The transcript is a chapter in a remarkable new book entitled “Trust, Safety, and the Internet We Share: Multistakeholder Insights.” The ebook is open access, or you can buy a physical copy. I encourage you to check out the entire book. It has lots of great and unique content. You’ll see that I also contributed to a chapter about the Journal of Online Trust & Safety.

Note that the conversation transcript published in the book chapter is a little shorter than the one I posted to SSRN. The book imposed a tight word count budget, so we had to cut some parts of what I considered the golden master version of the transcript. The main substance is the same in both versions, but the book chapter shed some personality. The SSRN posting is the golden master version, like a director’s cut, so I prefer it!

Some Related Entries

* A Pre-History of the Trust & Safety Professional Association (TSPA)

* “IAPP Content Moderation in 2019” Conference Recap

* Roundup of February’s ‘COMO at Scale Brussels’ Event

* Announcing COMO Brussels, the Fourth Edition of the “Content Moderation at Scale” Conference Series, Feb. 5

* COMO: Content Moderation at Scale Conference Recap

* Roundup of Materials from HTLI’s Content Moderation & Removal Conference

* Conference Announcement: “Content Moderation & Removal at Scale,” SCU, Feb. 2

The post New Book Chapter Tells the TSPA and TSF Origin Stories appeared first on Technology & Marketing Law Blog.

* * *

The court summarizes the state’s claims:

The Commonwealth alleges that Meta Platforms, Inc., and Instagram, LLC (collectively, Meta), engaged in unfair business practices by designing the Instagram platform to induce compulsive use by children, engaged in deceptive business practices by deliberately misleading the public about the safety of the platform, and created a public nuisance by engaging in these unfair and deceptive practices.

Meta moved to dismiss on Section 230 and other grounds. The lower court denied the motion. Meta sought an interlocutory appeal, which the MA Supreme Court permitted, but only to review the Section 230 issue.

In this ruling, the MA Supreme Court unanimously agreed with the lower court that Section 230 didn’t immunize Meta when “the claims allege harm stemming from Meta’s own conduct either by designing a social media platform that capitalizes on the developmental vulnerabilities of children or by affirmatively misleading consumers about the safety of the Instagram platform.”

Section 230

Treated as Publisher

The court starts with its own “plain language” review of what it means to be treated as a publisher. When courts decide to review a 1996 statute from scratch in 2026, after over a thousand Section 230 cases have been decided, that’s usually an indicator that they are engaging in results-oriented decision-making, they don’t like the precedent, and they need another way to reach a different result.

Worse, the court extensively analyzes the word “publisher” but doesn’t say a word about the companion “speaker” term that appears two words later in the statute. This is another indicator of results-oriented decision-making. No matter what the court says “publisher” means, if the court disregards one of the other 26 words that has direct relevance to its meaning, the court is failing its #1 job of reading the damn statute. This omission is extremely embarrassing for the court, and it thoroughly undermines the credibility of the court’s recitation of precedent.

(I would say that the botched statutory reading would be the kind of thing that should be fixed on appeal, but the US Supreme Court’s specialty is selectively reading statutes and precedent to support results-oriented decision-making, so I guess other courts are emboldened to do that too…?)

The court tries to sum up its “plain language” review. Citing the awful Henderson 4th Circuit (which the Fourth Circuit itself has implicitly repudiated), the court says:

These courts have rejected the argument that § 230(c)(1) provides immunity from liability “anytime there is a ‘but-for’ causal relationship between the act of publication and liability,” as it “bears little relation to publisher liability at common law.” Engaging in traditional publishing activity “alone is not enough.”…

(Note: along the way, the court includes quotes of the mockable “get-out-of-jail-free” and “lawless no-mans-land” characterizations of 230, despite my prior debunking of both phrases. Another way the court undermined its own credibility).

Because “the plain meaning of the statute lends itself to competing constructions,” the court then turns to the legislative history for more insight into the meaning of the word “publisher.” This leads to the one-millionth retelling of the Cubby/Stratton Oakmont storyline, with no new payoffs.

Instead, citing Henderson again, the court restates the statutory language in garbled fashion: “Congress intended to immunize interactive computer service providers against claims that would hold them liable as intermediaries for injuries caused by information provided by third-party users of their platforms.”

Relying on that garbled restatement, the court says:

we decline Meta’s invitation to read § 230(c)(1) immunity so broadly as to encompass all claims that implicate publishing activities regardless of whether the claims seek to hold the service provider liable for the content of the information published….

a claim treats a provider as a publisher of information where it meets both the dissemination and content elements.

I’d need to see how Meta argued this, but it feels like the court is rejecting a strawman. Meta publishes third-party content–everyone agrees on that. The service features challenged by the state AG relate to the manner in which Meta presents that third-party content to Meta’s audience. To me, a publisher’s choices of what third-party content to publish and how to publish that third-party content are integrated decisions. In other words, the content selection and presentation decisions are part of the same publication decision. As an analogy, consider a dead-trees newspaper’s decision to publish a story: it is equally part of the newspaper’s editorial prerogative and publication decisions to decide to publish the story at all and to decide if the story should appear on the A1 front page or some interior page; what size typeface to use for the story headline; whether the story runs all on the same page or continues on a later page; etc. As applied to Meta, the decision to vary the delivery timing of new third-party content items (as one example) is just as much of Meta’s publication decision-making process about publishing the third-party content as whether the item will be published at all.

In any case, by saying that 230 only applies to claims that derive from the substance of the third-party content item, the court can disregard a LOT of precedent that applied Section 230 to design defects. The court says the only oppositional precedent is some language in the Social Media Addiction federal decision, which the court denigrates by saying the judge in that case “did not appear to consider the common-law origins of publisher liability or the statute’s legislative history. We are not persuaded by its reasoning.” [Yes, it’s jarring to see Meta cite the CA social media addiction case as support for its position given that how poorly the California cases have been going for Meta.]

Liability Based on Third-Party Content

Claim for unfair business practices. Having said that Section 230 distinguishes the decisions of what content to publish (230-protected) and how to present it (not protected by 230), the court is positioned to uphold all of the claims.

The court says: “The challenged design features (e.g., infinite scroll, autoplay, IVR, and ephemeral content) concern how, whether, and for how long information is published, but the published information itself is not the source of the harm alleged.”

Meta responded that “in the absence of third-party content, the design features could not facilitate addiction in young users.” (My framing: if social media delivers third-party content, what exactly are users “addicted” to?). The court replies:

But the fact that the features require some content to function is not controlling; instead…to satisfy the content element, we look to whether the claim seeks to hold Meta liable for harm stemming from third-party information that it published. Here, the unfair business practices claim does not; the Commonwealth alleges that the features themselves prolong users’ time on the platform, not that any information contained in third-party posts does so. In this sense, the claim is indifferent as to the content published…

the fact that a claim concerns publishing activities, including the use of algorithms in connection with publishing activities, is not enough to bring the claim within the immunity provided by § 230(c)(1)

In a footnote, the court adds: “with respect to the notifications feature, Meta appears to be the information content provider.” But…what content is included in the notifications, and where does it come from?

In a slight piece of good news, the court rejects the state’s Lemmon v. Snap analogy because Lemmon’s “claims did not concern the provider’s publishing activity at all. [Eric’s note: the Lemmon plaintiffs expressly disclaimed all liability based on the content produced by the filter.] By contrast, here, the challenged features are publishing tools that control how Meta publishes content to users of its platform.” I wish more courts would similarly reject the plaintiffs’ many miscitations to Lemmon.

Claim for deceptive business practices. The claim “is based on Meta’s own speech — its allegedly false statements that Instagram is safe and not addictive, and that Meta prioritizes young users’ well-being, despite internal reports and communications suggesting awareness of the harmful effects of Instagram.” There are obvious puffery/opinion defenses that could apply here (see, e.g., the YOLO remand in Bride v. Snap, Inc., 2026 WL 855148 (C.D. Cal. March 16, 2026) that I will eventually blog) but are not at issue in the 230 discussion.

Also, some courts have applied Section 230 to false advertising claims when those claims are fundamentally based on how the service handles its content moderation decisions, such as claims about “safety.” The court doesn’t acknowledge that precedent and instead treats Section 230 as categorically inapplicable to false advertising claims.

