Fifth Circuit: Salesforce Can’t Use Section 230 To Get Out Of Sex Trafficking Case, Because It Only Provided CRM Software, Not Content Moderation
A second appeals court has now said that Section 230 doesn't protect Salesforce, the online software giant, from being held liable for sex trafficking, because Backpage... used Salesforce's software.
If all of this sounds a bit crazy, buckle up. First, you need to understand the background here, before we can get into the details of this case. It first starts with the inaccurate narrative about Backpage.
As many folks here now recognize, the story about Backpage was grossly misleading. While the narrative pushed by politicians and the media was that the company was engaged in sex trafficking, the DOJ had actually commended the company for being a strong partner in the fight against sex trafficking. Indeed, the eventual takedown of Backpage days before FOSTA went into effect (which we were told was necessary to shut down Backpage) has been shown to make life more difficult for law enforcement trying to stop sex trafficking.
However, when law enforcement started demanding that Backpage help them stop non-trafficking, consensual sex work, the owners felt that went too far. Also, despite many years and many trials, the courts have never been able to pin sex trafficking on Backpage, though they did get guilty verdicts on relatively minor charges, including a very trumped-up charge on money laundering, because of how founder Michael Lacey moved some money around.
Either way, the exaggerated panic about Backpage, combined with the passage of FOSTA, kicked off a bunch of vexatious lawsuits, including a few against online software giant Salesforce, arguing that because Salesforce provided CRM software to Backpage, it should also be liable for any trafficking that occurred on the platform.
Salesforce tried using Section 230 to get out of these cases, noting that it can't be held liable for content on Backpage (a site it didn't run or host or anything, really). This was slightly ironic because the original arguments happened at the same time that Salesforce's founder and CEO Marc Benioff was saying we needed to abolish Section 230" because he was mad at disinformation on Facebook.
I guess maybe he doesn't want 230 around because the courts keep rejecting his argument. Two years ago, the Seventh Circuit rejected this argument in a very poorly argued decision which appeared to go against multiple other circuits. But now it has company. In a nearly identical case, the Fifth Circuit has again rejected Salesforce's 230 arguments.
Though it does so in a manner that basically highlights the value and importance of Section 230 in dismissing stupid vexatious cases early. Salesforce argued that because the only conduct on Backpage at issue here were third party ads, 230 should protect it from liability. But the Fifth Circuit points out that 230 only protects intermediaries for publishing related activities of third-party content. Instead, it's seeking to hold them liable for providing back office software:
Plaintiffs' claims do not seek to hold Salesforce liable for failing to moderate content or any other functions traditionally associated with a publisher's role. See id. at 419-20. Rather, Plaintiffs seek to hold Salesforce liable for allegedly providing back-office business services to a company it knew (or should have known) was engaged in sex trafficking. These claims would not inherently require Salesforce, if found liable, to exercise any functions associated with publication.
This is pretty nonsensical, because if taken to its logical conclusion it would mean (1) Backpage would be protected under Section 230 since it did traditional publishing functions, but (2) the even further removed Salesforce is not protected, because it was providing back office software, rather than handling things like content moderation. If only Salesforce's tools were used for content moderation, then it would be protected. Really.
The court's reasoning turns Section 230 on its head by suggesting that companies more directly involved in publishing user content have greater immunity than those providing backend infrastructure. This arbitrary line-drawing ignores the reality that the modern internet depends on a complex ecosystem of service providers, all of whom could now face increased legal exposure.
The summary judgment evidence confirms this account, demonstrating that Plaintiffs do not seek liability for any publication-related functions. The evidence shows that Salesforce did not have any role in:
screening, monitoring, or filtering content;
reviewing or analyzing third-party content;
transmitting or hosting third-party content;
editing or altering third-party content;
developing or enforcing content-moderation policies; or
deciding how third-party content was organized or displayed.
In short, the argument here is that Section 230 protects secondary liability but not tertiary liability.
Which is very, very stupid.
The court's reasoning opens the door to a ton of vexatious litigation against a wide range of service providers for the misdeeds of their customers' users, as long as those providers are not directly involved in publishing activities. Under this flawed standard, it's not hard to imagine a wide range of service providers facing lawsuits for how their customers use their offerings. Infrastructure companies like Cloudflare, payment processors like Stripe, cybersecurity firms, and more could all be dragged into court, forcing them to police their customers' activity or face ruinous legal costs.
The result would be a chilling effect on innovation and free speech online, as companies become increasingly risk-averse in the services they provide and who they provide it to.
Now, you could argue (and I'm sure some people will) that the liability chain between the trafficking and Salesforce is so distantly attenuated that even without Section 230, Salesforce is almost certain to win the case in the long run. The Court does note that Salesforce may still win in the end:
In deciding the section-230-immunity question, we say nothing about the underlying merits of this dispute. Although section 230 does not immunize Salesforce, that does not necessarily mean that Salesforce is liable. Immunity and liability are distinct. The question of whether Salesforce is liable to Plaintiffs because it knowingly benefitted from participation in a sex-trafficking venture is not before our court and remains to be answered.
And it would be crazy if Salesforce were actually found liable. Under the Supreme Court's Gonzalez ruling, you sorta have to show that the company had to be very knowingly participating in the law-violating activity, not just incidentally allowing someone to violate the law.
And there's no indication at all of that here. The plaintiffs insist that Salesforce knew or should have known that Backpage was engaged in sex trafficking, but given that no court could even convict the company's founders of that, it's pretty crazy to think that Salesforce should be liable for something the company itself wasn't found liable for... just by providing back office software.
But, to get to that point, the case will have to go on much longer, requiring a lot more resources, time, and expense.
And that's what Section 230 was designed to prevent. It's designed to kick out cases quickly when someone is trying to pin liability on the wrong party.
Except, according to the judges of the Fifth Circuit, apparently that only applies to the first party in the chain. If you go further down the list, it no longer applies. This misguided ruling sets a troubling precedent that could have far-reaching consequences for online service providers and the internet as a whole. It's a blow to Section 230 and the critical protections it provides.
And, it's yet another reason that the Supreme Court is, unfortunately, finally going to have to confront Section 230 at some point soon. It's been avoiding taking 230 head on for a few years now, and I fear what will come out of the court when it actually has to interpret the law. But this interpretation seems nutty.