Opinion
No. 22-15910
06-04-2024
Christopher CALISE; Anastasia Groschen, Plaintiffs-Appellants, v. META PLATFORMS, INC., Defendant-Appellee.
Mark Reich (argued), and Adam M. Apton, Levi Korsinksy LLP, New York, New York, for Plaintiff-Appellant. Theodore J. Boutrous, Jr., (argued), Christopher Chorba, Samuel Eckman, and Jeremy A. Weese, Gibson Dunn & Crutcher LLP, Los Angeles, California; Rosemarie T. Ring, Gibson Dunn & Crutcher LLP, San Francisco, California; for Defendant-Appellee.
Appeal from the United States District Court for the Northern District of California, Jeffrey S. White, District Judge, Presiding, D.C. No. 4:21-cv-06186-JSW Mark Reich (argued), and Adam M. Apton, Levi Korsinksy LLP, New York, New York, for Plaintiff-Appellant. Theodore J. Boutrous, Jr., (argued), Christopher Chorba, Samuel Eckman, and Jeremy A. Weese, Gibson Dunn & Crutcher LLP, Los Angeles, California; Rosemarie T. Ring, Gibson Dunn & Crutcher LLP, San Francisco, California; for Defendant-Appellee. Before: Eugene E. Siler, Jacqueline H. Nguyen, and Ryan D. Nelson, Circuit Judges. Opinion by Judge R. Nelson; Concurrence by Judge R. Nelson
The Honorable Eugene E. Siler, United States Circuit Judge for the U.S. Court of Appeals for the Sixth Circuit, sitting by designation.
OPINION
R. NELSON, Circuit Judge:
Meta user plaintiffs allege that they were harmed by fraudulent third-party advertisements posted on Meta's website in violation of Meta's terms of service. Meta claims that § 230(c)(1) of the Communications Decency Act (CDA) bars liability. This case hinges on the correct interpretation of § 230(c)(1): "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider." (emphases added). Courts have interpreted § 230(c)(1) to broadly immunize internet companies from liability. We have held repeatedly, however, that this immunity is not limitless. See, e.g., Barnes v. Yahoo!, Inc., 570 F.3d 1096, 1100 (9th Cir. 2009); see also Fair Hous. Council of San Fernando Valley v. Room mates.com, LLC, 521 F.3d 1157, 1164 (9th Cir. 2008). That said, district courts have struggled to determine the outer limits of § 230(c)(1) immunity, partly because our own case law has yielded mixed results as to the application of that immunity. See, e.g., Yuksel v. Twitter, Inc., 2022 WL 16748612 (N.D. Cal. Nov. 7, 2022). The Supreme Court has never delineated the scope of § 230(c)(1) immunity. We clarify it today.
The district court correctly determined that Plaintiffs' non-contract claims are barred by § 230(c)(1). We therefore affirm the district court's dismissal of those claims. But we hold that the district court applied the wrong legal standard in determining whether § 230(c)(1) bars Plaintiffs' contract-related claims. We therefore vacate the district court's order and remand to apply the correct standard.
I
A
Appellee Meta Platforms, Inc. (Meta), commonly known as Facebook, is the world's largest social media company. Meta does not charge users for its services. Instead, it largely makes money through advertising. Meta's model is simple in concept. Meta collects data from its users, and then sells targeted ads to third parties. These third parties then post their ads on Meta's platform, promoting their products and services to Meta's users. Meta's data collection software allows it to "show ads to the right people."
That said, not all of Meta's advertisers use the platform in good faith. Scammers have realized that they can use Meta's user data to run more effective deceptive ad campaigns. Plaintiffs claim that these scammers deliberately target Meta's more vulnerable users, and they identify themselves as victims of this deception. The ability to exploit Meta users has, in the words of scammers themselves, "revolutionized scamming."
Meta purports to curtail false or deceptive advertising on its platform. Meta users agree to Meta's Terms of Service (TOS), in which Meta promises to "[c]ombat harmful conduct." This includes removing any "content that purposefully deceives, willfully misrepresents or otherwise defrauds or exploits others for money or property." Meta's Advertising Policies also prohibit ads that are deceptive or misleading.
Plaintiffs cry foul. They contend that although Meta outwardly claims that it tries to combat scam ads, it instead affirmatively invites them by "actively soliciting, encouraging, and assisting scammers it knows, or should know, are using its platform to defraud Facebook users with deceptive ads." The motive is obvious: money. Plaintiffs claim that Meta "refuses to drive scammers off its platform because it generates billions of dollars per year in revenue from" scam ads.
Plaintiffs' main concern is with Meta's relationship with scammers in China. Meta has allegedly been "aggressively soliciting ad sales in China and providing extensive training services and materials to China-based advertisers," even though Meta knows "nearly thirty percent" of ads placed by these advertisers "violated at least one of [Meta's] own ad policies." On the enforcement side, Plaintiffs claim that Meta directs its employees to "ignore violations of [its ad policies], especially by China-based advertisers." Plaintiffs cite internal company documents, as well as investigative reports published by the New York Times, Reuters, and Time that discuss Meta's solicitation and (lack of) enforcement efforts.
