💾 Archived View for spam.works › mirrors › textfiles › bbs › syslibli.txt captured on 2023-11-14 at 09:07:03.

View Raw

More Information

⬅️ Previous capture (2023-06-14)

-=-=-=-=-=-=-

From langz@ebay.sun.com Mon Apr 23 21:05:51 1990
Received: from Sun.COM by gaak.LCS.MIT.EDU via TCP with SMTP
	id AA09583; Mon, 23 Apr 90 21:05:27 EDT
Received: from EBay.Sun.COM (male.EBay.Sun.COM) by Sun.COM (4.1/SMI-4.1)
	id AA21291; Mon, 23 Apr 90 18:03:56 PDT
Received: from khayyam.EBay.Sun.COM by EBay.Sun.COM (4.1/SMI-4.1)
	id AA04566; Mon, 23 Apr 90 18:02:40 PDT
Received: by khayyam.EBay.Sun.COM (4.0/SMI-4.0)
	id AA09346; Mon, 23 Apr 90 17:57:50 PDT
Date: Mon, 23 Apr 90 17:57:50 PDT
From: langz@ebay.sun.com (Lang Zerner)
Message-Id: <9004240057.AA09346@khayyam.EBay.Sun.COM>
To: ptownson@gaak.LCS.MIT.EDU
Subject: Defamation Liability of Sysops article
Status: R


             D E F A M A T I O N   L I A B I L I T Y 
                               O F 
                     C O M P U T E R I Z E D 
         B U L L E T I N   B O A R D   O P E R A T O R S 
            A N D   P R O B L E M S   O F   P R O O F 








                                       John R. Kahn
                                       CHTLJ Comment
                                       Computer Law Seminar
                                       Upper Division Writing
                                       February, 1989
                                       
                                       

             D E F A M A T I O N   L I A B I L I T Y 
                               O F 
                     C O M P U T E R I Z E D 
         B U L L E T I N   B O A R D   O P E R A T O R S 
            A N D   P R O B L E M S   O F   P R O O F 

John R. Kahn
CHTLJ Comment/Upper Division Writing/Computer Law Seminar

February, 1989

_________________________________________________________________

I.  INTRODUCTION
    

         A  computer  user  sits  down  at her personal computer, 

turns  it  on, and has it dial the number of a local computerized 

bulletin  board  service  (BBS)  where  she  has  been exchanging 

opinions,    information,    electronic    mail,   and   amicable 

conversation  with other users. Upon connecting with the BBS, she 

enters  a secret "password", presumably known only to herself and 

to  the  bulletin  board  operator,  so  as to gain access to the 

system.

         To  her  surprise,  she  finds herself deluged with lewd 

electronic  mail  from  complete  strangers  and hostile messages 

from  persons  with  whom she believed she was on friendly terms. 

The messages read: "Why did you call me a worthless son-of-a ----

-  yesterday? I really thought we could be friends, but I guess I 

was  wrong";  "Hey, baby, I liked your fetish you were telling me 

about  yesterday:  call  me at home, or I'll call YOU"; and, "Why 

didn't  you  get around to telling me about your venereal disease 

sooner?".  Yet  our user has not called this BBS in weeks and has 

never  made  any  of  these statements. Dismayed and angered, the 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn              2

user  comes  to  realize  that  she is the victim of computerized 

bulletin board abuse.

         A  personal  computer  hobbyist  (hereafter "SYSOP") who 

operates  a  computerized bulletin board system notices a rash of 

heated  arguments, profanity and complaints being reported to him 

by  users  on  what had been a forum for the peaceful exchange of 

ideas.   Investigating   the   complaints,   he   discovers  that 

previously     responsible     users     have     suddenly    and 

uncharacteristically  been  leaving  insulting,  rude  and  false 

messages  about other users on the bulletin board. One user is so 

enraged   about   a   public   message  accusing  her  of  sexual 

misadventures  that  she  is  threatening  to  sue  the  computer 

hobbyist  in  libel  for  having permitted the message to appear. 

The  SYSOP  realizes  that  both  he  and  his  subscribers  have 

suffered computerized bulletin board abuse.

         The  aggravating  force behind both the above situations 

is   most   likely   a   third  user  (known  hereafter  as  "the 

masquerader")   who   maliciously   exploits  both  his  computer 

knowledge  and  his  access  to  BBSes. Since the masquerader has 

discovered  the  password  and name of the regular user, and uses 

them  to  access  bulletin boards, he appears for all intents and 

purposes  to  be that regular user. The computer thus believes it 

has  admitted a legitimate subscriber to its database when it has 

in  fact  given  almost  free  reign  to  a  reckless hacker. The 

masquerader,  posing  as another legitimate user, is then free to 

portray  that  user  in  whatever  light  he  pleases and also to 

harass other users of the bulletin board.



Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn              3

         When  validated  users  later discover that someone else 

has   been  impersonating  them,  they  invariably  cancel  their 

subscriptions  to  that  BBS  and often bring a defamation action 

against   its  SYSOP  for  the  smearing  of  their  good  names. 

Conversely,   the   SYSOP,  in  an  effort  to  avoid  liability, 

reluctantly  engages  in  monitoring  each  and  every  piece  of 

information  posted  daily  by  hundreds  of  users. If the SYSOP 

chooses  instead  to  stop  running  his  BBS altogether, another 

efficient and valuable forum for ideas is lost.

         What  sort of defamation action may be maintained by the 

wrongfully  disparaged  user?  Is the computerized bulletin board 

offered  by  the  SYSOP  subject to the stricter self-scrutiny of 

newspapers,  or  does  it operate under some lesser standard? How 

may  the  initial  party  at  fault  -  the masquerader - be held 

accountable for his computerized torts?

         The  scope  of  this  Comment  will  be  to  examine the 

defamation   liability   of   computerized   BBS   operators  and 

evidentiary  proof  issues  that  arise  in  tracing computerized 

defamation  to  its  true  source.  Other possible Tort causes of 

action  -  intentional infliction of emotional distress, invasion 

of  privacy,  trespass  to  chattels  -  are not addressed. It is 

assumed  throughout  that  the  plaintiff is a private person and 

that  the issues involved are not matters of "public interest" as 

defined in Gertz v. Robert Welch, Inc.1

    A.   Background

         Computerized  BBSes exist as a quick, easy and efficient 

way   to  acquire  and  exchange  information  about  the  entire 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn              4

spectrum   of   interests.2   The  growing  popularity  of  these 

electronic  forums  was  demonstrated  in  a  recent  study which 

numbered  BBSes  at  more  than  3,500  nationwide.3 The size and 

complexity  of  computerized  BBSes  range from relatively simple 

programs,  run  on  privately-owned  microcomputers  with  a  few 

hundred  subscribers,  to vast, multi-topic database systems with 

nationwide lists of subscribers and operated for profit.4

         The  process  of  reaching,  or "accessing" one of these 

bulletin  boards  is  quite  simple:  all  that  is required is a 

computer,   a  computer  program  that  allows  the  computer  to 

communicate  over  the phone lines, and a "modem" (a device which 

converts   the   computer's   electrical  signals  into  acoustic 

impulses,  defined  infra).5  Once  she has accessed the BBS, the 

caller   is   free   to  trade  useful  non-copyrighted  computer 

programs,  exchange  ideas  on  a host of topics, post electronic 

mail  for  later reading by others, and much more.6 The ease with 

which  most  BBSes may be accessed and the wealth of interests to 

be  found  there  ensure  that they will continue to be important 

sources of information and discourse.

         However,  the speed and efficiency of computerized BBSes 

also  subject  them  to  serious, wide-ranging civil and criminal 

abuse.  Recently  a  young  computer user paralyzed several major 

computer  systems across the nation by sending a harmful computer 

program  (or  "worm")  to  them  over  telephone  lines. The worm 

quickly  replicated  itself  in  the computers' memories and thus 

decreased  their  output  capacities.7  Further, certain computer 

abusers  (known  as  "hackers") use the power of the computerized 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn              5

forum  to  ply  illegal  copies  of  copyrighted  programs,  bilk 

hundreds  of  millions  of  dollars annually from credit card and 

phone  companies, and to wrongfully access others' data files.8 A 

minority   of  other  BBSes  exist  mainly  to  circulate  racist 

ideologies.9

         What  is  more,  it now appears that the ancient tort of 

defamation  is  actively  being  practiced  through  the  use  of 

computerized   BBSes.10   Due   to   the   almost   ethereal  way 

computerized  BBSes  operate  - one person may conveniently leave 

an  electronic  message for others to respond to at their leisure 

and  there  is  no  need  for the parties to converse directly or 

even  to  know  each other11 - the risk of detection when the BBS 

is  abused  is  lower  than  that for defamation practiced in the 

print  media.12  Difficulties  arise  with  identifying  the true 

party  at  fault  and with authenticating the computer records as 

evidence  of  the  defamation.13  Adding  to  this  problem is an 

uncertainty  in  the laws concerning the appropriate liability of 

SYSOPs  for defamatory messages on their BBSes of which they were 

unaware.14

    B.   Definitions

         The  following  are  brief definitions of some important 

technical terms connected with electronic BBSes:

         SYSOP:  An  abbreviation  for "System Operator", this is 

the  individual  generally responsible for organizing information 

and  for  trouble-shooting  on  a computerized bulletin board. On 

larger  bulletin  boards  covering  hundreds  of  topics, several 

SYSOPS  may  be in charge of maintaining information contained in 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn              6

separate  discrete  fields.15 But when the BBS is privately owned 

and  operated,  a  single SYSOP may very well oversee all aspects 

of  the  board's  operations, in addition to being able to access 

all his users' passwords and personal information.16

         Modem:   An  abbreviation  for  "Modulator/Demodulator". 

This  is  a  device  which  links a computer to an ordinary phone 

line  and  converts computer signals to auditory phone signals. A 

computer  modem  on  the  other  end  of  the  transmission  then 

reverses  the  process.  Computers  using  modems  transfer  data 

rapidly across phone lines and thus share information.17

         Validation:  Basically  this is a set of procedures used 

by  responsible  SYSOPs  to  do everything reasonably possible to 

verify  that  the personal information supplied by a user is true 

and  correct.  Common  sense and emerging legal standards dictate 

that  the  SYSOP should not merely rely on the name provided by a 

potential  user  when  the  SYSOP  does  not personally know that 

individual.   The   SYSOP   may   be  required  to  independently 

corroborate  the  prospective  subscriber's  information by first 

asking  the  potential  user's name, address and phone number and 

then  by  checking  that information with directory assistance.18 

These  procedures  will hopefully aid the operator in identifying 

wrongdoers  if  misuse  occurs;19 however, as will be seen, these 

procedures are by no means foolproof.

         Database:  Any  collection  of  data  in  a computer for 

purposes  of  later  retrieval  and  use, i.e., names, addresses, 

phone numbers, membership codes, etc.