Claim for defective age-gating. “the claim focuses on Meta’s own affirmative misstatements about the inaccessibility of its platform to underage users.” Another possible puffery issue.

Nuisance. I’ve previously complained before about courts’ complete undertheorizing of how and why public nuisance claims can apply to social media, and this court doesn’t do any better. In a footnote, here is the court’s entire discussion about Section 230’s application to the public nuisance claim: “Because we conclude that § 230(c)(1) does not bar counts I to III, we also conclude that it does not bar the Commonwealth’s public nuisance claim, which is predicated on the same allegedly unfair and deceptive practices in counts I to III.”

What Happens Next?

Meta could appeal this ruling to the US Supreme Court. That would be a risky move because the US Supreme Court could really go sideways on a decision like this. Also, I’m skeptical the US Supreme Court would grant cert.

Meta could choose to prioritize winning this case on remand on non-230 grounds. For example, the MA Supreme Court validated that Meta’s service features at issue are part of its content publication process. Perhaps that will revitalize Meta’s First Amendment defense?

Whether Meta chooses to appeal or double-down on remand, it’s likely that the CA federal and state court social media addiction cases will have important new developments before any material developments happen in this case. Those developments could swamp the effects of this lawsuit. For example, if Meta loses more bellwether trials in California, the outcome of this case may be comparatively inconsequential.

Quo Vadis Section 230?

This is not a good opinion for Section 230 on several dimensions.

First, as a state supreme court decision, it’s the final word for the Massachusetts state court system (unless the US Supreme Court intervenes). It provides a major beachhead for other courts to follow, both within Massachusetts and beyond.

Second, this court didn’t rely on the Lemmon “design defect” workaround. Instead, it said that the claim doesn’t relate to third-party content unless it’s based on the substance of the third-party content. This provides plaintiffs with another avenue to work around Section 230 in addition to the Lemmon/design defect workaround that other courts are accepting (even if they shouldn’t).

Third, as I explained, I don’t see any distinction between third-party content and the editorial choices about the manner of presenting that third-party content. By embracing that false dichotomy, the court invites plaintiffs to reframe their complaints to focus on content presentation instead of substance. Here’s how a plaintiff’s argument could look: “I’m not suing about the third-party content, I’m suing about the design choices that elevated that third-party content over others.” These are literally the same thing in my mind. If this argument works, Section 230 is dead because plaintiffs will always embrace that workaround.

Even if this opinion doesn’t outright eliminate Section 230 in Massachusetts, it’s a sign of how 230 workarounds keep proliferating, contributing to the swiss cheese-ification of Section 230. When the bubbles in the swiss cheese become too large, the cheese wedge lacks structural integrity and falls apart. That is where 230 is heading, if it’s not already there.

Case Citation: Commonwealth v. Meta Platforms, Inc., 497 Mass. 384 (Mass. Supreme Jud. Ct. April 10, 2026)

The post With Opinions Like This, Congress Doesn’t Need to Repeal Section 230–Massachusetts v. Meta appeared first on Technology & Marketing Law Blog.

Section 230 didn’t receive much attention when it was passed, but it has since emerged as one of Congress’ most important media laws ever. Section 230 helped trigger the Web 2.0 era–where people principally talk with each other online, rather than just having content broadcast at them one-way. By enabling that discourse and other new categories of human interaction, Section 230 has thus reshaped the Internet and, by extension, our economy, our government, and our society.

To commemorate Section 230’s 30th anniversary, this post considers Section 230’s past, present, and future.

* * *

Section 230’s Past

“Big Tech” Didn’t Lobby for Section 230. Google and Facebook didn’t exist in 1996; they emerged in the wake of Section 230’s passage. In 1996, the Internet industry was small, especially as compared to other media industries like cable or telephony. However, AOL played a key role in Section 230’s passage, as evidenced by the fact Section 230 uses statutory terms like “interactive computer service” and “information content provider” (a really terrible phrase) that mirror AOL’s idiosyncratic jargon.

The Internet Industry Didn’t Initially Celebrate Section 230’s Passage. I’m not aware of any fetes in 1996 that celebrated Section 230’s passage. That’s because Section 230 was overshadowed by another part of the Telecommunications Act of 1996, the Communications Decency Act (CDA). The CDA imposed an unmanageable risk of criminal liability on Internet companies for user-generated content, so Internet executives were panicked that they might go to jail for the ordinary operation of their services. There was no time to get excited about Section 230’s long-term implications in the face of the immediate threat of criminal prosecution.

A week after the act’s passage, a district court enjoined the CDA, and the industry panic slightly abated. The industry relaxed a little more when the Supreme Court struck down the CDA as unconstitutional in 1997 (the Reno v. ACLU decision). However, that relief was short-lived because Congress quickly passed another law to criminalize user-generated content (the Child Online Protection Act of 1998, ultimately declared unconstitutional). So for years after Section 230’s passage, the industry was preoccupied by Congress’ UGC criminalization efforts.

Section 230’s Impact Wasn’t Immediately Clear. Section 230 includes some unusual and non-intuitive statutory language. As a result, the Internet industry wasn’t initially sure exactly what it said. Section 230’s potential scope only started to emerge after the district court ruling in Zeran v. AOL in March 1997. Then, after the Zeran v. AOL Fourth Circuit opinion in November 1997, it became clearer that Section 230 had reshaped the law of user-generated content. For more on the Zeran case, see this ebook.

Section 230 Left Open a Problematic “Copyright Hole.” Section 230 expressly excludes intellectual property claims based on third-party content. As a result, even after Section 230 passed, Internet services still faced potential secondary copyright liability with no statutory protection from Congress.

In particular, vicarious copyright infringement turns on a service’s “right and ability to control” the content on its servers, and plaintiffs can cite a service’s content moderation efforts–including those otherwise immunized by Section 230–as inculpatory evidence. In other words, Section 230 didn’t immediately legalize content moderation, because default copyright law still made those practices legally risky.

Two-plus years later, Congress partially plugged Section 230’s copyright hole in the Digital Millennium Copyright Act of 1998. In contrast to Section 230’s unconditional immunity for UGC, the DMCA created a notice-and-takedown liability scheme for user-caused copyright infringement. However, it took years for court cases to confirm that standard content moderation efforts didn’t increase services’ copyright liability for user-generated content.

Due to its unusual drafting and the legal context surrounding it, Section 230 didn’t definitively resolve the legitimacy of user-generated content and content moderation efforts when it passed in 1996. That implication took several more years to emerge.

For more on Section 230’s past, see Prof. Jeff Kosseff’s book, The 26 Words That Created the Internet. See also the 15-year retrospective event we held at SCU in 2011.

* * *

Section 230’s Present

Section 230 Offers Critical Procedural Benefits. Critics, politicians, and the media often focus their fire on Section 230’s substantive scope, such as how it compares to the First Amendment and whether it strikes the right policy balances. However, much of Section 230’s “magic” is procedural, not substantive. Section 230 provides courts with a helpful way of quickly dismissing unmeritorious cases. This, in turn, reduces defendants’ costs and increases their confidence of winning in court; and this further emboldens services to optimize their editorial policies for their audiences, engage in content moderation to effectuate those policies, and legally defend individual items of user-generated content. Even if the First Amendment dictated all of the same substantive outcomes as Section 230 (it doesn’t), Section 230 provides greater procedural predictability to the parties and thus achieves superior outcomes.

Section 230 Affects a Lot of Court Cases. According to the Shepard’s citation service, Section 230 has been cited in over 1,700 cases. As this figure indicates, citations keep going up:

Section 230 Discourages Many Lawsuits From Ever Being Filed. Section 230 has largely extinguished the genre of lawsuits against Internet services for their individual content moderation decisions. Without Section 230, every content moderation decision might prompt a lawsuit, manufacturing millions of potential lawsuits every day.

