A Fourteen-Year-Old Girl's Suit Against MySpace: Should Networking Sites Be Legally Responsible for Protecting Teens from Harmful Real-World Conduct?

By ANITA RAMASASTRY
Monday, Jun. 26, 2006

A fourteen-year-old girl has just sued MySpace, a popular social networking site where people can meet in cyberspace and exchange profiles.

Allegedly, nineteen-year-old Texan Pete Solis lied in his profile about being a high school senior on a football team to gain a minor's trust. The girl alleges that after she had contact with Solis on the site, he asked for her cellphone number, she gave it to him, they met up in person, and he sexually assaulted her.

The girl is suing Solis for alleged sexual assault and intentional infliction of emotional distress. Solis was arrested in May and it appears he will also face criminal prosecution. In addition, the girl is suing MySpace and its parent corporation, News Corporation. She alleges that the two companies were aware that sexual predators were getting in touch with minors on the site, and did nothing to stop it - yet falsely claimed that the site was maintaining adequate security measures to protect children and teens.

In total, the suit seeks damages of $30 million. But as I will explain, insofar as the suit names MySpace and News Corp. as defendants, it is on shaky ground. Thus, the girl's damages may, in practice, be limited to those she can recover from Solis himself.

Recently, MySpace and other social-networking sites have come under attack, more generally, by critics who say such sites encourage child predators to target young victims. Must the sites do more, legally? Should they do more, morally? Perhaps so -- but in the end, I will argue, parents and teenagers will need to remain wary of unsavory and predatory users.

As of Now, Federal Statutes Protect Web Intermediaries - Not Kids Over Age Thirteen

Federal law provides no help to the plaintiff here; she is a just a bit too old to benefit from it.

The Children's Online Protection Act (COPA) requires MySpace and other websites that target children under thirteen to obtain "verifiable" parental consent before the children can use the site. MySpace goes further: It simply prohibits children under thirteen from setting up accounts and creating personal profiles on its site, no matter what.

What about children over thirteen? Federal law does not speak to the issue. But MySpace voluntarily displays only partial profiles for those registered as being fourteen or fifteen years old -- unless the person viewing the profile is already on the teenager's list of friends.

Congress is contemplating measures that would further protect over-thirteen teens, but they are not yet law. Just last month, the House introduced a bill, the "Deleting Online Predators Act" (DOPA) that would both prohibit access to online social networks at schools, and require the Federal Trade Commission to create websites containing information about the potential dangers the Internet poses to children and teens.

Finally, if current federal law has any relevance here, it may actually be to immunize MySpace from liability. Section 230 of the federal Communications Decency Act (CDA) provides a so-called "safe harbor" which immunizes web intermediaries from liability arising from user-posted content. (The Supreme Court struck down part of the CDA in Reno v. ACLU, but this section remains good law.)

This immunity applies even if the intermediary monitors the content and, in some instances, chooses to de-post it. Indeed, Congress enacted this provision to encourage intermediaries like MySpace to do just such monitoring, and to remove harmful or offensive postings, by ensuring this kind of "family values" monitoring would be liability-free.

The Plaintiff's Fraud Claim Against MySpace: Unlikely to Succeed

Because federal law provides no recourse here, the fourteen-year-old plaintiff has based her suit on the state law of fraud and negligence. But did the website do anything that could be characterized as fraudulent? And was it legally negligent with regard to its users?

Let's consider the fraud claim first. Fraud requires a false or misleading statement or omission. And it doesn't seem that MySpace is guilty of either.

MySpace warns users that: "People aren't always who they say they are. Be careful about adding strangers to your friends list. It's fun to connect with new MySpace friends from all over the world, but avoid meeting people in person whom you do not fully know. If you must meet someone, do it in a public place and bring a friend or trusted adult."

MySpace also notes "Don't mislead people into thinking that you're older or younger. If you lie about your age, MySpace will delete your profile"

And it reminds users that they act as their own peril: "MySpace.com is not responsible for the conduct, whether online or offline, of any User of the MySpace Services."

Based on these statements, it's hard to support a claim that MySpace falsely assured users regarding the services its site provided, or misleadingly omitted information from the material it posted. Thus, a fraud claim here is unlikely to succeed.

The Plaintiff's Negligence Claim Against MySpace: Somewhat More Likely to Succeed

In contrast, the plaintiff's negligence claim has at least some chance of success. But to support such a claim, plaintiff must establish both a "duty of care" and a breach of that duty.

The "duty of care" question is a difficult question of state law. But courts may hesitate in imposing a duty of care in cyberspace, for fear that it would unfairly burden companies with too little control to be held responsible for what happens to their users offline.

But let's suppose that there is a duty of care. Did MySpace breach it? To prove it did, the plaintiff has to explain how the site could have done more.

