The Law and Business of Social Media
November 10, 2023 - Social Media Policy, Section 230 Safe Harbor

PART 2(a) – Section 230: 27 Years Old and Still in the Spotlight

In this second installment of our six-part series examining Section 230, the section of the 1996 Communications Decency Act (CDA) that immunizes online service providers from liability stemming from the publication and filtering of content created by their users or other third parties, we’ll examine some of the most significant cases that interpreted and applied the statute in the fifteen (or so) years following its enactment.

These cases show a general trend of courts interpreting the statutory language broadly: rejecting any distinction between publisher and distributor liability for purposes of the Section 230 safe harbor, giving wide latitude to the types of platforms that qualify as “interactive computer services” and to who counts as a “provider or user” of such services, and clarifying that Section 230 immunity is not limited to defamation claims but rather extends to any claim or cause of action that treats the defendant as a “publisher or speaker” of third-party information.

But some of these early cases also imposed limits on the broad scope of Section 230 and planted the analytical seeds that would eventually lead to the more recent trend of cases interpreting the statute less expansively, which we will cover in our third installment of this series.

Due to length, we are publishing this second installment in two parts, so please keep an eye out for part two tomorrow.

If you want to catch up on the origins and prehistory of Section 230, you can read our first installment here.

A Landmark Case That Established the Broad Parameters of the Section 230 Safe Harbor

The first major case to interpret Section 230 following its enactment in 1996 was Zeran v. AOL in 1997. In Zeran, an anonymous post on an AOL bulletin board advertised the sale of t-shirts with slogans glorifying the Oklahoma City bombing (for those too young to remember, this was the domestic terrorist truck bombing of a federal office building in Oklahoma City that killed 168 people, including many children in a day care center). The t-shirts displayed highly offensive slogans such as “Finally a day care center that keeps the kids quiet ‒ Oklahoma 1995.”

The post instructed readers to contact plaintiff Kenneth Zeran and listed his home phone number. Zeran, in fact, had nothing to do with the post and apparently was randomly targeted for this prank. Zeran began receiving threatening calls. AOL removed the post at Zeran’s request, but similar posts appeared. Less than a week after the initial post, Zeran was receiving threatening calls every two minutes and his house was put under protective surveillance.

Zeran sued AOL, alleging that it was negligent in failing to adequately respond to the fake posts after becoming aware that they were fraudulent. AOL argued that it was protected by Section 230. Citing CompuServe and Prodigy (as discussed in Part 1), Zeran argued that AOL was a distributor of information (like a bookstore), rather than a publisher (like a newspaper), and thus was not protected by Section 230. As readers will recall from Part 1, Section 230 immunizes platforms from being treated as a “publisher or speaker” of third-party content, but the statute does not expressly address liability for distributing such content.

The court rejected this distinction between distributors and publishers, holding that Section 230 provided immunity for both the distribution and publication of content, and that AOL was therefore immune from liability for the third-party bulletin board posts. Today, more than 25 years later, the court’s holding in Zeran has never been rejected in a precedential opinion and has been adopted by every federal circuit court that has considered it. It’s not an overstatement to say that, at least from a legal point of view, the Fourth Circuit’s broad interpretation of Section 230 in this case was instrumental to the development of the commercial Internet in its early days.

For many years following Zeran, the general trend in the cases was to interpret Section 230 broadly and apply the safe harbor to a wide variety of defendants in an equally wide variety of circumstances.

Immunity for AOL in a Defamation Suit: Under Section 230, Online Is Different

In Blumenthal v. Drudge, a 1998 case in the District Court for the District of Columbia, Sidney Blumenthal, then an adviser to President Bill Clinton, and his wife Jacqueline Blumenthal sued Matt Drudge and AOL for defamation and libel, based on Drudge’s article describing Blumenthal’s alleged history of spousal abuse. The article appeared in the Drudge Report, Drudge’s eponymous news commentary and political gossip site, and was also published on AOL pursuant to a licensing arrangement between AOL and Drudge.