         User:  Anyone who accesses a computerized bulletin board 



Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn              7

system  and is exposed to the information stored there. Users may 

be  identified  by  their  true  names,  by an assigned numerical 

code, or by colorful "handles", or "usernames."20

         Operating  System:  This is a program which controls the 

computer's   basic  operations  and  which  recognizes  different 

computer  users  so  that their actions do not interfere with one 

another.21  For  example,  most multi-user operating systems will 

not  allow  one  user  to delete another's data unless the second 

user  gives  explicit  permission.22 BBS system software programs 

perform  this  function  through  their  use  of  "accounts"  and 

"passwords":23  private electronic mail sent to a particular user 

may  not  be read or deleted by others. The BBS' operating system 

is  also  designed  to  deny access to those attempting to log on 

under an unvalidated or unrecognized name.24

         Account/Username:   As   another   part  of  BBS  system 

security,   each   user  chooses  an  "account",  or  "username", 

consisting  of  one  to  eight  letters  or  numbers.25  The BBS' 

operating  system then will not allow commands issued by one user 

of  one  account to modify data created by another account;26 nor 

will  it  grant  access to an account that has been terminated or 

invalidated.

         Password:  Yet  another aspect of BBS system security is 

the  use  of  "passwords"  as  a  prerequisite  to  accessing the 

computer  system.  Most  operating  systems  require  the user to 

enter  both  her  account name and password to use the account.27 

Because  electronic  mail  cannot be sent without the username to 

which  it  is  being addressed, and because the account cannot be 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn              8

used  without  knowledge of the password, usernames are generally 

public  knowledge  while  passwords are a closely-guarded secret, 

known only to the user and the operating system.28

         Teleprocessing:  This is defined as accessing a computer 

from  a remote location, usually over a telephone line or similar 

communications channel.29

         Uploading/Downloading:   For   purposes   of  exchanging 

computer  programs  or  electronic mail over the phone lines, the 

process  of transferring information from one's personal computer 

to  the bulletin board is called uploading. The reverse process - 

transferring  information  from  a  bulletin  board to a personal 

computer - is known as downloading.30



II. DEFAMATION LIABILITY OF COMPUTERIZED BBS OPERATORS

    A.   Computerized Defamation: Libel or Slander?

         Libel  is  the  "publication  of  defamatory  matter  by 

written  or printed words, by its embodiment in physical form, or 

by  any  other  form  of  communication  that has the potentially 

harmful  qualities characteristic of written or printed words."31 

Publication   of   a  defamatory  matter  is  "its  communication 

intentionally  or by a negligent act to one other than the person 

defamed."32  A  communication  is  defamatory  if it "tends to so 

harm  the reputation of another as to lower him in the estimation 

of  the  community  or to deter third persons from associating or 

dealing  with  him."33  The  difference between libel and slander 

has  traditionally  depended  upon the form of the communication: 

oral  defamation  generally  is considered slander, while written 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn              9

defamation  is  generally  considered libel.34 The distinction is 

important,  because  libel  requires  no proof of special damages 

and  is  actionable  by  itself, while slander generally requires 

proof of special damages in order to be actionable.35

         However,  with  the  advent  of  electronic  media,  the 

traditional  libel/slander  distinctions  as  they apply to sight 

and  hearing are no longer valid. For example, passing defamatory 

gestures  and  signals,  though visible to sight, were considered 

slander;36  an  ad-libbed  statement  on  a  telecast impugning a 

person's financial status was found to be libel.37

         It  has been suggested that the real distinction between 

libel  and  slander  is  the  threat  and  magnitude  of  harm to 

reputation  inherent in the form of publication.38 Libel has been 

historically  associated  with  writings because (1) a writing is 

made  more  deliberately  than  an  oral statement; (2) a writing 

makes  a  greater  impression  to  the  eye  than  does  an  oral 

statement  to  the  ear;  (3)  a  writing  is more permanent than 

speech;  and (4) a writing has a wider area of dissemination than 

speech.39  These  four  qualities  inherent in a writing made the 

possible  harm  to  reputation greater than mere spoken words. In 

applying  libel  to  the  new  form of computerized communication 

used  on  BBSes,  the  potentiality  for  harm  to  reputation is 

significant,  and  should  again  be  considered  the controlling 

factor.

         In  our hypothetical situation, the user discovered that 

another  user  (the masquerader) had usurped her account name and 

password,  causing  her  great embarrassment and humiliation. The 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             10

act  of  prying into and taking another's computer information to 

misuse  it elsewhere would indicate a certain deliberation on the 

actor's   part  to  spread  defamatory  messages.  Secondly,  the 

defamatory  message is displayed to other users on their computer 

monitors  in  the  form of electronic characters, making a visual 

impression.  Third,  this electronic defamation is more permanent 

than  mere  words  because  it is stored in the BBS' memory until 

erased  by the user or SYSOP. Finally, the message arguably has a 

wider  area  of dissemination than a one-to-one spoken defamation 

because,  as a message on an electronic BBS, it has the potential 

of  being  viewed  by  hundreds, perhaps thousands, of users each 

day.  Based  on these four criteria, the capacity for harm to our 

user's  reputation  due to the masquerader's activities is indeed 

great enough to be considered libellous.

    B.   Defamation Liability of the SYSOP

         Having  established  the  electronic  message  as  being 

libellous,   the  next  issue  is  to  determine  the  extent  of 

liability  for  the  SYSOP who unknowingly permits the message to 

be  communicated  over  his  BBS.  Case  law  indicates  that the 

SYSOP's  liability depends upon the type of person defamed and on 

the subject matter of the defamation.

         1.   Degree of fault required

         The  United  States  Supreme  Court has addressed modern 

defamation  liability  in  two  major decisions. Both conditioned 

the  publisher's  liability  on the type of person defamed and on 

the  content  of the defamation. In New York Times v. Sullivan,40 

the  Court  determined  that  in  order  for a public official to 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             11

recover  damages  in  a  defamation action, the statement must be 

shown  to  have  been  made  with  "actual  malice",  i.e.,  with 

knowledge  of  its  falsity  or  with  reckless disregard for its 

truth.41  Due  to  society's interest in "uninhibited, robust and 

wide-open"  debate  on  public  issues, neither factual error nor 

defamatory  content  sufficed  to  remove  the  First Amendment's 

shield from criticism of an official's conduct.42 

         The  Supreme  Court  further  elaborated  on  defamation 

liability  standards in the private and quasi-private sphere when 

it  decided Gertz v. Robert Welch, Inc.43 In Gertz, the publisher 

of  a  John  Birch  Society  newsletter  made  certain  false and 

inaccurate  accusations  concerning an attorney who represented a 

deceased  boy's family. The family had civilly sued the policeman 

who  murdered  the  boy.  In  rebutting what he perceived to be a 

secret  campaign  against  law  and order, the publisher labelled 

the  family's attorney a "Leninist" and "Communist-fronter".44 In 

addition,  the  publisher  asserted  that the attorney had been a 

member  of  the National Lawyers Guild, which "'probably did more 

than  any  other  outfit  to  plan  the  Communist  attack on the 

Chicago  police  during  the  1968  Democratic Convention.'"45 In 

publishing  these  statements  throughout  Chicago,  the managing 

editor  of  the Birch Society newsletter made no effort to verify 

or substantiate the charges against the attorney.46

         The  Supreme  Court  held  in  Gertz  that  while  First 

Amendment   considerations   protect  publications  about  public 

officials47  and about "public figures"48, requiring a showing of 

"actual  malice"  before  defamation  damages could be recovered, 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             12

the  same  was  not  true for defamation suits brought by private 

citizens49,  a  group to which the attorney was held to belong.50 

Private  citizens  were  seen  as deserving more protections from 

defamation  than public officials or public figures, so they were 

not  required  to  show  "actual  malice"  as  a  precondition to 

recovery.51  The  Court  then left it to the states to decide the 

precise   standard   of   liability  for  defamation  of  private 

individuals,  so  long  as  liability  without  fault was not the 

standard.52

         By  Gertz,  then,  the appropriate standard of liability 

for  publicizing  defamation  of  private parties falls somewhere 

below  actual malice and above strict liability. The problem with 

defining  the defamation standard for computerized BBS operators, 

however,  is  a lack of uniform standards. In such circumstances, 

the   objective  "reasonable  person"  standard  will  likely  be 

applied  to  the SYSOP's actions.53 Several cases may be usefully 

applied by analogy.

         The  court  in  Hellar  v.  Bianco54  held  that  a  bar 

proprietor  could  be  responsible  for  not removing a libellous 

message  concerning  the  plaintiff's  wife  that appeared on the 

wall  of  the  bar's  washroom  after  having been alerted to the 

message's  existence.55  The court noted that "persons who invite 

the  public  to  their  premises  owe  a  duty  to  others not to 

knowingly  permit  their  walls  to  be  occupied with defamatory 

matter....  The  theory  is  that  by  knowingly  permitting such 

matter  to  remain  after  reasonable opportunity to remove [it], 

the  owner  of  the wall or his lessee is guilty of republication 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             13

of  the  libel."56  The  Hellar  court  then  left  the  ultimate 

determination  of  the bar owner's negligence to the jury.57 This 

holding  seems  to  be  in  accord with the Restatement of Torts, 

which provides:



         PUBLICATION:
         (2)  One  who  intentionally  and unreasonably 
              fails  to  remove  defamatory matter that 
              he  knows  to  be  exhibited  on  land or 
              chattels  in  his possession or under his 
              control  is  subject to liability for its 
              continued publication.58
              
         
         Contrarily,  however, the Ohio court of appeals in Scott 

v.  Hull59  found  that  the  building  owner  and  agent who had 

control  over  a  building's maintenance were not responsible for 

libel  damages  for graffiti inscribed by an unknown person on an 

exterior  wall.60  The  court distinguished Hellar by noting that 

in  Hellar  the  bartender  constructively adopted the defamatory 

writing  by  delaying  in removing it after having been expressly 

asked to do so:



         "It  may  thus  be  observed  from these cases 
         that  where  liability is found to exist it is 
         predicated  upon  actual  publication  by  the 
         defendant  or  on the defendant's ratification 
         of  a publication by another, the ratification 
         in  Hellar  v. Bianco...consisting of at least 
         the   positive   acts  of  the  defendants  in 
         continuing  to  invite  the  public into their 
         premises  where  the  defamatory matter was on 
         view  after  the  defendants  had knowledge of 
         existence of same."61
         
         
         The  Scott  court  held  that  defendants  could only be 

responsible  for publishing a libellous remark through a positive 

act,  not  nonfeasance;  thus,  their  mere failure to remove the 

graffiti  from  the building's exterior after having it called to 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             14

their  attention  was  held  not  to  be  a  sufficient  basis of 

liability.62

         A  situation  similar to Scott arose recently in Tackett 

v.  General  Motors  Corporation.63  There, an employee brought a 

libel  suit  against  his  employer  for,  inter alia, failing to 

remove  allegedly  defamatory signs from the interior wall of its 

manufacturing  plant  after having notice of their existence. One 

large  sign  remained  on  the wall for two to three days while a 

smaller  one  remained  visible  for  seven  to  eight  months.64 

Instead   of   focussing  on  the  Scott  malfeasance/nonfeasance 

test,65   the   Tackett   court  considered  defendant's  implied 

adoption  of  the  libellous statement to be the correct basis of 

liability.66  While  saying  that  failure  to remove a libellous 

message  from  a  publicly-viewed  place may be the equivalent of 

adopting  that  statement,  and  noting that Indiana would follow 

the  Restatement  view "when the time comes,"67 the Tackett court 

held  that  the  Restatement  view could be taken too far. Citing 

Hellar, the court wrote:



