New Media and Technology Law Blog

President Signs Executive Order Directing Agencies to Probe the Contours of CDA Immunity

President Trump signed an Executive Order today attempting to curtail legal protections under Section 230 of the Communications Decency Act (“Section 230” or the “CDA”). The Executive Order strives to clarify that Section 230 immunity “should not extend beyond its text and purpose to provide protection for those who purport to provide users a forum for free and open speech, but in reality use their power over a vital means of communication to engage in deceptive or pretextual actions stifling free and open debate by censoring certain viewpoints.”

Section 230 protects online providers in many respects concerning the hosting of user-generated content and bars the imposition of distributor or publisher liability against a provider for the exercise of its editorial and self-regulatory functions with respect to such user content.  In response to certain moderation efforts toward the President’s own social media posts this week, the Executive Order seeks to remedy what the President claims is the social media platforms’ “selective censorship” of user content and the “flagging” of content that does not violate a provider’s terms of service.

The Executive Order does a number of things. It first directs:

  • The Commerce Department to file a petition for rulemaking with the FCC to clarify certain aspect of CDA immunity for online providers, namely Good Samaritan immunity under 47 U.S.C. §230(c)(2). Good Samaritan immunity provides  that an interactive computer service provider may not be made liable “on account of” its decision in “good faith” to restrict access to content that it considers to be “obscene, lewd, lascivious, filthy, excessively violent, harassing or otherwise objectionable.”
    • The provision essentially gives providers leeway to screen out or remove objectionable content in good faith from their platforms without fear of liability. Courts have generally held that the section does not require that the material actually be objectionable; rather, the CDA affords protection for blocking material that the provider or user considers to be “objectionable.” However, Section 230(c)(2)(A) requires that providers act in “good faith” in screening objectionable content.
    • The Executive Order states that this provision should not be “distorted” to protect providers that engage in “deceptive or pretextual actions (often contrary to their stated terms of service) to stifle viewpoints with which they disagree.” The order asks the FCC to clarify “the conditions under which an action restricting access to or availability of material is not ‘taken in good faith’” within the meaning of the CDA, specifically when such decisions are inconsistent with a provider’s terms of service or taken without adequate notice to the user.
    • Interestingly, the Order also directs the FCC to clarify if there are any circumstances where a provider that screens out content under the CDA’s Good Samaritan protection but fails to meet the statutory requirements should still be able to claim protection under CDA Section 230(c)(1) for “publisher” immunity (as, according to the Order, such decisions would be the provider’s own “editorial” decisions).
    • To be sure, courts in recent years have dismissed claims against services for terminating user accounts or screening out content that violates content policies using the more familiar Section 230(c)(1) publisher immunity, stating repeatedly that decisions to terminate an account (or not publish user content) are publisher decisions, and are protected under the CDA. It appears that the Executive Order is suggesting that years of federal court precedent – from the landmark 1997 Zeran case until today – that have espoused broad immunity under the CDA for providers’ “traditional editorial functions” regarding third party content (which include the decision whether to publish, withdraw, postpone or alter content provided by another) were perhaps decided in error.

Continue Reading

President to Unveil Executive Order to Address CDA Section 230 Protections

UPDATE: On the afternoon of May 28, 2020, the President signed the executive order concerning CDA Section 230. A copy/link to the order has not yet been posted on the White House’s website.

 

According to news reports, the Trump Administration (the “Administration”) is drafting and the President is set to sign an executive order to attempt to curtail legal protections under Section 230 of the Communications Decency Act (“Section 230” or the “CDA”). Section 230 protects online providers in many respects concerning the hosting of user-generated content and bars the imposition of distributor or publisher liability against a provider for the exercise of its editorial and self-regulatory functions with respect to such user content. In response to certain moderation efforts toward the President’s own social media posts this week, the executive order will purportedly seek to remedy what the President claims is the social media platforms’ “selective censorship” of user content and the “flagging” of content that is inappropriate, “even though it does not violate any stated terms of service.”

A purported draft of the executive order was leaked online. If issued, the executive order would, among other things, direct federal agencies to limit monies spent on social media advertising on platforms that violate free speech principles, and direct the White House Office of Digital Strategy to reestablish its online bias reporting tool and forward any complaints to the FTC. The draft executive order suggests that the FTC use its power to regulate deceptive practices against those platforms that fall under Section 230 to the extent they restrict speech in ways that do not match with posted terms or policies.  The order also would direct the DOJ to establish a working group with state attorneys general to study how state consumer protection laws could be applied to social media platform’s moderation practices.  Interestingly, the executive order draft would also direct the Commerce Department to file a petition for rulemaking to the FCC to clarify the conditions when an online provider removes “objectionable content” in good faith under the CDA’s Good Samaritan provision (which is a lesser-known, yet important companion to the better-known “publisher” immunity provision). Continue Reading

French Data Protection Authority Speaks to Web Scraping

Late last month, the French data protection authority, the CNIL, published guidance surrounding considerations behind what it calls “commercial prospecting,” meaning scraping publicly available website data to obtain individuals’ contact info for purposes of selling such data to third parties for direct marketing purposes.  The guidance is noteworthy in two respects.  First, it speaks to the CNIL’s view of this activity in the context of the GDPR and privacy concerns.  Second, and of more general interest, the guidance lays out some guiding principles for companies that conduct screen scraping activities or hire outside vendors to collect and package such data.

