Privacy, CDA 230, the Espionage Act, and WikiLeaks: My contributions to a global report exploring online intermediary liability

BerkmanShotWorking at the Digital Media Law Project and Cyberlaw Clinic at Havard’s Berkman Center for Internet & Society this past summer was a remarkable experience. I soaked in the beautiful summer sights of Massachusetts, learned from some of brightest minds in the country, and contributed to a number of fascinating projects. One of my main ventures from this summer at Berkman was recently published.

The Berkman Center and the Global Network of Internet and Society Research Centers released a report Feb. 18 called “Governance of Online Intermediaries: Observations from a Series of National Case Studies” (also found here). The report combines studies from various countries around the world to examine the rapidly changing landscape of online intermediary liability across the globe.

Numerous employees at the Berkman Center (including myself) collaborated to write the United States’ portion of the report. Our paper, “Online Intermediaries Case Studies Series: Intermediary Liability in the United States,” delved into various U.S. related online intermediary liability topics and case studies.

I contributed the legal landscape sections for three topics: traditional privacy liability, Sec. 230 of the Communications Decency Act (CDA), and the Espionage Act. I also authored a case study for the report, “The State as Soft Power – The Intermediaries Around WikiLeaks.” Below are the legal landscape primer sections I wrote that are contained in “Online Intermediaries Case Studies Series: Intermediary Liability in the United States.” These portions of the report are meant to summarize current United States policies regarding privacy liability for intermediaries, the protections of Sec. 230 of the Communications Decency Act, and potential claims under the Espionage Act.

Traditional Privacy Liability for Intermediaries

Privacy laws in the United States consist of a patchwork of common law torts and specific statutory enactments, overlaid with nationwide exceptions made in light of the First Amendment.[19] Intermediaries primarily concern themselves with privacy law to the extent it impacts their own businesses operations and practices – for example, how they represent their data handling practices to the public, and how they handle their own data security.

A second form of privacy liability for intermediaries stems instead from the actions taken on behalf of others, and whether the intermediary can ever be held liable for contributing (willingly or not) to those actions. The laws around such invasions of privacy can be generally clustered into two categories: those that address the unlawful gathering of information (e.g., intruding into one’s private spaces or unlawfully recording conversations), and those that address publishing private information (e.g., the “public disclosure of private facts” tort or publishing specific information proscribed by statute[20]). The First Amendment plays a role in this space by both limiting the universe of defendants for intrusion claims[21] and by substantially limiting the types of claims that can be brought regarding the disclosure of private information.[22]

With respect to information gathering, many states recognize a tort called “intrusion upon seclusion,” which punishes one who intrudes into the solitude or seclusion of another in a way that is highly offensive to a reasonable person.[23] Because the defendant’s conduct usually must be intentional for liability to attach, it is rare to see liability extend to disinterested intermediaries.[24] At least one court has found secondary liability could attach to a newspaper for running a classified ad that facilitated intrusion of another, though in that case the plaintiff pleaded that the newspaper published the ad with the intent to invade the plaintiff’s privacy.[25]

Some intrusion laws attempt to indirectly target intrusion by punishing those who later disclose or receive the information that was unlawfully acquired. But First Amendment doctrine prevents the application of such laws to those who did not actively participate in the unlawful acquisition, at least when the information is true and a matter of public concern.[26] This would seem to preclude most information intermediaries from liability for transmitting content that was unlawfully acquired by others.

Laws concerning the disclosure of private information directly can vary considerably, but most states have some form of the tort called “public disclosure of private facts,” which concerns the intentional disclosure to the public[27] of non-newsworthy information about an individual that is highly offensive to a reasonable person.[28]

Unlike defamation or intrusion, the specific mental state of defendants varies considerably between states, so the mens rea does not generally limit liability for disinterested intermediaries in the same way as other torts.[29] That said, the few cases that consider a distributor’s liability tend to impart the same requirement from defamation cases that the distributor know the information to be tortious in order to be held liable.[30] Also, information obtained from public sources are considered protected under the First Amendment,[31] and republishing content originally published widely by others does not lead to liability in most cases, as the fact that the content was published previously means that the information is no longer considered private.[32]

The traditional standards for intermediary liability in privacy are applied in a radically different manner online, in large part due to Section 230 of the Communications Decency Act, which is discussed in the following section.