         The  Restatement  suggests that a tavern owner 
         would   be   liable   if  defamatory  graffiti 
         remained  on  a  bathroom  stall a single hour 
         after  the discovery [Citation to Hellar]. The 
         common  law  of  washrooms is otherwise, given 
         the  steep discount that readers apply to such 
         statements   and   the  high  cost  of  hourly 
         repaintings  of  bathroom  stalls [Citation to 
         Scott].   The  burden  of  constant  vigilance 
         exceeds  the  benefits  to be had. A person is 
         responsible   for   statements   he  makes  or 
         adopts,  so  the  question is whether a reader 
         may  infer  adoption  from  the  presence of a 
         statement.  That inference may be unreasonable 
         for  a  bathroom  wall  or  the  interior of a 
         subway  car  in  New York City but appropriate 
         for  the  interior  walls  of  a manufacturing 
Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             15

         plant,   over   which   supervisory  personnel 
         exercise  greater supervision and control. The 
         costs  of  vigilance  are  small (most will be 
         incurred    anyway),    and    the    benefits 
         potentially   large   (because  employees  may 
         attribute  the  statements  to  their employer 
         more  readily  than patrons attribute graffiti 
         to barkeeps).68
         
         
         According  to  this  reasoning,  then,  the location and 


length  of  time the libel is allowed to appear plays an integral 


part  in  determining  whether  a given defendant has adopted the 


libel, and thus has published it.


         An  application  of  the foregoing analysis to the issue 


at  hand  highlights  the  need  for greater care in allowing the 


posting  of  electronic mail messages on a BBS. The Tackett court 


noted  that  while  the content of graffitti scrawled on bathroom 


walls  might be subject to healthy skepticism by its readers, the 


same  might  not be true for other locations such as interiors of 


subway  cars  or  manufacturing  plant  walls.69 If this is true, 


then  it  is  reasonable  to  assume  that  a  defamatory message 


displayed  in a forum for the exchange of ideas is more apt to be 


taken  seriously  by  its readers - especially when the libellous 


Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             16

message purports to be written by the subject of the libel.70


         Further,  the Tackett court indicated that the high cost 


of   repainting  bathroom  stalls  by  the  hour  outweighed  its 


perceptible  benefits. The same is not true for electronic BBSes, 


where  the costs of prevention are minimal in light of the threat 


of widespread harm to users' reputations.71


         2.   Damages


         Once  the plaintiff establishes that the SYSOP failed to 


act  reasonably in removing statements known to be libellous from 


his  BBS  or  in  negligently failing to prevent their appearance 


there,72  no  proof  of  special damages is necessary as libel is 


actionable  per  se.73 The state's interest in protecting private 


reputations  has been held to outweigh the reduced constitutional 


value  of speech involving matters of no public concern such that 


presumed  and  punitive damages may be recovered absent a showing 


of actual malice.74


         The  proper  gauge  of  liability  has again raised some 


questions.75  One writer has noted that if the burden of proof is 





Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             17

to  rest  on  the  plaintiff,  she  may  be  at a disadvantage in 


producing  sufficient  evidence  to demonstrate negligent conduct 


on  the  part  of  the  SYSOP.76  Solutions  to this problem have 


ranged  from  a  rebuttable presumption of negligence in favor of 


the  plaintiff77  to  adoption  of  a set of standards similar to 


those  set  out  in  the  Federal Fair Credit Reporting Act.78 In 


either   event,  damage  awards  for  computer  abuse  have  been 


addressed both by federal and state law.79


         3.   Suggestions


         Because  computerized  BBSes  are still a relatively new 


technological  phenomena, consistent standards for SYSOPs' duties 


have  yet  to  be developed.80 However, at least one users' group 


has  adopted  a voluntary code of standards for electronic BBSes, 


applicable  to  both  users  and  SYSOPs  of  boards  open to the 


general public:





         SCOPE:
         This  Minimum  Code  of  Standards  applies to 
         both  users  and  SYStem Operators (SYSOPs) of 
         electronic  bulletin  boards  available to the 
         general public.
         FREEDOM OF SPEECH AND IDEAS
         Each  user  and  SYSOP  of  such systems shall 
         actively   encourage   and  promote  the  free 
         exchange   and   discussion   of  information, 
Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             18

         ideas,  and  opinions, except when the content 
         would:
         -    Compromise  the  national security of the 
              United States.
         -    violate proprietary rights.
         -    violate personal privacy,
         -    constitute a crime,
         -    constitute libel, or
         -    violate   applicable  state,  federal  or 
              local   laws  and  regulations  affecting 
              telecommunications.
         DISCLOSURE
         Each user and SYSOP of such system will:
         -    disclose their real name, and
         -    fully  disclose  any personal, financial, 
              or  commercial  interest  when evaluation 
              any specific product or service.
         PROCEDURES
         SYSOPS shall:
         -    review  in  a  timely manner all publicly 
              accessible information, and
         -    delete  any  information  which they know 
              or  should  know conflicts with this code 
              of standards.
         A  'timely  manner'  is  defined  as  what  is 
         reasonable  based  on  the potential harm that 
         could be expected. Users are responsible for:
         -    ensuring   that   any   information  they 
              transmit  to such systems adheres to this 
              Minimum Code of Standards, and
         -    upon   discovering   violations   of  the 
              Minimum  Code of Standards, notifying the 
              SYSOP immediately.
         IMPLEMENTATION
         Electronic  bulletin board systems that choose 
         to  follow  this  Minimum  Code  of  Standards 
         shall  notify  their  users by publishing this 
         Minimum  Code,  as  adopted by the [Capitol PC 
         Users  Group],  and  prominently  display  the 
         following:
         'This  system  subscribes  to  the  Capitol PC 
         Users  Group  Minimum  Code  of  Standards for 
         electronic bulletin board systems.'81
         
         
         While  non-binding  on  publicly-accessible  BBSes,  the 

above  guidelines  furnish  sound  basic policies that all SYSOPs 

might  use in shielding themselves from defamation liability. Our 

hypothetical  at  the  beginning  of  this  Comment  described  a 

situation  where  a  malicious  intruder  was  able to access and 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             19

masquerade  as  a validated user on a BBS; the following are some 

additional  computer  security measures that the reasonable SYSOP 

could conduct to avoid that situation:

         a.   Special   "screening"   software:  One  writer  has 

suggested  discouraging  potential BBS misuse through programming 

the  BBS  to  reject  those messages containing common defamatory 

and  obscene  language;82  such a program would discard a message 

containing  any  of  those  terms and would presumably notify the 

SYSOP  of  their  presence.  Drawbacks to this procedure are that 

computer  programs cannot understand all the nuances of libellous 

messages83  and  would  thus  lead  to the rigid deletion of many 

otherwise legitimate messages.84

         b.   Unique    passwords:   A   more   fundamental   and 

economical  approach  would  be  for the SYSOP to both notify all 

new  users  about the potential for computerized BBS abuse and to 

encourage  their  use of a unique password on each BBS they call. 

This  would  have  the  practical effect of keeping a masquerader 

from   using  the  names  and  passwords  found  on  one  BBS  to 

wrongfully  access  and  masquerade on other BBSes. A drawback to 

this  procedure is that the truly malicious masquerader may still 

discover  a BBS' most sensitive user records by way of a renegade 

computer  program  called  a "trojan horse".85 However, one could 

speculate  that  the SYSOP acts reasonably in informing potential 

users of the existing threat and in helping them avoid it.

         c.   Encryption:  This  is  essentially  a  way  for the 

SYSOP  to make the users' passwords unique for them. The power of 

the  computer  allows complex algorithms to be applied to data to 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             20

encode  it in such a way that, without the key to the code, it is 

virtually  impossible to decode the information.86 This technique 

would  have  the  added  benefit of forcing the masquerader, upon 

accessing  the BBS with a trojan horse program, to search for the 

secret  decoding  algorithm  in  addition to the BBS' secret user 

files.  Indeed,  it  is  conceivable that a special encryption or 

password  could  be devised to allow only the SYSOP access to the 

BBS'   decoding   algorithm.   However,   encryption  involves  a 

significant  overhead  -  impractical  for most small, privately-

operated  BBSes - and is more frequently used to protect messages 

from  one  system  to  another  where  the  data is vulnerable to 

interception as it passes over transmission lines.87

         d.   Prompt  damage  control:  In  accord with Hellar,88 

the  Restatement  (Second)  of Torts,89 and possibly Tackett,90 a 

SYSOP  acts reasonably in promptly assisting the libelled user to 

partially  reverse  the  effects  of  the  masquerader's actions. 

Recall  that  in  those  instances  a  defendant was held to have 

impliedly  adopted  a defamatory statement by acting unreasonably 

slowly  in  removing  it  from his property once having been made 

aware  of  it.91 While it may be unreasonable to expect the SYSOP 

to  monitor  each message posted every day - especially where the 

defamatory  message  appears to have been left by the true user - 

it  is  not  too  much  to  require  the  SYSOP to quickly remedy 

security  flaws  in  his BBS as they are pointed out to him.92 To 

this  end, the SYSOP has several options. In situations where the 

defaming   user   libels  another  without  masquerading  as  the 

libelled  party,  the  SYSOP  could  simply  delete the defamer's 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             21

account.  In  situations  where  a  user  masquerading as another 

posts  a  libellous message, the SYSOP could publish a retraction 

to  all  his subscribers, urging them to use a different password 

on  each  BBS  they  call. Further, where a masquerader published 

the  libel,  the  SYSOP  should offer his full cooperation to the 

maligned  user  in  tracking down the time and date the libellous 

message  was  posted93  in  order  to  better  limit  the SYSOP's 

liability.

         Certain  BBS  SYSOPs  claim that holding them liable for 

information   appearing  on  their  BBSes  violates  their  First 

Amendment  rights by restricting their right to free speech94 and 

by  holding  them  responsible  for  the libel perpetrated by the 

masquerader.  It has been suggested that the SYSOP should be held 

to  the  same standard of liability as a neighborhood supermarket 

which   furnishes   a   public  bulletin  board:95  just  as  the 

supermarket  would not be liable for posting an advertisement for 

illicit  services,  so  should the BBS SYSOP escape liability for 

libellous  messages left on his board, especially when its poster 

appears to be a validated user.96

         However,  this  comparison  lacks  merit for the reasons 

given  by  the  Seventh  Circuit  in  Tackett  v.  General Motors 

Corporation.97  The  defendant's liability in that case rested on 

its  publication of libel by implicitly adopting the statement.98 

Defendant's  failure  to  remove a defamatory sign painted on one 

of  the  interior  walls of its factory for seven or eight months 

after  discovering  its  presence  was  such that "[a] reasonable 

person  could conclude that Delco 'intentionally and unreasonably 



Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             22

fail[ed]   to   remove'  this  sign  and  thereby  published  its 

contents."99

         There  would  certainly  be  accomplice liability if the 

supermarket  unreasonably  delayed  removing an advertisement for 

illegal  services  from its bulletin board once it was made aware 

of  it.  The  market  could  be  seen  as having adopted the ad's 

statements  by  not  acting  responsibly  to  its viewing public. 