B
Plaintiffs, Christopher Calise and Anastasia Groschen, are Meta users. They each encountered fraudulent ads on Meta, and they each believed that these ads were legitimate.
Groschen, for example, saw an ad for a toy she thought her toddler might like. She bought the toy, but when it arrived, it looked completely different from the item advertised. Groschen then tried to get a refund from the scam vendor, located in China, but failed.
Calise fell victim to a similar scam. He saw an ad for a car engine assembly kit. He bought the kit, but it was never delivered. Like Groschen, he unsuccessfully tried to get a refund.
Calise and Groschen sued, seeking to represent classes of similarly situated plaintiffs. They asserted five claims against Meta: (1) negligence, (2) breach of contract, (3) breach of the covenant of good faith and fair dealing, (4) violation of California's Unfair Competition Law (UCL), and (5) unjust enrichment. Plaintiffs sought damages and declaratory and in junctive relief.
The district court dismissed each of these claims. Calise v. Meta Platforms, Inc., 2022 WL 1240860, at *4 (N.D. Cal. Apr. 27, 2022). We have explained that § 230(c)(1) immunity does not attach when the defendant "materially contribut[ed]" to the "creation or development" of the of fending content. Roommates.com, 521 F.3d at 1162, 1168; accord Kimzey v. Yelp! Inc., 836 F.3d 1263, 1269 (9th Cir. 2016). Thus, Plaintiffs argued that Meta "materially contributed" to the third-party ads enough to lose § 230(c)(1)'s protection. See Calise, 2022 WL 1240860, at *3. The district court disagreed, holding that "Plaintiffs' allegations [did] not establish that Meta materially contributed to the illegality of the specific advertisements in question." Id.
The district court also considered Plaintiffs' argument that § 230(c)(1) "does not apply to contract claims that do not derive from a defendant's status or conduct as a publisher or speaker." Id. at *4. But it explained that "Plaintiffs' contract claim is based on Meta's alleged solicitation and publication of deceptive third-party advertisements and therefore stems from Meta's role as publisher." Id. It thus held that § 230(c)(1) "extends to Plaintiffs' contract claim." Id.
The district court held that "because all of Plaintiffs' claims are premised on Meta's publication of third-party advertisements . . . Meta is entitled to CDA immunity as to each of Plaintiffs' claims." Id. It thus granted the motion to dismiss without deciding whether, in the absence of § 230(c)(1) immunity, Plaintiffs' complaint would otherwise survive a motion to dismiss under Rule 12(b)(6). Id.
II
We review de novo a district court's order of dismissal under Rule 12(b)(6). Dyroff v. Ultimate Software Grp., 934 F.3d 1093, 1096 (9th Cir. 2019). And like all other questions of law, we also review de novo questions of statutory interpretation. Id.
III
The threshold issue is whether or how much Meta enjoys immunity under § 230(c)(1). Section 230(c)(1) is an affirmative defense, e.g., Force v. Facebook, Inc., 934 F.3d 53, 57 (2d Cir. 2019), and the district court held that it barred all Plaintiffs' claims, Calise, 2022 WL 1240860, at *4. If correct, this case ends there. But Plaintiffs' claims may proceed if § 230(c)(1) does not apply.
Section 230(c)(1) immunity applies to "(1) a provider or user of an interactive computer service, (2) whom a plaintiff seeks to treat, under a state law cause of action, as a publisher or speaker, (3) of information provided by another information content provider." Barnes, 570 F.3d at 1100-01. All agree that Meta is an interactive computer service provider under the statute.
Thus, we turn first to the second part of § 230(c)(1)—whether Plaintiffs' claims seek to treat Meta as a "publisher or speaker." On this prong, Meta has failed to meet its burden of showing that § 230(c)(1) applies to Plaintiffs' contract-related claims, because these claims do not "seek to treat [Meta] as a publisher or speaker." See § 230(c)(1). At the same time, § 230(c)(1) does apply to Plaintiffs' remaining claims against Meta, because those claims do seek to treat Meta as a publisher or speaker.
We disagree with Meta that Plaintiffs waived this argument below. Section 230(c)(1) immunity is an affirmative defense, see Force, 934 F.3d at 57, and "the burden is always on the party advancing an affirmative defense to establish its validity," Jones v. Taber, 648 F.2d 1201, 1203 (9th Cir. 1981).
A
We first revisit principles of statutory interpretation. "[W]hen the statutory language is plain, we must enforce it according to its terms." Jimenez v. Quarterman, 555 U.S. 113, 118, 129 S.Ct. 681, 172 L.Ed.2d 475 (2009). "[U]nless otherwise defined, words will be interpreted as taking their ordinary . . . meaning . . . at the time Congress enacted the statute." Perrin v. United States, 444 U.S. 37, 42, 100 S.Ct. 311, 62 L.Ed.2d 199 (1979). That said, the text's objective meaning may depend on the "backdrop against which Congress enacted" it. Stewart v. Dutra Constr. Co., 543 U.S. 481, 487, 125 S.Ct. 1118, 160 L.Ed.2d 932 (2005). Looking to the statute's contemporaneous context helps courts construe "term[s] of art" consistently with their "established meaning[s]" in the law. Id. For example, we must presume that when Congress uses "common-law terms," it intended to incorporate their "well-settled meaning[s]." Neder v. United States, 527 U.S. 1, 23, 119 S.Ct. 1827, 144 L.Ed.2d 35 (1999).
