Online Intermediaries and Liability for Copyright Infringement Lilian Edwards and Charlotte Waelde AHRC Centre for Intellectual Property and Technology Law University of Edinburgh Introductory themes and issues Who are online intermediaries? – Traditional, newer and “P2P” Why have immunities for intermediaries? – Policy factors – Changes since P2P explosion Copyright liability issues Types of “general” immunity regimes – Notice and take down (NTD) Immunity and “P2P” intermediaries Suing copyright infringer not intermediary – Private copying – when downloading is legal? – Disclosure and anonymity issues Alternatives to suing intermediaries or infringers Conclusions On line intermediaries “Traditional” = – Internet Access Providers (IAPs) – Internet Service Providers (ISPs) eg AOL – Hosts/”portals” eg BBC, NY Times, Yahoo! E.g. US Communications Decency Act 1996 s 230(c)– “Provider.. Of an interactive computer service” Intended to protect ISPs, also applied to websites and moderator of website, but NOT to EBay as distributor not publisher of content (Grace v Ebay, 2004) Eg, Singapore Electronic Transaction Act 1998, India IT Act 2000 both refer to “network service providers” Newer online intermediaries •On-line sellers/distributors of goods/services •On-line auction sites •Aggregators eg RSS readers •Price comparison engines •Search engines •Universities & digitised archives •Chat-rooms, fora, eGroups •“Web logs” or blogs •Mobile phone communications providers EC E-Commerce Directive 2000 Art 2(a) - Information Society Service Providers (ISSPs) (see Arts 12-15) Provider of an “information society service” defined as “any service normally provided for remuneration, at a distance, by means of electronic equipment for the processing (including digital compression) and storage of data, and at the individual request of a recipient of a service.” Recipient is user, natural/legal person. Much wider than traditional ISP sector Non-commercial? Search engines? Universities? Services provided not WHOLLY at a distance? eg, tele-employer P2P intermediaries?? P2P intermediaries 1. Centralised index P2P intermediaries eg first Napster 2. De-centralised model eg Grokster/KaZaA – user nodes, super-nodes 3. BitTorrent – files downloaded in chunks, every downloader also uploader – hubs point to torrent files, tracker sites point to users. eXeem is eg P2P implementation. 4. Freenet – encrypted files, also chunked, anonymised users. 5. “Open source” intermediaries eg BitTorrent – cf proprietary intermediaries, eg, Napster, KaZaA. Copyright intermediary worries •Early cases – Scientology texts etc •Caching •P2P liability for illicit downloading of songs, video •Hyperlinking liability (cf DMCA and ECD) Policy issues around “general” intermediary liability •Policy/law often driven by libel/porn cases not copyright •Early cases exclusively re ISPs, analogy to h/c publishers •ISPs seen as identifiable targets with “deep pockets”, while original content providers often anonymous, unlocatable, no resources, & (re copyright) bad PR to sue your own customers •ISPs transmit/host/publish huge amounts content, some dynamic, most out of contractual control •In practice, unable to monitor/check all this material, plus undesirable in terms of privacy •Thus, in toto, seen as subject to unmanageable burden if made liable as ordinary publishers are for content provided by others Policy outcomes to c 2000 •But - public interest in a flourishing ISP sector for public/commercial reasons •States furthermore saw ISPs as natural gatekeepers to Internet – able to help control porn, spam, etc •Hence, immunities needed so that ISP could exert some though not total control over 3rd party content without becoming liable for it – statutory reversal of Prodigy case, which had encouraged “head in sand” approach. •US CDA 1996 s 230 (c) eg gave ISPs total immunity in respect of content provided by another party •Later instruments – DMCA, ECD etc – gave less total immunity (see on) But later policy factors emerge.. •ISPs/intermediaries took advantage of immunities granted but did NOT on whole (tho cf BT Internet) take on voluntary monitoring/filtering role. Tendency to see self as neutral businesses, not censors or state agents. •On-line industry mainstreamed – less worry that liability would put it out of business, cause off-shoring •Interests of “victims” given short shrift compared to immunity for intermediaries – esp IP rightsholders. •Exponential growth in P2P music piracy •Tacit knowledge that broadband as consumer business model based heavily on illegal downloading •MIPI, Australia, April 05 “There can be no doubt that the ISP industry's dirty little secret is how much revenue they derive from the traffic in unauthorised sound recordings.” Legal regimes for intermediary liability - 1 “Total liability” – China etc – state censorship arm – Original Australian Broadcasting Amendment Services (On Line Services) Act 1999, re porn only – amended “No Liability” or “Total immunity” – US CDA 1996 c 230 (c) re publication libellous, obscene, negligently misstating content not copyright: “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another content provider“ – Problems – no incentive for ISP/host to pay any attention to rights of victims, even on explicit notice – see Zeran v AOL , 1997. Legal regimes for intermediary liability 2 – limited liability Compromise. Encourages self regulation by intermediary. US DMCA (copyright only) and EC ECD (“horizontal”) both espouse functionality immunities for online intermediaries “Mere conduit” immunity “Caching” immunity “Hosting” immunity. Most controversial. Main issue is notice and take down (NTD) “Linking/informational or locational tools” immunity – found in DMCA but not in ECD. Is linking liability something that would logically extend to P2P intermediaries as