[19] Daniel J. Solove & Paul M. Schwartz, Information Privacy Law 77 (3d ed. 2009).
[20] For an example of this, see 18 U.S.C. § 2710 (governing when and how a customer’s video rental history may be disclosed).
[21] See notes x–y, infra, and accompanying text.
[22] While the states that recognize a public disclosure tort include a definitional balance that precludes claims against newsworthy information, the Supreme Court has yet to directly consider a challenge to public disclosure torts in other cases. See Geoffrey R. Stone, Privacy, the First Amendment, and the Internet, in The Offensive Internet (Saul Levmore & Martha C. Nussbaum eds. 2010). For more on the history of balancing between free speech and privacy has had a complicated century of history. See Geoffrey R. Stone, Anthony Lewis, Freedom for the Thought That we Hate 59-80 (2009).
[23] Restatement (Second) Torts § 652B.
[24] See, e.g., Marich v. MGM/UA Telecomm., Inc., 113 Cal. App. 4th 415 (2003) (defining intent for California’s intrusion tort). For examples of cases where parties were liable as aiders or abettors of another’s intrusion, see David A. Elder, Privacy Torts § 2:9.
[25] Vescovo v. New Way Enters., Ltd., 60 Cal. App. 3d 582 (1976).
[26] See, e.g., Bartnicki v. Vopper, 532 U.S. 514, 526 (2001) (The First Amendment prevents a radio broadcaster from being punished for disclosing the contents of an unlawfully-intercepted communication); Smith v. Daily Mail Publ’g Co., 443 U.S. 97, 104 (1979); Food Lion, Inc. v. Capital Cities/ABC, Inc., 194 F.3d 505 (4th Cir. 1999) (refusing to escalate damages for breach of duty of loyalty based on subsequent disclosure of information); Doe v. Mills, 536 N.W.2d 824 (Mich. 1995) (knowing receipt of information unlawfully obtained does not lead to intrusion claim for the recipient). Scholars have been mindful to point out that the exact meaning and scope of the “Daily Mail principle” is not entirely clear. Janelle Allen, Assessing the First Amendment as a Defense for Wikileaks and Other Publishers of Previously Undisclosed Government Information, 46 U.S.F. L. Rev. 783, 798 (2012).
[27] This is deliberately made a wider audience than defamation, for which liability attaches when a statement is “published” to a single person. Restatement (Second) Torts § 652D cmt. a.
[28] Restatement (Second) Torts § 652D.
[29] David A. Elder, Privacy Torts § 3:7.
[30] See, e.g., Steinbuch v. Hachette Book Grp., 2009 WL 963588 at 3 (E.D. Ark. April 8, 2009); Lee v. Penthouse Int’l Ltd., 1997 WL 33384309 at 8 (C.D. Cal. March 19, 1997).
[31] See, e.g., The Florida Star v. B.J.F., 491 U.S. 524 (1989).
[32] See, e.g., Ritzmann v. Weekly World News, 614 F. Supp. 1336 (N.D. Tex. 1985); Heath v. Playboy Enters., Inc., 732 F. Supp. 1145 (S.D. Fla. 1990); but see Michaels v. Internet Ent. Grp., Inc., 5 F. Supp. 2d 823 (C.D. Cal. 1998) (disclosure of more than the ways originally revealed in first publication can give rise to claim for republication)

Section 230 of the Communications Decency Act

As noted in the preceding sections, liability for offline content distributors or hosts largely turns on whether the host knows or has reason to know that they are hosting tortious content. In the earliest days of the Internet, courts used these standards to assess liability of online intermediaries, but found that the law created a perverse result. Online intermediaries possessed the technical ability to filter or screen content in the way an offline intermediary never could, but under existing standards this meant that the intermediary would assume liability for all the content over which they had supervisory control. In the most famous case on point, this included a service that was trying specifically to curate a family friendly environment, at a time when the public was greatly concerned about the adult content on the Internet.[33] In order to “to promote the continued development of the Internet and other interactive computer services and other interactive media [and] to preserve the vibrant and competitive free market that presently exists for the Internet and other interactive computer services,” Congress enacted Section 230 of the Communications Decency Act.[34]

Section 230 prevents online intermediaries from being treated as the publisher of content from users of the intermediaries. By the terms of the statute, “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” [35] An “interactive computer service” under Section 230 is defined as “any information service, system, or access software provider that provides or enables computer access by multiple users to a computer server . . . ”[36] Online intermediaries of all sorts meet this definition, including Internet service providers, social media websites, blogging platforms, message boards, and search engines.[37] An “information content provider” in turn is defined as “any person or entity that is responsible, in whole or in part, for the creation or development of information provided through the Internet or any other interactive computer service.”[38]

Section 230 covers claims of defamation, invasion of privacy, tortious interference, civil liability for criminal law violations, and general negligence claims based on third-party content,[39] but it expressly excludes federal criminal law, intellectual property law, and the federal Electronic Communications Privacy Act or any state analogues.[40] Its terms also specify that the coverage is for “another’s” content, thus not protecting statements published by the interactive computer service directly.[41] Thus, to apply Section 230’s protection, a defendant must show (1) that it is a provider or user of an interactive computer service; (2) that it is being treated as the publisher of content (though not with respect to a federal crimes, intellectual property, or communications privacy law); and (3) that the content is provided by another information content provider.