Subsection 230(c)(1)'s key word—publisher—has a well-defined meaning at common law. Publication is defined broadly as "[a]ny act by which [unlawful] matter is intentionally or negligently communicated to a third person." Restatement (Second) of Torts § 577 cmt. a (Am. L. Inst. 1938); see also id. § 630. Communication could be by written or printed words. Id. § 577. Publication is "essential to [tort] liability." Id. § 577 cmt. a. A "publisher" can bear tort liability for anything that it communicates, even negligently, to a third party. See id. §§ 577 cmt. a, 630. "Publishers" are treated differently under common law than "distributors," such as bookstores or newspapers, who usually cannot be held liable for repeating unlawful content, such as advertisements, unless they knew or had reason to know that the content was unlawful. See id. § 581.
In 1995, a New York state court treated Prodigy, an internet service provider, as if it were the "publisher," rather than a mere "distributor," of a libelous message posted by a third party. Stratton Oakmont, Inc. v. Prodigy Servs. Co., No. 31063/94, 1995 WL 323710, at *4 (N.Y. Sup. Ct. May 24, 1995) (unpublished). The court reached this finding because Prodigy was voluntarily removing some messages as offensive. Id. at *3-4. The court thought this content moderation opened Prodigy up to liability for all messages on its site. Id. The court thus rejected a finding that Prodigy acted only as a "distributor." Id. at *4.
Stratton Oakmont's rule created a perverse incentive not to moderate any offensive content, and Congress was concerned. See Barnes, 570 F.3d at 1101; see also Roommates.com, 521 F.3d at 1163. So in 1996, Congress enacted 47 U.S.C. § 230 to provide Internet platforms immunity from some civil and criminal claims. It was meant to bring traditional "distributor" immunity online. Congress expressly designed this statute both to help the internet grow, § 230(b)(1)?(2), and to encourage internet companies to monitor and remove offensive content without fear that they would "thereby becom[e] liable for all defamatory or otherwise unlawful messages that they didn't edit or delete," Roommates.com, 521 F.3d at 1163.
See, e.g., Shiamili v. Real Est. Grp. of N.Y., Inc., 17 N.Y.3d 281, 288, 929 N.Y.S.2d 19, 952 N.E.2d 1011 (2011) (recognizing that section 230 "und[id] the perverse incentives created by [Stratton Oakmont's] reasoning, which effectively penalized providers for monitoring content."); William E. Buelow III, Re-Establishing Distributor Liability on the Internet: Recognizing the Applicability of Traditional Defamation Law to Section 230 of the Communications Decency Act of 1996, 116 W. VA. L. REV. 313, 332 (2013) (tracing the implications of the Stratton Oakmont ruling).
Since its enactment, courts have interpreted § 230 "to confer sweeping immunity on some of the largest companies in the world." Malwarebytes, Inc. v. Enigma Software Grp. USA, LLC, — U.S. —, 141 S. Ct. 13, 13, 208 L.Ed.2d 197 (2020) (Thomas, J., dissenting from denial of certiorari). We have held repeatedly, however, that this immunity is not limitless. See, e.g., Barnes, 570 F.3d at 1100 (Section 230(c)(1) does not provide blanket "general immunity from liability deriving from third-party content."); see also Roommates.com, 521 F.3d at 1164 ("The Communications Decency Act was not meant to create a lawless no-man's-land on the Internet."). The Supreme Court has not yet weighed in on this issue, but because this is a difficult and complex issue that requires case-specific, and indeed claim-specific, analysis, we take the opportunity to clarify the scope of § 230(c)(1) immunity.
See also FTC v. LeadClick Media, LLC, 838 F.3d 158, 173 (2d Cir. 2016) (collecting cases); Marshall's Locksmith Serv. Inc. v. Google, LLC, 925 F.3d 1263, 1267 (D.C. Cir. 2019) ("Congress[ ] inten[ded] to confer broad immunity for the re-publication of third-party content."); Doe v. MySpace, Inc., 528 F.3d 413, 418 (5th Cir. 2008) ("Courts have construed the immunity provisions in § 230 broadly in all cases arising from the publication of user-generated content."); Almeida v. Amazon.com, Inc., 456 F.3d 1316, 1321 (11th Cir. 2006) ("The majority of federal circuits have interpreted [§ 230] to establish broad . . . immunity[.]").
B
We have weighed in several times on what it means to "treat[ ]" an interactive computer service "as [a] publisher or speaker." § 230(c)(1). We did so first in Barnes, which asked whether § 230(c)(1) "protects an internet service provider from suit where it undertook to remove from its website material harmful to the plaintiff but failed to do so." 570 F.3d at 1098.
