December 18, 2012 | By Adi Kamdar

CDA 230 Success Cases: WordPress.com

This is the second part in a series of posts about the importance of Section 230 of the Communications Decency Act (CDA 230). CDA 230 limits the liability of a number of Internet services that host user-generated content.

One of the largest hosts of third-party speech is the site WordPress.com. With over 38 million sites all over the world, the site has empowered users to speak their minds and comment on each other's creative content.

We spoke with Paul Sieminski, General Counsel of Automattic, the owner of WordPress.com, about the importance of CDA 230 on free speech online.

What types of complaints or legal threats have you encountered regarding user behavior or content?

We receive a good number of DMCA [Digital Millennium Copyright Act] requests.These are something I'd like to track a little more. A lot of them are from big media companies. Those are easy enough to deal with—just need to make sure we turn them around quickly.

We do look at all of these complaints carefully. We get a number of DMCA takedowns [for which] there's clearly another purpose behind them rather than taking down stuff for copyright infringement.

We don't get very many defamation notices from the U.S., but we get a ton from outside the U.S. That fact almost proves a negative as to why CDA 230 works: people in the U.S. know legal threats like that don't work. Instead, people in the U.S. ask for identities of users so they can sue them. We have a policy of not turning that information over without a court order.

Outside of defamation, the main legal complaint has to do with abuse. Our filter for most of that stuff is our Terms of Service. Our Terms of Service and the First Amendment are probably 95% aligned, but things like the publication of private information (such as a private phone numbers or Social Security numbers) is where we draw the line. For example, there was an anti-police blog that posted private, personal information of officers. Personal attacks, threats, abuse, and bullying are also subject to the same treatment by us, especially if it's not a public figure who's the target.

We try to be as narrowly tailored as possible when we contact our users. If someone complains about something specific on a site and we find that it violates our terms, we tell the site owner to take down those particular pages or posts—but not necessarily the entire site.

When people do complain about content, we first ask ourselves, is this violating our Terms of Service? If not, we tell them to take it up with the user. Occasionally, they threaten to sue us, in which case we tell them we're not liable because of laws like CDA 230.

What kind of staff do you have dedicated to reviewing complaints? How many resources do you spend on reviewing and responding?

We have a "happiness engineering team," which is our term for user support—they answer tickets. A subgroup of them is dedicated to our Terms of Service. Court orders and law enforcement requests also get filtered through them. I get involved with anything coming from these sources.

What if Automattic were liable for third-party content?

I think that it would definitely change our philosophy toward the speech we permit. Our philosophy now is to promote as much speech as possible. When we get a complaint from someone about a piece of content they disagree with, I like to say: that's the beauty of the blog's comment section. The cure for bad speech is more speech. It's much easier to make that argument if you're not liable.

Without 230, we'd probably have to treat most content in a DMCA-like manner. We'd be more likely to take posts down and try to have a built-in procedure to put them back up if we received feedback from the user. The problem would be with claims like defamation: we'd have no idea what's a valid claim and what's not. As a host we shouldn't have to get involved.

Do you think that the protections of CDA 230 should be narrowed? Increased?

I think to the extent that it protects speech, you can't get much more expansive. I think the concept of no third-party liability is good. To counteract that, more sophisticated folks are using the DMCA takedown process even when they technically can't. These requests have a much better chance of at least making me afraid.

What other changes could be made to help protect online intermediaries like Automattic? Other laws?

From a user perspective, anti-SLAPP is absolutely necessary. I'd like to see such legislation or systems in place across the board. We like to look out for our users, and I don't like the idea of throwing them to the wolves, so to speak, when there's a threat of legal action that seems SLAPP-worthy. Right now we don't turn over their identities without a court order.

Do you think that intermediary immunity such as that granted by CDA 230 should be expanded to offline behavior?

I don't see why not. One of the underlying tenets of 230 is that the Internet or even my site is so vast that there's no practical way to police it. With a newspaper, it's tougher to make that argument.

Across the board, I think the general rule should be: Whoever wrote it should be liable for it.

WordPress.com is another example of the many websites that owe their existence to CDA 230—and there are countless more. Stay tuned for further CDA 230 success case profiles.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

América Latina: ¿Cuáles son las prácticas de vigilancia en las protestas sociales? via @antivigilancia https://eff.org/r.aj96

Jul 29 @ 6:45pm

Big win for transparency: the California Supreme Court has agreed to hear EFF and ACLU's license plate reader case: https://eff.org/r.pqk1

Jul 29 @ 5:21pm

Getting to the heart of the NSA double-speak about data deletion, from @stevennelson10 and @usnews: https://eff.org/r.62rm

Jul 29 @ 5:10pm
JavaScript license information