Long ago in internet time, back in the mid-1990s, Congress considered how closely to regulate Internet Service Providers (ISPs). Congress determined that it was in the best interests of the United States not to burden ISPs with restrictions, so that the Internet could grow and flourish in the areas of commerce, communications and education. Thus, Section 230 of the Communications Decency Act was enacted and it provides broad immunity for ISPs with respect to third-party content posted on their sites. Generally speaking, ISPs have not been saddled with publisher-type liability — it is not their job to police their web sites to ensure that posted content is not false or malicious.
The high water mark of Section 230 ISP immunity probably was best represented by the late-1990s case of Zeran v. AOL. In that case, the Fourth Circuit Court of Appeals basically held that AOL did not have liability even though Zeran established that third-party content on the AOL site sought to connect Zeran with the Oklahoma City federal building bombing (the worst terrorist attack on US soil up to that time). These posts led to death threats, the loss of Zeran’s business, and the needed for 24/7 protection. He also alleged that AOL did not take down these extremely offensive and damaging posts in a timely fashion even after having been notified. Notwithstanding, the Fourth Circuit held that AOL had no liability pursuant to Section 230 immunity.
Since the Zeran case, there have been judicial efforts to whittle down the broad immunity afforded ISPs by Section 230. But Section 230 still stands as a substantial barrier in efforts to pin liability on ISPs for third-party content. And in part because of Section 230, ISPs truly have flourished since the enactment of this statute. Indeed, companies like Facebook, Google and Twitter now are some of the most highly-valued companies in the world.
But, just last week these three companies were on Capitol Hill testifying about what happened during the 2016 Presidential Election. Facebook alone revealed that one Russian group posted about 80,000 times during the campaign and reached over 126 million Facebook users. And, of course, Congress is concerned that Facebook purportedly did not endeavor to ascertain the true identities of the posters, nor did Facebook allegedly seek to ascertain whether the information posted was true or false.
Apparently, efforts now are being undertaken by Facebook and perhaps other ISPs, especially in the election context, to try to ensure identity transparency and accuracy via fact-checking. However, how far do these efforts go, can ISPs on their own ensure the truth, and will Congress be satisfied by such self-regulation?
Some members of Congress do seem deeply concerned, and the legislative machine may be gearing up. Will Congress explicitly eliminate, at least to some extent, the heightened immunity afforded to ISPs under Section 230? If so, will such efforts require ISPs generally to police third-party content much like a traditional publisher, especially now that some ISPs are all grown up and our internet truly has matured? Or, will legislation be tied primarily to election context? Or further still, can the ISPs convince Congress that they truly can handle such problems on their own and that legislation is unnecessary?