web page about a family, the target obtained punitive damages in a Florida court. In that case, the defendant also published photographs of the plaintiff’s minor child as well as the child’s name, address, and telephone number on the web site. The plaintiff’s punitive damages award was based on the common law torts of trespass, slander, nuisance, and intentional infliction of emotional distress.
Many of these non-consumer cases involved business torts where an individual filed suit against a company. In one highly publicized case, two former research scientists employed by a high tech company published over 14,000 defamatory and vulgar messages on their web site and on over 100 Internet message boards. The postings targeted two current corporate executives, accusing them of “having extramarital affairs, videotaping office bathrooms, chronically lying and hallucinating.” In another case, a urologist obtained punitive damages against a defendant pathologist and his affiliated medical corporation for anonymous postings on the Internet. Punitive damages were based upon the false accusation that the plaintiff was accepting kickbacks from a bidding company.
Many individual plaintiffs obtained punitive damages for aggravated wrongdoings growing out of the employment relationship. In one bizarre case, a female employee received punitive damages when another employee and his son used the Internet to harrass her by exposing her to web sites devoted to sexual perversion. In another instance, Internet America and its executives were assessed $100,000 in punitive damages, with a total verdict of more than $6 million, in an Internet-related lawsuit for defrauding their former financial officer. The former Internet America executive’s contention was that the president of the company defrauded her by convincing her to sell off her stock at a mere $0.80 per share just prior to a successful Initial Public Offering (“IPO”).
The second largest plaintiff category is national or international corporations (16%) followed by medium (14%) and small (12%) companies. Court decisions have aided large stakeholders in expanding their identity and intellectual property rights in the new economy. The typical business plaintiff is a “repeat player” or a large corporation with substantial legal and financial resources, such as Playboy Enterprises and America Online (“AOL”). According to the survey of cases, the largest stakeholders of the Internet economy were using punitive damages as a tool for consolidating their market share in the Internet economy. Therefore, most cyberlaw cases in the business context feature large Internet companies suing newly-established companies or individuals.
Cybersquatters were frequently sued by powerful Internet industry stakeholders for trademark infringement. John Zuccarini, a notorious cybersquatter, earned millions by registering domain names based upon the common misspellings of trademarks, a practice called “typosquatting.” For example, in one case, Zuccarini was ordered to pay damages and attorney fees based upon a finding that the defendant’s use of domain names was “confusingly similar,” thereby constituting a violation of the federal Anti-Cybersquatting Consumer Protection Act, and an infringement of a famous trademark. The court ordered greater damages because the defendant was a recidivist who had been enjoined from registering misspelled names in suits brought by other companies. In another case, America Online sought injunctive relief, compensatory damages, and punitive damages against AT&T, a competing ISP, in a trademark infringement action because AT&T was using the terms “Buddy List,” “You have Mail!,” and “IM Here.”
While large corporations are often plaintiffs in these cases, they rarely find themselves on the defense side of cyberlaw lawsuits. In cases where large corporations were named defendants, punitive damages were rarely awarded. Likewise, the government was a defendant in fewer than 2% of cyberlaw cases–primarily Internet speech cases. Again, punitive damages were rarely assessed. Rather, defendants such as spammers and online pornographers accounted for most of the punitive damages awards in business tort cases. In cyberspace, the “repeat players” such as America Online and other large Fortune 500 companies have the economic and legal resources needed to successfully litigate punitive damages lawsuits.
No straightforward enforcement mechanism exists for enforcing tort judgments against web site providers who have no physical presence within the United States. Cyberspace judgments are only enforceable if the defendant has assets subject to legal process in the plaintiff’s forum state. American courts require the plaintiff to prove minimum contacts sufficient to satisfy due process over a nonresident defendant. Courts have declined jurisdiction in many Internet-related cases, ruling that a passive web site alone is an insufficient basis for jurisdiction. For a court to exercise jurisdiction, the defendant must have sufficient “minimum contacts” such that they have “purposefully availed” themselves of the privilege of doing business in the forum. The issue of purposeful availment turns on factual circumstances such as whether the web site targeted residents in the plaintiff’s jurisdiction.
4. Punitive Damages Are Awarded In Internet Economy Strongholds
Punitive damages in cyberspace between 1992-2002 were handed down in only a handful of states. The state of California accounted for approximately one in three punitive damages awards (N=16, 33%). Texas ranked second with 9 of the 49 punitive damages awards (18%) followed by Virginia with four (8%) and Georgia and Illinois with three each. These five states were the only jurisdictions that handed down three or more punitive damages awards in Internet-related cases during that ten-year period. Seventy-one percent of punitive damages in cyberspace cases were awarded in these five jurisdictions (N=35). Only twelve other states had one or more punitive damages awards during a decade of Internet-related litigation in all federal and state courts.
Table Four documents that punitive damages coalesced in the epicenters of the Internet economy and were correlated with the location of key Internet companies. Table Four also confirms that the cyber-jurisdictional hot spots roughly correspond to centers of the Internet economy. A disproportionate number of punitive damages awards were made in states with powerful computer-based, entertainment or software industries. Two information-age leaders, California and Texas, accounted for greater than half of the punitive damages awards handed down in the decade 1992-2002. In many of these cases the plaintiff was a Texas or California corporation seeking redress against domain name entrepreneurs, cyberpirates, or online business competitors.
The greater incidence of punitive damages may be partially explained by the prominence of these states in the information economy. California’s robust pattern of litigation is due to the dominance of the entertainment, high technology, and software industries. Similarly, Texas is rapidly becoming an epicenter of the computer software industry. Another notable mention is the Northern District of Virginia, where a flurry of anti-spam cases filed by America Online accounts for almost all of Virginia’s punitive damages caseload in the decade studied. As we shall see, the empirical evidence suggests that punitive damages served primarily as a corporate means of legal control to protect the information industries in these states from spammers, cyberpirates, infringers, and other Internet wrongdoers.
5. Punitive Damages Act as a Form of Corporate Self-Help
a. Corporate Dominance in Cyberspace
Forty-nine percent of the cyberlaw punitive damages awards were assessed in favor of companies classifiable as either predominately a brick-and-mortar company or one in the information industry. A content analysis of the cases in these industries confirms that corporate America is a major beneficiary of the punitive damages sword. Companies in all industries outnumber individual plaintiffs and many of the disputes involve powerful Internet stakeholders vindicating their rights in cyberspace. The individual plaintiffs depicted in Table Five prevailed in cases arising out of non-consumer claims. Stockholders, investors, or employees received punitive damages in only three of the forty-nine (6%) Internet-related cases involving securities fraud or the failure to pay stock options. The residual “other” category included a few nonprofit organizations. The next subsection examines the functions of punitive damages for corporate plaintiffs in business-to-business transactions.
b. Corporate Self-Help Remedy in Cyberspace
i. Protecting Trade Secrets in Cyberspace
In the Internet economy, the crown jewels of a company may be confidential information such as source code or methods of doing business online. Accordingly, companies have used punitive damages as a tool to redress the misappropriation of trade secrets. Trade secrets on the Internet may be lost at the click of the mouse and must be protected by measures to guard the secrecy of information transmitted. Some of the first cyberlaw cases involved litigation to vindicate the misappropriation of trade secrets. The first online trade secrets cases arose out of the Church of Scientology’s attempt to enjoin further distribution of church doctrine on web sites. In one case, the Church of Scientology filed suit against the Washington Post for publishing portions of Scientology doctrine entitled “Advanced Technology,” which were claimed as trade secrets. The federal district court denied injunctive relief finding that the defendants’ actions were protected by the fair use doctrine of federal copyright law and that the disputed documents were no longer a trade secret as they had already been posted on the Internet.
Trade secrets in the online world deserve the same protections as in the bricks-and-mortar world. Internet trade secrets are particularly vulnerable because the interconnected system of computers makes it possible for hackers, ex-employees, and experts in corporate espionage to steal information without leaving physical evidence. The Internet economy is known for a rapid turnover in employees, and online companies face the constant danger that an ex-employee will misappropriate trade secrets for use in a competitor’s business. For example, Monster.com recently settled a trade secret lawsuit against its former president and eighteen ex-employees who left the company to join a rival Internet company.
The misappropriation of trade secrets is a popular cause of action to protect the intangible assets of companies connected to the Internet. In DoubleClick, Inc. v. Henderson, several employees of a prominent Internet advertising company planned to leave in order to form a dot-com startup. DoubleClick confiscated one of the employee’s laptops and found information on the hard drive, including e-mails and future business plans that provided evidence suggesting the misappropriation of trade secrets.
Punitive damages are increasingly used as a corporate tool to punish and deter competitors that misappropriate trade secrets. The Uniform Trade Secrets Act (“UTSA”) provides a wide array of remedies for trade secret misappropriation, including preliminary injunctive relief, monetary damages, lost profits, consequential damages, lost royalties, and attorneys’ fees. Section 3 of UTSA also gives the court the power to award “exemplary damages in an amount not exceeding twice any award.”
In October 2003, the Internet Truckstop, a web site devoted to improving efficiencies in freight services, received a $120,000 punitive damages award against a competitor, Getloaded.com for the theft of trade secrets. The judge imposed punitive damages after the jury found Getloaded.com liable for hacking into Internet Truckstop’s computer system and misappropriating computer codes and other trade secrets.
