Some Web site operators are complaining that Google is flagging their sites as containing malicious software when they believe their sites are harmless.

At issue is an interstitial page that Google presents when a user clicks on a search result link to a site that Google believes contains malware. The page cautions users with the words “Warning – visiting this web site may harm your computer!” Google does not block access to the site, but a user must manually type in the Web site address to continue.

Website operators, who think they were flagged mistakenly and want the decision to be reviewed, can appeal by sending an e-mail to stopbadware.org*, a central clearinghouse for research on badware.

Browsing through some of the complaints on the stopbadware discussion list gives an (of course merely anecdotal) overview of what people expect from Google in this case: the right to be heard before being flagged, a fast and efficient appeals process, a fair trial for their site, and transparency about the process by which Google arrived at its decision.

This language sounds familiar to lawyers. It is the language of “due process,” a set of mostly procedural safeguards to ensure fundamental fairness whenever the government encroaches on a person’s basic rights to life, liberty, or property. As a constitutional principle, due process only applies to state action. Google, however, is a private company. So what’s the point?

The point is that, under certain circumstances, people seem to have the same normative expectations of private intermediaries as of the state. In this case, it is the perceived adjudicative power of a leading search engine, balancing competing values like freedom of speech and security in its flagging decisions. In other cases, it may be rather the legislative and executive constraints embedded in code that make people suspicious.

So even though it is crystal clear that traditional due process doctrine does not generally apply to private information intermediaries: Is there a need to translate this constitutional value into cyberspace? What would “due process” look like in the networked information economy? If it is true that we all have more of a voice on a read/write Internet, isn’t it all about transparency? Or do we need more restrictive safeguards against concentrations of power in code?

Maybe we can even learn from the law when trying to define a normative benchmark for recommendation systems like the Google badware warnings.

[* Disclaimer: Even though the OII is a co-sponsor of stopbadware.org, I am not personally involved in this project and only speak for myself.]