Barnes involved pornography posted online for revenge. Id. The plaintiff's ex-boyfriend, posing as Barnes, created profiles on Yahoo, where he posted nude photographs of Barnes without her consent. Id. Barnes complained to Yahoo, asking it to remove the material. Id. Yahoo promised to do so but did not. Id. at 1099. So Barnes sued, alleging two state law causes of action: negligent undertaking and promissory estoppel. Id. Yahoo moved to dismiss, invoking § 230(c)(1) applied to both claims. Id. The district court agreed. Id. Barnes appealed, and we affirmed as to the negligent undertaking claim but reversed as to the promissory estoppel claim.
We first "analyz[ed] the structure and reach" of § 230(c)(1). Id. "Looking at the text," we acknowledged that § 230(c)(1) does not "declare[ ] a general immunity from liability deriving from third-party content." Id. at 1100. Indeed, § 230(c)(1) "does not mention 'immunity' or any synonym." Id. (quoting Chi. Lawyers' Comm. for Civ. Rts. Under Law, Inc. v. Craigslist, Inc., 519 F.3d 666, 669 (7th Cir. 2008)). Instead, reading § 230(c)(1) and § 230(e)(3) together, Barnes held that the former "only protects from liability (1) a provider or user of an interactive computer service (2) whom the plaintiff seeks to treat, under a state law cause of action, as a publisher or speaker (3) of information provided by another information content provider." Id. at 1100-01.
Thus, Barnes requires courts to examine each claim to determine whether a plaintiff's "theory of liability would treat a defendant as a publisher or speaker of third-party content." Id. at 1101 (emphasis added). "To put it another way, courts must ask whether the duty that the plaintiff alleges the defendant violated derives from the defendant's status or conduct as a 'publisher or speaker.' " Id. at 1102. "If it does, § 230(c)(1) precludes liability." Id. But where the duty springs from another source—for example, a contract—the plaintiff is not seeking to hold the defendant as a publisher or speaker, and § 230 does not apply. Id. at 1107.
Barnes illustrates this distinction. We held that § 230(c)(1) barred Barnes' negligent undertaking claim, but not her promissory estoppel claim. Id. at 1106, 1109. We explained that Oregon law imposed a duty on "[o]ne who undertakes, gratuitously or for consideration, to render services to another which he should recognize as necessary for the protection of the other's person or things." Id. at 1102. We held that the "undertaking that Barnes allege[d] Yahoo failed to perform with due care" was the "removal of the indecent profiles." Id. at 1102-03. And, because "removing content is something publishers do," "impos[ing] liability on the basis of such conduct necessarily involves treating the liable party as a publisher of the content it failed to remove." Id. at 1103.
In contrast, Barnes held the opposite for the promissory estoppel claim, even though that claim hinged on the same conduct—Yahoo's failure to remove the offending content. Id. at 1106-09. This is because, Barnes recognized, promissory estoppel is a quasi-contract claim that relied on an agreement between the parties. Id. at 1107. Yahoo specifically promised that it would remove the indecent profiles, and Barnes relied on that promise to her detriment. Id. at 1099. In so promising, Yahoo "manifest[ed] [its] intention to be legally obligated to do something, which happen[ed] to be removal of material from publication." Id. at 1107. And "[i]n a promissory estoppel case, as in any other contract case, the duty the defendant allegedly violated springs from a contract—an enforceable promise—not from any non-contractual conduct or capacity of the defendant." Id. Thus, Barnes did not "seek to hold Yahoo liable as a publisher or speaker of third-party content, but rather as the counter-party to a contract, as a promisor who has breached." Id. So even though in Barnes Yahoo's promise was to "take down third-party content from its website, which is quintessential publisher conduct," that did not alter the source of Yahoo's legal duty. The theory of liability derived from something different—an agreement. Id.
Our post-Barnes decisions faithfully applied its holding. One such case was Doe v. Internet Brands, Inc., 824 F.3d 846 (9th Cir. 2016). There, the plaintiff brought a negligent failure to warn claim against the defendant. Id. at 849. She had been lured to a fake audition using a networking website, Model Mayhem, where she was drugged, raped, and recorded for a pornographic video. Id. at 848. Internet Brands, which owned the website, allegedly knew about the rapists, but did not warn her or the other users. Id. Applying § 230(c)(1), the district court dismissed her negligent failure to warn claim. Id. at 849. We again reversed.
We began by analyzing the underlying duty in the cause of action. Id. at 850. In California, there is a "duty to warn a potential victim of third-party harm when a person has a special relationship to either the person whose conduct needs to be controlled or . . . to the foreseeable victim of that conduct." Id. (citation omitted). We then held that § 230(c)(1) did not apply because the duty to warn did not require Internet Brands to "remove any user content or otherwise affect how it publishes or monitors such content." Id. at 851. Accordingly, the "negligent failure to warn claim [did] not seek to hold Internet Brands liable as the 'publisher or speaker of any information provided by another information content provider.' " Id. (quoting § 230(c)(1)).
