EPIC Traces the Ninth Circuit’s Surprisingly Narrow Section 230 Interpretation as the Court Hears Two Important Cases

April 11, 2024 | Megan Iorio, EPIC Senior Counsel, and Tom McBrien, EPIC Counsel

This week, the Ninth Circuit is hearing oral argument in two important Section 230 cases: Bride v. Yolo Technologies and In re Casino Style Games Litigation. The cases present the Ninth Circuit with opportunities to clarify whether Section 230 bars suits against app stores that sell illegal apps and social media companies that design unsafe products and misrepresent the rules of their platforms to their consumers. The evolution of the Ninth Circuit’s Section 230 doctrine over the last 15 years suggests that the Court may make some blockbuster pronouncements that will help advocates push for a safer internet.

Section 230 is one of the most important—and controversial—laws governing the internet. The text of the most relevant portion says that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”

Companies have long trotted out Section 230 as a defense against almost any claims. Some civil liberties groups have backed industry claims, arguing that Section 230 is essential to ensure free speech and innovation online. But Section 230 was meant to accomplish a very limited purpose: preventing lawsuits that would force internet companies to either screen for and block all illegal content, or to not moderate their platforms at all. This limited purpose protects free speech online; an overbroad interpretation of Section 230 is a license for internet companies to act with impunity, removing an important incentive to design safe products and comply with generally applicable laws.

Perhaps surprisingly, the Ninth Circuit has often shared the concerns of advocates like EPIC and has been steadily narrowing its Section 230 interpretation over the last 15 years. In this blog post, we will outline how the Ninth Circuit has sought to strike a careful balance between achieving Congress’s aim to not overburden internet companies with liability for user-generated content while still holding the companies accountable for their own harmful acts. The result: a nuanced, duties-based framework that the court uses today and that tech companies are trying to overturn.

Step 1: Recognizing Section 230 does not protect internet companies who induce harmful user-generated content through product design choices.

The first major doctrinal move the Ninth Circuit made to rein in Section 230 occurred in 2008. A pair of California fair housing groups sued Roommates.com, alleging that the website violated federal and state fair housing laws by restricting the housing options users were able to see based on the users’ protected characteristics. Roommates.com tried to get out of the suit by arguing that Section 230 applied because its users were responsible for the content that allegedly violated the laws. But the Ninth Circuit, sitting en banc, disagreed. It found that Roommates.com materially contributed to the unlawfulness of the housing posts by requiring users to state their preferred roommates in terms of protected characteristics like gender, sexual orientation, and family status, and used these preferences to limit the listings that users could see.

In the Roommates.com decision, the Ninth Circuit recognized that websites do not get Section 230 immunity when their design choices contribute to the illegality of third-party content. The decision is significant for creating a path forward for holding internet companies liable for their design decisions. But the principle holding of the decision—material contribution turns an immune “interactive computer service provider” (“ICS”) into a non-immune “information content provider” (“ICP”)—would ultimately have limited applicability. Few internet companies design their services to elicit illegal content from their users like Roommates.com did. More typically, platforms deploy neutral tools that are indifferent to the illegality of third-party content, and plaintiffs that argue that a company materially contributed to the harm they suffered often fail to escape Section 230’s shield.

The Roommates.com case is perhaps more significant for its broader reasoning, which has informed subsequent developments in the Ninth Circuit’s Section 230 doctrine. In Roommates.com, the Ninth Circuit recognized that Section 230 was meant to protect against a very specific set of claims: ones that force companies to either screen and block any unlawful content on their platforms or to not screen and block content at all. The Court noted that this was precisely the duty that Stratton-Oakmont v. Prodigy tried to impose on internet companies that moderate content, and Section 230 was passed in direct response to that case. So, while holding a company liable for not detecting and removing illegal content was likely within Section 230’s shield, claims that did not impose that duty might be fair game.