In yet another case, a California court imposed $2.25 million in punitive damages and $4.3 million in compensatory damages against a Seattle firm for misappropriating an Internet company’s technology for pop-up ads. The defendants, who were in the business of selling cameras, used the plaintiff’s pop-up technology to feature “cameras trained on scantily clad women.” The plaintiffs charged the defendant with failing to pay online advertising revenues and with misappropriating client lists that were used to start the defendant’s own company.
In general, large, established companies prevail in cybertort cases against smaller rivals, startups, or web sites. Punitive damages have been imposed in questionable business torts cases where the evidence of aggravated circumstances was weak or non-existent. The typical domain name dispute is a control struggle between an established trademark owner and an Internet entrepreneur who has registered a domain name containing the same trademark.
ii. Punitive Damages and Domain Name Warfare
Domain name disputes typically arise when the registrant, in an effort to attract Internet users, obtains the right to use a domain name that is substantially similar or identical to the trademarks or the name of a famous company or person. The impact on the trademark owner’s business may be dramatic because of the confusion created by a misleading domain name address.
In Kremen v. Cohen, ex-convict Stephen Cohen forged a letter to a domain name registrar, Network Solutions, claiming it was a letter he received from Online Classifieds. The forged letter tricked the registrar into assigning Kremen’s rights to the domain name, sex.com, to Cohen. Cohen’s letter “claimed the company had been ‘forced to dismiss Mr. Kremen,’ but ‘never got around to changing our administrative contact with the internet registration [sic] and now our Board of directors has decided to abandon the domain name sex.com.”’ Judge Alex Kozinski observed:
Despite the letter’s transparent claim that a company called “Online Classifieds” had no Internet connection, Network Solutions made no effort to contact Kremen. Instead, it accepted the letter at face value and transferred the domain name to Cohen. When Kremen contacted Network Solutions some time later, he was told it was too late to undo the transfer. Cohen went on to turn sex.com into a lucrative online porn empire.
Kremen filed a lawsuit against the perpetrator of the fraud as well as an action for conversion against the registrar for permitting the fraudulent transfer of sex.com. The district court concluded that the letter had been forged, and accordingly, directed the defendant to return the domain name to Kremen. The court also invoked the constructive trust doctrine as well as California’s unfair competition statute and ordered disgorgement of the defendant’s profits. The evidence was undisputed that Cohen had forged the letter, whereby the owner, Kremen, through his housemate, purportedly transferred the “sex.com” domain name. The district court, however, ruled that the registrar was not liable since domain names could not be converted. The Ninth Circuit reversed, holding that Network Solutions could be held liable for conversion in transferring Kremen’s domain name to a con artist since California’s law of conversion covers the theft of intangibles. However, the defendant fled to Mexico, thumbing his nose at the court by secreting his assets in offshore locations beyond the reach of process.
In Simon Property Group, L.P. v. mySimon, Inc., Simon Property Group (“SPG”), a bricks-and-mortar company that designed and managed shopping malls, brought suit against mySimon, a dot-com company that had launched a web site in October 1998. Six months after mySimon’s launch, SPG started “a corporate ‘branding’ campaign to inform consumers that it owned and managed certain shopping malls,” although it had never considered such a campaign necessary in its 40 years of existence. “SPG demanded that mySimon stop using the ‘mySimon’ name,” but the dot-com refused. SPG filed a trademark infringement lawsuit under the Lanham Act as well as business tort claims under Indiana state law.
The gravamen of SPG’s claim was that it had exclusive rights to the “Simon” name, and therefore, “that mySimon’s name, Web address, and cartoon mascot named ‘Simon’ infringed on its rights.” The appeals court noted that SPG presented weak evidence that the “‘Simon’ name had attained secondary meaning or that consumers were likely to confuse SPG with mySimon.” MySimon presented a highly probative consumer survey “demonstrating that there was no likelihood of confusion between mySimon and SPG.” Despite this compelling defense to SPG’s claim of trademark infringement, the jury handed down an $11.5 million compensatory damages award against mySimon, even though the record showed that mySimon had not yet earned profits. The jury also awarded $5.3 million for corrective advertising and $10 million in punitive damages. Finally, the court permanently enjoined mySimon from using or incorporating the terms “Simon” or “my Simon” in any Internet site and from using its “Simon” cartoon mascot on its web site.
However, the trial judge “found that requiring mySimon to change its name provided sufficient relief,” and therefore, reversed the $11.5 million damages award. The judge also reduced the $10 million punitive damages award to $50,000 as required by Indiana’s tort reform statute. Finally, the judge “ordered a new trial on the corrective advertising issue, subject to SPG’s acceptance of a remittitur to nominal damages of $10.” The Seventh Circuit dismissed SPG’s appeal on the grounds that the company had “voluntarily abandoned its quest for a preliminary injunction after the district court denied its TRO motion,” and because “[t]he potential threat to SPG’s name [was] questionable.” In this case, the court apparently found that the corporate plaintiff was “pushing the envelope” in using punitive damages to protect its rights and defend its market position.
iii. Protecting Corporate Reputations in Cyberspace
Bitter disputes arise over the use of the Internet to impugn the reputation of companies by posting allegedly false information. In Amway Corp. v. Procter & Gamble Co., Amway brought suit against Procter & Gamble (“P & G”) after a third party published on the Internet a complaint P&G had filed in another case. P & G’s posted complaint contained allegedly defamatory statements about Amway, its officers, and its business practices, asserting that Amway was operating as an illegal pyramid scheme. The district court granted P & G’s motion for summary judgment and found that Michigan’s Reporting Privilege protected the accurate posting of the publicly available court documents. The Sixth Circuit affirmed the dismissal, finding that even if the statements in the original document were defamatory, their publication on the Internet did not constitute an additional act of libel on P & G’s part. Disputes between business competitors over Internet activities may amount to legal warfare. The Sixth Circuit observed that the “hate-filled history between P & G and Amway would take a writing as long as both the Old and New Testaments and involve at least one of the Good Book’s more prominent players.”
The Internet makes it easy to falsify return e-mail addresses, allowing web site posters to defame corporate actors anonymously. The corporate plaintiffs are sometimes forced to subpoena ISPs in order to discover the identity of these John Doe defendants. The use of John Doe subpoenas to unveil Internet corporate critics creates a conflict between tort law and the rights of free speech.
A California company and two of its executives filed a libel and invasion of privacy-based lawsuit against two ex-employees who posted a series of messages on an Internet bulletin board devoted to the company’s publicly traded stock. The offending “messages maligned the company’s products and suggested that the two executives were incompetent and dishonest and that one of them, a woman, might have obtained her position by having sex with a supervisor.” A California jury found the ex-employees liable for invasion of privacy, libel, breach of contract, and conspiracy, and awarded $425,000 in general damages and $350,000 in punitive damages. The trial judge enjoined the defendants from posting additional defamatory information. It is becoming clear that corporations are using punitive damages as a form of self-help to protect their intellectual property and intangible assets, and to punish trade libel.
6. Punitive Damages Are Assessed Against Corporate Mice Not Elephants
a. Small Companies Comprise the Largest Category of Cybertort Defendants
Table Six suggests that small companies are more likely to be defendants in cyberspace tort cases than large or medium corporations. A total of 47% (N=23) of the punitive damages defendants were either small online companies or web sites. Medium-sized companies were defendants in only five cyberlaw cases in which punitive damages were awarded. Of the five cases, three awards were in favor of employees of that corporation. Of the remaining two awards assessed against medium-sized companies, one award was to another medium-sized company and the other to a national company. No small company prevailed against a medium-sized company in a decade of cyberlaw cases. The pattern suggests that small online companies are frequently targeted in punitive damages litigation. Still, the overall numbers of punitive damages awards are low. It is suprising that there would be less than fifty successful punitive damages claims in a decade of Internet boom. It is quite likely that there may be additional barriers to litigating in cyberspace. Even powerful corporate actors such as America Online or Microsoft may find it difficult to pursue elusive defendants in cyberspace. The cases that did not result in punitive damages or that were never even brought because of barriers to litigating in cyberspace are the really interesting aspects implied by Table Six.
The Internet allows anonymous communications that are virtually impossible to trace through Internet nodes. Cyber-tortfeasors frequently use false e-mail headers and anonymous remailers to make it difficult to retrace the steps of wrongdoing. Computer records are easy to alter and it is likely that spoliation of electronic evidence is widespread. Internet fraud is frequently launched from an offshore haven. For instance, the large numbers of Nigerian bank fraud schemes are hard to control because the perpetuators are located in West Africa.
b. Punitive Justice Against Infringing Mice
The metaphor of Internet “elephants” and “mice” developed by Peter Swire is helpful in understanding the large number of cyberlaw wrongdoers who escape punitive justice. Professor Swire defines corporate “elephants” as “large organizations that have major operations in a country. Elephants are powerful and have a thick skin, but are impossible to hide. They are undoubtedly subject to a country’s jurisdiction.” In other words, when a corporate elephant such as a national corporation commits wrongs in cyberspace, there will frequently be assets to attach and officers to receive process. For example, companies like AOL, Amazon.com, eBay, and Yahoo! are classified as “elephants” because they are subject to regulation everywhere. On the other hand, “mice” are the exact opposite.