Next, we decided HomeAway.com, Inc. v. City of Santa Monica, 918 F.3d 676 (9th Cir. 2019). There, the plaintiffs, HomeAway.com and Airbnb, were internet businesses that rely on third parties advertising short-term rentals on their websites. Id. at 679-80. They challenged a city ordinance that regulated "home-sharing" in its jurisdiction, arguing it was preempted by § 230(c)(1). Id. Relying on Internet Brands, they claimed the ordinance "require[d] them to monitor and remove third-party content, and therefore violate[d] the CDA." Id. at 681.
We rejected this argument. Id. at 682. The ordinance at issue prohibited the plaintiffs from "processing transactions for unregistered properties"—it did not require the plaintiffs "to review the content provided by [third parties]." Id. That some monitoring of content "resulting from the third-party listings" may be required could not bring the ordinance within CDA immunity. Id. We explained that the plaintiffs' view "that CDA immunity follows whenever a legal duty 'affects' how an internet company 'monitors' a website" relied on an improperly broad reading of the CDA. Id. Applying Internet Brands, we explained that it is "not enough that third party content is involved." Id. The relevant question is whether the duty would "necessarily require an internet company to monitor third-party content." Id.
Finally, we decided Lemmon v. Snap, Inc., 995 F.3d 1085 (9th Cir. 2021). Plaintiff brought a negligent design claim against Snapchat, alleging that the company designed the application with a defect that encouraged dangerous driving. Id. at 1091-92. We held that "[t]he duty underlying such a claim differs markedly from the duties of publishers as defined in the CDA." Id. at 1092. Instead, "the duty that Snap allegedly violated 'springs from' its distinct capacity as a product designer." Id. (quoting Barnes, 570 F.3d at 1107). We thus held that "[b]ecause the [plaintiffs'] claim does not seek to hold Snap responsible as a publisher or speaker, but merely seek[s] to hold Snapchat liable for its own conduct . . . , [section] 230(c)(1) immunity is unavailable." Id. at 1093 (citation omitted).
Putting these cases together, it is not enough that a claim, including its underlying facts, stems from third-party content for § 230 immunity to apply. Meta invites us to reconsider the limitations we have previously recognized and encourages us to adopt a broader rule that would effectively bar "all claims" "stemming from their publication of information created by third parties." See MySpace, 528 F.3d at 418. Meta asks us to apply a "but for" test: if Plaintiffs' claims hinge on publishing-related activity, then § 230(c)(1) bars that claim. Put differently, Meta argues that in each case where we rejected immunity, we did not need to consider the content posted on the defendant's website, yet here, finding Meta liable would require consideration of whether third-party ads are deceptive. As an example, it differentiates Internet Brands from this case because requiring the defendant in that case to warn about the perpetrators using its website to identify and recruit victims would not require it to "remove any user content or otherwise affect how it publishes or monitors such content." 824 F.3d at 849. True. But it is not true that "providing a warning" would not require "considering the content posted." How could Internet Brands warn about certain harmful content without considering what it was? Such a rudimentary fact-bound inquiry quickly falls apart and runs up against our precedent.
Our cases instead require us to look to the legal "duty." "Duty" is "that which one is bound to do, and for which somebody else has a corresponding right." Duty, BLACK'S LAW DICTIONARY (11th ed. 2019). We must therefore examine two things in looking at duty. First, what is the "right" from which the duty springs? See Barnes, 570 F.3d at 1107; Lemmon, 995 F.3d at 1092. If it springs from something separate from the defendant's status as a publisher, such as from an agreement, see Barnes, 570 F.3d at 1107, or from obligations the defendant has in a different capacity, see Lemmon, 995 F.3d at 1092, then § 230(c)(1) does not apply. Second, we ask what is this duty requiring the defendant to do? If it obliges the defendant to "monitor third-party content"—or else face liability—then that too is barred by § 230(c)(1). See HomeAway, 918 F.3d at 682.
C
We now walk through each of Plaintiffs' claims, applying the principles we first established in Barnes. We start with Plaintiffs' contract-related claims because Barnes itself directly applies. We then apply Barnes's same reasoning to the other claims.
1
Plaintiffs assert two contract claims: breach of contract and a breach of the covenant of good faith and fair dealing (the contract claims). These both rely on the same "enforceable promises" allegedly made by Meta to Plaintiffs—the same duty. Barnes controls here. As we explained, the difference between contract claims and a tort such as defamation is that the latter "derive[s] liability from behavior that is identical to publishing or speaking: publishing defamatory material." Barnes, 570 F.3d at 1107. "Promising," on the other hand, "is different because it is not synonymous with the performance of the action promised." Id.
True, unjust enrichment is a quasi-contract cause of action. See, e.g., Astiana v. Hain Celestial Grp., Inc., 783 F.3d 753, 762 (9th Cir. 2015). But because an unjust-enrichment claim does not rely on a formal agreement between the parties from which a duty springs—to the contrary, it relies on the absence of such an agreement—this claim is more appropriately considered with the non-contract claims.
