Section 230 Baffles 9th Circuit (Again)–Doe #14 v. ModelMayhem

Why does the Ninth Circuit find Section 230 so baffling? Several of its precedential Section 230 rulings have been angst-fests. required a 3 opinion ruling from a 3 judge panel, then an internally inconsistent en banc ruling, then a ruling that never violated the law at all. The initial Barnes v. Yahoo opinion needed an amendment to scrub unfortunate dicta. Carafano and Batzel have required repeated clarifications from subsequent panels.

And then there’s the ModelMayhem fiasco. The panel withdrew its initial opinion entirely and redid the case from scratch. Sadly, the new opinion didn’t really improve much.

As you know, ModelMayhem is a website designed to match models with prospective gigs. The plaintiff alleges that a third party told ModelMayhem that rapists were finding victims on the site, ModelMayhem didn’t warn its users of this “known” risk, and the plaintiff subsequently became a victim of the rapists’ crimes. It seems that everyone now agrees that ModelMayhem didn’t mediate any private communications between the victim and the rapists, so ModelMayhem’s sole involvement in the crime was (a) allowing the victim to publish information to the Internet, and (b) not issuing warnings about a risk it had been told about.

This case will very likely fail eventually. To hold ModelMayhem liable for failure to warn her about the rapists, the plaintiff will have to show she had a “special relationship” with ModelMayhem. Based on these facts, I’m skeptical the plaintiff can make that showing. However, because the district court dismissed the plaintiff’s case solely on Section 230 grounds, the panel addressed only Section 230. This gives the panel an opportunity to screw up Section 230 law without changing the substantive outcome. Sadly, the panel took that opportunity.

Using a pseudo-textualist approach, the panel says Doe’s failure-to-warn claim does not treat ModelMayhem as the “publisher or speaker” of third party content because:

The duty to warn allegedly imposed by California law would not require Internet Brands to remove any user content or otherwise affect how it publishes or monitors such content. Any alleged obligation to warn could have been satisfied without changes to the content posted by the website’s users and without conducting a detailed investigation. Internet Brands could have given a warning to Model Mayhem users, perhaps by posting a notice on the website or by informing users by email what it knew about the activities of Flanders and Callum.

Ugh. SO MUCH NONSENSE in that paragraph. Three obvious problems:

First, the panel says ModelMayhem wouldn’t need to “conduct a detailed investigation.” WTF? Websites can’t just casually accuse third parties of criminal behavior. The panel doesn’t even know how ModelMayhem learned of the rapists’ activity. Was the tip from a credible source? Was it corroborated? Those facts seem quite important to measuring how much work it’d be to conduct an investigation.

Second, the panel can’t decide how ModelMayhem should provide notice to users. “Posting on a notice on the website” and an email to ModelMayhem’s userbase is apparently the same thing to the panel, but we know that there’s a big difference in the logistics and possible efficacy of those alternative means of sending notice. Test yourself: could ModelMayhem’s user agreement simply say “bad things sometimes happen to our users”? Or does the panel expect more precise warnings? Perhaps individualized warnings about each “known” risk?

Third, the panel doesn’t appear to appreciate how many third party warning “tips” a website receives (not even considering how many more tips websites may get after this ruling in an attempt to game the site or this opinion). If the tip at issue was a once-in-a-decade type event, then a warning email to the entire userbase might not be too much of a burden (although it might also be so idiosyncratic that the warning isn’t much use). But if a large scale website with hundreds of millions of users routinely gets dozens or hundreds of potential warning “tips” a day–none of them verified, most of them not credible–exactly how would the panel like the website to proceed?

Fundamentally, this panel seems to treat warnings as trivial and low-cost to give and helpful to users. We know better. Warnings have limited efficacy, warnings are expensive to produce, and the number of potentially disclosable risks is virtually infinite. This is why pharmaceuticals come with indecipherable warning labels, why securities disclosures contain dozens of “risk factors” that are virtually useless to investors, and why user agreements have become so stuffed with mostly irrelevant disclosures that people like to joke about the hours of our lives we’d consume to read them. (Or can you imagine a world where every third party tip to a UGC site triggers a warning email to all users?).

Still, this is a Section 230 opinion, not a failure-to-warn opinion. Based solely on statutory interpretation of Section 230, I see the panel’s point. Section 230 is couched as an immunity for “publishing or speaking” third party content, and that’s odd grammar. If Congress had wanted to say “online services aren’t liable for X,” it could have done so more clearly.

Fortunately, many Section 230 cases have widely interpreted the “publisher or speaker” element to cover offline injuries where user-generated content was merely a but-for contributor to the tort or crime. (Doe v. MySpace is a prominent example). Worse, the panel apparently denies Section 230 for activities 100% out of a defendant’s control, as opposed to granting Section 230 immunity where the defendant could have but (allegedly) inadequately policed its network. Recall, in this case, ModelMayhem’s *sole* point of contact with the rapists was helping Doe publish the content that the rapists browsed. Something feels backwards about that.

If Doe fails to show a “special relationship” and plaintiffs eventually learn that pleading “failure to warn” bypasses Section 230 but still doesn’t win cases, I hope this case will prove to be an unfortunate blip in Section 230 jurisprudence. Until then, expect every Section 230 plaintiff to find some way to assert a failure to warn, and expect the litigation costs to grow substantially for claims that fundamentally are meant to be preempted by Section 230. Or perhaps the Ninth Circuit will take the case en banc and, I hope, not make a hash of it.

Venkat’s comments: I imagine Uber’s legal department reading this ruling and cringing. It puts companies who conduct or facilitate background checks on behalf of end users in a tough position.

Case citation: Doe #14 v. Internet Brands, 2016 WL 3067995 (9th Cir. May 31, 2016).