What are the possible copyright and other legal issues faced by an individual in the US running a Mastodon server?

Question

What are the possible copyright and other legal issues faced by an individual in the US running a Mastodon server?

The social network Mastodon https://en.wikipedia.org/wiki/Mastodon_(social_network) has become very popular in the past few months as a possible alternative to Twitter, and there are some important differences between the two services: Twitter is a centralized, corporate-based commercial service, running datacenters in different countries, but operated as one service. Mastodon is decentralized and is run on any number of commercial and private servers by individuals and organizations located in different countries, and server administrators can have little or no formal relationship with other administrators. (The Mastodon software is free and open source and there are no copyright issues with using or modifying the software itself.)

Twitter is a for-profit business which has a legal team, a corporate structure to protect employees and assets, and insurance for civil claims. Mastodon administrators may or may not be organized under a corporate structure or have insurance for civil clams.

One possible source of copyright issues is that Individual Mastodon servers share posts and content by being "Federated," meaning being members of relays that share content between independent servers. This means that content by users who have accounts on other Mastodon servers around the world can appear in the timelines of users on any other independent server, and some of that content my be "cached" or stored on those Federated servers.

For the sake of this question, the Mastodon instance owner - who is an individual and who runs a server in the US and has the sole account and is the administrator of the server - will be referred to as AMastodonAdmin. The Mastodon instance run by AMastodonAdmin will be referred to as MyMastodonInstance.

Can AMastodonAdmin legally "ban" or block users (and their content) who have accounts and post on other servers but their content is shown on MyMastodonInstance by Federation? Can AMastodonAdmin ban users for any reason? Does AMastodonAdmin need a TOS that outlines reasons for user bans and blocks?

Is a AMastodonAdmin liable for copyright infringement committed by users who have accounts and post the copyrighted content on other servers which is then Federated to (and in some instances cached on) MyMastodonInstance?

Does AMastodonAdmin running MyMastodonInstance in a US datacenter need to be aware of GDPR https://gdpr.eu/ ? Does AMastodonAdmin need to respond to requests by EU members whose posts were federated to MyMastodonInstance?

Answer 1

To the extent that Admin is running a business rather than a free relay server, Admin will have various legal concerns. As I understand the system as you describe it, a user uploads some content to a machine, operated by AMastodonAdmin, which then makes that content available to others. W.r.t. US law, the admin needs to be concerned with a number of things. Copyright violation is one: he may get sued for contributory infringement. The DMCA safe harbor provision reduce the risk, if complied with. Defamation is another potential issue (a publisher is liable for damages under defamation law, as well as the author). "Section 230" may provide protection, but there is a large body of case law mentioned in there that would heave to be taken into consideration – and two upcoming Supreme Court cases. (Basically, Section 230 says that "No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider").

The administrator has a property right to include / exclude anyone they want to, on their machine, except that a contract between Admin and User might limit his right. A TOS is a contract, which typically says "You can use my machine in a specific way as long as you follow these rules". Requiring payment in exchange for access limits Admin's right to do whatever they want. For free-access systems, there is typically a clause saying "we can kick you off if we want", though also implying that they will only kick you off for a specific action ("violating community standards").

In order to legally receive content from User, you need permission from User to redistribute their intellectual property (therefore a TOS is virtually mandatory). This would include a warranty from User that they have the right to upload whatever they do upload, granting a correct license to Admin (read the Stack Exchange TOS), and while you are at it, you should say explicitly that if a user misbehaves, they can be banned. Silence is legally problematic, compared to explicit permission or prohibition, because then there may be a long legal wrangle over whether lack of prohibition is implicit permission.

Admin technically should care about GDPR, though enforcement may make this a non-issue. A US company operating as Admin would have a real concern with GDPR, but a guy running a free basement server, having no ties to the EU, might ignore GDPR, the same way they might ignore some other nation's law against apostacy.