Zelda Williams and Social Media Decency

by JD Supra Perspectives

[The first of a new series in which we ask JD Supra contributors to address the perils, legal or otherwise, of being an online citizen today, and all that entails. Stay tuned for additional articles in the series.]

Robin Williams, beloved comedian and frequent Twitter-user, died last week. His final tweet was to his daughter, wishing a "Happy Birthday to Ms. Zelda Rae Williams!" Like any child who loses a parent, Zelda was undoubtedly heartbroken. She posted a heartfelt tribute to her dad on Twitter. In response, several anonymous Twitter users sent her graphic photos purporting to be her father's dead body — taunting her until she decided to stop using Twitter and Instagram altogether.

Social media commentators can be feral. This is largely due to a psychological phenomenon known as the online disinhibition effect. The relative anonymity of social media communications, for some, opens the door for cruel and indifferent behavior.

In the late 1990's Congress became concerned with the volume of pornographic material on the Internet and passed the Communications Decency Act of 1996 (CDA). It attempted to regulate (and prevent) publication of obscene or indecent content to minors. Much of the CDA was held to be unconstitutional a long while ago, but one portion of the CDA continues to live on that has drastic impact on online decency.

Ms. Williams made a reasoned decision to step out of the social media world for a time, but there are certainly steps a user and counsel can take when going through the analysis.

Section 230 of the CDA provides that "[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider."  This single sentence has given immunity to social media platforms, such as Facebook, Twitter, or Instagram, from liability for postings made by users of the platform. So the sites themselves have little concern for liability for defamatory, false, or tasteless content. Plus, posting rude or indecent content — while gauche — is not illegal.

So, what is one to do when confronted with harassing postings on social media websites? Ms. Williams made a reasoned decision to step out of the social media world for a time, but there are certainly steps a user and counsel can take when going through the analysis.

The first step is to determine if there is anything in the posting that includes a threat to life or safety. There is a world of difference between a rude comment and a threat of physical violence, and if a post is threatening to someone or to their family, call law enforcement immediately before doing anything else.

The second step is to determine whether it is worthwhile to spend the effort to respond or attempt to have the postings at issue taken down. It is frequently the best course of action to ignore postings from "trolls" — those who deliberately attempt to inflame or draw a response by posting disruptive content. The goal of many trolls is to elicit a response. By responding or taking action, you are often fueling the trolling flame and will thereby provoke more and more responses. Even if you are able to have a post removed, a sophisticated user can create near-infinite dummy accounts and continue to post more and more negative content if provoked.

Third, assuming you want the content taken down, you should review salient policies and use the reporting mechanisms provided by the platform at issue. Twitter, Facebook, YouTube, Instagram and other platforms are accustomed to getting thousands of reports regarding posted content every day. They all have robust online reporting mechanisms for everything from abusive content, to copyright violations, to violations of the site's terms of service. For example, the users who posted the graphic photos to Zelda Williams were eventually banned from Twitter for violating Twitter's policies after being reported.

Due to the difficulty and expense associated with tracking down a poster, the policies of social media sites serve as the de facto international law of decency for social media postings...

A common rookie mistake from lawyers who are used to paper is to prepare a pen-and-ink letter to put in the mail to demand removal of a post from a major social media website. This is typically ineffective, as most online reporting mechanisms are geared to have rapid responses only to online reports. Paper letters delay the process, where the process is set up to be automated via an online reporting mechanism. In the author's experience, using the online reporting mechanism on most major sites will result in a response and action within 24 hours.

If reporting content does not work, or you wind up with a whack-a-mole situation where the content continues to pop up again and again, you can often seek a cyberstalking injunction. While the parameters of such an injunction varies by jurisdiction, you can typically obtain an injunction against an individual who is repeatedly using electronic communications that cause substantial emotional distress to a person, and the communications serve no legitimate purpose. If the content is defamatory, or lends itself to another cause of action (such as public disclosure of private facts or another privacy tort), you can always sue for injunctive relief to stop the posting as well.

The trouble, of course, is whom to sue when the posting is anonymous?

In a civil proceeding, figuring out who is the posting party typically requires one or more subpoenas. Civil subpoenas are subject to the prohibitions contained within the Stored Communications Act (SCA), 18 U.S.C. §2701, et seq. The SCA prohibits electronic communication service providers (such as Twitter or Facebook) from "knowingly divulg[ing] to any person or entity the contents of a communication while in electronic storage by that service."  18 U.S.C. § 2702(a)(1). The SCA, however, permits service providers to produce subscriber information "to any person other than a governmental entity." 18 U.S.C. § 2702(c)(6).

For that reason, a subpoena served in conjunction with a civil proceeding is permissible if it seeks subscriber information associated with specific accounts. As a practical matter, account holders on various social media sites furnish certain identifying information when he or she creates an account. This information can include name, phone number, and alternate email addresses that may be used for recovery purposes (i.e. forgetting a password). This type of information is not protected by the SCA, as it is not considered content, and may be produced in response to a civil subpoena by a non-governmental entity. See 18 U.S.C. § 2702(c)(6).

Internet Protocol address login records are also obtainable by civil subpoena. Under 18 U.S.C. § 2702(c)(1), customer records or subscriber information may be disclosed as authorized in 18 U.S.C. § 2703, which permits providers to disclose user identification information, "records of session times and durations" and "temporarily assigned network addresses."  18 U.S.C. § 2703(c)(2); see Sams v. Yahoo!, Inc., CV-10-5897-JF HRL (N.D. Cal. 2011) (subscriber information and IP address data is not content-based). As this information is not considered to be content-based, it may be produced in response to a civil subpoena pursuant to the SCA.

Once the subscriber information is obtained, assuming you cannot readily identify the poster, the Internet Service Provider that assigned the IP of the poster would need to be subpoenaed. Most ISPs will likely not turn over this information without a subpoena as ISPs are typically cable providers, and pursuant to the Cable TV Privacy Act of 1984, 47 U.S.C. § 551, cable providers are prohibited from disclosing personally identifiable information pertaining to their subscribers without a court order.

Unfortunately, the end result of the civil action coupled with multiple subpoenas is often a dead-end...

Assuming that the ISP record enables you to identify an individual account holder (as opposed to a shared public wireless connection) who is in the United States, then you can proceed with your civil action with an identified defendant.

Unfortunately, the end result of the civil action coupled with multiple subpoenas is often a dead-end. Users who use public wi-fi accounts, or who post from outside the United States or through proxy servers, can be nigh impossible to identify or to reach with United States-based judicial proceedings.

This is why the policies and procedures of sites, such as Twitter, Instagram, and Facebook, are so important. Due to the difficulty and expense associated with tracking down a poster, the policies of social media sites serve as the de facto international law of decency for social media postings — the social media sites control their terms of service, and they primarily dictate what users can and cannot do. Like Zelda, users who do not want to be exposed to harassing content can choose not to participate, and simply stay offline.


[Adam Losey is an attorney at Foley & Lardner LLP, based out of New York, Florida, and the District of Columbia.  He routinely handles issues associated with the intersection of technology and law, and can be reached at alosey@foley.com.]

Written by:

JD Supra Perspectives

JD Supra Perspectives on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.