from the a-little-more-involved dept
We've talked about the importance of "safe harbors" protecting service providers from the actions of users. Too often, companies go after service providers because they're easier to target and because they have more money -- but they're not the ones actually breaking the law, and making them liable for the actions of their users would be an incredible burden on any company that allowed users to do... well... anything. However, a recent ruling has shown one limitation to the section 230 safe harbors found in the CDA: if you're selling illicit phone records that were obtained via pretexting, you are still liable, even if you didn't do the pretexting yourself. In this case, a company called Accusearch offered to sell phone records, but contracted out the actual pretexting work to obtain the phone records. So, when the FTC came calling to fine Accusearch, it claimed that it was protected under section 230. As Eric Goldman explains in the above link, some of the court's reasoning was a little suspect, even if it came to the right conclusion at the end. One key point as to why this is different? This wasn't about "users" generating content that was potentially a problem. This was a company specifically buying and then reselling content -- so it was clearly a part of the process. If, say, a similar service opened up where it was simply bulletin boards where people posted illicitly gained phone records (or the ability to get them), then the company might have retained safe harbor protections.