This blog often features articles on developments in § 230 of the Communications Decency Act, or the Digital Millennium Copyright Act, but the significance – and nuance – of such rulings may not be immediately appreciable to many readers. Hopefully such posts are helpful to lawyers. However, they are important to non-lawyers and even only casual users of the Internet. In order to provide retroactive context to those articles and background for future ones, we provide this brief history of Internet-related laws.
In the two decades since the Internet reached large-scale consumer adoption, its role in business, recreation and every facet of life has been largely taken for granted. However, it interacts with the law in a number of ways that some might not expect. With services such as Google, Facebook and YouTube thoroughly integrated with every facet of life – with established brands as banal as Tide laundry detergent vying to be “liked” by you on facebook, to political campaigns posting videos directly to the user-generated video site – that it is easy to overlook the patchwork of federal law that allows the internet to operate.
Federal law embraced the internet with some of its existing measures, such as the Cable Privacy Act of 1984, 47 U.S.C. § 551 (requiring cable companies – which have today become internet service providers including Time Warner and Comcast – to provide notice to subscribers before turning over personally identifying information pursuant to a lawful subpoena). This law remains particularly significant in protecting anonymous activity and speech online, ranging from blog comments to the use of BitTorrent – all of which can be done without behind an IP address until the user’s internet service provider is subpoenaed and provides notice to its customer that his or her personally identifying information will be produced unless the subpoena is quashed.
Criminal law has also been instructive in shaping the law of the internet. The Stored Communications Act, 18 U.S.C. §§ 2701-2712, prohibits service providers such as Google and Facebook from turning over users’ passwords and internal messages (such as messages and chat logs from one Facebook user to another) without a court order. Additionally, hacking – a topic given great attention in the 1990s, but still persisting today – was made punishable with both criminal and civil penalties by 18 U.S.C. § 1030.
Perhaps the greatest tool of all for the internet, though, has been Section 230 of the Communications Decency Act, 47 U.S.C. § 230. Section 230 immunizes service providers like Yahoo and Google for the acts of its users. When someone opens a blogspot blog that allegedly defames someone, it is not Google’s fault – rather, liability falls on the shoulders of the blog’s author. Similarly, message board operators are not liable for the torts of their users who may post tortious material to the website. If they were, services such as Yahoo’s finance message boards and (unintentionally hilarious) Yahoo Questions would have never taken off. This protection is not vitiated if a web service edits or deletes a user’s submission. 47 U.S.C. § 230(c)(2).
While courts have consistently upheld § 230’s protections for online service providers, the law has not been an absolute shield. Where a site creates its own content that is tortious, then the service can be held liable. Similarly, if the site requires a user to post tortious material as a condition of using its service, then the site is not afforded § 230 protections. Fair Housing Counsel v. Roommates.com LLC, 521 F.3d 1157, 1166 (9th Cir. 2008) (“By requiring subscribers to provide the information as a condition of accessing its service, and by providing a limited set of pre-populated answers, Roommate becomes much more than a passive transmitter of information” and thus not entitled to § 230’s immunity). For pure social media sites, § 230 provides valuable immunity against litigation from angry parents and the thin-skinned. In states with strong anti-SLAPP statutes, § 230 has worked in tandem with these laws to create a fortress around internet companies, protecting them from common law claims and requiring parties with attorneys foolish enough to bring these claims to pay the companies attorney’s fees in most cases. (California and Seattle, where numerous social media companies are based, allow defendants to recover attorneys’ fees incurred in successful anti-SLAPP motions).
There is, however, one hole in § 230 – it expressly does not apply to intellectual property claims. 47 U.S.C. § 230(e)(2). Thus, online service operators were potentially liable for hundreds of thousands of dollars in damages if their users copied and distributed copyrighted content on their sites. In 1998, however, Congress enacted the Digital Millennium Copyright Act (“DMCA”) to combat this problem. 17 U.S.C. § 512. Within this legislation, Congress granted certain entities, such as internet service providers, immunity from infringement as transitory networks where the infringing data does not reside – but it imposed burdens onto both web hosts, web sites and even right holders.