Similarly,  a  SYSOP  would  be  liable  for  defamatory messages 

posted  on  his  BBS - even by what appears to be the true user - 

if  he  fails  to  act  reasonably by using his computer skill to 

eviscerate  the  libel.100  While  the  computerized  BBS  may be 

nothing  more  than a hobby of the SYSOP, the speed with which it 

can  disseminate potentially damaging information among its users 

demands the standards of responsibility described above.

    C.   Defamation Liability of the Masquerader

         1.   Degree of fault required

         It  should  be noted that the liability and proof issues 

concerning  the  SYSOP  and  masquerader  are  inverse. As to the 

SYSOP  who allows libellous messages to be posted on his BBS, his 

liability  may  be  inferred  simply  by  those  messages  having 

appeared  there;101  however, his degree of fault - actual malice 

or  simple  negligence  -  is  subject  to debate.102 Conversely, 

while  the  masquerader's  degree of fault is clearly evident,103 

tracing  that  fault back to him is a more elusive matter.104 The 

requisite  degree of fault for masqueraders is set out in federal 

and state law.105

         2.   Damages



Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             23

         Assuming  arguendo  that  the  masquerader's  defamatory 

publications  have  been  successfully  traced back to him by the 

plaintiff,  actual  and  punitive  damages  may then be recovered 

from  him  based on his knowledge of the publication's falsity or 

reckless  disregard  for its truth.106 Federal and state law have 

also specified certain remedies.107



III PROBLEMS OF PROOF

    A.   Proof of SYSOP's Actions

         We  have seen that while the appropriate degree of fault 

for  a  SYSOP  to  be liable for defamatory messages appearing on 

his  BBS  is subject to dispute,108 a showing that the defamation 

appeared  there  due  to  the  SYSOP's  negligence  is  much more 

capable  of  resolution.109  The jury should be made aware of the 

actual  validation/security procedures practiced by the SYSOP and 

should  weigh  them  in  light  of  the  prevailing  practice.110 

Several  facets  of  an emerging standard of care for SYSOPs have 

already  been  suggested  in  this  Comment,111  and  the SYSOP's 

adherence to them could be shown through users' testimony.

    B.   Proof of Masquerader's Actions

         In  contrast  with  the  degree  of  fault  required  to 

establish  the  SYSOP's publication of the libellous message, the 

degree  of  fault  for  the  masquerader  is much less subject to 

debate.   The   masquerader's   actions  are  not  likely  to  be 

considered  merely  inadvertent or negligent.112 However, because 

the  masquerader  has  intentionally  discovered  and usurped the 

user's  name  and  password,  he  appears  to be that user on all 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             24

computer    records.   Tracing   the   masquerader's   defamatory 

publication   back   to   him   thus  encounters  some  important 

evidentiary  barriers:  the  maligned  user  is forced to rely on 

computerized  records  produced  by  the BBS and phone company in 

trying  to  link  the masquerader's libellous publication back to 

him.113  We  turn  now  to consider the evidentiary hurdles to be 

overcome  in  tracing  the  libellous  communication  to its true 

source.

         1.   The Hearsay Rule & Business Records Exception

         The   first   evidentiary  obstacle  to  connecting  the 

masquerader  with  his libellous publication is the hearsay rule. 

As  defined  by  the  Federal  Rules  of  Evidence, hearsay is "a 

statement,  other than one made by the declarant while testifying 

at  the  trial or hearing, offered in evidence to prove the truth 

of  the  matter  asserted";114  as  such,  it  is inadmissible as 

evidence  at  trial.115 Computer-generated evidence is subject to 

the  hearsay  rule,  not  because  it  is  the  "statement  of  a 

computer",  but  because it is the statement of a human being who 

entered  the  data.116 To the extent the plaintiff user relies on 

computer-generated  records  to  show that a call was placed from 

the  masquerader  to  the  BBS  at the time and date in question, 

then, her evidence may be excluded.

         However,  numerous  exceptions  to the hearsay rule have 

developed   over   the  years  such  that  evidence  which  might 

otherwise  be  excluded  is deemed admissible. The most pertinent 

hearsay  exception  as  applied  to  computerized evidence is the 

"business  records  exception",  which  admits  into evidence any 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             25

records  or  data  compilations,  so  long  as (1) they were made 

reasonably  contemporaneously  with  the  events they record; (2) 

they  were  prepared/kept  in the course of a regularly conducted 

business  activity;  and  (3)  the business entity creating these 

records  relied  on  them  in  conducting  its operations.117 The 

veracity  of  the  compvter  seco0ds  and  of the actual business 

practices  are shown by the record custodian's or other qualified 

witness'  testimony,  unless  the  circumstances indicate lack of 

trustworthiness.118  The  term  "business"  as  used in this rule 

includes  callings  of  every  kind, whether or not conducted for 

profit.119

         Statutes  and  judicial decisions in several states have 

gradually  recognized that the business records exception extends 

to  include computer-generated records.120 This is largely due to 

(1)  modern business' widespread reliance on computerized record-

keeping,  (2)  the impracticability of calling as witnesses every 

person   having   direct   personal  knowledge  of  the  records' 

creation,  and (3) the presumption that if a business was willing 

to  rely  on  such records, there is little reason to doubt their 

accuracy.121

         Using  this  exception  to  the  hearsay rule, plaintiff 

user  would most likely seek to admit the BBS' computer-generated 

username/password  log-in  records  plus the phone company's call 

records  to  establish  the  connection between the masquerader's 

telephone  and  the  BBS  at  the  precise  instant the libellous 

message  was  posted.122 As an initial matter, however, plaintiff 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             26

must  first  lay  a  foundation  for  both  the  BBS'  and  phone 

company's computer-generated business records.

         A  sufficient  foundation for computer-generated records 

was  found  recently to exist in People v. Lugashi.123 There, the 

California  Court  of Appeal affirmed a conviction of grand theft 

based  on  evidence adduced from computer-generated bank records. 

Defendant,  an  oriental  rug  store owner, had been convicted of 

fraudulently   registering   thirty-seven  sales  on  counterfeit 

credit  cards.  The  issuing  banks became suspicious of criminal 

activity  when  charge  card  sales  data  from defendant's store 

showed  44  fraudulent  uses of charge cards at defendant's store 

within  only  five  weeks.124  As  each  fraudulent  credit  card 

transaction   was   completed,   defendant  registered  the  sale 

simultaneously  with  the  banks'  computers.125  Each  night, as 

standard  bank  practice,  the  banks  then  reduced the computer 

records  of  credit  card transactions to microfiche. Information 

gleaned   from  these  microfiche  records  was  entered  against 

defendant at trial.126

         The  California  Court  of  Appeal  recognized the trial 

court   judge's   wide   discretion   in  determining  whether  a 

sufficient  foundation  to  qualify evidence as a business record 

has  been  laid.127 It held that defendant's allocations of error 

were  without merit since defendant himself had acknowledged that 

the  bank's  computer  entries  memorialized  in  the  microfiche 

record  were  entered  simultaneously  as  they  occurred  in the 

regular  course  of  business.128  Further,  the Court of Appeals 

dismissed  defendant's  claim  that  only a computer expert could 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             27

supply  testimony  concerning  the  reliability  of  the computer 

record:



    Appellant's  proposed test incorrectly presumes computer 
    data  to  be  unreliable, and, unlike any other business 
    record,   requires   its   proponent   to  disprove  the 
    possibility  of error, not to convince the trier of fact 
    to  accept  it,  but  merely to meet the minimal showing 
    required for admission....
    The  time  required  to produce this additional [expert] 
    testimony  would unduly burden our already crowded trial 
    courts to no real benefit.129
    
    
         The  Lugashi  court  then  followed  the  bulk  of other 

jurisdictions  adopting  similar analyses and upholding admission 

of  computer  records  with similar or less foundational showings 

over similar objections.130

         As  to  admission  into evidence of telephone companies' 

computer-generated   call  records  under  the  business  records 

exception,  courts  have  evinced  a  similar attitude to that in 

Lugashi.  In  State  v.  Armstead,131  a  prosecution for obscene 

phone  calls,  the trial court was held to have properly admitted 

computer   printouts  showing  that  calls  had  been  made  from 

defendant's  mother's  telephone,  despite defendant's contention 

that  the  witness  who  was called to lay the foundation had not 

been  personally  responsible  for  making the record.132 Because 

the  printout represented a simultaneous self-generated record of 

computer   operation,   the  court  held  it  was  therefore  not 

hearsay.133

         In   an   Ohio   prosecution  for  interstate  telephone 

harassment,  it  was  held  no  error  was committed in admitting 

defendant's  computerized  phone  statement  under  the  Business 

Records  exception  which  showed  that  telephone calls had been 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             28

made  from  defendant's  phone  in  Ohio  to  various  numbers in 

Texas.134  A  sufficient foundation for the admission of business 

records  under  Federal  Rules of Evidence 803(6) was established 

when  a  telephone  company  witness  identified  the  records as 

authentic  and  testified they were made in the regular course of 

business.135

         Applying  the foregoing analyses to BBSes, the plaintiff 

user  would  establish a foundation for the correlated BBS136 and 

telephone  company  phone logs by showing that (1) they were made 

contemporaneously  with  the posting of the libellous message;137 

(2)  they  were  prepared/kept  in  the  course  of  a  regularly 

conducted  business  activity,  since  both the BBS and telephone 

company  consistently  maintain  accounts  of all persons who use 

their  services;  and (3) the BBS and telephone company relied on 

those  records for billing purposes.138 Once such a foundation is 

laid,  the  trial court has wide discretion in admitting business 

records into evidence.139

         2.   Authentication & the Voluminous Records Exception

         The  second  evidentiary  barrier encountered in tracing 

the  masquerader's  libellous messages back to him is proving his 

authorship  of  the  libel,  or "authenticating" the computerized 

records.140  The computer-generated phone and BBS records showing 

that  a call from a certain phone number at a particular date and 

time  resulted  in  a  libellous  message  being  published  must 

somehow be linked to the masquerader.