Section 230’s Drafters Future-Proofed the Law. Section 230 critics often highlight its adoption during the Internet’s infancy, as if that’s proof the law is not appropriate for the modern mid-2020s Internet. In 2020, Sen. Wyden and former Rep. Christopher Cox, the authors of Section 230, responded:

[Critics] assert that Section 230 was conceived as a way to protect an infant industry, and that it was written with the antiquated internet of the 1990s in mind – not the robust, ubiquitous internet we know today. As authors of the statute, we particularly wish to put this urban legend to rest…our legislative aim was to recognize the sheer implausibility of requiring each website to monitor all of the user-created content that crossed its portal each day…

The march of technology and the profusion of e-commerce business models over the last two decades represent precisely the kind of progress that Congress in 1996 hoped would follow from Section 230’s protections for speech on the internet and for the websites that host it. The increase in user-created content in the years since then is both a desired result of the certainty the law provides, and further reason that the law is needed more than ever in today’s environment.

* * *

Section 230’s Future

[TL;DR: ]

Congress Has Begun Chipping Away at Section 230. Congress has made two crucial reductions in Section 230’s scope in the past decade. In 2018, in FOSTA, Congress amended Section 230 to exclude immunity for commercial sex promotions. Then, last year, Congress passed the TAKE IT DOWN Act, which apparently overrides Section 230 to establish a notice-and-takedown scheme for intimate visual depictions.

Congress Could Repeal Section 230 at Any Moment. No politically powerful constituencies still publicly support Section 230. If a floor vote for a Section 230 repeal bill were scheduled in the House or Senate, I expect the repeal would pass by overwhelming margins.

Courts Are Repealing Section 230 Without Any Help From Congress. In 2024, in Anderson v. TikTok, the Third Circuit functionally repealed Section 230 in its circuit. The court said that any service that qualifies for First Amendment protections (which all online content publishers do) simultaneously cannot qualify for Section 230.

Separately, throughout the country, plaintiffs are pushing courts to hold websites liable for how they design their services because (they argue) such design choices are outside of Section 230’s scope. This argument is extremely problematic. A service’s “design choices” are synonymous with a publisher’s editorial decisions about how to gather, organize, and disseminate content. These are the kind of activities the First Amendment ought to protect. Further, for social media services that principally republish third-party content, “negligent design” claims could impose liability for that content–exactly what Section 230 should prevent. So long as courts are open to lawsuits over “design choices” and don’t apply Section 230 to those claims, plaintiffs will erode Section 230’s legal protections.

The Internet’s Future is Dire, Regardless of Section 230’s Fate. Fueled by the techlash, especially panics about children’s online usage, regulators are passing a tsunami of laws to regulate every aspect of how online publishers gather, organize, and disseminate content. Many of these laws are unconstitutional and violate Section 230, but legislators pay little heed to such concerns. Even if courts strike down most of these laws, the surviving laws will reshape how the Internet works.

In particular, legislatures are enacting laws that require online publishers to age-authenticate their users. These laws will have dramatic and universally negative consequences for the Internet, including raising publisher costs, shrinking publishers’ audiences, rewarding incumbents over startups, and creating massive privacy and security risks.

For these reasons, you should not assume that the Internet in 5 or 10 years will bear any resemblance to what we love most about the Internet today–no matter what Congress does to Section 230.

* * *

About the Author: Prof. Eric Goldman is Associate Dean for Research and Co-Director of the Datta Center for High Tech Law at Santa Clara University School of Law. He began practicing as an Internet lawyer, and teaching an Internet Law course, before Section 230 became law.

* * *

Want to read even more on Section 230? Check out some of my other articles on the topic:

• An Overview of the United States’ Section 230 Internet Immunity
• Why Section 230 Is Better Than the First Amendment
• Want to Kill Facebook and Google? Preserving Section 230 Is Your Best Hope
• Dear President Biden: You Should Save, Not Revoke, Section 230

* * *

Today is also the 30th anniversary of John Perry Barlow’s essay, “A Declaration of the Independence of Cyberspace,” his fever-dream response to the CDA’s passage. The opening paragraph is exquisite:

Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.

This essay is a culturally significant artifact because it had a tremendous impact on the mid-1990s discussions about Internet exceptionalism–even though the essay was always misguided and naive and has aged poorly.

The post Reflections on Section 230’s Past, Present, and Future on Its 30th Anniversary appeared first on Technology & Marketing Law Blog.

In October 2025, the court ruled on the plaintiffs’ efforts to clean out Google’s affirmative defenses. Google flagged the DMCA online safe harbors as an affirmative defense. This produces a rare judicial discussion of Section 512(d), the safe harbor for linking to infringing material.

The court says Google could qualify for 512(d) in this case:

Service Provider.

Google alleges that it “operates the [Shopping] platform” at issue in Plaintiffs’ claims, which “offers hundreds of thousands of merchants the opportunity to advertise their products to Google users,” but that it “does not determine the content of the merchants’ advertisements, sell the merchants’ products, or receive revenue from the merchants’ sales.” This sufficiently alleges that Google is a service provider within the meaning of the DMCA.

Repeat Termination Policy.

Google alleges that it “provides a robust system for intellectual property owners to report allegedly infringing content to Google,” that it requires all merchants to agree to its Terms of Service, which, among other provisions, forbid the merchants to use Google’s services to “violate anyone’s … intellectual property … rights”; and that it “does [ ] remove infringing content” in accordance with its Terms of Service

This also sufficient pleads that Google expeditiously responds to notices.

Standard Technical Measures.

Google also alleges that it “takes the problem of online piracy seriously … [and] has taken substantial steps to assist intellectual property owners in protecting their rights by adopting industry-leading practices to combat infringement across its Shopping platform.”

The court could have said that nothing has been qualified as a standard technical measure, including the steps enumerated or implied by Google.

Information Location Tool.

“Google’s pleadings include that it operates a search engine.”

No Direct Financial Benefit

“Google alleges that it does not “sell the merchants’ products[ ] or receive revenue from the merchants’ sales” on its Shopping platform.”

(This seems like an incomplete argument about Google’s financial benefit from the alleged piracy).

All of this is enough to let Google continue pushing its 512(d) defense to the remaining contributory copyright infringement claim.

* * *

Despite the choppiness of the court’s opinion (which the court partially blames on Google not organizing its explanations in a clear manner), the holding reaches the uncontroversial conclusion that Google search could qualify for the 512(d) safe harbor. What makes this conclusion blog-worthy is how rarely courts have had to say it. It’s conventional wisdom that 512(d) protects Google, but that’s not based on an extensive body of caselaw.  Here are some of my 512(d) posts from the past 20+ years:

• “Google Protected by 17 USC 512(d) for Links to Infringing Content; Perfect 10’s Takedown Notices Were Mostly Insufficient” [512(d) applied]
• “Video Embedding Site Isn’t a Contributory Copyright Infringer, But Sideloading Could Be Direct Infringement–Flava Works v. myVidster” [defendant doesn’t need 512(d)]
• “Catching Up on 512 Safe Harbor Cases (and Other Online Copyright Cases) From the Past Year” [512(d) didn’t apply]
• “DMCA 512(c) Safe Harbor Doesn’t Apply to Photo Embedding–Great Bowery v. Best Little Sites” [defendant waived 512(d)]
• “Internet Access Providers Aren’t Bound by DMCA Unmasking Subpoenas–In re Cox” [technical interpretation]

[If I’m forgetting something, I’d be grateful for the reminder].

As you can see, this list contains some pretty scrappy stuff. Not exactly the irrefutable precedential track record you would expect for something as fundamental as the legal foundation for Google search and its annual revenue line of hundreds of billions of dollars. That’s why even a jumbled opinion like this deserves a shoutout on the blog.

Case Citation: Cengage Learning, Inc. v. Google LLC, 2025 WL 3022375 (S.D.N.Y. Oct. 29, 2025). CourtListener page.

The post Google Can Assert a DMCA 512(d) Defense–Cengage v. Google (Catch-Up Post) appeared first on Technology & Marketing Law Blog.

CIPA. The court says that Facebook isn’t impermissibly “eavesdropping” when a user’s computer simultaneously and concurrently transmits information to the website they’re browsing and to Facebook. The court says:

As the recipient of a direct communication from Plaintiffs’ browsers, Facebook was a participant in Plaintiffs’ transmissions such that Quest did not aid or assist Facebook in eavesdropping on or intercepting such communications, even if done without the users’ knowledge.