The law was designed in part to foster curation of online content, and courts have found that a wide array of actions can be taken by “interactive computer services” over third-party content are covered by Section 230. These include basic editorial functions, such as deciding whether to publish, remove, or edit content;[42] soliciting users to submit legal content;[43] paying a third party to create or submit content;[44] allowing users to respond to forms or drop-downs to submit content;[45] and keeping content online even after being notified the material is unlawful.[46] This applies to both claims rooted in defamation and those rooted in invasion of privacy.[47]

On the other hand, if the intermediary creates actionable content itself, it will be liable for that content.[48] Courts are also unlikely to find that Section 230 applies when an interactive computer service edits the content of a third party and materially altering its meaning to make it actionable;[49] requires users to submit unlawful content;[50] or if the service promises to remove material and then fails to do so.[51] When an intermediary takes these actions, it is deemed to have “developed” the content by “materially contributing to the alleged illegality of the conduct.”[52]

While stated very simply, the law upsets decades of precedent in the areas of content liability law, and radically alters the burdens on online services for claims based on user content.[53] By limiting any assumed liability for a wide range of content-based claims (and given the other content areas discussed below), Section 230 effectively removes any duty for an interactive computer service to monitor content on its platforms, a tremendous boon for the development of new intermediaries and services.[54] Virtually all liability for content-based torts is pushed from the service to others, often the user. In practical terms, however, this has yet to manifest a windfall for online services; many claims are still brought against online intermediaries, and the question is often litigated extensively and at great expense before courts find that claims are invalid.[55]

As noted above, Section 230 does not cover intellectual property laws, and thus different rules apply in these cases. These are now addressed.

[33] Stratton Oakmont, Inc. v. Prodigy Servs. Co., 1995 WL 323710 (N.Y. Sup. Ct. May 24, 1995). See also Lawrence Lessig, Code 2.0 249-52 (2006) (discussing the Internet anti-pornography efforts happening around the time of the Communications Decency Act debate).
[34] 47 U.S.C. § 230. The section was part of a greater law that sought to relegate the transmission of offensive content to minors, the majority of which was later struck by the Supreme Court. See Reno v. ACLU, 521 U.S. 844 (1997).
[35] 47 U.S.C. § 230(c)(1).
[36] § 230(f)(2).
[37] See Ardia, supra note [[x]], at 387-89.
[38] § 230(f)(3).
[39] See Ardia, supra note [[x]], at 452.
[40] § 230(e)(1)–(4). The Electronic Communications Privacy Act governs the voluntary and compelled disclosure of electronic communications by electronic communications services.
[41] See § 230(c)(1).
[42] See Donato v. Moldow, 865 A.2d 711 (N.J. Super. Ct. 2005).
[43] See Corbis Corporation v., Inc., 351 F.Supp.2d 1090 (W.D. Wash. 2004); see also Global Royalties, Ltd. v. Xcentric Ventures, LLC, 544 F. Supp. 2d 929, 933 (D. Ariz. 2008) (holding that even though a website “encourages the publication of defamatory content,” the website is not responsible for the “creation or development” of the posts on the site).
[44] See Blumenthal v. Drudge, 992 F. Supp. 44 (D.D.C. 1998).
[45] See Carafano v., 339 F.3d 1119 (9th Cir. 2003).
[46] See Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997). Promising to remove content and then declining to do so, however, can expose an interactive computer service to liability. See Barnes v. Yahoo!, Inc., 570 F.3d 1096 (9th Cir. 2009). For more examples of actions likely to be covered under Section 230, see Online Activities Covered by Section 230, Digital Media Law Project, (last updated Nov. 10, 2011).
[47] See, e.g., Jones v. Dirty World Entertainment Recordings, LLC, 2014 WL 2694184 (6th Cir. 2014) (defamation claim preempted by Section 230); Doe v. Friendfinder Network, 540 F. Supp. 2d 288, 302–303 (D.N.H. 2008) (intrusion upon seclusion and public disclosure of private facts claims preempted).
[48] See MCW, Inc. v., LLC, 2004 WL 833595, No. 3:02-CV-2727-G at * 9 (N.D. Tex. April 19, 2004) (the operator of a website may be liable when it is alleged that “the defendants themselves create, develop, and post original, defamatory information concerning” the plaintiff).
[49] See Online Activities Not Covered by Section 230, Digital Media Law Project, (last updated Nov. 10, 2011).
[50] See Fair Housing Council v., LLC, 521 F.3d 1157, 1175 (9th Cir. 2008) (en banc).
[51] See Barnes v. Yahoo!, Inc, 570 F.3d 1096 (9th Cir. 2009).
[52] See Jones v. Dirty World Entertainment Recordings, LLC, 2014 WL 2694184 (6th Cir. 2014).
[53] See Ardia, supra note [[x]], at 411.
[54] See, e.g., Jack M. Balkin, Old-School/New-School Speech Regulation, 127 Harv. L. Rev. 1, 17 (2014) (“Section 230 immunity . . . ha[s] been among the most important protections for free expression in the United States in the digital age. [It] has made possible the development of a wide range of telecommunications systems, search engines, platforms, and cloud services without fear of crippling liability.”).
[55] Id. at 493.

