Eugene Volokh put out an article about what liability the First Amendment does and doesn’t protect AI companies from. I was wondering what Mike Masnick would think about it. But I have some half-baked opinions (mostly disagreements) to share about it.

Regarding defamation occuring when e.g. a user shares a false statement of fact generated by an LLM:

Naturally, everyone understands that AI programs aren’t perfect. But everyone understands that newspapers aren’t perfect either, and some are less perfect than others—yet that can’t be enough to give newspapers immunity from defamation liability; likewise for AI programs. And that’s especially so when the output is framed in quite definite language, often with purported quotes from respected publications.

To be sure, people who are keenly aware of the “large libel models” problem might be so skeptical of anything AI programs output that they wouldn’t perceive any of the programs’ statements as factual. But libel law looks at the “natural and probable effect” of assertions on the “average lay reader,” not at how something is perceived by a technical expert.

…

To be sure, there are some narrow and specific privileges that defamation law has developed to free people to repeat possibly erroneous content without risk of liability, in particular contexts where such repetition is seen as especially necessary. For instance, some courts recognize the “neutral reportage” privilege, which immunizes “accurate and disinterested” reporting of “serious charges” made by “a responsible, prominent organization” “against a public figure,” even when the reporter has serious doubts about the accuracy of the charges. But other courts reject the privilege.

And even those that accept it apply it only to narrow situations: Reporting false allegations remains actionable—even though the report makes clear that the allegations may be mistaken—when the allegations relate to matters of private concern, or are made by people or entities who aren’t “responsible” and “prominent.” Such reporting certainly remains actionable when the allegations themselves are erroneously recalled or reported by the speaker.

I feel as if Volokh’s interpretation would allow the following kind of site to be liable for defamation: Keep in mind that people can detect lies about as reliably as a coin flip can.

Regarding Section 230:

A lawsuit against an AI company would thus aim to treat it as a publisher or speaker of information provided by itself. And the AI company would thus itself be a potentially liable “information content provider.” Under Section 230, such providers—defined to cover “any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service” (emphasis added)—can be legally responsible for the information they help create or develop.

…

For instance, courts have read § 230 as protecting even individual human decisions to copy and paste particular material that they got online into their own posts: If I post to my blog some third-party-written text that was intended for use on the internet (for instance, because it’s already been posted online), I’m immune from liability. But if instead I myself write a new defamatory post about you, I lack § 230 immunity even if I copied each word from a different web page and then assembled them together: I’m responsible in part (or even in whole) for creating the defamatory information. Likewise for AI programs.

Volokh thinks that courts should regard an LLM’s output as being created in part by the AI company because the AI company made the LLM and that therefore the AI company can be held at least partially liable of a user shares the LLM’s output with other people. Volokh doesn’t claim that an AI company categorically loses Section 230 protection due to training or adjust an LLM, but I feel as Volokh should’ve written a specific example about when being the party to train/adjust an LLM would be sufficient, rather than necessary but not sufficient, to take on liability for otherwise unprotected LLM outputs that a user chose to share with other people.

Regarding prevention of generation of unprotected speech:

Libel law famously requires “actual malice”—knowledge or recklessness as to falsehood—for lawsuits brought by public officials, public figures, and some others. But while that element wouldn’t be satisfied for many AI hallucinations, it might be satisfied once the person about whom the falsehoods are being generated alerts the AI company to the error. If the AI company doesn’t take reasonable steps to prevent that particular falsehood from being regenerated, then it might well be held liable when the particular hallucination is conveyed again in the future: At that point, the company would indeed know that its software is spreading a particular falsehood. Such knowledge plus failure to act to prevent such repeated spread of the falsehood would likely suffice to show actual malice.

And regarding prevention of generation of pornographic deepfakes:

In any event, if the images are indeed constitutionally unprotected, then the developers might potentially be held liable for such output. But any such liability would, I think, require a showing that the AI product developers know their products are being used to create such images and fail to institute reasonable measures that would prevent that result without unduly interfering with the creation of constitutionally protected material.

I’m hoping that courts will be cautious about finding “failure to act to prevent repeated spread”. Preventing an LLM from repeating a bad output means dealing with the general impossibility of content moderation. If an LLM generates millions of outputs a day and 100 outputs get reported for defamation or deepfakes every day, what will courts and legislators expect the AI company to do to handle the large volume? And what will courts think when AI companies encounter the same problems that YouTube does with Content ID, especially the impossibility of detecting slight variations of previous bad outputs? I don’t want a repeat of the DMCA safe harbor, which is implemented in a way to incentive websites hosting user-generated content to treat the content referred to in an infringement notification as presumptive infringement.