Even when a prevailing plaintiff wins a large punitive damages award, collecting it is a different matter. Collecting a punitive damages award is difficult because a number of wily Internet mice either fail to make an appearance, file bankruptcy, or simply disappear after the plaintiff obtains a judgment. Default judgments outnumbered cases decided by juries in the larger cybertort dataset. The plaintiffs in cases against Internet mice have almost no chance of collecting their judgment. In John Does v. Franco Productions, forty-six young men were awarded $506 million against Franco Productions and Internet Distributors for compensatory and punitive damages in a case in which the defendants secretly filmed college athletes and sold the videotapes on the Internet. The defendants secretly videotaped college athletes in locker rooms, restrooms, and showers. The tapes carried names like “Straight Off the Mat” and “Voyeur Time,” and depicted hundreds of young athletes who had unknowingly been photographed in various degrees of nudity. However, since the primary defendant was likely offshore, and thus failed to make an appearance to defend the action, this multi-million dollar award is largely symbolic.
An Internet company “can reopen immediately after being kicked off of a server or can move offshore.” As Professor Swire notes, “Mice breed annoyingly quickly–new sites can open at any time.” When “harm over the Internet is caused by mice, hidden in crannies in the network, traditional legal enforcement is more difficult.” The large number of default judgments in cyberlaw reflects the reality that it is easy for web sites to disappear or assets to be transferred. The next subsection illustrates how large corporate actors (“elephants”) are in a better position to litigate against elusive web site wrongdoers (“mice”) than are consumers.
In the cyberlaw sample, corporate elephants were seldom defendants in punitive damages litigation. From the beginning of cyberlitigation, it has been the large corporate elephants that have prevailed in lawsuits against mice. In the field of intellectual property law, it is the owners of famous trademarks and trade names who frequently file lawsuits against small companies. Playboy Enterprises, for example, has the legal resources to file intellectual property lawsuits to protect its trademarks and copyrighted images in cyberspace. Internet elephants frequently enjoy advantages as repeat players in cyberlitigation. In many cases, only the corporate elephants have the legal resources to vindicate their rights. Playboy Enterprises is a good example of a major cyberlitigator who frequently files lawsuits to protect its corporate name and intellectual property rights. Frequently, the corporate elephant is litigating against smaller companies, some of which are located in foreign venues.
The overall problem that there are too few punitive damages awards in cyberspace appears to be due to the huge costs involved in tracking down anonymous wrongdoers. It is likely that few consumers have the technical expertise to determine who is tracking their click-streams, unleashing viruses, or sending fraudulent offers. The small number of punitive damages cases may be partially explained by the fact that defendants may be mice who are difficult to trace. In traditional torts, it is generally not a problem to determine the identity of a wrongdoer. In contrast, cyber-tortfeasors are not physically present at the scene of the misdeed. Computers can be the target of a tortious act, such as when information is misappropriated from a database or a computer network. Furthermore, a network or web site may be the target of viruses or vandalism that constitutes a property tort.
Owners of famous trademarks such as Playboy, Mattel, Victoria’s Secret, and America Online have been successful litigants in cyberspace because of their superior legal resources. These companies have used the courts to not only vindicate their traditional rights against Internet mice but also to expand intellectual property protections in this new medium. In many cases, large national enterprises were filing lawsuits against companies that existed only in cyberspace. In Playboy Enterprises, Inc. v. Webbworld, Inc., for example, a web site was found liable for copyright infringement for offering a subscription service to adult images protected by copyright.
Mice, on the other hand, have far more flexibility and can disappear at the click of a mouse or seek an offshore haven. The anonymity of individual Internet users makes it easy to commit civil wrongs without consequence. Enforcement by individuals is frustrated by the ease with which individual users may simply disappear from cyberspace. Individuals subject to various cyberspace laws or controls may simply “‘exit’ from the regime defined by those laws.”
An Italian designer, Alfredo Versace, for example, was enjoined from marketing clothing and other items in the United States because the federal court ruled that he was using trademarks confusingly similar to trademarks registered by the famous designer, Gianni Versace. Undeterred by the federal court order, Alfredo simply used offshore Internet sites to advertise and distribute his products in the United States.
c. Anti-Spam Initiatives Against Online Mice
Punitive damages lawsuits against commercial e-mailers accounted for approximately 10% of all awards. In every punitive damages award, it was the ISP, rather than the consumer, who won punitive damages, even though the injuries were suffered primarily by consumers through spam e-mail. For example, an unsolicited bulk e-mail health solicitation was sent to millions of AOL subscribers stating: “The answer to cancer has been know [sic] for years. This website proves that eating inexpensive apple seeds and/or apricot seeds completely cure [sic] most cancers. The theory also states that by eating just a few seeds per day will [sic] 99.95% guarantee that you will never develop cancer.” The commercial e-mail messages made unsubstantiated claims regarding their “cancer cures” and typically directed recipients to a web site where they could purchase products such as Laetrile, a videotape, and a book promoting the defendant’s cancer treatment.
In the vast majority of the cases, it is the ISP rather than the consumer who seeks punitive damages and other relief against the spammer. AOL, for example, “has undertaken various technical efforts to permit its members to opt out of receiving messages from domains and IP addresses that are or have been the subject of member complaints regarding unsolicited bulk e-mail.” However, the wily spammer continually develops new methods for bypassing ISP controls. The spammer transmits e-mail “from multiple and varying domains, employ[s] random and varying user names, relay[s] their messages through the servers of innocent third parties, or falsif[ies] the headers on their e-mails to indicate that their messages are from domains that AOL does not filter (e.g., ‘msn.com’ or ‘aol.com’).” Despite the best efforts of the ISP community, computer systems are unable to detect and filter much of the tidal wave of unsolicited bulk e-mail targeting consumers.
This tidal wave of spam has greatly increased the costs associated with running an ISP. For example, a director of one ISP claimed “that [spam] [had] added 500 percent to 700 percent to the ISP’s costs over nearly three years.” Punitive damages are increasingly being used by large ISPs in punishing and deterring the widespread social problem of spam e-mail. Amazon.com, for example, has recently filed lawsuits seeking punitive damages against eleven e-mail marketers who spoofed the company’s e-mail addresses. The e-mail forgeries were “promoting, among other things, home appliances and penis enlargement.”
In one case, a California software manufacturer was sued for deceptive business practices in a Washington class action. The software vendor used deceptive Internet advertising banners that impersonated computer error messages with “headings that read ‘security alert,’ ‘warning’ and ‘message alert,’ with messages that include[d]: ‘you[r] computer is currently broadcasting an Internet IP address. With this address, someone can immediately begin attacking your computer.”’ Internet users receiving this message were urged to click “OK” to the message. Allegedly, “viewers who click an ‘OK’ button [were] forwarded to a commercial Web site promoting Bonzi software for preventing Internet intrusions or speeding up Internet connections.” The lawsuit, filed on behalf of consumers in eight states, was settled when the company agreed to label its “security alert” as an advertisement.
In a typical day, the average consumer has an e-mail inbox full of offers to make fast money. ISPs such as America Online seek to enjoin these unsolicited advertisements to their millions of subscribers by arguing that these unwanted messages trespass upon their personal property. Consequently, ISPs such as America Online were the first to employ punitive damages as an anti-spam remedy. A large service provider such as AOL suffers damages due to spammers’ use of false return addresses. In responding to subscriber complaints regarding spam e-mail, AOL incurs costs in wasted bandwidth, traffic slowdowns, decline in user productivity, and time.
America Online employs punitive damages to punish those who flood their subscribers with unwanted e-mail. In America Online, Inc. v. National Health Care Discount, Inc., the court found that the spammer’s e-mail actions constituted a trespass to chattels as well as a violation of state and federal computer abuse laws. The court calculated damages by charging the spammer $2.50 per thousand pieces of spam for a total of $337,500.
In yet another case, America Online, Inc. v. Prime Data Systems, Inc., the court entered a default judgment granting a permanent injunction and awarding compensatory and punitive damages. The court found that the mass e-mailer’s conduct warranted the “imposition of punitive damages both to punish defendants’ conduct and to deter others’ tortious behavior that threatens the vitality of Internet e-mail communication.” The magistrate judge set the level of punitive damages at “three times AOL’s proven per-message cost of $.00078.” Thus, punitive damages were assessed at a rate of $.00234 per message. The court found that the punitive damages assessed were consistent with treble damages authorized by state and federal statutes for aggravated misconduct. However, the Prime Data court was forced to reduce the punitive damages award due to a 1988 tort reform statute that required judges to reduce awards to the upper limit of $350,000.
Fraudulent uses of unsolicited commercial e-mail victimize millions of Internet users. Accordingly, ISPs have filed hundreds of lawsuits seeking punitive damages to punish spammers, but tort law is just beginning to accomplish this goal. Even a corporate elephant such as America Online must muster substantial resources to successfully litigate against elusive spam e-mailers who engage in such deceptive practices as falsified or redirected addresses.
Despite the havoc that spam creates for Internet consumers, no individual plaintiff has ever won a victory against a spammer outside of small claims court judgments. A Pennsylvania court expressly ruled that the federal Telephone Consumer Protection Act could not be used by consumers to punish and deter the sending of solicited commercial e-mail.