If the simultaneous and concurrent delivery of a message to an undisclosed listener isn’t eavesdropping, I’m not sure what is… I wonder if this ruling is vulnerable on further appeal?

CMIA (California Confidentiality of Medical Information Act). This law regulates the disclosure of “medical information.” The court says the Pixels didn’t touch that category of information here:

Plaintiffs allege that Quest “disclosed the URL of the webpage a patient accessed to review test results,” but did not allege that Quest disclosed those test’s nature or results or any other substantive medical information. Thus, at most, Plaintiffs alleged that Quest disclosed Plaintiffs had been its patients, which is not medical information protected by CMIA.

This discussion immediately brought to mind the Pharmatrak case, which involved pixel usage before Facebook was even founded. In Pharmatrak, one customer-website used the “get” HTML command instead of the “Post” command to collect information from webforms, and that decision appended the form’s sensitive contents to the URL and pumped unwanted private medical information into Pharmatrak’s databases. Pharmatrak thus intercepted private information for ECPA purposes. Here, I’m inferring that the Quest pages at issue didn’t have any forms, or that Quest or Facebook took the necessary technical steps to strip out any private information that could incidentally get appended to the URLs. Otherwise, the court’s analysis of what could appear in the URLs seems optimistic.

Implications

In this ruling, the Third Circuit is interpreting California statutes, which is nominally one step outside their swimlane. The panel notes its conflicts with rulings from the Ninth Circuit-governed courts but says it has to stick with its own homebrewed precedence when interpreting the law of a state outside its circuit.

The genre of Meta Pixels litigation is out-of-control. I recently ran a quick search in Westlaw and there were about 300 Meta Pixels decisions, and I feel like I get 1-4 Westlaw email alerts about new Pixels decisions EVERY DAY. Insanity. This litigation madness needs to stop.

It’s especially noteworthy when an appellate court rejects a Pixels case, like the Second Circuit did in the VPPA cases. Many Pixel district court rulings are refusals of the defendant’s motion to dismiss, with only limited insights into the ultimate disposition of the case. Nevertheless, the overwhelming quantity of those rulings creates a veneer of legitimacy around the litigation genre. This has been especially true for Meta Pixel cases against healthcare entities, where special protections for healthcare privacy have helped the plaintiffs survive motions to dismiss. Despite that momentum, a few key appellate decisions rejecting the legal foundations of the Pixel litigation could put an end to it. As the maxim goes, it’s not where you start, it’s where you finish, and it’s not clear to me how many Pixel cases are going to end with plaintiff wins when they reach their end.

Case Citation: Cole v. Quest Diagnostics, Inc., 2025 WL 3172640 (3d Cir. Nov. 13, 2025)

More Posts on the Pixel Cases

• The Second Circuit Is Done With Meta Pixels VPPA Cases–Hughes v. NFL
• Court Rejects Trespass to Chattels Claim Over Placing Cookies–Doe v. Tenet
• Clickwrap Formed Even When a Consumer Has Limited Time to Act–Washington v. Flixbus
• Meta Pixels Case Dismissed by Second Circuit–Solomon v. Triller
• Leaky TOS Formation = No TOS Formation–Snyder v. G6
• The VPPA May Be a Dinosaur Statute, But It’s Very Much Alive in the Second Circuit–Salazar v. NBA
• Pixel Case Against Google “Jumps the Shark”–Doe I v. Google (Catch Up Post)
• Think You Understand Online Trespass to Chattels Law? Think Again–In re Meta Healthcare Pixels
• More Chaos in the Law of Online Contract Formation
• Privacy Lawsuit Based on Website Tracking by Service Provider Trimmed

The post Third Circuit Rejects a Meta Pixels Case–Cole v. Quest Diagnostics appeared first on Technology & Marketing Law Blog.

If you’re an academic and would like a free evaluation PDF, email me. I can also share my presentation slides. You might also check out (1) my Internet Law course page, which includes 28 years of syllabi and old exams with sample answers, (2) my article on “Teaching Cyberlaw,” (3) my blog post on teaching Internet Law as an online-only course, and (4) my Canvas modules for my Fall 2021 online-only course (I can email my most current ones on request).

* * *

It has been a busy–and depressing–year for Internet Law, which led to a high number of changes to the book. Some of the most important changes this year:

Jurisdiction. Ever since I took the Step Two case out of the casebook, I’ve been unsure how to teach the personal jurisdiction topic. Last year’s casebook addition, AMB, was a fail. This year, I replaced the AMB case with the Ninth Circuit’s en banc ruling in Briskin v. Shopify. But the Briskin ruling is also a pedagogical mess, so I’m not sure how I’ll teach that case either.

Online Contracts. The Chabolla ruling, combined with the follow-on Godun ruling, are major precedents, so I added them to the book. Together, these rulings show how modern courts will apply exacting standards to every TOS formation detail; and if you aren’t using a “clickwrap,” your odds of TOS formation keep declining. I view pre-2025 TOS cases that upheld formation, especially for “sign-in-wraps,” as dubious precedent.

To make room for Chabolla and Godun, I reluctantly removed the Meyer v. Uber and Register.com opinions.

The Meyer v. Uber case was a good teaching case, but I’m dubious it’s still good law. After all, Uber’s TOS formation completely failed in Massachusetts, and Uber had to reimpose its TOS in Massachusetts and New York using a more rigorous “clickwrap” formation process. I am uncertain that the Uber’s mid-2010s-era TOS formation would survive today after Chabolla and Godun.

The Register.com ruling is an Internet Law chestnut that I enjoyed teaching for over 20 years. I took especial delight in mocking its apple stand analogy, and I blew students’ minds showing them how the court’s ruling didn’t mean that Verio was necessarily out of business. On the minus side, the opinion takes a long time to read and teach. Doctrinally, the case’s main payoff was to articulate the Restatements 69 contract formation workaround to standard TOS formation. However, Restatements 69 formation is a niche doctrine that has not found much traction in online contract formation in recent years, and it looks even more dubious post-Chabolla. Spending so much time on Restatements 69 gave students the misimpression that the workaround is more significant than it really is. I added a new casebook note about the Restatements 69 principle and will briefly teach the niche doctrine that way.

Because I took out Meyer and Register.com, I essentially rewrote the entire online contracts chapter. You can check out the rewritten chapter for free here.

Copyright Fair Use. The casebook includes a short note summarizing some basic fair use principles. To give students an illustration of those principles, for years, the book summarized the Google Books fair use ruling. However, I’ve lost confidence that the Google Books fair use ruling is still good law in light of the Generative AI fair use rulings this year. As a result, I removed the Google Books note and replaced it with the Griner v. King case on fair use and memes.

Keyword Advertising. The combination of the 1-800 Contacts v. Warby Parker (2d Cir.) and Lerner & Rowe (9th Cir.) decisions were devastating to keyword advertising plaintiffs. The Lerner & Rowe ruling addresses all of the same doctrinal issues as the Network Automation case, but it’s a current, comprehensive, and clearly stated summation of the law, so I replaced Network Automation with it.

Child Safety/Pornography. I reluctantly added the Free Speech Coalition v. Paxton decision. It’s a long opinion that is replete with countless incidents of intellectual slipperiness, so it’s a terrible teaching case. I mean…let me know if you think you can articulate a principled justification for how the court decided that intermediate scrutiny applied (other than the obvious Calvinball explanation) and why it conducted its own intermediate scrutiny analysis de novo without asking the lower courts to do that work first. In addition to the edited opinion, I wrote 5,000+ words of notes and questions to highlight and contextualize the opinion’s many problems.

I also added a 2,000 word note about the Take It Down Act.

In total, this year I replaced 4 principal cases, added 2 new principal cases, added 10k+ words of new explanatory material, and rewrote the online contracts chapter. As the (purportedly) Chinese proverb says, may you live in interesting times.

