The Internet is becoming an increasingly prevalent medium for personal communication and an essential means of commerce. As it grows, the unfortunate byproducts of traditional commercial and personal interactions become more and more prevalent on-line.
Ever more business deals (ranging from simple purchases of goods to complicated contracts) are done on the net. Some of those business deals go awry, spawning business litigation. Various forms of harassment, slander, fraud, and other "informational" torts and crimes may be committed on the Internet. Copyright infringement abounds on the Internet.
When legal problems arise on-line, who should bear the cost of liability? Should liability lie purely with the individual or entity whose action, or failure to act, was directly related to the event -- the so-called "bad actor?" Should it lie with individuals, organizations, or institutions that contributed to the injury or simply provided the "bad actor" access to the Internet?
Since our overarching goal is to examine problems related to intellectual property in cyberspace, this module will focus on the specific problem of the liability of Internet Service Providers for copyright violations on the Internet.(1)
First of all, what is an Internet Service Provider, or ISP? Much of the literature on this subject draws subtle but important distinctions between ISPs, On-Line Service Providers (OSPs), Bulletin Board Systems (BBSs), et cetera. In order to simplify the discussion, the term ISP will be used in this module to cover a wide range of companies and organizations that provide their customers, or "clients," with access to the Internet. ISPs may be large or small. AOL, with millions of clients, is an ISP. So is a local "mom-'n-pop" operation with only a few clients.
As part of their services, ISPs often give their clients the means to make documents available over the Internet to the public at large. For example, an ISP may provide its clients with more than just an email account and access to the web; it may give them the right to upload files (including web pages) to the ISP's publicly accessible servers. These files may then be accessed -- and, by necessity, copied -- by members of the general population.
Problems arise, as one might expect, when the clients abuse this privilege and post material that violates the copyright laws. Why would the copyright holders in such situations sue the ISP rather than the person directly responsible for the infringement? There are two main reasons, and they are fairly straightforward. First, it's hard to sue someone if you can't find her. Many ISPs are corporate entities with fixed places of business, whereas clients who post infringing materials may be mobile or otherwise difficult to track down. The ISP is thus usually much easier to find than the individual who posted the allegedly infringing material. Second, the infringers are likely to be "judgment-proof" -- meaning that they lack the financial resources to pay a substantial liability judgment. Therefore, copyright holders commonly target ISPs because they almost always have more money than the individual client who allegedly posted the copyright infringement. This may not be true for a mom-'n-pop ISP, but the bigger players (such as AOL, Netcom, et cetera) certainly qualify as "deep pockets."
How might an ISP react to the threat of copyright liability? One response might be to police aggressively its servers for copyright infringements. Unfortunately, systematic policing of client content could be very unpopular with those clients who are concerned about maintaining a level of privacy and freedom from on-line censorship. Additionally, such a strategy would be difficult to execute. The ISP may have so much information on its servers that, even with the assistance of technologies designed specifically to help parse the information, reviewing it regularly would be problematic and costly. Even if the ISP could review the data with regularity, how would it be able to identify copyright-infringing material? Aside from flagrant cases (e.g., a web page boldly inviting visitors to download a free copy of Microsoft Word), it is difficult for an ISP manager (or search engine) to know whether material is copyright-protected and being used without authorization simply by looking at it. As a result, the ISP may end up either failing to remove copyright-infringing material or overzealously removing material that looks infringing but is not. The former scenario leaves the ISP open to suit, while the latter raises concerns of censorship.
ISPs may also attempt to avoid liability by demanding indemnification agreements from their clients. In other words, the ISP may require each client to sign a contract assuming all responsibility for any copyright infringement engaged in by the client. While such indemnities may reduce the risk of liability, they are not ironclad and do not eliminate the risk altogether.
What does this mean for the average Internet user? The conventional analysis goes as follows: because copyright infringement is hard to eliminate through self-policing, ISPs face an "unavoidable" risk of liability for copyright infringement. In other words, they face a risk that they cannot entirely eliminate up-front through cost-effective means. Smaller ISPs may be forced out of business entirely if the liability risk is too great. Larger ISPs that are better positioned to prepare for the liability risk would have to set aside funds for lawyers, settlements and judgments. Alternatively, these ISPs may choose to purchase some form of liability insurance. Either strategy costs money. Those costs will eventually be passed on to consumers, making the cost of Internet access higher for everyone.