         The  Federal  Rules  of  Evidence  provide  in pertinent 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             29

part:



    (a)  General     provision.     The    requirement    of 
         authentication  or  identification  as  a condition 
         precedent   to   admissibility   is   satisfied  by 
         evidence  sufficient  to support a finding that the 
         matter in question is what its proponent claims.
    (b)  Illustrations.  By  way  of  illustration only, and 
         not   by  way  of  limitation,  the  following  are 
         examples   of   authentication   or  identification 
         conforming with the requirements of this rule:...
         (6)  Telephone       conversations.       Telephone 
              conversations,  by  evidence  that  a call was 
              made  to  the  number  assigned at the time by 
              the  telephone  company to a particular person 
              or business, if 
              (A)  in  the  case of a person, circumstances, 
                   including  self-identification,  show the 
                   person  answering  to  be the one called, 
                   or
              (B)  in  the  case of a business, the call was 
                   made  to  a  place  of  business  and the 
                   conversation    related    to    business 
                   reasonably     transacted     over    the 
                   telephone....141
    
    
         The   question   of   whether   a  writing  is  properly 

authenticated  is  primarily  one  of  law  for the court; if the 

court  decides  the  question affirmatively, it is ultimately for 

the  jury.142  The  court  will  make  no  assumptions  as to the 

authenticity    of    documents   in   deciding   their   initial 

admissibility.143  The  difficulty  presented  here  is  that the 

Federal  Rules  of  Evidence  seem  to  require authentication of 

telephone  calls  by  reference to their specific content.144 The 

specific  content  of  a  given phone call is not demonstrated by 

phone logs showing merely the date and time the call occurred.

         The   authentication   of  extrinsic  documents  may  be 

subject  to  a  "best  evidence  rule"  objection.  As  stated in 

Federal Rule of Evidence 1002:



    REQUIREMENT  OF  ORIGINAL:  To  prove  the contents of a 
Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             30

    writing,  recording, or photograph, the original of that 
    writing,  recording,  or  photograph is required, unless 
    provided  otherwise  in  these  rules  or  by  an act of 
    Congress.145
    
    
         Since  its  introduction  in  the  18th century, various 

rationales  have  been  posited  for  this rule.146 While earlier 

writers  asserted  that  the  rule  is intended to prevent fraud, 

most  modern  commentators  agree that the rule's main purpose is 

to  convey  to  the  court  the  exact  operative  effect  of the 

writing's contents.147

         However,   at  least  one  jurisdiction  has  implicitly 

equated  compliance  with the business records exception with the 

Best  Evidence  Rule.  In Louisiana v. Hodgeson,148 the defendant 

in  a  manslaughter  trial  contended  that  a  printout  of  her 

telephone  bill, offered to show communications between her and a 

third  party,  was  not authenticated.149 The court, while making 

no  specific  reference  to  the  authentication  point, rejected 

defendant's  contention,  noting  that  the  information from the 

computer's  storage was the company's business record and that it 

was accessible only by printout.150

         Similarly,  in  an  Indiana bank robbery prosecution,151 

the  state  offered  microfiche copies of the telephone company's 

computerized   records   showing  certain  telephone  calls  from 

defendant.  On appeal, defendant argued that these documents were 

not  authenticated  because  they were not the "original or first 

permanent  entry,"  and  that they therefore should not have been 

admitted  into  evidence.  The  court  disagreed,  saying  that a 

duplicate  was  admissible  to  the  same  extent  as an original 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             31

unless  a  "genuine  issue" were raised as to the authenticity of 

the original.152

         By  these  precedents,  then,  provided  plaintiff  user 

establishes  that  both  the  telephone and BBS user records were 

prepared  in  accordance  with the business records exception,153 

the  fact  that  a  call from the masquerader's phone is shown to 

have  occurred  at  the  same  instant  the libellous message was 

posted  may  be sufficient to authenticate that the call was made 

by  the  masquerader.  Other  circumstantial  evidence adduced by 

plaintiff user would strengthen this inference.154

         Another  authentication  hurdle  in  plaintiff's case is 

the  requirement  that  the  entire  original record sought to be 

authenticated  be  produced.155 This requirement can prove highly 

impractical  in  situations  where  there  are  vast  numbers  of 

individual  records  extending  over  long  periods  of  time.156 

Requiring  plaintiff  to produce the entire body of these records 

would  be  unduly  expensive and time-consuming. What is more, if 

plaintiff   were   to  attempt  to  summarize  vast  computerized 

business  data  compilations  so  as to introduce those summaries 

into  evidence  without  producing  the complete body of computer 

records,  such  summaries  might not be admissible on the grounds 

that they were not made "in the regular course of business."157

         However,   an   exception   to   strict   authentication 

requirements   of   the   Federal  Rules  of  Evidence  has  been 

developed. Rule 1006 provides:



    The  contents  of  voluminous  writings,  recordings, or 
    photographs  which  cannot  conveniently  be examined in 
    court  may be presented in the form of a chart, summary, 
    
Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             32

    or  calculation.  The originals, or duplicates, shall be 
    made  available  for examination or copying, or both, by 
    other  parties  at  reasonable time and place. The court 
    may order that they be produced in court.158
    
    
         In   Cotton   v.  John  W.  Eshelman  &  Sons,  Inc.,159 

summaries  of  certain  computerized  records  were held properly 

admitted  into  evidence on the theory that "[w]hen pertinent and 

essential  facts  can  be ascertained only by an examination of a 

large  number  of  entries  in  books  of  account, an auditor or 

expert  examiner  who has made an examination and analysis of the 

books  and  figures  may testify as a witness and give summarized 

statements   of   what   the  books  show  as  a  result  of  his 

investigation,  provided  the  books themselves are accessible to 

the   court   and  to  the  parties."160  Under  this  precedent, 

plaintiff  user would only need to produce the pertinent parts of 

the computerized records, as determined by an impartial auditor.



IV. CONCLUSION

         It  is  difficult  to  overestimate  the ease with which 

computers  now  enable  us  to  compile and exchange information. 

Computerized  "bulletin boards" run on personal microcomputers by 

private  persons  and  businesses  are  examples of this enhanced 

form  of  communication.  Users  can  trade computer programs and 

exchange  a  wealth  of ideas, opinions, and personal information 

through such forums.

         The  advantages  of  this  process  break down, however, 

when   malicious   users   abuse   the   system  and  BBS  SYSOPS 

intentionally  or  negligently allow this to occur. The nature of 

computerized  data  is  such  that  tortious  misinformation  may 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             33

easily  be  spread to thousands of users before it is discovered. 

Because  the  potential  for harm to reputation is so tremendous, 

appropriate  standards  of liability and methods of proof must be 

addressed.

         The  requisite  degree  of  fault  in  libelling private 

persons  is  less than that for libelling public officials/public 

figures,  and  may  be established as against a SYSOP by a simple 

showing  of  his  negligent failure to observe reasonably minimal 

computer   security  measures.  The  basis  of  liability  for  a 

masquerader  who  intentionally misappropriates another's private 

information is even less subject to debate.

         Two  main evidentiary hurdles face the plaintiff seeking 

to  link  the  masquerader  with  his  libellous  message through 

reliance  on  computer-generated records. First, the hearsay rule 

automatically  excludes  all  evidence produced out-of-court that 

is  being  offered  to  prove  the  truth  of the matter at hand. 

Second,   the   authentication   requirement   demands  that  the 

masquerader's   connection   to  the  entire  body  of  proffered 

computer records be established.

         However,  certain exception to both of these limitations 

ease   the   plaintiff's  burden.  First,  the  business  records 

exception  to  the  hearsay  rule  admits  computer  records into 

evidence  if they (1) were made reasonably contemporaneously with 

the  events  they record; (2) were prepared/kept in the course of 

a  regularly  conducted  business  activity; and (3) the business 

entity  creating  these  records relied on them in conducting its 

operations.  Both  BBS  and  telephone  company  records may come 

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             34

under  this  exception. Second, the voluminous writings exception 

allows  the  contents  of  voluminous  computerized records which 

cannot  conveniently  be examined in court to be presented in the 

form  of a summary. So long as the original records or duplicates 

thereof  are  available  for  examination  by  other  parties  at 

reasonable  times  and  places,  the entire data compilation need 

not   be   produced.   Plaintiff  should  employ  both  of  these 

exceptions  in an effort to convince a jury by a preponderance of 

the  evidence that the masquerader has abused his computer skills 

and has damaged plaintiff's reputation.


           ==============================================

From telecom@eecs.nwu.edu Sat Apr 21 01:07:10 1990
Received: from delta.eecs.nwu.edu by gaak.LCS.MIT.EDU via TCP with SMTP
	id AA15278; Sat, 21 Apr 90 01:06:53 EDT
Resent-Message-Id: <9004210506.AA15278@gaak.LCS.MIT.EDU>
Received: from Sun.COM by delta.eecs.nwu.edu id aa15095; 20 Apr 90 14:45 CDT
Received: from EBay.Sun.COM (male.EBay.Sun.COM) by Sun.COM (4.1/SMI-4.1)
	id AA20305; Fri, 20 Apr 90 12:46:45 PDT
Received: from khayyam.EBay.Sun.COM by EBay.Sun.COM (4.1/SMI-4.1)
	id AA06083; Fri, 20 Apr 90 12:46:36 PDT
Received: by khayyam.EBay.Sun.COM (4.0/SMI-4.0)
	id AA08069; Fri, 20 Apr 90 12:42:02 PDT
Date: Fri, 20 Apr 90 12:42:02 PDT
From: Lang Zerner <langz@ebay.sun.com>
Message-Id: <9004201942.AA08069@khayyam.EBay.Sun.COM>
To: telecom@eecs.nwu.edu
Subject: Sysops and libel liability -- endnotes
Resent-Date:  Sat, 21 Apr 90 0:05:23 CDT
Resent-From: telecom@eecs.nwu.edu
Resent-To: ptownson@gaak.LCS.MIT.EDU
Status: RO

Here are the endnotes to the paper I submitted in a separate message.

Be seeing you...
==Lang

=======
Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             35



                             ENDNOTES


1.       418 U.S. 323, 94 S.Ct. 2997, 41 L.Ed.2d 789 (1974).
         
2.       These  interests can cover anything from science fiction 
         to  gourmet  cooking. Uyehara, Computer Bulletin Boards: 
         Let the Operator Beware, 14 Student Lawyer 28 (1986).
         
3.       Id., at 30.
         
4.       The  data  service  Compuserve  is one such national BBS 
         run  for  profit  by business organizations. Uyehara, at 
         28.  Other  examples  of  large databases of interest to 
         the  legal profession are computerized research services 
         such as LEXIS and WESTLAW.
         
5.       Uyehara,  at  28;  Manning, Bulletin Boards: Everybody's 
         Online  Services,  Online, Nov. 1984, at 8,9. "Modem" is 
         defined infra, note 17 and accompanying text.
         
6.       "...computer   bulletin   boards   offer   their   users 
         important  benefits.  An  individual  can use a bulletin 
         board  to  express  his  opinion  on  a matter of public 
         interest.  He  may  find  a  review  of  a product he is 
         considering  buying.  He  may  find  a  useful  piece of 
         software.  An  individual  might  also  use the bulletin 
         board  to  ask  a  technical  question  about a specific 
         computer   program."   Note,   Computer  Bulletin  Board 
         Operator  Liability  For  User Misuse, 54 Fordham L.Rev. 
         439,  440  (1985)  (Authored  by  Jonathan Gilbert); see 
         also  Lasden,  Of  Bytes And Bulletin Boards, N.Y.Times, 
         August  4, 1985, sec. 6, at 34, col. 1, where the author 
         notes  computer  users  may now use BBSes to voice their 
         opinions directly to State Senators' offices.
         
