The Test of Time: Section 230 of the Communications Decency Act Turns 20

By Ambika Doran and Tom Wyrwich

Twenty years have passed since Congress enacted the Communications Decency Act (CDA)—a law designed primarily to regulate obscenity and indecency on the internet. The statute made it illegal to knowingly send or show minors obscene or indecent content online. Section 230 of the act, 47 U.S.C. § 230, prohibited treating online service providers as the publisher or speaker of content provided by others or holding providers liable for attempts to eliminate objectionable content. Just a year after the CDA’s enactment, the Supreme Court struck down the criminal provisions. Reno v. Am. Civil Liberties Union, 521 U.S. 844 (1997). Only Section 230 survived.

It is no understatement to say the internet would not be what it is today without Section 230. The statute effectively eliminates most ordinary legal responsibilities assumed by traditional publishers with respect to third-party content. And as this article explains, it has largely withstood challenges brought by plaintiffs, even as those challenges became more creative.

The Basics

In 1995, a New York trial court found an internet service provider could be liable for the content of its subscribers’ posts, as the publisher of the content. Stratton Oakmont, Inc. v. Prodigy Servs. Co., 1995 WL 323710, at *6 (N.Y. Sup. Ct. May 24, 1995). The court relied heavily on the fact that the provider advertised its practice of controlling content on its service and actively screened and edited material posted on its message boards.

Congress enacted Section 230 to remove the “grim choice” created by Stratton Oakmont: A provider that voluntarily filtered content would be responsible for all posts, while “providers that bur[ied] their heads in the sand and ignore[d] problematic posts would escape liability altogether.” Fair Hous. Council v. Roommates.com, LLC, 521 F.3d 1157, 1163 (9th Cir. 2008).

The statute contains two substantive protections. Section 230(c)(1) states “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” Section 230(c)(2) states “no provider or user of an interactive computer service shall be held liable on account of… (a) any action taken voluntarily in good faith to restrict access to… material that the provider or user considers… objectionable… or (b) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in [subparagraph (A)].” Section 230(e)(3) states “no liability may be imposed under any State or local law that is inconsistent with this section.” The statute exempts (among others) intellectual property laws and federal criminal statutes. Id. § 230(e)(1), (2).

Early Challenges

Despite the breadth of Section 230’s plain language—or perhaps because of it—plaintiffs began challenging the statute’s reach essentially from the moment of its passage. Early challenges led to the development of what are now basic principles.

Section 230 means what it says. The year after Congress passed Section 230, the U.S. Court of Appeals for the Fourth Circuit became the first federal circuit to interpret the law in the landmark decision Zeran v. America Online, Inc., 129 F.3d 327 (1997). Zeran made clear that the days of Stratton Oakmont really were gone. In Zeran, the court held Section 230 barred a defamation claim premised on AOL’s failure to remove an allegedly libelous advertisement, even after the plaintiff provided AOL notice of the content. It reasoned “Congress enacted § 230 to remove the disincentives to self-regulation created by the Stratton Oakmont decision.” Id. at 331. “[I]n line with this purpose, § 230 forbids the imposition of publisher liability on a service provider for the exercise of its editorial and self-regulatory function.” Id. The court rejected the plaintiff’s argument that common-law principles of notice liability survived Section 230: “Liability upon notice would defeat the dual purposes advanced by § 230 of the CDA. Like the strict liability imposed by the Stratton Oakmont court, liability upon notice reinforces service providers’ incentives to restrict speech and abstain from self-regulation.” Id. at 333.

Zeran’s message was clear: Section 230 was as broad as its language suggested. Over the next two decades, every other federal circuit adopted a similarly broad interpretation.

Section 230 applies to distributors, too. Early challenges to Section 230 also sought to narrow the immunity by arguing the statute applies only to publishers, not distributors. Under the common law, the publisher of a third party’s libelous statement bears the same responsibility as the author; the distributor faces a lower standard. Courts also rejected this argument. See, e.g., Barrett v. Rosenthal, 40 Cal. 4th 33, 48 (2006) (finding little reason “to suppose that Congress intended to immunize ‘publishers’ but leave ‘distributors’ open to liability, when the responsibility of publishers for offensive content is greater than that of mere distributors”); Barnes v. Yahoo!, Inc., 570 F.3d 1096, 1104 (9th Cir. 2009) (distinction between publisher and distributor “has little to do with the meaning of the statutory language”).