The Roomates.com Court was particularly concerned that activities that are illegal offline do not magically become legal when performed online. The Court repeatedly compared Roommates.com’s conduct to that of a real estate broker who is working face-to-face with a client—the latter cannot ask their client about their protected status and use that information to limit the listings they show them, so why should Roommates.com be able to do so? Ensuring that laws of general applicability apply online—and that online companies be held to account just as their offline counterparts are—would become a recurring theme in future Ninth Circuit Section 230 decisions.

Step 2: Narrowing Section 230’s scope to claims that allege a defendant has a publisher’s duty, not claims premised on publishing activity.

Shortly after it announced the Roommates.com decision, the Ninth Circuit issued another keystone Section 230 ruling in a case called Barnes v. Yahoo!, Inc. The Barnes case developed Section 230 in two important ways: it created a three-prong test to evaluate Section 230 cases which is now used in almost all other federal courts, and it narrowed Section 230’s scope to only cover claims that would impose a publisher’s duties on defendants, not claims based on defendants’ publishing activities.

In Barnes, Cecilia Barnes sued Yahoo, which ran a social media company at the time. After a break-up, Barnes’s ex-boyfriend made fake profiles of her on Yahoo’s site displaying nude photos of Barnes, soliciting strangers for sex, and providing her address and contact information. Barnes followed Yahoo’s procedures to report and request deletion of the accounts and contacted Yahoo dozens of times. Yahoo assured her it would delete the accounts, but it never did. Barnes sued, alleging that Yahoo was liable under two different causes of action: negligent undertaking and breach of contract. The negligent undertaking claim alleged, essentially, that, once Yahoo “undertook” the service of providing a social media forum, it had to do so “reasonably”—i.e., in a way that would not harm its users. The breach of contract claim alleged that once Yahoo promised Barnes it would delete the harmful content, it was liable for not doing so.

To evaluate these claims, the Court applied a three-prong test that every subsequent Ninth Circuit court would use to analyze Section 230 cases. Drawing from Section 230’s language, the Ninth Circuit announced that Section 230 “only protects from liability (1) a provider or user of an interactive computer service (2) whom a plaintiff seeks to treat . . . as a publisher or speaker (3) of information provided by another information content provider.”

From this point forward, the Ninth Circuit would develop tests for each prong to determine when Section 230 prohibits a claim. It situated the Roommates.com decision within the third prong, and then began to develop a prong two test that would ultimately be far more important for reining in Section 230. This was an important development because, until Barnes, what it meant to “treat” an ICS “as a publisher” was mostly ignored in Section 230 analyses or assumed to mean that ICSs were immune for any action they took that could be characterized as a “publishing activity”—essentially, any conduct connected to the distribution of third-party content.

The core narrowing principle in Barnes is that, under the second prong of its test, a claim does not treat an ICS “as a publisher” just because the claim seeks to hold the ICS liable for publishing activities. Yahoo tried to argue that the negligent undertaking and breach of contract claims were the same: both required Yahoo to remove third-party content, so both were barred under Section 230. But the Barnes court said the claims were different and barred the negligent undertaking claim while allowing the contract claim. The key difference between the claims was that allowing the negligent undertaking claim would mean recognizing the defendant had an automatic duty to remove harmful third-party content in order to run a social media website responsibly, which is analogous to the duties that publishers face at common law. But allowing the contract claim was not the same because it depended on Yahoo making a promise. In other words, the contract claim alleged a promisor’s duty, not a publisher’s duty. The distinction matters because recognizing the promisor’s duty would not require Yahoo to monitor and prevent publication of all harmful content, so Section 230 did not prohibit the claim.

This was a crucial narrowing because, without it, Section 230 would immunize wide swaths of internet companies’ harmful behavior. Almost everything they do can be boiled down to publishing, editing, or removing user-generated content. Section 230 was not meant to immunize them from their own bad acts, only from automatic liability for their users’ content.

Step 3: Clarifying that internet companies have the same duties any offline business does to protect consumers unless the duty is synonymous with a publisher’s duty.

