When Is an ISP Liable for the Acts of Its Subscribers?In the United States, two federal laws provide a powerful shield for ISPs that follow the rules. Here's how they work.
Everyone who hops on the Internet or posts a website has to affiliate with an Internet Service Provider (ISP), a company that acts as a gatekeeper for access to the Web. An ISP can range in size from America Online (AOL) with millions of users, to a small Mom & Pop business with a server in the garage. In effect, an ISP is a combination telephone company and worldwide public-access television station allowing a subscriber to say or sell anything.
But what happens when a subscriber to an ISP behaves badly and causes an injury to an unsuspecting third party -- say, by copying someone's music without authorization or making a libelous statement? Is the ISP responsible for the behavior or actions of its subscribers? Can the victim of an online injury argue that even though the ISP is not the direct cause, it can be sued because it knew of the activity, encouraged it, profited from it, or had control over it? Obviously, there's often a strong motivation to make such an argument because adding an ISP to a lawsuit provides a defendant whose pockets -- if not always deep -- will at least jingle.The Controversy
Those who want ISPs to be financially responsible argue that ISPs are publishers like newspapers or magazines and must take responsibility for the material on their servers. On the other side, the ISPs argue that they are like telephone companies -- simply carriers that provide a means of sending information. So far, Congress and courts have favored the ISPs' position and provided guidelines that permit responsible ISPs to avoid liability for the millions of bits of digital information passing through their portals.
Start by understanding that lawsuits against websites and the ISPs that host them tend to fall into two categories: copyright infringement and defamation. A lesser number of lawsuits have also been brought for claims such as distribution of obscenity and negligence. In short, we are worried about a fairly small number of legal claims.Copyright Infringement
Online copyright infringement occurs when a copyrighted work -- such as a song, movie, artwork, or text -- is copied, modified, displayed, or performed without the copyright owner's authorization.
In the early days of the Internet (1995-1998), angry copyright owners tried using two theories against ISPs:
- the ISP contributed to the infringement ("contributory infringement"), or
- the ISP supervised and profited from the infringement ("vicarious infringement").
ISPs who claimed they couldn't possibly monitor everything said on hosted websites lobbied Congress for protection and, in 1998, President Clinton signed into effect the Digital Millennium Copyright Act (DMCA). Under Title II of the DMCA (17 U.S.C. § 511 and following), an ISP can avoid financial liability by following the "notice and takedown" provisions, should one of its subscribers offer infringing copy online. These provisions basically state that once an ISP receives notice of the infringement, it must take down the unauthorized material.
Under the DMCA, to avoid liability the ISP must:
- not obtain financial benefit from the infringement
- not have actual knowledge or awareness of facts indicating infringing transmissions
- upon learning of an infringing transmission, act quickly to remove or disable access to the infringing transmission, and
- implement a policy of terminating the accounts of subscribers who are repeat infringers.
In addition to these and other requirements, the ISP must designate an agent to receive notices from unhappy copyright owners. Because designating an agent is one of the ISP's keys to avoiding financial liability, it's essential that the ISP promptly send its agent's name and address to the U.S. Copyright Office and pay the $30 agent registration fee. For assistance in designating an agent, visit the U.S. Copyright Office website, at www.loc.gov/copyright/onlinesp.
The DMCA protections for ISPs extend not only to content that is stored on the ISP servers and storage devices, but also to an ISP's "information location tools," which are devices that help a user find or access sites, such as directories, pointers, and hypertext links.
If an ISP does not obey the DMCA provisions -- for example, by failing to designate an agent or by neglecting to immediately remove infringing copy once notified -- a copyright owner has the right to seek financial damages against the ISP as a contributory or vicarious copyright infringer.Defamation and Other Claims
Defamation, also known as libel, is the publication of an untrue statement that causes an injury to the reputation of a person or business. For example, Matt Drudge, publisher of the gossip column, the Drudge Report, stated that Sidney Blumenthal, a confidant of President Clinton, had a history of spousal abuse. The comments were posted at Drudge's website and at America Online, who paid Drudge $3,000 per month for the right to post the column. After receiving a letter from Blumenthal, Drudge and America Online both retracted the statements and issued corrections. Blumenthal and his wife sued Drudge and America Online for defamation. Blumenthal v. Drudge, 992 F. Supp. 44 (D.D.C. 1998).Communications Decency Act
Had America Online been a print newspaper or magazine, it might have owed damages for the injuries caused by Drudge's false statement. Instead, a court dismissed AOL from the lawsuit under the provisions of Section 230 of the Communications Decency Act (CDA), which states that no ISP "shall be treated as the publisher or speaker of any information provided by another information content provider." In other words, the CDA shields ISPs from liability for statements or content from its users. This is true even where -- as in the Drudge case -- the ISP paid the writer for use of the statements.
The CDA has proven to be an all-purpose shield for ISP liability. AOL has used it several times to deflect lawsuits. In one case, an individual posted an advertisement on America Online shortly after the bombing of the federal building in Oklahoma City. The ad offered t-shirts and merchandise with offensive slogans that glorified the bombing and affixed the name and phone number of a California man, Kenneth Zeran, who knew nothing about the offer. Shortly after the ad was posted, Mr. Zeran received numerous angry phone calls from persons who saw the ad. Zeran complained to AOL, who removed the ad. However, an individual using a different screen name quickly reposted the ad. Zeran sued America Online for negligence, claiming the service provider had a duty to prevent the reposting of the bogus messages. A court ruled that under the CDA, AOL was exempt from the lawsuit. Zeran v. America Online, Inc., 129 F.3d 327 (4th Cir. 1997).
In a case involving obscenity, an AOL user described and solicited the sale of child pornography videotapes in an online chat room. Another user, offended by the child pornography solicitations, sued AOL, claiming that the ISP had a duty to make sure that the service did not facilitate the distribution of child pornography. A court ruled that AOL was exempt from the claim under the CDA. Jane Doe v. America Online, Inc., 718 So.2d 385 (1998), approved 783 So.2d 1010 (2001).International Liability
Other nations do not share the U.S. approach of absolving ISPs from liability for the acts of their subscribers. In Britain, an ISP was found liable for a subscriber's defamatory statements. Britain's High Court ruled in 1999 that an ISP could not claim it was an innocent disseminator of the defamatory statements. Instead, the court viewed the ISP as being similar to a print publisher. ISPs are expected to appeal to British lawmakers for legislation limiting liability for statements by users.
Thanks to two federal laws, the CDA and the DMCA, American ISPs currently have a Teflon coating. Responsible ISPs who meet the provisions of these two laws can repel lawsuits based upon claims of copyright infringement, defamation, or related claims.