Section numbers of federal statutes rarely stir the soul, but one of them, 230, stirs up much fear, for it has seemed to justify censorship. Relying on it, tech companies including Google and Twitter increasingly pull the plug on disfavored posts, websites and even people. Online moderation can be valuable, but this censorship is different. It harms Americans’ livelihoods, muzzles them in the increasingly electronic public square, distorts political and cultural conversations, influences elections, and limits our freedom to sort out the truth for ourselves.

But does the 1996 Communications Decency Act really justify Big Tech censorship? The key language, Section 230(c)(2), provides: “No provider or user of an interactive computer service shall be held liable on account of . . . any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected.” The companies take this as a license to censor with impunity.

That understanding is questionable. Law is rarely as clear-cut as a binary switch. To be sure, courts emphasize the breadth of Section 230’s immunity for website operators. But there is little if any federal appellate precedent upholding censorship by the big tech companies. The question therefore comes down to the statute itself. The answers should give pause to the companies and courage to those they’ve censored.

The fundamental problems are constitutional—the first concerning the Commerce Clause. Congress’s authority to enact Section 230 may seem indisputable because the Supreme Court has, since the New Deal, adopted an almost open-ended view of Congress’s power to regulate interstate commerce. Yet congressionally emboldened censorship poses unique questions.

Originally, the Constitution’s broadest protection for free expression lay in Congress’s limited power. James Wilson reassured Americans in 1787—four years before the First Amendment’s ratification—that “a power similar to that which has been granted for the regulation of commerce” was not “granted to regulate literary publications,” and thus “the proposed system possesses no influence whatever upon the press.”

The expansion of the commerce power to include regulation of speech is therefore worrisome. This is not to dispute whether communication and information are “commerce,” but rather to recognize the constitutional reality of lost freedom. The expansion of the commerce power endangers Americans’ liberty to speak and publish.

That doesn’t necessarily mean Section 230 is unconstitutional. But when a statute regulating speech rests on the power to regulate commerce, there are constitutional dangers, and ambiguities in the statute should be read narrowly.

A second constitutional question arises from the First Amendment. The companies brush this aside because they are private and the amendment prohibits only government censorship. Yet one must worry that the government has privatized censorship. If that sounds too dramatic, read Section 230(c)(2) again. It protects tech companies from liability for restricting various material “whether or not such material is constitutionally protected.” Congress makes explicit that it is immunizing companies from liability for speech restrictions that would be unconstitutional if lawmakers themselves imposed them.

Seventeenth-century censorship, which the First Amendment clearly prohibited, was also imposed largely through private entities, such as universities and the Stationers’ Company, England’s printers trade guild. Whereas privatized censorship then was often mandatory, the contemporary version is voluntary. But the tech companies are protected for restricting Congress’s list of disfavored materials, and this means that the government still sets the censorship agenda.

Some of the material that can be restricted under Section 230 is clearly protected speech. Consider its enumeration of “objectionable” material. The vagueness of this term would be enough to make the restriction unconstitutional if Congress directly imposed it. That doesn’t mean the companies are violating the First Amendment, but it does suggest that the government, in working through private companies, is abridging the freedom of speech.

This constitutional concern doesn’t extend to ordinary websites that moderate commentary and comments; such controls are their right not only under Section 230 but also probably under the First Amendment. Instead, the danger lies in the statutory protection for massive companies that are akin to common carriers and that function as public forums. The First Amendment protects Americans even in privately owned public forums, such as company towns, and the law ordinarily obliges common carriers to serve all customers on terms that are fair, reasonable and nondiscriminatory. Here, however, it is the reverse. Being unable to impose the full breadth of Section 230’s censorship, Congress protects the companies so they can do it.

Some Southern sheriffs, long ago, used to assure Klansmen that they would face no repercussions for suppressing the speech of civil-rights marchers. Under the Constitution, government cannot immunize powerful private parties in the hope that they will voluntarily carry out unconstitutional policy.

Perhaps judges can avoid the constitutional problem, but this will be more difficult if they read Section 230(c)(2) broadly. The tech companies can’t have it both ways. If the statute is constitutional, it can’t be as broad as they claim, and if it is that broad, it can’t be constitutional.

The statute itself also poses problems for Big Tech. The first question is what Section 230(c) means when it protects tech companies from being “held liable” for restricting various sorts of speech. This is widely assumed to mean they can’t be sued. But the word “liable” has two meanings.

