I'm not a lawyer, but I ran a large (millions of users) online UGC property for a big company, and here are some thoughts:
- If your servers and employees are in the US then there is almost nothing that foreign governments can do, and if you are a small company with a small user base with no money changing hands in their country then there is very little they will try to do. The trickiest problems internationally in my experience are privacy laws in Europe (esp. Germany) and anti-crime laws setting data recording/retention standards for some types of internet services (esp. the UK). Easiest answer at first is to keep your stuff in the US until it is worth the trouble.
- This blog post is an excellent, pragmatic summary of other issues: http://www.avvo.com/legal-guides/ugc/social-media-law-101-dealing-with-legal-and-risk-issues-arising-from-user-generated-content-1
In my experience the two toughest areas to deal with relate to 1) children and 2) subpoenas and other court actions.
- Child pornography is the trickiest, because businesses are _REQUIRED_ to report it, unlike other potential criminal activity. Not only that, it is dangerous to handle because it can be incriminating just to view it unless you have clear procedures in place to deal with it. Also, child pornographers have been known to seek out obscure sites to share their stuff, especially ones with controls/permissions like private groups and stuff. If private photo/video sharing is a significant part of your UGC, then _definitely_ talk with a lawyer so you know what to do.
- COPA (i.e. no kids under 13) is only a little tricky, assuming your site is for adults. But something to be aware of.
- The legalities of subpoenas and court actions are fairly well laid out in that blog posting. However, if you get a subpoena from the FBI or other agency asking for various records over a period of time, then not only will you you'll clock a little time with your lawyer but also folks on your technical team will end up spending a chunk of time locking accounts down and pulling the data together. The first time, this feels exciting and confusing, especially if there is strong time sensitivity to the subpoena, but you get it done. If it happens a few times, it feels more like a distraction that warrants some feature work to make it easier next time.
Hope that helps.