On Tuesday, the House and Senate Armed Services Committees finally released the proposed text of the National Defense Authorization Act, all 4400 pages of it. And as had been previously reported, a “judicial privacy” bill takes up 30 of those pages. As I’ve explained in earlier posts, this judicial privacy bill would violate the First Amendment by censoring truthful speech about public officeholders. Unfortunately, the latest text of the bill as incorporated in the NDAA is even worse than previous versions.
The basics of the bill remain the same as prior versions, and those basics are bad enough. If passed into law, every American would risk facing mandatory takedown requests for posting standard biographical facts about federal judges online, including their birthdates, the jobs of their spouses, and the colleges attended by their children. The bill also arbitrarily limits its restrictions to the internet but not other media, and it allows speech to be suppressed even if it poses no possible security threat. As I wrote late last year in the Wall Street Journal, the law would clearly fail to satisfy First Amendment scrutiny under several Supreme Court precedents.
[UPDATE December 9, 2022: On Thursday afternoon, the House passed a further revised version of the NDAA that omitted the language about Section 230 discussed in the next four paragraphs. But even without this language, the plain text of the bill still applies to the “display” of information, not just to posting. As discussed below, that requirement will still apply to social media networks and other sites that host third‐party speech.]
But the latest version of the text makes it explicit that the bill would not only stifle the speech of individuals, but would also place a tremendous burden on online speech platforms. In new text, not present in prior versions, the bill now announces that nothing in the bill shall be construed “to impose liability on an interactive computer service in a manner that is inconsistent with the provisions of section 230 … if the interactive computer service—(A) has removed or disabled access to material identified in a [takedown] notice or request, as permitted under [Section 230]; and (B) otherwise complies with” the portion of the bill describing how takedown requests work.
What is the purpose of this language? Section 230 is a provision of federal law that, among other things, protects the provider of an interactive computer service (a technical term for any interactive website, like a social media platform) from being held liable in court for “any action voluntarily taken in good faith to restrict access to or availability of material …” The most straightforward reading of the privacy bill’s new language is that it is solely meant to reassure that nothing about that protection will change. If a website owner complies with a takedown request sent under this new bill and removes information posted by a third party about a judge from the site, that is an action to “restrict … availability of material.” And because of Section 230, no one can sue the website for taking down that information. As the new bill language reiterates, removing third‐party material from one’s own website is legally “permitted” because of this provision of Section 230.
But this new bill language is arguably ambiguous in its implications for what happens when a website does not comply with a takedown request. The new text says that the bill should not be construed to impose liability inconsistent with Section 230 if a site removes the information about a judge and otherwise complies with a takedown request. But what if a site does not comply with a takedown request? Does this language suggest, by negative implication, that the privacy law can be construed, in that scenario, “to impose liability on an interactive computer service” in a way that would otherwise violate Section 230?
Read the rest of this post →