One additional measure the suit claims MySpace should have taken, but did not, is to force users to verify their ages. But such a requirement may be impracticable - and for the law to force one on websites might well be a First Amendment violation.

The Supreme Court, for instance, balked at the suggestion that it should accept such a requirement in Reno v. ACLU, citing First Amendment concerns. And if anonymity is a component of First Amendment rights - as some Supreme Court precedents suggest it may be - forcing verification may be too close to forcing the revelation of identity for the Court to stomach.

Still, some other sites do voluntarily have verification systems in place - requesting credit cards from all users in order to both check users' identities, and make sure an adult is aware a young person has become a user.

Until recently, Second Life - another online community -- asked for a credit card for its new members. But now, according to SecondCast -- a podcast that covers Second Life activity - Second Life only requires a valid email address from new users. Obviously, a minor can legally have a valid email address, but not a valid credit card - so Second Life seems a bit less secure.

(Second Life also has another system to keep adults and teens apart: It operates a separate community - Teen Second Life - exclusively for members between the ages of thirteen and seventeen. But without credit card age verification, this backup system, too, may be porous.)

MySpace, too, has decided to implement further security measures -- which I will discuss below - in the wake of the fourteen-year-old girl's suit. But these measures probably won't be able to be used as evidence of negligence in the suit itself.

Typically, when defendants improve security after something bad happens, evidence rules exclude the plaintiff from pointing to later improvements as evidence of prior negligence. The reason the rule exists is so that defendants have an incentive to make improvements as soon as they realize there's a problem - rather than waiting until the lawsuit is over, for fear of being seen to have conceded negligence via the improvements.

Should the Law Require More Online Than It Does Offline Regarding Age Separation and Verification?

As noted above, online age verification may be criticized from a First Amendment "state action" standpoint if a statute or court forces it - but not if a site adopts it voluntarily. So should sites do just that?

One argument against it, is that such verification does not always exist in the real world. At concerts and at "all ages" clubs, teenagers and adults can dance and party together. There's no age separation, and no age verification, except in "carding" for alcohol. And the same predators who may be lurking on MySpace could easily be dancing at a rave, or in the next row at a rock concert. So online age verification may not so much impede predators, as simply force them to prey offline.

On the topic of responsibility for the fates of underage customers, consider, for example, a recent tragedy in Seattle. Kyle Huff shot seven people in a shooting spree at an after-hours party following an all-ages rave in Seattle. Two of his victims were only fourteen and fifteen years old, respectively.

Should the club that hosted the rave be responsible for the harm that followed at the separate after-hours party?

Similarly, should pen pal clubs, and newspapers that publish personal ads, be penalized if predators exploit their services to lie about their age and/or engage in harmful behavior?

One reason to say no is that it may be unfair to put these institutions in the position of policing their users' activities in places the institutions don't control. And the same unfairness may occur if we hold online sites responsible for what happens at offline meetings between users. It is a risky business meeting strangers - and teens are inevitably going to meet strangers who are adults.

That's why parents need to take responsibility for their children, both offline and online. For example, parents can use filters to block dangerous sites on home computers, and can also be proactive about advising kids on the dangers of such sites. And when it comes to clubs and raves, they can keep in touch with kids about where they're going and with whom, and when they're due home.

Can More Security Solve the Problem?

As I noted above, MySpace has recently added new security features, in the wake of the sexual assault case. (The company notes, however, that the improvements had been planned well before the lawsuit was filed). And earlier, it hired a former federal prosecutor and Microsoft . executive as its online safety director.. But experts are skeptical as to how effective a new safety regime can possibly be.

Among MySpace's new rules will be that adult (that is, eighteen-or-over) users cannot request to be on a fourteen- or fifteen-year-old user's "friends" list, unless the adult already knows either the teen's e-mail address or full name. (And remember, those who aren't on a friend's list, can only see a partial profile of fourteen- or fifteen-year-olds.) In addition, all users -- not only those who are fourteen or fifteen -- will have the option to make only partial profiles, with limited information about them, available to those not already on their friends list.

MySpace also will enhance its advertisement-targeting technology. It will attempt to avoid displaying gambling and other adult-themed ads on minors' profile pages. Finally, MySpace will aim special public-service announcements at minors.

At the end of the day, however, as long as users are willing to lie and circumvent, there is a limit to how effective controls can be. There are inherent perils involved in hooking up in cyberspace - and parents need to be the ones who educate their children about such dangers.


Anita Ramasastry is an Associate Professor of Law at the University of Washington School of Law in Seattle and a Director of the Shidler Center for Law, Commerce & Technology. She has previously written on business law, cyberlaw, computer data security issues, and other legal issues for this site, which contains an archive of her columns.