well? Do P2P intermediaries have benefit of these regimes at all? Apparently not in US: see Napster, Aimster later. EU? Lack of linking liability provision in ECD makes it unlikely. Notice and take down •Essence of limited liability regimes is that intermediary is immune from liability as host/publisher unless receives constructive or actual notice of illegality. •Both ECD and DMCA then demand “expedient” take-down (what is “expedient?”) •Key issue: how far does NTD operate as privatised censorship and invade public domain? Does intermediary have any incentive to check validity of claim? •Oxford “mystery shopper” found no incentive to investigate. Dutch research found 70% take down without enquiry by Dutch ISPs of public domain text. •DMCA does help by demanding rightsholder authorisation of take down, and good faith pledge - not found in ECD •DMCA also provides safe harbor to intermediary against breach of contract claims by site taken down – not in ECD Put-back and public scrutiny •If evidence true, are there ways to safeguard NTD against unfairly repressing public domain/fair use/fair dealing? •Put-back in DMCA in practice rarely used – C&Ds tend to be accepted/settled, due to superior firepower. •Could a body like Internet Watch Foundation usefully adjudicate copyright take-down requests? Unlikely – see EC Rightswatch research. •Oxford research suggests criteria for self regulatory decisions, such as transparency, public accountability, audit, independence, independent appeals mechanism. Also suggest accreditation by sector regulator as fair system. P2P intermediaries 1. Centralised index P2P intermediaries eg first Napster 2. De-centralised model eg Grokster/KaZaA – user nodes, super-nodes 3. BitTorrent – files downloaded in chunks, every downloader also uploader – hubs point to torrent files, tracker sites point to users. eXeem is eg P2P implementation. 4. Freenet – encrypted files, also chunked, anonymised users. 5. “Open source” intermediaries eg BitTorrent – cf proprietary intermediaries, eg, Napster, KaZaA. Copyright liability and P2P intermediaries •Can P2P intermediaries be held to be liable for infringement of copyright by their users? •Varying standards: •US – contributory and vicarious liability •Canada and Australia – authorisation of infringement •Netherlands – general tort law? Contributory and vicarious liability – the US Direct infringement by primary user •Contributory: knowledge of the infringement and material contribution •Vicarious: right and ability to supervise and financial benefit But – substantial non-infringing uses Sony Betamax case •Staple article of commerce doctrine •Sale of copying equipment does not constitute contributory infringement if it is used or capable of substantial non infringing uses Napster • Napster had actual knowledge of infringing uses through provision of centralised server. • Where there is actual knowledge, it is irrelevant that the product is capable of substantial non-infringing uses • Material contribution to user infringement through provision of site and facilities • Centralised architecture gave it the right and ability to supervise and control users • Tried to develop a filter to stop the movement of infringing files… Aimster •Architecture decentralised – Aimster had no copies on its servers - information as to location of files on computers of users. •Aimster software searched for files •Communications encrypted •Used for substantial non-infringing uses – but no evidence (burden of proof on defendant) •Merely being capable of substantial non-infringing uses not enough •Consider ability of & costs to service provider in preventing infringement by users •Wilful blindness (encryption) amounts to knowledge of infringement Grokster Decentralised system: Each user maintains an index only of files to be made available to other users •Capable of substantial non-infringing uses •No control over users so no vicarious liability •Could not know of infringement at time when it occurred •Constructive knowledge enough if lacking substantial non-infringing uses, but actual knowledge of specific infringement needed if there are substantial noninfringing uses Grokster in the Supreme Court 29th March 2005 Does a defendant invoking the Sony defence have to show that the technology is capable of, or actually does, support substantial non-infringing uses? Petitioners' Argument Under the Sony rule, Grokster should be found liable: unauthorised copying of works was "the only significant use of Grokster" Even if there were non-infringing uses – these were dwarfed by infringing uses: look at the proportion of legitimate to illegitimate uses. Grokster should be excused only if the business model was not substantially related to infringement (see also Government support of Petitioners - the developer should show that it is "not involved in a business significantly related to copyright infringement.") Have reasonable steps been taken to deter infringement? On relying on the actual inducement test "These companies already operate in the shadows," "The paper trail won't exist next time." Respondents' Argument Sony decision important to protect innovation Grokster software is clearly within rubric of "substantial noninfringing uses." (Cf Aimster which found no substantial noninfringing uses of a P2P file sharing program) Grokster not liable under ‘wilful ignorance’- never in possession of information regarding how its software is used. The technology was structured in such a way that the developers had nothing to do with the users once they obtained the software. Safe Harbor •Transitory communications – transmitting/routing or providing connections for materials through system or network •System caching – intermediate and temporary storage of material •Information location tools – referring/linking to an online location