Immediately after the Blumenthals filed the claim, Drudge issued a retraction and public apology, but the Blumenthals proceeded with the suit. The court granted summary judgment to AOL, holding that it was immune from liability under Section 230. The court interpreted the statute broadly and held that AOL was not a publisher or speaker of Drudge’s article, even though it paid him and promoted his column on its website (this aspect of the court’s analysis has been criticized).

The court noted that, “[i]n recognition of the speed with which information may be disseminated and the near impossibility of regulating information content, Congress decided not to treat providers of interactive computer services like other information providers such as newspapers, magazines or television and radio stations, all of which may be held liable for publishing or distributing obscene or defamatory material written or prepared by others.” As in Zeran, the court also rejected the Blumenthal’s argument that AOL should be held liable as a distributor, since Section 230 made no distinction between publishers and distributors.

Blumenthal thus demonstrates that, from the beginning, courts have recognized that Section 230 represented a radical break from traditional defamation law: under Section 230, online really is different.

Ninth Circuit Holds that Section 230 Immunity Applies to Publication of an Allegedly Defamatory Email

In 2003, the Ninth Circuit held in Batzel v. Smith that Section 230 immunity extended to a museum administrator who selected, edited, and published on the museum’s Listserv and website an email he had received claiming that plaintiff Ellen Batzel possessed paintings looted by the Nazis during WWII.

The case arose after Robert Smith, a handyman who was working for Batzel, sent an email to Ton Cremers, the director of Amsterdam’s famous Rijksmuseum, in which Smith accused Batzel of owning art stolen by the Nazis and being a descendant of Heinrich Himmler. After making a few minor editorial adjustments to Smith’s email, Cremers sent it to the museum’s email distribution list and published it on the website without Smith’s consent or knowledge. Batzel learned of the email and contacted Cremers, who in turn contacted Smith for clarification. Smith asserted that his claims were correct but said he never would have sent the email had he known it was going to be published. Batzel claimed her reputation had been injured by the publication and sued Smith, Cremers, and the Netherlands Museum Association (and other related parties).

The court first examined whether the museum Listserv and website qualified as “provider[s] or user[s] of an interactive computer service” for purposes of Section 230. The Ninth Circuit interpreted the statutory language broadly to include the Listserv and website, rejecting the district court’s conclusion that only services that provide access to the Internet as a whole qualify as interactive computer services. The court also noted that, regardless of whether the Listserv and website were themselves interactive computer services, Section 230 covers not only providers but also users of interactive computer services, and there was no dispute that the museum network “uses interactive computer services to distribute its on-line mailing and to post the listserv on its website.”

The court then went on to consider whether the email as published by Cremers constituted information “provided by another information content provider” under Section 230, and “whether Smith was the sole content provider of his e-mail, or whether Cremers can also be considered to have ‘creat[ed]’ or ‘develop[ed]’ Smith’s e-mail message forwarded to the listserv.” The court determined that Cremers’ minor edits to the email did not rise to the level of “development,” nor did the fact that Cremers chose to forward the email to the Listserv undermine Section 230 immunity: “the exclusion of ‘publisher’ liability necessarily precludes liability for exercising the usual prerogative of publishers to choose among proffered material and to edit the material published while retaining its basic form and message.”

Interestingly, the court’s analysis did not end there, due to the fact that Smith claimed he never intended his email to be published. The court noted that “[t]he question thus becomes whether Smith can be said to have ‘provided’ his e-mail in the sense intended” by Section 230’s reference to information “provided by” another information content provider. If Smith never intended his email to be published on the Internet, then Cremers’ decision to forward it to the Listserv would be analogous to clipping an article from a magazine and publishing it online. That is not what Section 230 was intended to cover.

Ultimately, the court determined that Section 230 immunity applies if a provider or user of an online platform reasonably believed under the circumstances that a third party provided the material at issue for publication on the Internet. The court remanded this issue to the district court.

Ninth Circuit Holds that Section 230 Provides Immunity for Fake Dating Profile

In Carafano v. Metrosplash, a Ninth Circuit case from 2003, a man in Berlin, Germany created a fake profile on, masquerading as actress Christianne Carafano (whose stage name is Chase Masterson). The imposter also included Carafano’s home address and telephone number. initially refused to remove the profile even after Masterson had received threatening and sexually explicit voicemail messages and a fax, but did eventually remove the profile. Carafano sued the company in California for defamation, misappropriation of the right of publicity, invasion of privacy, and negligence.