Since Barnes was decided, online platforms have become entrenched in the economy in the form of social media companies and marketplaces for home rentals, car rentals, smartphone apps, and more. Internet companies have sought Section 230 protection when accused of selling harmful products, designing harmful features, and misrepresenting how they govern their marketplaces.

The Ninth Circuit has largely resisted these invitations to widen Section 230’s scope, ensuring the law remains narrowly focused on publisher duties.

In Doe v. Internet Brands, 824 F.3d 846 (9th Cir. 2016), the Court found that Section 230 did not prohibit a “failure to warn” claim where the ICS had an alleged duty to warn the plaintiff that sexual assaulters were using its website. “The tort duty asserted here does not arise from an alleged failure to adequately regulate access to user content or to monitor internal communications that might send up red flags about sexual predators. . . . Jane Doe alleges actual knowledge by Internet Brands from an outside source of information about criminal activity.”

In Homeaway.com, Inc. v. City of Santa Monica, 918 F.3d 676 (9th Cir. 2019), it recognized that companies like AirBnB, VRBO, and Homeaway.com had a duty to comply with a law against renting homes that were not on the city’s registry of pre-approved properties. “Like their brick-and-mortar counterparts, internet companies must also comply with any number of local regulations concerning, for example, employment, tax, or zoning.” Despite the fact that this law would force them to monitor third-party listings before booking a transaction, the duty did not require them to alter or remove any third-party listings—only to refuse to book transactions for them.

In Lemmon v. Snap, 995 F.3d 1085 (9th Cir. 2021), the Court permitted a product liability claim against Snapchat for its “speed filter” and rewards features that incentivized users to drive dangerously. “Their negligent design lawsuit treats Snap as a products manufacturer, accusing it of negligently designing a product (Snapchat) with a defect (the interplay between Snapchat’s reward system and the Speed Filter). Thus, the duty that Snap allegedly violated ‘springs from’ its distinct capacity as a product designer.”

Looking forward

Both of the cases being argued this week, Bride v. Yolo Technologies and In re Casino Style Games Litigation, present the Ninth Circuit with further opportunities to reinforce the important narrowing principles it has been developing over the last 15 years.

Bride v. Yolo involves a suit against a social media app developer that allegedly designed its app in a way that incentivized cyberbullying. The developer also lied to users about having anti-bullying safety features such as the ability to ban users who were shown to be abusive. The case was brought by a group of plaintiffs including the family of Carson Bride, a teen who killed himself after being bullied on the Yolo app. Yolo told users it would ban and reveal the identities of bullies, but it did not actually do so when Carson attempted to escape his bullies. Yolo argues that these claims treat it as a publisher because the cyberbullying was third-party content. The plaintiffs counter that their claims do not treat Yolo as a publisher because they are based on defective features and Yolo’s own misrepresentations. They also cite Roommates.com to argue that Yolo was so defectively designed that it ensured rampant cyberbullying would flourish.

And In re Casino Style Games Litigation involves suits against large tech companies who profited by selling illegal gambling games on their app stores and the virtual tokens used to gamble in those apps. App store liability is a large, increasingly litigated Section 230 issue. Defendants, such as the companies in this case, argue that operating an app store is indistinguishable from publishing. But this ignores the fact that simply listing the apps is not what the plaintiffs are suing over: it’s booking unlawful transactions by accepting money in exchange for downloading casino apps and tokens that violate gambling laws. It is indistinguishable from Homeaway.com, in which companies could be held liable not because they published information about non-rentable properties, but because they specifically brokered rental transactions for those properties. App store operators have a duty to ensure the legality and safety of the products they sell, just like a GameStop or other brick-and-mortar gaming store.

The companies and their allies warn that anything but a maximalist 230 interpretation will result in the death of free speech and innovation on the internet, despite the fact that it did not in Roommates.com, Barnes, Homeaway.com, Lemmon, or any other case in which the Ninth Circuit interpreted Section 230 more narrowly. Whether the Ninth Circuit heeds these warnings or maintains its relatively narrow Section 230 course will determine whether tech companies have any real incentive to protect their users moving forward.

Support Our Work

EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.