containing infringing material Proviso – where there is knowledge prevent the use of the service by repeat infringers NTD regime not satisfactory as a regime of protection for P2P intermediaries •Napster – attempts resulted in closure •Aimster – said it did not know what users were doing – but included tutorials •Grokster – not considered in detail – could not know of uses at time at which they took place - control had been ceded to users Netherlands Buma/Stemra v KaZaA KaZaA not liable for copyright infringement in relation to works swapped between its users •‘The provider of [P2P] file sharing software as the one in issue cannot itself be held liable for infringement of copyright. The provider may in certain circumstances be liable for a wrongful act’ •‘a service provider …may… be [required] to take adequate measures when the service provider is notified of the fact that one of the users of its computers system is committing copyright infringements..’ Requiring what? Termination of a users account? Takedown? But where control is ceded to the user and there is no further involvement from the provider? Canada Authorisation of infringement (sanction, approve or countenance) Could royalties be collected from ISPs in Canada for downloading by users? Did the ISPs authorise the infringement? •‘a person does not authorise infringement by authorising the mere use of equipment that could be used to infringe copyright. Courts should presume that a person who authorises an activity does so only so far as it is in accordance with the law…’ •‘an ISP is entitled to presume that its facilities will be used in accordance with the law’. Could be rebutted by knowledge – e.g. notice of infringing posting and ‘failure to take it down’. But where control is ceded to the user and there is no further involvement from the provider? Australia – KaZaA litigation Moorhouse test – sanction approve countenance or permit ‘inactivity or indifference exhibited by acts of commission or omission’ might be enough Must know – or have reason to suspect that infringing activity would take place •‘a person who has under his control the means by which an infringement of copyright may be committed…and who makes it available to other persons, knowing, or having reason to suspect, that it is likely to be used for the purpose of committing an infringement, and omitting to take reasonable steps to limit its use to legitimate purposes, would authorise any infringement that resulted from its use’ What might this require P2P intermediaries to do? Would warnings be enough – as with photocopier notices? But where control is ceded to the user and there is no further involvement from the provider? Notice and architecture Architectural differences – crucial Napster – knowledge and technically capable of removal KaZaA and Grokster – no knowledge at time of infringing activities and no way of stopping those infringements Suing downloaders and uploaders Downloaders •Downloading/making private copies is not unlawful in all jurisdictions: •Canada – a levy system ‘all private copying is now exempt subject to a corresponding right of remuneration’ •France – downloading films and music from the internet, copying onto CDs and sharing ‘with a few friends’ – not commercial use. How many friends? Downloaders and uploaders •BitTorrent – downloading and uploading – who to sue? Uploaders Many individuals been sued – many of whom have settled. Hiding and Identifying the infringers Hiding the infringers Freenet – users remain anonymous through its architecture and makes process of identification hard Identifying the infringers Should disclosure be mandated by courts? Pre litigation? Standard of evidence? Where is the balance between privacy and disclosure? How much evidence of infringement should be required to justify disclosure? UK – Totalise v Motley Fool (libel) – court ordered disclosure notwithstanding data protection. BPI action – 28 individuals disclosed US – DMCA s 512(h) – empowers ISP to disclose ‘notwithstanding any other rule of law’; Cf. Dendrite v John Doe No. 3. – (libel) plaintiff must show winning case before disclosure would be mandated; RIAA v Verizon – DMCA procedure does not apply where ISP acts a conduit Canada - BMG v John Doe – ‘the public interests in favour of disclosure must outweigh the legitimate privacy concerns’ Unresolved issues •Actual or constructive knowledge? •When is knowledge relevant? •How much positive action should be taken? •What of wilful blindness? •What is meant by authorisation? •Relevance of actual or potentially non-infringing uses? •What happens where users are downloaders and uploaders? •Decentralised anonymised systems make identification problematic •Who is liable for open source systems? •NTD regimes not helpful or relevant Alternative solutions? •Levies Giving up on copyright; majority pay for minority; double pay where DRM; not intended to compensate for unlawful use; loss of control; administrative problems; ignores market; Better than more regulation where enforcement is impossible; administration could be managed; deploy technology to collect levies? •Digital Rights Management Complex contractual matrices; fair use/dealing; capable of circumvention •Active inducement theory The inducement is likely to be hidden – Grokster "These companies already operate in the shadows," "The paper trail won't exist next time." •Join the club Managed downloading sites •Shaping the technology? Balancing the interests •Intermediaries; content providers; rights holders; technology developers; public interest •Time for a change in emphasis? •From limited liability NTD to…? For more information: http://www.law.ed.ac.uk/ahrb Email: itandip@ed.ac.uk AHRC Research Centre for Studies in Intellectual Property and Technology Law School of Law University of Edinburgh Old College Edinburgh EH8 9YL