In the wake of the Oklahoma City bombing, a disgusting human posted an array of trashy, mocking t-shirts on an AOL bulletin board (some of the less graphic include: “Visit Oklahoma . . . It’s a BLAST!!!”; and “McVeigh for President 1996”). This dumpster fire of a human claimed to be a guy named Ken, and encouraged interested buyers to call the home phone number of a real guy named Ken — the unsuspecting Kenneth Zeran.

Under a wave of threatening phone calls, Zeran begged AOL to take down the post. They complied, but another post went up, and then more throughout the week. The crass shirts caught the attention of a conservative talk show host who spread indignation at ‘Ken’ even further. And in the meantime, Zeran was bombarded at furious calls at an average of once every two minutes, and put his house placed under protective surveillance.

Zeran never tracked down the toxic prankster, but he did file a lawsuit against AOL for being “negligent in failing to respond adequately to the bogus notices on its bulletin board after being made aware of their malicious and fraudulent nature” (Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997)).

But AOL had a power-tool on their side: Section 230 of the Communications Decency Act (or CDA 230). This bit of legislation from 1996 gives internet service providers immunity when third-party users brew up harmful or illegal content on their sites (exceptions include federal criminal liability and intellectual property claims).

CDA 230 cleared AOL in the case of the awful t-shirts. CDA 230 also protected Craigslist when it hosted housing ads that discriminated by race, gender, and religion, violating the Fair Housing Act (Chicago Lawyers’ Committee For Civil Rights Under Law, Inc. v. Craigslist, Inc. 519 F.3d 666 (7th Cir. 2008)). And it was CDA 230 that got Orbitz out of a fix when third parties were selling fraudulent tickets on its site (Milgram v. Orbitz Worldwide, LLC, ESX-C-142-09 (N.J. Super. Ct. Aug. 26, 2010)).

I could go on. CDA 230 is a backbone of internet law, and has tremendous power to silence tort liability claims. And that’s what makes our current moment so interesting.

We may be witnessing the first baby-steps to peel back CDA 230 and allow for some internet host liability.

The bill is called “Stop Enabling Sex Traffickers Act of 2017,” or SESTA. Some trace its birth to 2016, when Senator Kamala Harris was California Attorney General and brought criminal ‘pimping’ charges against the owners of, a classified ad website with a notorious ‘adult services’ section. Harris claimed Backpage made 99% of their revenue off of ads for sex trafficking and the sexual exploitation of minors.

In the court case that followed, CDA 230 came to the site’s rescue, as it had in a number of previous criminal and civil suits. But by that time, Harris was a Senator, and part of a bipartisan group interested in legislating new limits on CDA 230.

If SESTA is passed, it opens the door for both criminal and civil suits against internet hosts that knowingly benefit from sex trafficking. According to analysis at Stanford’s Center for Internet and Society, SESTA would allow two forms of civil lawsuits: 1) state law claims for actions that violate federal criminal law against sex trafficking, and 2) federal civil trafficking claims under 18 USC 1595, which is the statute allowing victims to seek damages and attorney fees against a “perpetrator (or whoever knowingly benefits, financially or by receiving anything of value from participation in a venture which that person knew or should have known has engaged in an act in violation of this chapter).”

SESTA’s wording also seems to allow these claims retroactively, meaning that victims of past sex trafficking could immediately file suit against internet platforms that knowingly benefited from the crime.

All of this is coming at a time when big internet firms are feeling the pressure to limit third-party content from a number of other quarters. There’s the big question about how much responsibility social media firms should bear for profiting off of foreign interference in national elections; and the growth of neo-Nazi groups have led to a European Commission mandate demanding more be done by ISPs and web platforms to stem the flood of hate speech online. SESTA could signal new thinking about internet liability.

While law enforcement groups and victims’ advocates are pushing hard for the bill, SESTA is being lambasted by many internet freedom groups. Techdirt worries it could put nearly every single service platform at immediate risk of lawsuits or prosecution. Other analysts take a more measured view: University of Maryland law professor Danielle Citron sees SESTA as a natural move for an industry that has come of age. She told Wired that the internet today can be compared to cars a century ago: “We came to see over time that cars were incredibly dangerous and that industry could bear the cost.”

Since the bill is about fighting sex trafficking and nobody wants to be on the side of sex traffickers, many large tech firms like Facebook and Google have been careful about their stance in the controversy. They prefer to speak through their industry group, the Internet Association. While the Association opposes SESTA, for the first time ever they told Congress they could possibly allow for some modification of CDA 230, which would allow victims and their families to sue companies like

SESTA was taken up for discussion by the Senate Commerce Committee on Tuesday. We’ll keep watching closely as the future of tort liability on the internet is decided.