In the dying weeks of the summer, the U.S. Third Circuit Court of Appeals released a bombshell case holding that § 230 of the Communications Decency Act (CDA) did not provide a safe harbor for the social media company TikTok when its algorithms recommended and promoted a video which allegedly led to a minor killing herself. The case, Anderson v. TikTok, Inc., 2024 WL 3948248 (3rd.Cir.Aug. 27, 2024), is significant. Other U.S. appeals courts have read the CDA much more broadly to immunize interactive service providers’ exercise of publisher and distributor traditional functions to protect them from all manner of claims related to content posted by a third party. The decision creates a circuit split that may well end up at the U.S. Supreme Court that could alter the immunities that social media and other online providers have enjoyed since the dawn of the commercial Internet. The decision also raises important questions as to proper framework to be used in construing the scope of the Section 230 immunity and the degree to which First Amendment principles are relevant in construing the CDA.

Facts in the TikTok case

TikTok, a video sharing social media platform, via its algorithm, recommended and promoted videos posted by third parties to ten-year-old Nylah Anderson on her uniquely curated “For You Page.” One video depicted the “Blackout Challenge,” which encourages viewers to record themselves engaging in acts of self-asphyxiation.

TikTok’s algorithm curates and recommends a tailored compilation of videos for a user’s FYP based on a variety of factors, including the user’s age and other demographics, online interactions, and other metadata. Some videos that appear on users’ FYPs are known as “challenges,” which urge users to post videos of themselves replicating the conduct depicted in the videos. The Blackout Challenge encouraged users to choke themselves with belts, purse strings, or anything similar until passing out.  TikTok’s FYP algorithm recommended a Blackout Challenge video to Nylah, and after watching it, Nylah attempted to replicate what she saw and unintentionally hanged herself.

Her mother sued TikTok for violations of state law. She alleged that TikTok: (1) was aware of the Blackout Challenge; (2) allowed users to post videos of themselves participating in the Blackout Challenge; and (3) recommended and promoted Blackout Challenge videos to minors’ FYPs through its algorithm, including at least one such video to Nylah’s FYP, which resulted in her death.

The District Court dismissed the case relying on 230 of the CDA, but the Third Circuit reversed the decision with Circuit Judge Shwartz writing the opinion for the court and Circuit Judge Matey, filing an opinion concurring in part and dissenting in part.

Background on Section 230 of the CDA

Congress enacted § 230 of the CDA to immunize interactive computer service providers (“ICSs”) from liability based on content posted by third parties in certain circumstances. It immunizes ICSs from suits for “information provided by another information content provider.” In other words, ICSs are immunized if they are sued for someone else’s expressive activity or content (i.e., third-party speech), but they are not immunized if they are sued for their own expressive activity or content (i.e., first-party speech).

As summarized by Judge Matey,[i] the CDA arose from a desire to shield online service providers for liability arising from publishing third party content they hosted and to create incentives to enable them to moderate offensive and harmful content.

The safe harbour had its original roots in a somewhat analogous liability shield enjoyed by telecom carriers and similar intermediaries in the U.S. (and other countries including Canada)[ii] when they acted as passive innocent transmitters of content that rode over their networks without them knowing  that the content might be harmful. It also had analogues to the innocent disseminator or secondary publisher defenses to defamation claims that protect libraries, bookstores and other distributors of content, at least until they knew or had reason to know of the delictual content and had an opportunity to cease disseminating (or hosting) it.[iii]

The early 1990s saw the development of online service providers such as CompuServe, Prodigy, and AOL. These emerging services allowed users to post comments on bulletin boards, open to other members, and to communicate in chat rooms. This resulted in some early cases where CompuServe and Prodigy were sued for defamatory material they hosted.

In Cubby, Inc. v. CompuServe, Inc. 776 F. Supp. 135, (S.D.N.Y. 1991), a district court dismissed a defamation claim against CompuServe analogising its provision of electronic bulletin boards as similar to a “distributor,” like “news vendors, book stores, and libraries,” which only become liable for defamation claims if the company knew or had reason to know the statement was defamatory.

Three years later, in Stratton Oakmont, Inc. v. Prodigy Services Company,  1995 WL 323710, (N.Y. Sup. Ct. May 24, 1995), Prodigy was sued for hosting allegedly defamatory statements posted on one of its electronic bulletin boards. Unlike CompuServe, Prodigy moderated its content and the court found Prodigy “exercised sufficient editorial control over its computer bulletin boards to render it a publisher with the same responsibilities as a newspaper.”