The district court rejected’s Section 230 defense due to the fact that the site’s profile creation process required users to answer a lengthy questionnaire. The district court determined that this made partly responsible for the content of the fake profile and, therefore, an “information content provider” in Section 230 terms. The Ninth Circuit reversed the district court and held that was entitled to Section 230 immunity as an interactive service provider, and was not an information content provider with respect to the fake profile, notwithstanding the questionnaire.

In its opinion, the court stated:

Under § 230(c), therefore, so long as a third party willingly provides the essential published content, the interactive service provider receives full immunity regardless of the specific editing or selection process…. The fact that some of the content was formulated in response to Matchmaker’s questionnaire does not alter this conclusion. Doubtless, the questionnaire facilitated the expression of information by individual users. However, the selection of the content was left exclusively to the user. The actual profile “information” consisted of the particular options chosen and the additional essay answers provided. Matchmaker was not responsible, even in part, for associating certain multiple choice responses with a set of physical characteristics, a group of essay answers, and a photograph. Matchmaker cannot be considered an “information content provider” under the statute because no profile has any content until a user actively creates it.

California Supreme Court Addresses Publisher/Distributor Distinction as well as Application of Section 230 to Users

The 2006 California Supreme Court case, Barrett v. Rosenthal, addressed two important issues: first, whether Section 230 confers immunity with respect to both publisher and distributor liability (i.e., the same question at issue in Zeran as discussed above); and second, how Section 230 applies to users (as distinct from providers) of online platforms.

The case arose from allegedly defamatory statements contained in a letter written by Tim Bolen, a publicist for alternative medicine practitioners including the late Hulda Clark. Bolen’s letter attacked plaintiffs Stephen Barrett and Terry Polevoy, two physicians who operated websites devoted to exposing health frauds. Defendant Ilena Rosenthal reposted Bolen’s letter on two alternative medicine newsgroup sites. The plaintiffs sued, alleging that Rosenthal committed libel by maliciously distributing defamatory statements impugning their character and competence, and disparaging their efforts to combat fraud, even after the plaintiffs had notified Rosenthal that the statements were false and defamatory.

The trial court dismissed the defamation claims against Rosenthal, but the California Court of Appeal reversed, holding that Section 230 immunized only publishers, not distributors, of defamatory information. The California Supreme Court then reversed the Court of Appeal, citing Zeran for the proposition that “the publisher/distributor distinction makes no difference for purposes of section 230 immunity” and that “[s]ubjecting service providers to notice liability would defeat ‘the dual purposes’ of section 230, by encouraging providers to restrict speech and abstain from self-regulation.”

Barrett also addressed the fact that Rosenthal was a user of the newsgroup sites where she posted Bolen’s letter, rather than the operator of those sites. Although the defendants in most Section 230 cases are platform operators rather than platform users, Section 230(c)(1) says that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider” (emphasis added).

The court in Barrett noted that “user” is not defined in the statute, and that users such as Rosenthal “are situated differently from institutional service providers with regard to some of the principal policy considerations” that underlie Section 230. Among other things, “individuals do not face the massive volume of third-party postings that providers encounter, [so] [s]elf-regulation is a far less challenging enterprise for them,” and “[u]sers are more likely than service providers to actively engage in malicious propagation of defamatory or other offensive material.”

Nonetheless, the court concluded that “[t]he standard rules of statutory construction . . . yield an unambiguous result,” namely that “‘[u]ser’ plainly refers to someone who uses something, and the statutory context makes it clear that Congress simply meant someone who uses an interactive computer service.” Because Rosenthal used the Internet to gain access to newsgroups where she posted Bolen’s allegedly defamatory letter, the court held she was a “user” under Section 230 and entitled to the benefit of the safe harbor. The court also held that, for purposes of Section 230, there was no distinction between “active” and “passive” users, and that “[b]y declaring that no ‘user’ may be treated as a ‘publisher’ of third party content, Congress has comprehensively immunized republication by individual Internet users.”