Can Parents Be Liable for Negligently Entrusting Their Adult Children with Internet Service?

The Volokh Conspiracy

Mostly law professors | Sometimes contrarian | Often libertarian | Always independent

An excerpt from the very long Doe 1 v. Lamb, decided Tuesday by the Appellate Court of Connecticut, in an opinion by Judge Nina Elgo, joined by Judges Robert Clark and Dawne Westbrook:

This civil action concerns the criminal conduct of the defendant Christopher Lamb, who, utilizing Internet services and computer devices provided by the defendant [Lamb's mother], hacked into the personal accounts of and harassed and exploited a number of innocent victims….

The record, viewed in the light most favorable to the plaintiffs as the nonmoving parties, reveals the following …. In the winter of 2012, Lamb, then twenty years of age, moved back home to live with the defendant and his stepfather in the town of Brooklyn. Having failed out of college, Lamb was, by his own account, "[r]eally depressed," and he attempted suicide.

Lamb "had way too much time" on his hands and, by some point in 2013, had "figured out" that he could break into people's social media and cloud accounts because it was "exciting …." … Lamb would then harvest any compromising or otherwise explicit photographs, using those images as leverage to convince young women to send him more photographs. He conducted all of these activities through the Internet service provided by the defendant, and using an Internet protocol address (IP address) that, ultimately, was identified by the police as the origination of his criminal activity….

Although Lamb did not sell any of the images that he obtained, he did broadly distribute them directly to the parents, friends, employers, schoolteachers, and other contacts of the victims. Lamb estimated that he hacked between seventy and one hundred individuals and obtained sexual images from approximately twenty or twenty-five of them. All of this criminal activity was done through the Internet connection and devices that were provided to Lamb by the defendant, and which were completely under her control.

In August, 2015, Trooper Matthew Pritchard of the Connecticut State Police visited the residence of the defendant while investigating hacking attempts that had originated from her home Internet connection. At that time, Pritchard informed the defendant that there had been an attempt to hack into a young woman's Facebook account, that it "hadn't been accessed," and that the IP address of the hacker had been traced to the defendant's home Internet service…. Initially "scared" by the visit by the state police, Lamb stopped hacking for "a few months …."

Following the visit by the state police, the defendant started "randomly going through the computers in the house" to look for anything "suspicious." She took Lamb's computer "a few times" to "look through it" to make sure he wasn't "doing anything" improper, but the defendant "really didn't know what [she] was supposed to be looking for …."

At some point after this initial contact by the police, Lamb disclosed to the defendant that he was the person who had drawn their attention and that he had hacked "a few others" as well. At that time, Lamb did not inform the defendant that, in addition to hacking into those personal accounts, he had stolen photographs of nude females from those accounts and posted them online….

In September 2017, police officers searched defendant's home; Lamb was prosecuted and ultimately sentenced to serve, in effect, eight years in prison. Some of his victims sued his mother, on the theory that she acted negligently by providing him with Internet service even after she was on notice that he was committing crimes. No, said the court:

[W]e turn to the central question posed by the present appeal, namely, whether a parent who provides an adult child with unfettered access to electronic devices and Internet service, having some knowledge that such access is being used by the adult child for an illicit purpose and having made some assurances to law enforcement that she had taken certain precautions to prevent her family members from using her devices and Internet service for an improper purpose, owes a duty of care to third parties who are harmed by criminal activity perpetrated through the Internet.

In the present case, it is undisputed that the defendant provided a Mac computer and Internet service to her adult son after he moved back into the family home in 2012. It also is undisputed that, sometime in 2015 or 2016, the defendant learned that her son had utilized those instruments to engage in hacking activities but was not aware that he had stolen photographs of nude females or posted them online until after that conduct ceased. The question before us is whether these facts give rise to a duty under our laws. In answering that question, we begin with the issue of foreseeability, followed by an analysis of the various public policy considerations that inform our resolution of the plaintiffs' claims….