The Espionage Act

Because of the considerable attention given toward the dissemination of classified government information through the documents released by Chelsea Manning and Edward Snowden, and the profound policy implications of both the information they conveyed and the treatment of those who handle and disseminate such documents to the public, special attention should be given to a particular federal crime that implicates the disclosure of classified information. The Espionage Act of 1917 contains many provisions intended to prohibit interference with military operations and protect national security.[107] These include provisions that criminalize obtaining, collecting, or communicating information that would harm the harm the national defense of the United States.[108] This section was used by the United States government to go after the New York Times and Washington Post for their publication of “The Pentagon Papers,” a classified and damning assessment of United States involvement in the Vietnam War.[109] Most recently, it was used to convict former U.S. Army intelligence analyst Chelsea Manning for leaking classified documents to the organization WikiLeaks.[110]

While all federal criminal law includes the possibility for a charge of aiding and abetting another’s violation of the law,[111] the United States has never successfully prosecuted an information intermediary for disseminating classified information under the Espionage Act.[112] Such a theory would present profound First Amendment issues, and ultimately an intermediary may only be found liable if the intermediary bribed, coerced, or defrauded a government employee to disclose classified information.[113]

[107] See 18 U.S.C. §§ 793–798.
[108] 18 U.S.C. § 793(e).
[109] New York Times Co. v. United States, 403 U.S. 713 (1971).
[110] Cora Currier, Charting Obama’s Crackdown on National Security Leaks, Pro Publica, July 30, 2013, <>. Many others have been charged but not ultimately convicted for violating the Espionage Act or conspiracy to violate the Espionage Act.
[111] 18 U.S.C. § 2; see also § 793(g) (“If two or more persons conspire to violate any of the foregoing provisions of this section, and one or more of such persons do any act to effect the object of the conspiracy, each of the parties to such conspiracy shall be subject to the punishment provided for the offense which is the object of such conspiracy.”).
[112] See Emily Peterson, WikiLeaks and the Espionage Act of 1917: Can Congress Make It a Crime for Journalists to Publish Classified Information?, The New Media and the Law Vol. 35 No. 3, Summer 2011, available at <>.
[113] See Geoffrey R. Stone, Government Secrecy vs. Freedom of the Press, 1 Harv. L. & Pol’y Rev. 185, 217. For more on the general First Amendment right to disclose true matters of public concern, see supra notes x-y and accompanying text.


The State as Soft Power – The Intermediaries Around Wikileaks

The following case study is part of a larger report by Harvard’s Berkman Center for Internet & Society called “Online Intermediaries Case Studies Series: Intermediary Liability in the United States.”

By Michael Lambert


The mission of, which launched on October 4, 2006, is to anonymously publish otherwise private or censored documents in order to promote government and corporate transparency across the world.[362] Led by its editor-in-chief Julian Assange, an Australian computer programmer, publisher, and journalist, and largely relying on anonymous sources, WikiLeaks has subsequently been responsible for publicizing several very large leaks of confidential government information.[363] These leaks made WikiLeaks, its employees, and its sources the target of possible criminal liability.[364] But the online intermediaries that provided services, hosted, or supported WikiLeaks also incurred many risks. Although not faced with direct criminal charges, intermediary supporters of WikiLeaks have been forced to confront government pressures and the potential that legal action could be taken against them. Without much guidance from courts or prior business experiences, online intermediaries responded in various ways to these pressures. This analysis of the WikiLeaks case will examine how online intermediaries responded in the wake of WikiLeaks’ dissemination of controversial documents, the United States government’s effect on those responses, and what this case means for the future of online intermediaries.


