District Liability Issues

Statutory Immunity for Access to Material on the Internet

Far too many school districts have installed Technology Protection Measures thinking that such measures are necessary to protect the district against liability. Many Technology Protection Measure companies use "fear of litigation" as a marketing tool. An example from the marketing literature for one such product reads:

Protect your school from legal liability
letting students or staff surf anywhere on the internet may lead them to stray to inappropriate sites. This kind of activity can lead to lawsuits, harassment charges, and even criminal prosecution. Protect your students and your school by promoting intelligent Internet use .

Although there are no cases directly on point it is probable that schools will enjoy statutory immunity for harm if a student accesses material placed by a third party. This immunity was established through a section of the Computer Decency Act of 1996. Other sections of the Computer Decency Act were ruled unconstitutional, however, this section remains in force and has been upheld in a number of court cases. §230(c)(1) provides:

(1) TREATMENT OF PUBLISHER OR SPEAKER- No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

As to whether an education institution offering Internet access to its students is an "interactive computer service", the question is directly addressed by §230(e)(2):

The term 'interactive computer service' means any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server, including specifically a service or system that provides access to the Internet and such systems operated or services offered by libraries or educational institutions.

§230(d)(3) provides:

(3) STATE LAW- Nothing in this section shall be construed to prevent any State from enforcing any State law that is consistent with this section. No cause of action may be brought and no liability may be imposed under any State or local law that is inconsistent with this section.

In sum, §230(c)(1) provides that an "interactive computer service" is not to be treated the same as a content provider; §230(e)(2) provides that an education institution offering Internet access is an interactive computer service; and §230(d)(3) provides that inconsistent state laws may not be used as a basis of liability.

The word "immunity" is not in the statute itself. But in Zeran v. America Online, Inc, the Fourth Circuit Court of Appeals expressly held that "[b]y its plain language, §230 creates a federal immunity to any cause of action that would make service providers liable for information originating with a third-party user of the service ."

In a recent case, Kathleen R. v City of Livermore , a mother of a teenage boy sued the library because her son had accessed sexually explicit pictures through the library's Internet service. The City made two arguments based on §230. The first argument was that §230 provides federal immunity from liability to service providers for the speech of third-party content providers. The second argument was that in enacting §230, Congress did preempted any state law which may be to the contrary. The action was dismissed. The dismissal was upheld on appeal .

The appellate court found that under CDA, the library was an interactive service provider and was entitled to immunity under §230(c)(1). The court noted that although the purpose of CDA was to prevent minors from getting access to pornography, Congress made a deliberate policy choice not to subject those providing Internet access to tort liability.

The unanswered question is: Does anything in CIPA change the immunity provisions contained in CDA? On its face, there is no language in CIPA that would establish such liability. The liability issue was raised during the FCC proceedings in the development of CIPA regulations. Here is the pertinent section of the FCC Order discussing this issue:

33. Some commenters have requested that we require entities to certify to the effectiveness of their Internet safety policy and technology protection measures. However, such a certification of effectiveness is not required by the statute. Moreover, adding an effectiveness standard does not comport with our goal of minimizing the burden we place on schools and libraries. Therefore, we will not adopt an effectiveness certification requirement.

34. A large majority of commenters express concern that there is no technology protection measure currently available that can successfully block all visual depictions covered by CIPA. Such commenters seek language in the certification or elsewhere "designed to protect those who certify from liability for, or charges of, having made a false statement in the certification" because available technology may not successfully filter or block all such depictions. Commenters are also concerned that technology protection measures may also filter or block visual depictions that are not prohibited under CIPA.

35. We presume Congress did not intend to penalize recipients that act in good faith and in a reasonable manner to implement available technology protection measures. Moreover, this proceeding is not the forum to determine whether such measures are fully effective .

This section highlights a potential concern -- that the organizations that sought stronger protections in the form of a certification of effectiveness could seek to make their point of the need by suing a district on the basis that the district has failed to effectively implement CIPA. A district could also create difficulties in this regard by making public statements at the CIPA hearing that create the misperception that the district's CIPA plan will guarantee that no child will ever access inappropriate material through the district's system.

Recommendations

  • Always make it clear to parents and to the community that the district is engaging in a good faith effort to address the concerns, but that given the nature of the Internet, no strategy and no technology protection measure can ever be assumed to be totally effective.

  • Include a disclaimer of liability in the policy and the agreement that parent/guardians sign granting permission for their children to use the Internet.

Liability for the Actions of Staff or Students

The potential of district liability if a user causes harm to another person or organization through the use of the system is a concern. Areas of concern include: defamation, harassment, or invasion of privacy; copyright infringement and computer security violations (hacking)

Defamation, Harassment, Invasion of Privacy, Copyright Infringement 47 U.S.C. § 230 of the Computer Decency Act provides immunity for "interactive service providers" for material that is transmitted through their system, but not for "information content providers." Education institutions are included in the definition of interactive service provider, but this designation only addresses situations where the district has no control or supervisory responsibilities related to the material transmitted through the system. If the district establishes a district web site, the district is also an information content provider and can be held to publisher standards for any defamatory material posted on the site. The district can also be held liable for harm caused by material that is considered to be harassment or an invasion of privacy.