In Connecticut, we "impose only a limited duty to take action to prevent injury to a third person. Our point of departure has been that absent a special relationship of custody or control, there is no duty to protect a third person from the conduct of another." "Thus, initially, if it is not foreseeable to a reasonable person in the defendant's position that harm of the type alleged would result from the defendant's actions to a particular plaintiff, the question of the existence of a duty to use due care is foreclosed, and no cause of action can be maintained by the plaintiff." However, "[as] long as harm of the general nature as that which occurred is foreseeable there is a basis for liability even though the manner in which the accident happens is unusual, bizarre or unforeseeable." …

[T]he [trial] court wrote that "it is not at all foreseeable that allowing a person to use one's Internet services will lead to that individual hacking into another's social media accounts in order to obtain intimate pictures to post on the Internet. The causal connection between those two activities is simply too attenuated for this court to determine that the defendant had a duty to protect [Jane Doe 2] from potential harm." Given the pertinent legal principles, applied to the factual scenario presented by this case, we agree with the court's determination that Lamb's actions were not reasonably foreseeable by the defendant….

The plaintiffs argue that "[c]onsiderations of public policy weigh strongly in favor of recognizing the defendant's duty in these circumstances" because there is a general interest in reporting and preventing criminal activity. Pointing to statutes that criminalize misuse of computers, as well as prohibitions against "cyberbullying," the plaintiffs urge us to expand our common-law framework, adapting it to the modern computer age. The plaintiffs further argue that the four factors we must deploy in analyzing the facts of this case—(1) the normal expectations of the participants in the activity under review; (2) the public policy of encouraging participation in the activity, while weighing the safety of the participants; (3) the avoidance of increased litigation; and (4) the decisions of courts in other jurisdictions—all weigh in favor of recognizing a duty on the part of the defendant in this case. The defendant counters that imposing a duty of care on her would violate public policy by "exposing individuals responsible for maintaining an Internet connection to liability for the intentional criminal conduct of one who uses an electronic device to access that Internet connection."

First, the normal expectations of the parties, under the facts of this case, weigh against establishing a duty of care. There are strong presumptions against imposing liability on a parent for an adult child's acts…. Few adults would likely expect to be held liable for such activity on the part of their adult child. Relatedly, there is a strong public policy interest in maintaining widespread access to the Internet. Requiring that a person who provides Internet service to other adults be held responsible for the criminal misuse of that service does not, it seems to us, fall within the normal expectations of individuals in Connecticut.

Second, any benefit that might accrue from recognizing a public policy of encouraging parents to monitor their adult children's Internet usage under such circumstances cannot be counterbalanced by the practical difficulties inherent in taking on such a task. For example, where a user of the Internet has more knowledge than the owner of the electronic devices or Internet service, hiding criminal activity is likely to be fairly simple, and detection unlikely.

Third, were we to conclude that there is a duty of care owed to the plaintiffs on the facts of this case, there can be little doubt that recognizing a duty under these circumstances would increase litigation…. As the defendant points out, and as we have already stated, the plaintiffs' argument leads to the possibility that anyone who purchases and controls an Internet connection could theoretically become liable for damages to a third party that are caused by the criminal activity of another person who uses that Internet access….

We acknowledge that the harm perpetrated on the plaintiffs in this case was extreme—but the gravity of the harm is not the only factor that we are required to consider. With respect to whether the defendant was aware of Lamb's "past conduct," the plaintiffs argue that, because Lamb had admitted to the defendant that he had engaged in hacking activities following the police visit in 2015, she therefore "easily was aware" that Lamb would have the "temptation [and] opportunity" to engage in the same behavior. Although it is true that Lamb admitted engaging in such conduct to the defendant, there also is no evidence in the materials submitted in connection with the motions for summary judgment that the defendant was aware that Lamb had stolen photographs of nude females from the hacked accounts or posted them online until after that conduct had ceased.

As Lamb stated in his January 3, 2019 statement to the police: "I didn't … go into detail of what I was doing. I don't think [the defendant] … she didn't quite get what I was doing. I think that she thought, you know, I kind of tried to get into someone's account for whatever reason or whatever, and then [she said] don't do it again…. [She was] clearly mad, disappointed at me … but I don't think—because I didn't really explain it very well." Lamb also told the police that, in retrospect, he "could have said more, gone into detail a little bit more of what [he] was doing so [the defendant] had a better understanding that … this wasn't, like, a small thing …." Under those particular facts, which the plaintiffs have provided no evidentiary basis to dispute, we reject the plaintiffs' contention that the defendant possessed knowledge that Lamb would be tempted or provided an opportunity for further misconduct of the kind that ultimately was discovered….