In response to Stratton Oakmont, Congress amended the CDA by enacting two complementary protections. One was to overrule the case to protect “good Samaritans” when they engaged in content moderation. The other, which was the subject of the TikTok decision, provided that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”

This provision has provided broad immunity to online providers. It was summarized in a critical fashion by Circuit Court Judge Matey as follows:

But from the very start, courts held § 230 did much more than overrule Stratton Oakmont‘s publisher-liability theory. And they almost all followed Zeran v. America Online, Inc., which read § 230(c)(1) to immunize an interactive computer service provider’s “exercise of a publisher’s traditional editorial functions—such as deciding whether to publish, withdraw, postpone or alter content.” 129 F.3d at 330. This broad immunity was broadened even further when Zeran held that § 230(c)(1) barred both publisher and distributor liability. Id. at 331–34. Though Zeran has been criticized as inconsistent with the text, context, and purpose of § 230 (and was decided in an era where those traditional tools of construction were rarely consulted), the opinion was cut-and-paste copied by courts across the country in the first few years after the statute arrived..

Today, § 230 rides in to rescue corporations from virtually any claim loosely related to content posted by a third party, no matter the cause of action and whatever the provider’s actions… The result is a § 230 that immunizes platforms from the consequences of their own conduct and permits platforms to ignore the ordinary obligation that most businesses have to take reasonable steps to prevent their services from causing devastating harm…

TikTok reads § 230 of the Communications Decency Act, 47 U.S.C. § 230, to permit casual indifference to the death of a ten-year-old girl. It is a position that has become popular among a host of purveyors of pornography, self-mutilation, and exploitation, one that smuggles constitutional conceptions of a “free trade in ideas” into a digital “cauldron of illicit loves” that leap and boil with no oversight, no accountability, no remedy.  And a view that has found support in a surprising number of judicial opinions dating from the early days of dial-up to the modern era of algorithms, advertising, and apps.

Summary of TikTok decision

The majority of the court sided with the Plaintiff holding that since Section 230 immunizes only information provided by another, it did not protect TikTok “because the information that forms the basis of Anderson’s lawsuit—i.e., TikTok’s recommendations via its FYP algorithm—is TikTok’s own expressive activity, § 230 does not bar Anderson’s claims”.

Here, as alleged, TikTok’s FYP algorithm “[d]ecid[es] on the third-party speech that will be included in or excluded from a compilation—and then organiz[es] and present[s] the included items” on users’ FYPs.  Accordingly, TikTok’s algorithm, which recommended the Blackout Challenge to Nylah on her FYP, was TikTok’s own “expressive activity,” and thus its first-party speech. Such first-party speech is the basis for Anderson’s claims…  (alleging, among other things, that TikTok’s FYP algorithm was defectively designed because it “recommended” and “promoted” the Blackout Challenge).

This interpretation of Section 230 of the CDA was acknowledged by the court to depart from decisions in other circuits.[iv]

This circuit split by the Third Circuit was influenced by two important developments.

First, earlier this year the U.S. Supreme Court in Moody v. NetChoice, LLC, 144 S. Ct. 2383 (2024) considered whether state laws that restrict the ability of social-media platforms to control whether and how third-party posts are presented to other users run afoul of the First Amendment. The U.S. high court held that a platform’s algorithm that reflects “editorial judgments” about “compiling the third-party speech it wants in the way it wants” is the platform’s own “expressive product” and is therefore protected by the First Amendment.

The TikTok court reasoned that if social-media platforms’ algorithms produce compilations that are protected expression under the First Amendment the same types of algorithms also produce first-party speech not protected by the CDA.

Given the Supreme Court’s observations that platforms engage in protected first-party speech under the First Amendment when they curate compilations of others’ content via their expressive algorithms, it follows that doing so amounts to first-party speech under § 230, too.

Second, Justice Thomas issued two non -precedential opinions critical of lower courts’ interpretations of the CDA. In Malwarebytes, Inc. v. Enigma Software Grp. USA, LLC, 141 S.Ct. 13 (2020) (Thomas, J., statement respecting denial of certiorari), he expressed the opinion that there were two good reasons to doubt lower court interpretations of the CDA. One was that the courts had discarded the longstanding distinction between “publisher” liability and “distributor” liability by holding that the CDA protects a service provider when it acts as a primary publisher and as a secondary publisher – even when the provider distributes content that it knows is illegal.

The other criticism was that the courts departed from the most natural reading of the text by dubiously giving Internet companies immunity for their own content.

Nowhere does this provision protect a company that is itself the information content provider… And an information content provider is not just the primary author or creator; it is anyone “responsible, in whole or in part, for the creation or development” of the content.

After providing a series of examples where Justice Thomas opined the interpretations of the CDA had gone astray,[v] he opined that:

A common thread through all these cases is that the plaintiffs were not necessarily trying to hold the defendants liable “as the publisher or speaker” of third-party content. § 230(c)(1). Nor did their claims seek to hold defendants liable for removing content in good faith. § 230(c)(2). Their claims rested instead on alleged product design flaws—that is, the defendant’s own misconduct.