It is possible that districts could be held liable for harm caused by material transmitted through the system by students due to the failure to adequately supervise. But it is also possible that the immunity provided by 47 U.S.C.A. § 230 would apply in such a case. This is unclear. The district can be held liable for harm caused by material transmitted by staff.

The district may be held liable for the presence of any material that is posted on the district web site in violation of copyright laws. Under copyright law, 17 U.S.C § 512, there is immunity for Internet service providers who host material placed by others on their web site. This provision DOES NOT provide immunity for school districts because school personnel can and should maintain the ultimate responsibility for the material placed on school district web sites.

One of the requirements for Internet service providers under 17 U.S.C § 512 is that the service provider has designated an agent to receive complaints of copyright infringement and provides contact information on its web site for those concerned about material placed on the site. While such a designation and notice would not provide statutory immunity for a school district, it is an excellent strategy to seek to limit the potential of liability for unintentional copyright infringement.

Recommendations:

To limit the potential of district liability for defamation, harassment, invasion of privacy, and copyright infringement , the following actions are recommended:

  • Have provisions in the school Internet Safety and Responsibly Policy that address these issues.

  • Place on the district web site and each school web site a "Web Site Concerns" link. This link will take the reader to a page where the district states: XYZ District seeks to ensure that all materials placed on the district or school web sites are placed in accord with copyright law and do not infringe on the rights of or harm others in any way. To accomplish this we are taking three steps:

    * We have a provisions in our Internet Safety and Responsibility Policy that address copyright, defamation, harassment, invasion of privacy, and other harmful speech. <link to policy>

    * We have established web site management procedures to review materials prior to their placement on the web site. <link to procedures>

    * We will promptly respond to any issues of concern . If you have a concern about material placed on our web site, please contact us. <link to e-mail to an administrator who has the responsibility of promptly responding to any complaint>

  • Establish web site management procedures to address these issues of concern. (More information on the copyright management plan in included in the Copyright chapter.)

Copyright Infringement of Software and Other Copyrighted Materials The other area where districts run a risk of liability is in the violation of copyright or licensing agreements in the use of software. The Software and Information Industry Association (formerly the Software Publishers Association) has an Anti-Piracy Education Initiative. There are excellent recommendations for the establishment of an effective software management program in schools on their web site .

Districts must also closely evaluate their web traffic to ensure that students are not using the district Internet system as a vehicle to exchange copyrighted materials. Such activity would result in a significant amount of traffic and should be easily detectable by an astute system administrator.

Computer Security Violations There are a range of activities that constitute computer security violations, including attempts to invade computer systems, the deliberate transmission of a virus or worm. Technically sophisticated students may be engaged in such activities using district technology resources. School districts could face potential liability if staff know or have sufficient reason to suspect that students have been engaged in such activities using district resources.

Recommendations

  • Include an immunity provision in the Student Internet Use Policy.

  • Take prompt action if there is any suspicion of inappropriate behavior.

  • Provide instruction about computer crime and its consequences in computer science classes.

District Liability for Damage to Student

An area of potential liability is district failure to protect a student's constitutional rights. If a student's rights, as addressed in this document, are not adequately protected by a district and the student suffers harm as a consequence, the district could be held liable. Potential areas of concern are related to due process, search and seizure, and free speech.

Recently, a number of districts have gotten into difficulties for inappropriately disciplining students for material that the students have posted on their personal web sites. A district in Ohio paid $30,000 in settlement of a case that was filed against them for suspending a student because of material he posted on his personal web site that was critical of his band teacher. In Beussnik v. Woodland R-IV School District (U.S. District Court, Eastern District of Missouri, Southeastern Division 1998) the court ruled in a preliminary injunction that the school could not discipline the student for material on a personal web page that was very critical of the administration of his school. This case is discussed more fully in the Student Speech chapter.

Another incident regarding student rights occurred at the Winter School District, Winter Wisconsin . A high school student was told that she could not look at sites about the Wiccan religion during after-school open access Internet. The student filed a complaint with the State Department of Public Instruction claiming, among other things, that the student's right to practice freedom of religion was violated. The district was facing litigation, but the matter was resolved when the Superintendent sent a letter to the student admitting that the policy was in error.

Districts that unfairly discipline students for accessing controversial material or select, configure, and implement a Technology Protection Measure in a manner that appears to be indicating disapproval of certain information or ideas and thereby indicating disapproval of certain students based on their beliefs or status may find itself in a position of potential liability on the basis of discrimination or violation of student's free speech right to access information.

Other Possible Liability Issues

Losses Caused by System Failure There is a potential for a district to be held responsible for losses sustained by users as a result of a system failure. These losses could involve loss of data, an interruption of services, or reliance on the accuracy of information maintained on the district system or accessed through the system. The use of a disclaimer that provides notice of the potential for such loss and disclaims district responsibility should protect the district from liability. Users should also be advised to make a personal back-up of material contained on the district system.

Unauthorized Purchases Districts should be concerned about the potential that a user will violate the district restriction against purchasing products or services through the system. The district will want to make it clear to parents that there is a potential for students to use the system in such a manner. The district will also want to include in its policy a disclaimer for any financial obligations arising from unauthorized use of the system for the purchase of products or services.

Damage to District System Another area of concern is damage to the district system by misuse of the system that causes damage to the system. An example would be a student intentionally placing a virus on the system. This is no different than any other damage caused by a student or staff member and is likely covered in other district policies.