One of our most valuable tools for protecting freedom of expression and innovation on the Internet—a law that shields websites and other Internet service providers from being held responsible for content that comes from users or third parties—has been under fire in recent years. The law, 47 U.S.C. § 230, a provision of the Communication Decency Act, was designed to encourage the development of new communication technologies and to protect free speech and the open exchange of ideas online. Just like you can’t hold a library liable for defamation for a statement written in a book you check out, or for hacking after someone breaks into a computer after learning how to do so from a library book, under Section 230, you can't hold a website liable for the speech of others.
But a dangerous trend has emerged over the last few years in lawsuits involving the statute: courts carving out various categories of behavior as beyond the scope of the statute’s immunity. This trend threatens to slowly whittle away the vast protection Section 230 provides for online freedom of expression.
The Ninth Circuit Court of Appeals took this route in a recent opinion in Doe v. Internet Brands, which held that Section 230 did not immunize a networking website from a “failure to warn” claim. The Ninth Circuit held that Section 230 “is not an all purpose get-out-of-jail-free card”; it only applies when someone is trying to hold a service provider liable for third party content. And the court concluded that wasn’t the case in Doe v. Internet Brands.
In the case, the website, Internet Brands-owned modelmayhem.com, failed to alert its users that two individuals, Lavont Flanders and Emerson Callum, were using the site to lure and attack women. The plaintiff fell victim to the two men’s disturbing scheme after Internet Brands was well aware of how they were using the website to find victims. She sued, arguing that Internet Brands had a legal duty to warn her and other users about this known threat and that Internet Brands had violated that duty. The website countered that Section 230 immunized it from liability. The district court agreed with Internet Brands, but the Ninth Circuit reversed, finding in an initial decision that Section 230 did not immunize the website from the failure to warn claim. And on May 31, 2016—after withdrawing its original opinion and rehearing the case—the court doubled down on its holding.
According to the court, Section 230 immunity did not apply because the plaintiff’s claims were based on Internet Brand’s own conduct—its failure to act—given information it had learned offline, rather than through content posted on its own platform by its users. The court’s second opinion, which was almost identical to its first, stressed that the website had learned about Flanders and Callum via an “outside source,” not from monitoring content posted on its site, and that it knew criminal charges had been filed against the two men. The men, who victimized about 100 women via their scheme, were each ultimately sentenced to 12 consecutive life terms.
There is some logical appeal to the court’s reasoning. But it is nevertheless concerning because any duty the website purportedly has to warn its users only exists because of its status as a conduit or middleman for user-generated content. Any separation between the website’s role as a platform for user content and as an entity with a duty to its users regarding their use of the site seems artificial.
Because the court found that Section 230 doesn’t shield Internet Brands from liability, the plaintiff’s lawsuit will go forward. The district court will now consider whether the website actually had a duty to warn its users in this context and whether it violated that duty.
This isn’t the first time the Ninth Circuit carved categories of behavior out of Section 230 immunity. In Fair Housing Council of San Fernando Valley v. Roommates.com, for instance, the court held that a website could not claim Section 230 immunity from an anti-discrimination lawsuit where it required its users, as a condition of accessing its service, to answer specific questions—which violated housing laws—by choosing among a set of pre-populated answers provided by the website. EFF filed an amicus brief in the case, arguing that such a ruling would stifle innovation and leave service providers without a clear path to avoid liability, undermining Congress’s goals in enacting the statute. But the court nevertheless found no Section 230 immunity. Later, in Barnes v. Yahoo!, the court held that Yahoo! wasn’t shielded from liability for failing to take down a false profile posted by a third party after a company employee had promised the plaintiff the profile would be removed. The court reasoned that “liability here would come not from Yahoo’s publishing conduct” but instead from the company’s failure to follow through on a legally binding promise to take something down. In both cases, the dispute centered on content posted online by a third party, but the court nevertheless explained away Section 230 immunity.
In Doe v. Internet Brands, the Ninth Circuit paid significant attention to offline events, and the decision should be limited to its highly unusual facts. But we should all beware of the trend of carving out certain categories of behavior from Section 230 immunity. Broad immunity ensures that service providers will leave their platforms open for all of us to communicate, learn, and engage online. Limiting Section 230 will stifle innovation, chill online speech, and flout the public’s First Amendment interest in an uncensored Internet.