Bitlaw

ISP Liability

Executive summary:

Executive Summary: This section discusses potential sources of liability for Internet service providers. Internet service providers (or "ISPs") provide Internet access service to customers in exchange for a fee. ISPs also store data for their customers' use, such as on a Usenet newsgroup server or a world wide web server. In general, as the following discussion reveals, ISP liability can be summed up in three words: "ignorance is bliss." ISP liability for the activities of its customers is generally based on a knowledge of the customer's activity. If the ISP is unaware of the behavior of its customer, most courts seem reluctant to hold the ISP liable for that behavior. However, once the ISP becomes aware of the customer's activity, or should have become aware of the activity with reasonable diligence, courts are much more likely to hold the ISP liable for its customer's actions. In addition to ISP liability, most of the following discussion is equally applicable to service providers who do not connect directly to the Internet, such as bulletin board operators and proprietary information providers.

BitLaw's discussion of Internet service provider liability is continued in the following subparts:

This page was written in part by Brad Bolin, an intern working for Daniel A. Tysver.

Copyright liability concerns for internet service providers:

A party is guilty of copyright infringement if they violate one of the five exclusive rights given to copyright owners under the Copyright Act (as is explained in more detail in the BitLaw discussion on the scope of copyright protection). Included in those rights are the right to prevent others from reproducing (or copying) a work, publicly displaying a work, or distributing a work. It is clear that on-line service providers will be liable for copyright infringement if they are directly involved in the copying of protected material. For example, if a service provider were to place an electronic copy of the latest best-selling novel (or a pirated copy of Microsoft Word) on their bulletin board or web site, they would be guilty of copyright infringement. In these circumstances, an ISP is no different than any other party.

However, Internet Service Providers can be found liable for copyright infringement even where they are not directly engaged in the copying of protected materials. For instance, ISPs are responsible for equipment, such as a computer operating as a server, that is capable of making copies without any direct involvement of any person. Consequently, one relevant question is: "when is an ISP liable under copyright law for the copies made by its equipment?" As one example, the newsgroup servers controlled by ISPs make thousands of copies of newsgroup files everyday. Although some of these files undoubtedly contain copyrighted materials, no ISP has yet to be found guilty of copyright infringement merely for the unknown, autonomous action of their newsgroup servers.

Nevertheless, an ISP must be aware of the theories under the Copyright Act by which a party can be held liable for infringement even if they do not directly take part in the copying or distribution of a work. Under the concept of "contributory infringement," a party may be guilty of copyright infringement when they cause or contribute to the infringing conduct of another with knowledge of the other party's infringing activities. In addition, under the concept of "vicariously liability," a person may be liable for the infringing actions of another if the person has the right and ability to control the infringer's acts and receives a direct financial benefit from the infringement. Vicarious liability can be established without the defendant having actual knowledge of the infringer's activity. Under these two theories, it is possible for an ISP to be held liable for copyright infringement, even if the ISP was not directly involved in making the infringing copy.

Copyright liability--recent cases:

The potential liability of ISPs for the activities of others was explored in Religious Technology Center v. Netcom, a California case decided in 1995. In that case, files containing copyrighted materials owned by the Church of Scientology were placed on an Internet newsgroup through a newsgroup server controlled by Netcom (an ISP). The user that placed the files on the Internet actually utilized a local bulletin board service (BBS) that provided Internet access through Netcom. The Church requested that the BBS and Netcom deny access to the individual involved, and that they remove all documents containing Church materials from the servers they controlled. When both the BBS and Netcom refused, the case went to court. The court found that neither the BBS nor Netcom had directly infringed the Church's copyrights, since neither party had taken any affirmative steps to cause the copies to be made. Although the computer systems of both parties operated automatically to receive and transmit the postings of subscribers, the court found that this is not enough to establish a direct infringement claim. On a claim for vicarious liability, the court also found against the Church, finding that there was no direct monetary reward to either Netcom or the BBS for the posting of infringing materials. However, the Court found that Netcom may be liable to the Church under the theory of contributory infringement by materially contributing to the infringement of the user. Although the court recognized that there could be no liability even under the contributory infringement theory unless Netcom knew of the infringement, the court stated that if Netcom knew or should have know about the presence of the copyrighted materials on its server and failed to remove them, that failure could amount to contributory infringement. The notice that the Church provided to Netcom may have been enough for Netcom to be liable for its failure to act on that notice. Unfortunately, before this final issue could be determined by the court, the parties settled the lawsuit.

