for Access to Material on the Internet
Far too many school
districts have installed Technology Protection Measures thinking that such measures
are necessary to protect the district against liability. Many Technology Protection
Measure companies use "fear of litigation" as a marketing tool. An
example from the marketing literature for one such product reads:
school from legal liability
letting students or staff surf anywhere on the internet may lead them to stray
to inappropriate sites. This kind of activity can lead to lawsuits, harassment
charges, and even criminal prosecution. Protect your students and your school
by promoting intelligent Internet use .
are no cases directly on point it is probable that schools will enjoy statutory
immunity for harm if a student accesses material placed by a third party. This
immunity was established through a section of the Computer Decency Act of 1996.
Other sections of the Computer Decency Act were ruled unconstitutional, however,
this section remains in force and has been upheld in a number of court cases.
OF PUBLISHER OR SPEAKER- No provider or user of an interactive computer service
shall be treated as the publisher or speaker of any information provided by
another information content provider.
As to whether an
education institution offering Internet access to its students is an "interactive
computer service", the question is directly addressed by §230(e)(2):
The term 'interactive
computer service' means any information service, system, or access software
provider that provides or enables computer access by multiple users to a computer
server, including specifically a service or system that provides access to
the Internet and such systems operated or services offered by libraries or
(3) STATE LAW-
Nothing in this section shall be construed to prevent any State from enforcing
any State law that is consistent with this section. No cause of action may
be brought and no liability may be imposed under any State or local law that
is inconsistent with this section.
In sum, §230(c)(1)
provides that an "interactive computer service" is not to be treated
the same as a content provider; §230(e)(2) provides that an education institution
offering Internet access is an interactive computer service; and §230(d)(3)
provides that inconsistent state laws may not be used as a basis of liability.
The word "immunity"
is not in the statute itself. But in Zeran v. America Online, Inc, the Fourth
Circuit Court of Appeals expressly held that "[b]y its plain language,
§230 creates a federal immunity to any cause of action that would make
service providers liable for information originating with a third-party user
of the service ."
In a recent case,
Kathleen R. v City of Livermore , a mother of a teenage boy sued the library
because her son had accessed sexually explicit pictures through the library's
Internet service. The City made two arguments based on §230. The first
argument was that §230 provides federal immunity from liability to service
providers for the speech of third-party content providers. The second argument
was that in enacting §230, Congress did preempted any state law which may
be to the contrary. The action was dismissed. The dismissal was upheld on appeal
The appellate court
found that under CDA, the library was an interactive service provider and was
entitled to immunity under §230(c)(1). The court noted that although the
purpose of CDA was to prevent minors from getting access to pornography, Congress
made a deliberate policy choice not to subject those providing Internet access
to tort liability.
question is: Does anything in CIPA change the immunity provisions contained
in CDA? On its face, there is no language in CIPA that would establish such
liability. The liability issue was raised during the FCC proceedings in the
development of CIPA regulations. Here is the pertinent section of the FCC Order
discussing this issue:
33. Some commenters
have requested that we require entities to certify to the effectiveness of
their Internet safety policy and technology protection measures. However,
such a certification of effectiveness is not required by the statute. Moreover,
adding an effectiveness standard does not comport with our goal of minimizing
the burden we place on schools and libraries. Therefore, we will not adopt
an effectiveness certification requirement.
34. A large majority of commenters express concern that there is no technology
protection measure currently available that can successfully block all visual
depictions covered by CIPA. Such commenters seek language in the certification
or elsewhere "designed to protect those who certify from liability for,
or charges of, having made a false statement in the certification" because
available technology may not successfully filter or block all such depictions.
Commenters are also concerned that technology protection measures may also
filter or block visual depictions that are not prohibited under CIPA.
35. We presume
Congress did not intend to penalize recipients that act in good faith and
in a reasonable manner to implement available technology protection measures.
Moreover, this proceeding is not the forum to determine whether such measures
are fully effective .
This section highlights
a potential concern -- that the organizations that sought stronger protections
in the form of a certification of effectiveness could seek to make their point
of the need by suing a district on the basis that the district has failed to
effectively implement CIPA. A district could also create difficulties in this
regard by making public statements at the CIPA hearing that create the misperception
that the district's CIPA plan will guarantee that no child will ever access
inappropriate material through the district's system.
- Always make
it clear to parents and to the community that the district is engaging in
a good faith effort to address the concerns, but that given the nature of
the Internet, no strategy and no technology protection measure can ever be
assumed to be totally effective.
- Include a disclaimer
of liability in the policy and the agreement that parent/guardians sign granting
permission for their children to use the Internet.
the Actions of Staff or Students
The potential of
district liability if a user causes harm to another person or organization through
the use of the system is a concern. Areas of concern include: defamation, harassment,
or invasion of privacy; copyright infringement and computer security violations
Harassment, Invasion of Privacy, Copyright Infringement 47 U.S.C. §
230 of the Computer Decency Act provides immunity for "interactive service
providers" for material that is transmitted through their system, but not
for "information content providers." Education institutions are included
in the definition of interactive service provider, but this designation only
addresses situations where the district has no control or supervisory responsibilities
related to the material transmitted through the system. If the district establishes
a district web site, the district is also an information content provider and
can be held to publisher standards for any defamatory material posted on the
site. The district can also be held liable for harm caused by material that
is considered to be harassment or an invasion of privacy.