Beginning in 2007, WikiLeaks made headlines in the United States by independently releasing numerous confidential documents. These leaks included the Standard Operating Procedures of the Guantanamo Bay Prison, reports on Scientology, U.S. military rules of engagement in Iraq, emails from then-Governor of Alaska Sarah Palin, and, most controversially, a video showing two Apache attack helicopters killing two Reuters employees in Iraq.[365] After WikiLeaks released the Iraq video, the United States arrested and charged U.S. army intelligence analyst Chelsea Manning for obtaining and leaking confidential national security information to WikiLeaks in violation of the Uniform Code of Military Justice, which includes the Espionage Act and the Computer Fraud and Abuse Act.[366] The United States later convicted Manning of 20 offenses and sentenced her to 35 years in prison.[367]

After Manning’s arrest, WikiLeaks worked with more established media outlets, such as The New York Times, The Guardian, and Der Spiegel, to release Afghanistan War Diaries and Iraq War Logs in 2010.[368] Then, on November 28, 2010, WikiLeaks and its media partners released 220 United States Embassy Cables to the public.[369] The leaking of thousands of cables, dubbed “Cablegate,” contained confidential internal communications between the U.S. government and various embassies from 1966 to 2010.[370] Although WikiLeaks’ previous releases had earned worldwide attention, Cablegate nevertheless set off unprecedented scrutiny from the public and the government.[371]

After WikiLeaks released the Cablegate memos, the White House immediately issued a statement, stating that “[b]y releasing stolen and classified documents, WikiLeaks has put at risk not only the cause of human rights but also the lives and work of these individuals.”[372] Three days later, on December 1, 2010, United States Senator Joe Lieberman, Chairman of the Senate Committee on Homeland Security, released a statement asking the intermediaries supporting WikiLeaks to end their relationship with WikiLeaks. In Lieberman’s statement, he stated, “I call on any other company or organization that is hosting Wikileaks to immediately terminate its relationship with them. . . No responsible company – whether American or foreign – should assist Wikileaks in its efforts to disseminate these stolen materials.”[373] Lieberman’s staff members also called Amazon to inquire about its hosting of WikiLeaks and the confidential documents.[374]

Legal Liability

At the time of the Cablegate releases, WikiLeaks used various intermediary companies to help it maintain its online presence and financial viability. Amazon hosted on its cloud hosting services, while EveryDNS provided the domain name service. WikiLeaks solicited donations through its website using payment processing services such as PayPal, MasterCard, Visa, and Bank of America. Citizens could also access WikiLeaks content through its many social media platforms and other websites and applications that linked to WikiLeaks material.

In general, these online intermediaries would have legal immunity from most liability under Section 230 of the Communications Decency Act (CDA),[375] but Section 230 of the CDA does not apply to federal criminal law.[376] Therefore, online intermediaries such as Amazon, EveryDNS, Twitter, and PayPal could have potentially been liable under federal statutes, including the Espionage Act[377] and laws against material support for terrorism[378] or treason.[379]

Although the United States convened a grand jury to consider possible charges against WikiLeaks and Assange,[380] the United States Department of Justice has not taken any formal action against WikiLeaks, Assange, or any third party or business associated with the website.[381] In general, the United States has never prosecuted a journalist or an online intermediary for publishing classified information.[382] In the WikiLeaks case, the United States only brought charges under the Espionage Act against Manning, the source of the illegally obtained documents.[383] But the vague language of the Espionage Act leaves open the possibility of charging non-government employees such as journalists, media outlets, and intermediaries.[384] It is difficult to determine exactly who could be found liable under the Espionage Act.[385] Even though the threat looms, the United States continues to suggest it does not plan to charge a publisher or intermediary in connection to WikiLeaks. A legislative attorney wrote that “There may be First Amendment implications that would make such a prosecution difficult, not to mention political ramifications based on concerns about government censorship.”[386]

Those First Amendment implications stem from extensive United States Supreme Court jurisprudence, mostly notably New York Times Co. v. United States,[387] also known as the “Pentagon Papers” case, in 1971 and Bartnicki v. Vopper[388] in 2001. In the “Pentagon Papers” case, the United States Supreme Court held that under the First Amendment government actions to prevent publication, known as prior restraints, receive the most stringent judicial scrutiny and would only be allowed in extremely rare situations.[389] In Bartnicki, the Court extended a principle from the 1979 case of Smith v. Daily Mail Publishing Co.[390] and established that publishing truthful information about a matter of public concern, even if obtained through the illegal activity of a third party, is constitutionally protected unless the government’s restriction on the speech satisfies a “state interest of the highest order.”[391]

Since the relevant documents are truthful, newsworthy, and the intermediaries are not connected to their illegal obtainment, applying the “Pentagon Papers” case and Bartnicki to WikiLeaks, means that the only chance an online intermediary would be held liable and not protected by the First Amendment would be if a Court determined there was a high likelihood that the content released through WikiLeaks would bring immediate and grave harm to the country.[392]

Online Intermediaries React

It was easy for WikiLeaks to initiate relationships with online intermediaries as the website was still developing and relatively uncontroversial, but as soon as governmental attention and pressures began to mount, the intermediaries quickly began disassociating themselves from WikiLeaks. Many of the intermediaries decided to end their relationship with WikiLeaks even though they had clear First Amendment protection.

