Please email gteran@law.harvard.edu with comments or questions
Links last verified: 1/18/99
Ever more business deals (from simple purchases of goods to complicated contracts) are done on the net. Some of those business deals go awry, spawning business litigation originating from internet-based transactions. Various forms of harassment, slander, fraud, and other "informational" torts and crimes may be committed on the internet. Copyright infringement abounds on the internet.
When legal problems arise on-line, who should bear the cost of liability? Should liability lie purely with the individual or entity whose action, or failure to act, was directly related to the event " the so-called "bad actor?" Should it lie with the individual, organization, or institution that gave the "bad actor" access to the internet?
Since our overarching goal is to examine problems related to intellectual property in cyberspace, this module will focus on the specific problem of ISP liability for copyright violations on the internet.(1)
First of all, what is an Internet Service Provider, or ISP? Much of the literature on this subject draws subtle but important distinctions between ISPs, On-Line Service Providers (OSPs), Bulletin Board Systems (BBSs), et cetera. In order to simplify the discussion, the term ISP as used in this module is intended to be an umbrella term covering a wide range of companies and organizations that provide their customers, or "clients," with access to the internet. ISPs may be large or small. AOL, with millions of clients, is an ISP. So is a local "mom-n-pop" operation with only a few clients.
As part of their services, ISPs often give their clients the means to make content available over the internet to the public at large. For example, an ISP may provide its clients with more than just an email account and access to the web -- it may give its clients the right to upload files, including web pages, to the ISP's publicly accessible servers. These files may then be accessed -- and, by necessity, copied -- by members of the public at large.
Why would copyright holders sue ISPs? There are two main reasons, and they are fairly straightforward. First, it's very hard to sue someone if you can't find them. Many ISPs are corporate entities with fixed places of business, whereas clients who post infringing materials may be mobile or difficult to track down. Thus, the ISP is usually a lot easier to find than the individual who posted the allegedly infringing material. Second, it is a time-honored axiom in the legal profession that if you sue someone who will never be able to pay a judgment, then you are wasting your time. Therefore, copyright infringement plaintiffs target ISPs because they almost always have more money than the individual client who may have posted the copyright infringement. This may not be true for a mom-n-pop ISP, but the bigger players (such as AOL, Netcom, et cetera) certainly qualify as "deep pockets."
How would a typical ISP react to the threat of copyright liability? One response of an ISP may be to mount an aggressive program aimed at policing its servers for copyright infringements. Aggressive, regular policing of client content could be very unpopular with those clients who are concerned about maintaining a level of privacy and freedom from censorship on-line. Additionally, such a program would be very difficult to execute. The ISP may have so much information on its servers that, even with the assistance of technologies designed specifically to help parse the information, the very act of reviewing it regularly would be problematic and costly. Even if the ISP could review the data with regularity, how would it be able to identify copyright-infringing material? Aside from flagrant cases (e.g. a web page boldly inviting visitors to download a free copy of Microsoft Word), it is difficult for an ISP to know whether material is copyright-protected and being used without authorization simply by looking at it. As a result, the ISP may end up either failing to remove copyright-infringing material or overzealously removing material that looks infringing but is not. The former scenario leaves the ISP open to suit, while the latter scenario raises concerns of censorship.
ISPs may also attempt to avoid liability by requiring indemnities from their clients -- in other words, the ISP enters into a contract with each of its clients that requires the client to assume all responsibility for any copyright infringement engaged in by the client. While such indemnities may reduce the risk of liability, they are not ironclad and do not eliminate the liability risk altogether.
What does this mean for the average internet user? The conventional analysis goes as follows: because copyright infringements are hard to eliminate through self-policing, ISPs face a risk of liability for copyright infringement that they cannot entirely eliminate up-front through cost-effective means. Smaller ISPs may be forced out of business entirely if the liability risk is too great. Larger ISPs that are better positioned to prepare for the liability risk would have to earmark funds for lawyers, settlements and judgments. Or the ISP may purchase some form of liability insurance. Either route costs money. These costs are eventually passed on to consumers, making the cost of getting on the net higher for everyone.
Thus, the bedrock beneath the argument for removing liability from ISPs for copyright infringement centers on the perceived unfairness in holding unwitting ISPs liable for the illegal conduct of their clients, the danger that liability will cause ISPs to exercise restrictive control on client postings in a manner threatening open on-line discourse, and on the bottom line result of increased cost for internet access passed on to the average user.
