A cert petition now pending at the Supreme Court forces a question the internet industry has spent three decades avoiding: does Section 230 immunize a platform that knowingly keeps child sexual abuse material online after reviewing it? In John Doe 1 v. Twitter, No. 25-949, the petitioners say the answer must be no. They have a stronger case than the platform-defense reflex tends to admit — and the right way to act on it is a calibrated statutory carve-out, not the open-ended judicial exception they are asking for.
What the Ninth Circuit Actually Held
The facts are ugly and largely undisputed. Two minors were trafficked, and CSAM depicting them spread on Twitter. When one victim and his mother reported it, Twitter replied: "We've reviewed the content, and didn't find a violation of our policies, so no action will be taken at this time." The material reportedly came down only after a Department of Homeland Security agent intervened.
On August 1, 2025, the Ninth Circuit nonetheless held Twitter immune. It ruled that the plaintiffs' claims under the federal child-pornography statutes (18 U.S.C. §§ 2252A, 2255) "hinge on Twitter's role as a publisher of third-party content," and that a decision about whether to remove user material is "quintessential publishing activity" — therefore, in the court's framing, perforce immune under Section 230 (Ninth Circuit opinion; Goldman analysis). The panel separately rejected the FOSTA/§ 1591 sex-trafficking theory, holding that failing to remove known illegal content is not the "affirmative conduct" that statute requires.
The Steelman for the Petitioners
Here is the strongest version of their argument, and it deserves to be stated fairly. Knowing possession and distribution of CSAM is a federal crime, full stop. Section 230(c)(1) was written to protect editorial decisions about lawful third-party speech — not to convert "we looked at the contraband and chose to keep it up" into a protected publishing judgment. When a company affirmatively reviews flagged child-abuse imagery, confirms it, and files it under "no action," the petitioners argue, it has crossed from hosting speech to possessing contraband, and immunity built for the former should not extend to the latter (cert petition). Senator Josh Hawley's amicus brief, filed March 12, 2026, presses the same point: Congress never meant to immunize knowing complicity in child exploitation (Hawley amicus). The scale is not theoretical: NCMEC's CyberTipline logged 20.5 million reports and 62.9 million files in 2024 alone (Thorn).
That is a serious argument, and a publication that believes in proportionate regulation should say so plainly. CSAM is the one category where "the platform decides what to allow" carries no free-speech value whatsoever. There is no protected expression in a child-abuse image, and no innovation interest in hosting one.
Why the Statute Already Points to a Narrower Answer
The key point the broad-carve-out advocates skip is that Section 230 already excludes this conduct from immunity where it matters most. Section 230(e)(1) expressly preserves all federal criminal law. The Department of Justice can prosecute a platform for knowing possession or distribution of CSAM today; Section 230 is no defense to a federal indictment. Separately, 18 U.S.C. § 2258A already obligates providers to report apparent CSAM to NCMEC and preserve it. The gap Doe exposes is narrow and specific: civil liability for victims, not criminal accountability for companies.
That distinction matters for how the Court should rule. The petitioners are asking the Justices to read a "knowing distribution" exception into § 230(c)(1) by interpretation. The risk is that a vaguely drawn knowledge standard becomes a litigation lever against the moderation that actually protects users. Platforms reviewed an estimated tens of millions of reports last year; if every "we looked and declined to remove" decision can be recast as "knowing" distribution of whatever a plaintiff later proves illegal, the rational response is to over-remove lawful speech and under-invest in the human review that catches edge cases. That is the heckler's veto Section 230 was designed to prevent — and it would hit small platforms, which cannot absorb the litigation, far harder than it hits X.
The Proportionate Path
The better fix is the one Congress is already circling. A statutory carve-out — in the mold of FOSTA-SESTA but tied to the existing federal CSAM definitions and an actual-knowledge-plus-failure-to-report trigger — would give victims a civil remedy precisely where a provider confirmed the material and sat on it, without handing every disgruntled litigant a knowledge-based theory against ordinary moderation. The pending STOP CSAM Act debate is the right venue for drawing that line, because Congress can define the mental state, the safe harbor for good-faith reporting, and the damages with a precision the Court cannot.
If the Justices take the case, the cleanest holding is the modest one: Section 230(c)(1) does not immunize a provider's own knowing possession of contraband it has reviewed and confirmed, as distinct from its publishing decisions about lawful third-party speech. That tracks the statute's text, preserves the immunity that keeps the open internet open, and still lets the Does into court. The error would be a sweeping rule that treats every moderation call as potential complicity. Twitter's "no action will be taken" deserves scrutiny. The rest of the internet's good-faith moderation does not deserve to be collateral damage.