The CAN-SPAM Act of 2003 that went into effect on January 1, 2004 prohibits consumers and ISPs from filing lawsuits against spam e-mailers under the federal statute. Section 7 of the CAN-SPAM Act provides for exclusive enforcement by the FTC and certain other agencies, rather than by ISPs or consumers. State attorneys general are not permitted to file anti-spam lawsuits if there is a pending federal civil or administrative enforcement action by the FTC. Furthermore, the new federal anti-spam statute preempts all state anti-spam legislation, even those that provide consumers with a cause of action against commercial e-mailers. A number of states enacted anti-spam statutes that permitted consumers to sue e-mail senders who used misleading subject lines, transmission paths, or third-party domain names without permission. In 2001 alone, anti-spam statutes were introduced in twenty-six states, and each of these statutes is preempted by CAN-SPAM. The nationalization of anti-spam legislation further marginalizes the role of consumers in directly redressing abuses due to unsolicited e-mail. In the end, commercial e-mailers will no longer be subject to consumer lawsuits under state anti-spam statutes.
7. Punitive Damages Are Low-Ratio Awards Often Lower Than Compensatory Damages
In State Farm Mutual Automobile Insurance Co. v. Campbell, the U.S. Supreme Court struck down a $145 million punitive damages award on the grounds of substantive due process. The Court observed that “[c]ompensatory damages ‘are intended to redress the concrete loss that the plaintiff has suffered by reason of the defendant’s wrongful conduct”’ whereas “punitive damages . . . are aimed at deterrence and retribution.” The Court’s constitutional analysis of punitive damages requires the plaintiff to make a showing that the defendant’s misconduct is sufficiently reprehensible in order to satisfy due process. The Court’s recent opinion articulating specific guidelines in reviewing the excessiveness of high-ratio punitive damages awards should have little impact on cyberlaw awards. The Court held that a jury’s award of punitive damages of $145 million and compensatory damages of $1 million (145:1) was unconstitutionally excessive. The Court came close to stating a per se rule that extreme ratios are presumptively unconstitutionally excessive. Punitive damages in cyberspace are often much smaller in proportion to the compensatory damages. In 53% of the cyberlaw awards, the punitive component of the verdict was actually less than the compensatory damages. In only six instances (12%) were punitive damages three or more times greater than the compensatory award.
Table Seven confirms that there is no problem with skyrocketing punitive damages in cyberspace. The function of punitive damages in the first decade of Internet litigation was generally to assist companies in protecting their rights and consolidating control of the Internet. The traditional role of punitive damages in products liability, premises liability, medical malpractice, and other substantive fields is to provide consumer protection. In cyberspace, consumers were conspicuously missing from the punitive damages equation. Courts have been reluctant to impose legal duties on corporate defendants for inadequate Internet security and for preventing third parties from unleashing viruses, hacking, or stealing consumer information. Furthermore, courts have yet to extend products liability standards to computer software or web sites.
8. Punitive Damages Were Rarely Appealed By Defendant
Table Eight reveals that relatively few judicial adjustments were made to punitive damages in cyberspace cases. No appeal or post-verdict adjustment occurred in thirty-seven of the forty-nine cyberlaw punitive damages awards. One reason for so few adjustments is that the ratio of punitive to compensatory damages is generally proportional or lower. The median punitive damages award was only 82% of the size of the compensatory damages, with a mean award only 1.7 times the size of the compensatory component.
Interestingly, defendants who actually challenged punitive damages were frequently successful in getting a reversal or remittal of the award. In the twelve cases where a judicial modification occurred, the trial judge reduced or reversed the punitive damages awards in four instances. Of the eight punitive damages awards reviewed by appellate courts, six verdicts were reduced or reversed. The small number of appeals can be explained by the large number of default judgments in the sample as well as the large number of low ratio awards discussed above. For example, in many of the high profile punitive damages cases, the primary defendant disappeared with a click of the mouse, and for several of the largest punitive damages awards, the Internet mice disappeared or defaulted.
In a few cases, punitive damages in favor of large corporate actors were capped or limited by tort reforms that were originally enacted to protect companies. The traditional critique of punitive damages is that large corporations suffer at the hands of “jackpot juries.” The tort reform movement to limit punitive damages arises from the perception that it is the corporations that are victimized by greedy individual claimants and their lawyers. In 2003 alone, the corporate community convinced legislators in seventeen states to file proposed statutes limiting punitive damages as well as the doctrine of joint and several liability.
One of the unanticipated consequences of tort reform is that it may end up hurting its corporate advocates. The business community in Texas, for example, viewed then governor George W. Bush as “the right man to break the back of the litigious culture in the Lone Star State.” As Governor of Texas, Bush “signed seven major bills into law, including ones that capped punitive damages at no more than twice actual damages plus $750,000.” In his State of the Union address in January 2003, President Bush noted the importance of enacting federal tort reforms. However, legal backfire, or the law of unanticipated consequences, posits “that a [new] law produces or will produce results directly contrary to one or more of those intended. Legal backfire claims are pervasive, yet potentially misleading and harmful argumentation used primarily to undermine existing law (or policy) or to forestall the enactment of new law.”
Any new technology will frequently produce legal backfire because social changes inevitably impact legal institutions in entirely unpredictable ways. The legal backfire from tort reform is that it impairs the corporate community’s ability to vindicate its rights in cyberspace. Corporate tort reformers paint the “image of a monstrously destructive civil justice system” that is sapping American productivity and competitiveness. Many of the tort reform arguments could be applied with more validity to large corporate stakeholders using litigation to enclose the Internet commons. “Neo-conservatives often employ the theme of a ‘culture of victimization gone wild’ to ridicule [individual] plaintiffs seeking” redress for personal injury. The general public is amused, angered, and perplexed by accounts of loony tort filings publicized by tort reformers. However, many of the widely disseminated tort stories are totally false or presented in a misleading and pejorative fashion.
The corporate opponents of punitive damages portray the civil justice system “as greedy vulture lawyers against poor oppressed businesses.” Ironically, it appears that corporations are actually using punitive damages as a tool to protect their rights in cyberspace. In the tort reform debates, corporate America is not seeking limitations on punitive damages in this area. If punitive damages are evolving as a corporate sword rather than as a shield in cyberspace, the tort reformers may wish to revise their demands to eliminate or cripple the remedy.
Tort reform has played a role in capping punitive damages sought by companies. In the Simon Property Group case discussed earlier in this Article, the trial judge reduced a punitive damages award for a state unfair competition claim from $10 million to $50,000. As the court explained, “Indiana law limits punitive damages to the greater of $50,000 or three times compensatory damages.” In a Virginia case, a federal court awarded the plaintiff $675,000 including $350,000 in punitive damages, that state’s upper. The Virginia cap of $350,000 has also limited punitive damages awards to America Online in their cases against spammers.
Cyberspace punitive damages flip the historic role of punitive damages in which individuals normally filed suit against powerful companies. The typical plaintiff in Internet punitive litigation is a large corporation suing a defendant in the dark side of the Net. Internet defendants are typically cybersquatters, online pornographers, spammers, or anonymous critics located in an offshore haven.
Few legislators who supported tort reform could have anticipated that tort reform would handcuff information-industry leaders such as America Online, eBay, and Amazon.com in punishing and deterring spammers and other Internet predators. Lord Devlin approved a large punitive damages award in an aggravated assault case observing that one should think of punitive damages as “a fine which has to hit the defendant hard if he has disregarded the rights of others and show that that sort of conduct does not pay.” Punitive damages “should reflect ‘the enormity of [the defendant’s] offense”’ rather than some arbitrary ratio of punitive damages to compensatory damages. The deterrent power of punitive damages is significantly eroded when Internet wrongdoers can compute the cost of wrongdoing in advance.
The next part of this Article explains why punitive damages have yet to develop in cyberspace and why they are necessary to fortify existing consumer protection in cyberspace.
II. EXTENDING PUNITIVE DAMAGES TO INTERNET CONSUMERS
Internet-related consumer fraud complaints skyrocketed from 49,957 to 75,063 from 2001 to 2002. Forty-six percent of the Internet fraud complaints were for losses from online auction fraud with a median loss of $320. The non-delivery of goods accounted for just under a third of complaints with a median loss of $176. Consumer confidence in cyberspace is impaired by worries about the lack of information security, data protection, confidentiality, and the failure of web merchants to deliver goods and services in a timely manner. The Internet is a borderless medium, which makes it imperative that consumers have “access to the legal system and courts in their own country [as] an essential part of consumer confidence[.]”
The FTC is the most active Internet enforcer, but even this pro-active agency lacks the necessary resources to patrol cyberspace. It is as if the FTC is trying to hold back a tidal wave of cyberfraud with a broom. The FTC is seeking to increase efforts in Internet-related enforcement, such as the regulation of e-mail list marketing, online auction practices, and e-mail sending software.
Hardly a day goes by without new media reports of consumers harmed in cyberspace, yet punitive damages in Internet cases are rare. Punitive damages awards, sometimes called exemplary, vindictive, penal, or retributory damages, are designed to punish and deter. Section 908(2) of the Restatement (Second) of Torts provides that “[p]unitive damages may be awarded for conduct that is outrageous, because of the defendant’s evil motive or his reckless indifference to the rights of others.” Consumers are harmed every day in Internet chat rooms, news groups, and computer bulletin boards by conduct that calls for the deterrent hammer of punitive damages. Online chats may seem informal and relaxed, but an online posting in a chat room or on a web site may become the basis of a defamation lawsuit. Few consumers have the resources to vindicate their rights in the online world.
