Attacks Begin On Section 230 of the Communications Decency Act

Section 230 of the Communications Decency Act is one of the pivotal clauses establishing freedom of speech on the web, which is somewhat humorous when you consider few website operators have even heard of it. New attacks on this clause are being launched as I write this; attacks that could change the web as we know it. Here is what you need to know about current events.

Section 230

To fully grasp the key parts of Section 203, one must look to subsection “c” of the law. It reads as follows.

(1) Treatment of publisher or speaker
No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.
(2) Civil liability
No provider or user of an interactive computer service shall be held liable on account of—
(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or
(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1). [1]

Courts have interpreted this clause broadly and rightly so. The practical effect is it is very difficult to sue a website operator for statements uploaded by users that defame, harass or constitute other actionable legal conduct. This immunity prevents small and large sites alike that allow user-generated content from being put out of business because of a tsunami of copyright infringement lawsuits.


Critics attack section 230 for making it difficult for a person to track down someone who has defamed them online. This criticism is often justified. Let’s consider an example.

John goes to a dentist who charges him $2,500 for two crowns. John learns another dentist would have done the work for $1,500. He asks for a refund and the dentist refuses. John then creates an account with Yelp using a fake name and random Yahoo email address. He posts highly critical comments about the dentist and makes wildly unfounded assertions about the dentist being a pedophile.

Such a review is going to damage the reputation of the dentist severely. The dentist can sue John for defamation but only if he can identify him. If the lawyer for the dentist submits a subpoena to Yelp asking for the identity of John, Yelp will only produce a fake identity, generic email address and IP address. The lawyer might be able to make use of the IP address to identify John, but only if John posted the review from his home or office.

And what about Yelp? The dentist cannot file a lawsuit against the website because of the protection provided in Section 230.

The result is the dentist has no real options. If he can’t identify John, he can’t stop the conduct. This is not an isolated problem. There are thousands of cases of defamation each month where the defamed party ends up in this situation.


There are different groups seeking various types of changes to Section 230. The general theme boils down to a simple, but significant, change. The moving parties are asking Congress to require website operators to verify the true identities of their users and members. With accurate information, defamed parties can identify the individuals making false allegations against them through the subpoena process.


If the reformers were willing to limit the scope of these requests, I would not have much problem with the proposed change. Of course, reformers never seek minor modifications. They completely overreach which is why Congress rarely revisits legislation.

In the case of Section 230, the modification proposal places an enormous burden on small sites, a burden that will effectively require many sites to close down. In short, it deters free speech. Let’s look at an example.

I start a bird watching blog. I develop a solid following of readers who post a variety of comments. The blog is never going to produce much in the way of revenues. In fact, the blog probably would not even exist if the reformers have their way. Why? How am I going to cover the expense of verifying the identity of the people posting in the comments section of my site? Maintaining a blog that produces next to no revenue is one thing. Maintaining one that requires constant capital investment is another.


Then we get into the question of authentication. How exactly will this be achieved? The Children’s Online Privacy Protect Act, known as COPPA, requires sites to go through a verification process with the parents of children under 13 years old before the site can collect information from the kid. The law is an unmitigated disaster.  Compliance costs as high as $18,000 a year are simply too much for small businesses. The authentication process requires the operator to 1) identify one of the parents of the child trying to join the website, 2) contact the parent 3) verify they are the parent through third party documentation such as a driver’s license, and 4) obtain written approval from the parent to collect information.  The operator must go through this process for each child who joins the site.

For any reform of Section 230 to be even remotely equitable, there needs to be a distinction between large and small sites from a compliance perspective. If not, small sites in the United States will start disappearing. This includes basic website platforms such as blogs.

I will close by noting there are excellent arguments for and against reform. This article hardly covers them all. What is important is people realize this debate is occurring in legal circles and get involved. If you do not, you have no basis for complaining about the ultimate reform results. Get involved!

Richard A. Chapo, Esq.