Thus, the bedrock beneath the argument for removing liability from ISPs for copyright infringement centers on the perceived unfairness in holding unwitting ISPs liable for the illegal conduct of their clients, the danger that liability will cause ISPs to exercise restrictive control on client postings in a manner threatening open on-line discourse, and on the bottom-line result of increased cost for Internet access passed on to the average user.
On the flip side, a failure to hold ISPs liable for infringements by their clients may undermine the quality of material available on the net -- and off the net. Owners of copyrighted works argue that instantaneous and unredressable digital piracy would reduce their incentive to produce these works. The result would be a "cheap" culture -- not "cheap" in the pejorative manner that highbrow commentators use to describe popular culture, but "cheap" in the sense that the only works worth producing would be ones that cost very little to make, or where the costs could somehow be recouped through performance or the cult of personality. The Grateful Dead (providing their fans with essentially "free" content while paying the bills through the endless juggernaut of a roadshow) would be the archetype for working artists, cinema would fast become hopelessly verite, news would become a self referential chorus of Drudge reports (perhaps it is so already), reclusive artists such as Thomas Pynchon would have to find day jobs, et cetera. Not an entirely awful world, perhaps, but a very different one indeed.
In an effort to limit the potential
liability for ISPs while avoiding a meltdown in copyright protection on-line,
last October Congress passed the Digital Millennium Copyright Act (DMCA),
discussed below. Empirical evidence of its effect, if any, on ISP
liability and copyright protection will take time to develop. Nonetheless,
this module will introduce a basic picture of ISP liability prior to the
DMCA, briefly describe the DMCA itself, and invite you to speculate concerning
what changes, if any, it will bring.
BIG makes money through a combination of fees charged to clients and advertising revenue. The fees you charge clients depend on the amount of service they want. Clients who want to put web pages on your servers are charged a flat monthly fee for each page under 100Kb, and an additional $.01 for each kilobyte over 100Kb. The advertising revenues come mainly from banner ads. Anyone who visits a client web page will see at least one banner ad. Increased traffic to any particular web page eventually results in increased ad revenue.
One day, you receive a letter from I.N. Housecounsel, a lawyer for the Church of Humanitology. It states, in pertinent part:
"It has come to our attention that one of your clients, Mr. DeBunker, has posted a web page that is very critical of Humanitology on one of your servers. Of course, we have great respect for his First Amendment right to criticize our Church. However, Mr. DeBunker has apparently decided to post verbatim the entire contents of one of our publications, "The Secrets of Highly Intrepid Humanitologists." This publication is strictly guarded by the Church and is only made available to Humanitologists at a cost of $7,000 per copy. In order to avoid the expense of needless litigation, kindly:
You take a very deep breath, and
call your cardiologist. Afterwards, you call your chief technology wonk,
Bing the Server King. After checking around, Bing informs you that:
A (Very) Basic Copyright Law Primer(2)
Federal statutory copyright law is explicitly authorized by the United States Constitution.(3) Copyright law gives authors the right to protect their original expressive works, fixed in tangible form, from duplication.(4) However, ideas themselves are not protected.(5) Thus, a novel such as "Catcher in the Rye" may not be duplicated in whole or in substantial part without permission. However, any writer could decide, without need of J.D. Salinger's permission, to compose a story written in first person narrative about a disaffected young man from a wealthy family who goes on a personal odyssey after flunking out of a New York-area preparatory school.