Justice Thomas renewed his criticisms of the CDA safe harbor in Doe ex rel. Roe v. Snap, Inc., S. Ct. 2493 (2024) (Thomas, J., dissenting from denial of certiorari). Building on his opinion in Malwarebytes and the SCOTUS’ later opinion in NetChoice, he again expressed the view that the sweeping immunities courts have given to platforms was not supported by the language of the statute[vi] and failed to reconcile how platforms’ algorithms could produce First Amendment protected speech, all the while being protected as third party speech under the CDA.[vii]

Turning back to the decision of the Third Circuit, that court reasoned that TikTok could not benefit from the CDA safe harbor based on the NetChoice decision and the criticisms of the CDA  by Justice Thomas. In its very short reasons in overruling the District Court’s dismissal of the action against TikTok, the Third Circuit stated:

Anderson asserts that TikTok’s algorithm “amalgamat[es] third-party videos,” which results in “an expressive product” that “communicates to users … that the curated stream of videos will be interesting to them[.]”The Supreme Court’s recent discussion about algorithms, albeit in the First Amendment context, supports this view.¹⁰ In Moody v. NetChoice, LLC, the Court considered whether state laws that “restrict the ability of social-media platforms to control whether and how third-party posts are presented to other users” run afoul of the First Amendment. ––– U.S. ––––, 144 S. Ct. 2383, 2393, ––– L.Ed.2d –––– (2024). The Court held that a platform’s algorithm that reflects “editorial judgments” about “compiling the third-party speech it wants in the way it wants” is the platform’s own “expressive product” and is therefore protected by the First Amendment.

Given the Supreme Court’s observations that platforms engage in protected first-party speech under the First Amendment when they curate compilations of others’ content via their expressive algorithms, it follows that doing so amounts to first-party speech under § 230, too. See Doe ex rel. Roe v. Snap, Inc., ––– U.S. ––––, 144 S. Ct. 2493, 2494, ––– L.Ed.2d –––– (2024) (Thomas, J., dissenting from denial of certiorari) (observing that “[i]n the platforms’ world, they are fully responsible for their websites when it results in constitutional protections, but the moment that responsibility could lead to liability, they can disclaim any obligations and enjoy greater protections from suit than nearly any other industry.”).

Here, as alleged, TikTok’s FYP algorithm “[d]ecid[es] on the third-party speech that will be included in or excluded from a compilation—and then organiz[es] and present[s] the included items” on users’ FYPs. NetChoice, 144 S. Ct. at 2402. Accordingly, TikTok’s algorithm, which recommended the Blackout Challenge to Nylah on her FYP, was TikTok’s own “expressive activity,” and thus its first-party speech. Such first-party speech is the basis for Anderson’s claims… Section 230 immunizes only information “provided by another[,]” 47 U.S.C. § 230(c)(1), and here, because the information that forms the basis of Anderson’s lawsuit—i.e., TikTok’s recommendations via its FYP algorithm—is TikTok’s own expressive activity, § 230 does not bar Anderson’s claims. (Note, some references removed)

In an important footnote, the majority stated that its decision was limited to whether the CDA safe harbor applied to “presenting a curated compilation of speech originally created by others”. Following the guidance of the U.S. Supreme Court in NetChoice the court declined to address algorithms that respond solely to how users act online noting that the presence or absence of a platform’s standards or preferences that govern an algorithm’s choices may dictate whether the algorithm produces expressive speech.

The intended scope of the decision was elaborated in another footnote:

We reach this conclusion specifically because TikTok’s promotion of a Blackout Challenge video on Nylah’s FYP was not contingent upon any specific user input. Had Nylah viewed a Blackout Challenge video through TikTok’s search function, rather than through her FYP, then TikTok may be viewed more like a repository of third-party content than an affirmative promoter of such content. Given the type of algorithm alleged here, we need not address whether § 230 immunizes any information that may be communicated by the results of a user’s search of a platform’s content.

We need not address in this case the publisher/distributor distinction our colleague describes, nor do we need to decide whether the word “publisher” as used in § 230 is limited to the act of allowing third-party content to be posted on a website an ICS hosts, as compared to third-party content an ICS promotes or distributes through some additional action, because, in this case, the only distribution at issue is that which occurred via TikTok’s algorithm, which as explained herein, is not immunized by § 230 because the algorithm is TikTok’s own expressive activity.

Circuit Judge Matey, who concurred in the judgment in part and dissented in part, would have gone further to confine the publisher immunity in Section 230 to provide TikTok immunity from suit for merely hosting videos created and uploaded by third parties, but not from any other publisher or secondary publisher or distributor potential liabilities.[viii] His opinion was also influenced by the opinions of Justice Thomas in Malwarebytes and Doe v Snap (and other opinions criticizing the expansive interpretations of the safe harbour).

Section 230(c)(1) directs that TikTok not be “treated as the publisher … of any information provided by another information content provider.” Congress enacted § 230 mindful of the recent and widely discussed online service provider tort cases drawing the publisher-distributor distinction, as well as decades of state and federal law apportioning liability for electronic transmissions along the same line. That points to the best reading of § 230(c)(1) as adopting the meaning of “publisher” used by Stratton Oakmont and CompuServe.… So when § 230(c)(1) prohibits “treat[ing]” TikTok as the “publisher” of videos posted by third parties, that means TikTok cannot be liable for the mere act of hosting those videos. See Malwarebytes, 141 S. Ct. at 14–16 (Thomas, J., statement respecting denial of certiorari); Doe ex rel. Roe v. Snap, Inc., 88 F.4th 1069, 1070–72 (5th Cir. 2023) (Elrod, J., dissenting from denial of rehearing en banc); Candeub, Reading Section 230 as Written, supra, at 146–51. It cannot, in short, be held liable as a publisher.

