The IT Law Wiki


Communications Decency Act of 1996, (CDA), Pub. L. No. 104-104 (Tit. V), 110 Stat. 133 (Feb. 8, 1996), codified at 47 U.S.C. §§223, 230.[1]


There are two sections of the Act which address significantly subject matter.

One section attempted to control the content of the Internet by criminalizing "indecent" and "patently offensive" materials. That provision was struck down by the U.S. Supreme Court in Reno v. American Civil Liberties Union.[2]

The other section of the CDA provides a "safe harbor" for Internet service providers against claims for defamation arising from messages posted on or passing through their equipment. That section has been upheld in numerous cases.[3]

Challenge to "Indecency" and "Patently Offensive" Provisions[]

The CDA contains provisions that were either added in executive committee after the hearings were concluded or as amendments offered during floor debate on the legislation. An amendment offered in the Senate was the source of two statutory provisions described as the "indecent transmission" provision and the "patently offensive display" provision. These provisions were “an attempt to limit the availability of certain materials in interactive computer services."[4]These provisions were characterized as "a statute of unprecedented sweep."[5] The first[6] prohibited the knowing transmission of obscene or indecent messages to any recipient under 18 years of age. It provides in pertinent part:

(a) Whoever —
(1) in interstate or foreign communications —. . . . .
(B) by means of a telecommunications device knowingly --
(i) makes, creates, or solicits, and
(ii) initiates the transmission of,
any comment, request, suggestion, proposal, image, or other communication which is obscene or indecent, knowing that the recipient of the communication is under 18 years of age, regardless of whether the maker of such communication placed the call or initiated the communication; . . . .
(2) knowingly permits any telecommunications facility under his control to be used for any activity prohibited by paragraph (1) with the intent that it be used for such activity, shall be fined under Title 18, or imprisoned not more than two years, or both.

The second provision[7] prohibited the knowing sending or displaying of patently offensive messages in a manner that is available to a person under 18 years of age. It provides:

(d) Whoever —
(1) in interstate or foreign communications knowingly —
(A) uses an interactive computer service to send to a specific person or persons under 18 years of age, or
(B) uses any interactive computer service to display in a manner available to a person under 18 years of age,
any comment, request, suggestion, proposal, image, or other communication that, in context, depicts or describes, in terms patently offensive as measured by contemporary community standards, sexual or excretory activities or organs, regardless of whether the user of such service placed the call or initiated the communication; or
(2) knowingly permits any telecommunications facility under such person’s control to be used for an activity prohibited by paragraph (1) with the intent that it be used for such activity, shall be fined under Title 18, or imprisoned not more than two years, or both.

The breadth of these prohibitions was qualified by two affirmative defenses.[8] One covers those who take "good faith, reasonable, effective, and appropriate actions" to restrict access by minors to the prohibited communications.[9] The other covers those who restrict access to covered material by requiring certain designated forms of age proof, such as a verified credit card or an adult identification number or code.[10]

As noted in American Civil Liberties Union v. Reno:

It is clear from the face of the CDA and from its legislative history that Congress did not intend to limit its application to commercial purveyors of pornography.* * *

The scope of the CDA is not confined to material that has a prurient interest or appeal, one of the hallmarks of obscenity, because Congress sought to reach farther. Nor did Congress include language that would define ‘patently offensive’ or ‘indecent’ to exclude material of serious value.[11]

Striking down the law as unconstitutional, the court in Shea v. Reno[12] said:

The evidentiary record in this case compels the conclusion that, given the current state of technology, most adult content providers wishing to engage in constitutionally protected indecent speech will be unable to avail themselves of these affirmative defenses. Only a limited subset of on-line content providers, commercial providers on the World Wide Web, can avail themselves of the defense set out in § 223(e)(5)(B), leaving both non-commercial providers of Web content and content providers using all other modes of on-line communication unprotected. The evidence further demonstrates that content providers’ ability to comply with the terms of the second defense — the so called good-faith defense — depends on the actions of third parties, such as software manufacturers, whose cooperation is not required under the CDA or otherwise mandated. There is no feasible means, with our current technology, for someone to provide indecent content online with any certainty that even his best efforts at shielding the material from minors will be ‘effective,’ as the language of the good-faith defense requires.

Because neither of the affirmative defenses set out in §223(e)(5) can, with our current technology, effectively protect adult content providers wishing to engage in constitutionally protected indecent communication, we reach the inescapable conclusion that §223(d) will serve to chill protected speech. We therefore find that the plaintiff has demonstrated a likelihood of success on the merits of his claim that §223(d) is unconstitutionally overbroad. . . .

