By Margot Kaminski, originally posted on Intellectual Property Watch.
The role of online intermediaries in copyright enforcement is on the international negotiating table. The topic arose in early drafts of the Anti-Counterfeiting Trade Agreement (ACTA), and has come up again in the plurilateral Trans-Pacific Partnership Agreement (TPP), for which negotiations just took place in Peru.
Online intermediary liability is currently unaddressed by multilateral agreements. TRIPS [the World Trade Organization Agreement on Trade-Related Aspects of Intellectual Property Rights] does not contain digital enforcement provisions on intermediary liability; neither does the WIPO Copyright Treaty. It’s clear, however, from the self-annihilating storm over ACTA’s digital enforcement chapter and the initial rumblings over the leaked US-proposed chapter for the TPP that intermediary liability is up for discussion.
Online intermediaries are the pipes and platforms of the internet: the ISPs that provide internet access, and the platforms that host user content. Figuring out how much to make intermediaries liable for user behavior, if at all, is a tricky business. Zero intermediary liability might make intermediaries abscond from content management – or they might be more inclined to manage content well because they won’t be held accountable for any mistakes.
Holding intermediaries liable for users’ actions creates problems. Intermediaries’ interests are not perfectly aligned with user interests, so when intermediaries are liable, they are likely to do a number of things that are bad for users. These include censoring content, taking down legitimate content, choking innovative technology built on their platforms, performing surveillance on users, and generally inadequately weighing user privacy, freedom of expression, or the value of innovation for society. Users are not just individuals: they’re also other companies with innovative business models running up against questions unaddressed by current law. A bad intermediary liability scheme impacts the whole economy.
There are many ways of dealing with intermediaries. Countries can avoid holding intermediaries liable for user actions entirely, as the US does in the Communications Decency Act, which addresses user activity that isn’t copyright infringement. Countries can also choose to require takedowns of content, but with more due process than occurs in the United States, ordering takedowns only after going through a court, as Chile does.
There have been, loosely counting, four recent trends in the push for international intermediary liability: the export of notice-and-takedown from the US, the rise of graduated response, the rise of private ordering (agreements between businesses, outside of government or user accountability), and perhaps most troubling, criminal liability for intermediaries. The proposed US PROTECT IP Act’s model of ordering interference with domain name resolution and just-proposed Stop Online Piracy Act’s similar model has not yet been appearing in draft or final versions of international agreements, except inasmuch as criminal intermediary liability has been proposed.
Countries appear reluctant to standardize graduated response, and treaty language encouraging private ordering is loose enough that governments can get around it, for now. So the main focus of discussion should be on two things: notice-and-takedown, and criminal intermediary liability.
I do not advocate implementing universal notice-and-takedown. Standardizing safe harbors encourages the recognition of intermediary liability, and we may want to leave countries more room to figure out exactly what works best for them and their constituents. But if countries do recognize intermediary secondary liability, safe harbors can be important. So it’s important to understand what that exported version currently looks like.
Notice-and-takedown established through free trade agreements looks like the Digital Millennium Copyright Act (DMCA), but not quite. USTR has been quietly exporting a version of the DMCA that lacks important balancing provisions or the nuance of US caselaw. It’s important for negotiating countries to know exactly what they’re getting, which is a DMCA without the full range of checks and balances.
What’s being exported isn’t necessarily inconsistent with US law, and the U.S. won’t implement any inconsistencies, so that’s not the issue – it’s just missing things, or misrepresenting the status of U.S. law. On the one hand, vague language can leave signatory countries the ability to implement laws tailored to their values and priorities. On the other, signatories often implement the text of trade agreements almost verbatim, so leaving balancing provisions out of the agreements means they won’t make it into other domestic laws.
The DMCA limits intermediary liability if the intermediary takes down infringing material when it’s notified, and puts material back up in response to users’ saying that it’s not in fact infringing. The DMCA is really a system of notice-takedown-notice-counternotice, often just referred to as notice-and-takedown. The DMCA incentivizes intermediaries to promptly notify users when content is taken down and to put the material back up within 14 business days, because otherwise intermediaries may be liable to the users for takedowns.
Where counternotice appears in the free trade agreements, there’s no specific timeline for content restoration. If there’s no specific timeline, intermediaries can sit on counternotifications with no consequences. Countries signing these agreements may want to include an outside window for content restoration, or at least include such a window in their implementation.
The DMCA also contains a mechanism for punishing abuse of the takedown system: liability for knowing material misrepresentations that content is infringing when it’s not. This was not included in the proposed draft of notice-and-takedown for ACTA. Free trade agreements include it, but lack clarification that damages should include costs and attorneys’ fees, and that the intermediary can also sue for damages, not just the user. This provision has been successfully used in the US as a way of punishing content-owners who go after clear fair uses of their works.