A. Why Punitive Damages Have Not Developed For Consumers
1. CDA Immunity Breeds Irresponsibility
The most significant reason why there are so few consumers using the remedy of punitive damages in cyberspace is the blanket immunity granted ISPs by Congress. One of the unintended consequences of 42 U.S.C. § 230, the Communications Decency Act of 1996 (“CDA”), is that it immunizes unfair, deceptive, and predatory practices in cyberspace. One of the statutory purposes of § 230 was to protect the “infant industry” of online service providers, such as America Online, CompuServe, and Prodigy, from tort liability arising out of postings by customers. Section 230 of the CDA immunizes ISPs for torts committed by subscribers and third parties. The long-term consequence of § 230 is to grant blanket immunity to ISPs for many torts in cyberspace. The courts have extended ISP immunity to nearly every conceivable information-related tort, including invasion of privacy, and negligence. The result has been that ISPs have prevailed in nearly every tort-related case in the last decade. This broad immunity lessens the incentive for ISPs to develop technologies that will detect or control third party wrongdoing on their systems.
Courts have extended the impact of § 230 by insulating defendants from an even greater range of tort-based lawsuits filed by consumers. In Doe v. GTE Corp., a court dismissed an action against an ISP that “provided web hosting services to [pornographic web] sites such as ‘youngstuds.com’ at which the hidden-camera videos were offered for sale.” The ISP did not produce or sell the tapes but “provided the usual package of services that enables someone to publish a web site over the Internet.” The package of services that GTE provided the X-rated company consisted of:
(1) static IP (Internet protocol) addresses through which the web sites may be reached (a web host sometimes registers a domain name that corresponds to the IP address); (2) a high-speed physical connection through which communications pass between the Internet’s transmission lines and the web sites; and (3) storage space on a server (a computer and hard disk that are always on) so that the content of the web sites can be accessed reliably. The advertisements for the X-rated tapes passed over GTE’s network and were stored on its servers. However, the federal district court held that GTE was entitled to immunity under § 230(c)(1). The court reasoned that this section was not only a definition but also served as immunity in blocking “civil liability when web hosts and other [ISPs] refrain from filtering or censoring the information on their sites.” The Seventh Circuit affirmed the finding that GTE was neither a publisher nor a speaker and therefore it was immunized under § 230.
In Barrett v. Rosenthal, a California appeals court became the first U.S. court to hold that § 230 does not immunize an ISP who republishes defamatory statements authored by a third party after acquiring knowledge that the statements were false. The plaintiffs, Dr. Polevoy and Dr. Barrett, were two medical doctors “primarily engaged in combating the promotion and use of ‘alternative’ or ‘nonstandard’ healthcare practices and products.” The plaintiffs maintained Internet “[w]eb sites that expos[ed] ‘health frauds and quackery’ and provid[ed]” consumers with information about health care alternatives.
One defendant, Rosenthal, was an alternative health practitioner who reprinted and distributed a number of false accusations about the plaintiffs. The defendant’s web postings accused the two doctors of running a “Slea[z]y ‘Quackbuster’ Scam.” Dr. Polevoy was accused of stalking women and being a quack. The defendants refused to retract the statements and the plaintiffs filed suit for libel, conspiracy, and libel per se. The trial court struck down their complaint on the grounds that it violated California’s anti-SLAPP statute. The trial court also ruled that § 230 protected the defendant from liability and that the defamation claims were not supported by sufficient proof that the plaintiffs suffered monetary losses. The appellate court affirmed the application of the anti-SLAPP statute as to Dr. Barrett, but not as to Dr. Polevoy. The appellate court also ruled that the trial court erred in requiring Dr. Polevoy to prove damages since the defamatory language posted on the web site was libel per se.
The court ruled that the federal immunity of § 230 was inapplicable since Rosenthal was a “user of an interactive computer service” and a primary publisher who was strictly liable for libelous statements. The court ruled that § 230 does not “abrogate the common law principle that one who republishes defamatory matter originated by a third person is subject to [distributor] liability if he or she knows or has reason to know of its defamatory character.” The court refused to follow a Fourth Circuit opinion that § 230 “immunized providers and users of interactive computer services from liability not only as primary publishers but also as distributors.” The court reasoned that providers or users who knowingly distribute defamatory materials produced by third parties should be subject to liability. The court noted that § 230, on its face, did not clearly address whether Congress intended to overthrow the well-established common law principle of distributor liability. However, after a review of the legislative history, the court observed that the survival of distributor liability was consistent with § 230.
It may be that the Barrett case is ushering in a new era when courts will begin to retrench and reform § 230 to the balance between immunity and tort responsibility. The court in Barrett compared the “lack of clarity as to the boundary of the immunity [in the CDA to] the specificity of the immunity granted under the Digital Millennium Copyright Act” (“DMCA”). It may be proper to grant immunity for publishing content supplied by third parties; however, it is improper to extend that liability to transmitting knowingly libelous statements. Congress should make it clear that distributorship liability may be imposed for transmitting defamatory statements after acquiring notice. Congress could, for example, enact safe harbor provisions that parallel the intermediary liability standards of the Digital Millenium Copyright Act. One promising reform would be to implement a “take-down” policy like the one Congress enacted in the DMCA. The DMCA’s safe harbor provisions, unlike § 230 of the CDA, balance freedom of expression against copyright infringement.
The DMCA limits the potential liability of ISPs only if they satisfy the safe harbor provisions. With few exceptions, a party satisfying the requirements for one of the safe harbors cannot be liable for monetary, injunctive, or other equitable relief. A reconstructed § 230 of the CDA would only grant ISP tort immunity if it fulfilled the requirements for a safe harbor. An ISP could, for example, be immune from tort liability unless it knew or should have known that the tortious activity was occurring on its system and aided in the accomplishment of the direct tortfeasor’s purpose by allowing the postings to continue.
2. Internet Usage of Trade That Waives Consumer Protection
a. Adhesive Internet Consumer Contracts
Another significant reason why punitive damages have not yet evolved to protect consumers in cyberspace is because of contracts of adhesion. Consumers are largely foreclosed from the possibility of seeking punitive damages by adhesive license agreements and web site terms of service agreements. The U.S. Internet and software industry universally require consumers to waive any meaningful warranties and tort remedies and to agree to litigate disputes in distant and inconvenient forums.
i. Internet Choice of Forum Clauses
“Choice of forum” is a contractual provision that predetermines the judicial or arbitral forum in the event of a dispute arising out of an Internet or web site agreement. For example, Disney requires all disputes to be decided in a state or federal court located in Los Angeles County, and Nokia requires disputes to be submitted to an arbitrator in Finland. In addition, America Online’s forum selection clause for its members provides that “‘exclusive jurisdiction for any claim or dispute with AOL or relating in any way to your membership with or your use of AOL resides in the courts of Virginia.”’
ii. Internet Choice-of-Law Clauses
Internet merchants use choice-of-law clauses to predetermine the legal remedies that apply for disputes involving the online contract. Dell Financial Services, for example, requires that the law of Texas govern all claims relating to its web site. The Alturian GPS Software web site applies the law of Belgium in the event of disputes. The licensing agreement of RealNetworks, Inc. requires consumers to resolve all disputes before binding arbitration applying Washington state law.
If, for example, a consumer violated the RealNetworks license agreement by exceeding the scope of its use restrictions, the company could seek an injunction in federal court, a right not granted to consumers. United States courts have been inclined to enforce Internet or software license agreements with terms inimical to consumer welfare such as pro-vendor forum selection clauses, anti-warranties, and limitations of remedies. In general, courts have been willing to enforce Internet contracts so long as the user has an opportunity to review the terms of the contract and manifest assent to the license agreement. During the 1990s, companies were able to avoid many contractual disputes with consumers by convincing courts to enforce one-sided choice-of-law provisions and other adhesive Internet contracts.
The U.S. market-based approach assumes that it is enough consumer protection for Internet merchants and software vendors to simply make adequate disclosures that the consumers are waiving their legal rights and remedies. The theory underlying “adequate disclosure” is that consumers will choose vendors with more favorable license terms. However, this is not possible in the Internet industry where consumers are required to waive their rights and remedies. The practical reality is that consumers have no legal recourse against Internet merchants.
It is improbable that a U.S. consumer will opt to file a claim that must be filed across the country or in an overseas venue. “[R]equiring consumers to travel to a foreign and oftentimes remote forum to seek redress in an unfamiliar legal system . . . would in many cases effectively deny consumers access to judicial redress.”
The Internet challenges choice-of-law principles because it “is not a physical or tangible entity, but rather a giant network which interconnects innumerable smaller groups of linked computer networks.” Punitive damages arising out of consumer transactions in cyberspace will be stillborn if U.S. courts continue to enforce choice-of-law and forum-selection clauses. Punitive damages cannot develop if choice-of-law and forum clauses are considered to be “prima facie valid and should be enforced unless enforcement is shown by the resisting party to be ‘unreasonable’ under the circumstances.”
b. Waiver of Internet Consumer’s Right to Seek Tort Remedies
A Dilbert cartoon lampoons these adhesion contracts by depicting a licensee who unwraps the shrink-wrap only to learn that he has become Bill Gate’s towel boy. In the cartoon, Dilbert states, “I didn’t read all of the shrink-wrap license agreement on my new software until after I opened it. Apparently, I agreed to spend the rest of my life as a towel boy in Bill Gates’ [s] new mansion.” Shrink-wrap and web-wrap contracts are standard form contracts for the electronic age. The standard form contract dominates cyberspace just as it dominates every other domain of everyday life.