On the flip side, a failure to hold ISPs liable for infringements posted by their clients may scuttle the value of copyrighted works. Owners of copyrighted works argue that instantaneous and unredressable digital piracy would reduces the incentive to produce these works. The result would be a "cheap" culture -- not "cheap" in the pejorative manner that highbrow commentators use to describe popular culture, but "cheap" in the sense that the only works worth producing would be ones that cost very little to make, or where the costs could somehow be recouped through performance or cult of personality. The Grateful Dead (providing their fans with essentially "free" content while paying the bills through an endless juggernaut of a roadshow) would be the unavoidable archetype for working artists, cinema would fast become hopelessly verite, news would become a self referential chorus of Drudge reports (perhaps it is so already), reclusive artists such as Thomas Pynchon would have to find day jobs, et cetera. Not an entirely awful world, perhaps, but a very different one indeed.
In an effort to limit the potential liability for ISPs while avoiding
a meltdown in copyright protection on-line, last October Congress passed
the Digital Millennium Copyright Act (DMCA), discussed below. Empirical
evidence of its effect, if any, on ISP liability and copyright protection
will take time to develop. Nonetheless, this module will introduce
a basic picture of ISP liability prior to the DMCA, briefly describe the
DMCA itself, and invite you to speculate what changes if any it will bring.
You are the chief executive officer and largest shareholder of Baffled Internet Group, or BIG. You provide internet access to over 5 million clients, mainly in the United States. Many of those clients have web pages which are stored on your servers (located throughout the country in every state). These web pages are accessible through the world-wide web. Anyone who can get on the web can get to these pages. Your servers automatically log the number of visits to each web page and (where possible) the identities of those who visit the web pages.
BIG makes money through a combination of fees charged to clients and advertising revenue. The fees you charge clients depend on the amount of service they want. Clients who want to put web pages on your servers are charged a flat monthly fee for each page under 100K, and an additional $.01 for each kilobyte over 100K. The advertising revenues come mainly from banner ads. Anyone who visits a client web page will see at least one banner ad. Increased traffic to any particular web page eventually results in increased ad revenue.
One day, you receive a letter from I.N. Housecounsel, a lawyer for the Church of Humanitology. It states, in pertinent part:
"It has come to our attention that one of your clients, Mr. DeBunker, has posted a web page on one of your servers that is very critical of Humanitology. Of course, we have great respect for his First Amendment right to criticize our Church. However, Mr. DeBunker has apparently decided to post verbatim the entire contents of one of our publications, "The Seven Secrets of Highly Intrepid Humanitologists." This publication is strictly guarded by the Church and is only made available to Seventh Level Humanitologists at a cost of $7,000 per copy. In order to avoid the expense of needless litigation, kindly:
You take a very deep breath, and
call your cardiologist. Afterwards, you call your chief technology wonk,
Bing the Server King. After checking around, Bing informs you that:
A (Very) Basic Copyright Law Primer(2)
Federal statutory copyright
law is explicitly authorized by the United States Constitution.(3)
Copyright law gives authors the right to protect their original expressive
works, fixed in tangible form, from duplication.(4)
However, ideas themselves are not protected.(5)
Thus, a novel such as "Catcher in the Rye" may not be duplicated in whole
or in substantial part without permission. However, any writer could decide,
without need of J.D. Salinger's permission, to compose a story written
in first person narrative about a disaffected young man from a wealthy
family who goes on a personal odyssey after flunking out of a New York-area
preparatory school.
Furthermore, some duplication of
copyrighted works may be privileged as "fair use." The doctrine of fair
use excuses some copying (but usually not extensive copying, or the copying
of a work in its entirety) in the interest of education and comment. Thus,
for example, a book review of "Catcher in the Rye" that quoted liberally
from the text would not be a violation of copyright. The use of the novel's
text in the review would be privileged. (6)
In short, copyright law is designed
with the dual goal of protecting the author from piracy -- thus giving
her an incentive to create and to distribute her creations -- while allowing
others to freely build on the ideas embodied in the author's expression.
(7)
Copyright law, of course, is much
more complicated than this brief description of its basics. However, when
it comes to ISP liability for copyright infringement, the finer points
of copyright law are generally not in issue. The typical case of copyright
infringement on the net involves a clearly copyrightable work " such as
an article or book, a picture, a piece of software, or a musical recording(8)
" duplicated wholesale and made publicly available without authorization
from the work's owner. Fair use defenses are very difficult to make
in these situations.
What role does the ISP play here?
ISPs don't usually supervise the activities of their clients, but they
do provide the tools that their clients may use to copy the protected work
and make it publicy available. Thus, the ISPs servers and resources are
being used to duplicate and distribute the infringement but the ISP itself
often has no idea that this is happening.
Copyright Law and Unintentional
Infringers
Copyright owners have the exclusive
right to reproduce, distribute and display their copyrighted work. (9)
Anyone who violates one of these exclusive rights is liable for infringement,
even if they did so unwittingly or unintentionally.(10)
Why penalize unwitting or
unintentional infringers? The primary justifications are twofold. First,
even unintentional infringers deprive copyright owners of the value of
their copyrights, and thus the owners should be compensated. Second, it
is extraordinarily difficult to show intent or knowledge. Therefore, copyright
owners would have a hard time enforcing their rights and infringers would
have an easier road to absolution by simply mounting a "didn't know the
gun was loaded" defense. (11)
Thus, if an ISP itself puts infringing material onto the internet,
it is liable regardless of its intent. But what if the ISP merely
provides the means by which one of its clients puts the infringement onto
the internet?
