That's basically my understanding, though it needs some additions.
To summarize differently, a provider is liable if it knows or could
be expected to know of the abusive content in question. This
phrasing adds the condition that if a provider operating as a common
carrier is made aware of abuse, they then become liable if they
subsequently fail to take reasonable measures against recurrence,
even though they otherwise are allowed to be unconcerned with content.
(Think in terms of phone company liability for obscene calls).
The section cited by Mr. Flores basically says that only the first
provider receiving the abusive traffic (ie. nearest the source) would
have been liable, not every provider all the way to the destination.
Otherwise, every provider would have had to monitor all content
passing through it. Doing this would have been bad enough for
source networks; imagine doing this for all traffic passing through
MCI. Fortunately, the CDA is dead and this latter question is moot,
at least for a while.