You can read our summary of the CNIL guidance on our firm’s Privacy Law Blog.

Protecting Business Information Assets in the “Work From Home” Environment

This past March, many organizations were forced to suddenly pivot to a “work from home” environment (“WFH”) as COVID-19 spread across our country.  However, many companies did not have the necessary technical infrastructure in place to support their full workforce on a WFH basis.  Often, remote access systems were configured assuming only a portion of a company’s employees – not 100% of a company’s employees – would be remotely accessing the corporate networks simultaneously.  In addition, many employees have limited home Wi-Fi capacity that is insufficient to sustain extended, robust connections with the office systems.  Networks can then become overloaded, connections dropped, and employees can experience extended latency issues, frozen transmissions and the like.

As a result, many employees are using a work-around — often with their employer’s knowledge and approval.  They connect their personal devices to their employer’s network to download what they need from the network, but disconnect to perform the bulk of their work offline.  On a periodic basis and upon the completion of the task at hand, those employees then typically upload or distribute the work product to the organization’s network.

Continue Reading

Electronic Signatures Becoming the Norm during COVID-19 Outbreak

The COVID-19 pandemic has fundamentally altered the way we live and conduct business. Most non-essential businesses have closed their offices and established entirely remote workforces, and many individuals may be in quarantine, which means that “wet” signatures on paper can be highly inconvenient. This reality has focused more attention on electronic formats. In this blog post we examine the landscape of electronic signatures in light of the pandemic and what it will mean for signature requirements going forward. Electronic signatures apply to both agreements entered into online, such as when completing an internet transaction or assenting to a contract via email, as well as paper documents. With businesses wondering under what circumstances electronic signatures are binding, this post briefly lays out what rules businesses need to follow. Continue Reading

Important Developments (Including Supreme Court Review) in the Interpretation of the Computer Fraud and Abuse Act

We continue to wait to see if the Supreme Court will accept LinkedIn’s petition to overturn the Ninth Circuit’s blockbuster ruling in the hiQ Labs case.  In that case, the appeals court held that an entity engaging in scraping of “public” data had shown a likelihood of success on its claim that such access does not constitute access “without authorization” under the federal Computer Fraud and Abuse Act (CFAA).

In the meantime, earlier this week the Supreme Court agreed to hear the appeal of an Eleventh Circuit decision that affirmed the conviction of a police officer under the CFAA for “exceeding authorized access” for accessing police databases for personal gain. (See U.S. v. Van Buren, 940 F. 3d 1192 (11th Cir. 2019), pet. for cert. granted Van Buren v. U.S., No. 19-783 (Apr. 20, 2020)).  This would be the Supreme Court’s first CFAA case.

And in addition to the news at the Supreme Court, late last month, a D.C. district court issued a ruling interpreting the extent of criminal liability under the CFAA for accessing websites in contravention of terms of use for academic research. In that case, the D.C. court held that the mere violation of website terms of use cannot form the basis of criminal liability for “unauthorized access” or “exceeding authorized access” under the CFAA. (Sandvig v. Barr, No. 16. 1368 (D.D.C. Mar. 27, 2020)). Continue Reading

Open COVID Pledge Rolled Out to Make Patents and Other IP Available for COVID-19 Response

In an innovative initiative in the battle against the Coronavirus, the newly-formed Open COVID Coalition (the “Coalition”) launched the Open COVID Pledge (the “Pledge”), a framework for organizations to contribute intellectual property to the fight against COVID-19. Pursuant to the Pledge, rightsholders can openly license intellectual property to facilitate the development of tools and technologies to counter the COVID pandemic. These would include the manufacturing of medical equipment and testing kits, as well as the development of software, AI and biotech solutions to contain and end the virus. Many major technology companies and other organizations have signed on to the Pledge.