But § 230(c)(1) does not immunize more. It allows suits to proceed if the allegedly wrongful conduct is not based on the mere hosting of third-party content, but on the acts or omissions of the provider of the interactive computer service… It is implausible to conclude Congress decided to silently jettison both past and present to coin a new meaning of “publisher” in § 230(c)(1). See Malwarebytes, 141 S. Ct. at 14–16 (Thomas, J., statement respecting denial of certiorari); Doe v. Am. Online, Inc., 783 So. 2d 1010, 1023–25 (Fla. 2001) (Lewis, J., dissenting).

Properly read, § 230(c)(1) says nothing about a provider’s own conduct beyond mere hosting. A conclusion confirmed by § 230(c)(2), which enumerates acts that platforms can take without worrying about liability…

Summing up his opinion on the implications of his view of the law in respect of the claims against TikTok, Judge Matey stated:

What does all this mean for Anderson’s claims? Well, § 230(c)(1)‘s preemption of traditional publisher liability precludes Anderson from holding TikTok liable for the Blackout Challenge videos’ mere presence on TikTok’s platform. A conclusion Anderson’s counsel all but concedes. But § 230(c)(1) does not preempt distributor liability, so Anderson’s claims seeking to hold TikTok liable for continuing to host the Blackout Challenge videos knowing they were causing the death of children can proceed. So too for her claims seeking to hold TikTok liable for its targeted recommendations of videos it knew were harmful. That is TikTok’s own conduct, a subject outside of § 230(c)(1). Whether that conduct is actionable under state law is another question. But § 230 does not preempt liability on those bases…

I would affirm the District Court’s judgment as it relates to any of Anderson’s claims that seek to hold TikTok liable for the Blackout Challenge videos’ mere existence on TikTok’s platform. But I would reverse the District Court’s judgment as it relates to any of Anderson’s claims that seek to hold TikTok liable for its knowing distribution and targeted recommendation of the Blackout Challenge videos.

Comments on TikTok decision

The decision of the Third Circuit has created a circuit court of appeals split in a very important area of the law. TikTok has announced that it intends to petition the Third Circuit for a rehearing en banc. Nevertheless, this case may end up at the U.S. Supreme Court. Given the (non-precedential) opinions of Justice Thomas, there would appear to be at least some support in the U.S. Supreme Court to grant certiorari to determine the scope of the Section 230 immunity.

The TikTok case is now one of a series of U.S. cases to assess immunities, or the absence of liability, based on courts’ views about how algorithms used by platforms impact various areas of the law. How courts view the role of algorithms may impact the scope of causes of action and defenses to claims against social media companies and other online providers.

In Twitter, Inc v Tamneh143 S.Ct. 1206 (2023) and Gonzalez et al v Google LLC,  143 S.Ct. 1191 (2023), the U.S. Supreme Court held that Facebook, Twitter, and Google were not liable for aiding and abetting ISIS terrorist attacks. Central to the decisions was the rejection of the plaintiffs’ contention that these social media companies’ algorithms “went beyond passive aid and constitute active, substantial assistance.” On the facts as found by the court,

[v]iewed properly, defendants’ recommendation’ algorithms are merely part of that infrastructure. All the content on their platforms is filtered through these algorithms, which allegedly sort the content by information and inputs provided by users and found in the content itself. As presented here, the algorithms appear agnostic as to the nature of the content, matching any content (including ISIS’ content) with any user who is more likely to view that content.

However, the court also stated

we cannot rule out the possibility that some set of allegations”…if a platform consciously and selectively chose to promote content provided by a particular terrorist group, perhaps it could be said to have culpably assisted the terrorist group.

It is possible that the Section 230 immunity may develop in the U.S. in a parallel way to the protection of expressive speech under the First Amendment. However, there are also good reasons to suggest that the protections for First Amendment speech and service provider immunities should be assessed under different principles.

Notably, the  majority decision in the TikjTok case was premised on what the court saw as symmetry between indistinguishable algorithm types at play in that case and in the NetChoice case i.e. algorithms that present “a curated compilation of speech originally created by others”. However, as noted by the court in TikTok, the U.S. Supreme Court declined to address other algorithmic functionality such as algorithms that respond solely to how users act online and the TikTok court left those situations open as well starting, in referring to NetChoice,

the presence or absence of a platform’s standards or preferences that govern an algorithm’s choices may dictate whether the algorithm is expressive speech, id. at 2410 (Barrett, J., concurring), as might whether the platform is a “passive receptacle[ ] of third-party speech … that emit[s] what [it is] fed” or whether it only responds to specific user inquiries, id. at 2431 (Alito, J., concurring in the judgment). See also id. at 2409-10 (Barrett, J., concurring) (distinguishing types of algorithms); id. at 2430-32 (Alito, J., concurring in the judgment) (same).