Furthermore, some duplication of copyrighted works may be privileged as "fair use." The doctrine of fair use excuses some copying (but usually not extensive copying, or the copying of a work in its entirety) in the interest of education and comment. Thus, for example, a book review of "Catcher in the Rye" that quoted liberally from the text would not be a violation of copyright. The use of the novel's text in the review would be privileged.(6)
In short, copyright law is designed with the dual goal of protecting the author from piracy -- thus giving her an incentive to create and to distribute her creations -- while allowing others to freely build on the ideas embodied in the author's expression.(7)
Copyright law, of course, is much more complicated than this brief description of its basics. However, when it comes to ISP liability for copyright infringement, the finer points of copyright law are generally not in issue. The typical case of copyright infringement on the net involves a clearly copyrightable work " such as an article or book, a picture, a piece of software, or a musical recording"(8) duplicated wholesale and made publicly available without authorization from the work's owner. Fair use defenses are very difficult to make in these situations.
What role does the ISP play here?
ISPs don't usually supervise the activities of their clients, but they
do provide the tools that their clients may use to copy the protected work
and make it publicly available. Thus, the ISPs servers and resources are
being used to duplicate and distribute the infringement but the ISP itself
often has no idea that this is happening.
Copyright Law and Unintentional
Copyright owners have the exclusive right to reproduce, distribute and display their copyrighted work.(9) Anyone who violates one of these exclusive rights is liable for infringement, even if they did so unwittingly or unintentionally.(10)
Why penalize unwitting or unintentional infringers? The primary justifications are twofold. First, even unintentional infringers deprive copyright owners of the value of their copyrights, and thus the owners should be compensated. Second, it is extraordinarily difficult to show intent or knowledge. Therefore, copyright owners would have a hard time enforcing their rights and infringers would have an easier road to absolution by simply mounting a "didn't know the gun was loaded" defense. (11)
Thus, if an ISP itself puts infringing material onto the Internet, it is liable regardless of its intent. But what if the ISP merely provides the means by which one of its clients puts the infringement onto the Internet?
There are two main avenues by which an ISP would still be liable, even though the the "actual" infringement was done by the client. These avenues are not explicitly spelled out in the copyright statute, but have developed over time in federal court decisions concerning copyright liability.
The first avenue is "contributory infringement," which occurs when a person either (1) induces another person to infringe the copyright or (2) materially contributes to the infringing activities of another person. Thus, an ISP that encouraged or solicited its clients to post material that was infringing would be liable for contributory infringement, even though the clients did the actual posting. It does not matter whether the ISP knows that its request will result in infringement. For example, suppose an ISP operator (who happens to be a big Elvis fan) mistakenly assumes that copyrights expire when the copyright holder dies. The operator sends a message to clients asking them to post audio files of their favorite Elvis songs. Though unintentional, the operator's activities constitute contributory infringement.
The second avenue is "vicarious liability." Vicarious liability occurs when (1) an infringement exists, (2) a person has the right and ability to control or supervise the infringing activity, and (3) the person profits from the infringing activity. None of these elements require that the vicariously liable person have actual knowledge of the infringing activity.
The ISP as Unintentional (but Liable) Infringer
Under theories of vicarious liability or contributory infringement, ISPs that allow clients to place unauthorized, copyrighted information on the Internet might be liable for infringement, even though their only contribution to the infringement was the provision of computer equipment used by others to make and distribute unauthorized copies. (12) This seems harsh " it would be almost unthinkable to hold a pen manufacturer liable for infringement committed using one of her pens, or the paper mill from whence came the paper used to produce the infringing copies. However, unlike pen manufacturers or paper mills, ISPs have active and continuing control over the means to store and transmit the pirated information to wide audiences. They have the ability to shut down infringements immediately, given notice of them.
Because the Internet's exploding popularity is a relatively recent phenomenon, there have not been a large number of court decisions concerning ISP liability for copyright infringement. (That is not to say that there have been few lawsuits alleging ISP liability for infringement -- the vast majority of lawsuits settle before reaching a decision). What follows is a brief history of how courts have attempted to apply copyright principles to the issue of ISP liability prior to the passage of the Digital Millennium Copyright Act, or DMCA (discussed in the following section).