* * *

Over the years, I’ve posted a number of book excerpts, including:

• The entire chapter on online contracts. The 2025 version is available. The chapter makes a nice module to supplement other courses with coverage of online contract formation.
• Primer on CCPA/CPRA (partially deprecated)
• Primer on FOSTA
• Primer on the Copyright Claims Board (CCB) (now deleted)
• Primer on Section 230
• Excerpt on right to be forgotten
• Excerpt on CFAA/Nosal/Power Ventures (now deleted)
• Excerpt on transborder content enforcement
• Excerpt on Brazil’s Marco Civil (now deleted)
• Excerpt on notes about UMG v. Shelter Capital

(Some of the freely available excerpts are dated, but every year I update everything still in the book).

As always, I invite your comments and questions.

* * *

Table of Contents

I. What is the Internet? Who Regulates It?
Overview
Noah v. AOL (E.D. Va.)
Determining the Geographic Location of Internet-Connected Devices

II. Jurisdiction
Evaluating Personal Jurisdiction
Briskin v. Shopify (9th Cir. en banc)

III. Contracts
Chabolla v. ClassPass (9th Cir.)
Godun v. JustAnswer (9th Cir.)
Canteen v. Charlotte Metro Credit Union (N.C. Sup. Ct.)

IV. Trespass/Computer Fraud & Abuse Act
Overview of Trespass to Chattels Doctrines
X v. Bright Data (N.D. Cal.)

V. Copyright
Copyright Basics (Copyright Office Circular 1)

Note About Fair Use
Griner v. King (8th Cir.)

Cartoon Network v. CSC (2d Cir.)
MGM Studios v. Grokster (Sup. Ct.)

Secondary Liability
Primer on Contributory and Vicarious Copyright Infringement
Overview of Section 512(c)
UMG v. Shelter Capital (9th Cir. revised opinion)

Recap
Ticketmaster v. RMG

VI. Trademarks and Domain Names
Trademark FAQs
Trademark Glossary

A. Domain Names and Metatags
Lamparello v. Falwell (4th Cir.)
Promatek v. Equitrac (7th Cir.) Original Order and Revision

B. Search Engines
Lerner & Rowe v. Brown Engstrand & Shely (9th Cir.)

Tiffany v. eBay (2d Cir.)

VII. Content Regulation and Child Safety
Pornography Glossary
Moody v. NetChoice (U.S. Sup. Ct)
A Note on Congress’ Early Regulation of Online Pornography
Free Speech Coalition v. Paxton (U.S. Sup. Ct.)
A Note on the Take It Down Act

VIII. Defamation and Information Torts
Bauer v. Brinkman (Iowa Sup. Ct.)

47 U.S.C. §230
An Introduction to Section 230
A Note About FOSTA
Zeran v. America Online (4th Cir.)
Lemmon v. Snap (9th Cir.)

Twitter v. Taamneh (U.S. Sup. Ct.)

Top Myths About Content Moderation
Section 230 and Foreign Liability for Third-Party Content

IX. Privacy
Excerpts from 16 C.F.R. Part 312, the Children’s Online Privacy Protection Act’s
Regulations
Overview of the E.U.’s General Data Protection Regulation (GDPR) and State Consumer
Privacy Laws
In re. Pharmatrak (1st Cir.)

X. Spam

XI. Social Media
People v. Lopez (Cal. App. Ct.)
Moreno v. Hanford Sentinel (Cal. App. Ct.)

REVIEW QUESTION ANSWERS

The post Announcing the 2025 Edition of My Internet Law Casebook appeared first on Technology & Marketing Law Blog.

The Supreme Court took a wrecking ball to Internet Law today in Free Speech Coalition v. Paxton. The majority (disingenuously) overturned two critical decades-old precedents restricting online age authentication (both of which Justice Thomas had supported at the time) and said weird and novel things about how courts should evaluate the constitutionality of laws that seek to restrict minors’ access to pornography. By upending long-standing and well-settled rules to reach a pro-censorship result, this opinion is another example of how the Supreme Court keeps playing Calvinball with our civil liberties.

The Supreme Court majority mishandled multiple key issues, including:

• It falsely equated age authentication of offline items like liquor sales, which raise no real speech issues, with restrictions on online speech.
• It misapprehended the consequences of online age authentication, which are often far more detrimental to publishers and readers than offline age authentication.
• It tendentiously tried to distinguish content “bans” from content “burdens,” though (as I explain here) the net effects can be the same.

The publishers have an obvious countermove to comply with Texas HB 1181: they can flood the Internet with AI-produced content that will dilute the percentage of pornography in their database so that it drops below the regulatory threshold. To state the obvious, a legal motivation to proliferate meaningless content online is hardly good news for the Internet.

Online publishers will have fewer effective countermoves against the tsunami of other online age authentication mandates that have been or will be enacted across the country. After this opinion, online publishers can still fight any laws that don’t target pornography, but this opinion will likely make those challenges harder to succeed (and will certainly multiply legislative adoptions). Either way, because the majority essentially created a new constitutional fast lane for regulating online pornography, legislatures have the majority’s permission to disrupt the relationship between online publishers of all types and readers not looking for pornography–the legislature simply has to couch its desired censorship as a condition to keep kids from online porn.

As a result, the Internet, and our country, lost big today. The Internet will become yet another casualty in our modern federal and state governments’ ongoing efforts to damage or eviscerate the institutions Americans cherish.

Regardless of the constitutional analysis, online age authentication mandates remain terrible policy for reasons I explain here. In particular, the mandates inevitably hurt children based on the claim to benefit children–a mind-bending condundrum that should make everyone question the true motivations of any proponents of online age authentication.

[Note for Internet Law geeks: John Perry Barlow wrote his Declaration of the Independence in Cyberspace in response to Congress’ passage of the Communications Decency Act, a direct predecessor of the Texas law at issue in this case. Soon after Barlow’s screed, the Supreme Court struck down the CDA–and partially ameliorated Barlow’s fears–in Reno v. ACLU, one of the opinions essentially overturned today. I wonder how Barlow would view this opinion, which seems to actualize the fears he expressed in 1996].

The post Prof. Goldman’s Statement on the Supreme Court’s Demolition of the Internet in Free Speech Coalition v. Paxton appeared first on Technology & Marketing Law Blog.

[Nomenclature note: in an example URL of “https://www.ericgoldman.org/biography.html,” the word “ericgoldman” is the second-level domain, the word “www” is the third-level domain, the word “org” is the top-level domain, and the word “biography.html” is in the post-domain path.]

In support of its injunction, Modlily identified 129 URLs for Funlingo product postings on Amazon. The court summarizes:

Plaintiff does not argue that “Modlily” appears in the product name or description of these listings, or anywhere on the webpage itself.  Instead, plaintiff’s evidence consists of the appearance of the term “Modlily” in the post-domain paths of the identified URLs.

Time for a stroll down Internet Law’s memory lane….

Cases about including a trademark in post-domain URLs date back to the 1990s. The flagship precedent in this area is Patmont Motors v. Gateway Marine, 1997 WL 811770 (N.D. Cal. 1997), which said:

the text that follows the domain name in a URL–in other words, the text that comes after the slash–serves a different function. This additional text, often referred to as the “path” of the URL, merely shows how the website’s data is organized within the host computer’s files. Nothing in the post-domain path of a URL indicates a website’s source of origin, and Patmont has cited no case in which the use of a trademark within a URL’s path formed the basis of a trademark violation. Therefore, the fact that the Go-Ped mark appeared in the path of Anthony DeBartolo’s website’s URL–
“www.idiosync.com/goped”– does not affect the Court’s conclusion that the website does not imply Patmont’s sponsorship or endorsement.

Patmont was followed by Interactive Products Corp. v. a2z Mobile Office Solutions, Inc., 326 F.3d 687 (6th Cir. 2003). Echoing Patmont, the court said the “post-domain path of a URL, however, does not typically signify source. The post-domain path merely shows how the website’s data is organized within the host computer’s files.” The court then held (emphasis added):

Because post-domain paths do not typically signify source, it is unlikely that the presence of another’s trademark in a post-domain path of a URL would ever violate trademark law. For purposes of the present case, however, it is enough to find that IPC has not presented any evidence that the presence of “laptraveler” in the post-domain path of a2z’s portable-computer-stand web page is likely to cause consumer confusion regarding the source of the web page or the source of the Mobile Desk product, which is offered for sale on the web page.