In setting aside the challenged provisions, we do not question the legitimacy of the government’s interest in safeguarding children from exposure to certain materials available on line nor suggest that other legislation on another day, carefully tailored to technological realities, may not pass constitutional muster. We also do not consider, nor attempt to delineate, the range of circumstances, if any, in which Congress could now or in the future constitutionally impose content-based restrictions upon communications in the developing medium we explore here.

Section 230 "Safe Harbor" Provision[]

In February of 1996, Congress made an effort to deal with some of the challenges facing Internet service providers or website owners when they allow third parties to post content on their sites by enacting Section 230 of the Communications Decency Act. While various policy opinions were open to Congress, it chose to "promote the continued development of the Internet and other interactive computer services and other interactive media" and "to preserve the vibrant and competitive free market" for such service, largely "unfettered by Federal or State regulation. . . ."[13]

Whether wisely or not, it made the legislative judgment to effectively immunize providers of interactive computer services from civil liability in tort with respect to material disseminated by them but created by others. In recognition of the speed with which information may be disseminated and the near impossibility of regulating information content, Congress decided not to treat providers of interactive computer services like other information providers such as newspapers, magazines or television and radio stations, all of which may be held liable for publishing or distributing obscene or defamatory material written by others. While Congress could have made a different policy choice, it opted not to hold interactive computer services liable for their failure to edit, withhold or restrict access to offensive materials disseminated through their medium.

Section 230(c)(1) of the CDA provides, in pertinent part, that:

No provider or user of an interactive computer service shall be treated as a publisher or speaker of any information provided by another information content provider.[14]

The terms interactive computer service and information content provider have specific statutory definitions.

Early cases interpreted this provision broadly to provide blanket immunity from third party defamations for ISPs and website owners.[15] As stated in Zeran v. America Online, Inc.,[16]:

By its plain language, sec. 230 creates a federal immunity to any cause of action that would make service providers liable for information originating with a third-party user of the service. Specifically, sec. 230 precludes courts from entertaining claims that would place a computer service provider in a publisher’s role. Thus, lawsuits seeking to hold a service liable for its exercise of a publisher’s traditional editorial functions — such as deciding whether to publish, withdraw, postpone or alter content &mdash are barred.

The purpose of this statutory immunity is not difficult to discern. Congress recognized the threat that tort-based lawsuits pose to freedom of speech in the new and burgeoning Internet medium. The imposition of tort liability on service providers for the communications of others presented, for Congress, simply another form of intrusive government regulation of speech. Section 230 was enacted, in part, to maintain the robust nature of Internet communication and, accordingly, to keep government interference in the medium to a minimum.

None of this means, of course, that the original culpable party who posts defamatory messages would escape accountability. While Congress acted to keep government regulation of the Internet to a minimum, it also found it to be the policy of the United States ‘to ensure vigorous enforcement of Federal criminal laws to deter and punish trafficking in obscenity, stalking, and harassment by means of computer.’ Id. sec. 230(B)(5). Congress made a policy choice, however, not to deter harmful online speech through the separate route of imposing tort liability on companies that serve as intermediaries for other parties’ potentially injurious messages.

Consistent with the congressional policy in favor of the expansive application of CDA Section 230 immunity, the definition of interactive computer service is construed broadly, while the definition of information content provider is construed narrowly.[17] "The majority of federal circuits have interpreted the CDA to establish broad federal immunity to any cause of action that would make service providers liable for information originating with a third-party user of the service."[18]

Good Samaritan Provisions[]

Section 230(c)(2) of the CDA provide:

No provider or user of an interactive computer service shall be held liable on account of —
(A) Any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected: or
(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material described in paragraph (1).
[T]his section provides ‘Good Samaritan’ protections from civil liability for providers or users of an interactive computer service for actions to restrict or enable restriction of access to objectionable online material. . . . [O]ne of the specific purposes of [section 230] is to overrule Stratton-Oakmont v. Prodigy and any other similar decisions which have treated such providers and users as publishers or speakers of content that is not their own because they have restricted access to objectionable material.[19]

Section 230 also preempts most state laws that would punish ISPs or websites for the postings of third parties. As noted in Doe v. America Online, Inc.[20]:

We . . . find that section 230 does preempt Florida law as to such a cause of action based upon alleged negligence. * * * The importance of this certified question is obvious in light of the current explosive growth in worldwide use of the Internet. The fundamental issue here is whether companies that provide access to the Internet are subject to common-law civil tort causes of action based upon the laws of each of the fifty states or whether Congress has acted to make ISPs immune from such common-law civil actions.

Thus, the preemption issue reduces to the question whether a state cause of action for negligent distribution of defamatory material directly conflicts with the CDA's prohibition against treating an Internet provider as a ‘publisher or speaker.’ Put another way, the question is whether imposing common law distributor liability on AOL amounts to treating it as a publisher or speaker. If so, the state claim is preempted.

