Last week, the Ninth Circuit limited the ability of websites and online services to use Section 230 of the Communications Decency Act (CDA) to shield themselves from failure to warn lawsuits arising out of the offline conduct of their users. Although the circuit court’s opinion in Beckman v. Match.com, No. 13-16324 (9th Cir. Sept. 1, 2016) is unpublished, it creates a potentially troubling gap in the immunity afforded to online services from suits based on the conduct of their users.
The CDA creates federal immunity to any cause of action that would make online service providers liable for information originating from users of the service. Specifically, section 230(c)(1) of the CDA states that “ [n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” See 47 U.S.C. § 230(c)(1). The CDA defines an interactive computer service as “any information service, system, or access software provider that provides or enable computer access by multiple users to a computer server[.]” See 47 U.S.C. § 230(f)(2). It further defines an information content provider as “any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service.” See 47 U.S.C. § 230(f)(3). Internet bulletin boards, micro-blogging sites, user-generated video sites, consumer-review sites and spam reporting services have all been found to be “interactive computer services” that are afforded publisher immunity for their users’ statements by CDA Section 230.
Mary Kay Beckman met Wade Mitchell Ridley on the online dating service, Match.com, and briefly dated him. After she ended the dating relationship, Ridley brutally attacked Beckman, repeatedly stabbing and kicking her. Beckman suffered severe physical injuries requiring several hospitalizations and medical procedures.
Beckman filed a complaint seeking $10,000,000 in compensatory damages against Match.com, asserting, among other claims, a negligence claim based upon Match.com’ s failure to warn her about Ridley. The district court dismissed Beckman’s complaint, finding that the “Match.com is immune pursuant to the CDA immunity.” Beckman v. Match.com, No. 2:13-cv-97 JCM (NJK), Order, at 10 (D. Nev. May 29, 2013). The district court noted that “[t[he problem with plaintiff’ s attempt to focus on Match.com’ s alleged failure to warn… is that all of Match.com’ s conduct must trace back to the publication of third-party user content or profiles[,]” and this activity was “ clearly immune under the CDA.” See id. at 7, 8.
The Ninth Circuit reversed dismissal of the negligent failure to warn claim, finding that the claim did not seek to impose liability on Match.com as a publisher or speaker, but for its failure to act after allegedly learning of the foreseeable risk posed by Ridley from complaints the company had received about him. In reaching this conclusion, the Ninth Circuit cited its decision in Doe No. 14 v. Internet Brands, Inc., 824 F.3d 846 (9th Cir. 2016), in which it similarly held that CDA Section 230 could not be used at the pleading stage to dismiss a negligent failure to warn complaint. In Internet Brands, a plaintiff brought a negligent failure to warn claim against a networking website for models, which two users fraudulently used to identify and lure targets for a rape scheme. There, the Ninth Circuit held that at the pleading stage, the CDA did not bar a negligent failure to warn claim against a website owner where the complaint alleged the site operator had received information “from an outside source about how third parties targeted and lured victims” through the website. Id. at 851. The Ninth Circuit found it significant that plaintiff’s claim did not seek to impose liability on the website owner as a “publisher or speaker” of third party content on its website or require the website owner to remove or monitor any such content. Id. Moreover, the Ninth Circuit concluded that any warning that a website owner might be required to provide under state law would be produced by the owner and, therefore, not considered third party content, bringing the warning outside of the scope of the CDA. See id.
Applying Internet Brands, the Ninth Circuit held that “when a defendant has actual knowledge of a specific harm, that defendant has a duty to warn known, foreseeable victims of a known, foreseeable harm,” even if the defendant is an interactive computer service provider. Beckman, No. 13-16324, at 3-4. Based upon the representation of Beckman’ s counsel at oral argument that Beckman could allege that Match.com had actual knowledge that Ridley had identified and assaulted other women using Match.com’ s website prior to his attack on Beckman, the Ninth Circuit reversed the dismissal and directed the district court to provide Beckman with an opportunity to amend her complaint. The Ninth Circuit did, however, affirm dismissal of other state and federal claims against Match, finding that they the CDA barred those claims because the “basis for each of those claims is Match’ s role as a publisher of third-party information.” See id. at 2.
The implications of the Internet Brands and Beckman decisions are significant, creating the potential risk of liability for online services in which offline contact between users is foreseeable because it is part of the services’ business models. Although the reasoning upon which the cases rely is questionable, for now they create risk of suit for online services that received complaints or other information about users’ dangerous conduct. Importantly, these opinions arose following challenges at the pleadings stage and did not address the merits of the plaintiffs’ failure to warn claims based on the facts of each case. But companies that seek to avoid such suits altogether will need to assess complaints or information obtained from background checks on an individualized basis and determine whether to cancel or suspend a user’s account, or take the more affirmative step of warning other users who it can foresee may be in contact with them. If a company does affirmatively warn users, it will need to exercise care to ensure the warnings are factual, such as informing the warned persons that the other user’s account has been terminated, to limit the potential exposure to defamation and libel claims by the parties against whom the warnings were issued.