In other words, for decades, everyone believed that any URL component to the right of the top-level domain was irrelevant to trademark law. And yet, in 2025, Modlily actually shut down an Amazon merchant by asserting trademark infringement based on post-domain URL paths.

Heres how Modlily responded when Funlingo pointed out these problems to the court:

plaintiff does not contest Funlingo’s position that terms appearing in post-domain paths cannot constitute infringement, nor does it present any additional evidence of infringement.

Injunction dissolved.

[As a second-order consideration, it’s likely that Amazon, not its merchants, determines the post-domain URL in its marketplace. In other words, even if the inclusion of the Modlily trademark in the URL had trademark significance (which it doesn’t), Modlily hasn’t shown that Funlingo, as opposed to Amazon, made the requisite trademark use in commerce by putting it in the URL. So I believe this case is f’ed in multiple ways.]

* * *

We’ll have to see what additional consequences will hit Modlily after the injunction dissolution. In other circumstances where a SAD Scheme plaintiff gets caught making a serious litigation error, the judge typically will resolve the motion on its desk and move on. However, I am not satisfied with that.

First, Modlily took an objectively unreasonable legal position to support its TRO and PI and, in so doing, harmed Funlingo, Amazon, and consumers. Even if Modlily claims it was a mistake to include Funlingo in the complaint, the court ought to issue Rule 11 sanctions for Modlily’s inadequate investigation/preparation of the case that led to a serious and consequential abuse of legal process. If I were a judge, and I realized that Modlily’s bad case prep had led me to grant extraordinary relief to Modlily, I would be PISSED.

[Note: if Modlily claims it made an innocent “mistake,” I would vigorously disagree. I would counterargue that litigation errors are the PREDICTABLE, FORESEEABLE, and INEVITABLE consequence when SAD Scheme plaintiffs corner-cut on due process. Had Funlingo’s case proceeded using a proper litigation process, the post-domain URL “mistake” would have been caught earlier (or perhaps Modlily would have properly done its homework as required by Rule 11 and never sued Funlingo at all). Thus, I don’t think there are any “innocent mistakes” when it comes to the SAD Scheme–there are only abuses of due process, and each abuse deserves to be classified–and sanctioned–as an egregious violation of the rule of law.]

Second, Funlingo certainly should have its case dismissed, and the court should award a fee shift under trademark law for Modlily’s abuses. (For years, it has been my position that SAD Scheme cases gone wrong should qualify as “extraordinary” for purposes of the trademark fee shift).

Third, it seems extremely likely that Modlily has sued other Amazon merchants based on post-domain URLs. In a footnote, the judge says “Plaintiff submitted evidence of the term “Modlily” appearing on the webpage for most of the other defendants.” HOLD UP…the court seems to treat this as exculpatory evidence, but it sounds inculpatory to me. “Most” ≠ “all.” Are the claims against those other defendants still active? And has Modlily made similar “mistakes” in its other SAD Scheme cases? The judge ought to issue an order to show cause requiring Modlily to explain any other times it has sued defendants solely based on post-domain URLs and how it will remediate its errors and compensate those victims.

And yet, the most likely scenario is that Modlily will get away with its abuses without so much as a slap on the wrist.

The court does allow Funlingo to peek into the sealed defendant list in a different Modlily SAD Scheme case. In that other case, Judge Daniel challenged joinder, and Modlily responded by dropping all of the defendants but one. Funlingo believes that some of the dropped defendants from that case were recycled into a different complaint, perhaps on the gamble that it could find another judge who’s less vigilant about policing joinder. The judge in this case says “it would be troubling if, dissatisfied with Judge Daniel’s order, plaintiff simply turned around and refiled against the same defendants before a different judge.” I agree, though Modlily deserves condemnation regardless of whether or not they are engaging in judge-shopping.

Case Citation: Hong Kong Yu’En E-Commerce Co. v. Individuals, Corporations, Limited Liability Companies, Partnerships and Unincorporated Associations Identified in Schedule “A”, 2025 WL 1413251 (N.D. Ill. May 15, 2025). Thanks to Prof. Fackrell for calling this ruling to my attention.

Prior Blog Posts on the SAD Scheme

• SAD Scheme-Style Case Falls Apart When the Defendant Appears in Court—King Spider v. Pandabuy
• Serial Copyright Plaintiff Lacks Standing to Enforce Third-Party Copyrights–Viral DRM v 7News
• Another N.D. Ill. Judge Balks at SAD Scheme Joinder–Zaful v. Schedule A Defendants
• Judge Rejects SAD Scheme Joinder–Toyota v. Schedule A Defendants
• Another Judge Balks at SAD Scheme Joinder–Xie v. Annex A
• Will Judges Become More Skeptical of Joinder in SAD Scheme Cases?–Dongguan Juyuan v. Schedule A
• SAD Scheme Leads to Another Massively Disproportionate Asset Freeze–Powell v. Schedule A
• Misjoinder Dooms SAD Scheme Patent Case–Wang v. Schedule A Defendants
• Judge Hammers SEC for Lying to Get an Ex Parte TRO–SEC v. Digital Licensing
• Judge Reconsiders SAD Scheme Ruling Against Online Marketplaces–Squishmallows v. Alibaba
• N.D. Cal. Judge Pushes Back on Copyright SAD Scheme Cases–Viral DRM v. YouTube Schedule A Defendants
• A Judge Enumerates a SAD Scheme Plaintiff’s Multiple Abuses, But Still Won’t Award Sanctions–Jiangsu Huari Webbing Leather v. Schedule A Defendants
• Why Online Marketplaces Don’t Do More to Combat the SAD Scheme–Squishmallows v. Alibaba
• SAD Scheme Cases Are Always Troubling–Betty’s Best v. Schedule A Defendants 
• Judge Pushes Back on SAD Scheme Sealing Requests
• Roblox Sanctioned for SAD Scheme Abuse–Roblox v. Schedule A Defendants
• Now Available: the Published Version of My SAD Scheme Article
• In a SAD Scheme Case, Court Rejects Injunction Over “Emoji” Trademark
• Schedule A (SAD Scheme) Plaintiff Sanctioned for “Fraud on the Court”–Xped v. Respect the Look
• My Comments to the USPTO About the SAD Scheme and Anticounterfeiting/Antipiracy Efforts
• My New Article on Abusive “Schedule A” IP Lawsuits Will Likely Leave You Angry
• If the Word “Emoji” is a Protectable Trademark, What Happens Next?–Emoji GmbH v. Schedule A Defendants
• My Declaration Identifying Emoji Co. GmbH as a Possible Trademark Troll

The post Because the SAD Scheme Disregards Due Process, Errors Inevitably Ensue–Modlily v. Funlingo appeared first on Technology & Marketing Law Blog.

(Caveat: the Trump Administration’s authoritarian and fascist moves in areas beyond Internet Law pose an even greater and more immediate threat to our society and the Internet. But if you oppose the Trump administration’s lawless authoritarianism and blatant disregard for due process and Constitutional rights, I urge you to reflect upon how mandatory online age authentication will give him and other authoritarian governments even more power to target and suppress dissent and critics. Freedom Protip: don’t give authoritarian fascists more legal or technical ways to control Internet speech).

I hope you’ll take a look at the paper, but I caution that it’s probably not a fun read. Like many of my papers nowadays, readers are likely to come away angry about the legal system’s dysfunction–and especially how little policymakers seem to care about making good policy that actually protects children.

* * *

Mandatory online age authentication isn’t a new policy idea. It dates back at least to 1996 when Congress passed the Communications Decency Act (CDA), which imposed an implicit age authentication requirement on virtually every website. The Supreme Court struck down the CDA in 1997 in Reno v. ACLU. Following the judicial flameout of the CDA’s successor, the Child Online Protection Act (COPA), mandatory online age authentication as a policy initiative largely went dormant for over a decade.

In the wake of minors’ heightened Internet use due to the COVID pandemic shutdown, mandatory online age authentication roared back as a policy priority in a big way. I don’t have a complete census of U.S. laws that now mandate online age authentication, but it’s in the dozens. The laws are hard to inventory or track because they are multitudinous and have heterogeneous structures and definitions.