In 1993, a preliminary injunction was issued against a bulletin board operator allowed unauthorized Playboy photographs to be uploaded and downloaded from his system. SeePlayboy Enterprises, Inc. v. Frena, 839 F. Supp. 1552 (M.D.Fla. 1993) <http://www.jmls.edu/cyber/cases/frena.txt>. Although the defendant argued that he was unaware of the infringement, never uploaded the photographs himself and removed them upon notice from Playboy, the court found that the defendant directly infringed Playboy's copyright. One year later, another bulletin board operator was found liable for copyright infringement. Unlike the Playboy case, this operator directly solicited clients to upload Sega video games onto his system. See Sega Enterprises Ltd. v. MAPHIA, 857 F. Supp. 679 (N.D. Cal. 1994) at <http://www.jmls.edu/cyber/cases/sega.txt>. In both Frena and Sega, the courts held that the bulletin board operators could be found liable regardless of whether or not the copying was intentional. Also, in both cases, the "actual" infringement was committed by the clients.
One of the most important recent decision on ISP liability for copyright infringement is Religious Technology Center v. Netcom Online Communication Services, Inc., 907 F.Supp. 1361 (N.D. Cal. 1995) at <http://www.jmls.edu/cyber/cases/netcom.txt>. In that case, the Federal District Court for the Northern District of California was asked to evaluate whether Netcom could be held liable for materials posted by one of its clients. These materials contained copies of Church documents and thus allegedly infringed copyrights held by the Church of Scientology. The court decided three important issues. First, Netcom could not be held directly liable for any infringing material posted by the client since Netcom itself did not upload the material. In short, the direct infringer was the client who did the uploading, not the ISP that provided the tools to do so. This part of the decision seemed to be flatly reject the line taken in Frena. Second, the court also decided that there wasn't enough of a link between the infringing activity and Netcom's finances to hold Netcom vicariously liable. Third, although the court let Netcom off the hook for direct infringement and vicarious liability, the court refused to rule out the possibility that Netcom was liable for contributory infringement, leaving the question of whether Netcom encouraged the client to post infringing materials open for trial. (No trial ever occurred because the case settled).
Please follow the hyperlinks indicated
above and read the decisions in Frena, Sega, and Netcom.
Both Frena and Sega concerned claims of copyright and trademark
infringement -- you need only read the parts of the decisions that outline
the facts and discuss the copyright infringement claims. (If you
don't have legal training and find it difficult to figure out what the
judges are saying, it may be helpful to start by reading Netcom
first. In Netcom, the judge takes a moment to explain the
and Sega decisions, and this discussion may be helpful to you.)
...And then came the Digital Millennium
The 105th Congress attempted to address the competing concerns of ISPs and copyright owners when it passed the Digital Millennium Copyright Act.
The Digital Millennium Copyright Act (DMCA) (H.R. 2281) was intended to implement the World Intellectual Property Organization (WIPO) Copyright Treaty and Performances and Phonograms Treaty. (The United States often amends its domestic copyright law to include WIPO treaty provisions.) The DMCA was signed into law on October 28, 1998. Title II addresses the liability of online providers. (13) It generally limits liability of Internet service providers for a range of activities, including transitory digital network communications(14), system caching, (15) unwittingly linking or referring users to sites containing infringing materials, (16) and the unwitting storage of copyright-violating material on their systems. (17)
Focusing specifically on the latter phenomenon, the DMCA provides that:
The service provider is only shielded from liability if it "has designated an agent to receive notifications of claimed infringement." (19) Notifications must adhere to various formalities spelled out in the Act. They also must identify the copyrighted material in question, identify the alleged copyright infringement, and provide information "reasonably sufficient" to allow the ISP to locate and remove the allegedly infringing material.(20) For example, in the case study above, Housecounsel identified the copyrighted material (The Secrets of Highly Intrepid Humanitologists) and the alleged infringement (DeBunker's page), but it is uncertain whether Housecounsel provided "reasonably sufficient" information to allow the ISP to locate and remove the material (a URL would have helped).