There are two main avenues by which an ISP would still be liable, even though the "actual" infringement was done by the client. These avenues are not explicitly spelled out in the copyright statute, but have been developed in the copyright caselaw.
The first avenue is "contributory infringement," which occurs when a person either (1) induces another person to infringe the copyright or (2) materially contributes to the infringing activities of another person. Thus, an ISP that encouraged or solicited its clients to post material that was infringing would be liable for contributory infringement, even though the clients did the actual posting. It does not matter whether the ISP knows that its request will result in infringement. For example, suppose an ISP operator (who happens to be a big Elvis fan) mistakenly assumes that copyrights expire when the copyright holder dies. The operator sends a message to clients asking them to post audio files of their favorite Elvis songs. Though unintentional, the operators activities constitute contributory infringement.
The second avenue is "vicarious liability." Vicarious liability occurs when (1) an infringement exists, (2) a person has the right and ability to control or supervise the infringing activity, and (3) the person profits from the infringing activity. None of these elements require that the vicariously liable person have actual knowledge of the infringing activity.
The ISP as Unintentional (but
Liable) Infringer
Under theories of vicarious liability
or contributory infringement, ISPs that allow clients to place unauthorized,
copyrighted information on the Internet might be liable for infringement,
even though their only contribution to the infringement was the provision
of computer equipment used by others to make and distribute unauthorized
copies. (12) This seems harsh " it would be
almost unthinkable to hold a pen manufacturer liable for infringement committed
using one of her pens, or the paper mill from whence came the paper used
to produce the infringing copies. However, unlike pen manufacturers or
paper mills, ISPs have active and continuing control over the means to
store and transmit the pirated information to wide audiences. They have
the ability to shut down infringements immediately, given notice of them.
Because the internet's exploding popularity is a relatively recent phenomenon, there have not been a large number of court decisions concerning ISP liability for copyright infringement. (That is not to say that there have been few lawsuits alleging ISP liability for infringement -- the vast majority of lawsuits settle before reaching a decision). What follows is a brief history of how courts have attempted to apply copyright principles to the issue of ISP liability prior to the passage of the Digital Millennium Copyright Act, or DMCA (discussed in the following section).
In 1993, a preliminary injunction was issued against a bulletin board operator allowed unauthorized Playboy photographs to be uploaded and downloaded from his system. Playboy Enterprises, Inc. v. Frena, 839 F. Supp. 1552 (M.D. Fla. 1993) <http://www.jmls.edu/cyber/cases/frena.txt>. Although the defendant argued that he was unaware of the infringement, never uploaded the photographs himself and removed them upon notice from Playboy, the court found that the defendant directly infringed Playboy's copyright. One year later, another bulletin board operator was found liable for copyright infringement. Unlike the Playboy case, this operator directly solicited clients to upload Sega video games onto his system. Sega Enters. Ltd. v. MAPHIA, 857 F. Supp. 679 (N.D. Cal. 1994) <http://www.jmls.edu/cyber/cases/sega.txt>. In both Playboy and Sega, the courts held that the bulletin board operators could be found liable regardless of whether or not the copying was intentional. Also, in both cases, the "actual" infringement was committed by the clients.
One of the most important recent decision on ISP liability for copyright infringement is Religious Technology Center v. Netcom Online Communication Services, Inc., 907 F.Supp. 1361 (N.D. Cal. 1995) <http://www.jmls.edu/cyber/cases/netcom.txt>. In that case, the Federal District Court for the Northern District of California was asked to evaluate whether Netcom could be held liable for materials posted by one of its clients which allegedly infringed copyrights held by the Church of Scientology. The court decided three important issues. First, Netcom could not be held directly liable for any infringing material posted by the client since Netcom itself did not upload the material. In short, the direct infringer was the client who did the uploading, not the ISP that provided the tools to do so. This part of the decision seemed to be flatly reject the line taken in Playboy. Second, the court also decided that there wasn't enough of a link between the infringing activity and Netcom's finances to hold Netcom vicariously liable. Third, although the court let Netcom off the hook for direct infringement and vicarious liability, the court refused to rule out the possibility that Netcom was liable for contributory infringement, leaving the question of whether Netcom encouraged the client to post infringing materials open for trial. (No trial ever occurred because the case settled).