In the typical mass-market license agreement, consumers routinely waive their right to seek punitive damages and foreclose the possibility of all but the most limited remedy under the UCC. Online users are offered “take it-or-leave it” web-wrap or terms of service consumers agreements that foreclose the possibility of punitive damages and any other tort remedy. Nearly every Internet merchant dictates the choice-of-law as a condition for accessing its services or using its goods. No consumer negotiates with Bill Gates or Jeff Bezos in the Internet economy. Requiring consumers to waive their rights to a jury trial is a controversial practice because the Internet industry is unwilling to give even the most rudimentary implied warranties of quality. One can read thousands of click-stream, click-wrap, shrink-wrap, and terms of service agreements and never find a single Internet vendor willing to provide meaningful warranties or remedies for its software, software products, or services.
The typical Internet-related mass-market license agreement provides no warranties of any kind and forecloses any remedy by requiring the consumer to litigate in a forum of the vendor’s choice, which is often in a distant forum. The following anti-warranties clause of an online pharmacy is fairly typical of what consumers encounter in cyberspace:
Disclaimer of Warranties. YOU EXPRESSLY UNDERSTAND THAT AND AGREE THAT:
a. YOUR USE OF THE SERVICE IS AT [YOUR] SOLE RISK. THE SERVICE IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. PHARMACY CHOICE EXPRESSLY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
b. PHARMACY CHOICE MAKES NO WARRANTY THAT (i) THE SERVICE WILL MEET YOUR REQUIREMENTS, (ii) THE SERVICE WILL BE UNINTERRUPTED, TIMELY, SECURE, EFFICIENT, OR ERROR FREE, (iii) THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE SERVICE WILL BE ACCURATE OR RELIABLE, (iv) THE QUALITY OF ANY PRODUCT, SERVICE, INFORMATION, OR OTHER MATERIAL PURCHASED OR OBTAINED BY YOU THROUGH THE SERVICE WILL MEET YOUR EXPECTATIONS, AND (v) ANY ERRORS IN THE SOFTWARE WILL BE CORRECTED.
c. ANY MATERIAL DOWNLOADED OR OTHERWISE OBTAINED THROUGH THE USE OF THE SERVICE IS DONE AT YOUR OWN RISK AND DISCRETION. YOU WILL BE SOLELY RESPONSIBLE FOR ANY DAMAGE TO YOUR COMPUTER SYSTEM OR LOSS OF DATA THAT RESULTS FROM THE DOWNLOAD OF ANY SUCH MATERIAL.
d. NO ADVICE OR INFORMATION, WHETHER ORAL OR WRITTEN, OBTAINED BY YOU FROM PHARMACY CHOICE OR THROUGH OR FROM THE SERVICE SHALL CREATE ANY WARRANTY NOT EXPRESSLY STATED . . . .
e. NEITHER PHARMACY CHOICE NOR YOU MAY MODIFY OR WAIVE THE DISCLAIMERS PROVIDED FOR IN THIS SECTION . . . . NO ORAL MODIFICATIONS OR WAIVER OF THIS DISCLAIMER SHALL BE VALID OR BINDING ON PHARMACY CHOICE.
Amazon.com’s terms of service agreement forecloses consumers from seeking punitive damages or any other type of tort damages. The most popular search engine, Google.com, has a term of service that precludes the possibility of obtaining punitive damages:
Under no circumstances shall Google be liable to any user on account of that user’s use or misuse of Google Web APIs. Such limitation of liability shall apply to prevent recovery of direct, indirect, incidental, consequential, special, exemplary, and punitive damages whether such claim is based on warranty, contract, tort (including negligence), or otherwise, (even if Google has been advised of the possibility of such damages).
c. Mandatory Consumer Protection in Cyberspace
The solution to adhesive Internet contracts is to either extend punitive damages to cyberspace or adopt a system of “thick” regulations such as the European Union regime of mandatory consumer protection terms. None of the countries of the European Union other than the United Kingdom recognize the doctrine of punitive damages. The Brussels Regulation, for example, gives consumers the right to sue suppliers in their home court. It provides that if a business “pursues commercial or professional activities in the Member State,” then the consumer may sue in the court where he or she is domiciled. The far-reaching consumer provisions also apply to U.S. companies targeting European consumers in Internet transactions. Therefore, European Union rules will likely become the de facto consumer protection law for the Internet since non-European Union countries will be subject to its rules.
The European Union model tacitly assumes that mandatory consumer protection is required in cyberspace and elsewhere. The Distance Selling Directive, for example, requires sellers to provide consumers with information about the identity of the supplier, the main characteristics of goods and services including taxes, delivery costs, arrangements for payment, the existence of a right of withdrawal, the period for which the offer remains valid, and the minimum duration of the contract.
The European Directive on Consumer Goods contains provisions that apply equally well to Internet sales. The Directive, for example, gives consumers a two-year period to exercise rights as to defective products. The Directive presumes that any non-conformity found in the first six months after delivery existed at tender, and European consumers under the Consumer Goods Directive have a right of repair or replacement without charge or inconvenience. Under the Directive, any waiver of rights in a contractual agreement signed by European consumers is not binding.
Internet contracts with European consumers must also comply with the Unfair Terms Directive. The Directive has an express policy of policing unfair terms where there is an imbalance of power between the company and consumer. It applies to a wide range of one-sided Internet contracts where the terms are offered on a “take-it-or-leave-it” basis. Any ambiguity in a consumer contract is construed against the company in favor of the consumer. The central provision of the Unfair Terms Directive is that contractual terms found to be unfair are unenforceable. In contrast, the U.S. market-based approach tends to be opposed to such pro-welfaristic consumer protection regimes. The extension of punitive damages to protect consumers is consistent with the U.S. pro-market approach with its emphasis on flexibility and pragmatism.
B. Extending Punitive Damages for Consumer and Individual Protection in Cyberspace
Few consumer lawyers have the resources to pursue an Internet wrongdoer capable of fleeing the jurisdiction with the click of the mouse. Even if the Internet wrongdoer can be located, there remains a problem with default judgments. Consumers will be more likely to obtain collectible judgments from Internet elephants rather than elusive mice, but may not be aware that attorneys are available to work on a contingency basis. Alternatively, the amount of money involved may be so miniscule for any one Internet user that the victim may not feel that he or she has the time, energy, or expertise to prosecute a fraudulent Internet merchant. Many Internet users may each have a small loss resulting from a pattern and practice of dishonesty.
1. Remedy for Socially Compensable Damages
The legal environment of the Internet is a perfect venue for an expanded remedy of punitive damages. Judge Guido Calabresi drew the classic distinction between specific deterrence that makes the wrongdoer pay the price of wrongdoing and the larger social sanction of general deterrence, which vindicates the harm to society. The concept of general deterrence may be seen in the earliest exemplary damages cases where awards were made “for example’s sake.” Punitive damages against spam e-mailers are good examples of what Judge Calabresi defines as “socially compensatory damages.” The purpose of socially compensatory damages is “to make society whole,” as opposed to compensatory damages, which are “assessed to make the individual victim whole.” Tort law’s capacity to efficiently punish and deter conduct through socially compensable damages is central to Judge Calabresi’s theory of punitive damages. Judge Calabresi argues that in many cases “compensatory damages are . . . an inaccurate measure of the true harm caused by an activity.”
Consumers need a fortified punitive damages remedy precisely for purposes of optimal deterrence. Ordinary damages are an insufficient deterrent where the gain to the defendant exceeds any compensable injury. General deterrence requires punitive damages to convince other Internet wrongdoers that there is no profit in wrongdoing. Merely requiring an Internet company to disgorge the amount by which it was unjustly enriched is an insufficient deterrent. Without the threat of uncapped punitive damages, it would be beneficial for the fraudulent Internet business to wait until it was discovered or sued before disgorging what was owed. As the court stated in Wangen v. Ford Motor Co., if it were not for punitive damages then “[s]ome may think it cheaper to pay damages or a forfeiture than to change a business practice.” The purpose of punitive damages in cyberspace is the same as in the bricks-and-mortar world of compensating the larger society for uncompensated external costs. Punitive damages are “an appropriate way of making the injurer bear all the costs associated with its activities.” In the first decade of cyberspace punitive damages, there have been some notable examples where the remedy served to root out socially harmful web site activity.
2. Serving as a Death Penalty to Internet Harassment
“Cyberstalking refers to the use of the Internet, e-mail, or other electronic means to repeatedly threaten, follow, or harass another person.” Internet wrongdoers, for example, have harmed women by maliciously posting personal information on sadomasochistic web sites and by using new morphing technologies to superimpose their victim’s face onto pornographic pictures. For example, an online stalker who posted profane, derogatory, and harassing messages threatening violence to female musicians was assessed with punitive damages.
