The cyber-attack on Sony Pictures has raised many serious questions for 2015—and some seemingly frivolous “concerns.” For example, Google has alleged that stolen Sony documents reveal that the Motion Picture Association of America is attempting to resurrect the Stop Online Piracy Act, which died in Congress two years ago. Google claims that the MPAA “led a secret, coordinated campaign to revive the failed SOPA legislation through other means.” Specifically, that the MPAA “helped manufacture legal arguments in connection with an investigation by Mississippi State Attorney General Jim Hood,” and that this amounts to its “trying to secretly censor the internet.”
Even Scarlett O’Hara might find those claims too melodramatic. SOPA was proposed federal legislation addressing foreign websites that illegally target U.S. markets with copyright infringing or counterfeit goods. State attorneys general enforce only existing state laws—subject to the First Amendment—and they have no jurisdiction over foreign websites. Consequently, they cannot “resurrect SOPA” or “censor the internet.” An article from the Washington Post provides a more balanced perspective, and the Digital Citizens Alliance also replies in Sorry Google, This Isn’t about SOPA, It’s about You. Nor can one fault the MPAA for trying to show state AGs—who do not enforce copyrights—that the movie industry’s concerns are part of a much broader rule-of-law problem that does involve them.
Google is using a weak case to demand a broad interpretation of the preemptive effects of the 1996 federal Communications Decency Act (CDA). Its arguments also implicate fundamental issues of federalism. This raises concerns more serious than rhetoric about “zombie SOPA….”
The underlying facts are disturbing. Recently, a state/federal sting operation based in Rhode Island revealed that Google had, for seven years, engineered its own compliance systems in order to help Internet “pharmacies” illegally distribute controlled drugs, including narcotics, within the U.S. and without prescriptions or age-verification. Facing a federal criminal indictment, Google went to Washington, D.C., and received a generous federal “non-prosecution agreement” that preserved the company’s ability to argue that the states lack jurisdiction over his wrongdoing.
That disturbed some state AGs. But the federal agreement did subject Google to two years of monitoring, and it imposed a general duty to deploy “policies, procedures and technological tools designed to detect and prevent violations of federal laws relating to controlled and prescription drugs.” State AGs thus watched to see whether Google would avail itself of this opportunity to halt a history of wrongdoing.
Unfortunately, Google did not seem to live up to its obligations. Consequently, “internet pharmacies” and drug-dealers could migrate from Google AdWords to its other advertising programs, or to other ad-monetized Google platforms such as YouTube:
The second of these screenshots seems particularly telling. It was taken while Google was operating under the federal agreement. It suggests that YouTube sometimesknew that it was hosting offers to sell controlled narcotics without prescriptions:
No big-data company can credibly maintain this sort of half awareness. Consequently, Mississippi AG Jim Hood sent Google a subpoena for documents relating to possible deceptive or unfair trade practices. Much of the data sought related to sales of controlled and prescription drugs. Google then filed a federal lawsuit to block the AG’s subpoena, and the parties are now preparing for a hearing on February 13.
Google’s efforts to block Hood’s drug-focused investigation center on its claim that the Communications Decency Act precludes Mississippi from determining whether Google may have used deceptive or unfair practices to facilitate or monetize the illegal distribution of drugs to minors within its borders.
That claim is remarkable. For example, were the CDA to preempt this, then it would also prevent the Federal Trade Commission from enforcing analogous federal laws against Internet intermediaries. Such practices could include fraud, conspiracy, and aiding-and-abetting violations of state and federal controlled substances acts.
Consequently, Google’s aggressive CDA-preemption claims should alarm the technology-policy community. CDA preemption serves important and productive purposes. But claims that it sweeps aside almost all state rights or laws and most federal civil rights or prohibitions are unlikely to survive review by the Supreme Court.
The CDA was once part of a broader federal law that imposed content-policing duties on websites, but those were later held to be unconstitutionally overbroad. Section 230(c)(1), the remaining part of the CDA, was intended to preempt enforcement of some laws against websites that publish third-party content—such as user-generated material. It states, “No provider of an interactive computer service shall be treated as the publisher or speaker of any information provided by [a third party] information content provider.”
But 230(c)(1) is ambiguous—its preemptive effects can be interpreted broadly or narrowly. Text, timing, and history all show that it was meant to overrule a bizarre New York state case, Stratton Oakmont v. Prodigy, which concluded that if a website attempts to prevent misuses of its services—for instance, by enforcing community guidelines—then that constitutes “editorial control” that makes that company strictly liable for any defamatory third-party post—not just a liable-after-notice “distributor.” The critical question is whether the CDA was intended to more broadly preempt state civil and criminal laws and federal civil laws.
At first, most federal courts interpreted CDA preemption broadly, and some still do. For example, a leading 1997 case, Zeran v. America Online, interpreted essentially all of 230(c)(1)’s ambiguities in favor of preempting the enforcement of state and federal laws against intermediaries. In a 2014 revenge-porn case, Jones v. Dirty World, the Sixth Circuit also adopted a broad, Zeran-like interpretation of the CDA.
But other federal courts have interpreted CDA preemption more narrowly. In a trio of cases, the Seventh Circuit has argued that the CDA does not preempt laws that treat websites as liable once they receive notice of illegal content, or laws that prohibit websites from intentionally inducing third parties to post unlawful content. The Ninth Circuit has narrowed the range of laws deemed to treat intermediaries as “publishers.” And in Barnes v. Yahoo!, a Ninth-Circuit panel agreed that it would have been “more straightforward” to interpret the CDA as allowing liability when a website refuses to remove illegal third-party content after notice, but, as the panel lamented, “that path…is closed to us.”
Actually, that path remains open. The Supreme Court has not yet interpreted the scope of CDA preemption. Lower-court interpretations now conflict. Soon, questions about the intended scope of CDA preemption should reach the justices.
When they do, broad interpretations of CDA preemption will face at least two major problems, and one is fundamental. The Constitution’s Tenth Amendment grants general police powers only to the states. The Supreme Court has thus repeatedly held that this structural premise of federalism requires federal courts to narrowly construe the preemptive effects of ambiguous federal statutes. For example, in cases like Gregory v. Ashcroft, the Court has refused to “‘give the state-displacing weight of federal law to mere congressional ambiguity.” But that is what CDA cases like Zeran and Dirty World do.
Therefore, a grim scenario for Supreme Court review of CDA preemption might involve a “publisher” that has admittedly facilitated illegal “third party” content, trying to invoke CDA preemption against a state attorney general concerned about real threats to public safety. Arguably, the preceding sentence could describe the CDA-preemption claims Google has made against Mississippi’s attorney general. Consequently, those concerned about technology, law, and policy should think carefully about how we should interpret the scope of CDA preemption. If we ignore the imaginary zombies, this seems to be the real lesson arising from Google’s ongoing conflict with the state attorneys general.