In my view, any law that requires online age authentication is unambiguously unconstitutional per the still-governing CDA and COPA precedents. Legislatures don’t care about that obvious problem. For example, Texas passed a law extremely similar to the CDA and essentially dared the courts to strike it down. The Fifth Circuit, being the Fifth Circuit, thought the law was swell; I expect the Supreme Court will reverse that, at least in part.

Because of this rapidly changing and chaotic legal situation, I decided to sidestep the constitutionality questions in the paper. Instead, my paper focuses on the policy problems with the law. That way, no matter what the Supreme Court does in the Free Speech Coalition v. Paxton case, my paper will still have value to the policy discussions.

I hold uncompromising views on this topic. For reasons I explain in 63 anguished and tear-stained pages, I am a categorical “no” on all online age authentication mandates. To me, it doesn’t matter what the laws are called, how the authentication duties are styled, what sales hooks the vendors use to obfuscate their solutions’ deficiencies, or what hypothetical fantasy outcomes policymakers think will materialize if the technologists just “nerd harder”–I oppose them all. As the EFF explained:

[Authentication] methods don’t each fit somewhere on a spectrum of “more safe” and “less safe,” or “more accurate” and “less accurate.” Rather, they each fall on a spectrum of “dangerous in one way” to “dangerous in a different way.”… every solution has serious privacy, accuracy, or security problems

Due to this obvious fact, I’m baffled by the near-universal belief that mandatory online age authentication is a legitimate tool in policymakers’ child safety toolkits. I wonder if the advocates don’t understand the consequences, in which case their ignorance should disqualify them from working on child safety policy altogether. Worse, perhaps the advocates do understand the terrible policy consequences and nevertheless are using “the kids” as a “get-out-of-critical-scrutiny” card. The paper calls out and condemns both categories of policy advocates. The paper ends with a request: stop characterizing pro-authentication advocates as “well-meaning” or “well-intentioned.” Anyone who proceeds blindly with respect to child welfare or uses kids as political props is neither.

* * *

I’ll close this post with a special request to privacy advocates. I am also baffled by the privacy community’s response to laws imposing online age authentication mandates. Many privacy advocates simply note the developments dispassionately and without any criticism, and a small but vocal segment cheers for the laws “because kids.”

If you care about privacy and aren’t resisting these laws with everything you’ve got, then (as Alexander Hamilton says in Cabinet Battle #2) “You must be out of your goddamn mind.” Age authentication mandates pose one of the greatest threats to consumer privacy we’ve ever seen. (If that’s not obvious, my paper explains why). If we lose the battle against these mandates, then every other privacy policy win will be overshadowed by this loss. If there is any hope for online privacy in the future, we must make a stand here.

* * *

Blog Posts on Segregate-and-Suppress Obligations

• California’s Age-Appropriate Design Code (AADC) Is Completely Unconstitutional (Multiple Ways)–NetChoice v. Bonta
• Another Conflict Between Privacy Laws and Age Authentication–Murphy v. Confirm ID
• Recapping Three Social Media Addiction Opinions from Fall (Catch-Up Post)
• District Court Blocks More of Texas’ Segregate-and-Suppress Law (HB 18)–SEAT v. Paxton
• Comments on the Free Speech Coalition v. Paxton SCOTUS Oral Arguments on Mandatory Online Age “Verification”
• California’s “Protecting Our Kids from Social Media Addiction Act” Is Partially Unconstitutional…But Other Parts Are Green-Lighted–NetChoice v. Bonta
• Section 230 Defeats Underage User’s Lawsuit Against Grindr–Doll v. Pelphrey
• Five Decisions Illustrate How Section 230 Is Fading Fast
• Internet Law Professors Submit a SCOTUS Amicus Brief on Online Age Authentication–Free Speech Coalition v. Paxton
• Court Enjoins the Utah “Minor Protection in Social Media Act”–NetChoice v. Reyes
• Another Texas Online Censorship Law Partially Enjoined–CCIA v. Paxton
• When It Comes to Section 230, the Ninth Circuit is a Chaos Agent–Estate of Bride v. YOLO
• Court Dismisses School Districts’ Lawsuits Over Social Media “Addiction”–In re Social Media Cases
• Ninth Circuit Strikes Down Key Part of the CA Age-Appropriate Design Code (the Rest is TBD)–NetChoice v. Bonta
• Mississippi’s Age-Authentication Law Declared Unconstitutional–NetChoice v. Fitch
• Indiana’s Anti-Online Porn Law “Is Not Close” to Constitutional–Free Speech Coalition v. Rokita
• Fifth Circuit Once Again Disregards Supreme Court Precedent and Mangles Section 230–Free Speech Coalition v. Paxton
• Snapchat Isn’t Liable for Offline Sexual Abuse–VV v. Meta
• 2023 Quick Links: Censorship
• Court Enjoins Ohio’s Law Requiring Parental Approval for Children’s Social Media Accounts–NetChoice v. Yost
• Many Fifth Circuit Judges Hope to Eviscerate Section 230–Doe v. Snap
• Louisiana’s Age Authentication Mandate Avoids Constitutional Scrutiny Using a Legislative Drafting Trick–Free Speech Coalition v. LeBlanc
• Section 230 Once Again Applies to Claims Over Offline Sexual Abuse–Doe v. Grindr
• Comments on the Ruling Declaring California’s Age-Appropriate Design Code (AADC) Unconstitutional–NetChoice v. Bonta
• Two Separate Courts Reiterate That Online Age Authentication Mandates Are Unconstitutional
• Minnesota’s Attempt to Copy California’s Constitutionally Defective Age Appropriate Design Code is an Utter Fail (Guest Blog Post)
• Do Mandatory Age Verification Laws Conflict with Biometric Privacy Laws?–Kuklinski v. Binance
• Why I Think California’s Age-Appropriate Design Code (AADC) Is Unconstitutional
• An Interview Regarding AB 2273/the California Age-Appropriate Design Code (AADC)
• Op-Ed: The Plan to Blow Up the Internet, Ostensibly to Protect Kids Online (Regarding AB 2273)
• A Short Explainer of Why California’s Social Media Addiction Bill (AB 2408) Is Terrible
• A Short Explainer of How California’s Age-Appropriate Design Code Bill (AB2273) Would Break the Internet
• Is the California Legislature Addicted to Performative Election-Year Stunts That Threaten the Internet? (Comments on AB2408)
• Omegle Denied Section 230 Dismissal–AM v. Omegle
• Snapchat Isn’t Liable for a Teacher’s Sexual Predation–Doe v. Snap
• Will California Eliminate Anonymous Web Browsing? (Comments on CA AB 2273, The Age-Appropriate Design Code Act)
• Minnesota Wants to Ban Under-18s From User-Generated Content Services
• California’s Latest Effort To Keep Some Ads From Reaching Kids Is Misguided And Unconstitutional (Forbes Cross-Post)
• Backpage Gets Important 47 USC 230 Win Against Washington Law Trying to Combat Online Prostitution Ads (Forbes Cross-Post & More)
• Backpage Gets TRO Against Washington Law Attempting to Bypass Section 230–Backpage v. McKenna
• MySpace Wins Another 47 USC 230 Case Over Sexual Assaults of Users–Doe II v. MySpace
• MySpace Gets 230 Win in Fifth Circuit–Doe v. MySpace
• Website Isn’t Liable When Users Lie About Their Ages–Doe v. SexSearch

The post Why I Emphatically Oppose Online Age Verification Mandates appeared first on Technology & Marketing Law Blog.

In this post, I’m going to talk about the blog’s future. I recognize that looking forward is an inherently optimistic act, because it assumes there is a future for our world, our country, the Internet, and me. To reach that conclusion, we must disregard many possible cataclysmic scenarios. For example, I’m assuming that in 10 years: the earth will still be habitable; there will still be an Internet worth blogging about; the censors will have not taken away my ability to blog; and I will not be jailed or executed for my acts of resistance or being Jewish. I hope all of these assumptions will be true in 2035, but there are no guarantees.

Subject to those caveats, my thoughts about the 10-year future of the blog.

I’ll Still Be Here. Blogging is a core part of my professional identity. I don’t see that changing for the rest of my career. So long as the Internet is still generating Internet Law, and so long as I have the legal and technical ability to comment on new Internet Law developments, I’ll be blogging about it.