Thus, Meta's "[c]ontract liability" would "come not from [its] publishing conduct, but from [its] manifest intention to be legally obligated to do something." Id. This is because "[c]ontract law treats the outwardly manifested intention to create an expectation on the part of another as a legally significant event." Id. "That event generates a legal duty distinct from the conduct at hand." Id. To the extent that Meta manifested its intent to be legally obligated to "take appropriate action" to combat scam advertisements, it became bound by a contractual duty separate from its status as a publisher. We thus hold that Meta's duty arising from its promise to moderate third-party advertisements is unrelated to Meta's publisher status, and § 230(c)(1) does not apply to Plaintiffs' contract claims.
We recognize that whether Meta's TOS create an enforceable contract from which its alleged enforceable promises sprung is not a question the district court reached. The existence of a contract and the interpretation of a contract are questions better suited for the district court in the first instance.
2
Plaintiffs bring three other claims: unjust enrichment, negligence, and a UCL claim (the non-contract claims). Each of these involves a similar duty: the duty to prevent fraud by third parties. We first walk through each to explain why.
First, an unjust enrichment claim is "grounded in equitable principles of restitution," rather than "breach of a legal duty." Hirsch v. Bank of Am., 107 Cal.App.4th 708, 132 Cal. Rptr. 2d 220, 229 (2003). That said, understanding duty as a two-way street of obligations and rights, Duty, BLACK'S LAW DICTIONARY (11th ed. 2019), we can parse out what duty Plaintiffs are invoking. At common law, unjust enrichment "require[s] a party to return a benefit when the retention of such benefit would unjustly enrich the recipient." Munoz v. MacMillan, 195 Cal.App.4th 648, 124 Cal. Rptr. 3d 664, 675 (2011).
Thus, the obligation in an unjust enrichment claim—the relevant part of our duty analysis—is the "return of benefit." See id. And what is the benefit Plaintiffs are seeking return of? It is the profits Meta has obtained through an alleged scheme of knowingly permitting third parties to advertise on their website. Thus, the next question is how Meta would comply with this obligation. Put differently, how could Meta avoid infringing on Plaintiffs' purported rights?
Plaintiffs allege that Meta is (at least constructively) aware that certain parties are profiting by posting fraudulent third-party ads on its website. This factual situation resembles Internet Brands, in which the defendant knew certain perpetrators were posting content on its website to lure and rape women. 824 F.3d at 848. We held there that warning users about this third-party use of its website, of which Internet Brands was on notice, did not trigger § 230(c)(1). Id. at 851.
But to avoid liability here, Meta—unlike Internet Brands—would need to actively vet and evaluate third party ads. In Internet Brands, the platform faced liability not because it failed to remove the ads, but because it failed to warn about their content. Id. Thus, Plaintiffs' claims may fare better if they sought to impose liability on Meta for failing to warn about fraudulent content—but that is not what their unjust enrichment claim seeks. We hold therefore that § 230(c)(1) bars Plaintiffs' unjust enrichment claim as pleaded.
On their negligence claim, Plaintiffs assert that Meta had a "special relationship" with them, imposing a duty to protect them from fraud. We accept as true that Meta had such a duty at this stage. On that assumption, we examine the implications of such a duty in the context of Barnes. The duty this claim imposes on Meta is identical to the one for an unjust enrichment claim: it would require Meta to actively vet and evaluate third-party ads. We hold therefore that § 230(c)(1) shields Meta from liability stemming from Plaintiffs' negligence claim.
Finally, Plaintiffs bring a UCL claim. "The predicate duty [under the state unfair competition law] is to not engage in unfair competition by advertising illegal conduct." In re Tobacco Cases II, 41 Cal.4th 1257, 63 Cal.Rptr.3d 418, 163 P.3d 106, 113 (2007) (alteration in original). Such a duty not only touches on quintessential publishing conduct, but it is also indeed the very conduct that § 230(c)(1) addresses. After all, if Plaintiffs are correct that they can recover for Meta's third-party advertising, then § 230(c)(1) is a dead letter. Section 230(c)(1) therefore shields Meta on the UCL claim.
IV
Because we hold that some of Plaintiffs' claims derive from Meta's status as a "publisher or speaker" of third-party ads, we must evaluate whether Meta has "materially contributed" to the creation of these ads. Section 230(c)(1) limits liability to "information provided by another information content provider." (emphasis added). Section 230(f)(3) defines an "information content provider" as "any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service." In other words, Meta would lose § 230 immunity to the extent that Plaintiffs' claims seek to treat it as the publisher or speaker of its own content—or content that it created or developed in whole or in part—rather than the publisher or speaker of entirely third-party content.
We have interpreted the phrase "creation or development in whole or in part" in § 230(f)(3) to mean that "a website helps to develop unlawful content . . . if it contributes materially to the alleged illegality of the conduct." Roommates.com, 521 F.3d at 1167-68. We thus held that "[a] website operator can be both a service provider and a content provider," id. at 1162, depending on whether they "materially contribut[ed]" to the unlawfulness of content, id. at 1168.
