Fixing the CDA 230 Subsidy While Preserving Online Anonymity

Thanks again for the great responses in comments.  I’ve learned a lot about how people think about the Internet of 2010 and whether it fits the “Wild West 2.0” model.

On Monday, we discussed why the Internet of 2010 resembles the closing of the Wild West frontier.  On Tuesday, we talked about whether CDA 230 is appropriate for the Internet of 2010.  Yesterday, we talked about why CDA 230 is a subsidy to online libel.

Today, I want to present some ideas to preserve the best parts of anonymous free expression, while fixing the subsidy that Section 230 of the Communications Decency Act gives to libelous speech.  I’d love to hear your thoughts.

Online Anonymous Speech is a Good Thing

Anonymous online speech can be powerful and beneficial.  You are free to leave anonymous or pseudonymous comments on this site, which encourages free discussion of political issues.  Protesters in Iran can spread ideas, corporate whistleblowers can speak out, and the government is deterred from at least one form of intrusion into personal life.  On a personal level, you can explore your identity, research controversial causes or issues, or just vent frustration.  All of these are good things and worthy of preservation.

But in the offline world there is also accountability for anonymous speech that is libelous or invasive of privacy.  By taking control of the media away from The New York Times and putting it in the hands of individual bloggers, the Internet have empowered free expression and opinion, but also empowered hundreds of millions of people to anonymously libel each other and invade each others’ privacy.

Updating the Assumptions Underlying CDA 230

CDA 230 was based on a number of guesses about how the Internet of the then-future would work.  We’ve had almost fifteen years to test those assumptions.

To give a little perspective, in 1996, when Section 230 of the Communications Decency Act was passed, the first search engines like AltaVista and Lycos were just getting started, the Google founders were still in college, Netscape Navigator was the most popular browser, the first version of Microsoft Internet Explorer had just been released, and OS/2 was considered a viable operating system.

In 1996, many people assumed that CDA 230 was necessary to a functioning Internet.  They believed that if hosts* had any liability (under any circumstances) for any content, they would stop providing platforms for user interaction.  * I use “hosts” to mean primarily websites that host user-generated content, like Facebook, discussion forums and blog hosts.

But in fifteen years of experience, we’ve seen that CDA 230 is not required for a thriving Internet.  Europe does not have a statute equivalent to CDA 230, the U.K. has stricter libel laws than the United States, and Directive 2000/31/EC requires EU member nations to enforce libel laws online.  But some estimates suggest that Internet use is actually higher in the U.K. than the U.S.  The same goes for Japan (hosts may be liable if they have knowledge of libel, higher Internet use than the U.S.) and Canada (hosts immune only if “innocent dissemination,” higher Internet use than U.S.).  Fast-growing nations like Brazil have experienced ten-fold increases in Internet use in the last decade, even without a local version of CDA 230.

Many people like the “Internet routes around  damage” metaphor to claim that CDA 230 is irrelevant. But right now, the US is the only major country with CDA 230 immunity.  There will always be jurisdictions like Sealandia, but the vast majority of the commercial Internet is based in the U.S., E.U., and Pacific Rim.  There will always be Freenet-type projects that evade all jurisdictions and have no commercial connections, but the vast majority of the network relies on advertising dollars.  And the mostly-effective U.S. online gambling ban suggests that the legal regime does matter after all.

We can also learn from the DCMA: we’ve seen that over-use of DMCA takedowns can lead to chilling effects.  (disclosure: My employer, ReputationDefender, does not send DMCA takedown notices.)  But we’ve also seen that even despite periodic abuses of the DCMA, the user-generated Internet has bloomed.  The DMCA did not, despite itself, kill the Internet.

The drafters of CDA 230 worked in an era when a user’s ISP and forum host were the same.  The Prodigy case led directly to CDA 230.  The cased turned on the actions of a Prodigy subscriber on a Prodigy-run message board inside Prodigy’s “walled-garden.”  Back then, it would have been easy to find the original defendant: Prodigy ran the forums and had a billing relationship with every poster.  The same was true of services like CompuServe and AOL.