Will I Still Have the Fighting Spirit? But will 66-year-old Eric be as feisty as I’ve historically been? This is a complex question.

Unquestionably, I was a little more freewheeling with my blogging in my 30s. Maturity and the barrage of legal threats I’ve received over the years have smoothed out some of my rougher edges. I’ll still speak truth to power and name names when necessary, but I don’t go looking for fights or intentionally stirring up trouble.

At the same time, as I’ve gotten more job security and more gray hairs, I’ve run out of fucks to give. I may be one of the few remaining OG from the 1990s still fighting for freedom of speech and innovation on the Internet, but I will keep doing so until my last breath.

And yet…I feel worn down. It is exhausting enough fighting for the Internet’s future, especially against the anti-empirical partisan attacks that I, as an academic, can’t meaningfully counter with rigorous academic approaches. For example, pretty much every U.S. regulator is prepared to slice up Section 230 for the wrong reasons. Any effort to rebut their underinformed criticisms through logic or facts stands no chance.

On top of all that, some of my efforts to protect the Internet are being redirected into the fight for our republic against those who are actively seeking to turn it into an autocracy.

The erosion of the rule of law has prompted me to question everything about the scope of my blogging. It seems silly to chronicle the finer details of Internet Law if all law, including Internet Law, becomes Calvinball. In other words, this blog has always assumed a baseline adherence to the rule of law. If that baseline degrades or goes away, what am I blogging about? (For more on this, see Techdirt’s post, “Why Techdirt Is Now A Democracy Blog (Whether We Like It Or Not).“).

The TikTok ban provides a good example of why I’m questioning everything about my blog in the Calvinball era of Internet Law. Congress’ statutory ban was misguided and counterproductive; the Supreme Court accepted Congress’ national security pretext way too credulously; Biden and Trump both disregarded the law; and Congress shrugged its shoulders at the administration’s dereliction. How am I supposed to teach my students about the meaning of any national security exception to the First Amendment in light of these developments?

AND THEN, we got even more damning proof that the TikTok ban’s national security justification was a farce. In the Trump 2.0 era, the U.S. Government clearly poses a far greater and more immediate threat to its citizens’ data security than any foreign government. (Some examples of the Trump 2.0 national security threats: E.g., DOGE’s data heists that Trump admits is because “we don’t have very good security in this country;” the Director of National Intelligence reluctantly admits that the US is compiling massive dossiers on its citizens for undisclosed purposes; immigration officials are mining social media to find reasons to deport people without due process for their lawful and constititionally protected speech; and the war boys freely banter about classified and highly sensitive Houthi attack plans on Signal, using vulnerable devices and looping a reporter into the conversation). Any national security threat from TikTok seems de minimis by comparison. In other words, the most important “national security” calls are coming from inside the house, not from China, and our government is the most important threat vector we all need to worry about.

The TikTok ban feels like such a jump-the-shark moment for Internet Law. If there is no legitimate justification for the TikTok ban, and if our government institutions are disregarding a law the Supreme Court has declared constitutional, what exactly is the “law” of TikTok I should be covering on this blog or teaching to my Internet Law students?

In light of the underlying across-the-board erosion of the rule of law, there’s a lot to worry about before I even get to the Calvinball era of Interent Law. I still care passionately about the Internet, but my supply of rage and opposition may have a lifetime cap. How much will be left in my tank 10 years from now?

The Comment Section Will Be Turned Off. We are almost at the end of the user-generated content era. The regulators have already doomed it, and the upcoming crop of Internet Laws over the next couple of years will be the coup de grâce. We’ve already seen the Internet shrink dramatically in response to recent regulatory interventions, such as the UK Online Safety bill. The UGC shrinkage will keep accelerating.

My blog is a UGC site in two ways. First, I am UGC to my blog host (another shoutout to Justia for their wonderful support over the years) and the host’s vendors, like AWS (which has received repeated complaints about my blog specifically). Will Justia and AWS still tolerate my content if their legal protections fade? If not, can I find replacement vendors?

I also am a UGC site in that I permit readers to post comments. I value my readers’ comments, but I don’t want to take legal responsibility for them. Without Section 230, and in the face of a tsunami of new state laws imposing onerous obligations on UGC sites, I will be burdened with increasing legal risks and obligations for allowing readers to comment. Rather than navigate that gauntlet, I’ll turn off comments entirely. Within 10 years, that outcome seems inevitable. [Note: This blog didn’t have any comment function from 2006 to 2013. “What’s past is prologue.”]

The Ads Will Be Turned Off. I rolled out Google AdSense for the blog in 2005, shortly after the blog launch. The money was OK, but mostly I wanted first-hand experience in the advertising ecosystem to improve my knowledge of the field.

Twenty years later, I’m still in the AdSense program, but barely. Over time, Google has had difficulty monetizing blogs like mine, so the program’s economics have collapsed. Google’s ads became more intrusive to boost Google’s revenues, but this didn’t trickle down to me. At the peak, I used to earn over $600 per year. That number drifted down to about $300/yr, when I finally turned off Google’s ability to create new ad slots on my page (which interfered with readers’ experiences, and I repeatedly got complaints about advertiser sketchiness). Now that I only have limited ad slots on each page, I make like 30 cents a day, or about $100 per year. Barely enough to get a single meal of burger and fries (and alcohol) at the Newark airport.

Worse, this de minimis ad revenue increases my legal risk. So long as I have any ads, a plaintiff or regulator can assert that I run a “commercial” website that subjects me to heightened legal obligations or reduced legal defenses. For example, my blog might have a degraded fair use position due to its purported commerciality (it shouldn’t, but the judge decides). With so little revenue at stake, those risks aren’t worth it.

I trust you detect a theme: despite my overall privilege as a tenured law professor, my blog is extremely vulnerable to regulatory risks. Comments and ads might both go offline due to those risks; and my blog itself could be tossed into the void by my blog host or its vendors. This is a microcosm of the broader threats facing the blogger ecosystem and all UGC ecosystems.

What Topics Will Be Left to Discuss? What will Internet Law look like in 10 years? I assume Section 230 will be long-gone by then, so every lawsuit over UGC will become a protracted First Amendment lawsuit. I’ll blog those cases, and that litigation genre could still be going strong in 2035.

Otherwise, I think we’ll still see standard e-commerce legal developments in 2035, even if online marketplaces are gone by then. My syllabus and this blog already cover many of these topics: contract formation, trespass to chattels, copyright, trademark, privacy. In 2035, I will also probably be talking more about AI, assuming it isn’t also extinct due to overregulation. I imagine I also will be sharing war stories about the “glory days,” explaining the Internet Law problems we’d once solved and the Internet benefits we’ve lost over the years. Just like their bafflement about how telephones used to work, the younger generations will have no idea about what the Internet was like for their elders.

Assuming everything goes well enough that we can still have the conversation, I’ll revisit this post in 2035 and see what I got right and wrong. I hope you’ll still be along for the ride then. Thank you for reading this blog now and, I hope, into our indefinite and uncertain future.

__

Coverage of the 20 year blogiversary:

Part 1: Celebrating the Blog’s 20th Blogiversary
Part 2: How Has the Blog Changed Over the Past 20 Years?
Part 3: Who Reads the Blog, and Why?
Part 4: Readers’ Favorite Topics, Posts, and Memes
Part 5: How the Blog Helps Readers
Part 6: Jess Miers Reflects on the Blogiversary
Part 7: Ethan Ackerman Reflects on the Blogiversary
Part 8: Guest Bloggers of the Technology & Marketing Law Blog
Part 9: How Information Consumption Habits Have Changed Over the Years
Part 10: What Will This Blog Look Like in 10 Years?

Coverage of the 10 year blogiversary:

Part 1: Happy 10th Blogiversary!
Part 2: The Blog’s Impact
Part 3: The Blogosphere’s Evolution
Part 4: Changes in Internet and IP Law
Bonus: A Video Interview About the Blog

The post Blogiversary: What Will This Blog Look Like in 10 Years? (Part 10 of 10) appeared first on Technology & Marketing Law Blog.