California’s continuing effort to make the Internet their own digital fiefdom continued this week with Gov. Jerry Brown signed legislation that creates an online “Eraser Button” just for minors. The law isn’t quite as sweeping as the seriously misguided “right to be forgotten” notion I’ve critique here (1, 2, 3, 4) and elsewhere (5, 6) before. In any event, the new California law will:

require the operator of an Internet Web site, online service, online application, or mobile application to permit a minor, who is a registered user of the operator’s Internet Web site, online service, online application, or mobile application, to remove, or to request and obtain removal of, content or information posted on the operator’s Internet Web site, service, or application by the minor, unless the content or information was posted by a 3rd party, any other provision of state or federal law requires the operator or 3rd party to maintain the content or information, or the operator anonymizes the content or information. The bill would require the operator to provide notice to a minor that the minor may remove the content or information, as specified.

As always, the very best of intentions motivate this proposal. There’s no doubt that some digital footprints left online by minors could come back to haunt them in the future, and that concern for their future reputation and privacy is the primary motivation for the measure. Alas, noble-minded laws like these often lead to many unintended consequences, and even some thorny constitutional issues. I’d be hard-pressed to do a better job of itemizing those potential problems than Eric Goldman, of Santa Clara University School of Law, and Stephen Balkam, Founder and CEO of the Family Online Safety Institute, have done in recent essays on the issue.

Goldman’s latest essay in Forbes argues that “California’s New ‘Online Eraser’ Law Should Be Erased” and meticulously documents the many problems with the law. “The law is riddled with ambiguities,” Goldman argues, including the fact that:

First, it may not be clear when a website/app is “directed” to teens rather than adults. The federal law protecting kids’ privacy (Children’s Online Privacy Protection Act, or COPPA) only applies to pre-teens, so this will be a new legal analysis for most websites and apps. Second, the law is unclear about when the minor can exercise the removal right. Must the choice be made while the user is still a minor, or can a centenarian decide to remove posts that are over 8 decades old? I think the more natural reading of the statute is that the removal right only applies while the user is still a minor. If that’s right, the law would counterproductively require kids to make an “adult” decision (what content do they want to stand behind for the rest of their lives) when they are still kids. Third, the removal right doesn’t apply if the kids were paid or received “other consideration” for their content. What does “other consideration” mean in this context? If the marketing and distribution inherently provided by a user-generated content (UGC) website is enough, the law will almost never apply. Perhaps we’ll see websites/apps offering nominal compensation to users to bypass the law.

Goldman also notes that it is unclear why California should even have the right to be regulating the Internet in this fashion. It is his opinion that, “states categorically lack authority to regulate the Internet because the Internet is a borderless electronic network, and websites/apps typically cannot make their electronic packets honor state borders.” I’ve been moving in that direction for the past decade myself since patchwork policies for the Internet — regardless of the issue — can really muck up the free flow of both speech and commerce. I teased out my own concerns about this in my January essay on “The Perils of Parochial Privacy Policies” and argued that the a world of “50 state Internet Bureaus isn’t likely to help the digital economy or serve the long-term interests of consumers.”  Sadly, some privacy advocates seem to be cheering on this sort of parochial regulation anyway without thinking through those consequences. They are probably just happy to have another privacy law on the books, but as I always try to point out not just in this context but also in debates over online child safety, cybersecurity, and digital copyright protection, the ends rarely justify the means. I just don’t understand why more people who care about true Internet freedom aren’t railing against these stepped-up state efforts (especially the flurry of California activity) and calling it out for the threat that it is.

In an essay over on LinkedIn entitled, “Let’s Delete The ‘Eraser Button,'” Stephen Balkam points out another mystery about the new California law: “It’s unclear why this law was even proposed when there exists a range of robust reporting mechanism across the Internet landscape.” Indeed, in this particular case it seems like much of the law is redundant and unnecessary. “What this bill should have been about is education and awareness, about taking responsibility for our actions and using the tools that already exist across the social media landscape,” Balkam says. “Here are three key actions that can already be taken:

Delete – you can take down or delete postings, comments and photos that you have put up on Facebook, Twitter, YouTube and most of the other platforms. Report – anyone can report abusive comments or inappropriate content by others about you or other people and, in many cases, have them removed. Request – you can ask that you be untagged from a photo or that a posting or photo be removed that has been uploaded by someone else. In addition there are in-line privacy settings on many of the leading social media sites, so that you or your teen can choose who sees what.”

