Events & Announcements

DULR Announces Emerging Scholar Award

The Denver University Law Review is pleased to announce the Emerging Scholar Award. This exclusive opportunity is for all scholars who have received their J.D. as of March 1, 2015 and have not yet accepted a tenure-track teaching position nor held a full-time teaching position for more than three years. The selected recipient will receive an award of $500 and publication in Issue 1, Volume 93, scheduled for early 2016.

Click here for more information!

DULR Online Proudly Presents The Return of Constitutional Federalism Issue

DULR Online's The Return of Constitutional Federalism Issue features four papers from highly regarded scholars that respond to an article authored by Logan Everett Sawyer III, titled The Return of Constitional Federalism (forthcoming in an upcoming issue of volume 91 of the Denver University Law Review). Each paper in the issue reviews Professor Sawyer's article in-depth, as well as making additional arguments for or against Professor Sawyer's conclusions.


Please view the full issue here.

DULR Online Proudly Presents the Proxy Plumbing Issue

DULR Online's Proxy Plumbing Issue features five student articles covering different aspects of the SEC's Concept Release on the U.S. Proxy System and a call for a version 2.0 to address certain shortcomings of the Release. The Proxy Plumbing Issue represents the continued collaboration between the Denver University Law Review, DULR Online, and Professor J. Robert Brown, Jr.


Please explore the full issue here, including a thoughtful introduction to the issue by Professor Brown.

Volume 92 Board of Editors Announced

Denver University Law Review is excited to announce the Volume 92 Board of Editors.  Please join us in congratulating them in this accomplishment and supporting them in continuing the fine tradition of the Denver University Law Review. Please click here to view the masthead.

DULR Online Presents the JOBS Act Issue

DULR Online is proud to present its JOBS Act Issue. This issue features eight student articles covering different aspects of the Jumpstart Our Business Startups Act, the landmark legislation passed by Congress in 2012 "[t]o increase American job creation and economic growth by improving access to the public capital markets for emerging growth companies." The JOBS Act Issue represents a unique collaboration between the Denver University Law Review, DULR Online, and Professor J. Robert Brown, Jr. Please explore the full issue here.
Subscriptions and Submissions

For information on how to subscribe to the Denver University Law Review, please click here.

For the guidelines on how to submit an article to Denver University Law Review, please click here. If you would like to submit a shorter piece to DULR Online, please contact the Online Editor, Nicholas Rising, at

« Breaking Felten’s Third Law: How Not to Fix the Internet | Main | Unregulating Online Harassment »

Who to Sue?: A Brief Comment on the Cyber Civil Rights Agenda

This post is part of an eleven-part series entitled Cyber Civil Rights.  Click here for a PDF version of the entire Cyber Civil Rights series.  Click here for a PDF version of this post.

By Viva R. Moffat

Danielle Citron’s groundbreaking work on cyber civil rights raises a whole variety of interesting possibilities and difficult issues.  In thinking about the development of the cyber civil rights agenda, one substantial set of concerns revolves around a regulatory question: what sorts of claims ought to be brought and against whom? The spectrum of options runs from pursuing currently-existing legal claims against individual wrongdoers to developing new legal theories and claims to pursuing either existing or new claims against third parties.  I suggest here—very briefly—that for a variety of reasons the cyber civil rights agenda ought to be pursued in an incremental manner and that, in particular, we ought to be quite skeptical about imposing secondary liability for cyber civil rights claims.

Citron has argued very persuasively that online harassment, particularly of women, is a serious and widespread problem.  I will not describe or expand upon her claims and evidence here, but for the purposes of this brief essay, I assume that online harassment is a problem.  Determining what, if anything, to do about this problem is another matter.  There are a variety of existing legal options for addressing online harassment. Victims of the harassment might bring civil claims for defamation or intentional infliction of emotional distress.  Prosecutors might, under appropriate circumstances, indict harassers for threats or stalking or, perhaps, conspiracy.[1]  These options are not entirely satisfactory: because of IP address masking, wireless networks, and other technological hurdles, individual wrongdoers can be difficult, if not impossible, for plaintiffs and prosecutors to find.  Even if found, individual wrongdoers might be judgment-proof.  Even if found and able to pay a judgment, individual wrongdoers may not be in a position to take down the offending material, and they are certainly not in a position to monitor or prevent similar bad behavior in the future.

Thus there are reasons to pursue secondary liability—against ISPs, website operators, or other online entities.  Current law, however, affords those entities general and broad immunity for the speech of others. Section 230 of the Communications Decency Act provides that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”  This provision has been interpreted broadly such that ISPs, website operators, and others are not indirectly liable for claims such as defamation or intentional infliction of emotional distress.[2]  The statute provides a few exceptions, for intellectual property claims, for example.[3]  The proponents of the cyber civil rights agenda have proposed that additional exceptions be adopted.  For example, Mary Anne Franks has analogized online harassment to workplace harassment and suggested that Section 230 immunity ought to be eliminated for website operators hosting harassing content.

