CDA 230: The Burden of Balancing Protection and Privacy Online


A bipartisan amendment to § 230 of the Communications Decency Act (CDA 230) was introduced to Congress this summer that, if passed, would effectively debilitate websites like Facebook and Twitter. The Communications Decency Act is a highly controversial piece of internet legislation that, as of late, has been the subject of debate in court. It was first established following the ruling of Stratton Oakmont v. Prodigy (1995)[i], a case settled in the Nassau County New York State Supreme Court about a dispute between the hedge fund and an online bulletin where a third party user posted incriminating information about Stratton Oakmont’s practices.[ii] CDA 230 states that “no provider or user of an interactive computer shall be treated as the publisher or speaker of any information provided by another information content provider” thus protecting internet mammoths immunity from the third-party activity on those same sites.[iii] Recently, a number of cases surrounding the CDA have been lawsuits concerning internet immunity and child trafficking, with tech companies on one side of the conflict, and concerned parents on the other side. Companies in Silicon Valley are concerned with maintaining the legitimacy of the CDA 230 because otherwise, they will be unable to maintain their apps and websites. People opposed to CDA 230 worry that illicit and harmful activity will continue online with no resources to stop them. Though third parties supply false and harmful information on certain websites, some argue that those host websites should not be held liable for third party decisions, as monitoring each post will not stop illegal activity and discourages the existence of social media.


Doe v. Backpage.com LLC (2016)[iv] was one of the cases resulting from the scandal surrounding Backpage.com, a craigslist-style website that took part in illegal activity. Underage girls were often advertised as escorts on the site, and many of the girls’ parents alleged that their children were raped upwards of one-thousand times. In the case, the plaintiffs alleged that Backpage operated as a publisher of the illicit material outside of the broad protections of CDA 230. The court disagreed. The first allegation, that Backpage had purposefully “tailored its posting requirements to make sex trafficking easier,” was shut down by the court. The court decided that Backpage’s decisions were consistent with those of a “traditional publisher…under any coherent definition of the term (describing decisions about ‘whether to publish, withdraw, postpone or alter content’ as ‘traditional editorial functions’”) citing Universal Communication Systems, Inc. v. Lycos, Inc. (2007)[v] as precedent. The precedent case dismissed Lycos’ decision to refrain from monitoring and screening its website to reduce the proliferation of misinformation as protected under CDA 230. Similarly, Backpage.com’s editorial choices were traditional publisher functions. Regarding Backpage.com’s refusal to remove underaged girls’ pictures, the court cited Barnes v. Yahoo!, Inc. (2009)[vi], alleging that Backpage.com was protected for refusing to remove explicit pictures due to the Good Samaritan clause of CDA 230. Though Backpage.com’s actions to host a child sex trafficking operation on its website is horrific and unacceptable, not only does it not bar CDA 230 protections, but the court has a reasonable interest in maintaining CDA 230’s immunity clause.


As per the court’s advice, Congress has pursued bipartisan legislative action regarding instances of online sex trafficking, but this very act has been proven controversial; an ineffective legislative amendment would discourage innovation in Silicon Valley and subject companies such as Facebook Twitter to a plethora of immobilizing lawsuits. The newly introduced amendment, by Representatives Wagner (R-New York), Clarke (D-New York), and Poe (R-Texas) the “Allow States and Victims to Fight Online Sex Trafficking Act of 2017,” proposes vigorous enforcement against providers and users of interactive computer services who “reckless[ly] disregard” postings pertaining to sex trafficking and the exploitation of children. The logic of the amendment was that the original CDA 230 was established in 1996 when the internet began and therefore failed to account for the possibility of online child trafficking.[vii] The language in the bill, specifically the words “reckless” and “disregard” are too broad in their interpretations. Several companies, like Google and Facebook, have begun lobbying efforts to kill the amendment before it passes, but supporters claim that the bill is narrow enough to spare internet companies. While large technology companies agree with the intention of the amendment, the language is too broad and will pose a large risk to internet companies.[viii] Not only will the amendment curtail the business practices on the internet, it will not be effective in the fight against trafficking.


Large companies have large volumes of activity every day, and while some third-party postings are harmful to society, it is not the responsibility of websites like Facebook to monitor every person’s activity. Such a requirement would discourage tech companies from innovating. As precedent suggests, CDA 230 was created to protect websites from petty lawsuits over defamation; the law does not exist to tackle societal issues, and doing so will defeat its purpose. Instead of narrowing CDA 230, Congress should look to incentivize new companies to act as monitors. There are many cybersecurity companies from Silicon Valley, like Cloudflare, Barracuda Networks Inc., and Palo Alto Networks.[ix] Likewise, there should be an increased investment in tech companies specializing in cyber monitoring. The R&D project would create economic stimulation and growth. CDA 230 was created and enacted for a reason: to incentivize and maintain technological innovation, and rather than narrowing and undermining it, Congress should work to help build up another industry that would not only help the economy, but the children in need as well.


[i] Stratton Oakmont v. Prodigy. (New York State Supreme Court, Nassau County, 1995). http://www.dmlp.org/threats/stratton-oakmont-v-prodigy.

[ii] Digital Media Law Staff, “Stratton Oakmont v. Prodigy,” Digital Media Law Project, October 15, 2007, accessed September 29, 2017, http://www.dmlp.org/threats/stratton-oakmont-v-prodigy#node_legal_threat_full_group_description.

[iii] Christopher Zara, “The Most Important Law in Tech Has a Problem,” Wired, January 3, 2017, accessed September 28, 2017, https://www.wired.com/2017/01/the-most-important-law-in-tech-has-a-problem/.

[iv] Doe v. Backpage.com LLC. (Massachusetts District Court of Appeals First Circuit, 2016). http://www.scotusblog.com/wp-content/uploads/2016/09/16-276-opinion-below-1st-cir.pdf.

[v] Universal Communications Systems, Inc. v. Lycos, Inc. (Massachusetts Court of Appeals First Circuit District, 2007). https://www.eff.org/files/ucs-v-lycos.pdf.

[vi] Barnes v. Yahoo! Inc. (Oregon Court of Appeals Ninth Circuit, 2009). https://www.eff.org/files/barnes-v-yahoo.pdf.

[vii] Allow States and Victims to Fight Online Sex Trafficking Act of 2017, H.R. 1865, 115th Cong. (2017).

[viii] Todd Shields, “Google and Facebook Fret Over Anti-Prostitution Bill’s Fallout,” Bloomberg, September 15, 2017, accessed September 30, 2017, https://www.bloomberg.com/news/articles/2017-09-15/google-and-facebook-fret-over-anti-prostitution-bill-s-fallout.

[ix] Kevin Truong, “The Bay Area’s 10 largest cybersecurity companies,” San Francisco Business Times, July 12, 2017, accessed September 30, 2017, https://www.bizjournals.com/sanfrancisco/news/2017/07/12/the-bay-areas-10-largest-cybersecurity-companies.html.