Today, there is no connection between ISP and content host.  Instead of Prodigy serving as both ISP and forum host, today Comcast (as ISP) has no relationship with BlogSpot (as content host).  Because of the separation, it became near-impossible find the original defendant in many online libel cases.

Another faulty assumption of CDA 230 is that it would encourage websites to filter their content and produce a more civilized online world.  In the Prodigy case, the service as found liable in part because it selectively removed some libelous and obscene comments (the court: “Prodigy’s conscious choice, to gain the benefits of editorial control, has opened it up to a greater liability”).  The hope for CDA 230 was that, by removing any penalty for taking editorial control, more sites would exercise discretion and remove harmful content.

Of course, the last 15 years have taught us that CDA 230 has been used to support immunity for inaction as much as action.  Many sites have taken the grant of immunity intended to encourage editorial control and used it to abdicate responsibility.

Finally, CDA 230 is a law that assumed the Internet needed a subsidy to grow.  Almost fifteen years of open frontier Internet later, the Internet is approaching maturity (or at least its petulant teenage years) and it is questionable whether the Internet now deserves a special subsidy that no other form of media gets.  Even if the CDA 230 subsidy made sense in 1996, the assumption does not hold in 2010.

Market Solutions are Part of the Answer, But Not All of It

We’ve already seen some market influence toward record-keeping, such as the trend toward services like Facebook Connect.  Sites use identification to discourage users from abusing other users.  But as long as there is no barrier to entry and as long as humans love scandal, the market will not be able to fully correct for the race-to-the-tabloid-bottom effect of sites that benefit from the libel subsidy and encourage users to attack others.

There are also commercial services that help victims recover from online attacks, but these also do not substitute for a legal regime that discourages attacks in the first place.  (Disclosure: My employer provides services that help people build their online reputation before it is damaged, recover from attacks, keep their personal and professional lives separate, and protect their privacy.)  These services can be expensive, some forms of attack can never be fully eliminated, and mitigation does not take the place of prevention.  They cannot replace the proper legal regime, even if they help mitigate damages after the fact.

A Proposal to Keep the Best and Jettison the Rest

How do we keep the best parts of online anonymous speech while jettisoning the ability of site owners to actively encourage libel or invasion of privacy?

This is not a balance between anonymity and accountability.  There will always be anonymity online thanks to services like Anonymizer and TOR.

I propose an opt-in system for web hosts:

Hosts that make a good-faith effort to keep sufficient records to locate content creators are granted CDA-style immunity, even if they have knowledge of liability-creating content.  Sites that do not keep records are immune unless they know that there is liability-creating content.  Good-faith attempts to filter shall not create knowledge liability for what is missed.

The system preserves the right to speak anonymously in both cases; nothing requires sites to reveal any information except on subpoena.  The system still allows sites to choose not to keep any records; if a site wants to allow completely anonymous interactions then it may do so.   No liability is ever imposed without knowledge of the content.  And the original goal of CDA 230 (to fix the filtering glitch in Prodigy) is respected without creating another race-to-the-bottom.

The system preserves First Amendment and free expression values while also respecting the right of non-speakers to privacy and quiet solitude.  It removes a subsidy to libel, and puts the Internet on even footing with other forms of media.  It is technologically neutral, and imposes no new burdens on sites that don’t currently have knowledge of liability-creating material.  And it harmonizes US and foreign law, to make cross-border websites easier to maintain.

Tomorrow: Future Problems in Reputation and Privacy

David Thompson is co-author of the leading Internet policy book of 2010, Wild West 2.0 (Amazon) and general counsel of ReputationDefender, Inc.. The standard disclaimer applies: the views represented here are his alone and not those of any current or former employer.


Powered by WordPress. Designed by Woo Themes