Immunity for Web Site Owners

9-9-2009 National:

Web sites, social networks and other interactive service providers facilitate the display and exchange of a staggering amount of user-generated information, much of it idle chatter, meaningful commentary and helpful information, though some of it defamatory and offensive speech. Without certain protections, a site owner could face liability, and such a threat conceivably would have a chilling effect on the vibrant exchange of ideas on the Web. As such, over a decade ago, Congress enacted Section 230 of the Communications Decency Act, which effectively immunized qualifying service providers from most tort liability for publishing third-party content.

This article will discuss CDA immunity generally and the broad interpretation afforded by the majority of courts, certain limitations to immunity and some practical guidelines for providers to stay within the CDA's protections.

CDA GENERALLY

Generally speaking, CDA §230 is designed both to promote the free exchange of information online and encourage voluntary monitoring of offensive material. Section 230 was enacted based on a congressional concern that treating providers of computer services the same way as traditional publishers would impede the development of the Internet. Accordingly, Congress made the legislative judgment to effectively immunize providers of interactive computer services from tort liability with respect to material disseminated by them but created by others. See Blumenthal v. Drudge, 992 F.Supp. 44, 49 (D.D.C.1998).

There are three essential elements that a party must establish in order to claim §230(c)(1) immunity: (1) it is a provider of an interactive computer service; (2) the cause of action treats the party as a publisher or speaker of information; and (3) the information at issue is provided by another information content provider. This grant of immunity applies only if the interactive computer service provider is not "responsible, in whole or in part, for the creation or development of" the offending content. The CDA does not necessarily offer blanket immunity, as the statute explicitly does not provide immunity from federal criminal laws, laws "pertaining to intellectual property" and "communications privacy law." 47 U.S.C. §230(e)(1)-(2), (4).

While CDA §230(c)(1) protects qualifying providers from liability for third-party content, §230(c)(2)(B), on the other hand, covers actions taken to enable others the technical means to restrict access to objectionable material. This section of the CDA provides protection for "good Samaritan" blocking and screening of offensive material, such that no provider or user of an interactive computer service shall be held liable on account of any action taken to enable or make available the technical means to restrict access to offensive material. Thus, a provider of software or enabling tools that filter, screen or allow content that the provider or user considers obscene, excessively violent, harassing or otherwise objectionable may not be held liable for any action taken to make available the technical means to restrict access to that material, so long as the qualifying provider enables access by multiple users to a computer server or the Internet as required by the statute.[FOOTNOTE 1]

Although a fair number of service providers who invoke CDA immunity seek protection from defamation claims, the language of the statute is not so limiting. Indeed, many causes of action might be premised on the publication of what one might call "information content." For example, a provider might get sued for fraud, negligent misrepresentation, or for violating anti-discrimination laws. Thus, according to the 9th U.S. Circuit Court of Appeals, what matters is not the name of the cause of action -- defamation versus negligence versus intentional infliction of emotional distress -- but whether the cause of action inherently requires the court to treat the defendant as the "publisher or speaker" of content provided by another.[FOOTNOTE 2]

Put simply, courts must ask whether the duty that the plaintiff alleges the defendant violated derives from the defendant's status or conduct as a "publisher or speaker." If it does, CDA §230(c)(1) immunity precludes liability, unless a statutory exception applies. Thus, in such cases, parties seeking recourse from a Web site's publication of user-generated content may sue the third-party user who created the content, but not the interactive computer service that enabled the publication. Doe v. MySpace Inc., 528 F.3d 413, 419 (5th Cir. 2008).

BROAD GRANT OF IMMUNITY

The majority of federal courts have interpreted the CDA to grant qualifying service providers broad immunity from civil liability. The leading case on CDA immunity protection is Zeran v. America Online Inc., 129 F.3d 327 (4th Cir. 1997). There, the plaintiff discovered that an individual falsely advertised that the plaintiff was selling T-shirts containing tasteless slogans about the 1995 Oklahoma City bombing. The plaintiff claimed, among other things, that the defendant ISP failed to remove the postings and effectively screen future defamatory material. The 4th U.S. Circuit Court of Appeals affirmed the lower court's dismissal of the action, holding that CDA immunity should be interpreted broadly and applies even when a provider is notified of objectionable content on its site. Indeed, in a subsequent state court decision, the California Supreme Court found that "the immunity conferred by section 230 applies even when self-regulation is unsuccessful, or completely unattempted." Barrett v. Rosenthal, 40 Cal.4th 33, 53 (2006).