In Hitchcock v. Woodside Literary Agency, Jayne Hitchcock, a University of Maryland teaching assistant, alleged she was the victim of a campaign of electronic terror by an online company. Ms. Hitchcock’s nightmare began when she answered a web site advertisement soliciting writing samples from “‘published and unpublished authors.”’ After submitting a writing sample, she received a letter from Woodside Literary Agency (“WLA”) praising her writing and soliciting her to forward a full manuscript to the agency, “along with a $75 ‘reading and market evaluation fee.”’ She mailed a second sample of her writing to WLA using her maiden name. WLA responded with a virtually identical letter save for soliciting a $150 reading fee. Ms. Hitchcock concluded that WLA was nothing more than a scam soliciting bogus fees from consumers seeking to become writers. She posted warnings about WLA on various Internet bulleting boards observing that “legitimate literary agencies did not charge ‘reading fees.”’
Hitchcock allegedly became the target for a systematic campaign of online harassment by anonymous parties. The harassment took diverse forms, including the posting of messages that falsely claimed that Hitchcock was the author of pornography. She also received a number of crude e-mail messages, which placed her in fear of sexual assault. Her e-mail accounts were flooded, and offensive messages were sent to third parties under her name. Despite this clear pattern of systematic online harassment, the federal court dismissed Hitchcock’s RICO claim for failure to state a claim since the defendants could not, by law, constitute a criminal enterprise. In the end, the consumer had no remedy available for such pervasive e-mail harassment and the “e-mail bombs” that shut her e-mail account down. The Hitchcock case illustrates the need for strong consumer self-help remedies to punish egregious misconduct in cyberspace.
Punitive damages are beginning to be employed to restrain web sites threatening violence. In Planned Parenthood of Columbia/Williamette, Inc. v. American Coalition of Life Activists, anti-abortion activists posted “GUILTY” posters identifying the names, addresses, and photographs of physicians that provided abortions. The web site developed by the American Coalition of Life Activists (“ACLA”) personally identified the plaintiffs on “Deadly Dozen ‘GUILTY”’ posters. Additionally, ACLA compiled the “Nuremberg Files” to collect evidence against abortion doctors so that they could one day be placed on trial for crimes against humanity. “The ‘GUILTY’ posters identifying specific physicians were circulated in the wake of a series of ‘WANTED’ and ‘unWANTED’ posters that had identified other doctors who performed abortions before they were murdered.”
The plaintiffs argued that the distribution of the Old West-style Deadly Dozen “WANTED” posters identifying the abortion providers constituted a threat of force under the federal Freedom of Access to Clinics Entrances Act. In three prior incidents, a “wanted”-type poster identifying a specific doctor who provided abortion services was circulated, and the doctor named on the poster was killed. The jury returned a verdict in the physicians’ favor, including $108.5 million in punitive damages. The district court also “enjoined ACLA from publishing the posters or providing other materials with the specific intent to threaten [the physicians].” The court found that the defendants had “acted with specific intent and malice in a blatant and illegal communication of true threats to kill, assault or do bodily harm to each of the plaintiffs and with the specific intent to interfere with or intimidate the plaintiffs from engaging in legal medical practices and procedures.”
On appeal, the Ninth Circuit held that the web site constituted a true threat as defined under the Freedom of Access to Clinics Entrances Act and affirmed the ACLA’s liability, but vacated the $108.5 million punitive damages award for the district court to determine whether it comported with due process. Due to the Ninth Circuit’s decision, the threat of further punitive damages awards has resulted in a number of providers unplugging the “Nuremberg Files” site and other anti-choice sites, including the “AbortionCams” web site, “which features thousands of photographs and videos of abortion clinic staff, patients and escorts.”
3. Punishing Incendiary Flame Wars in Cyberspace
Punitive damages have begun to evolve as a social control against incendiary e-mail exchanges or web site postings. Consider the case of a 27-year-old British lawyer who received a spicy e-mail message at work from his girlfriend. The tactless lawyer forwarded the e-mail to several others, “boasting, ‘Now THAT’S a nice compliment from a lass, isn’t it?”’ A week later, the firm’s web site “crashed after receiving 70,000 hits in a single day.” The lawyer’s careless e-mail caused him to be disciplined by his law firm and castigated in the court of public opinion. This case is an example of the types of e-mails that can cause a suit for punitive damages.
In Mathis v. Cannon, the plaintiff filed a defamation claim against an Internet poster who accused him of being a thief and a crook in an online forum addressing concerns about a solid waste recovery facility. The Internet-related postings were the result of impassioned debates over the expenditure of the county’s resources for the ill-fated facility. However, the plaintiff was barred from seeking punitive damages because he did not seek a retraction, which was a prerequisite to filing his defamation complaint.
C. Protecting Individual Reputations in Cyberspace
Punitive damages are evolving to restrain abusive information-based torts in cyberspace. For example, a University of North Dakota physics professor filed a lawsuit against a former student who posted an article about him on the Internet. The student accused the professor “of being a pedophile and having odd sexual habits.” The professor won his case and received a punitive damages award for the student’s postings.
Damages awarded in online defamation cases frequently involve head-on collisions with the First Amendment. The facts of Griffis v. Luban exemplify the typical online defamation case, arising out of an incendiary exchange of e-mails and postings to a web site. In Griffis, a Minnesota resident was assessed damages in an Alabama court default judgment after being sued for posting Internet messages challenging the credentials of an Egyptologist. The Minnesota resident posted on a web forum that the Alabama scholar had “obtain[ed] her degree from a ‘box of Cracker Jacks.”’ The Alabama court entered a default judgment for $25,000 in money damages and an injunction to prevent future defamatory postings. In an unpublished decision, a Minnesota Court of Appeal overturned the Alabama injunction as an invalid prior restraint in violation of the First Amendment. The Minnesota Supreme Court ruled that the Alabama judgment was not entitled to full faith and credit because the Alabama court lacked personal jurisdiction. The court ruled that the Alabama court’s exercise of jurisdiction was in error because the postings by the plaintiff were not aimed at the Alabama forum.
D. Expanded Consumer Protection Through Punitive Justice
Deterrence will only occur when the tortfeasors are held accountable for their conduct in cyberspace. Given the difficulty Internet consumers have in detecting, let alone pursuing, Internet fraudsters, the cost of wrongdoing must be steep enough to convince even the Internet mice not to repeat the conduct. Internet elephants must also be punished in excess of their profit in order to deter similar future behavior. Accordingly, effective deterrence cannot be achieved without at least the threat of uncapped punitive damages.
Punitive damages are necessary in cyberspace to punish and deter wrongful acts such as improper billing, excessive charges, and consumer chiseling. Suppose an ISP decides to skim $10 off each consumer’s account over a two-year period. The provider can count on the likelihood that only a small fraction of consumers will detect the excessive charges. It is also likely that not every consumer who detects the skimming will successfully sue for her $10 charge. Limiting an Internet consumer to purely contractual remedies will result in under-deterrence. It is the unpredictability of tort law and the remedy of punitive damages that make the Internet seller or entrepreneur think twice before engaging in wrongful conduct that is profitable but a serious social problem to society. Predatory Internet sellers may perform a cost-benefit analysis deciding that it is profitable to cheat consumers where the probability of detection is low. Spam e-mailers are continually engaging in cost-benefit analyses to determine whether a given activity is worth the price. In the calculation of expected profits, the Internet wrongdoer will likely allow for possible refunds to those victims who object too vigorously, and will be perfectly content to bear the additional cost of litigation as the price for continuing an illicit business. “It stands to reason that the chances of deterring [people] are materially increased by subjecting [them] to the payment of punitive damages.” Punitive damages are a deterrent to a company because producers cannot balance the benefit of chiseling Internet users against the costs of detection with any certainty.
[T]hose who deliberately and cooly [sic] engage in a far-flung fraudulent scheme, systematically conducted for profit, are very much more likely to pause and consider the consequences if they have to pay more than the actual loss suffered by an individual plaintiff. An occasional award of compensatory damages against such parties would have little deterrent effect. A judgment simply for compensatory damages would require the offender to do no more than return the money, which he had taken from the plaintiff. In the calculation of his expected profits, the wrongdoer is likely to allow for a certain amount of money, which will have to be returned to those victims who object too vigorously, and he will be perfectly content to bear the additional cost of litigation as the price for continuing his illicit business. It stands to reason that the chances of deterring him are materially increased by subjecting him to the payment of punitive damages.
If the probability of detection is low, there is a greater potential that a spam e-mailer will send millions of unwanted e-mails. For the Internet merchant tempted to cheat consumers, he or she must not be able to coldly calculate the worst-case scenario of paying only what was owed in the first place. Wrongdoers must know that their financial existence may be threatened if they violate Internet business norms. In Emery-Waterhouse Co. v. Rhode Island Hospital Trust National Bank, the First Circuit Court of Appeals portrayed the retention of money not belonging to a bank as conduct analogous to theft. Accordingly, the First Circuit upheld a punitive damages award against the assignee. There are analogous circumstances in this case when it comes to protecting consumers in cyberspace. The punishment of Internet defendants who intentionally or recklessly breach their obligation to treat consumers fairly sends a signal to the information industry. It is entirely appropriate that the states punish conduct that violates a recognized public interest and there is no lesser interest in cyberspace.
The awarding of punitive damages serves the additional purpose of limiting the defendant’s ability to profit from its fraud by escaping detection and (private) prosecution. If a tortfeasor is “caught” only half the time he commits torts, then, when he or she is caught, the tortfeasor should be punished twice as heavily in order to make up for the times that he or she actually escaped punishment. As a result, the tortfeasor will be forced to consider the cost of being caught, not merely the odds of escaping, even if the tortfeasor is only held accountable for a small portion of his conduct.
