This Article considers one of the challenges of this evolution: the role of intermediaries’ liability for the harm they cause to users. All online interactions are conducted through intermediaries—the routers, servers, applications, services, and switches that make up the Internet’s “core.” In the era of the trust-based Internet, intermediaries were largely passive participants in the technological ecosystem. This limited both the harm they could cause and the basis for liability against them. In today’s Internet, intermediaries are increasingly active; they make real-time decisions about how to handle user data, and they have the ability to store or share that data for private purposes. In the post-trust Internet, intermediaries can cause real harm. Without trust, it remains unclear which institutions, if any, safeguard users from such harm.
This Article proceeds in four parts. Part I considers the role of trust in the early Internet, how the evolving Internet is moving away from this trust-based model, and how the loss of trust affects and limits online institutions. Part II looks to how other institutions function absent trust. Part III considers the limitations and lessons from these standard approaches and synthesizes them into a set of principles for establishing intermediaries’ liability.