In recent months, several courts have echoed the majority interpretation of broad CDA immunity. For example, a New York district court found that a Web site was entitled to immunity from claims stemming from its alleged failure to screen certain merchandise sold on its site (in this case, an advertisement for the sale of a handgun), which thereafter was used in the commission of an assault against the plaintiff. Gibson v. Craigslist Inc., 2009 WL 1704355 (S.D.N.Y. June 15, 2009).

The court concluded that the defendant was entitled to immunity because, among other reasons, it was a provider of an interactive computer service, the handgun advertisement was provided by another information content provider, and the plaintiff sought to treat the defendant as the publisher or speaker of the advertisement. The court rejected the plaintiff's argument that he was seeking to hold the defendant liable as a "business," finding that such claims implicated site monitoring and screening, actions quintessentially related to its role as a publisher.

Similarly, another district court ruled that a social network site is entitled to CDA immunity for allegedly failing to institute adequate safety measures to prevent sexual predators from communicating with minors on its Web site. See Doe IX v. MySpace Inc., 2009 WL 1457170 (E.D. Tex. May 22, 2009). In dismissing the complaint, the court rejected the plaintiffs' arguments, stating that allegations regarding a failure to implement safety measures were merely another attempt at holding the defendant liable for its role as a publisher of third-party content.

The court also rejected the plaintiffs' argument that the defendant was partially responsible for creating the information exchanged between the plaintiff and the sexual predator because the site prompted users to enter certain profile information. The court reasoned that the defendant did not require users to enter information as a condition of use, and although the site prompted its users to supplement their profiles using a list of categories, such conduct was insufficient to make the defendant an information content provider. See also Doe II v. MySpace Inc., 2009 WL 1862779 (Cal. Ct. App. June 30, 2009) (that appellants characterize their complaint against the social network site as one for failure to adopt access restrictions to protect minors does not avoid CDA §230 immunity).

LIMITATIONS ON IMMUNITY

While CDA immunity applies to many types of claims, three recent circuit court decisions have highlighted certain limitations on the broad scope of CDA §230. The first noteworthy decision limiting the scope of §230 was Fair Housing Council of San Fernando Valley v. Roommates.com, 521 F.3d 1157 (9th Cir. 2008) (en banc). The 9th Circuit granted en banc review of a case in which a panel of the court ruled that a roommate-matching Web site was not entitled to CDA immunity from fair housing claims when it elicited information about rental preferences based on age, sex, sexual preference and children in the household, and then used that information to determine roommate matches.

The en banc court, agreeing with the original panel's decision, held that by requiring subscribers to provide certain personal information that purportedly violates fair housing laws as a condition of accessing its service, and by providing a limited set of pre-populated answers, the site became "much more than a passive transmitter of information provided by others ... it [became] the developer, at least in part, of that information," and fell outside the protection of CDA immunity.

However, the court ruled that the site's "Additional Comments" section, which included content produced entirely from subscribers and passively displayed by the site, was covered by §230 immunity. Moreover, while the Roommates.com court retreated from the 9th Circuit's prior dicta that a Web site consisting of user-generated content "could never be liable because 'no [user] profile has any content until a user actively creates it,'" Roommates.com, 521 F.3d at 1171 (quoting Carafano v. Metrosplash.com Inc., 339 F.3d 1119, 1124 (9th Cir. 2003)), it arguably carved out only a narrow exception to that rule, particularly given the numerous cases since Roommates.com that have rejected an expansion of its holding and have cited the case in support of immunity.

As the en banc court cautioned, "Where it is very clear that the website directly participates in developing the alleged illegality ... immunity will be lost. But in cases of enhancement by implication or development by inference[,] ... section 230 must be interpreted to protect websites not merely from ultimate liability, but from having to fight costly and protracted legal battles." Id. at 1174-75.

Subsequently, the 9th Circuit ruled that CDA §230 bars a plaintiff's negligent provision of services tort claim based upon a Web site's failure in its role as publisher to remove offensive content falsely posted about the plaintiff by a third party. Barnes v. Yahoo! Inc., 2009 WL 1740755 (9th Cir. June 22, 2009) (amended opinion). However, and most notably, the court allowed the plaintiff's promissory estoppel contract claim based upon the defendant's alleged broken promise to remove the content and remanded the case for consideration of, among other things, whether an enforceable contract existed between the parties. Read broadly, Barnes stands for the proposition that when a party engages in conduct giving rise to an independent and enforceable contractual obligation, that party may be "h[eld] ... liable [not] as a publisher or speaker of third-party content, but rather as a counter-party to a contract, as a promisor who has breached."[FOOTNOTE 3]

In another noteworthy decision, the 10th U.S. Circuit Court of Appeals found that a Web site that solicited requests for confidential consumer telephone records, knew that its paid researchers were obtaining the information through fraud, and charged customers for such information "contributed mightily" to the generation of such unlawful conduct and was not entitled to immunity under CDA §230. FTC. v. Accusearch Inc., 2009 WL 1846344 (10th Cir. June 29, 2009).