7.       "Virus"  Hits  Nation's  Research  Computers,  San  Jose 
         Mercury News, Nov. 4, 1988, at 1, col. 1.
         
8.       "It   is  estimated  that  the  theft  of  long-distance 
         services  and  software  piracy  each  approximate  $100 
         million  a  year;  credit card fraud via computers costs 
         about   $200   million   annually."   Pittman,  Computer 
         Security  In Insurance Companies, 85 Best's Rev. - Life-
         Health Ins. Edition, Apr. 1985 at 92.
         
9.       Schiffres,  The  Shadowy  World  of  Computer "Hackers," 
         U.S. News & World Report, June 3, 1985, at 58.

10.      Pollack,  Free  Speech Issues Surround Computer Bulletin 
         Board  Use,  N.Y.  Times,  Nov. 12, 1984, note 1, at D4, 
         col. 6.
         

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             36

11.      Note, 54 Fordham L.Rev. 440-441 (1985).
         
12.      Poore and Brockman, 8 Nat'l L.J. 14, (1985).
         
13.      See infra, Topic III, Problems of Proof.
         
14.      The  uncertainty  revolves  around  how to define BBSes. 
         When  viewed as analogous to newspapers and other media, 
         SYSOPS  would  be  responsible for any message posted on 
         their   systems,   much   as   newspaper   editors   are 
         responsible  for  articles  appearing  in  their medium. 
         Uyehara,  14  Student  Lawyer  30 (1986). But when BBSes 
         are  compared to a bulletin board found in a public hall 
         or  supermarket,  the liability issue is focused more on 
         those  actually  posting the messages rather than on the 
         board's  owner.  Id.,  at 30. This Comment suggests that 
         BBS  SYSOPs  be  held  to  a reasonable standard of care 
         emerging  specifically  for  their endeavors. See infra, 
         Topic II.

15.      Poore  and  Brockman,  8  Nat'l L.J. 14, (1985). Another 
         writer  has  noted  that Compuserve now has over 200,000 
         users  making  use  of  nearly  100  diverse  databases. 
         Lasden,  Of  Bytes  And  Bulletin  Boards,  N.Y.  Times, 
         August 4, 1985, sec. 6, at 34, col. 1.

16.      Poore and Brockman, 8 Nat'l L.J. 14 (1985).

17.      14  Am  Jur.  POF 2d Computer-Generated Evidence Sec. 11 
         (1977).

18.      Note, 54 Fordham L.Rev. 439, 446 (1985).

19.      Id.

20.      See "Account," infra, note 25 and accompanying text.

21.      Garfinkel,  An  Introduction  to  Computer  Security, 33 
         Prac. Law.41-42 (1987).

22.      Id.

23.      See infra, notes 25 and 27 and accompanying text.

24.      Some   more   sophisticated  operating  systems  provide 
         greater  access  control  by  (1) recording unauthorized 
         attempts  at  entry;  (2)  recording  those attempts and 
         sending  a  warning  to the perpetrator; and (3) keeping 
         the   perpetrartor  off  the  system  permanently  until 
         he/she   is   reinstated   by  the  computer's  security 
         administrator  or  SYSOP. Balding, Computer Breaking and 
         Entering:  The  Anatomy of Liability, 5 Computer Lawyer, 
         Jan. 1988, at 6.


Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             37

25.      Garfinkel,  An  Introduction  to  Computer  Security, 33 
         Prac. Law. 42 (1987).

26.      Id.

27.      Id.  "A  password is a secret word or phrase that should 
         be  known  only  to  the user and the computer. When the 
         user  first  attempts to use the computer, he must first 
         enter  the  password.  The  computer  then  compares the 
         typed  password  to  the  stored  password  and, if they 
         match, allows the user access."

28.      Id., at 42 and 46.

29.      14  Am.  Jur. POF 2d Computer-Generated Evidence Sec. 11 
         (1977).

30.      54 Fordham L.Rev. 439, note 2 (1985).

31.      Restatement (Second) of Torts Sec. 568(1) (1976).

32.      Restatement (Second) of Torts Sec. 577(1) (1976).
         
33.      Restatement (Second) of Torts Sec.559 (1976).

34.      Veeder,   The   History   and   Theory  of  the  Law  of 
         Defamation, 3 Colum. L.Rev. 546, 569-571 (1903).

35.      Restatement (Second) of Torts Sec. 622 (1976).

36.      Restatement, Torts Sec. 568, comment d (1938).

37.      Shor  v.  Billingley,  4  Misc.2d  857, 158 N.Y.S.2d 476 
         (Sup.  Ct.  1956),  aff'd  mem., 4 App.Div. 2d 1017, 169 
         N.Y.S.2d 416 (1st Dep't. 1957).

38.      Torts:     Defamation:     Libel-Slander    Distinction: 
         Extemporaneous  Remarks  Made  on  Television Broadcast: 
         Shor  v.  Billingley,  4  Misc. 2d 857, 158 N.Y.S.2d 476 
         (Sup.Ct.  N.Y.  County  1957),  43 Cornell L.Q. 320, 322 
         (1957) (Authored by Stephen A. Hochman).

39.      Id.
         
40.      376  U.S.  254,  84  S.Ct.  710,  11 L.Ed.2d 686 (1964), 
         motion  denied  376  U.S. 967, 84 S.Ct. 1130, 12 L.Ed.2d 
         83.
         
41.      376 U.S. 254, 273.

42.      376 U.S. 254, 280.

43.      418 U.S. 323, 94 S.Ct. 2997, 41 L.Ed.2d 789 (1974).
         

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             38

44.      Gertz v. Robert Welch, Inc., 418 U.S. 323, 326.

45.      Id.

46.      Id., at 327.

47.      "...those  who  hold governmental office may recover for 
         injury  to reputation only on clear and convincing proof 
         that  the  defamatory  falsehood was made with knowledge 
         of  its  falsity  or  with  reckless  disregard  for the 
         truth."  Gertz v. Robert Welch, Inc., 418 U.S. 323, 342. 
         "An  individual  who decides to seek governmental office 
         must  accept  certain  necessary  consequences  of  that 
         involvement  in  pubic  affairs.  He  runs  the  risk of 
         closer  public  scrutiny  than  might  otherwise  be the 
         case." Id., at 344.

48.      "...[A]n  individual  may attain such pervasive fame and 
         notoriety  that  he  becomes  a  public  figure  for all 
         purposes   and   in  all  contexts.  More  commonly,  an 
         individual  voluntarily injects himself or is drawn into 
         a  particular  public  controversy and thereby becomes a 
         public  figure  for a limited range of issues. In either 
         case  such  persons  assume  special  prominence  in the 
         resolution of public questions." 418 U.S. 323, 351.
         
49.      "Even  if  the  foregoing  generalities do not obtain in 
         every   circumstance,   the   communications  media  are 
         entitled  to act on the assumption that public officials 
         and  public  figures have voluntarily exposed themselves 
         to   the   increased  risk  of  injury  from  defamatory 
         falsehood   concerning   them.  No  such  assumption  is 
         justified  with  respect to a private individual. He has 
         not  accepted  public  office or assumed an 'influential 
         role  in  ordering  society.'  Curtis  Publishing Co. v. 
         Butts,  388  U.S., at 164 ...He has relinquished no part 
         of  his interest in the protection of his own good name, 
         and  consequently  he  has a more compelling call on the 
         courts   for   redress   of   injury  inflicted  by  the 
         defamatory  falsehood. Thus, private individuals are not 
         only  more  vulnerable  to  injury than public officials 
         and  public  figures;  they  are  also more deserving of 
         recovery." Id., at 345.

50.      "...[P]etitioner   was  not  a  public  figure.  He  ... 
         plainly  did  not thrust himself into the vortex of this 
         public  issue,  nor did he engage the public's attention 
         in an attempt to influence its outcome." Id., at 352.

51.      Justice Powell noted for the Court that
         
           "[T]he  communications  media are entitled to act on 
           the  assumption  that  public  officials  and public 
           figures   have  voluntarily  exposed  themselves  to 
           increased  risk  of injury from defamatory falsehood 
Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             39

           concerning  them.  No  such  assumption is justified 
           with  respect  to  a  private individual. He has not 
           accepted  public  office  or assumed an 'influential 
           role  in  ordering  society....' He has relinquished 
           no  part  of  his  interest in the protection of his 
           own  good  name,  and  consequently  he  has  a more 
           compelling  call on the courts for redress of injury 
           inflicted  be  defamatory  falsehood.  Thus, private 
           individuals  are  not only more vulnerable to injury 
           than  public  officials and public figures; they are 
           also more deserving of recovery." Id., at 345.
           

52.      Id., at 347.

53.      Keeton,  Dobbs,  Keeton  and Owen, Prosser and Keeton on 
         Torts,  sec.  32,  p.174.  See also Vaughn v. Menlove, 3 
         Bing. (N.C.) 467, 132 Eng.Rep. 490 (1837).

54.      111  Cal.  App.  2d  424,  244  P.2d  757,  28 ALR2d 451 
         (1952).
         
55.      111 Cal. App. 2d 424, 427.

56.      Id., at 426.

57.      Id, at 427.

58.      Restatement (Second) of Torts Sec. 577(2) (1976).

59.      22 Ohio App.2d 141, 259 N.E.2d 160 (1970).
         
60.      Scott v. Hull, 259 N.E.2d 160, 162 (1970).

61.      Id., at 161.

62.      Id., at 162.

63.      836 F.2d 1042 (7th Cir. 1987).
         
64.      Id., at 1047.

65.      The  Court  of  Appeals  noted  the Restatement view and 
         observed  that  Indiana  law  had  neither  embraced nor 
         rejected that approach. Id., at 1046.

66.      Id.

67.      Id.

68.      Id., at 1046-47.

69.      Id.
         
70.      Recall   that   in   our   hypothetical   a  third  user 
Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             40

         masquerading  as  another  is  transmitting  messages to 
         others, revealing embarassing and false information.
         
71.      BBS  systems  security  and  other preventative measures 
         are discussed more fully infra, Topic 3.d.
         
72.      Issues  in  proving  the  SYSOP's role in publishing the 
         libellous  statement  are  discussed more fully in Topic 
         III. A., infra.

73.      Sydney  v.  MacFadden  Newspaper  Publishing  Corp., 242 
         N.Y.  208, 151 N.E. 209, 44 A.L.R. 1419 (1926). See also 
         Restatement  (Second) of Torts Sec. 621 (1976) ("One who 
         is  liable  for a defamatory communication is liable for 
         the  proved, actual harm caused to the reputation of the 
         person defamed.")

74.      Dun  & Bradstreet, Inc. v. Greenmoss Builders, Inc., 472 
         U.S. 749, 86 L.Ed.2d 593, 105 S.Ct. 2939 (1985).

