New Law Limits ISP Liability for Copyright Infringement
As appearing in the February 1999 Orange County Lawyer
Copyright 1999 Shelley M. Liberto. All rights reserved.
Internet service provider (ISP) liability for copyright infringement activities of customers has been a challenging issue for the courts over the past several years. (See WWWiz article, "ISP Liability: What You Know May Hurt You," November 1997.) Although ISPs typically act as mere conduits of information passing through their servers, traditional copyright law seemed to hold ISPs liable depending upon their degree of knowledge of infringing activity. For example, if an ISP received a complaint that one of its members was transmitting .wav files of copyrighted music, or photographic images belonging to a third party, the ISP would theoretically be held liable for the infringing activity unless it took certain actions. The ISP would be placed in the uncomfortable position of risking infringement liability or, alternatively, liability for terminating a customer's Internet service, and possibly his entire business, based on false information. Because the Internet presented new challenges unforeseen by courts and the drafters of the Copyright Act, Congress passed, and the President signed, the Digital Millennium Copyright Act in late October of 1998. Title II, the Online Copyright Infringement Limitation Act (17 USC §512), sets clear guidelines for a "safe harbor" for ISPs who can now clearly avoid both copyright liability, and liability to their customers, by following specific guidelines dictated by the new law.
Ambiguity of Prior Law
ISP liability for copyright infringement was previously triggered when a customer transmitted copyrighted data through an ISP without the permission of the owner. There are three categories of possible infringement:
(1) Direct infringement whereby an ISP or other entity such as a bulletin board service or Usenet host actually posts infringing material on the Internet, whether or not it is aware that the material is protected by copyright;
(2) Contributory infringement by an ISP, Internet access provider, or other service such as a Usenet host, who knowingly, although indirectly, contributes to direct infringement by another party; and
(3) Vicarious infringement whereby an infringer who is under the control of the ISP, such as an agent or employee, engages in the posting of protected material to the financial benefit of the ISP.
Controversy in the courts has typically arisen when an ISP has been told of the alleged infringing activity of a customer by an aggrieved copyright owner. ISPs would then be faced with the dilemma of whether or not to terminate a customer's commercial Web site based on what could be false or erroneous information, which in many cases has been lodged in retaliation against a business legitimate competitor on the Web. Alternatively, if the ISP were simply to ignore the information, it might expose itself to contributory infringement.
ISPs have typically attempted to protect themselves by requiring substantial documentation from the alleged infringement victim which, prior to the Act, had never been required by the law. Some ISPs have also required the infringement victim to directly contact the alleged infringer to settle the dispute which, in some cases, may have been impossible when infringing materials are, for example, anonymously posted on the Usenet or sent as unsolicited email. Alternatively, ISPs who have taken the risk of summarily terminating a customer's service based on a mere claim of infringement have also found themselves the target of litigation initiated by a customer who claims breach of contract, interference with contract, and interference with prospective economic advantage. This uncertainty as to an ISP's liability, and how an ISP should conduct its business, prompted Congress to act.
New Guidelines for Avoiding ISP Liability
The Online Liability Limitation Act contains two main features of which ISPs, Internet access providers, and anyone providing services on the Web should be aware. First, the conditions for eligibility for the new statutory "safe harbor" requires an ISP to post a policy to its customers which warns of termination of services for repeat offenders. Once the customer has been placed on notice of the consequences of its acts, the ISP is immune from liability to the customer for terminating the services upon proper notification of infringing activity. Next, the specific details of an ISP's participation in the alleged infringing activity must fall within the categories of the new law. Paraphrased, an ISP is not liable for transmitting copyrighted information if:
(1) The transmission of the infringing material was not initiated by the ISP;
(2) The transmission is carried out through an automatic technical process without hands-on selection of the material by the ISP;
(3) The ISP does not personally select the recipients of the material except as an automatic response to the request of another person;
(4) No copy of the infringing material is made by the ISP in a manner accessible by customers other than the intended recipient;and
(5) The ISP does not modify the infringing material.
In other words, an ISP is simply not liable for the transmission of infringing data through its servers as long as the servers transmit the information automatically and the contents are not altered by the ISP.
With regard to information residing on an ISP's servers, such as the maintenance of Web sites as opposed to the mere transmission of information, an ISP is not liable if:
(1) The ISP does not actually know, nor should be expected to know, that infringing material is residing on its server, or upon obtaining such knowledge, expeditiously removes or disables access to the material;
(2) Does not receive a direct financial benefit from the posting of the infringing information such as the receipt of an illicit royalty; and
(3) Responds expeditiously to remove or disable access to the material.
In other words, with regard to alleged infringing material residing on an ISP's server, an ISP need only expeditiously remove or disable the Web site, or the infringing portions of the Web site, when the ISP becomes aware of the infringing material. The Online Liability Limitation Act also allows ISPs to avoid liability for simple automatic caching of infringing material which, under prior law, would have been deemed a "copy" for legal purposes.In any case, the integrity of the "notification" given to the ISP by the alleged victim is now the triggering issue as to whether an ISP should cut off an allegedly infringing customer's Internet services.
Integrity of "Notification" of Infringement by a Claimant
The Online Liability Limitation Act, as can be expected, is rather specific as to the sort of notification that would allow an ISP to shut down a customer's services or Web site upon a claim of copyright infringement. The termination of services can be disastrous for a business on the Web. Accordingly, the Act requires that the ISP act only on legitimate notification of authentic complaints of copyright infringement. Such notification must:
(1) Be a written communication directed to the ISP or its agent;
(2) Identify the copyrighted work claimed to have been infringed with reasonable specificity to permit the ISP to locate the material;
(3) Provide contact information for the complaining party;
(4) Include a statement from the complaining party that it has a good-faith belief that the use of the material is not authorized by the copyright owner; and
(5) Include a statement that the complaint, and the information contained therein, is made under penalty of perjury and is made with the authorization of the copyright owner.
The notification requirement, however, is a two-edged sword. An ISP must not take action by terminating services unless the notification provisions are followed by the complaining party. An ISP who recklessly terminates a Web site upon receipt of an incomplete or frivolous notification may be held liable to the Web site customer if, for example, the ISP terminates a business on false information. On the other hand, if the elements of notification are complied with, an ISP must take steps to terminate the infringing activity to remain immune from liability.
Congress has responded to the ambiguous state of ISP liability for copyright infringement by passing the new Online Copyright Liability Limitation Act. The statute does not change court-made case law, but merely clarifies it. Generally, an ISP enjoys immunity from claims of copyright infringement caused by its customers if it warns its customers of its intent to terminate services for repeated offenses. The ISP must also terminate infringing activity promptly upon receipt of competent and authentic notification of infringing activity. These guidelines, if followed properly, should result in more protection for victims of copyright infringement on the Web, and at the same time provide more freedom for ISPs to conduct their business without fear of copyright infringement liability.
Shelley M. Liberto is an attorney specializing in software- and Internet-related issues. His Web page is located at http://www.libertolaw.com.