Privacy

State AGs To Seek Major Changes to CDA Safe Harbor

Published: Jul. 09, 2013

Updated: Oct. 05, 2020

State Attorneys General have announced their intention to press Congress to narrow the immunity provisions of the Communication Decency Act (“CDA”), 47 U.S.C. § 230,  to exempt state criminal prosecutions from the CDA safe harbor.  It was signaled at last month’s NAAG meeting that the group of AGs would make public its full proposal in the near future.

The Impending Proposal to Narrow CDA Immunity

The CDA has long insulated online service providers from liability for crimes that are based on the actions or speech of their users.  A narrow exception to the CDA holds that it does not “impair the enforcement of . . . any . . . Federal criminal statute.”  However, federal prosecutions of online platforms have been rare – confined to instances where federal prosecutors can argue that an online platform has aided and abetted violations of federal law (e.g., regarding online gambling advertising).

This exception does not of course apply to violations of state criminal statutes – a vastly greater and more varied set of laws.  But a group of State AGs (“AGs”) are seeking to change that, and submitting a letter to Congress requesting the insertion of two words – “or state” – where the CDA exempts cases brought under a “Federal criminal statute.”   (This was described at the summer NAAG meeting in mid-June, by Attorney General Jackley of South Dakota, who is leading this effort along with Washington AG Bob Ferguson and Missouri AG Chris Koster).  The NAAG (National Association of Attorneys General) proposal is expected to be sent to Congress by mid-July.

The amendment being discussed would arm Attorneys General (and other prosecutors) with a broad arsenal of state statutes to brandish against online service providers, web publishers, social networks, gaming platforms and ISPs.  The history of State AG actions and public campaigns suggests that State AGs would aggressively use such authority — individually and collectively — to threaten (or charge) online platforms regarding user content or interactions that AGs regard as objectionable.  Likewise, under such an amendment, AGs and legislative partners would likely pass laws placing new burdens on online platforms, which today would be blocked by the CDA.  (As the CDA also prohibits “liability . . .  under any State or local law that is inconsistent with” its safe harbor.)

Prior Efforts by AGs to Impose Liability on Online Platforms

This AG effort comes after a decade of influential but sometimes legally fruitless efforts by State AGs to police and restrict online service providers – efforts often fueled by AG concerns around free and open interaction on the Internet, and the access the Internet can offer children.  AGs have in turn often been frustrated by and wary of innovative and disruptive technologies and eager – say more jaded observers – to win political points by stoking moral panic.

I witnessed this dynamic close-up as head of the New York AG’s Internet Bureau for six years, as AGs – individually and collectively – often threatened civil and criminal charges against new and disruptive social and business platforms.  Sometimes, criminal complaints were sworn (though rarely filed) against tech executives, particularly in cases where AGs perceived risks to children.  In each of these instances, cooler heads prevailed – usually because CDA immunity short-circuited drastic or overzealous measures.

Heated face-offs between AGs and online platforms have been common.  While AGs often have imposed public pressure and investigative scrutiny on platforms they’ve objected to, the CDA’s safe harbor has so far generally protected companies and executives from civil and criminal charges in those cases.  High profile examples of this include:

  • Early AG concerns about eBay’s offerings (circa 1999) and efforts to hold the company liable under “auction house” statutes;
  • AG efforts to sue chat room providers (and criminally charge ISP executives), for users’ inappropriate chat room activities;
  • Highly visible and contentious efforts by AGs to require MySpace to “age verify” its users – and introduction of bills requiring all social networks to do so (more background on that here and here ) – against a rising drumbeat of pressure, publicity, subpoenas and threats.  (These efforts culminated in an Internet Safety Task Force report);
A Glimpse Into a Future Without CDA Immunity

Narrowing the CDA safe harbor to permit state-law prosecutions of online services and platforms would vastly increase the set of tools that State AGs can and presumably will leverage against Internet platforms.   It would allow AGs to prosecute platforms under laws of general liability — ranging from criminal nuisance, endangering the welfare of minors, or aiding/abetting and criminal facilitation of unsavory content, ads, and interactions.  Likewise, it would permit legislatures to pass targeted laws — requiring age verification, content filtering and removal, and imposing product-altering controls and restrictions.  This would occur on a state-by-state basis, potentially leading to a patchwork quilt of laws – and likely constitutional challenges on First Amendment and Commerce Clause grounds.  Sites with user-generated content – an enormous swath of the Internet – would likely have to curtail features and freedoms provided to users, at the risk of criminal liability.

We will follow this initiative, and report back when the AGs release their formal proposal.  For a further, excellent read on this issue, see the recently posted article by Professor Eric Goldman, titled “Excluding State Crimes From 47 U.S.C. § 230 Would Be a Disaster” (July 1, 2013), available here.