This blog asks the question of how ISPs respond to claims of cyber-harassment. What do you do when one of your customers is accused of harassing somebody else? We’ve all heard of terrible cases where cyber-harassment has led to suicide or other terrible results. But there are many degrees of harassment and I am curious how different ISPs respond to claims of harassment.
Are there any legal requirements that you do anything? Obviously ISPs all will respond to subpoenas or court orders that order somebody to end harassing another person. But this is the end result of a legal action and most harassment never makes it the whole way through the legal system.
There are only a few other legal requirements to consider. First is the Communication Decency Act which the US Congress passed in 1996 that was the first attempt to legislate the Internet. The Act had provisions that tried to outlaw pornography, but the Supreme Court knocked out these parts of that law. But other provisions of the law are still in effect. The one that matters in this instance is the determination that ISPs are not the ‘publishers’ of content posted by your users, and thus you are immune from prosecution for things said and done by your customers on-line.
But most ISPs have a document that you have generated that self-imposes some obligations on you. This is your terms of service that you have customers sign as they connect to your Internet service. It’s pretty routine in those documents to have language that gives you the right to cut off service from customers who use the Internet for nefarious purposes. Sometimes the language in these documents is very generic and sometimes it says very specifically that you will not tolerate customers who harass others on the Internet.
So you should review the TOS occasionally to remind yourself what specific obligations you might have created for yourself. In this document you have not only defined what customers cannot do on your network, but you have also implied that you will react in some way to customers who violate your rules.
Beyond these very minimal obligations there are no other specific external rules. Your customers are generally free to publish all sorts of thing that you or the public might find repugnant. They might post white supremacist or neo-Nazi pages that spew hate at other races. They might bash gays, or bash Muslims, or bash Christians. They might bash the band the Grateful Dead (my own version of intolerable behavior!). But generally, as long as these postings don’t cross a legal line your customers are within their first amendment rights to post all sorts of disagreeable things.
It’s hard to define it exactly, but there is some point where a customer has crossed the line if what they say is aimed at an individual and not at the wider world. There are many forms of cyber-harassment that include: sending harassing emails, creating false web pages to defame somebody, disseminating false or private information online, uploading unauthorized pictures or videos, impersonating another in a public forum, spreading false rumors through social media sites and many other things.
The chances are that if you don’t hear about this from law enforcement that you will be contacted by the person being harassed. It’s likely that they will show you examples of what your customer has been doing. And this is when you have the hard decision to make. Has your customer clearly violated your terms of service? If so, what are you willing to do about it? Do you warn them? Do you ask them to cease the bad behavior? Do you just toss them off your network?
Let’s face it. Most of the people who run ISPs are pretty good guys. Nobody wants to be running a service that is contributing to other people being harmed. But it is very uncomfortable being asked to be judge and jury. We have all written our terms of service to be somewhat murky on purpose. And that means that there are going to be many instances when you will agree that something is unsavory without necessarily being able to say it is a clear-cut violation of your terms of service. And even if it violates your TOS, there are always degrees of violation.
It’s not an easy question and every ISP I talked to about this felt really uncomfortable with this part of being an ISP. Almost all of them have had troublesome customers where this sort of behavior occurred. But the responses range from doing nothing, to warning the customer to cease the bad behavior, to cutting them off the network. One protection that most of you have is that your Internet service is not considered a utility service and so you have the legal right to choose who is (or in this case who is not) your customer. But that still does not make this easy.