In Roommates, we considered whether the company's roommate-matching service violated the federal Fair Housing Act and California discrimination laws. Id. Roommate "operate[d] a website designed to match people renting out spare rooms with people looking for a place to live." Id. at 1161. To sign up, users created profiles, which included providing basic information, and one's "sex, sexual orientation and whether [they] would bring children to a household." Id. Each user could then display their own preferences in others. Id.
The plaintiffs sued, arguing that "requiring subscribers to disclose their sex, family status and sexual orientation 'indicates' an intent to discriminate against them." Id. at 1164. Roommate invoked § 230(c)(1), and the plaintiffs countered that Roommate had "materially contributed to the unlawfulness" by "develop[ing] and displaying[ing] [a] subscribers' discriminatory preferences." Id. at 1165. We agreed, holding that "[b]y requiring subscribers to provide the information as a condition of accessing its service, and by providing a limited set of pre-populated answers, Roommate [had] become[ ] much more than a passive transmitter of information provided by others." Id. at 1166. Roommate had instead "become[ ] the developer, at least in part, of that information." Id. Thus, § 230(c)(1) was unavailable as an affirmative defense.
We clarified in Roommates, however, that an internet company providing tools that can be manipulated by third parties for unlawful purposes does not always defeat § 230(c)(1) immunity. Rather, providing neutral tools as to the alleged unlawfulness does not amount to development. Id. at 1169. For example, simply because a dating website required users to provide their "sex, race, religion and marital status," § 230(c)(1) immunity exists even if the company were sued for libel based on those characteristics. Id. at 1169. In such a case, we concluded that the website would not have materially contributed to the alleged defamation. Id.
The "tools" Plaintiffs complain about are Meta's "solicitation" and "assistance" for third-party advertisers. But Plaintiffs tacitly admit that not all of Meta's third-party ads are fraudulent. Even among third-party advertisers based in China, Plaintiffs allege that only around thirty percent post fraudulent advertisements. Plaintiffs provide no significant data or allegations about scammers outside of China. They complain about Meta's "solicitation" and "assistance" efforts on a global scale. But Plaintiffs do not allege, nor could they credibly allege here, that all these efforts result in fraudulent behavior.
Meta's "solicitation" and "assistance" efforts are, on their face, neutral. They are allegedly used for unlawful purposes, but that does not result from Meta's efforts. Without more allegations of Meta's contribution, its "solicitation" or "assistance" for advertisers—a fundamental part of Meta's business model and that of countless other internet companies—does not undo § 230(c)(1)'s protections just because it could be misused by third parties.
Indeed, we rejected a similar, but perhaps even more compelling, argument in Dyroff, 934 F.3d 1093. There, the defendant, Ultimate Software Group, operated a social networking website, Experience Project. Id. at 1094. Users registered with the site anonymously—an intentional design to encourage users to "share more personal and authentic experiences without inhibition." Id. at 1095. The site also engaged a machine learning algorithm that recommended groups for users to join based on their posts and other attributes. Id.
Given such a model, it was not unforeseeable that such a platform could and would be misused for unlawful purposes. Unfortunately, it was in fact used to facilitate illegal drug sales. See id. One user asked in a group about purchasing heroin and was then recommended by the site to another user's post, who later sold him what he believed to be heroin. Id. He tragically died the next day of fentanyl toxicity. Id. His mother sued, arguing that the website "steered users to additional groups dedicated to the sale and use of narcotics," and "sent users alerts to posts within groups that were dedicated to the sale and use of narcotics." Id.
Ultimate Software Group invoked § 230(c)(1), which the plaintiff argued did not apply because it had "materially contributed" through its recommendation and notification functions. Id. at 1096. We disagreed, holding that these "were content-neutral tools used to facilitate communications." Id. We recognized that the actual "content at issue was created and developed by [the deceased] and his drug dealer." Id. at 1098. We thus rejected the plaintiff's "content 'manipulation' theory [as] without support in the statute and case law." Id.
Plaintiffs, at best, argue that Meta "manipulated" its third-party ads to skew fraudulent content (because it could make more money) by targeting certain advertisers. According to Plaintiffs, Meta materially contributed to the content that way. But Plaintiffs' argument is no different from the one we considered in Dyroff. The plaintiff argued that Ultimate Software Group "manipulated" its recommendations, connecting users for improper purposes, and thus contributed to their content. Just as we rejected this argument in Dyroff, we reject it now. Meta did not "materially contribute" to the third-party ads. Meta is thus entitled to § 230(c)(1) immunity, at least as to the non-contract claims.
V
Plaintiffs' contract claims are not barred by § 230(c)(1), but their non-contract claims are. We thus vacate the district court's order as to the contract claims and remand for further proceedings.
AFFIRMED IN PART, VACATED IN PART, AND REMANDED.
