Ugh….I wrote a long and detailed comment about this case and tried to post it here, but something went wrong. Sucks.

In any event, I have a BIG concern with Perky’s hypo — you suggest 230 wouldn’t apply if the website owner “knows” about a specific threat to a specific person. The problem is that there’s no limit on what does, or does not, qualify as “knowledge”. Are we talking actual knowledge, or something less; i.e., they knew or could/should have known? The slope gets very slippery very quickly.

My concern is that laypeople (those who don’t run websites) seem to think that website owners have personally reviewed, understood and memorized EVERY comment posted by EVERY user on their site. The idea is that if something is posted on your site, that means you must have had “knowledge” of it, right?

Imagine I post a comment on an obscure Facebook page (I don’t have many friends) that says Eric Goldman is planning to jump the White House fence and harm President Obama. Assuming Professor Goldman actually succeeds with his dastardly plot, can Obama now sue Mark Zuckerberg for failing to warn him? After all, Facebook “knew” of the plot, right? What if I post a video on YouTube that says I think ISIS is going to blow up the Golden Gate bridge? Does YouTube have a duty to watch my video and warn everyone of the threat? Where do you draw the line, and what exactly is the test for when a website owner “knows” something?

Sorry — this cannot be the law. Even if you take the CDA out of it, imposing this type of broad duty just makes no sense.

The fact is that when you’re involved in running a large website, you typically have no clue what people are posting on the site. Even if you review/screen some content, that doesn’t mean you’re actually reading every word and comprehending the meaning. Yes, I realize that Model Mayhem had knowledge that was fairly specific — they knew about these guys using their site to target models. But still — does that mean the website owner KNEW the bad guys were going to assault the plaintiff? I think not, but again how do you define “knowledge”? Let me guess — we’ll just make that a question of fact for the jury. Ugh.

Everyone agrees that the plaintiff in the Model Mayhem case was hurt. But blaming a website owner for the criminal conduct of third parties is just nuts. I’m not saying there could never be a case where liability might attach, but establishing a general duty to warn in this context is bad, bad policy. Among other things, it would encourage intermediaries to take steps to ensure they do NOT have any knowledge of what their users are doing….and that’s directly contrary to the policy underpinning the CDA.

The defendants have been granted an extension to file their petition for an en banc review. Hopefully the full court will correct a panel that seems to have gone way off the rails. Though, the Ninth Circuit seems to be increasingly… erratic on CDA jurisprudence.

Yes I do think the test I have proposed is narrow–the website must have known of a specific scheme targeting a specific individual. In this regard it is a counterpart to the extortion test raised in Levitt v. Yelp that you recently blogged about. The overwhelming majority of cases where there are power differentials between commercial parties doesn’t rise to the level of extortion, but that doesn’t mean that it is sound policy to say that there is *never* a case that does.

I share your objection to this case because there is no way that she can meet the narrow test that I have proposed. So while I think that there can be a failure to warn exception in narrow circumstances this case was a poor vehicle to articulate it.

Given that standard I have no difficulty answering your hypo in the negative–ebay has no duty. Now let me give you a counter hypo. Imagine there was legitimate website called “My Fluffy Pony” whose marketing audience was kids in the 8-12 age. Now imagine that the best friend of the website owner was a convicted sex offender and the website owner knew it. Moreover, not only did the website owner know that his best friend was using the site to troll for victims moreover the owner knew that the sex offender was plotting to use the site to seduce the tween who was their mutual neighbor. Should the website owner be able to hide behind section 230 in such a case? I don’t think so. I don’t think the website owner has a general duty to the general public to warn them that maybe a sex offender is trolling the site but I certainly think that the website owner has a specific duty to a specific person if they know of a specific scheme to harm them.

My concern is that every plaintiff will allege “failure to warn” in every Section 230 case, so the adjudication costs for preserving this option are quite high. That’s especially problematic if most of those cases will lose–we pay the costs but don’t see any benefit. Note Section 230 already carves out federal criminal prosecutions.

Also, if I read your standard correctly, in this case, Doe should have lost because Model Mayhem didn’t have specific knowledge that the rapists would target her. If your proposed test doesn’t cover the Doe facts, it seems exceptionally limited.

Let’s try another example on for size. Imagine eBay knows that a buyer has stiffed its last three sellers but those sellers haven’t provided negative feedback. Does eBay have the duty to warn all future sellers to that buyer that they might be stiffed? Note that eBay now faces a defamation lawsuit from the buyer if eBay isn’t precisely accurate about its facts.

Eric.

Another way to look at this issue is that I don’t think Section 230 should be a bar to a civil claim arising out of a criminal conspiracy or accessory charge involving the website owner. .