Not a member yet? Register for full benefits!

The legalities of Snooping


Recently, a long-winded discussion started on TMC's administrative ethics forum about snooping and privacy on MUDs. As usual, the debate was heated, revolving about "rights", "obligations" and "expectations" for privacy, player rights, administrator rights, human rights, you name it (Old Usenet rule #7 comes to mind: "Go not to UseNet for counsel, for they will say both `No' and `Yes' and `Try another newsgroup'"). At the time of this writing, the debate still goes on, by the way.

An interesting issue which was only partially raised was about the legal aspects of snooping. So I went back to my search engines and had a look at the available jurisprendence.


As usual, I am no lawyer, and hence this page does not constitute valid legal advice. So I recommend you take my opinions with a grain of salt.

Scope: The question at hand

Let me first state that, as a casual immortal, I think of snooping as an administrative tool, just like a who command tracing the IPs of all users. Personally, I use it for debugging purposes (I never reached the privilege required to perform "non-voluntary" snoops anyway).

This being said, the whole debate in the ethics forum was focussed on the need for privacy for players, while some people contended that snoop was necessary anyway, especially when related to potential harassment and other forms of abuse.

My research focusses (again) on the liabilities of admins, related to harasment cases. My findings are therefore closely linked to that situation.

Legal core: The immunity clause

In my reading of current US laws (note that this does specifically not apply to UK laws), a mud admin could probably successfully claim immunity if a complaint or lawsuit is brought against him concerning the actions of one player on the MUD (See USC 47 § 230: "No provider or user of an interactive computer service shall be treated as a publisher or speaker of any information provided by another information content provider.").

This clause, tested in court and now known as the "Zeran" case, has been interpreted in ways which don't hold the provider of a medium of communications liable for the communications between users.

The Doe v. AOL Case

The above-mentionned law has not been often tested nor challenged in court, in fact, there are, to my knowledge, only two other cases who dealt with similar issues, and both concluded that the provider could not be held liable for the actions of their users. In other words, the immunity clause has been upheld in all three cases.

The above-mentionned case (Doe v. AOL) merits some additional considerations, though.

The background to the case is the following:

In 1994, an AOL user lured three minors to engage in sexual activities with him. Activities which were videotaped by this user, who then advertised those tapes in various chatrooms (yeah, it is all quite disgusting).

Doe's mother filed suit against the AOL user and against AOL directly, on the basis that AOL not only should have known that its service was abused for this kind of crimes, but further failed to act by removing the offending content once notified of its existence.

The case went up through three instances, and all ruled to uphold the immunity clause, despite the fact that criminal activity was involved (a quick reading of USC47§230 shows that there is an explicit disclaimer about criminal laws).

The interesting part here is that the appeals court, altough upholding the immunity, held the case alive by raising three questions to the Supreme Court of Florida.

The question pertaining to this research was:

"[...]whether a computer service provider with notice of a defamatory third party posting is entitled to immunity under section 230 of the Communications Decency Act?".

In march 2001, the Florida SC issued an opinion which we will examine in some detail.

The majority opinion in Doe vs. AOL.

The majority opinion in this case ponders at length if AOL is subject to the immunity clause by analyzing if AOL was a publisher or a disctributor of the content. It concludes that AOL is a publisher of content spoken or published by another one and hence entitled to immunity.

In this, the majority, perhaps predictably, just followed the jurisprudence formed by the Zeran case.

Note that the majority opinion was 4:3.

The dissenting opinion in Doe vs. AOL.

Why is the dissenting opinion of interest?
First, because the majority is a mere 4:3. This means the dissent had a strong case.

Also, with the lack of other cases, it is almost granted that the next court will revert to both the majority and dissenting opinions in this case. And finally, the dissent raises some serious issues, which are related to snooping in MUDs.

The dissent states the following:

Congress' intent in enacting USC 47§230 was to protect Service Providers from liability when they took actions to block or remove offending content. Instead, Zeran and the majority in Doe have interpreted the law as providing a blanket immunity even in the case the provider fails to act upon notification of criminal material.

Quoting the dissent's interpretation of the immunity clause:

"What conceivable good could a statute purporting to promote ISP self-policying do if, by virtue of the court's interpretation of this statute, an ISP which is specifically made aware of child pornography being distributed by an identified customer, may [...], with impunity, do absolutely nothing and reap the economic benefit flowing from the activity?
Such an absurd interpretation is totally unwarranted."

The dissent concludes that the immunity clause should not be used for providers who fail to act when they do know about abuse or criminal conduct on their service.

How does this concern MUDs and snooping?

These are the conclusions I draw from this case:

- The dissent raises a very valid point, which may be considered in future court decisions: Immunity should not be applied to a failure to act upon notification of wrongdoing.
- Immunity does however apply to any MUD admin deciding to act upon such a notification.
- In order to be able to verify the validity of a player complaint, the MUD adminstration should have at its disposal the tools needed for appropriate monitoring of what's going on on the MUD.

Snooping and logging are, to my knowledge, the best tools available to admins for ascertaining the validity of a complaint. In regards to the legal situation, my conclusion is that the expectation of user privacy should not deprive a MUD administration of the means to verify and act upon abuse.
Altough the ethics may be debatable (and have been debated to death on the ethics forum), I believe that snooping is necessary. Ethically-minded MUD admins may put a note about the snooping command in their (already long by now) disclaimer or their rules helpfile, but should not expose themselves to legal risk by forfeiting the technical means to follow up on valid complaints.

Copyright by Alastair, Winter 2002.
Created: January 30th, 2002
For constructive input, please mail

Staff Comments


Untitled Document .