75.      See supra, note 53 and accompanying text.

76.      Note,  Protecting  the  Subjects  of  Credit Reports, 80 
         Yale L.J. 1035, 1051-52, n.88 (1971).

77.      Gertz  did  not  rule  out  an assumption of defendant's 
         negligence.  See  Eaton,  The American Law of Defamation 
         Through  Gertz  V.  Robert  Welch,  Inc., and Beyond: An 
         Analytical Primer, 61 Va. L.Rev. 1349 (1975).

78.      15  U.S.C.A. Sec. 1681 et seq. (1974). Two standards are 
         proposed  there:  the  first,  willful noncompliance, is 
         defined  as  equivalent  to  the  New York Times "actual 
         malice"  standard,  and  violators are liable for actual 
         and  punitive  damages.  Sec. 1681(n), supra. Presumably 
         this  would  apply  to  the situation where the SYSOP is 
         dilatory  in  removing the libellous message. The second 
         proposed  standard,  negligent  noncompliance, occurs in 
         the  absence  of  willfulness  and  results in liability 
         only   for   actual   damages.   Sec.   1681(o),  supra. 
         Situations  where  the  SYSOP failed to adopt reasonable 
         computer   security   measures  might  come  under  this 
         category.

79.      18  U.S.C.S.  Sec.  2707(b),(c) (Law. Co-op 1979 & Supp. 
         1988) provides in pertinent part:

           (b)  Relief.  In  a civil action under this section, 
                appropriate relief includes -
                (1)  Such  preliminary  and  other equitable or 
                     declaratory relief as may be appropriate;
                (2)  damages under subsection (c); and
                (3)  a  reasonable  attorney's  fee  and  other 
                     litigation costs reasonably incurred. 
           (c)  Damages.  The  court may assess as damages in a 
Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             41

                civil  action under this section the sum of the 
                actual  damages  suffered  by the plaintiff and 
                any  profits  made  by the violator as a result 
                of  the  violation,  but  in  no  case  shall a 
                person  entitled  to  recover receive less than 
                the sum of $1,000.
           
         18  U.S.C.S. Sec. 2707(e) (Law. Co-op 1979 & Supp. 1988) 
         limits  the civil action under this section to two years 
         after  the date upon which the claimant first discovered 
         or   had   a  reasonable  opportunity  to  discover  the 
         violation.
         As  to  damage  provisions  supplied  by  state law, see 
         California Penal Code 502(e)(1),(2) (West Pub. 1988):

           (e)(1)  In  addition  to any civil remedy available, 
           the  owner  or  lessee  of  the  computer,  computer 
           system,  computer network, computer program, or data 
           may   bring   a  civil  action  against  any  person 
           convicted   under   this  section  for  compensatory 
           damages,  including  any  expenditure reasonably and 
           necessarily  incurred  by  the  owner  or  lessee to 
           verify  that  a  computer  system, computer network, 
           computer  program, or data was not altered, damaged, 
           or  deleted  by  the access. For purposes of actions 
           authorized  by  this  subdivision, the conduct of an 
           unemancipated  minor  shall be imputed to the parent 
           or  legal  guardian having control or custody of the 
           minor,  pursuant to the provisions of Section 1714.1 
           of the Civil Code.
           (2)   In   any   action  brought  pursuant  to  this 
           subdivision   the   court   may   award   reasonable 
           attorney's fees to a prevailing party.
           

80.      A  lawsuit  recently filed in the United States District 
         Court  for  the  Southern  District of Indiana may break 
         new  ground  in  enunciating  precisely what BBS SYSOPs' 
         reasonable  duties  of  care  are. Thompson v. Predaina, 
         Civil  Action  #IP-88  93C  (S.D.  Ind. filed 1988). The 
         complaint  alleges,  inter  alia,  invasion of plaintiff 
         user's  privacy, libel, and wrongful denial of access to 
         the  BBS  in  violation  of  U.S.C.  Title  18,  ss 2701 
         (a)(2).  As  to  statutory damages available, see infra, 
         note 105.

81.      Gemignani,  Computer Law 33:7 (Lawyers Co-op 1985, Supp. 
         1988)  (quoting  Capitol  PC Users Group Minimum Code of 
         Standards   for   electronic   Bulletin  Board  Systems, 
         reprinted in 4 Computer Law Reptr. 89).

82.      Note,  54  Fordham  L.Rev.  439, 449 (1985) (Authored by 
         Jonathan Gilbert).

83.      Id., at 449.

84.      Id., at 449-50.

Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             42


85.      A  "trojan  horse"  program takes control of the BBS and 
         allows   its   sender  to  access  and  steal  its  most 
         sensitive  information.  Fites,  Johnston and Kratz, The 
         Computer  Virus Crisis, Van Nortrand/Reinhold (1989), at 
         39 and 45.

86.      Balding,  Computer Breaking and Entering: The Anatomy of 
         Liability, 5 Computer Law. (January 1988), at 6.

87.      Id.

88.      Hellar  v.  Bianco, 244 P.2d 757. See supra, note 54 and 
         accompanying text.

89.      Restatement  (Second)  of  Torts Sec. 577(2) (1976). See 
         supra, note 58 and accompanying text.

90.      Tackett  v.  General  Motors  Corporation, 836 F.2d 1042 
         (7th  Cir.  1987).  See  supra, note 63 and accompanying 
         text.

91.      See note 53, supra, and accompanying text.
         
92.      It  has  been  suggested  that  this  would be the rough 
         equivalent  of a newspaper publishing a retraction after 
         discovering  what  it  had printed was defamatory. Note, 
         54  Fordham  L.Rev.  439,  note 55 (1985). BBS operators 
         should  not  be held liable in this situation insofar as 
         they  did not know of the nature of the statement at the 
         time  it  was  made.  Restatement (Second) of Torts Sec. 
         581 (1977).

93.      Proving  the  masquerader's  actions  is  discussed more 
         fully infra, Topic III. B.

94.      Stipp,  Computer  Bulletin  Board  Operators  Fret  Over 
         Liability  for Stolen Data, Wall St. J. Nov. 9, 1984, at 
         33, col. 1.

95.      Id.

96.      See   Topic   I.,   supra,  where  the  masquerader  has 
         discovered  and  uses  the  password  and  name  of  the 
         regular  user;  he  appears for all intents and purposes 
         to be that regular user.

97.      836 F.2d 1042 (7th Cir. 1987).

98.      Id., at 1047.

99.      Id.

100.     Indeed,  U.S.C.  Title  18, Sec. 2702 (Law. Co-op 1979 & 
Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             43

         Supp.  1988)  proscribes the knowing dissemination of an 
         electronically stored communication by the SYSOP:

           Sec. 2702. Disclosure of contents
           (a)  Prohibitions.  Except as provided in subsection 
                (b)-
                (1)  a    person   or   entity   providing   an 
                     electronic  communication  service  to the 
                     public  shall not knowingly divulge to any 
                     person   or   entity  the  contents  of  a 
                     communication  while in electronic storage 
                     on that service; and
                (2)  a   person   or  entity  providing  remote 
                     computing  service to the public shall not 
                     knowingly  divulge to any person or entity 
                     the  contents  of  any communication which 
                     is carried or maintained on that service-
                     (A)  on  behalf  of, and received by means 
                          of  electronic  transmission from (or 
                          created    by   means   of   computer 
                          processing      of     communications 
                          received   by   means  of  electronic 
                          transmissions  from), a subscriber or 
                          customer of such service; and
                     (B)  solely  for  the purpose of providing 
                          storage    or   computer   processing 
                          services   to   such   subscriber  or 
                          customer,  if  the  provider  is  not 
                          authorized  to access the contents of 
                          any  such communications for purposes 
                          of  providing any services other than 
                          storage or computer processing.
           
         A  similar  provision is embodied in Cal. Pen. Code sec. 
         502(c)(6) (West Pub. 1988), which provides:
         
                (c)  Except  as  provided  in  subdivision (i), 
                     any   person   who   commits  any  of  the 
                     following  acts  is  guilty  of  a  public 
                     offense:
                     (6)  Knowingly   and   without  permission 
                          provides  or  assists  in providing a 
                          means   of   accessing   a  computer, 
                          computer  system, or computer network 
                          in violation of this section.
           
           
101.     The  doctrine of res ipsa loquitor, or "the thing speaks 
         for  itself"  warrants  the  inference  of  the  SYSOP's 
         negligence,  which  the  jury  may  draw  or  not as its 
         judgement   dictates.   See  Sullivan  v.  Crabtree,  36 
         Tenn.App. 469, 258 S.W.2d 782 (1953).

102.     See discussion under Topic II. B., supra.

103.     As   someone  who  intentionally  accesses  confidential 
         password  information  to  masquerade  as other users on 
         other  BBSes, the masquerader falls well within the pale 
         
Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             44

         of  "actual  malice"  defined  in Gertz v. Robert Welch, 
         Inc.,   418   U.S.   323,   342,   supra,  note  43  and 
         accompanying  text (a defamatory falsehood was made with 
         knowledge  of its falsity or with reckless disregard for 
         the truth).

104.     Evidentiary   problems   involved   with   proving   the 
         masquerader's  actions  are discussed more in Topic III. 
         B., infra.

105.     18  U.S.C.S. Sec. 2707(a) (Law. Co-op 1979 & Supp. 1988) 
         describes the masquerader's fault thus:

           (a)  Cause  of action. Except as provided in section 
                2703(e),    any    provider    of    electronic 
                communication  service, subscriber, or customer 
                aggrieved  by  any violation of this chapter in 
                which  the  conduct  constituting the violation 
                is  engaged  in  with  a knowing or intentional 
                state  of  mind may, in a civil action, recover 
                from  the  person  or  entity  which engaged in 
                that   violation   such   relief   as   may  be 
                appropriate.
                
         California  Penal  Code  sec.  502(c) et seq. (West Pub. 
         1988) is even more specific:

           (c)  Except  as  provided  in  subdivision  (i), any 
                person  who  commits  any of the following acts 
                is guilty of a public offense:
                (1)  Knowingly  accesses and without permission 
                     alters,  damages,  deletes,  destroys,  or 
                     otherwise   uses   any   data,   computer, 
                     computer  system,  or  computer network in 
                     order to either
                     (A)  devise   or  execute  any  scheme  or 
                          artiface   to  defraud,  deceive,  or 
                          extort, or
                     (B)  wrongfully  control  or obtain money, 
                          property or data.
                                   * * *
                (3)  Knowingly  and  without permission uses or 
                     causes to be used computer services.
                (4)  Knowingly  accesses and without permission 
                     adds,   alters,   damages,   deletes,   or 
                     destroys  any  data, computer software, or 
                     computer  programs  which  reside or exist 
                     internal   or   external  to  a  computer, 
                     computer system, or computer network.
                                     * * *
                (7)  Knowingly  and without permission accesses 
                     or  causes  to  be  accessed any computer, 
                     computer system, or computer network.
           