In a civil suit, a court must first consider whether the defendant has violated a legal duty or someone else’s right and is therefore legally responsible. If the answer is yes, the court must decide on a remedy, which can include damages, injunctive relief and so forth. The term “held liable” as used in Section 230(c) can fall into either category. Thus, the protection of tech companies from being “held liable” may merely mean they can’t be made to pay damages, not that they can’t be held responsible and subjected to other remedies. The former interpretation seems more plausible, if only because a mere ambiguity seems a weak basis for barring a vast class of plaintiffs from recourse to the courts on a matter as central as their speech.

After protecting tech companies from being held liable, the statute recites: “No cause of action may be brought and no liability may be imposed under any State or local law that is inconsistent with this section.” This clause, Section 230(e), may seem to vindicate the companies, but it distinguishes between a “cause of action” and “liability” and thereby clarifies the ambiguity. Evidently, when Section 230(c) protects tech companies from being held liable, it does not generally immunize them from causes of action. It merely protects them from “liability” in the sense of damages.

To be sure, when a company is sued for damages, Section 230(e) bars not only the imposition of such liability but also the underlying cause of action. But the statute apparently protects tech companies only from being sued for damages, not for other remedies.

Another question concerns the “material” that the companies can restrict without fear of being sued for damages. Section 230(c) protects them for “any action voluntarily taken in good faith to restrict access to or availability of material” of various sorts. Even before getting to the enumerated categories of material, it is important to recognize that the statute refers only to “material.” It says nothing about restricting persons or websites.

To be sure, the statute protects the companies for “any action” restricting the relevant material, and if taken literally “any action” could include various nuclear options, such as barring persons and demonetizing or shutting down websites. But the term “any action” can’t be taken to include actions that restrict not only the pertinent material but also other things. ”Any action” has to be focused on such material.

The statute, moreover, requires that such action be taken “in good faith.” At common law, that can mean not acting with the effect of destroying or injuring the rights of others and, more specifically, not acting disproportionately to terminate relations. The statute thus doesn’t protect the companies when they take disproportionate action against material, let alone when they unnecessarily restrict other things, such as websites and persons.

What is in good faith for a website may be different from what is in good faith for a tech company that operates like a common carrier or public forum. But at least for such tech companies, the statute’s focus on “material”—combined with the requirement of “good faith”—stands in the way of any categorical protection for suppressing websites, let alone demonetizing them or barring persons.

What does this mean in practice? Even if a company technically can’t bar some material without taking down the entire website, it at least must give the operators an opportunity to remove the objectionable material before suppressing the website altogether. As for demonetizing sites or barring persons, such actions will rarely if ever be necessary for restricting material.

Such is the statute’s text. If you nonetheless want large common-carrier-like companies to go beyond “good faith” actions against “material,” pause to consider a little history, if only as a reality check about the proportionality of your desires. Even the Inquisition gave heretics formal opportunities to recant. And even the Star Chamber required its private censors to bar offensive material, not authors.

The next question is viewpoint discrimination. Section 230(c) specifies protection for restricting “material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable.” The companies understand this to include nearly anything to which they object.

But Section 230(c) enumerates only categories of content, not viewpoints. The distinction between content and viewpoint is crucial in free-speech law: Government can’t discriminate against disfavored viewpoints even when regulating unprotected speech such as “fighting words.” It is therefore telling that the list focuses on content. One may protest that “otherwise objectionable” could include objectionable viewpoints. But it is obviously a catchall, and following a list of types of content, it would seem to refer only to additional objectionable content.

The tech companies could argue that the catchall is still ambiguous. But at stake is viewpoint discrimination by vast companies that are akin to common carriers, whose operations function as public forums, and that are carrying out government speech policy. Are we really to believe that a mere ambiguity should be interpreted to mean something so extraordinary?

Section 230’s text offers the tech companies less shelter than they think. It protects them only from damage claims and not at all when they go beyond a constitutional reading of the statute.

The implications are far-reaching. As litigation comes before the courts, they will have to decide the limits of Section 230 and the lawfulness of privatized censorship. In the meantime, some state legislatures will probably adopt civil-rights statutes protecting freedom of speech from the tech companies. Recognizing that such legislation isn’t barred by Section 230, lawmakers in several states are already contemplating it. One way or another, Section 230 does not, and will not, bar remedies for government privatization of censorship.