On December 1, 2010, three days after WikiLeaks published the embassy cables, Amazon removed from its cloud hosting services, citing violations of its terms of service and that the content on WikiLeaks was potentially damaging.[393] After Amazon’s decision, WikiLeaks began using servers in Sweden and France. Two days later, the French company OVH, which was hosting WikiLeaks, went offline after pressure from French Industry Minister Eric Bresson.[394] The Pirate Party in Sweden then became WikiLeaks’ sole hosting service.[395]

EveryDNS, which provided domain name service to WikiLeaks, also denied service to WikiLeaks, claiming WikiLeaks received distributed-denial-of-service (DDoS) attacks that affected other EveryDNS clients.[396] For a period of time, Internet users who typed “” into their URL would not be directed to the website. Some users resorted to typing the IP address of WikiLeaks in order to directly connect to the website.[397] WikiLeaks quickly switched to a domain name service in Switzerland and could be temporarily found via “”[398]

PayPal, an online payment service through which the public could financially support WikiLeaks, suspended its service to WikiLeaks on December 4, 2010.[399] This decision came after the U.S. State Department legal adviser Harold Koh wrote a letter to WikiLeaks stating the website was engaging in illegal activity.[400] In a statement, PayPal said that it suspended the WikiLeaks account because “our payment service cannot be used for any activities that encourage, promote, facilitate or instruct others to engage in illegal activity.”[401] Soon after, MasterCard, Visa, and Bank of America announced they would no longer allow WikiLeaks to accept process payments using their products.[402] This resulted in a 95 percent decrease of donations to WikiLeaks even though the website found some limited funding through other third parties.[403]

Later, in December 2010, Apple removed an iPhone application that allowed users to access WikiLeaks documents.[404] Even though the developer of the app had no direct ties to WikiLeaks, Apple said it removed the app because the app did not comply with local laws and could put people in harm’s way.[405]

Although Amazon, EveryDNS, PayPal, and Apple seemed to make their decisions after soft, indirect government pressures, Twitter, another online intermediary, felt direct pressure from United States courts. On December 14, 2010, the U.S. Department of Justice subpoenaed Twitter for WikiLeaks’ account information.[406] The subpoena, which came with a gag order, requested the user names, addresses, telephone numbers, bank account details, and credit card numbers of five WikiLeaks leaders associated with WikiLeaks’ Twitter account.[407] The subpoena also sought the email addresses and IP addresses for any communications stored on those accounts, which included identifying information of some of the more than 600,000 followers of WikiLeaks’ Twitter page.[408] Twitter successfully appealed the gag order in order to disclose the subpoena to its users, but on November 11, 2011, a U.S. federal judge upheld the subpoena under the Stored Communications Act.[409] Although Twitter was the only social media outlet to publicly contest the subpoenas and gag orders, WikiLeaks claims that similar subpoenas have been issued to Google and Facebook.[410]


Some of the intermediaries publically cited violations of Terms of Use or other contractual violations as why they ended their relationship with WikiLeaks, but pressure from the United States government and threats of criminal liability undoubtedly played a large role.[411] Questions remain as to what these decisions by the intermediaries tell us about the relationship between the United States government and online intermediaries and what it means for the future of the Internet and free speech.

The WikiLeaks case is an example of how the United States government censored potential Internet content through extralegal means. Although the law did not empower the government to stop the intermediaries from associating with WikiLeaks, the soft power of the government led to the suppression of speech by limiting the means in which the content could reach the public. The government’s influence stemmed, for at least the time being, the dissemination of WikiLeaks materials. Just as traditional print media relied on common mail carriers to transmit newspapers, so do modern-day online media outlets rely on online intermediaries for distribution and spreading of their content. Instead of the government, private companies who maintain the Internet’s infrastructure are increasingly often the gatekeepers of which messages are allowed to freely flow online.[412] If the United States government, through extralegal avenues, is able to control online intermediaries by skirting the limits of the Constitution, the government, in turn, is able to stifle online speech without running afoul of the First Amendment. Although practical considerations are of course a major obstacle, truly guaranteeing free speech online will require an Internet free from of government censorship in conjunction with a robust private infrastructure that supports free speech.[413]

What, If Anything, Can be Done?