The Coalition created a form of license which participants may to use to fulfill the pledge.  Under the license, the Open COVID License 1.0 (“OCL”), the pledgor grants a “non-exclusive, royalty-free, worldwide, fully paid-up license (without the right to sublicense)” to exploit the IP (other than trademarks or trade secrets) in products, services and other articles of manufacture “for the sole purpose of ending the ‘COVID-19 Pandemic’ (as defined by the World Health Organization, “WHO”) and minimizing the impact of the disease, including without limitation the diagnosis, prevention, containment, and treatment of the COVID-19 Pandemic.” The term of the OCL is retroactive to December 1, 2019 and runs until one year after WHO declares the end of the pandemic. Under the OCL, the pledgor “will not assert any regulatory exclusivity against any entity for use of the Licensed IP” in accordance with the license grant, and agrees to not seek injunctive or regulatory relief to prevent any entity from using the licensed IP. As with some traditional open source licenses, the licensed IP is granted without any warranties and the license is suspended if the license threatens or initiates any legal proceeding against the pledgor. Lastly, all copyright and related rights granted under the OCL are deemed waived pursuant to the Creative Commons 1.0 Universal License (public domain dedication). Continue Reading

Cluttered User Registration Screens Challenge Enforceability of Site Terms

In recent years, courts have issued a host of rulings as to whether online or mobile users received adequate notice of and consented to user agreements or website terms when completing an online purchase or registering for a service. Some online agreements have been enforced, while others have not. In each case, judges have examined the circumstances behind the transaction closely, scrutinizing the user interface and how the terms are presented before a user completes a transaction. In general, most courts seek to determine whether the terms are reasonably conspicuous to the prudent internet user and whether the user manifested sufficient assent by signing up for a service or completing a transaction.

From the perspective of making a sign-up process as smooth as possible, there is often an interest in moving the reference to terms and conditions out of the main flow of user sign-ups.  However, as we were reminded recently by an Illinois court examining the interfaces of DVD rental company Redbox, one does so at risk of finding those terms to be unenforceable.

The Illinois court noted numerous shortcomings with Redbox’s electronic contracting process.  It found that because links to the relevant terms were not clearly and conspicuously displayed, customers did not have constructive notice that they were assenting to those terms when hitting the “Pay Now” button to rent a DVD at a kiosk or by signing into a Redbox account online. (Wilson v. Redbox Automated Retail, LLC, No. 19-01993 (N.D. Ill. Mar. 25, 2020)). As such, the court denied Redbox’s motion to compel arbitration of plaintiff’s claims. Continue Reading

Work-Outs of Technology and Services Agreements Challenged by COVID-19

In early February 2020, before most of us were truly aware of the implications of COVID-19, a well-respected IT consulting group predicted a $4.3 trillion global spend on information technology in 2020. Drivers of the projected activity included cybersecurity, outdated infrastructure, mobile accessibility needs, cloud and SaaS transitions, and on-premises technology requirements.  In late 2019, another well-respected consulting group had predicted that, in 2020, “[t]here will be increasing opportunities for technology vendors and service providers to grow their businesses, and for technology buyers to innovate and upgrade their infrastructure, software, and services.” In fact, as 2020 began, many deals for technology development, implementation and related services were signed and technology providers, consultants and related service providers (collectively referred to in this post as “vendors”) and their customers were busy building, implementing and testing new systems.

Then came COVID-19. Most people in the United States and in many other parts of the world are now working from home. Capital markets are volatile. The global economy came to a screeching halt and recessions are forecast.  As a result of these and other factors, many deals that were humming along nicely are now facing significant and unanticipated challenges. For example:

  • In many cases, neither the vendor nor the customer community is “in the office.” While it is not uncommon for software developers to work remotely, many important aspects of a complex implementation – e.g., hardware installation, software testing and user training – are most effective when done on site. Obviously, given the work-from-home and no-travel environment that we are in, this is not possible.
  • Key individuals from both the vendor and customer community may be less available, either due to their own illnesses or due to pressing family issues or other concerns related to the pandemic.
  • Some customers may experience significant and unanticipated financial distress, and as a result, the payment obligations associated with the initiative may become particularly burdensome for them. Vendors may also be facing similar financial distress.
  • Due to the downturn in the business climate resulting from the pandemic, the business volume assumptions on which the ongoing initiative was based may no longer be realistic.

This blog post is intended to suggest a practical approach that both technology vendors and their customers might take to find amicable solutions to challenged deals. Continue Reading

Washington Governor Signs Bill Addressing Government Use of Facial Recognition Technology

While Washington’s comprehensive data privacy bill (SB 6182) — inspired by California’s CCPA — died when legislators could not hammer out a compromise over enforcement mechanisms, the state legislature did reach agreement and Gov. Jay Inslee signed into law a facial recognition bill (SB 6280) that provides some important privacy and antidiscrimination provisions regarding state and local governmental use of the technology. Continue Reading

LexBlog