Under current US law, digital services and platforms like Facebook and Twitter are protected from liability for the content that users post to their networks, so they can’t be sued for defamation or libel. This somewhat controversial feature was introduced with the Communications Decency Act of 1996, and states that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” But one dissatisfied user of a digital service—in this case, Grindr, a hook-up app for gay men—is trying to find a way around that protection, with a lawsuit against the company that is currently working its way through a New York appeals court. If he wins, some believe it could open the door for similar lawsuits against virtually any digital service, including Facebook.

Matthew Herrick, a restaurant worker and actor from New York, says Grindr allowed a former boyfriend to harass him repeatedly via the network, creating multiple fake profiles and then sending men looking for sex to his home and place of work. Herrick, who launched his lawsuit in April of 2017, says the abuse started in 2016 and continued for months, and he reported it to the police multiple times, and even got a restraining order. In most cases, Section 230 of the CDA would protect Grindr from liability for that kind of behavior. But Herrick and his lawyers are arguing that the abuse and invasion of privacy he experienced means the Grindr app is essentially broken and/or dangerous, so they’re using laws that were designed to protect users from defective products, like a malfunctioning weed-whacker or cans of paint that poisoned users because they contained too much lead. The lawsuit alleges that Grindr was negligent in creating an app that is “defectively designed” and “fundamentally unsafe,” adding:

“This is a case about a company abdicating responsibility for a dangerous product it released into the stream of commerce. Grindr’s inaction enables the weaponization of its products and services.”

This seems very similar to the kinds of criticisms that are routinely aimed at Facebook: that the company has not taken responsibility for the damage it caused by hosting misinformation from Russian troll factories, and that the network allows malicious actors of all kinds to “weaponize” its services. But does the Herrick lawsuit have any chance of succeeding? There’s some debate about that in legal circles. One law professor who specializes in product liability told NBC that while such laws are usually associated with physical goods and machinery, it might be possible to expand the meaning of the law to include services like Grindr. A lower New York court didn’t agree however: the case was initially thrown out in January, at which point a judge said “to the extent Herrick has identified a defect in Grindr’s design, it is inextricably related to Grindr’s role in editing or removing offensive content – precisely the role for which Section 230 provides immunity.”

ICYMI: Magazine’s star reporter caught making up sources

One interesting aspect of the case, according to lawyer Fred Jennings (who was a co-counsel on Herrick’s case and now works for Github), is that while Section 230 protects platforms like Facebook or Grindr against liability for the posts of their users, it’s still unclear whether they are protected against lawsuits that involve location data, which is provided automatically. Since the harm that Herrick is suing over is related to Grindr giving away his location, it’s possible that a court could see this as different from a typical defamatory post to a social networking site. And if the court opens this door, someone would likely argue that Facebook should also be liable—not for user posts, but possibly for giving away people’s data without their specific consent, or for not placing stricter controls on what outside agencies like Cambridge Analytica could do with it.

Sign up for CJR 's daily email

Technology companies and some non-profit groups, including the Electronic Frontier Foundation, have argued that opening the door to lawsuits like Herrick’s would cripple digital platforms, and would represent an end-run around the free-speech protections of Section 230. The EFF says in its brief that if Herrick wins, it could “severely curtail free expression online.” But the case also has some supporters, including the Electronic Privacy Information Center, which filed a brief in support of his case. The group argues that nothing in Section 230 allows internet platforms such as Grindr to ignore rampant abuse on its network. Congress enacted the law to promote the Internet as a source of educational resources, EPIC says, “not to give platforms carte blanche to ignore harassment and abuse.”

Herrick’s lawyer Carrie Goldberg, meanwhile, argues that Section 230 has been interpreted much too broadly by the courts in the past, and that it gives tech companies license to do almost anything without facing legal liability. “These companies have run amok with no fear of ever being sued by users,” she writes in a post on her firm’s website. “It’s why Facebook had no legal responsibility when the Russians hacked our elections. Why are we allowing the most powerful and omniscient companies to get away with never facing courts for the ills they cause?” If Herrick is successful, it could give Facebook critics just the legal opening they’ve been looking for.

ICYMI: How a problematic NYT article shows how newsrooms are out of touch with the communities they cover

Has America ever needed a media watchdog more than now? Help us by joining CJR today

Mathew Ingram is CJR’s chief digital writer. Previously, he was a senior writer with Fortune magazine. He has written about the intersection between media and technology since the earliest days of the commercial internet. His writing has been published in the Washington Post and the Financial Times as well as by Reuters and Bloomberg.