Since online intermediates are private companies and are not constrained by the limits of the Constitution, they are only governed by the contracts they sign with their customers. As a result, the terms of service controlling online speech end up being stricter than restrictions on public speech. There are limited options for WikiLeaks or other disseminators of online speech to fight against suppression by intermediaries. WikiLeaks could sue the intermediary for wrongful denial of service, arguing there is an implied contractual obligation to not withhold service unreasonably or without good faith.[414] WikiLeaks could also sue the government for tortuous interference with contractual relations, but it would be difficult to prove that government intervention caused the intermediary to break the contract with WikiLeaks.[415]

Without the power of law encouraging intermediaries to keep freedom of expression robust on the Internet, one of the only remaining influences over the intermediaries is the power of the consumer. If public backlash is strong enough, intermediaries may think twice about refusing service to organizations like WikiLeaks. This is difficult because of the layers of secrecy between the government and the intermediaries that restrict disclosures to the public. For example, it was only after Twitter appealed the gag order that the public found out about the subpoenas it received from the government. This earned praise from many organizations and users of the social networking website.[416] The United States government submits more than 50,000 subpoenas each year, known as national security letters, with gag orders that prevent revealing to the public what the subpoenas seek or even that the subpoenas exist.[417] These gag orders stifle public debate on the topic of national security letters. If the public does not know what is going on between the intermediaries and the government, the public will not be able to put pressure on intermediaries.

Why Only WikiLeaks?

The WikiLeaks case study also brings up the question of why the intermediaries disassociated themselves from but not the other websites that were distributing the same material. The Cablegate documents that caused the intermediaries to separate themselves from WikiLeaks were not uniquely posted on; they were also available on the websites of The New York Times, The Guardian, and Der Spiegel.[418] Nevertheless, the intermediaries did not change their policies related to the more established press entities. The intermediaries drew a line between the established press and WikiLeaks, a website who claims to be part of the press but is often cast as “rogue” or anti-American.[419] Although the Constitutional protections given to WikiLeaks and the other outlets are largely the same,[420] the decisions by the intermediaries showed a clear difference in policy between the intermediaries and WikiLeaks and the intermediaries and other media outlets.[421] For whatever reason this policy difference exists – possibly due to differences in organizational structure, technology, or the intent of WikiLeaks compared to the established press – this stark difference in treatment puts online ventures, especially ones not conforming to traditional norms or paradigms, e.g. “the press”, at a greater risk than traditional media outlets.[422] This disparate treatment undermines the quality of our public disclosure and weakens the important function of the newly developing fourth estate in the networked information society.[423]

What Will the Impact be on Economics, Social Progress, and Innovation?

There are several different downstream consequences of the WikiLeaks case study. After seeing Amazon, EveryDNS, PayPal, and Apple bow to government pressure, online intermediaries faced with similar dilemmas will more easily make the same decision. If and when future online intermediaries are approached with the question of whether to support OIs that are publishing questionable material, especially confidential national security material, an example has already set by some of the most powerful intermediaries in the country. Additionally, the outcome of its efforts with respect to WikiLeaks surely reassures the United States government that pressuring private companies yields successful results, which will only encourage similar pressure in the future. Finally, it may chill the speech of other online speakers who may think twice about voicing their opinion online for fear their speech will be suppressed by the intermediaries.


