Despite the fading of the dot-com bloom, analysts report that increasing numbers of companies across the world are taking advantage of the Internet's global reach to buy and sell products, provide services and support, and communicate with customers, prospects and the public. The continued growth in online activity, both by web-based and traditional bricks-and-mortar companies, has led to an increasing number of cases and legislative initiatives dealing with the extent of liability arising from online activities.In previous Internet Alerts, we have discussed the safe harbor from copyright infringement claims under the U.S. Digital Millennium Copyright Act (see our April 11, 2000 Internet Alert), the exemption from other types of online liability under the Communications Decency Act (see our December 5, 2000 Internet Alert) and similar exemptions from liability under the European Union's E-commerce Directive (see our March 14, 2000, April 28, 2000 and July 16, 2002 Internet Alerts). In this Internet Alert, we will discuss a number of recent cases and legislative initiatives throughout the world that have limited or, in some instances, extended the principles established under these laws. While none of these developments formally rescinds the service provider protections offered by these laws, the ways in which they have been applied and the various efforts at limiting their effect may have a significant impact on the liability that online service providers face in the future.
Take-Down Provisions of the DMCA.
The Scientology Cases. The Church of Scientology owns copyrights in many of its scriptural materials, and has traditionally protected these rights aggressively. It was the Church's successful lawsuit against ISP Netcom in 1995 that contributed to the adoption of the safe harbor provisions of the DMCA, which protect online service providers from liability for infringing content posted on their sites by third parties (or for linking to infringing content on other sites) if they take down that content (or remove the link) when notified by the copyright owner. It is this "take-down" feature of the safe harbor that has attracted significant attention in recent months, again due to the enforcement activities of the Church of Scientology.
Earlier in 2002, the Church notified the popular Google Internet search engine that Google was permitting access to Xenu.com, a Norwegian site critical of Scientology that was illegally displaying the Church's copyrighted material. The Church requested that Google take down its links to the site, and Google complied in order to retain the benefits of the safe harbor under the DMCA. Most recently, the Church brought its fight against Xenu.com to the Internet Archive, a digital library of stored webpages. Under pressure from the Church, the Internet Archive removed all Xenu.com pages from its archive, whether or not they included the Church's copyrighted material. First Amendment advocates have criticized both the Church's tactics and the provisions of the DMCA that require site operators to take down allegedly infringing materials in order to retain their protection from liability.
Peer-to-Peer Complaints. Another set of "take down" complaints against ISPs is brewing in the context of peer-to-peer (P2P) file sharing (the swapping of digital music or video files among individual users). The music publishing industry has waged a lengthy and successful campaign against P2P operators such as Napster, Aimster and their ilk. However, even with the demise of the major P2P services, hundreds of smaller services still permit individual users to swap copyrighted files illegally. In an effort to curtail this activity, the Recording Industry Association of America (RIAA) has begun to bring actions against ISPs and backbone providers to shutdown access to infringing sites and to gain information about individuals who may be engaged in infringing activities. In June, the RIAA sued AT&T, WorldCom and Cable & Wireless to block access to a Chinese website illegally distributing pirated music. Though the suits were dropped when the site went offline, service providers are becoming increasingly uneasy about both their expanding role as the enforcement mechanism for copyright owners and the potential liability that may arise from that role.
WorldCom and State Porn-Blocking Statues. In September, a court in Pennsylvania ordered WorldCom to block access to websites allegedly showing child pornography, under a new state law requiring ISPs to disable access to child pornography sites. This is the first such order under the Pennsylvania law, which is unique in the United States and potentially imposes significant additional obligations on ISPs. In this case, WorldCom was not the host of the sites in question, nor were the sites hosted in Pennsylvania. Nonetheless, given the linked and seamless nature of the Internet, the sites were accessible through WorldCom's ISP service, thus subjecting WorldCom to the Pennsylvania statute. Apparently, other ISPs have also been requested to block access to these sites, and have complied voluntarily. While Pennsylvania is the first state to have enacted porn-blocking legislation, others, such as Arkansas, South Dakota and South Carolina, have statutes requiring ISPs to report instances of child pornography that they discover. Given the current political climate, it is likely that additional states will adopt similar legislation in the near future.
Matchmaker.com and the CDA Safe Harbor. In Carafano v. Metrosplash.com , a U.S. District Court in California held that the operator of the Matchmaker.com website was responsible for the posting of fake "profiles" of Christianne Carafano, a film and television actress, by anonymous users. Matchmaker.com argued that, under the safe harbor provisions of the Communications Decency Act, it should not be liable for the content posted by its users. The safe harbor, which we discuss in our December 5, 2000 Internet Alert, provides that an information service provider is not liable for content that it makes available online so long as it is not responsible, in whole or in part, for the creation or development of the content. This safe harbor has been used successfully to insulate online merchants such as Amazon.com and eBay from liability for defamatory and otherwise illegal materials distributed and published using their services. In this case, however, the court found that Matchmaker.com was partially responsible for the false profiles because they were created using a 62-question survey developed by Matchmaker.com, and Matchmaker.com individually approved all photographs submitted with the profiles to ensure that they were consistent with its policies. Although Matchmaker.com did not review or approve the text of the profiles, the court held that Matchmaker.com differed from a traditional bulletin board or other passive online provider in that it took an "active role in developing the information."
"Unlawful Hosting" and the European Convention on Cybercrime. In another apparent contradiction of the EU E-commerce Directive, the Council of Europe (an organization of 43 European countries spanning both EU and non-EU members) has renewed its efforts to introduce the principle of "unlawful hosting" to the European Convention on Cybercrime (see our December 4, 2001 Alert). This principle, which was initially omitted from the Convention in response to pressure from the United States and other participants, would criminalize the hosting of any website that bore xenophobic or racist content, and would require hosting service providers to shut down such websites. The United States has argued that such a provision would directly violate the First Amendment of the U.S. Constitution, and could not be enforced, even if applicable only to non-U.S. websites. Nevertheless, some European countries that currently have strong anti-racism legislation support the re-introduction of the unlawful hosting concept to the Convention.
UK Court permits 'ISP intercept'. NTL is a U.K. cable company that provides interactive services including the Internet. To avoid the routine destruction of stored emails once they had been read by service users, the emails had to be transferred to a different address. Using their statutory powers, police in the U.K. made a request for evidence from NTL in respect of one particular email address. To comply, NTL would have to capture and store transmitted data. NTL sought to resist the request on the grounds that, if it took the technical steps necessary given its system architecture without an order of the court, it could be committing an offense under the U.K.'s Regulation of Investigatory Powers Act 2000 (RIPA). That section makes it an offense to intercept without lawful authority any communication in transmission over a public telecommunication system. On an appeal by NTL, it was held that NTL would not be committing an offense under RIPA if it were acting in response to a lawful request from the police. It was held to be implicit in the will of Parliament when passing the RIPA legislation that a person served by police with an "evidence" application could lawfully take the steps necessary to preserve that evidence until the court decided whether or not to make an order.
Given these developments and the likelihood of continuing change, both legislative and judicial, it is important that all online service providers consider the potential for intentional and unintentional harm that may be caused by the activities of their users and not to assume, without careful consideration, that they will be insulated from liability in respect of these activities.