Limitations of Section 230[]

Section 230 does not preempt the application of intellectual property laws to ISPs and websites for the postings of third parties. This is particularly important in the area of trademark infringement:

Section 230(e)(2) unambiguously constrains the Court to construe Section 230(c)(1) in a manner that would neither ‘limit or expand any law pertaining to intellectual property.’ Thus, the inquiry involves the application of existing intellectual property law. Under existing intellectual property law, publishers may, under certain circumstances, be held liable for infringement. Moreover, the United States Supreme Court has held, under the doctrine of contributory infringement, that ‘if a manufacturer or distributor . . . continues to supply its product to one whom it knows or has reason to know is engaging in trademark infringement,’ the manufacturer or distributor itself may held be liable for infringement. Immunizing Mindspring from Plaintiff's claims, therefore, would ‘limit’ the laws pertaining to intellectual property in contravention of § 230(c)(2). The plain language of Section 230(e)(2) precludes Mindspring’s claim of immunity.[21]

There is a split between the federal circuits over the scope of the intellectual property exception. In Perfect 10, Inc. v. CC Bill LLC,[22] the court held that the term "intellectual property" in Section 230(c)(2) should be construed to mean "federal intellectual property" and does not include state intellectual property claims. While in Doe v. Friendfinder Network, Inc.[23] the court held that Section 230(c)(2) applies to "any law pertaining to intellectual property," not just federal law.

A right of publicity claim generally is considered an intellectual property claim, to which Section 230 immunity does not apply.

Application to cybersecurity[]

Some argue that certain Internet content, such as terrorist chat rooms or propaganda websites, presents a national security or operational threat that is not represented within the Act. Further, should such material be deemed as “indecent,” the law does not give federal agencies the authority to require that the Internet service providers hosting the content to take it offline.

These critics maintain that the law should be revised to compel ISPs and web administrators to dismantle sites containing information that could be used to incite harm against the United States.

A possible revision could be similar to the notice and takedown procedure in the Digital Millennium Copyright Act. Others maintain that such a revision is counter to the spirit of free, open exchange of information that is characterized by the Internet and may be a First Amendment violation. Some have also expressed concerns that the intelligence value gained by preserving and monitoring the sites outweighs the potential threat risk.


  1. "While this provision is often referred to as Section 230 of the Communications Decency Act of 1996 (P.L. 104-104), it was enacted as Section 509 of the Telecommunications Act of 1996, which amended Section 230 of the Communications Act of 1934." Social Media: Misinformation and Content Moderation Issues for Congress, at 1 n.3.
  2. 521 U.S. 844 (1997).
  3. See, e.g., Blumenthal v. Drudge, 992 F. Supp. 44 (D.D.C. 1998).
  4. Shea v. Reno, 930 F. Supp. 916, 922 (S.D.N.Y. 1996).
  5. Id.
  6. 47 U.S.C. §223(a).
  7. Id. §223(d).
  8. See id. §223(e)(5).
  9. Id. §223(e)(5)(A).
  10. Id. §223(e)(5)(B).
  11. American Civil Liberties Union v. Reno, 929 F. Supp. 824, 855 (E.D. Pa. 1996), aff’d, Reno v. American Civil Liberties Union, 521 U.S. 844 (1997).
  12. 930 F. Supp. 916, 923 (S.D.N.Y. 1996)
  13. 47 U.S.C. §§230(b)(1), (2).
  14. 47 U.S.C. §230(c)(1).
  15. See, e.g., Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997); Blumenthal v. Drudge, 992 F. Supp. 44 (D.D.C. 1998).
  16. 129 F.3d 327, 330-31 (4th Cir. 1997).
  17. See Carafano v., Inc., 339 F.3d 1119, 1123 (9th Cir. 2003).
  18. Almeida v., Inc., 456 F.3d 1316, 1321 (11th Cir. 2006).
  19. Doe v. America Online, Inc., 783 So.2d 1010, 1012 (Fla. 2001), quoting S. Conf. Rep. No. 104-230, at 435 (1996).
  20. 783 So.2d 1010, 1015 (Fla. 2001).
  21. Gucci America, Inc. v. Hall & Assocs., 135 F. Supp. 2d 409, 413, 60 U.S.P.Q.2d (BNA) 1714 (S.D.N.Y. 2001) (citations omitted).
  22. 488 F.3d 1102, 1119 (9th Cir. 2007).
  23. 540 F.Supp.2d 288, 302 (D.N.H. 2008). See also Atlantic Recording Corp. v. Project Playlist, Inc., 603 F.Supp.2d 690, 703 (S.D.N.Y. 2009).


See also[]