106.     Gertz v. Robert Welch, Inc., 418 U.S. 323, 342.

107.     In  addition  to  the  remedies  set  forth in note 105, 
Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             45

         supra,  the  following  federal  and state penalties may 
         apply:
         18  U.S.C.S.  Sec.  2701(b),(c) (Law. Co-op 1979 & Supp. 
         1988):

           (b)  Punishment.   The  punishment  for  an  offense 
                under subsection (a) of this seciton is -
                (1)  if  the  offense is committed for purposes 
                     of    commercial    advantage,   malicious 
                     destruction    or   damage,   or   private 
                     commercial gain -
                     (A)  a  fine  not  more  dhan  &250,0
0 or 
                          imprisonment  for  not  more than one 
                          year,  or  both,  in  the  case  of a 
                          first      offense     under     this 
                          subparagraph; and
                     (B)  a    fine   under   this   title   or 
                          imprisonment  for  not  more than two 
                          years,  or  both,  for any subsequent 
                          offense under this subparagraph; and
                (2)  a   fine   of  not  more  than  $5,000  or 
                     imprisonment   for   not   more  than  six 
                     months, or both, in any other case. 
           (c)  Exceptions.  Subsection  (a)  of  this  section 
                does   not   apply   with  respect  to  conduct 
                authorized-
                (1)  by  the  person or entity providing a wire 
                     or electronic communications service;
                (2)  by  a user of that service with respect to 
                     a  communication  of  or intended for that 
                     user; or
                (3)  in  section  2703,  2704,  or 2518 of this 
                     title.
           
         For  an  example of state-mandated damages provisions on 
         this  subject,  see California Penal Code sec. 502(d) et 
         seq. (West Pub. 1988).

108.     See discussion under Topic II. B., supra.

109.     See note 101, supra.

110.     "Custom...bears  upon  what  other will expect the actor 
         to  do, and what, therefore, reasonable care may require 
         the   actor  to  do,  upon  the  feasibility  of  taking 
         precautions,  the  difficulty of change, and the actor's 
         opportunity  to  learn  the risks and what is called for 
         to  meet them. If the actor does only what everyone else 
         has  done, there is at least an inference that the actor 
         is  conforming  to  the  communit`'s  i`ea of reasonable 
         behavior."  Keeton,  Dobbs, Keeton and Owen, Prosser and 
         Keeton  on  Torts,  sec.  33,  p.194.  See  also  James, 
         Particularizing   Standards  of  Conduct  in  Negligence 
         Trials,  5  Vand. L. Rev. 697, 709-714 (1952); Ploetz v. 
         Big  Discount  Panel  Center,  Inc.,  402 So.2d 64 (Fla. 
         App. 1981).
         
Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             46


111.     See notes 80-93, supra, and accompanying text.

112.     See note 103, supra.

113.     See  Pfau  and Keane, Computer Logs Can Pinpoint Illegal 
         Transactions,  Legal  Times  of Washington, vol. 6, p.16 
         (May  14,  1984):  "Computers can monitor their own use. 
         Unlike  other  such  forms  of physical evidence such as 
         guns,  computers  can keep track of individual users and 
         other  identifying  data.  Imagine a gun that logs every 
         instance  it  is  fired  or  even handled, and shows the 
         date,  time,  and  activity.  Recovery  of such a weapon 
         would be essential to the prosecution.
         "Most   computers   have   long   had  built-in  logging 
         capabilities....The   log   function   was  designed  to 
         facilitate  billing  for  the  use of computer resources 
         rather  than  to  assist  crime detection. To the extent 
         that  the  owner  of  a smaller computer does not charge 
         for  its  use,  he or she has no incentive to purchase a 
         self-executing  log.  Still, such logs keep surprisingly 
         accurate records of who is using the computer."

114.     Fed. R. Evid. 801(c).

115.     Fed.  R. Evid. 802: "Hearsay is not admissible except as 
         provided  by  these rules or by other rules precribed by 
         the  Supreme Court pursuant to statutory authority or by 
         Act  of  Congress."  Exclusion  of  hearsay  evidence is 
         grounded  on:  (1)  nonavailability of the declarant for 
         cross-examination   and   observance  of  demeanor;  (2) 
         absence  of  an oath by the person making the statement; 
         amd  (3)  significant  risk  that  the  person  that the 
         witness  may report proffered statements inaccurately. 2 
         Bender, Computer Law, sec. 6.01[2].

116.     Gemignani,  The  Data  Detectives:  Building A Case From 
         Computer Files, 3 Nat'l L.J. 29 (1981).

117.     Fed.  R.  Evid. 803(6). See also 2 Bender, Computer Law, 
         sec. 6.01[4] (1988).

118.     Fed. R. Evid. 803(6).

119.     Id.  In  current  practice  records  kept  by  nonprofit 
         organizations,  such as churches, have long been held to 
         be  admissible.  Ford  v.  State,  82 Tex.Cr.R. 638, 200 
         S.W.  841  (1918).  It  is  at  least  arguable  that  a 
         computerized  BBS,  although run as a hobby, falls under 
         the same classification.

120.     See  Iowa  Code Ann. Sec. 622.28; People v. Lugashi, 252 
         Cal.Rptr 434 (Cal.App. 2 Dist. 1988).


Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             47

121.     See  14  Am.Jur.  POF2d  Sec. 15 (1977, Supp. 1988). Cf. 
         United  States  v. De Georgia, 420 F.2d 889, 2 CLSR 479, 
         484  (1969,  CA9  Ariz),  where  it  was held that it is 
         immaterial  whether a business record is maintained in a 
         computer   rather   than   in  company  books  regarding 
         admissibility  of  those  records,  so  long  as (1) the 
         trial  court  requires the proponent of the computerized 
         records    to    lay    a   foundation   as   to   their 
         trustworthiness,  and  (2)  the  opposing party is given 
         the  same  opportunity  to  inquire  into the computer's 
         accuracy  as  he would have to inquire into the accuracy 
         of written business records.

122.     The  BBS  program run on the SYSOP's computer ordinarily 
         "stamps"  the  date  and time of day each user logs onto 
         the   BBS.   A  corresponding  record  is  automatically 
         affixed  to each piece of electronic mail posted so that 
         the  reader  knows  when  it  was added to the database. 
         Similarly,   the  telephone  company  maintains  copious 
         records  of  the  date  and  time  each  phone  call  is 
         connected  in  its  dialing  area.  The  caller  has  no 
         control over either of these processes.

123.     252 Cal.Rptr. 434 (Cal.App. 2 Dist. 1988).

124.     Id., at 437.

125.     Id.

126.     Id. 

127.     Id., at 439.

128.     Id., at 437.

129.     Id., at 440.

130.     Id.,  at  442. See also United States v. Russo, 480 F.2d 
         1228  (CA6 Mich, 1973), cert den 414 U.S. 1157, 94 S.Ct. 
         915,  39 L.Ed.2d 109; Capital Marine Supply, Inc. v. M/V 
         Roland  Thomas  II,  719 F.2d 104 (1983 CA5 La), 104 Fed 
         Rules  Evid Serv 731; Peoples Cas & Coke Co. v. Barrett, 
         118  Ill.App.3d  52,  73  Ill.  Dec. 400, 455 N.E.2d 829 
         (1983).

131.     432 So.2d 837 (La., 1983).

132.     Id., at 839-40.

133.     Id., at 839.

134.     United  States  v.  Verlin,  466  F.Supp.  155  (ND Tex, 
         1979).


Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             48

135.     Id., at 158.

136.     The  reasonable  SYSOP should offer his full cooperation 
         in  aiding  the maligned user to regain her good name by 
         providing  her  with  his  BBS' phone-in records made at 
         the  time  the  libellous message appeared. See note 93, 
         supra.

137.     See note 123, supra.

138.     Cf.  note  118,  supra.  As  to  an electronic BBS being 
         classified  as  a  "business"  for hearsay purposes, see 
         note 120, supra.

139.     See note 128, supra.

140.     Authentication  has been broadly described thus: "[W]hen 
         a  claim  or  offer  involves impliedly or expressly any 
         element  of personal connection with a corporeal object, 
         that  connection  must  be  made to appear...." Wigmore, 
         Evidence,   Sec.   2129  at  564  (2d  ed.  1972).  This 
         requirement is also known as the "Best Evidence Rule."

141.     Fed. R. Evid. 901(a),(b)(6).

142.     2 Bender, Computer Law, sec. 5.03[1][a] (1988).

143.     Id.

144.     See    Fed.   R.   Evid.   901(b)(6):   "(6)   Telephone 
         conversations.   Telephone  conversations,  by  evidence 
         that  a call was made to the number assigned at the time 
         by  the  telephone  company  to  a  particular person or 
         business,  if  ***  (B)  in  the case of a business, the 
         call   was   made   to  a  place  of  business  and  the 
         conversation  related  to business reasonably transacted 
         over the telephone...." (emphasis added).

145.     Fed. R. Evid. 1002.
         
146.     E.W.  Cleary,  McCormick on Evidence, sec. 231 (2nd. Ed. 
         1972).
         
147.     Id.  Further  rationales  for  the  rule  are  risks  of 
         inaccuracy    contained   in   commonly   used   copying 
         techniques    and   heightened   chances   of   witness' 
         forgetfulness through oral testimony. Id., sec. 231.
         
148.     305 So.2d 421, 7 C.L.S.R. 1238 (La. 1974).

149.     305 So.2d 421, 427.

150.     Id., at 428.


Defamation Liability of Computerized BBS Operators
& Problems of Proof          (C) 1989 John R. Kahn             49

151.     Brandon v. Indiana, 396 N.E.2d 365 (Ind. 1979).

152.     Id., at 370.

153.     See note 121, supra, and accompanying text.

154.     Other   circumstantial  evidence  might  include,  among 
         other  things:  possible  motive  for the masquerader to 
         defame  plaintiff;  plaintiff's  own  inability  to call 
         from  the phone number from which the defamatory message 
         is  shown  to  have  originated;  or  even an electronic 
         "fingerprint"  left  by  the  particular  computer  from 
         which   the  defamatory  message  originated.  Pfau  and 
         Keane,  Computer  Logs Can Pinpoint Illegal Trasactions, 
         Legal Times of Washington, vol. 6, p.16 (May 14, 1984).

155.     Fed. R. Evid. 1002 provides:

             REQUIREMENT  OF  ORIGINAL. To prove the content of 
             a  writing, recording, or photograph, the original 
             of   that  writing,  recording  or  photograph  is 
             required,   unless  provided  otherwise  in  these 
             rules or by an Act of Congress.
             

156.     Examples  of  this situation are the telephone company's 
         keeping   of   hundreds   of   thousands  of  individual 
         computerized  records of each telephone call made within 
         a  certain  dialing area, or a BBS' extensive history of 
         subscriber use compiled for billing purposes.

157.     See  Harned  v. Credit Bureau of Gilette, 513 P2d 650, 5 
         CLSR 394 (1973).

158.     Fed. R. Evid. 1006.
         
159.     137 Ga.App. 360, 223 S.E.2d 757 (1976).

160.     223 S.E.2d 757, 760.