Balkam is exactly right. The tools are already there; it’s the education and awareness that are lacking. As I have pointed out countless times here before, there is no need for preemptive regulatory approaches when less-restrictive and potentially equally effective remedies already exist. We just need to do a better job informing users about the existence of those tools and methods and then explain how to take advantage of them. Just adding more layers of law — especially parochial regulation — is not going to make that happen magically. Worse yet, in the process, such laws open the barn door to far more creative and meddlesome forms of state-based Internet regulation that should concern us all.

And now for the really interesting question that I have no answer to: Will anyone step up and challenge this law in court?

By Adam Thierer & Berin Szoka

Short but very important essay here from Santa Clara University Law School Prof. Eric Goldman about calls to alter Sec. 230 of the Communications Decency Act (CDA) to address concerns about online harassment. Generally speaking, Sec. 230 immunizes online intermediaries from punishing liability for the content that travels over their networks / services. Specifically, Sec. 230 stipulates that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” In other words: Don’t shoot the messenger!

As we’ve noted here before, it is probably not an overstatement to think of Sec. 230 as the very cornerstone of Internet Freedom, since it makes possible an online “utopia for utopias,” to borrow a phrase from our favorite modern political philosopher, the late Robert Nozick. Without Sec. 230, intermediaries would likely be forced to shut down many avenues of communication and would have to become deputized conduct and morality police for every cyber-street corner.

Goldman, America’s leading expert on Sec. 230-related jurisprudence, correctly notes that, “Frequently, § 230’s critics do not attack the immunization generally, but instead advocate a new limited exception for their pet concern.” He’s got that right. Indeed, we are increasingly hearing calls from numerous quarters these days to “tweak 230” for one pet concern after another. We’ve illustrated some of those concerns in this exhibit.

Deputization of the Middleman http://d1.scribdassets.com/ScribdViewer.swf Regulatory advocates can be found for each of these issues who like to see the protections afforded by Sec. 230 scaled back by Congress or he courts. But Goldman rightly warns:

Eric Goldman, one of the few active cyberlibertarians in legal academe, has a thoughtful post about the search partnership announced today. Eric notes blogger Danny Sullivan’s observation about the decline in Yahoo’s assets and his comment that:

Microsoft is getting a huge bargain courtesy of the US Department Of Justice. Without Google being able to compete for Yahoo’s business, the billions that were floating around in 2008 become millions in 2009.

Danny and Eric certainly have a strong point: One of the costs of the Justice Department’s decision to block Google from partnering with Yahoo! is that Yahoo! wound up fetching much less in its deal with Microsoft. But the intervening slump in the economy and online advertising has also contributed in the drop in Yahoo!’s share price and overall valuation, so it’s difficult to make an apples-to-apples comparison. Eric is probably right that in assessment that:

Yahoo was unbelievably crazy for passing on Microsoft’s acquisition proposal from a year-and-a-half ago. It looked like a foolish mistake at the time, and hindsight has definitely not improved that assessment!

It would seem that both Yahoo! and Microsoft under-estimated the likelihood that antitrust regulators would block a Yahoo!/Google deal a year ago: Microsoft probably wouldn’t have offered as much as it did to acquire Yahoo!’s search business ($31/share) and Yahoo! (currently $15.14/share) certainly wouldn’t have held out for a better deal from Google. While the end result ended up being a Yahoo!/Microsoft deal anyway, the delay of over a year in reaching a deal is itself a significant cost of what economists would call the “regime uncertainty” created antitrust: Without clear rules, it’s difficult for economic actors to predict the decisions by regulators. A delay of a year could well prove to make a big difference in the ability of the two companies to mount a successful response to Google in search and advertising—just as Microsoft’s 18 month delay back in 2003-2004 in developing a search ad auction system to respond to Google’s AdWords system (which now produces 2/3 of its revenue) probably did much to thwart Microsoft’s initial efforts to compete in search.

Sadly, no one can undo the mistakes of the past—either by regulators or businessmen. But as Adam and I conclude in our Forbes.com op-ed about the deal, to avoid doing further damage:

policymakers should recognize that the business, user and technological paradigms of the Web are constantly being re-invented and replaced. They shouldn’t delay approving this deal, especially as any delay would lengthen an awkward period of uncertainty for the corporate couple at the antitrust altar. Moreover, they should avoid micro-managing the transaction through regulatory blackmail: demanding “voluntary concessions” before giving their blessing.

Eric Goldman offers a terrific—and concise—summary of Section 230 and how courts have recently interpreted its grant of broad immunity to online intermediaries, most notably:

47 USC 230 tries to divide online content into first party content and third party content. In its simplest form, 230 says that online actors can’t be liable for third party content unless (1) ECPA, (2) federal criminal enforcement, or (3) IP claims.

It’s worth reading the rest.