The Third Circuit did not canvass the theoretical basis for assimilating First Amendment constitutional protection for speech and the scope of the CDA Section 230 safe harbor which is a question of statutory interpretation.  The decision has accordingly been criticized for mixing up the different analytic frameworks such as here, here, and here by Alan Rozenshtein, Eric Goldman, and Ryan Calo. The criticisms go beyond that including pointing out that effect of NetChoice was to protect and promote online free expression, yet that precedent is being used to narrow the protections for online free  expression. Others, such as Daniel Solove argue that broad immunity protection given to Section 230 of the CDA was based on overzealous interpretations far beyond its original intent.

It may seem obvious, but whatever may be the case for curated content feeds, the First Amendment analytical framework is simply not apt for assessing the myriad of situations in which Section 230 of the CDA may apply. This may be illustrated by how the use of artificial intelligence (AI) may impact First Amendment rights.

In NetChoice, several justices of the Supreme Court expressed views related to content moderation that First Amendment protection might be attenuated if AI content choices are made using an AI algorithm. Justice Barrett stated:

And what about AI, which is rapidly evolving? What if a platform’s owners hand the reins to an AI tool and ask it simply to remove “hateful” content? If the AI relies on large language models to determine what is “hateful” and should be removed, has a human being with First Amendment rights made an inherently expressive “choice … not to propound a particular point of view”? Hurley, 515 U.S. at 575, 115 S.Ct. 2338. In other words, technology may attenuate the connection between content-moderation actions (e.g., removing posts) and human beings’ constitutionally protected right to “decide for [themselves] the ideas and beliefs deserving of expression, consideration, and adherence.” Turner Broadcasting System, Inc. v. FCC, 512 U.S. 622, 641, 114 S.Ct. 2445, 129 L.Ed.2d 497 (1994) (emphasis added). So the way platforms use this sort of technology might have constitutional significance.

Justice Alito (with whom Justice Thomas and Justice Gorsuch joined concurring in the judgment) noted that because of the sheer volume of content on social media that platforms rely heavily on algorithms to organize and censor content. They asked if the AI generated choices were “equally expressive as the decisions made by humans” and “[s]hould we at least think about this?”[ix]

Wherever the courts land on whether editorial choices made using AI algorithms result in protected speech under the First Amendment, it does not follow that the same analysis would be applied to the scope of Section 230 of the CDA.  The focus of Section 230 of the CDA  has more to do with whether a service provider is merely a publisher of third party content than whether its algorithms are capable of producing expressive content. As such, AI curated feeds may not be given First Amendment protection, or may be given attenuated protection. Yet, Section 230 of the CDA may or may not apply to protect AI generated choices. As noted above, the legislative history of the CDA is rooted in precepts related to publisher and distributor liability, in which making editorial choices is but one aspect of that potential liability.

Circuit Judge Matey’s opinion would limit Section 230’s protection to mere hosting of third party content.  While the opinion did not analyze what this meant in practice, it could be interpreted to suggest that the immunity would be even narrower than the DMCA Section 512(c) hosting safe harbor. The DMCA provides a safe harbor for hosting providers that ”by reason of the storage at the direction of a user of material that resides on” the service provider’s system. The U.S. courts that have construed the scope of the exemption have held that it applies to automated algorithmic processes that go beyond the mere act of acting as a storage locker. This includes enhancing access facilitation processes to provide users access to uploaded content without losing protection.[x] Other cases could be read as suggesting the hosting safe harbor extends to some video sharing platforms’ algorithms that help promote or recommend content to users.[xi]

It is often the case that decisions in one area of the law influence decisions in other areas, as was the case with how the NetChoice decision influenced the TikTok decision. It is thus conceivable that if the Supreme Court sides with the Plaintiffs in the TikTok case, depending on the court’s reasons, it might also affect other areas of the law including the DMCA hosting safe harbor.

While Canadian laws generally provide certain immunities for “innocent” online service providers, these laws are dissimilar from the CDA, at least as it has been construed by numerous U.S. courts – this despite the CUMSA requirement to provide some immunities for online service providers. That generally means that social media companies are liable for content they originate or distribute and continue to make available after they become aware of its illegality.[xii] Somewhat similar immunities exist in the European Union under the EU Directive on electronic commerce.[xiii]

_______________________________

[i] Like any man-made law, § 230 did not appear in a vacuum, and “some context is key to understanding Congress’s aim” and the precise language it selected. OI Eur. Grp. B.V. v. Bolivarian Republic of Venezuela, 73 F.4th 157, 166 (3d Cir. 2023), cert. denied, ––– U.S. ––––, 144 S. Ct. 549, 217 L.Ed.2d 292 (2024); see also 1 William Blackstone, Commentaries *61, *87. Congress enacted § 230 following more than a century of state and federal law regulating the transmission of third-party information and against the backdrop of two widely discussed judicial decisions addressing the liability of online service providers. Those decisions tracked traditional liability regimes that shielded parties who merely sent along allegedly harmful information, while imposing duties on those who did so with specific knowledge of the harmful nature of the content.