Efforts to Broadly Construe “Information Content Provider”

Once courts had established Section 230’s basic contours, plaintiffs turned their attention to the statute’s definition of “information content provider.” Section 230 shields a provider only for content “provided by another information content provider.” 47 U.S.C. § 230(c)(1). The law defines “information content provider” as “any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service.” Id. § 230(f)(3). Attempts to broaden the interpretation of “information content provider”—divided here into two categories—have generally failed.

The life (and death?) of the “encouragement” test. As websites became more interactive, plaintiffs began asserting a site could be responsible for content it somehow elicited. The Ninth Circuit was the first federal appellate court to accept such an argument.

In Fair Housing Council v. Roommates.com, the court held Section 230 did not bar housing discrimination claims against a roommate-matching website that required users to answer questions about themselves, such as their gender, sexual orientation and whether they lived with children, as well as about their housing preferences based on these criteria. 1161-62. The court held “a website helps to develop unlawful content, and thus falls within the exception to Section 230, if it contributes materially to the alleged illegality of the content.” Id. at 1168 (emphasis added). Roommates.com did this, it held, with respect to certain portions of its website. “By requiring subscribers to provide the information as a condition of accessing its service, and by providing a limited set of pre-populated answers,” the court wrote, “Roommate becomes much more than a passive transmitter of information provided by others; it becomes the developer, at least in part, of that information.” Id. See also FTC v. Accusearch Inc., 570 F.3d 1187, 1192, 1199 (10th Cir. 2009) (adopting “material contribution” standard to hold that a website was responsible for developing content because it hired researchers to obtain private telephone records, which required violating or circumventing federal law).

Seizing on dicta in Roommates.com and Accusearch, plaintiffs tried to defeat Section 230 by arguing a provider had helped “develop” content. They sought to expand the “material contribution” exception to include any time a website encouraged or allowed user content. But courts made clear (1) a provider loses immunity only if it develops the specific content alleged to be unlawful, and (2) “material contribution” requires much more than “encouragement” or assent. See, e.g., Hill v. StubHub, Inc., 727 S.E.2d 550 (N.C. Ct. App. 2012) (Section 230 barred claims StubHub violated state anti-scalping laws, even though the plaintiff alleged StubHub designed and intended its website to violate the law). See also Jones v. Dirty World Entertainment Recordings LLC, 755 F.3d 398, 403-06, 414 (6th Cir. 2014) (rejecting claims by the plaintiff, a teacher and NFL cheerleader, that the defendant “theDirty.com” was responsible for defamatory user comments because it encouraged users to post gossip; “an encouragement test would inflate the meaning of ‘development’ to the point of eclipsing the immunity from publisher-liability that Congress established.”).

Repurposing third-party content. A relatively untested theory alleges providers are responsible for content they aggregate and manipulate. Courts that have confronted such situations have generally held Section 230 bars claims based on repurposed user content but not those based on the provider’s own representations about their manipulation of that content. See Levitt v. Yelp! Inc., 2011 WL 5079526, at *7 (N.D. Cal. Oct. 26, 2011) (“Plaintiffs’ allegations of extortion based on Yelp’s alleged manipulation of their review pages—by removing certain reviews and publishing others or changing their order of appearance—falls within the conduct immunized by § 230(c)(1)”).

Arguing a Claim Does Not “Treat” a Provider as a Publisher or Speaker

Numerous plaintiffs have tried to hold websites responsible for failing to prevent physical harm. These cases often attack a different element of Section 230 immunity: whether the claim treats the online service provider as the “publisher” of content. Again, these efforts have failed.

Responsibility for assault of users. Many plaintiffs have brought claims based on assaults perpetrated by and against users of websites. Virtually every court to consider such a theory has rejected it. See, e.g., Doe v. MySpace, Inc., 528 F.3d 413 (5th Cir. 2008) (rejecting minor’s claim based on abuse she suffered after meeting a man on the MySpace website); M.A. v. Vill. Voice Media Holdings, LLC, 809 F. Supp. 2d 1041 (E.D. Mo. 2011) (rejecting claim seeking to hold classified advertising websites responsible for harm allegedly caused by the content of users’ ads); Dart v. Craigslist, Inc., 665 F. Supp. 2d 961, 967 (N.D. Ill. 2009) (same). But the Ninth Circuit bucked this trend when it decided Section 230 did not bar claims against a networking website based on the drugging and rape of a model whom two men had contacted using information from the website, posing as talent scouts. Doe v. Internet Brands, Inc., 767 F.3d 894 (9th Cir. 2014).

