In the mid-1990s, people could still claim that technology is value-neutral without being laughed at. Yet, even then, it was obvious that the internet pioneers had designed their protocols to conform to the values common to the scientists who were the internet’s earliest users: openness, transparency, collaboration, and free access. Technical proposals were meant to be accepted because they were the best solution, not because they were beneficial for some particular company or research institution. Both inside and outside the US, the American First Amendment seemed embedded in those designs, exported as a stowaway with every new connection.
Even so, within the US, a pair of legal cases from pre-internet information services created doubt. In 1991’s Cubby v. CompuServe, the Southern District of New York ruled that CompuServe was a distributor, and therefore not liable for a defamation claim against a third-party poster, because CompuServe played no role in editing content. In 1995, Stratton Oakmont v. Prodigy, New York Supreme Court ruled that Prodigy, by virtue of its claim to moderate content, was a publisher and therefore liable.
Were systems going to be responsible for the third-party content they hosted or not? Did it make sense that a hands-off approach freed a service from liability, when trying to be responsible opened you to lawsuits? At this point, Chris Cox, who served as Orange County’s Republican Congressman from 1988 to 2005, and Ron Wyden, the Democratic Senator from Oregon who is still serving today, teamed up to write the 26 words that became Section 230 of the Communications Decency Act. S230 exempts online hosts from liability for content posted by third parties, and, Jeff Kosseff argues in The Twenty-Six Words that Created the Internet, was essential in allowing the internet to become the success it has.
In the UK and EU more generally, things have proceeded differently. In the UK, Godfrey v Demon Internet Service established in 1997 that ISPs can be sued for libel. In response, ISPs began operating the notice-and-takedown rules that persist today. The existence of data protection law, particularly the right to be forgotten and the laws against terrorist extremism and hate speech, as well as repeated EU efforts to limit anonymity and tighten copyright enforcement (culminating in the 2019 passage of the ‘upload filter’ in the Copyright Act) are all limits the US doesn’t have.
For better and for worse, S230 allowed ISPs to host Usenet without fear, enabled the creation of Facebook, Google, and Wikipedia, and yet did not protect any service from falling out of favour, as MySpace and others could attest. It also, Kosseff admits, enables revenge porn, cyberbullying, and extremist videos. Free speech is like that, and all its defenders know they will eventually be forced to argue for protecting ideas they personally find abhorrent. Today, many people from all sides, for different reasons, both inside and outside the US, are beginning to question whether S230 should be modified to incorporate some limits. Yet few really understand this law, how it came into being, or how it’s been tested. Kosseff sets out to fill this gap.
The first half of the book tells the story of the law’s genesis and passage. The rest is a tour of the subsequent legal judgments that have upheld it, sometimes reluctantly. Among the handful of non-US cases included is Google Spain v AEPD and Mario Costeja González, which set the right to be forgotten in motion.
The result is a readable biography of a law that affects everyone who uses the internet. With increasing calls for curbing social media, Kosseff is right to say that before we take a scalpel to S230 we should first understand it. He himself concludes that the law must stay, but that its contractual terms could be safely narrowed.
RECENT AND RELATED CONTENT
Read more book reviews