The appeals court upheld the lower court's order granting the Federal Trade Commission's request for a disgorgement of profits and a permanent injunction barring the defendant from trading in personal information. The court distinguished its prior decision in Ben Ezra, Weinstein, & Co. Inc. v. Am. Online Inc., 206 F.3rd 980 (10th Cir. 2000), where the court granted an ISP immunity for republishing inaccurate stock quotes because its conduct was neutral with respect to the erroneous quotes, and commented that if the information solicited by the ISP had been inherently unlawful, as it was in this case, the court's reasoning would necessarily have been different.

PRACTICAL IMPLICATIONS

Given the recent appeals court decisions that have carved out certain limitations to §230 immunity, the question remains: under what circumstances are a Web site operator or other interactive service provider likely to keep §230 immunity?

• When a provider passively hosts third-party content that does not implicate one of the statutory exceptions to CDA immunity.

• When a provider merely exercises traditional editorial functions over user-submitted content or re-posts content online without material alteration.

• When a provider pre-screens objectionable content before posting.

• When a provider offers neutral Web site tools that potentially could be misused for producing improper content. For example, a Web site that provides a space for user comments cannot be deemed a developer of content because such a tool conceivably facilitates the posting of defamatory contents. Similarly, a search engine that offers advertisers certain tools to display sponsored advertisements is not a developer because some unscrupulous advertisers may create advertisements for fraudulent services.

On the other hand, it is important for service providers to understand those activities that put them outside of §230 immunity. Such considerations may determine, among other things, a site's particular design and the level of involvement of site operators with incoming user content.

• Questionnaires or forms that are required for use of the site and shape user content toward illegal behavior or the posting of defamatory content.

• Inviting customers to talk about competing products and other specific experiences. Whether this practice falls within the contours of CDA immunity remains an open question until the outcome of Doctor's Assocs. Inc. v. QIP Holders LLC. The ongoing litigation involves a sandwich chain that sponsored an online contest for user videos comparing its product to its competitor, and later posted the videos to its Web site. In an early ruling, the court refused to consider CDA immunity on a motion to dismiss. See Doctor's Assocs. Inc. v. QIP Holders LLC, 2007 WL 1186026 (D. Conn. April 19, 2007).

• Anything that guides the user so much or contributes to the content to the point that the Web site operator or service provider can be considered the content developer.

• Modifying user content from non-defamatory to defamatory in nature.

Richard Raysman is a partner at Holland & Knight, and Peter Brown is a partner at Baker & Hostetler. They are co-authors of "Computer Law: Drafting and Negotiating Forms and Agreements" (Law Journal Press).



::::FOOTNOTES::::

FN1 See e.g., Zango Inc. v. Kaspersky Lab Inc., 2009 WL 1796746 (9th Cir. June 25, 2009) (Internet security software distributor is entitled to immunity under CDA §230 from a suit claiming that its software interfered with the use of downloadable programs by customers of an online media company when it classified such programs as objectionable adware).

FN2 Barnes v. Yahoo! Inc., 2009 WL 1740755 at *4 (9th Cir. June 22, 2009) (amended opinion). According to the court, publication involves reviewing, editing and deciding whether to publish or to withdraw from publication third-party content. See also Fair Housing Council of San Fernando Valley v. Roommates.com, 521 F.3d 1157, 1170-71 (9th Cir. 2008) ("[A]ny activity that can be boiled down to deciding whether to exclude material that third parties seek to post online is perforce immune under section 230.").

FN3 Id. at *9. But see Goddard v. Google Inc., 2009 WL 2365866 (N.D. Cal. July 30, 2009) (search engine is protected by CDA immunity from unfair competition and negligence claims for the display of sponsored advertisements for fraudulent services because such claims sought to place publishing liability on the search engine). The court also rejected the plaintiff's Barnes-like argument that she was an intended third-party beneficiary of Google's Content Policy requiring that mobile subscription service advertisers display certain information about their products. The court concluded that there was no evidence that Google ever promised plaintiff or anyone else, in any form or manner, that it would enforce its content policy or remove noncompliant advertisements. ..Source.. by Richard Raysman and Peter Brown, New York Law Journal