Section 230 Shields Zoom From ‘Zoombombing’ Lawsuit, Judge Rules

LOS ANGELES—About a year ago, as large portions of the global population went into some form of quarantine due to the COVID-19 pandemic, the videoconferencing app Zoom saw a massive surge in users. From traffic of about 10 million users per day in December of 2019, Zoom surged to about 200 million per day in March of 2020, as pandemic-related shutdowns took hold. But with the increase in traffic also came a new phenomenon known as “Zoombombing.”

Last week, a federal judge dismissed most of a lawsuit against Zoom over Zoombombing, citing Section 230 of the 1996 Communications Decency Act as protection for Zoom against the lawsuit’s claims.

In the early stages of the pandemic, and the surge in Zoom’s popularity, significant security flaws in the app allowed hackers to intrude on otherwise private Zoom meetings and conferences — including government meetings, religious services, and children’s online schooling — blasting unwanted porn and other unsolicited images into those meetings. This type of hacking was quickly given the label “Zoombombing.”

Zoom was quickly hit with a parade of lawsuits by angry users who wanted Zoom help liable for the intrusions into their videoconferences. Many were consolidated into a class action lawsuit — and most provisions of that lawsuit were dismissed by Judge Lucy Koh of the UNited States Northern District of California, due to Section 230 protections.

Section 230 is the 25-year-old law widely considered the “First Amendment of the Internet,” that gives online platforms immunity from lawsuits or prosecution over content posted by users. The law is especially critical for the adult industry, which would likely face widespread online censorship without Section 230 protections.

To qualify for Section 230 protections, a platform must have no involvement in creating the user content, and it must be able to be defined as an “interactive computer service. Judge Koh ruled that Zoom met both of those requirements. The users who committed the acts of Zoombombing were clearly third-parties, so Zoom’s Section 230 defense met the first criteria easily.

As to whether Zoom qualifies as an “interactive computer service,” Koh stated that the definition of an ICS is “expansive,” and includes platforms such as Zoom which “transmits and displays video, audio, and written content.” 

“Zoom’s failure to edit or block user-generated content is the very activity Congress sought to immunize” when it passed Section 230, Koh states in her ruling. “The bulk of plaintiffs’ Zoombombing claims lie against the ‘Zoombombers’ who shared heinous content, not Zoom itself.”

But Section 230 does not apply to the lawsuit’s claims that Zoom failed to honor its contract with users to protect their privacy, because contractual claims “are independent of Zoom’s role as ‘publisher or speaker,’” Kohn ruled. 

Koh did not rule on the merits of the case, however, only on whether or not the lawsuit can continue. As a result of her ruling, the plaintiffs can rewrite their suit to focus only on the narrow claim of breach of contract, an area to which Section 230 does not apply.

Photo By Coolcaesar / Wikimedia Commons