As faithful readers no doubt know, I’m a big fan of Section 230 and believe it has been the foundation of a great many of the online freedoms we enjoy (dare I say, take for granted?) today. That’s why I’m increasingly concerned about some of the emerging thinking and case law I am seeing on this front, which takes a decidedly anti-230 tone.

Consider, for example, how some might weaken Sec. 230 in the name of “child safety.”  You will recall the friendly debate about the future of Sec. 230 that I engaged in with Harvard’s John Palfrey.  Prof. Palfrey has argued that: “The scope of the immunity the CDA provides for online service providers is too broad” and that the law “should not preclude parents from bringing a claim of negligence against [a social networking site] for failing to protect the safety of its users.”  Similarly, Andrew LaVallee of The Wall Street Journal reported from a conference this week that Sec. 230 became everyone’s favorite whipping boy, with several participants suggesting that the law needs to be re-opened and altered to somehow solve online “cyber-bullying” problems.

There’s also some potential trouble brewing in the courts, as Braden Cox noted recently.  As usual, the prolific Eric Goldman has the best summary of what’s been going on over at his Technology & Marketing Law Blog. After Eric’s takes a close look at the most recent 230-related case of Barnes v. Yahoo!, Inc., which contained some troubling language about 230, he continues on to note:

47 USC 230 has weathered plaintiff attacks very well in the past dozen years, but the last 6 months have opened up a number of angles for plaintiffs to explore. Consider the track record: * Woodhull (October): soliciting and publishing a defamatory third party email wasn’t covered by 230 * Doe v. SexSearch (December): as mentioned, the court stepped back from saying 230 preempted liability for marketing representations * StubHub (January): interference with business claim wasn’t preempted by 230 * Gourlay (March): web host who provided extra commercial services to its customer couldn’t claim 230 * Project Playlist (March): 230 doesn’t preempt state IP claims (this is a loss only because it contravenes the wrongly decided Ninth Circuit ccBill case, which was more defense-favorable). * This case, saying that a promissory estoppel claim isn’t preempted by 230. I’m not sure what to make of this trend, but it’s clear that we’re finally finding some substantial limits in 230’s reach, and that’s creating new litigation opportunities for plaintiffs.

And let’s be clear about why these trends are so troubling. Keeping online intermediaries free from burdensome policing requirements and liability threats has created the vibrant marketplace of expression and commerce that we enjoy today. If not for Sec. 230, we would likely live in a very different world today.  The alternative approach of strict secondary liability on ISPs and other online intermediaries would have a profound “chilling effect” on online free speech and expression.  That’s why Sec. 230 is so important, and worth defending.

Eric Goldman is the man.  His “Technology & Marketing Law Blog” is must-reading for cyberlaw geeks; packed with indispensable updates and insights about breaking development in the world of Internet law.

Anyway, he’s just published his “2008 Cyberlaw Year-in-Review,” which provides a comprehensive overview of the major developments and cases from the past year. This is the sort of compendium that I used to have to spend big bucks to get from DC law firms.  And Eric just gives it away as a public resource.  God bless him.

Last month, I noted that UCLA Law School professor Doug Lichtman has a wonderful new monthly podcast called the “Intellectual Property Colloquium.” This month’s show features two giants in the field of tech policy — George Washington Law Professor Daniel Solove and Santa Clara Law Professor Eric Goldman –- discussing online privacy, defamation, and intermediary liability. More specifically, in separate conversations, Solove and Goldman both consider the scope of Section 230 of the Communications Decency Act of 1996, which shields Internet intermediaries from liability for the speech and expression of their users. Sec. 230 is the subject of hot debate these days and Solove and Goldman provide two very different perspectives about the law and its impact.

Goldman calls Sec. 230 “pure cyberspace exceptionalism” in the sense that it breaks from traditional tort norms governing intermediary liability. But he argues that this new online version of intermediary liability (which is extremely limited in scope) encourages more robust speech and expression than the older, offline version of liability (which was far more strict). I completely agree with Eric Goldman, but I respect the arguments that Lichtman and Solove raise about the privacy and defamation problems raised by the purist approach that Goldman and I favor.

Goldman also does a nice job dissecting the Roomates.com and Craigslist.com cases. And Lichtman brings up the JuicyCampus.com case during the conclusion. These are important cases for the future of Sec. 230 and online liability. Incidentally, there’s also an interesting conversation between Lichtman and Solove (around the 32:00 mark) about an issue that Alex Harris and Tim Lee have been raising here about the nature of online contracts and the perils of messy EULAs / Terms of Service (TOS).

These are two absolutely terrific conversations. Very in-depth and very highly recommended. Listen here.

[Note: I recently reviewed Daniel Solove’s important new book, Understanding Privacy, here.]