[362] About: What is Wikileaks?, (June 27, 2014, 12:45 PM),
[363] Yochai Benkler, A Free Irresponsible Press: Wikileaks and the Battle over the Soul of the Networked Fourth Estate, 46 Harv. C.R.-C.L. L. Rev. 311 (2011).
[364] Id. at 313.
[365] Id. at 316–26.
[366] WikiLeaks: Bradley Manning Faces 22 New Charges, CBS News, (June 27, 2014, 12:58 PM),
[367] Charlie Savage & Emmarie Huetteman, Manning Sentenced to 35 Years for a Pivotal Leak of U.S. Files, The New York Times, Aug. 21, 2013, available at
[368] See Benkler, supra note 2, at 323–325.
[369] Id. at 326–329.
[370] Id.
[371] Id.
[372] Jennifer K. Elsea, Criminal Prohibitions on the Publication of Classified Defense Information, Congressional Research Service, Sept. 9, 2013, available at
[373] See Benkler, supra note 2, at 339.
[374] Julie Adler, The Public’s Burden in a Digital Age: Pressures on Intermediaries and the Privatization of Internet Censorship, 20 J.L. & Pol’y 231, 239 (2011).
[375] See 47 U.S.C. §§ 230(c)(1) (1996). “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.”
[376] See 47 U.S.C. §§ 230(e)(1) (1996).
[377] See 18 U.S.C. §§ 37.
[378] See 18 U.S.C. §§ 2339(A), (B). See also Charles Doyle, Terrorist Material Support: An Overview of 18 U.S.C. 2339A and 2339B, Congressional Research Service, July 19, 210, available at
[379] See 18 U.S.C. §§ 2381.
[380] See Ed Pilkington, WikiLeaks: US Opens Grand Jury Hearing, The Guardian, (May 11, 2011),
[381] See Elsea, supra note 11, at 16
[382] See Geoffrey R. Stone, Government Secrecy vs. Freedom of the Press, 1 Harv. L. & Pol’y Rev. 185, 197, 204 (2007).
[383] Among other charges, the United States convicted Manning of 18 U.S.C. §§ 793(e) of the Espionage Act, which states that: “[w]hoever having unauthorized possession of, access to, or control over any document . . . or information relating to the national defense which information the possessor has reason to believe could be used to the injury of the United States or to the advantage of any foreign nation, willfully communicates, delivers, transmits . . . to any person not entitled to receive it . . . Shall be fined under this title or imprisoned not more than ten years, or both.”
[384] See Stone, supra note 21.
[385] See Emily Peterson, WikiLeaks and the Espionage Act of 1917: Can Congress Make It a Crime for Journalists to Publish Classified Information?, The New Media and the Law Vol. 35 No. 3, Summer 2011, available at Steven Aftergood, director of the Project on Government Secrecy for the Federation of American Scientists, said “The Espionage Act is so vague and poorly defined in its terms, that it’s hard to say exactly what it does and does not cover.” Id.
[386] See Elsea, supra note 11, at 16.
[387] New York Times Co. v. United States, 403 U.S. 713 (1971). The United States filed an injunction against The New York Times, demanding the newspaper stop publishing the Pentagon Papers that detailed military operations and secret diplomatic negotiations of the Vietnam War obtained through an employee of the Defense Department.
[388] Bartnicki v. Vopper, 532 U.S. 514 (2001). Bartnicki involved punishment of a radio station after it published an audio recording in violation of the Electronic Communications Privacy Act.
[389] New York Times Co., 403 U.S. at 714.
[390] Smith v. Daily Mail Publ’g Co., 443 U.S. 97, 104 (1979).
[391] Bartnicki, 532 U.S. at 534.
[392] See Stone, supra note 21, at 202. Historical examples of content that would likely bring immediate and grave danger to the nation were “the sailing dates of transports” or “locations of troops” in wartime. Id. Stone points out that the content would likely have to instantly endanger American lives and not meaningfully contribute to public debate. Id. at 203. “[T]he reason for protecting the publication of the Pentagon Papers was not only that the disclosure would not ‘surely result in direct, immediate, and irreparable damage’ to the nation, but also that the Pentagon Papers made a meaningful contribution to informed public debate.” Id.
[393] See Benkler, supra note 2, at 339.
[394] Id. at 340.
[395] Id.
[396] Id.
[397] Id.
[398] Id.
[399] Id. at 341.
[400] Id. at 340.
[401] Jonathan Haynes, PayPal Freezes WikiLeaks Account, The Guardian, Dec. 4, 2010,
[402] See Benkler, supra note 2, at 340.
[403] Mia Shanley, WikiLeaks Claims Victory as Credit Card Donations Flow Again, Reuters, July 3, 2013,
[404] Miguel Helft, Why Apple Removed a WikiLeaks App from Its Store, The New York Times, (Dec. 21, 2010 12:29 PM),
[405] Id.
[406] Scott Shane & John F. Burns, U.S. Subpoenas Twitter Over WikiLeaks Supporters, The New York Times, Jan. 8, 2011, available at
[407] Id.
[408] Id.
[409] Zack Whittaker, U.S. Judge Upholds Twitter Subpoena of WikiLeaks’ Followers, ZDNET, (Nov. 11, 2011, 1:42 PM),
[410] Shane & Burns, supra note 45.
[411] See Benkler, supra note 2, at 314.
[412] See Adler, supra note 13, at 237.
[413] Id. at 253.
[414] See Benkler, supra note 2, at 367.
[415] Id. at 367–370.
[416] Ryan Singel, Twitter’s Response to WikiLeaks Subpoena Should Be the Industry Standard, Wired, Jan. 11, 2011, available at <>.
[417] Noam Cohen, Twitter Shins a Spotlight on Secret F.B.I. Subpoenas, The New York Times, Jan. 9, 2011, available at <> partner=rss&emc=rss&_r=0.
[418] See Benkler, supra note 2, at 326.
[419] Id. at 385–396.
[420] See Branzburg v. Hayes, 408 U.S. 665 (1972). See also Citizens United v. Federal Election Commission, 558 U.S. 310 (2010). “We have consistently rejected the proposition that the institutional press has any constitutional privilege beyond that of other speakers.”
[421] See Benkler, supra note 2, at 358.
[422] Id.
[423] Id. at 362.