Be careful whom you entrust with administrator access to your brand’s social media accounts. If an administrator does use your brand’s social media accounts beyond their permitted use, you should formally revoke their authority to access the accounts to allow potential legal action based on their unauthorized use after the revocation.

That lesson was learned the hard way by the United Federation of Churches, doing business as (and better known as) The Satanic Temple, which recently had its lawsuit against its former social media administrators dismissed. United Fed’n of Churches LLC v. Johnson, No. 2:20-cv-00509-RAJ (W.D. Wash. Feb. 26, 2021).

The Satanic Temple’s Washington Chapter has three social media accounts, all of which were maintained and controlled by members of the Temple who were “approved administrators,” and whose actions were subject to a written Code of Conduct from the Temple.

In March 2020, the defendant administrators left the Temple and took control of its social media pages. They removed all other administrators approved by the Temple – effectively locking the Temple out of the accounts –  and posted manifestos claiming that Temple leadership are alt-right white supremacists who supported ableism and misogyny. The name of one secondary social media page was changed to “Evergreen Memes for Queer Satanic Friends.” On another social media page, they followed a number of extremist groups, in what the Temple characterized as an attempt to create a false impression of affiliation between the Temple and extremism.

The Temple has been unable to recover access or control of the two main social media  pages, and the “Evergreen Memes” page is still active and posting regularly under the control of the defendants.

The Satanic Temple sued the administrators in the Western District of Washington for a number of claims, including violation of the Computer Fraud and Abuse Act (“CFAA”) and violation of the Anti-Cybersquatting Consumer Protection Act (“ACPA”).

The Temple claimed that the defendants violated the CFAA because they exceeded their authority as social media page administrators, and violated the Temple’s Code of Conduct for administrators. This argument was rejected, as the Ninth Circuit has made clear that violating a company’s terms of use is not sufficient to maintain a CFAA claim. The CFAA’s prohibition on activities that “exceed[] authorized access” does not apply to activities that exceed authorization, but only to violations of restrictions on access to information. The abuse of administrative authority itself is not punishable under the CFAA, unless that abuse of authority involves the access of information to which the administrator has no right.

The Temple further argued that their revocation of defendants’ authority to access the social media accounts should place the defendants’ actions within the sphere of the CFAA. This argument relied upon two California district court cases that found CFAA violations where defendants continued to access the plaintiffs’ websites after authority to do so was revoked. Unfortunately for the Temple, in those cases, the plaintiffs had revoked defendants’ access to their websites through cease and desist letters which the defendants ignored. The activity of defendants in accessing the websites after receipt of the cease and desist letters constituted unauthorized access under the CFAA.

Here, the Satanic Temple did not send explicit cease and desist letters to defendant – while it pled that it “demanded the return” of the social media pages, this conclusory statement did not allege a revocation of authority sufficient to support the CFAA claim.   (Readers interested in the CFAA may be aware that the U.S. Supreme Court heard arguments on November 30, 2020 in a case relating to the scope of “exceeding authorized access” requirement of CFAA in Van Buren v. United States (No. 18-12024).)

The Satanic Temple’s ACPA claims were also dismissed, as the district court found that the ACPA did not apply in this case. The ACPA prohibits the unauthorized use of trademarks (or confusingly similar marks) in domain names. However, courts have not stretched the definition of “domain names” to include “vanity urls” that follow domain names. In this case, for “facebook.com/TheSatanicTempleWashington,” the “domain name” is “facebook.com,” which the Temple does not own. The court declined to extend the ACPA to include trademarks appearing in post-domain paths.

The Takeaway

Although most large brands have social media accounts, laws taking aim against computer fraud and cybersquatting are ill-equipped to handle disputes between brands and their social media account administrators. When potential issues do arise, companies should immediately and formally revoke access to the accounts in order to maintain potential Computer Fraud and Abuse Act claims based on future account access in violation of that revocation.

 

* Many thanks to Mary Catherine Amerine for her contributions to this article. Ms. Amerine is admitted to practice in Ohio, Virginia and the District of Columbia. Her practice in federal copyright, trademark, and false advertising law  is supervised by principals of the firm admitted in Texas, her current state of residence.