Please follow the hyperlinks indicated above and read the decisions
in Playboy, Sega, and Netcom. Both Playboy and Sega concerned claims
of copyright and trademark infringement -- you need only read the parts
of the decisions that outline the facts and discuss the copyright infringement
claims. (If you don't have legal training and find it difficult to
figure out what the judges are saying, it may be helpful to start by reading
Netcom first. In Netcom, the judge takes a moment to explain the
Playboy and Sega decisions, and this discussion may be helpful to you.)
...And then came the Digital
Millennium Copyright Act
The 105th Congress attempted to
address the competing concerns of ISPs and copyright owners when it passed
the Digital Millennium Copyright Act.
The Digital Millennium Copyright
Act (DMCA) (H.R. 2281) was intended to implement the World Intellectual
Property Organization (WIPO) Copyright Treaty and Performances and Phonograms
Treaty. (The United States often amends its domestic copyright law
to include WIPO treaty provisions.) The DMCA was signed into law
on October 28, 1998. Title II addresses the liability of online providers.
(13) It generally limits liability of internet
service providers for a range of activities, including transitory digital
network communications(14), system caching,
(15) unwittingly linking or referring users
to sites containing infringing materials, (16)
and the unwitting storage of copyright-violating material on their systems.
(17)
Focusing specifically on the latter
phenomenon, the DMCA provides that:
[a] service provider shall not be liable . . . for infringement of copyright by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider, if the service provider
The service provider is only shielded from liability if it "has designated an agent to receive notifications of claimed infringement." (19) Notifications must adhere to various formalities spelled out in the Act among other things, notices must identify the copyrighted material which is alleged to be infringed, along the allegedly infringing material, and provide information "reasonably sufficient" to allow the ISP to locate and remove the allegedly infringing material.(20) Filing an intentionally misleading claim of infringement, or an intentionally misleading response that infringing material has been removed, is penalized under the Act.(21) The Act also limits the liability of ISPs who take down the allegedly infringing material in response to a request from a copyright owner, (22) and provides the copyright owner with a subpoena power to force ISPs to divulge the identity of the client responsible for the infringement. (23)
- (A)
- (i) does not have actual knowledge that the material or an activity using the material on the system or network is infringing;
- (ii) in the absence of such actual knowledge, is not aware of facts or circumstances from which infringing activity is apparent; or
- (iii) upon obtaining such knowledge or awareness, acts expeditiously to remove, or disable access to, the material;
- (B) does not receive a financial benefit directly attributable to the infringing activity, in a case in which the service provider has the right and ability to control such activity; and
- (C) upon notification of claimed infringement as described in paragraph (3), responds expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of infringing activity. (18)
Jonathan Band, a lawyer in Washington
D.C., has written a helpful memo on the DMCA entitled The Digital Millennium
Copyright Act. Please read the section of his memorandum on Title
II of the Millennium Act by following this URL: <http://www.ari.net/dfc/html/jb-memo.html#TITLE
II>
Excerpts from the Legislative
History of the Digital Millennium Copyright Act
"[W]e need this measure to stop
an epidemic of illegal copying of protected works--such as movies, books,
musical recordings, and software--and to limit, in a balanced and thoughtful
way, the infringement liability of online service providers." Sen. Kohl,
Senate Floor Remarks.
"Having heard directly from a major
trade association representing professional servicers, I am pleased we
could include such strong language so that they can go about their business
without fear of facing crippling liability." Sen. Ashcroft, Senate Floor
Remarks.
"Title II preserves strong incentives
for service providers and copyright owners to cooperate to detect and deal
with copyright infringements that take place in the digital networked environment.
At the same time, it provides greater certainty to service providers concerning
their legal exposure for infringements that may occur in the course of
their activities." Conference Report, H.R. 2281 p. 72
"This legislation is not intended
to discourage the service provider from monitoring its service for infringing
material. Courts should not conclude that the service provider loses eligibility
for limitations on liability under section 512 solely because it engaged
in a monitoring program." Conference Report, H.R. 2281 p. 73
"[I]t is difficult to identify jurisprudence which makes the issue of on-line liability a real problem as opposed to a perceived problem. There certainly seems to be no chilling effect on the growth of the Internet. It was reported in a Senate hearing earlier this month that Internet computer servers have grown from just over 200 in 1981 to 16 million today. We are not aware of any flood of lawsuits that would undercut this strong growth of the Internet. We are aware of only a dozen or so decisions dealing with copyright liability on the Internet, many involving operators of bulletin boards. We are not aware that a single On-line Service Provider (OSP) or Internet Access Provider (IAP) has ever been found liable for copyright infringement on the Internet. . . . Do we have a solution in search of a problem? " Mike Kirk, American Intellectual Property Law Association, H.R. 2281 and H.R. 2180 Hearings before House Courts and Intellectual Property Subcommittee (Sep.16, 1997).
Draft a response on behalf of BIG
to I.N. Housecounsel. Explain to Attorney Housecounsel what BIG intends
to do about the situation.