1. Begin with the birth of long-distance communication. Like the chat rooms and bulletin boards provided by 1990s online service providers, telegraph companies long served as the conduit for communication for much of the late nineteenth and early twentieth centuries. Given the immense market power of the telegraph,⁵the law regularly imposed access and nondiscrimination duties familiar to physical networks like railroads.⁶ That raised questions about liability, since state laws often held companies responsible for negligent deliveries. See Adam Candeub, The Common Carrier Privacy Model, 51 U.C. Davis L. Rev. 805, 810–15 (2018). Liability could also attach based on the content of third-party information. See Adam Candeub, Reading Section 230 as Written, 1 J. of Free Speech L. 139, 145–47 & 146 n.26 (2021). While telegraph operators were ordinarily not responsible for the materials they transmitted, see O’Brien v. W. U. Tel. Co., 113 F.2d 539, 541–43 (1st Cir. 1940), liability could attach if the company knew the content was harmful, see Von Meysenbug v. W. U. Tel. Co., 54 F. Supp. 100, 101 (S.D. Fla. 1944); see also Biden v. Knight First Amend. Inst. at Columbia Univ., ––– U.S. ––––, 141 S. Ct. 1220, 1223 & n.3, 209 L.Ed.2d 519 (2021) (Thomas, J., concurring).⁷ But that was the rare exception.

This was the common-sense system throughout the twentieth century. Transmitters usually had little control over what rode their networks and rarely knew the circumstances that might make a statement harmful. Imposing liability for conduct that lacked culpability would unfairly punish beneficial industries and pin emerging networks under the weight of endless lawsuits. But the scale tipped in a different way when a transmitter of third-party information knew the content was harmful, a distinction that carried into the changes in communications technology during the back half of the twentieth century.

2. The internet began infiltrating daily life in the early 1990s through large commercial service providers like CompuServe, Prodigy, and AOL. These emerging services “were born serving content of their own,” but, facing competition, they expanded to allow “users to post comments on bulletin boards, open to other members, and to communicate in chat rooms.” Those added functions resurrected the old legal question familiar to common carriers: Should online service providers be liable for the actions of third parties on their networks? Understanding how courts answered this question is essential to understanding the legal context in which § 230was enacted. Because a 1991 district court decision set the boundaries of liability law for the next three decades…

Today, § 230 rides in to rescue corporations from virtually any claim loosely related to content posted by a third party, no matter the cause of action and whatever the provider’s actions. See, e.g., Gonzalez v. Google LLC, 2 F.4th 871, 892– 98 (9th Cir. 2021), vacated, 598 U.S. 617, 143 S.Ct. 1191, 215 L.Ed.2d 555 (2023); Force, 934 F.3d at 65–71. The result is a § 230 that immunizes platforms from the consequences of their own conduct and permits platforms to ignore the ordinary obligation that most businesses have to take reasonable steps to prevent their services from causing devastating harm.

[ii] Society of Composers, Authors and Music Publishers of Canada v. Canadian Assn. of Internet Providers, 2004 SCC 45, Electric Despatch Co. of Toronto v. Bell Telephone Co. of Canada (1891), 20 S.C.R. 83

[iii] See, Google Defamation Battle: A Quebec Man’s Story – Barry Sookman, Social media liability for defamation: Giustra v Twitter – Barry Sookman, Hyperlinking and ISP liability clarified by Supreme Court in Crookes case – Barry Sookman

[iv] We recognize that this holding may be in tension with Green v. America Online (AOL), where we held that § 230 immunized an ICS from any liability for the platform’s failure to prevent certain users from “transmit[ing] harmful online messages” to other users. 318 F.3d 465, 468 (3d Cir. 2003). We reached this conclusion on the grounds that § 230 “bar[red] ‘lawsuits seeking to hold a service provider liable for … deciding whether to publish, withdraw, postpone, or alter content.’ ” Id. at 471 (quoting Zeran v. Am. Online, Inc., 129 F.3d 327, 330 (4th Cir. 1997)). Green, however, did not involve an ICS’s content recommendations via an algorithm and pre-dated NetChoice. Similarly, our holding may depart from the pre-NetChoice views of other circuits. See, e.g., Dyroff v. Ultimate Software Grp., 934 F.3d 1093, 1098 (9th Cir. 2019) (“[R]ecommendations and notifications … are not content in and of themselves.”); Force v. Facebook, Inc., 934 F.3d 53, 70 (2d Cir. 2019) (“Merely arranging and displaying others’ content to users … through [ ] algorithms—even if the content is not actively sought by those users—is not enough to hold [a defendant platform] responsible as the developer or creator of that content.” (internal quotation marks and citation omitted)); Jane Doe No. 1 v. Backpage.com, LLC, 817 F.3d 12, 21 (1st Cir. 2016) (concluding that § 230 immunity applied because the structure and operation of the website, notwithstanding that it effectively aided sex traffickers, reflected editorial choices related to traditional publisher functions); Jones v. Dirty World Ent. Recordings LLC, 755 F.3d 398, 407 (6th Cir. 2014) (adopting Zeran by noting that “traditional editorial functions” are immunized by § 230); Klayman v. Zuckerberg, 753 F.3d 1354, 1359 (D.C. Cir. 2014) (immunizing a platform’s “decision whether to print or retract a given piece of content”); Johnson v. Arden, 614 F.3d 785, 791-92 (8th Cir. 2010) (adopting Zeran); Doe v. MySpace, Inc., 528 F.3d 413, 420 (5th Cir. 2008) (rejecting an argument that § 230 immunity was defeated where the allegations went to the platform’s traditional editorial functions).

