There is a law in the United States that consists of twenty-six words: “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” Otherwise known as Section 230 of the Communications Decency Act (CDA), it has been characterized as the law that “created the Internet.”
Only part of this statement is true. Section 230 did not actually create the Internet because the Internet was created through the collaboration of a diverse set of people around the world. What is true, however, is that the intermediary liability regime has undergirded the Internet as we know it. It has been responsible for three primary features of the Internet:
- It has created certainty and predictability: intermediary liability rules have allowed Internet providers (both infrastructure and content) to design compliance strategies based on a limited set of laws and their Terms of Service (ToS). Because of intermediary liability, companies can design businesses that suit their needs.
- It has created good Internet citizens: intermediary liability rules have ensured that the burden of determining whether a business is going to speak in a particular way is placed with that business.
- It has put the responsibility for content where it belongs: it has affirmed that compliance with different types of laws that regulate content belongs to whoever produces the content and not those who host it.
The history of intermediary liability is as important as is the way the law has evolved over the years. In the early days of the Internet, the trend was that less regulation was better. However, by 1995, it looked like we were moving towards an Internet environment where either user speech would be hugely censored or companies would operate under an unpredictable framework of liability. The historical rule that emerged as part of this legal conundrum was captured in a simple, yet profound, thought: users should be able to put up whatever they wish on the Internet and the companies hosting their speech should be able to remove whatever they do not like.
Intermediary liability has a rich history of respecting the diversity of Internet companies and in setting the expectations about their roles and responsibilities; in doing so, the law captures much of what the Internet is all about. It is one of the first laws, if not the first, that acknowledged much of the Internet’s early design choices, specifically that the function of the core is dumb and, therefore, infrastructure providers (ISPs, IXPs, CDNs, Domain Name Registries, Domain Name Registrars, etc.) are not meant to monitor content. This understanding became the catalyst for a massive wave of innovative companies and business models. In fact, studies have shown that weakened intermediary liability protection is detrimental to economic prosperity and growth.
However, a lot has changed since 1995. Today’s Internet companies are bigger, engaged in more activities and offering more services. The Internet itself has also changed. It is no longer a technology separated by discernible layers, but a web of dependencies with an increasing number of players, both old and new. Despite so much change, the value of intermediary liability protection has not diminished.
The value the intermediary liability regime provides, is how it acts as a functional tool in a network system. This is mainly done in two ways: first by determining the scope of action and/or inaction an Internet company is expected to take when regulating misconduct (the behavior function); and second, by allowing the application of different liability standards depending on where in the Internet stack a company operates (the normative function). So, although we refer to Facebook, Google, and Amazon as the success stories of intermediary liability, we tend to underestimate what intermediary liability means for Internet infrastructure providers.
The Internet is a complex system and early design choices have set the boundaries on the ability of intermediaries to control information, services and applications. Architecture is an essential feature of the Internet’s evolution, innovation, and low-entry costs. If the Internet’s features – interoperability, generativity, end-to-end, among others – are to be preserved, then any intermediary liability framework needs to reflect the Internet’s architecture rather than interfere with it. This means that an intermediary liability regime needs to be “technology-aware” in the sense of fully grasping the Internet’s architecture and, “technology-neutral” in the sense of not requiring any special technology for the fulfillment of its rules.
Why does this matter to the future of the Internet? For the core features of the Internet to remain intact, any potential change to the intermediary liability regime has to continue to provide the same level of protection the original law provided to infrastructure providers. Infrastructure providers, who merely provide a technical service of transferring and/or hosting data and have come to expect to be treated as dumb pipes, know that it is not within their mandate to either have to detect or block objectionable and/or illegal content.
How governments decide to address intermediary liability in the near future is critical for users and for the Internet. There are plenty of opportunities to get this right and there are plenty of opportunities to get it wrong. The right way involves conscious choices that respect the limits, scope, diversity, and functional abilities of intermediaries. This means that the breadth of limitations for infrastructure providers enshrined in the normative and legislative framework of the original law should not change.