In the United States, Congress has granted ISPs and other "service providers" broad immunity from liability for defamation and limited immunity for copyright infringement. The Communications Decency Act of 1996 states that "[n]o provider...of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider," thus shielding ISPs from liability as publishers, even if they exercise control over the content. Likewise, as discussed in our April 11, the Digital Millennium Copyright Act of 1998 provides that an "online service provider" shall not be held liable for copyright infringement if it qualifies under any of the safe harbors created by that statute.
Pursuant to these statutes, federal courts at all levels have uniformly held that ISPs may not be held liable for copyright infringement unless they have "actual knowledge" of the infringement (an unlikely possibility, absent some formal notification by the copyright holder) or for defamation (even if the ISP has actual knowledge that the content is defamatory).
In other parts of the world, however, ISPs face the ever-present danger of being held liable for defamatory or infringing content posted by users of their services, even when the ISPs are acting as mere conduits of information. This presents a significant problem for ISPs, and conversely a significant opportunity for U.S. companies and individuals who wish to obtain injunctive or monetary relief from ISPs who provide access to actionable content.
For example, on April 12, 2000 in Hit Bit Software GmbH v. AOL (German-language text ; English-language summary), a Bavarian state court in Munich, Germany found AOL liable for copyright infringement. Hit Bit sued AOL in 1998 after it learned that AOL users were downloading copies of Hit Bit's copyrighted digital music files for free from web pages located on AOL's servers. According to AOL, which vowed to appeal the ruling, AOL blocked access to those web pages as soon as it realized copyright violations were occurring there. Hit Bit has sought the equivalent of $50,000 in damages.
Similarly, in Novell Inc. v. Renaat, C. (February 16, 1999), the owner of a Belgian bulletin board service (BBS) was found criminally liable for copyright infringement by hosting Novell software that had been downloaded by users of his service. The Belgian Criminal Court reasoned that because the defendant owned and operated the BBS, he should have taken precautions to store the copyrighted software in a place where BBS users could not download it. The court contended that such a measure was technically possible for the BBS owner due to his "long experience in the field."
Further, in Godfrey v. Demon Internet Ltd.,  E.M.L.R. 542, an English judge prohibited a defendant ISP from asserting as an affirmative defense for defamation that the ISP was merely acting as a conduit of information posted by another. In this case, a defamatory statement, which was originally posted to a Usenet newsgroup in the United States, was routed to the defendant ISP's servers in England. After the victim of the defamatory statement became aware of it, he requested the English ISP to remove the statement from its servers. The ISP did not take any affirmative steps to remove the statement; instead, it permitted the statement to expire from its servers in the normal course of business - approximately two weeks after first receiving the posting. The Court held that, under applicable English law, the ISP's defense was "hopeless" and struck it from the defendant's pleadings. On March 30, 2000, the ISP agreed to settle the case by paying the victim of the defamatory statement the equivalent of $24,000 for actual damages, plus an estimated $320,000 in legal fees.
ISP liability is not limited to Europe. In Australia, the High Court's opinion in APRA v. Telstra, a case involving the "broadcast" of "music-on-hold" over telephone lines, also raised the possibility that ISPs could be found liable for copyright infringement based on content posted by their users, barring an Act of Parliament. The principle of ISP liability for the transmission of copyrighted material by an ISP to its subscribers would have been specifically addressed in the Australian case of APRA v. OzEmail, but that case was settled before trial.
The days of broad ISP liability in foreign nations, however, may be numbered. It appears that the 15 European Union (EU) member states may be coming to terms with the inherent difficulties of holding ISPs liable for content posted by others. In the current draft of the E-commerce Directive, (also discussed in our March 14, 2000 Internet Alert), the EU has proposed that where an "Information Society service" (or ISP) acts merely as a "conduit" of information, and it neither "select[s] [n]or modif[ies] the information contained" in a "transmission," an ISP "shall not be liable...for the information transmitted." Such a provision would bring EU law into closer alignment with U.S. law.
Similarly, the Australian Parliament has responded to this controversy by proposing legislation entitled the Copyright Amendment (Digital Agenda) Bill 1999. That proposed statute, if enacted, will provide greater certainty about the responsibilities ISPs have to copyright owners. Under the proposed Digital Agenda Bill, an ISP would not be held liable for infringement when it merely provides the facilities to enable the infringement to occur. ISP liability for direct copyright infringement would also be limited to ISPs responsible for "determining the content of the communication." Because ISPs generally allow communications to pass through their servers without "determining" its content, an ISP will not generally be in a position of violating that provision. If an ISP does take some control over allegedly infringing content, however, such as by editing communications, it may expose itself to liability for copyright infringement. The proposed legislation would not, however, discourage the filtering out of pornographic and other offensive web sites. An Australian ISP would be liable under the proposed legislation only if it edited the specific offending content; it probably would not be liable for blocking or monitoring various types of content generally.
ISP liability has become a rapidly-evolving issue, with different jurisdictions going in different directions. For the time being, however, a U.S. company's inability to sue an ISP in the United States does not necessarily mean that such company might not be able to sue that same ISP outside the United States based on the identical facts, so long as personal jurisdiction can be established over that ISP in the relevant foreign jurisdiction. For ISPs, this means that they cannot rely solely on statutory protections provided under U.S. law; they must take other steps, to the extent available, to protect themselves under foreign laws as well.