R. NELSON, J., concurring:
Following precedent, we hold that if the threat of liability requires an internet company to "monitor third-party content," this is barred by 47 U.S.C. § 230(c)(1). See, e.g., Homeaway.com, Inc. v. City of Santa Monica, 918 F.3d 676, 682 (9th Cir. 2019). There is good reason, however, to interpret § 230(c)(1) differently. Cf. Malwarebytes, Inc. v. Enigma Software Grp. USA, LLC, — U.S. —, 141 S. Ct. 13, 208 L.Ed.2d 197 (2020) (Thomas, J., statement respecting denial of certiorari); Doe v. Facebook, Inc., — U.S. —, 142 S. Ct. 1087, 212 L.Ed.2d 244 (2022) (Thomas, J., statement respecting denial of certiorari). We should, in an appropriate case, revisit our statutory interpretation.
As explained in the majority opinion, § 230(c)(1)'s purpose was to bring traditional "distributor" immunity to internet companies. At common law, "distributors" could not be held liable for repeating unlawful content unless they knew (or constructively knew) that the content was unlawful. Restatement (Second) of Torts § 581 (1938).
In California, constructive knowledge "is measured by an objective standard: 'whether a reasonable man under the same or similar circumstances as those faced by the actor would be aware of the [nature] of his conduct." Rost v. United States, 803 F.2d 448, 451 (9th Cir. 1986) (quoting Chappell v. Palmer, 236 Cal.App.2d 34, 45 Cal. Rptr. 686, 688 (1965)). Plaintiffs allege that Meta had (at least) constructive—if not actual—knowledge that third-party advertisers were posting fraudulent content. For example, Plaintiffs allege that Meta encouraged affiliates of known scam accounts to "buy more ads." Plaintiffs also allege that Meta targeted Chinese-based advertisers, despite knowing that nearly thirty percent of such ads violated Meta's Terms of Service. And Plaintiffs allege that Meta employees told a journalist that Meta prioritizes revenue over enforcement of its ad policies. These allegations, taken together with the rest of the complaint, may seemingly plead that Meta was plausibly aware of the fraudulent third-party ads. Cf. Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007). Given this, it is suspect whether—under a view that § 230(c) was intended to incorporate common law concepts and bring them online—§ 230(c)(1) should bar Plaintiffs' claims, at least at the motion to dismiss stage.
Our precedent, and that of our sister circuits, has expanded § 230(c)'s scope to provide functional immunity to internet companies, even when they are aware (or should be aware) of unlawful content on their websites. As Justice Thomas explained, "Courts have discarded the longstanding distinction between 'publisher' liability and 'distributor' liability." Malwarebytes, 141 S. Ct. at 15. Indeed, "the first appellate court to consider the statute held that it eliminates distributor liability too—that is § 230 confers immunity even when a company distributes content that it knows is illegal." Id. (citing Zeran v. Am. Online, Inc., 129 F.3d 327, 331-34 (4th Cir. 1997)) (emphasis in original). Thus, "subsequent decisions, citing Zeran, have adopted this holding as a categorical rule across all contexts." Id. (collecting cases). These courts argue that this rule encourages "self[-]regulation." See, e.g., Zeran, 129 F.3d at 331, 334. But as Plaintiffs have plausibly pled, when an internet company has an economic incentive to permit unlawful content to be posted by third parties, it seems to encourage the opposite—willful blindness.
Our precedent, and the incentives it can create, conflicts with the statutory scheme. As the majority explains, it is inconsistent with the statutory timing—right after Stratton Oakmont, Inc. v. Prodigy Servs. Co., No. 31063/94, 1995 WL 323710, at *4 (N.Y. Sup. Ct. May 24, 1995) (unpublished)—and the plain statutory text, which incorporates common law terms.
Our precedent also contradicts other parts of the statutory scheme. For example, § 223(d) expressly imposes criminal liability on those who "knowingly . . . display" obscene material to children, no matter who created the content. 47 U.S.C. § 223(d). It also creates the opposite incentive as that encouraged by 230(c)(2): that no computer service provider "shall be held liable" for (A) good faith acts to restrict access to, or remove, certain types of objectionable content; or (B) giving consumers tools to filter the same types of content. As Justice Thomas explained, "This limited protection enables companies to create community guidelines and remove harmful content without worrying about legal reprisal." Malwarebytes, 141 S. Ct. at 14. Thus, § 230(c)(2) aims to encourage internet companies to monitor third-party content. See id.
Justice Thomas has identified several other examples of how this expansive view of § 230(c)(1) has created perverse effects. These include protecting internet companies facilitating terrorism, see Force v. Facebook, Inc., 934 F.3d 53, 65 (2d Cir. 2019), and harassment, Herrick v. Grindr LLC, 765 F. App'x 586, 591 (2d Cir. 2019). These applications stretch the statute's plain meaning beyond recognition. And they will continue to occur unless we consider a more limited interpretation of § 230(c)(1)'s scope of immunity. In a world ever evolving and with artificial intelligence raising the specter of lawless and limitless protections under § 230(c)(1), we should revisit our precedent and ensure we have grounded its application.