The Importance of Section 230 Immunity for Most
Why leave the safe harbor provision intact for site operators, search engines, and other online service providers do not attempt to block offensive, indecent, or illegal activity but by no means encourage or are principally used to host illicit material as cyber cesspools do? If we retain that immunity, some harassment and stalking — including revenge porn — will remain online because site operators hosting it cannot be legally required to take them down. Why countenance that possibility?
Because of the risk of collateral censorship—blocking or filtering speech to avoid potential liability even if the speech is legally protected. In what is often called the heckler’s veto, people may abuse their ability to complain, using the threat of liability to ensure that site operators block or remove posts for no good reason. They might complain because they disagree with the political views expressed or dislike the posters’ disparaging tone. Providers would be especially inclined to remove content in the face of frivolous complaints in instances where they have little interest in keeping up the complained about content. Take, as an illustration, the popular newsgathering sites Digg. If faced with legal liability, it might automatically take down posts even though they involve protected speech. The news gathering site lacks a vested interest in keeping up any particular post given its overall goal of crowd sourcing vast quantities of news that people like. Given the scale of their operation, they may lack the resources to hire enough people to cull through complaints to weed out frivolous ones.
Sites like Digg differ from revenge porn sites and other cyber cesspools whose operators have an incentive to refrain from removing complained-about content such as revenge porn and the like. Cyber cesspools obtain economic benefits by hosting harassing material that may make it worth the risk to continue to do so. Collateral censorship is far less likely—because it is in their economic interest to keep up destructive material. As Slate reporter and cyber bullying expert Emily Bazelon has remarked, concerns about the heckler’s veto get more deference than it should in the context of revenge porn sites and other cyber cesspools. (Read Bazelon’s important new book Sticks and Stones: Defeating the Culture of Bullying and Rediscovering the Power of Character and Empathy). It does not justify immunizing cyber cesspool operators from liability.
Let’s be clear about what this would mean. Dispensing with cyber cesspools’ immunity would not mean that they would be strictly liable for user-generated content. A legal theory would need to sanction remedies against them. Cyber cesspool operators, much like offline newspapers, could incur publisher liability for defamatory content to the extent the First Amendment allows. They could face tort liability for having enabled tort and crimes on their sites. Tort law recognizes claims against parties who engage in “risk-generating behavior leading to harms caused by third-party intervening conduct.” Courts permit recovery because the defendant paved the way for a third party to injure another. Enablement claims are premised on the notion that negligence’s deterrence rationale would be defeated if those enabling wrongdoing could escape judgment by shifting liability to individuals who cannot be caught and deterred. For that reason, landlords have a duty to exercise reasonable care to protect tenants from intruders robbing and assaulting them because they are in a better position than tenants to adopt precautionary measures and better situated than the police to diminish the risk of criminal assault on the premises.
Enablement liability has been recognized against those who gather or communicate information on the theory that their actions negligently, recklessly, or purposefully facilitated criminal conduct. A stalker killed a woman after obtaining her work address from the defendant, a data broker. As a court found, the data broker had a duty to exercise reasonable care in releasing personal information to third parties due to the risk of criminal misconduct. Information brokers should know that stalkers often use their services to obtain personal information about victims and that identity theft is an increasingly common risk associated with the disclosure of personal information like Social Security numbers. Remsburg v. Docusearch, 816 A.2d 1001, 1007-08 (N.H. 2003). The same is true for cyber cesspool operators who purposefully or recklessly facilitate cyber harassment and cyber stalking.
To be sure, a narrowly amended Section 230 will meet with disapproval from, on the one hand, those who oppose any intermediary liability and, on the other, those who do not think they should enjoy any at all. But I think it strikes the right balance. Revenge porn victims would have some leverage vis-à-vis cyber cesspool operators, including the ability to sue them for enabling tortious and criminal activity on their sites. They could not, however, sue other online service providers—whether news gathering sites, host companies, or search engines—even though the abuse appears or is reproduced on their sites or services. Because my proposal is narrow, we need another mode of protection against online abuse that jeopardizes careers and professional reputations. We need to adopt procedural safeguards aimed at employers as well. That is for another post.