Stephanie M. Javarauckas and Edward W. Gasser represent the mother.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Allegedly False Rape Accusations as Sexual Harassment for Title IX Purposes

Hide Comments (24)

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Longtobefree 3 weeks ago

Clearly Trump's fault.

Log in to Reply
1. Krayt 3 weeks ago
  
  2013, clearly a Thanks, Obama!
  
  Log in to Reply
2. Zarniwoop 3 weeks ago
  
  Even if it was (it's not), he'd just dodge and blame Biden.
  
  Log in to Reply
ReaderY 3 weeks ago

I think reasonable foreseeability is the key issue here. Not the only issue, but a showstopper in and of itself. It’s just not reasonably foreseeable that your 20 year old adult son, keeping to himself in his room, would spend his time in his room at his computer hacking into other people’s accounts.

When would such liability end? Should parents be required to open and read all their children’s mail on pain of liability if they don’t until they are 25? 30? 50? Should children be required to open and read all their elderly parents’ mail on pain of liability if they don’t? And why should internet service be treated differently from mail service?

Log in to Reply
1. Stupid Government Tricks 3 weeks ago
  
  Most people know as much about their computers as they do about washing machines. Expecting parents to know enough about hacking to refer their adult children to the police is just another excuse to reject individual responsibility. Deep pockets may also have been an issue here.
  
  Log in to Reply
2. wvattorney13 3 weeks ago
  
  The article said that she was on notice that the kid had been hacking.
  
  If he was an alcoholic and she let him drive her car, and he crashed and injured someone, liability would be clear for negligent entrustment.
  
  I know that this is different, but I am having trouble articulating why it is different.
  
  Log in to Reply
  1. Tom O'Brien 3 weeks ago
    
    Here is the difference: someone who is intoxicated cannot choose not to be an impaired driver. An adult who has been remonstrated by someone he is dependent on can decide to alter his behavior.
    
    Log in to Reply
    1. wvattorney13 3 weeks ago
      
      I'm not talking about a one time thing where the kid is blind drunk and the mom hands him her keys. I am talking about a general permission to drive her car with clear instructions that he is not to drive drunk.
      
      She would still get hit with liability.
      
      Log in to Reply
      1. Just Eric 3 weeks ago
        
        If the person still has a driver's license, or if the car owner reasonably believes the person to be a licensed driver, such a liability claim should be an easy loser.
        
        Log in to Reply
        
        wvattorney13 3 weeks ago
        
        It is decidedly not a loser.
        
        Log in to Reply
      2. y81 3 weeks ago
        
        There is a statutory scheme in every state I know which (i) requires owners of cars to purchase liability insurance and (ii) makes them (or their insurance company, really) liable for any harms negligently inflicted by anyone driving that car. If you have a teenager living in your house, your insurance will be much more expensive. That scheme is not applicable to computers or other devices that I know of.
        
        For the sake of completeness, I mention that there are some states with "no-fault" insurance, which we will not discuss, and some variation or uncertainty about the liability for harms caused by drivers of stolen cars.
        
        Log in to Reply
        
        wvattorney13 3 weeks ago
        
        So you are claiming that unless the state requires insurance for a particular product someone cannot be negligent for misusing it? Or better stated, not negligent for allowing someone with a proclivity for misuse of it to use it?
        
        Log in to Reply
  2. Stupid Government Tricks 3 weeks ago
    
    Like I said, most people know diddly-squat about computers or what "hacking" means. You might as well tell her that her son was adding a cutout to her car's exhaust system; is she supposed to think, "Oh, that would increase my car's noise and reduce its catalytic converter effectiveness in reducing pollution. I better call the police."
    
    Log in to Reply
    1. wvattorney13 3 weeks ago
      
      "Like I said, most people know diddly-squat about computers or what "hacking" means."
      
      I would agree that the average person doesn't know the mechanics of hacking, but they have heard that term and know that it is a bad thing. Plus the cops were at the house investigating. I have a hard time believing that the mother did not know, at minimum, that there was a risk that he was doing bad things with her computer and internet.
      