[v] According to Justice Thomas: “Courts also have extended § 230 to protect companies from a broad array of traditional product-defect claims. In one case, for example, several victims of human trafficking alleged that an Internet company that allowed users to post classified ads for “Escorts” deliberately structured its website to facilitate illegal human trafficking. Among other things, the company “tailored its posting requirements to make sex trafficking easier,” accepted anonymous payments, failed to verify e-mails, and stripped metadata from photographs to make crimes harder to track. Jane Doe No. 1 v. Backpage.com, LLC, 817 F.3d 12, 16–21 (CA1 2016). Bound by precedent creating a “capacious conception of what it means to treat a website operator as the publisher or speaker,” the court held that § 230 protected these website design decisions and thus barred these claims. Id., at 19; see also M. A. v. Village Voice Media Holdings, LLC, 809 F.Supp.2d 1041, 1048 (ED Mo. 2011).

Consider also a recent decision granting full immunity to a company for recommending content by terrorists. Force v. Facebook, Inc., 934 F.3d 53, 65 (CA2 2019), cert. denied, 590 U. S. ––––, 140 S.Ct. 2761, 206 L.Ed.2d 936 (2020). The court first pressed the policy argument that, to pursue “Congress’s objectives, … the text of Section 230(c)(1) should be construed broadly in favor of immunity.” 934 F.3d at 64. It then granted immunity, reasoning that recommending content “is an essential result of publishing.” Id., at 66. Unconvinced, the dissent noted that, even if all publisher conduct is protected by § 230(c)(1), it “strains the English language to say that in targeting and recommending these writings to users … Facebook is acting as ‘the publisher of … information provided by another information content provider.’ ” Id., at 76–77 (Katzmann, C. J., concurring in part and dissenting in part) (quoting § 230(c)(1)).

Other examples abound. One court granted immunity on a design-defect claim concerning a dating application that allegedly lacked basic safety features to prevent harassment and impersonation. Herrick v. Grindr LLC, 765 Fed.Appx. 586, 591 (CA2 2019), cert. denied, 589 U. S. ––––, 140 S.Ct. 221, 205 L.Ed.2d 135 (2019). Another granted immunity on a claim that a social media company defectively designed its product by creating a feature that encouraged reckless driving.  Lemmon v. Snap, Inc., 440 F.Supp.3d 1103, 1107, 1113 (CD Cal. 2020).”

[vi] According to Justice Thomas: “Notwithstanding the statute’s narrow focus, lower courts have interpreted § 230 to “confer sweeping immunity” for a platform’s own actions. Malwarebytes, Inc. v. Enigma Software Group USA, LLC, 592 U. S. ––––, ––––, 141 S.Ct. 13, 14, 208 L.Ed.2d 197 (2020) (statement of THOMAS, J., respecting denial of certiorari). Courts have “extended § 230 to protect companies from a broad array of traditional product-defect claims.” Id., at –––– – ––––, 141 S.Ct. at 17 (collecting examples). Even when platforms have allegedly engaged in egregious, intentional acts—such as “deliberately structur[ing]” a website “to facilitate illegal human trafficking”—platforms have successfully wielded § 230 as a shield against suit. Id., at ––––, 141 S.Ct. at 17; see Doe v. Facebook, 595 U. S. ––––, ––––, 142 S.Ct. 1087, 1088, 212 L.Ed.2d 244 (2022) (statement of THOMAS, J., respecting denial of certiorari).

The question whether § 230 immunizes platforms for their own conduct warrants the Court’s review. In fact, just last Term, the Court granted certiorari to consider whether and how § 230 applied to claims that Google had violated the Antiterrorism Act by recommending ISIS videos to YouTube users. See Gonzalez v. Google LLC, 598 U.S. 617, 621, 143 S.Ct. 1191, 215 L.Ed.2d 555 (2023). We were unable to reach § 230’s scope, however, because the plaintiffs’ claims would have failed on the merits regardless. See id., at 622, 143 S.Ct. 1191 (citing Twitter, Inc. v. Taamneh, 598 U.S. 471, 143 S.Ct. 1206, 215 L.Ed.2d 444 (2023)). This petition presented the Court with an opportunity to do what it could not in Gonzalez and squarely address § 230’s scope.”

