Under Section 230 of the Communications Decency Act (CDA), websites are generally not liable for harm caused by content posted by third parties. This is because the CDA provides that websites will not be treated as the publishers of that content for purposes of liability.
To illustrate, if I post something defamatory on this blog, the person I defame may have a viable claim against me, but not against Blogspot or Google, the platforms on which this blog is run. I explain this law in more detail here.
Every once in a while, courts find that a website encourages the third party's harmful statements in such a way that the website can be liable. But these decisions are a rare exception to the general rule.
Yesterday, the Ninth Circuit released the opinion Doe v. Internet Brands, Inc., an important case that illuminates the boundaries of websites' immunity. While websites may be shielded from lawsuits that concern the statements of third parties, the websites may be liable in failure to warn lawsuits, since those causes of action do not require the inference that the website was the publisher of third parties' statements. While I think that the opinion reaches a correct result, the Ninth Circuit maintains that its reasoning is consistent with the underlying goals of section 230 -- a claim over which I have some doubts.
Here is the first part of the court's opinion, where the court summarizes the unsettling facts of the case:
Model Mayhem is a networking website, found at modelmayhem.com, for people in the modeling industry. Plaintiff Jane Doe, an aspiring model who posted information about herself on the website, alleges that two rapists used the website to lure her to a fake audition, where they drugged her, raped her, and recorded her for a pornographic video. She also alleges that Defendant Internet Brands, the company that owns the website, knew about the rapists but did not warn her or the website’s other users. She filed an action against Internet Brands alleging liability for negligence under California law based on that failure to warn. The district court dismissed the action on the ground that her claim was barred by the Communications Decency Act (“CDA”), 47 U.S.C. § 230(c) (2012). We conclude that the CDA does not bar the claim. We reverse and remand for further proceedings.
From the opinion:
Jane Doe attempts to hold Internet Brands liable for failing to warn her about how third parties targeted and lured victims through Model Mayhem. The duty to warn allegedly imposed by California law would not require Internet Brands to remove any user content or otherwise affect how it publishes such content. Any obligation to warn could have been satisfied without changes to the content posted by the website’s users. Internet Brands would simply have been required to give a warning to Model Mayhem users, perhaps by posting a notice on the website or by informing users by email what it knew about the activities of Flanders and Callum.
Posting or emailing such a warning could be deemed an act of publishing information, but section 230(c)(1) bars only liability that treats a website as a publisher or speaker of content provided by somebody else: in the words of the statute, “information provided by another information content provider.” 47 U.S.C. § 230(c)(1). A post or email warning that Internet Brands generated would involve only content that Internet Brands itself produced. An alleged tort based on a duty that would require such a self-produced warning therefore falls outside of section 230(c)(1). In sum, Jane Doe’s negligent failure to warn claim does not seek to hold Internet Brands liable as the “publisher or speaker of any information provided by another information content provider.” Id. As a result, we conclude that the CDA does not bar this claim.
. . .In short, when a party's lawsuit against a website does not require that the website be considered the "publisher or speaker of content provided by somebody else," CDA section 230 immunization does not apply to that lawsuit.
Jane Doe’s failure to warn claim has nothing to do with Internet Brands’ efforts, or lack thereof, to edit or remove user generated content. The theory is that Internet Brands should be held liable, based on its knowledge of the rape scheme and its “special relationship” with users like Jane Doe, for failing to generate its own warning. Liability would not discourage “Good Samaritan” filtering of third party content. The core policy of section 230(c), reflected in the statute’s heading, does not apply, and neither does the CDA’s bar.
The Ninth Circuit argues that this approach to section 230 immunity is consistent with the statute's goals of shielding websites from storms of lawsuits and encouraging websites to police their content. It notes that in Stratton Oakmont, Inc. v. Prodigy Servs. Co. (1995 WL 323710 (N.Y. Sup. Ct. May 24, 1995)), a New York Superior Court held that a website could be liable as a publisher of third parties' statements when the website exercised editorial control over those statements by deleting several of those third parties' posts. Section 230 was enacted, in part, to encourage websites to continue to exercise editorial control. With the immunity this statute provided, websites could delete harmful content without the concern that this editing would increase the website's risk of being liable for the harm caused by the content.
In Doe v. Internet Brands, Inc., it seems that the Ninth Circuit may have inadvertently circumvented this goal of the statute. While, as quoted above, the court claims that "[l]iability would not discourage 'Good Samaritan' filtering of third party content," a failure to warn theory may indeed have this effect.
This case involved the law of California's failure to warn tort. In the context of this cause of action, as stated in the California Supreme Court case, Tarasoff v. Regents of the University of California, one party does not typically have a duty to warn another party of foreseeable harm that a third party may cause unless the first party is in a "special relationship" with the party causing the harm or the potential victim of that harm. For example, in Tarasoff, the court held that a psychologist had a duty to warn Tarasoff, a third party, that she was in danger of being harmed or killed by a patient the psychologist was treating when it was foreseeable that the patient would harm Tarasoff. After the patient ended up killing Tarasoff, the California Supreme Court held that Tarasoff's parents could sue the psychologist for failing to warn Tarasoff of the foreseeable danger given the psychologist-patient relationship that existed between the psychologist and the patient who killed Tarasoff.
In the context of discussing the goals of CDA section 230, the important aspect of the failure to warn cause of action is the "foreseeability" component of the tort. One important question in failure to warn lawsuits against websites is whether it is foreseeable to the website that the parties posting on the website are going to cause harm to others.
From the perspective of a plaintiff trying to prove a website's negligence, there would seem to be a stronger case for foreseeability when a website has warned of a third party's potential danger, or when that website has deleted several of that third party's posts. These editorial actions indicate that the website may have considered the third party to be dangerous and attempted to take steps to reduce the danger. This would support an argument that the third party presented a foreseeable danger to the plaintiff.
It would therefore seem that the Ninth Circuit's holding creates a disincentive for websites to warn or take down third party content, since these editorial steps could be used by plaintiffs to bolster claims that the third party content was a foreseeable danger to others.
Admittedly, the website could use examples of its editorial control to support an argument that it adequately warned third parties of danger, or took steps to prevent the foreseeable harm from being realized. But plaintiffs can reply that the website's actions did not go far enough, or that the website failed to consistently take down dangerous third party content.
I would like to emphasize, however, that I think that the Ninth Circuit's opinion seems consistent with the provisions of CDA section 230. Under the statute, websites' immunity is limited to situations where a lawsuit treats a website as the publisher of material posted to that website by a third party. Failure to warn lawsuits do not treat websites this way, so section 230 immunity does not seem to apply.
This may be a positive development. Judge Alex Kozinski has remarked, "the Internet has outgrown its swaddling clothes and no longer needs to be so gently coddled," and websites may be able to weather any lawsuits that may find support in the Ninth Circuit's opinion. And websites that facilitate behavior like that demonstrated in Doe v. Internet Brands Inc. should probably face some consequences.
Whether or not this opinion is consistent with the original goals of the CDA may be a matter of debate. But there is no doubt that Doe v. Internet Brands, Inc. is an important development in the law of section 230 immunity.