STRETCHED PAST ITS LIMITS: Have the Courts Extended Immunity From Online Tort Liability Too Far?

fRAUDI have practiced entertainment and technology law for over 30 years.  More than any other area of the law, the developments and enhancements in technology have outpaced the law’s ability to take those developments and enhancements into account.  I have written about this many times on this blawg, mostly in the area of copyright law.

Another area of cyber law that has been outpaced by technology is the area of tort liability for wrongs committed on the Internet.  Specifically, cyber law has been affected by the ever expanding scope of immunity from tort liability afforded under Section 230 of the Federal Communications Decency Act, 47 U.S.C. § 230 (“CDA”).  The CDA was enacted in 1996, primarily in an effort to control Internet pornography.  While the anti-porn provisions of the CDA subsequently were struck down as unconstitutional, Section 230 remains the law of the land with respect to immunity provided to “interactive computer services.”

Section 230 of the CDA defines “interactive computer services” as “any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server, including services offered by libraries or education institutions.”  The courts have interpreted this to mean all internet service providers (“ISPs”) and web hosts.  Section 230 was enacted primarily as a legislative response to two court cases: Stratton Oakmont, Inc. v. Prodigy Services Co. (that had held that traditional common law publisher liability applied to ISPs for the defamatory statements posted by users on the ISPs site) and Cubby, Inc. v. CompuServe, Inc. (which similarly held that traditional distributor liability applied to defamatory statements posted in an online forum).  Congress, recognizing that traditional publishers and distributors (who have the ability to pre-screen content before it is published) should not be treated like online hosting services (where posts are made by third parties in real time and really cannot be controlled by the publisher for content), effectively overturned the Stratton Oakmont and Cubby decisions.  However, what started out as a statute to immunize ISPs from defamation liability has expanded greatly over the years to include a huge variety of torts.

The language of the statute appeared to be designed to address only defamation cases.  Section 230 states that: “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”  There is also a “Good Samaritan” provision that allows ISPs to block and screen offensive material without civil liability.  Significantly, Section 230 states that it has no effect on intellectual property.  As I’ve written in a previous blawg post, the Copyright Act was amended with the enactment of the Digital Millennium Copyright Act (“DMCA”), pursuant to which ISPs enjoy immunity from copyright infringement liability for third party postings that infringe another party’s copyright (provided that the ISP has the appropriate “take down” mechanism in place).  What this effectively means is that ISPs still potentially have patent and, most especially, trademark liability for online postings by third parties.  It is also important to note that both Section 230 and DMCA only immunize the ISP if the post was not made by the ISP itself.

While the language of Section 230 (and the legislative history for that statute) appears on its face to apply only to defamation liability, since its enactment nearly 20 years ago the courts have taken a much more expansive view of Section 230’s reach, especially over the last 10 years.  It has been interpreted as granting ISPs immunity for a broad range of torts committed by online users (in addition to the tort of defamation), including tortious interference with contractual relations, violations of CAN-SPAM Act, Fair Housing Act violations and now even outright fraud.  In a recent decision, GiveForward, Inc. v. Hodges, a Federal District Court ruled that Section 230 provided immunity to a crowdsourcing platform on which a user perpetrated a fraudulent campaign to raise funds for an allegedly sick child.  The child’s mother (who was not part of the fraudulent campaign) argued that the crowdsourcing platform (i.e., the ISP for purposes of Section 230) should be liable for the fraudulent campaign. Part of her argument was that the ISP influenced the fraudulent post seeking the crowdsourced funds and was actually, therefore, a participant rather than a passive ISP.  The crowdsourcing platform sought a declaratory judgment that it wasn’t liable for the fake fundraiser. The court agreed with the ISP and held that it was immune from fraud liability under Section 230 because, in the court’s view, it was not an active participant in the fraud.

The ISP had argued that, if the Section 230 immunity was viewed as not applicable to this situation, it would imply that all crowdsourced platforms would now have legal responsibility for every factual assertion made by their users, thus making any crowdsourcing campaign more costly and time-consuming.  On the other hand, as asserted by counsel for the plaintiffs in this action: “This ruling stands for the precedent that a professional fundraiser…can use the CDA to shield itself from any state regulation or state-law based cause of action related to its professional fundraising activities by moving its fundraising activities to an online platform rather than a brick-and-mortar business.”

Will Congress clarify that Section 230 is to be limited to defamation claims, as opposed to the courts’ ever-expanding view of the scope of the immunity afforded?  Only time will tell.  In the meantime, you may start seeing more “online only” fundraising campaigns (as opposed to the telephone and mail solicitations that are so common now) in light of the expanded view of the immunity provided by Section 230.