Responsibility for defective or illegal products. Less commonly, plaintiffs have tried to hold websites responsible for the sale of unlawful or defective goods. These efforts, too, have failed. See, e.g., Hinton v. Amazon.com.dedc, LLC, 72 F. Supp. 3d 685, 687 (S.D. Miss. 2014) (rejecting claims stemming from sale of recalled hunting equipment on eBay; “[a]ll of the Plaintiff’s claims against eBay arise or stem from the publication of information on www.ebay.com created by third parties”); Inman v. Technicolor USA, Inc., 2011 WL 5829024 (W.D. Pa. Nov. 18, 2011) (eBay not responsible for mercury poisoning contracted by plaintiff after purchasing vacuum tubes from third party on eBay.com); Gentry v. eBay, Inc., 99 Cal. App. 4th 816, 832-33, 121 Cal. Rptr. 2d 703 (2002) (declining to hold eBay responsible for sale of inauthentic sports memorabilia by third parties).

Taking Advantage of Section 230’s Express Exemptions

Section 230 has several exemptions. Plaintiffs have tried to shoehorn their claims into two—those for intellectual property and those for federal criminal law. 47 U.S.C. ¶ 230(e)(1),(2).

Intellectual property. Section 230 states that “[n]othing in this section shall be construed to limit or expand any law pertaining to intellectual property.” 47 U.S.C. § 230(e)(2). Although this language plainly exempts federal copyright and trademark claims, it is less clear whether the exemption encompasses state-law claims for violation of the right of publicity. Courts are split on this question. See Perfect 10, Inc. v. CCBill LLC, 488 F.3d 1102, 1119 (9th Cir. 2007) (“intellectual property” means only federal intellectual property); Curran v. Amazon.com, Inc., 2008 WL 472433 (S.D. W. Va. Feb. 19, 2008) (applying immunity to right-of-publicity claim). Compare with Atlantic Recording Corp. v. Project Playlist, Inc., 603 F. Supp. 2d 690 (S.D.N.Y. 2009) (noting the Ninth Circuit’s conclusion lacked “any support in the plain language of the CDA”); Doe v. Friendfinder Network, Inc., 540 F. Supp. 2d 288, 299 (D.N.H. 2008) (allowing plaintiff to bring right-of-publicity but not invasion-of-privacy claim).

Federal criminal law. Section 230 provides “[n]othing in this section shall be construed to impair the enforcement of … any … Federal criminal statute.” 47 U.S.C. § 230(e)(1). It also states “[n]othing in this section shall be construed to prevent any State from enforcing any State law that is consistent with this section.” This has been fertile ground for myriad attempts to evade immunity—but again, courts have generally rejected these efforts.

For example, plaintiffs have repeatedly argued, unsuccessfully, that these provisions leave room for civil suits alleging a violation of criminal laws. See, e.g., Obado v. Magedson, 2014 WL 3778261, *8 (D.N.J. July 31, 2014) (“exception for federal criminal statutes applies to government prosecutions”); Hinton, 72 F. Supp. 3d at 692 (Section 230 barred civil claim alleging eBay violated federal criminal statute).

Recognizing this—and concerned in particular about third-party ads for sex—three state legislatures enacted criminal laws targeted at advertising. Courts held each of them invalid. See Backpage.com, LLC v. Hoffman, 2013 WL 4502097, at *7 (D.N.J. Aug. 20, 2013); Backpage.com, LLC v. Cooper, 939 F. Supp. 2d 805, 821-26 (M.D. Tenn. 2013); Backpage.com, LLC v. McKenna, 881 F. Supp. 2d 1262, 1274-75 (W.D. Wash. 2012).

Conclusion

In 2012, one court noted it had located 300 reported decisions deciding Section 230 immunity. “All but a handful,” it noted, “find that the website is entitled to immunity.” Hill, 727 S.E.2d at 558. This trend has continued. That does not mean online service providers can operate without fear of litigation. Courts have yet to fully explore fact patterns that do not necessarily fall within the traditional confines of the immunity. And as providers innovate new ways to interact with users, plaintiffs will continue to devise creative challenges to immunity.