Author: Katie Watson Jordan
We called it in 2020, and barely two months into the new year the increasing trend in the United States to propose reforms to Section 230 of the Communications Decency Act is still going strong. Section 230 is the provision that protects Internet intermediaries from liability for the content or data that passes over its services. For example, it prevents social media platforms from being held responsible for the things its users share and cloud services for the things its users save or store. Section 230 is an incredibly important piece of legislation for the Internet, and has been responsible for much of its growth and ease of innovation over the last twenty-five years.
When it comes to making decisions that could impact the Internet, it is critical to do so in a way that protects the foundation that underpins its success. That is why the Internet Society has worked to define a set of critical properties of the Internet and also created the Internet Impact Assessment Toolkit to help assess the impact of policy proposals on those critical properties. This Toolkit is a resource to help policymakers assess whether and how their proposed legislation would impact the infrastructure of the Internet, in intended or unintended ways. It offers an opportunity for policymakers to better ensure that legislative ideas don’t harbor negative consequences for the Internet while still meeting their intended goals.
Unfortunately, not all policymakers consider these types of consequences prior to introducing new policy or legislative proposals. For example, more than two dozen bills were introduced in the last Congress to try change or remove Section 230’s critical legislation and very few seem to have been designed with awareness of the Internet’s critical functions. Now with a new Administration barely settled in, we are already seeing the reintroduction of past attempts and a slew of new bills aiming to do the same. But two bills in particular along this “spectrum of reform proposals”, so to speak, stand out for their approach; one because it was developed so thoughtfully with regards to how the Internet works, and the other because it was not: the Platform Accountability and Consumer Transparency Act (or PACT Act) and the Safeguarding Against Fraud, Exploitation, Threats, Extremism, and Consumer Harms Act (or SAFE TECH Act).
An Internet Impact Assessment
We recognize that politicians are in a difficult position. It is their job to protect constituents and address their needs, but our lives are increasingly moving into a space that is largely opaque and unfamiliar to policymakers — the Internet. We work, learn, and seek health care through what can feel like an intangible space. But there’s one distinction in particular policymakers have a hard time grasping when it comes to trying to regulate what happens online: the services and platforms we rely on daily work on top of the Internet’s infrastructure. No one platform (e.g. Google, Facebook, Outlook) is the Internet, regardless of how much of your time you spend online using those tools. When policymakers try to “fix” the problems at the top layer, they need to be cautious that they don’t unintentionally damage the underlying infrastructure — the Internet’s “plumbing” — as a result.
Infrastructure intermediaries — such as cloud providers, content delivery networks (CDNs), and domain name systems (DNS) — are what make services and platforms work. Without the on-demand storage and compute of cloud providers, the almost seamless hosting of content by CDNs that can scale to millions of eyeballs, and the consistent naming of Internet resources orchestrated by the DNS, these platforms would simply not work. They are the bones of the Internet, keeping it standing and able to perform. If we aren’t careful, those bones can be broken, sprained, and bruised which risks causing the whole body to deteriorate.
Here’s where it gets tricky for policymakers tackling issues related to Section 230: the provision applies to intermediaries at both the “top” layer and the infrastructure layer down below. However, not all attempts to reform it acknowledge this important distinction, which can lead to serious unintended consequences.
Below are two examples of proposed legislation with a common goal — to better protect users by amending Section 230. One does this in a way that would mitigate negative consequences to the Internet’s infrastructure, but unfortunately the other does not.
The SAFE TECH Act
The SAFE TECH Act, introduced by U.S. Senators Mark R. Warner (D-VA), Mazie Hirono (D-HI) and Amy Klobuchar (D-MN), intends to “reaffirm that vital consumer safeguards and civil rights protections don’t end when activity moves online, preventing online providers from continuing to externalize the costs of their scale and mismanagement on the public.” According to the Senators, their intent is to ensure Section 230 would not apply in cases related to ads or paid content, enforcement of civil rights laws, wrongful death actions, or other specific legal situations. However, the actual changes to Section 230’s text have far more vast implications.
Putting aside some of the bill’s major consequences for small businesses and innovation on the Internet at large, most alarming is that it is not written in a way that targets the correct layers of the Internet — namely, the upper application layer. The text includes a provision that prevents intermediaries which have “accepted payment” from invoking Section 230. This effectively limits infrastructure intermediaries along with platforms from using this important protection for their normal business practices. Without a carve-out for infrastructure intermediaries, three of the Internet Way of Networking’s five critical properties may be undermined, weakening the opportunities the Internet offers for all.
This bill’s text is both general and far reaching, which will likely lead to interpretations stretching it wider even than currently written. In doing so, small and large intermediaries at all layers of the Internet’s stack may find themselves the unintended recipients of responsibilities that do not fit within their intent. For example, a cloud provider may charge a fee for the store of large amounts of data or files. If they lose Section 230 protection, they could ultimately be responsible for ensuring they are not held liable for the content of those files. To protect themselves, they would need to ultimately break the security and privacy policies that users expect them to carry out in order to balance customer need with legislative demand. This system not only undermines the critical properties outlined in the Internet Way of Networking, but it will cause more harm to users than good.
Our use case on intermediary liability protection shows how this kind of legislation would negatively impact three pillars of the Internet: it’s open architecture of interoperable and reusable building blocks; decentralized management and distributed routing; and technology neutral, general-purpose network. If the bill were to pass through Congress and become law, the consequences would be far-reaching and severe. There could be increased cost and risk for operators or service providers, leading to decreased investment, diversion of critical resources to non-core activities, a limitation on innovation, and a less effective network on the whole.
Unless the bill is amended in a significant way to exclude infrastructure intermediaries, become more specific in its implementation, and protect the critical properties of the Internet Way of Networking, it will not pass an Internet Impact Assessment; it would cause too many negative consequences for the Internet to be good policy. Congress should carefully consider additional amendments to the bill that would take such an assessment into consideration prior to moving forward.
The PACT Act
Now, let’s compare that to another, similar piece of legislation: The PACT Act. According to the sponsors of this bill, it’s intention is to amend Section 230 in order to “strengthen transparency in the process online platforms use to moderate content and hold those companies accountable for content that violates their own policies or is illegal.”
Unlike the SAFE TECH Act, this bill, upon reintroduction in the new Congress, would likely pass an Internet Impact Assessment. By including provisions that would exclude infrastructure intermediaries, many of the unintended consequences to the Internet’s infrastructure are mitigated. Similarly, this bill is detailed and precise in its goal and target, limiting its applicability to only large platforms, and defining clearly the size and value of companies it applies to. It is both technology-neutral and technology-aware — an admirable strategy that should become common practice for any policymaker introducing legislation that could impact the Internet’s infrastructure or function.
For these reasons, it would not negatively impact the critical properties of the Internet Way of Networking if adopted.
Recommended course of action
Policymakers are often in a difficult position when trying to address issues in constantly evolving digital spaces. In some cases Internet-related regulation can play a supportive role, but doing so in a way that protects its core foundation cannot be an afterthought. It is critical that prior to the introduction of legislation, those in seats of power conduct an Internet Impact Assessment to ensure the unintended consequences of regulation on the Internet’s infrastructure are minimized.