For most self-hosting bloggers and other internet users, the DMCA is fairly straightforward. The service provider must register an agent to receive DMCA notices with the U.S. Copyright Office for $105, which is listed in an online registry of DMCA agents. When receiving a proper DMCA take-down notice under 17 U.S.C. § 512(c)(3)(A), the service operator must remove the infringing content within a reasonable period of time, or risk being held liable for infringement. The DMCA take-down process requires rights holders to seek out instances of infringement and send notices to infringers, but unlike a lawsuit for infringement, does not require the right holder to obtain a copyright registration certificate (or, in some circuits, merely an application).
While many small website operators do not comply with the DMCA, rights holders often send DMCA-compliant take-down notices, which are honored with the removal of allegedly infringing content. For large services that stake their entire existence on user-submitted content, however, complying with the DMCA becomes remarkably more complicated. For a service such as YouTube (or, more in your author’s practice area, a “tube site” containing pornography) the DMCA takes no complex new dimensions that are still unsettled despite the DMCA being more than a decade old, and the user-generated segment of web entertainment not being significantly younger.
For instance, the Second Circuit’s recent decision in Viacom v. YouTube, vacating many of the Southern District of New York’s 2010 conclusions about how the DMCA operates, has created significant uncertainty about the meaning of 17 U.S.C. § 512(c)(1). For a service such as a large “tube” site, particularly one that monitors its submissions to avoid unlawful or inappropriate content, there is a question as to what is required in addition to a DMCA take-down notice to constitute “actual notice” of infringement, or “facts or circumstances from which infringing activity is apparent.” Id. The Second Circuit’s decision also re-opens the question of what constitutes the “right and ability” to control infringing material: Namely, whether this standard is contiguous with the same standard articulated in the doctrine of vicarious copyright infringement, or subject to a different, DMCA-specific standard as previously found by the Southern District of New York (requiring “specific knowledge” of infringement in order to have the right and ability to control it).
The DMCA contains additional twists and turns for both service operators and rights holders. If a service provider has users who consistently engage in copyright infringement, it must ban them in accordance with an established, publicized policy to terminate these repeat infringers. 17 U.S.C. § 512(i). Additionally, there is a question as to what constitutes an effective termination – while banning by e-mail address may satisfy the procedural requirements of this provision, the ease of creating new e-mail addresses ensures that this action would fall short of substantively fulfilling it. Service operators must also act as an ombudsman for counter-notifications seeking the reinstatement of non-infringing content under § 512(g)(3).
For right holders, fair use of the copyrighted work must be considered before sending a takedown notice. § 512(c)(3)(A) (requiring “good faith belief” of infringement and signing of notice under penalty of perjury). Failing to satisfy this requirement, or sending a DMCA take-down notice that is otherwise improper – such as to remove critical, non-infringing material, or to assert the rights of a third party who the notice-sender does not represent – makes the misrepresenting notifier liable for the uploader’s damages, costs and attorneys’ fees under § 512(f). (Similarly, a misrepresentation in a § 512(g) counter-notification also triggers the penalties of § 512(f)). Counterbalancing this restriction, though, is the right holder’s power to issue a federal subpoena under § 512(h) – again, without even a copyright registration – in order to identify an infringer. While this provision of the DMCA is infrequently used, the jurisprudence of § 512(h) is a fascinating sub-topic for another time.
However, the DMCA provides no protection for trademark infringement committed by a third party. While proposed laws like PIPA and SOPA addressed the full theater of potential intellectual property infringement, the DMCA protects only against copyright infringement liability. Thus, a novel theory from plaintiff’s attorneys is that a third party’s use of a trademarked name in an internet posting constitutes trademark infringement and unfair competition under 15 U.S.C. §§ 1114 and 1125. While this is a frivolous claim to bring against a service provider, it can be pled to avoid a motion to dismiss in jurisdictions without robust anti-SLAPP statutes that allow for the inclusion of evidence in anti-SLAPP motions. This leads to summary judgment and, in many cases, settlement – a detriment to the companies falling prey to these questionable suits.
Acting in conjunction, federal criminal, telecommunications and copyright law has created an ecosystem ripe for enormous online commerce. Without these laws, the multi-billion dollar companies that dominate the internet likely would not exist. While the ecosystem is still in flux, and will be as both technology and IP laws change, services such as Facebook, YouTube, Pinterest and Tumblr are here to stay.