[vii] According to Justice Thomas: “Although the Court denies certiorari today, there will be other opportunities in the future. But, make no mistake about it—there is danger in delay. Social-media platforms have increasingly used § 230 as a get-out-of-jail free card. Many platforms claim that users’ content is their own First Amendment speech. Because platforms organize users’ content into newsfeeds or other compilations, the argument goes, platforms engage in constitutionally protected speech. See Moody v. NetChoice, 603 U. S. ––––, ––––, 144 S.Ct. 2383, ––––, ––– L.Ed.2d –––– (2024). When it comes time for platforms to be held accountable for their websites, however, they argue the opposite. Platforms claim that since they are not speakers under § 230, they cannot be subject to any suit implicating users’ content, even if the suit revolves around the platform’s alleged misconduct. See Doe, 595 U.S. at 1–2, 142 S.Ct. at 1088 (statement of THOMAS, J.). In the platforms’ world, they are fully responsible for their websites when it results in constitutional protections, but the moment that responsibility could lead to liability, they can disclaim any obligations and enjoy greater protections from suit than nearly any other industry. The Court should consider if this state of affairs is what § 230 demands. I respectfully dissent from the denial of certiorari.”

[viii] “As best understood, the ordinary meaning of § 230 provides TikTok immunity from suit for hosting videos created and uploaded by third parties. But it does not shield more, and Anderson’s estate may seek relief for TikTok’s knowing distribution and targeted recommendation of videos it knew could be harmful. Accordingly, I concur in the judgment in part and dissent in part.”

[ix] “Now consider how newspapers and social-media platforms edit content. Newspaper editors are real human beings, and when the Court decided Tornillo (the case that the majority finds most instructive), editors assigned articles to particular reporters, and copyeditors went over typescript with a blue pencil. The platforms, by contrast, play no role in selecting the billions of texts and videos that users try to convey to each other. And the vast bulk of the “curation” and “content moderation” carried out by platforms is not done by human beings. Instead, algorithms remove a small fraction of nonconforming posts post hoc and prioritize content based on factors that the platforms have not revealed and may not even know. After all, many of the biggest platforms are beginning to use AI algorithms to help them moderate content. And when AI algorithms make a decision, “even the researchers and programmers creating them don’t really understand why the models they have built make the decisions they make.” Are such decisions equally expressive as the decisions made by humans? Should we at least think about this?”

[x] See, UMG Recordings, Inc. v. Shelter Cap. Partners LLC , 718 F.3d 1006, 1014 (9th Cir. 2013).

[xi] See, Viacom International, Inc. v. YouTube, Inc., 676 F.3d 19 (2d Cir. 2012) (“A similar analysis applies to the “related videos” function, by which a YouTube computer algorithm identifies and displays “thumbnails” of clips that are “related” to the video selected by the user. The plaintiffs claim that this practice constitutes content promotion, not “access” to stored content, and therefore falls beyond the scope of the safe harbor… But even if the plaintiffs are correct that § 512(c) incorporates a principle of proximate causation—a question we need not resolve here—the indexing and display of related videos retain a sufficient causal link to the prior storage of those videos. The record makes clear that the related videos algorithm “is fully automated and operates solely in response to user input without the active involvement of YouTube employees.” Furthermore, the related videos function serves to help YouTube users locate and gain access to material stored at the direction of other users. Because the algorithm “is closely related to, and follows from, the storage itself,” and is “narrowly directed toward providing access to material stored at the direction of users,” UMG I, 620 F.Supp.2d at 1092, we conclude that the related videos function is also protected by the § 512(c) safe harbor.”);Davis v. Pinterest, Inc., 601 F. Supp. 3d 514 (N.D. Cal. 2022).some

[xii] See, Google Defamation Battle: A Quebec Man’s Story – Barry Sookman, Social media liability for defamation: Giustra v Twitter – Barry Sookman, Hyperlinking and ISP liability clarified by Supreme Court in Crookes case – Barry Sookman

[xiii] Under the Directive, where an information society service is provided that consists of the storage of information provided by a recipient of the service, Member States must ensure that the service provider is not liable for the information stored at the request of a recipient of the service, on condition that: (a) the provider does not have actual knowledge of illegal activity or information and, as regards claims for damages, is not aware of facts or circumstances from which the illegal activity or information is apparent; or (b) the provider, upon obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information. The Directive contains two recitals (Recitals 42 and 44) that confirm the intention of the directive to apply only to services of a ““technical, automatic and passive nature””. Several decisions have confirmed that the hosting exception applies only to passive hosts.See, Google France SARL et al. v. Louis Vuitton Malletier SA et al., Joined Cases C-236/08 to C-238/08, L’Oreal v. eBay, Case C?324/09, Reti Televisive Italiane S.p.A.v. Yahoo! Italia, Tribunale di Milano, 9 September 2011, R.G. 79619/0.