      But the court relied on the no duty argument, which is odd. Why wouldn't in the auto case a court say that the mom had no duty to a particular person who was injured? In that case, as the scope of the injury was broad, the duty is to anyone who may be injured. That seems to be spot on with this case.
      
      I think the Plaintiff has cleared duty and, at least in my mind, the real issue is the breach of a that duty of care and whether that existed.
      
      Log in to Reply
      1. Roger S 3 weeks ago
        
        No, I do not think the average person does know that hacking is a bad thing. The term is commonly used for a wide range of legal activities.
        
        Log in to Reply
        
        Stupid Government Tricks 3 weeks ago
        
        Exactly. As in my comparison to modifying an exhaust system. How many people would understand that's illegal or why?
        
        I've known couples, old ones who had been married for 30-40 years, where the husband took care of all the routine maintenance, including filling the tank, and the wife had no idea that cars could run out of gas. One husband coddled his wife so much that she didn't even know how to use the remote to turn on the TV or change channels.
        
        Log in to Reply
        
        wvattorney13 3 weeks ago
        
        Really? Do these legal activities have the police coming to your house to investigate?
        
        In any event, this would be a jury question over whether a reasonable person would realize the harm, not a full "no duty."
        
        Log in to Reply
        
        Roger S 3 weeks ago
        
        The police might come if there is a complaint, even if there is no merit to the complaint.
        
        Log in to Reply
  3. Rossami 3 weeks ago
    
    Being an alcoholic does not mean that you are drunk and impaired at the time. Contrary to your claim, merely being an alcoholic is not enough to trigger negligent entrustment.
    
    Log in to Reply
    1. wvattorney13 3 weeks ago
      
      Sure it is. Look at the Alex Murdaugh case. What started to bring down Murdaugh was that he was being sued for allowing his adult child to operate his BOAT when the kid had a history of drunken foolishness.
      
      Murdaugh said, "Here take the full limits of my homeowners policy." Not enough," said the plaintiff's lawyer and started snooping into Murdaugh's personal funds, which would have uncovered his stealing from clients.
      
      Log in to Reply
      1. TwelveInchPianist 3 weeks ago
        
        Looking at the opinion, a computer doesn't count as a dangerous instrumentality.
        
        It sounds like, if your kid's a bank robber, you can loan him a ski mask but not a gun.
        
        Log in to Reply
        
        wvattorney13 3 weeks ago
        
        "Looking at the opinion, a computer doesn't count as a dangerous instrumentality."
        
        I noticed that. It seems to imply that the only type of damage that a person can suffer is physical. That's not the case as seen here.
        
        None of this is to say that I think there should be a recovery against the mother. In my mind the best argument is that the kid's intentional criminal act which directly caused the harm is a supervening cause which cuts off any negligence.
        
        The drunk driver is negligent himself---he means no harm to anyone. This kid intentionally caused harm.
        
        Log in to Reply
3. snarling_dog 3 weeks ago
  
  It is reasonable to forsee that if you are in possesion of naked images of yourself on an electronic device, those images eventually will be on full display for the world to see.
  
  Log in to Reply
  1. wvattorney13 3 weeks ago
    
    Yeah, that's not how it works. Just because you leave your front door unlocked that doesn't give someone the right to walk in and steal things.
    
    Log in to Reply

Please log in to post comments

The Volokh Conspiracy

Can Parents Be Liable for Negligently Entrusting Their Adult Children with Internet Service?

Latest

Feds Pump the Brakes on Autonomous Trucks

What I Saw at the No Kings Rally in New York City

Utah's New Union Law Faces a Ballot Box Battle

Javier Milei's Libertarian Experiment is in Jeopardy. Argentina's Midterm Elections Will Determine Its Fate.

Needlessly Strict Federal Rules on Radiation Exposure Are Stalling Nuclear Power Development

Recommended

Login Form

The Volokh Conspiracy

Latest

Feds Pump the Brakes on Autonomous Trucks

What I Saw at the No Kings Rally in New York City

Utah's New Union Law Faces a Ballot Box Battle

Javier Milei's Libertarian Experiment is in Jeopardy. Argentina's Midterm Elections Will Determine Its Fate.

Needlessly Strict Federal Rules on Radiation Exposure Are Stalling Nuclear Power Development

Recommended