Notwithstanding the force of the arguments about the extent of the problem of online harassment and the reasons for imposing third party liability, I suggest that claims for indirect liability ought to be treated with skepticism for a variety of reasons.[4] 

First, it is unclear whether the imposition of third party liability is likely to be effective at reducing or eliminating the individual bad behavior that is problematic.  Secondary liability would presumably entail some proof of, for example, the third party’s ability to control the wrongful behavior or the place in which that behavior occurred, the third party’s knowledge of the bad behavior, or the third party’s inducement of the harassment (or some other indicia of responsibility of the third party).  If this is so, it is easy to imagine that third parties—ISPs, website operators, and so on—who wish to avoid imposition of secondary liability or who wish to encourage or permit the “Wild West” behavior online will take measures to avoid findings of ability to control, of knowledge, or of inducement.  Website operators might, for example, employ terms of use that strongly condemn online harassment and that require that users indemnify the website operators.  ISPs might adopt strategies that effectively reduce or eliminate any “knowledge” the entity might have of what occurs on the site.  The third parties might design their operations such that they cannot control user-created content, much as the file-sharing services and peer-to-peer networks did in the wake of the RIAA’s pursuit of secondary liability claims.

Having just postulated that indirect liability may be ineffective, my second concern may seem contradictory: it may be overbroad.  The collateral consequences of imposing secondary liability for user-generated content are enormous.  As many have pointed out, third party liability may very well have substantial chilling effects on speech.  Even if individual wrongdoers are willing to put their views out in the world, website operators and ISPs are likely to implement terms of use, commenting policies, and takedown procedures that are vastly overbroad.  This is not to say that there are no collateral consequences, such as chilling effects on speech, from the imposition of direct liability, but only to speculate that such effects are potentially greater as a result of third party liability.

Third, to the extent that cyber civil rights agenda entails (and perhaps emphasizes) a norm-changing enterprise, it seems at least possible that claims of indirect liability are less likely to be effective in that regard.  Revealing individual bad behavior and pursuing that wrongdoer through the legal system represents a straightforward example of the expressive value of the law at work: public condemnation of wrongful behavior.  Claims for indirect liability are less likely to allow for such a straightforward story.  Many (though not all) website operators and ISPs are engaged in very little behavior that is easily categorized as wrongful. Instead, third party liability of those entities is justified on other grounds, such as the entity’s ability to control the online behavior, the receipt of benefits from the bad behavior, or knowledge of the harassment. Attempts to hold these entities liable may not serve the expressive value of changing the norms of online behavior because in the vast majority of instances people are less likely to be convinced that the behavior by the third party was, in fact, wrongful.[5]  In short, the argument that the imposition of third-party liability will change norms about individual online behavior strikes me as speculative.

Finally, a number of the reasons that victims might pursue claims against third parties simply are not sufficient to justify imposition of such liability.  One might seek third party liability because individual wrongdoers cannot be found or because those individual wrongdoers are judgment-proof. Neither reason, though understandable, is sufficient.  As a descriptive matter, third party liability in general is rarely or never imposed solely for one of those reasons.  As a fairness matter, that is the right result: it would be inequitable to hold a third party liable solely because the wrongdoer cannot be found or cannot pay.

Each of the concerns sketched out above applies either to a lesser extent or not at all to the pursuit of direct liability claims, civil or criminal.  While there are other problems with efforts to seek redress against individuals wrongdoers, that is the more fruitful path for the development of the cyber civil rights agenda.


[1]. See, for example, the indictment of Lori Drew for conspiracy and violation of the Computer Fraud and Abuse Act. Drew was eventually acquitted by the judge in the case.

[2]. For a summary of the development of the CDA’s immunity provisions, see H. Brian Holland, In Defense of Online Intermediary Immunity: Facilitating Communities of Modified Exceptionalism (“[C]ourts have consistently extended the reach of § 230 immunity along three lines . . . .”).

[3]. The statute provides exceptions for intellectual property claims, federal criminal enforcement, and a few others. Third party liability for intellectual property claims is also regulated and partly immunized. See 17 U.S.C. § 512 (2006).

[4]. On the other hand, I have much less concern about the vigorous pursuit of claims against individual wrongdoers.

[5]. In the course of representing a student sued by the RIAA for uploading digital music file in violation of the Copyright Act, I asked her if she had heard of the Napster opinion (notably, for purposes of this anecdote, an indirect liability case)). She said, “Yes, but I used Gnutella.” The suit for indirect liability obviously didn’t have the expressive value for that student that the recording industry might have hoped.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
All HTML will be escaped. Hyperlinks will be created for URLs automatically.