Punitive damages also serve as a mechanism for ensuring that the “wrongdoer bears all the costs of its actions, and is thus appropriately deterred from causing harm, in those categories of cases in which compensatory damages alone result in systematic underassessment of costs, and hence in systematic underdeterrence.” The social cost of underdeterrence is that actors “will have an incentive to undertake activities whose social costs exceed their social benefits.” Online thieves are using a new technique called “phishing” to steal the identity and credit card numbers of consumers. As briefly mentioned earlier in this Article, phishing is the transmittal of e-mails, which appear to come from major corporations, to consumers. The predator directs consumers to fraudulent web sites that mirror the companies’ real sites and obtain bank account or credit card information from the consumers by asking them to verify or update their accounts.
The punishment of intentional or reckless breaches of the obligation to treat Internet consumers fairly is a necessary signal to new industries. The strong arm of punitive damages is called into play to punish firms who play fast and loose with Internet users’ money, data, identity, and right to privacy. Punitive damages are the only remedy that is tailored to punish and deter e-businesses from engaging in actions contrary to the public interest. The underlying public purpose is to teach fraudulent Internet companies that “tort does not pay.” Punitive damages encourage plaintiffs to act as “private attorneys general” and serve as an incentive to encourage a plaintiff to sue when there is widespread harm.
Deterrence cannot be achieved unless the costs of wrongful conduct are sufficient to induce fraudulent Internet wrongdoers and others tempted by ill-gotten gains not to repeat the conduct again. The awarding of punitive damages against Internet defendants will send a clear message to an e-business corporate headquarters or offshore haven that it is risky to defraud consumers. The ultimate goal of punitive damages is to punish by taking away the “ill gotten” gain, setting an example, and deterring future conduct of a like nature.
Punitive damages are an efficient remedy to punish and deter intentional and reckless torts in situations where “the probability of detection is very low and the probability of harm is very high.” Lowering the probability of enforcement implies that enforcement costs can be minimized. The lower that the probability of detection is, the fewer the resources devoted to enforcement need to be, and the fine can be set high enough so that the fine multiplied by the probability of its being imposed (the “expected fine”) reaches the optimal level for deterrence. A large punitive damages award is necessary to achieve optimal deterrence where the probability that any one Internet user will uncover wrongdoing is minimal.
The Fifth Circuit in Jackson v. Johns-Manville Sales Corp. stated that “punitive damages reward individuals who serve as ‘private attorneys general’ in bringing wrongdoers to account.” Private attorneys general provide a backup in situations in which government enforcement agencies fail to adequately protect the public. Fraud in the e-business executive suites will typically be more difficult and expensive to detect and prosecute than crime in the streets.
The remedy of punitive damages is particularly well-suited to assist consumers in unmasking deliberate, concealed economic harms, like those suffered by the victims of computer viruses, fraudulent Internet sales and services, and the routine invasions of privacy that compromise the identity of users. Without exemplary damages, the predatory Internet wrongdoers run little probability of detection if they injure a large number of consumers in relatively minor ways such as through pop-up ads, spam e-mail, or hidden charges. A popular misconception contends that punitive damage awards have spun out of control, threatening big, vulnerable companies. This is simply not so. Punitive damages are appropriate where a cyberspace defendant has acted in reckless indifference of the rights of large groups of consumers with the calculated purpose of making illicit profits.
Limiting a consumer cheated in a cyberspace transaction to purely contractual remedies will certainly result in diminished deterrence. Despite the theoretical promise of punitive damages for protecting consumers, the remedy is stillborn. Punitive damages are particularly needed to punish and deter conduct on the borderline between the law of torts and criminal law in cyberspace. Punitive damages are needed now more than ever by consumers to detect and punish fraudsters, predators, and other online criminals on the World Wide Web. In cyberspace, punitive damages have a potentially useful role of deterring reprehensible conduct that, although arguably rational from the standpoint of the particular Internet predator, has widespread social costs for consumers and for society. Internet wrongdoers must know they cannot estimate the cost of their misdeeds by coldly calculating the cost of paying compensatory damages. Internet con artists must know that their financial existence may be threatened by shortchanging Internet users, violating their privacy, or trading upon their identity.
Research Methods for Study of Punitive Damages in Cyberspace
The term “Internet” appeared in 1,559 state and federal opinions issued in 2002 but only a small percentage of these cases appear in the sample because the role of the Internet was only incidental in most of this litigation. This study examined all Internet-related cases in which there was an equitable or legal remedy during the years 1992-2002.
Since no international, federal, or state agency systematically collects data on Internet-related cases, all available published and unpublished data sources were searched. The following sources were exhaustively examined: (1) trial verdict reporters; (2) LEXIS and WESTLAW’s federal and state databases and news services; (3) cyberspace research libraries of law firms; (4) national, regional, and local verdict reporters; (5) reports of domain name disputes; (6) individual cyberspace cases reported on law firm web sites; (7) law school research centers; (8) American Law Reports (“ALR”) annotations; (9) all Internet-related Mealey publications; (10) e-commerce law secondary sources; (11) Internet treatises; (12) legal news services; (13) Security and Exchange Commission (“SEC”) filings; and (14) general news and information services. The sample excludes all criminal cases as well as dispositions for convicted offenders who are challenging the constitutionality of Internet postings of their criminal records and personal information. The sample excluded Internet-related small claims actions because there is no reliable reporting service. The sample does not include discovery orders to produce computer tapes or other information. The dataset does not include disputes decided under alternative dispute resolution such as the Uniform Domain Name Resolution Policy.
Furthermore, the sample does not include criminal prosecutions, regulatory actions brought by governmental units, or bankruptcies. Regulatory, criminal, and dot-com insolvency involves the government as the adjudicator of rights. These public law subjects are sharply different than private litigation, so they will be examined in a separate article. The focus of this Article is on the role of private litigants in Internet litigation. Foreign litigants are included only to the extent that actions are tried in U.S. state and federal courts.
Studies conducted by researchers at the RAND Corporation found that punitive damages are only awarded in 1-8% of civil cases. Other studies have found punitive damages to be awarded at similar rates. In the sample of cases examined by Daniels and Martin, punitive damages were awarded in only 4.9% of civil cases and in 8.8% of cases in which the plaintiff prevailed.
Jennifer K. Robbennolt, Determining Punitive Damages: Empirical Insights and Implications for Reform, 50 Buff. L. Rev. 103, 161 (2002) (internal citations omitted).
Metatags are HTML code intended to describe the contents of the web site. There are different types of metatags, but those of principal concern to us are the “description” and “keyword” metatags. The description metatags are intended to describe the web site; the keyword metatags, at least in theory, contain keywords relating to the contents of the web site.
Id. at 1045.
The great majority of these cases have adopted the analytical framework of Zippo Manufacturing Co. v. Zippo Dot Com, Inc., 952 F. Supp. 1119, 1124 (W.D. Pa. 1997). In Zippo – also a case of specific jurisdiction – the court examined the few cases that had previously addressed the issue of whether a Web site could provide sufficient contacts for specific personal jurisdiction. It applied the results of these cases to the traditional personal jurisdiction analytical framework, noting that “the likelihood that personal jurisdiction can be constitutionally exercised is directly proportionate to the nature and quality of the commercial activity that an entity conducts over the Internet.”
Lakin v. Prudential Secs., Inc., 348 F.3d 704, 710 (8th Cir. 2003) (affirming the district court’s finding that the plaintiff had not proven minimum contacts to satisfy due process, but reversing on the issue of general jurisdiction ordering additional discovery).
The [FTC] enforces 46 federal laws, including many laws that apply to web sites. Under the Federal Trade Commission Act, 15 U.S.C. §§ 41-58, the Commission seeks to: (a) prevent unfair methods of competition, and unfair or deceptive acts or practices in or affecting commerce; (b) obtain money and other relief for injured consumers; (c) define and prevent unfair or deceptive practices; and (d) investigate the business, practices, and management of entities engaged in commerce.
Federal Trade Commission Actions Affecting Web Sites & E-Commerce, at http://www.keytlaw.com/FTC/ftcactions.htm (last modified Sept. 2, 2003).
Standard form contracts probably account for more than ninety-nine percent of all the contracts now made. Most persons have difficulty remembering the last time they contracted other than by standard form; except for casual oral agreements, they probably never have. But if they are active, they contract by standard form several times a day. Parking lot and theater tickets, package receipts, department store charge slips, and gas station credit card purchase slips are all standard form contracts.
. . . The contracting still imagined by courts and law teachers as typical, in which both parties participate in choosing the language of their entire agreement, is no longer of much more than historical importance.
W. David Slawson, Standard Form Contracts and Democratic Control of Lawmaking Power, 84 Harv. L. Rev. 529, 529 (1971).
UNDER NO CIRCUMSTANCES SHALL EBAY BE LIABLE TO ANY USER ON ACCOUNT OF THAT USER’S USE OR MISUSE OF EBAY TOOLBAR. SUCH LIMITATION OF LIABILITY SHALL APPLY TO PREVENT RECOVERY OF DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL, EXEMPLARY, AND PUNITIVE DAMAGES WHETHER SUCH CLAIM IS BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), OR OTHERWISE, (EVEN IF EBAY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES).
User License Agreement, http://pages.ebay.com/ebay_toolbar/download.html (last visited Jan. 26, 2004).