Restoring Notice-Based Liability Under Section 230?
Enacted in 1996, federal legislation commonly known as “Section 230” (of Title 47 of the U.S. Code) immunizes a provider of “interactive computer service” from liabilities caused by certain third-party content and actions.[1] The statute contains two substantive protections. First, it states that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”[2] By defining interactive computer service providers as non-publisher, subsection (c)(1) removes them from liabilities attached to the publishers of unlawful content. The second subsection under 230(c) further states that no interactive computer service shall be held liable for “(A) good-faith acts to restrict access to, or remove, certain types of objectionable content; or (B) giving consumers tools to filter the same types of content.” [3] This enables interactive computer service to create self-regulatory guidelines and remove content it deems objectionable without worrying about legal reprisal. The statute defines “interactive computer service” as “any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server,”[4] which is to be distinguished from “information content provider,” namely, those “responsible, in whole or in part, for the creation or development of information[…].”[5]
Since the enactment of Section 230, cases in the lower courts have wrestled to delineate the extent to which Section 230 eliminates intermediary liability. One set of cases questioned whether the statute-granted immunity applies only to publishers and leaves distributor liabilities untouched.[6] Under the common law tort of defamation, the publisher of a third party’s libelous statement bears the same responsibility as the author, whereas the distributor (such as traditional news sellers or book sellers) is subject to a lower standard.[7] Publishers or speakers face a stricter standard because they exercise editorial control. They could be strictly liable for transmitting illegal content. But distributors are different. They act as a mere conduit without exercising editorial control, and they often transmit far more content than they could be expected to review. Distributors are thus liable only when they knew (or constructively knew) that the content was illegal.[8] In one of the earliest cases interpreting the scope of Section 230 immunity, the Fourth Circuit Court of Appeals declined to distinguish between publisher and distributor liability.[9] The Court reasoned that 1) “both the negligent communication of a defamatory statement and the failure to remove of such a statement […] constitute publication” and 2) recognition of liability upon notice would stifle speech (incentivizing service providers to overzealously remove user-generated content) and defeat the statutory goal of promoting platform self-regulation.[10] A similar question arose before the Ninth Circuit Court of Appeals in Barnes v. Yahoo,[11] where the Court deemed it unnecessary to “resolve the dispute [of whether § 230(c)(1) encompasses both publishers and distributors] at all, because it has little to do with the meaning of the statutory language.”[12] Given that the statute does not mention defamation, the Court declined to read the principles of defamation law into it.[13] In Barnes, the plaintiff also attempted to bypass Section 230’s liability shield by creatively fashioning its claims. The Court rejected the “negligent undertaking” argument – that Yahoo! had negligently failed to undertake to remove the fraudulent profile, however, the Court held that claim for promissory estoppel, based on Yahoo!’s agreement to remove the content, was not barred by Section 230.[14]
In its interpretation of Section 230(c), the Ninth Circuit concluded that while subsection (c)(1) “shields from liability all publication decisions” for user-generated content, subsection (c)(2) protects any good faith restriction on objectionable user-generated content.[15] The Court noted that even though an intermediary may fall outside the protection of (c)(1) – because, for instance, it helped develop user content – it can nonetheless enjoy the benefit of subsection (c)(2), namely, escaping liability for its good faith action to restrict access to objectionable content.[16]
Although subsection (c)(2) covers more types of activities than (c)(1) under the reading of Barnes, subsection (c)(2) does not cover all actions restricting access. Any action covered must be in good faith. Subsection(c)(2) itself is also silent on whether failure to restrict access, when conducted negligently, or in bad faith, is covered by the statute and exempt from liability. An intermediary challenged for its failure to remove user-generated content by negligence or bad faith, therefore, can only resort to subsection (c)(1) for immunity.
Interpreters of 230 (c)(1) may have incorrectly assumed that all acts relating to access to user content (including taking down and keeping up) to be decisions of a “publisher.”[17] There are two arguments against such a reading. One is that the drafters of Section 230 clearly wrote a separate subsection (c)(2) to address acts of restricting access to content, so when they used the term “publisher or speaker” in subsection (c)(1), they probably did not intent the term “publisher” to cover acts of restricting access. The other argument is that while publishers do remove content, not all removing activities constitute publishing. A local pub owner who does not tolerate hate speech graffiti on the building wall may have acted as a publisher, but a university janitor who removes an overdue poster on the locker of a graduated student arguably has not acted in the capacity of a publisher. Nor has that janitor acted as a publisher if he forgot to remove the same poster. Arguably, not all failure to remove third-party content constitute publication. The Barnes court did notice the difficulty interpreting “publisher or speaker.”[18] Footnote 11 of the case stated that “[i]t might be more straightforward to narrow the meaning of ‘publisher’ liability to include only affirmative acts of publication but not the refusal to remove obscene material. That path, however, is closed to us.”[19]
One may argue that to predicate liability upon whether a company knowingly leave up user-content is equally inapposite for the cyberspace. However, in recent years, Justice Thomas has indicated a willingness to restore notice-based liability for Section 230. In a 2020 statement respecting the denial of certiorari in Malwarebytes Inc. v. Enigma Software Group USA, LLC, Justice Clarence Thomas offered a narrow reading of statutory language – if an intermediary unknowingly, or in good faith, leaves up illegal third-party content, it does not become a “publisher” and therefore is protected from publisher liability by § 230(c)(1); and if it takes down certain third-party content in good faith, it is protected by § 230(c)(2)(A).[20] Again, in March 2022, Justice Thomas wrote to question the appropriateness of a broad interpretation of Section 230 that dispenses any notice-based liability.[21] Perhaps we will soon see the United States Supreme Court step in to weigh on the meaning of Section 230.
Footnotes