[a] service provider shall not be liable . . . for infringement of copyright by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider, if the service provider
- (i) does not have actual knowledge that the material or an activity using the material on the system or network is infringing;
- (ii) in the absence of such actual knowledge, is not aware of facts or circumstances from which infringing activity is apparent; or
- (iii) upon obtaining such knowledge or awareness, acts expeditiously to remove, or disable access to, the material;
- (B) does not receive a financial benefit directly attributable to the infringing activity, in a case in which the service provider has the right and ability to control such activity; and
- (C) upon notification of claimed infringement as described in paragraph (3), responds expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of infringing activity. (18)
Filing an intentionally misleading claim of infringement, or an intentionally misleading response that infringing material has been removed, is penalized under the Act.(21) The Act also limits the liability of ISPs who take down the allegedly infringing material in response to a request from a copyright owner, (22) and provides the copyright owner with a subpoena power to force ISPs to divulge the identity of the client responsible for the infringement. (23)
The term "service provider" as used in the text above is defined to include "provider[s] of online services or network access, or the operator of facilities therefor," and entities "offering the transmission, routing, or providing of connections for digital online communications, between or among points specified by a user, of material of the user's choosing, without modification to the content of the material as sent or received." (24)
Jonathan Band, a lawyer in Washington
D.C., has written a helpful memo on the DMCA entitled The Digital Millennium
Copyright Act. Please read the section of his memorandum on Title
II of the Millennium Act by following this URL: <http://www.ari.net/dfc/html/jb-memo.html#TITLE
Excerpts from the Legislative
History of the Digital Millennium Copyright Act
"[W]e need this measure to stop an epidemic of illegal copying of protected works--such as movies, books, musical recordings, and software--and to limit, in a balanced and thoughtful way, the infringement liability of online service providers." Sen. Kohl, Senate Floor Remarks.
"Having heard directly from a major trade association representing professional servicers, I am pleased we could include such strong language so that they can go about their business without fear of facing crippling liability." Sen. Ashcroft, Senate Floor Remarks.
"Title II preserves strong incentives for service providers and copyright owners to cooperate to detect and deal with copyright infringements that take place in the digital networked environment. At the same time, it provides greater certainty to service providers concerning their legal exposure for infringements that may occur in the course of their activities." Conference Report, H.R. 2281 p. 72
"This legislation is not intended to discourage the service provider from monitoring its service for infringing material. Courts should not conclude that the service provider loses eligibility for limitations on liability under section 512 solely because it engaged in a monitoring program." Conference Report, H.R. 2281 p. 73
"Litigation concerning on-line matters
will occur with greater frequency as the industry continues to expand.
Judicial resolutions may be the only avenue for companies and individuals
to clear the Internet's murky waters. In civil matters, increased litigation
will equate to greater litigation costs and an increase in potential liability
for Internet access providers, the deep pockets of Cyberspace. . . . Therefore,
any legislation passed by Congress must include a "knowledge" element to
import liability upon access providers. It remains unclear whether the
judiciary will interpret this knowledge requirement broadly or narrowly."
-- Marc L. Caden & Stephanie E. Lucas, Accidents On the Information Superhighway: On-Line Liability And Regulation, 2 Richmond J. of L. & Tech. issue 1 par. 101 (1996), at <http://www.urich.edu/~jolt/v2i1/caden_lucas.html>
"[I]t is difficult to identify jurisprudence
which makes the issue of on-line liability a real problem as opposed to
a perceived problem. There certainly seems to be no chilling effect on
the growth of the Internet. It was reported in a Senate hearing earlier
this month that Internet computer servers have grown from just over 200
in 1981 to 16 million today. We are not aware of any flood of lawsuits
that would undercut this strong growth of the Internet. We are aware of
only a dozen or so decisions dealing with copyright liability on the Internet,
many involving operators of bulletin boards. We are not aware that a single
[ISP] has ever been found liable for copyright infringement on the Internet.
. . . Do we have a solution in search of a problem? "
-- Mike Kirk, American Intellectual Property Law Association, H.R. 2281 and H.R. 2180 Hearings before House Courts and Intellectual Property Subcommittee (Sep.16, 1997), at <http://www.house.gov/judiciary/4019.htm>
Which statement do you feel is more accurate? Are both statements inaccurate? Write a brief essay supporting one of the above statements (or arguing that neither statement is supportable).
The Teaching Fellow for your small section will contact you with
directions for submitting your assignment.
G. Teran 2/11/99
Please email email@example.com with comments or questions