The DMCA is not great on privacy protections, but it’s still stronger than the free trade agreements. The free trade agreements require parties to establish a procedure enabling copyright owners to obtain user-identifying information from intermediaries. First, in practice, US courts have held that this doesn’t apply to ISPs acting as mere conduits. That limitation is missing from the free trade agreements. Second, this pre-litigation procedure, a subpoena, exists in the DMCA, but to obtain identifying information the content owner must submit a sworn declaration that the purpose of the subpoena is to obtain the identity of an alleged infringer, and that the identifying information will be used only for protecting copyright. These requirements prevent misuse of the system for non-copyright purposes, and wider misuse of user-identifying information once it’s obtained. Ideally, any pre-litigation subpoenas should require an initial prima facie showing of copyright infringement. But at the very least, the DMCA restrictions on identity use should be conserved in export.
The DMCA also contains two more explicit privacy protections. Limitations on liability are expressly not conditioned on monitoring users, and this is usually included in the free trade agreements. Limitations are also, however, not conditioned on gaining access to user material when accessing such material is prohibited by law. This second provision is left out of the free trade agreements. The 1998 US Copyright Office Summary of the DMCA explains that this second privacy provision prevents service providers from violating US wiretap law, prioritizing privacy over copyright enforcement.
Then there are injunctions. Under the DMCA, a court considering blocking material or terminating user accounts through an injunction must consider a variety of factors that are paraphrased but not quite captured in the FTAs. The DMCA and free trade agreements both ask courts to consider the magnitude of harm to the copyright owner, and both ask courts to consider whether less burdensome but equally effective means exist. However, the free trade agreements don’t ask courts to look to the potential combined burden to the intermediary from multiple injunctions, while the DMCA does. The DMCA also requires consideration of not only whether an injunction is technically feasible and effective, but whether it will interfere with access to non-infringing material at other online locations. This is missing from the free trade agreements and could impact sites like search engines.
There are at least two areas of the DMCA where statutory language is not representative of the current status of US practice. These concern the requirement that intermediaries adopt and reasonably implement a policy for terminating the accounts of repeat infringers, and the requirement that intermediaries accommodate standard technical measures for identifying or protecting copyrighted material.
The caselaw on having a policy for terminating the accounts of repeat infringers is mixed; US courts have held that notice from a content owner alone is not enough to determine that somebody is a repeat infringer. And there are, in practice, no standard technical measures established in the US, in large part because the statutory language around establishing such measures is so strong. The DMCA version of this language includes requirements that technical measures be developed “pursuant to a broad consensus of copyright owners and service providers in an open, fair, voluntary, multi-industry standards process.” In the free trade agreements, the process for establishing technical measures need not be “fair” or “multi-industry,” and the agreements require a “broad consensus of interested parties” rather than between copyright owners and service providers. This language makes it more likely that technical measures will be set internationally by copyright owners alone. The free trade agreements also lack language saying that such technical measures must be available “to any person”, saying just that they must be made “available” on nondiscriminatory terms.
Finally, all of the DMCA is subject to fair use, and recognition of limitations and exceptions to be developed in the digital environment is not included in most free trade agreements. Intermediaries don’t need a safe harbor from liability if their users are shielded by fair use, and as mentioned, abusers of the system in the US can be punished for knowingly misrepresenting that fair use content is copyright infringing.
Apart from the half-hearted export of the DMCA, a second concerning trend in international intermediary liability is the potential rise of criminal intermediary liability. All of the problems inherent in imposing intermediary liability are exacerbated when the liability is criminal, in part because no safe harbor exists. And it is not clear where such secondary criminal liability exists in US law, so the rush to standardize it internationally is perplexing.
In the signed version of ACTA, parties are required to ensure that criminal liability for aiding and abetting is available, and must establish the liability, “which may be criminal,” of legal persons. This two-pronged requirement could establish intermediary liability for criminal infringement by users. Criminal liability in the form of “aiding and abetting” did not appear in earlier free trade agreements; it does, however, appear in the currently negotiated US draft chapter of the TPP.
This is troubling because such language is proposed by the United States, but is not clearly established in US law. There’s no US statutory requirement for intermediary liability for criminal user actions, so any intermediary criminal liability for “aiding and abetting” must come out of common law, which traditionally requires a tight nexus between the mental state of the indirect actor and the ultimate criminal act committed by somebody else. Recently, domain name seizure by the Bureau of Immigrations and Customs Enforcement (ICE) in the United States has been done when a magistrate judge finds that there is probable cause to believe the website criminally violates US copyright law. Litigation in those cases, however, is currently pending, and the issues they raise are far from settled in US law.
This proposal for standardizing criminal aiding and abetting is coupled with lowering the international standard for criminal infringement. Intermediaries should be worried about both the drop of standards in what constitutes individual criminal infringement, and the implications for them if “aiding and abetting” such infringement is a crime.
Intermediaries impact innovation, privacy, and freedom of expression. Experimentation with intermediary liability regimes may lead to more effective and fairer procedures, with greater protection for users. But if we do move towards internationally uniform notice-and-takedown, we must be sure to include appropriate balancing measure to prevent privacy violations and undue censorship of user content. And criminal liability for intermediaries is something that shouldn’t be on the table at all.
Margot Kaminski is Executive Director of the Information Society Project at Yale Law School.