Cases decided since Netcom have followed the Netcom court's analysis. For instance, a bulletin board operator who knowingly allowed his users to upload and download copyrighted SEGA games was determined not to be a direct infringer of SEGA's copyrights. However, since the BBS operator knew about the copies, and developed a scheme to actively encourage the uploading of such copies, he was found guilty under the theory of contributory infringement.

Earlier cases, however, have implied an even greater liability for BBS operators and ISPs. In the case of Playboy Enterprises v. Frena, a BBS operator whose bulletin board contained copyrighted photographs owned by Playboy was found liable of violating the right to display and publish the photographs. This was true even though the BBS operator did not make the copies himself, and in fact was never proven to have knowledge of their existence. In effect, this case held the BBS operator liable merely for providing a means by which copies (made by others) could be distributed to the public. If this logic were extended to ISPs in general, an ISP could be held liable for its members activities on the ISPs web and newsgroup servers, even without knowledge of such activity. However, it is unlikely that such a ruling would ever be made given the major impact such a position would have on the expansion of and access to the Internet.

Trademark liability:

ISPs are liable for their own activities that constitute trademark infringement (for more information, see BitLaw's trademark infringement discussion). As a result, if an ISP were to advertise their services under a trademark that is confusingly similar to a mark of another party (such as Netcomp, IBMLink, or CompuService), they would be exposed to charges of trademark infringement. In addition, if an ISP's own web page contained the trademarks of another, the ISP's use of those marks would be analyzed like any other web page owner (see BitLaw's discussion on Internet trademark infringement for more information).

ISPs are in a slightly different position when one of their customers misuses a trademark of another. In this case, the ISP may very well face possible liability under the theory of contributory trademark infringement. Much like contributory copyright infringement, contributory trademark infringement liability may exist where the ISP causes or contributes to the infringing conduct of another with knowledge of the other party's infringing activities. Although such a case has not yet been analyzed by any court, one can imagine a situation where an ISP is notified of trademark infringement on one of its customer's web pages and yet fails to act on this notification. By analogy to the Netcom decision discussed in connection with recent ISP copyright cases above, the ISP in this case may in fact face legal action for trademark infringement.

Contract and Fraud:

When America On Line announced that it was shifting to a flat-rate billing policy, AOL's proprietary and Internet access services were overwhelmed. Customers who tried to dial in were often greeted by busy signals, and access to the Internet was very slow. Although AOL's performance improved, that did not stop frustrated customers from bringing lawsuits against the company. These suits alleged that AOL knew that their service would be overloaded, but nonetheless went ahead with the flat-rate plan. The suits alleged that AOL was in breach of its contracts with its customers (by not providing the agreed upon service) and had committed fraud by knowingly misleading current and prospective customers.

At this point, AOL has not been found liable for its actions. However, the message for ISPs is clear. Deliver on all of the promises you make to your customers, and only promise what you can deliver.

Defamation:

Several years ago, the hottest legal issue relating to the Internet was defamation (a broad term encompassing slander and libel). This came as a result of two legal cases involving Prodigy and CompuServe.

In the Prodigy case, Prodigy was sued for defamation based upon the statements made by one of its customers in a Prodigy discussion group (or bulletin board). In determining whether Prodigy was liable for the defaming statements of its customer in this case, a New York state judge was left to determine whether Prodigy was a "distributor" of information, such as a bookstore or library, or whether Prodigy was a "publisher" of information, such as a newspaper. As a mere distributor, Prodigy would not be liable for the statement. In contrast, if Prodigy was considered a publisher (with greater control over the information's content), Prodigy would be liable. In a decision that shocked most on-line service providers, the judge held that, as a result of Prodigy's well-publicized policies of monitoring and censoring its forums, Prodigy was a publisher and was potentially liable for the defaming statement. Although the case was settled by the parties and Prodigy moved for a withdrawal of the judge's decision, the judge refused.

In the CompuServe case, a similar factual situation was encountered by a federal court. In this case, however, the court found that CompuServe acted merely as a distributor of information in its discussion groups, and therefore was not liable. It is important to note that CompuServe avoided liability because it did not know about the defaming statement, nor did it have any reason to know about the statement. If a distributor knows about a defaming statement and continues to distribute the information, liability is not so easily avoided.

In analyzing these cases, most commentators noted the irony that Prodigy was more likely to be liable for defamation because of the additional steps it took to control the content of its discussion groups. CompuServe did not attempt to monitor and control its discussion groups to the extent done by Prodigy, which made it easier for the CompuServe judge to find that CompuServe was merely a distributor of information. This lead many attorneys to advise their clients to avoid censoring such discussion groups, for fear of defamation liability. Such a hands-off approach can only increase the likelihood that defamatory statements will be made in the future.