It is possible
that districts could be held liable for harm caused by material transmitted
through the system by students due to the failure to adequately supervise. But
it is also possible that the immunity provided by 47 U.S.C.A. § 230 would
apply in such a case. This is unclear. The district can be held liable for harm
caused by material transmitted by staff.
The district may
be held liable for the presence of any material that is posted on the district
web site in violation of copyright laws. Under copyright law, 17 U.S.C §
512, there is immunity for Internet service providers who host material placed
by others on their web site. This provision DOES NOT provide immunity for school
districts because school personnel can and should maintain the ultimate responsibility
for the material placed on school district web sites.
One of the requirements
for Internet service providers under 17 U.S.C § 512 is that the service
provider has designated an agent to receive complaints of copyright infringement
and provides contact information on its web site for those concerned about material
placed on the site. While such a designation and notice would not provide statutory
immunity for a school district, it is an excellent strategy to seek to limit
the potential of liability for unintentional copyright infringement.
To limit the potential
of district liability for defamation, harassment, invasion of privacy, and copyright
infringement , the following actions are recommended:
- Have provisions
in the school Internet Safety and Responsibly Policy that address these issues.
- Place on the
district web site and each school web site a "Web Site Concerns"
link. This link will take the reader to a page where the district states:
XYZ District seeks to ensure that all materials placed on the district or
school web sites are placed in accord with copyright law and do not infringe
on the rights of or harm others in any way. To accomplish this we are taking
* We have
a provisions in our Internet Safety and Responsibility Policy that address
copyright, defamation, harassment, invasion of privacy, and other harmful
speech. <link to policy>
* We have
established web site management procedures to review materials prior to
their placement on the web site. <link to procedures>
* We will
promptly respond to any issues of concern . If you have a concern about
material placed on our web site, please contact us. <link to e-mail
to an administrator who has the responsibility of promptly responding
to any complaint>
- Establish web
site management procedures to address these issues of concern. (More information
on the copyright management plan in included in the Copyright chapter.)
of Software and Other Copyrighted Materials The other area where districts
run a risk of liability is in the violation of copyright or licensing agreements
in the use of software. The Software and Information Industry Association (formerly
the Software Publishers Association) has an Anti-Piracy Education Initiative.
There are excellent recommendations for the establishment of an effective software
management program in schools on their web site .
also closely evaluate their web traffic to ensure that students are not using
the district Internet system as a vehicle to exchange copyrighted materials.
Such activity would result in a significant amount of traffic and should be
easily detectable by an astute system administrator.
Violations There are a range of activities that constitute computer security
violations, including attempts to invade computer systems, the deliberate transmission
of a virus or worm. Technically sophisticated students may be engaged in such
activities using district technology resources. School districts could face
potential liability if staff know or have sufficient reason to suspect that
students have been engaged in such activities using district resources.
- Include an immunity
provision in the Student Internet Use Policy.
- Take prompt
action if there is any suspicion of inappropriate behavior.
- Provide instruction
about computer crime and its consequences in computer science classes.
for Damage to Student
An area of potential
liability is district failure to protect a student's constitutional rights.
If a student's rights, as addressed in this document, are not adequately protected
by a district and the student suffers harm as a consequence, the district could
be held liable. Potential areas of concern are related to due process, search
and seizure, and free speech.
Recently, a number
of districts have gotten into difficulties for inappropriately disciplining
students for material that the students have posted on their personal web sites.
A district in Ohio paid $30,000 in settlement of a case that was filed against
them for suspending a student because of material he posted on his personal
web site that was critical of his band teacher. In Beussnik v. Woodland R-IV
School District (U.S. District Court, Eastern District of Missouri, Southeastern
Division 1998) the court ruled in a preliminary injunction that the school could
not discipline the student for material on a personal web page that was very
critical of the administration of his school. This case is discussed more fully
in the Student Speech chapter.
regarding student rights occurred at the Winter School District, Winter Wisconsin
. A high school student was told that she could not look at sites about the
Wiccan religion during after-school open access Internet. The student filed
a complaint with the State Department of Public Instruction claiming, among
other things, that the student's right to practice freedom of religion was violated.
The district was facing litigation, but the matter was resolved when the Superintendent
sent a letter to the student admitting that the policy was in error.
unfairly discipline students for accessing controversial material or select,
configure, and implement a Technology Protection Measure in a manner that appears
to be indicating disapproval of certain information or ideas and thereby indicating
disapproval of certain students based on their beliefs or status may find itself
in a position of potential liability on the basis of discrimination or violation
of student's free speech right to access information.
by System Failure There is a potential for a district to be held responsible
for losses sustained by users as a result of a system failure. These losses
could involve loss of data, an interruption of services, or reliance on the
accuracy of information maintained on the district system or accessed through
the system. The use of a disclaimer that provides notice of the potential for
such loss and disclaims district responsibility should protect the district
from liability. Users should also be advised to make a personal back-up of material
contained on the district system.
Purchases Districts should be concerned about the potential that a user
will violate the district restriction against purchasing products or services
through the system. The district will want to make it clear to parents that
there is a potential for students to use the system in such a manner. The district
will also want to include in its policy a disclaimer for any financial obligations
arising from unauthorized use of the system for the purchase of products or
Damage to District
System Another area of concern is damage to the district system by misuse
of the system that causes damage to the system. An example would be a student
intentionally placing a virus on the system. This is no different than any other
damage caused by a student or staff member and is likely covered in other district