As explained in Monday’s blog post, in general a network operator should not be liable for its users’ activity as long as the operator merely acts as a passive conduit for Internet traffic. However, network operators who remain worried about the risk of liability for copyright infringement can consider another option: the safe harbors provided by the Digital Millennium Copyright Act (“DMCA”).
In order to foster online expression and commerce, Congress crafted a set of safe harbors from copyright liability to provide “greater certainty to service providers concerning their legal exposure for infringements that may occur in the course of their activities.”
Under the DMCA, “service provider” includes “an entity . . . providing  connections for digital online communications.” The definition of a service provider is broad, and includes those who do not operate communications equipment themselves. In one case, for example, a federal appeals court held that a payment processor for online content was a DMCA “service provider” even though it didn’t operate the alleged infringer’s Internet connection or transmit any infringing material. Congress also intended that the term cover “subcontractors” of Internet service providers. Arguably, this definition covers the providers of open Wi-Fi, such as municipalities, cafes, and libraries.
The statute also clarifies the outer limits of a service provider’s obligations by, for example, making it clear that a service provider need not monitor its service or affirmatively seek facts indicating infringing activity in order to enjoy the safe harbor.
Under the DMCA, a network operator is sheltered from liability for “transmitting, routing, or providing transfers for” its users’ traffic if:
1. A “person other than the service provider” initiates the transmission.
2. The transmission is “carried out through an automatic technical process without selection of the material by the service provider . . . .”
3. The service provider does not choose the recipient of the transmission, other than to route the traffic automatically.
4. The service provider does not keep copies longer than necessary to transfer the traffic, and it cannot make copies available to anyone other than the recipient.
5. The service provider does not modify the content of the message.
In short, ISPs qualify for this safe harbor if they act as passive conduits for network traffic.
In addition, there are two threshold requirements that service providers must meet in order to qualify the DMCA safe harbors. First, the provider must adopt a policy to terminate service for “subscribers and account holders” who are repeat infringers. Second, the operator must accommodate and not interfere with standard technical measures” that copyright owners employ to protect their works, such as a watermark in a copyrighted image.
A few final notes on the DMCA: First, falling outside the safe harbors does not make you liable for infringement. Compliance with the requirements of the safe harbors is optional for service providers, not mandatory. The increased certainty provided by the safe harbors, however, creates a strong incentive for service providers to take advantage of them, if it makes sense for their operation. Second, the DMCA safe harbors only apply to copyright infringement (not trademark or patent infringement, or other causes of action). Most service providers, however, also enjoy broad immunity from state law causes of action as well as most federal civil claims under Section 230 of the Communications Decency Act.
As a practical matter, this means that network operators have choices when, for example, they receive a complaint that someone is using their network to engage in infringing activities. Usually such complaints will identify the alleged infringer via some form of internet protocol (“IP”) address. If it is possible for the network operator to terminate a user associated with that address, and the operator has a repeat infringer policy, it can follow that policy. If the operator does not track users in a way that makes it possible to terminate any particular user (e.g., a network that allows anonymous use, and/or assigns IP addresses in a highly dynamic fashion, such that it is not feasible to tie an IP address to any particular user), it can either ignore the notice or respond by explaining why it cannot comply with the request. Of course, either approach may invite further complaints but should not change the bottom line: a network operator is unlikely to be held liable for the infringing activities of its users unless it knows about and contributes to those activities, or controls and financially benefits from them. Operators must determine for themselves what legal risks they are prepared to incur.
This edited article was provided by the Electronic Frontier Foundation, a nonprofit group which advocates for innovators and users of technology. The article has been licensed under the Creative Commons Attribution License.
This should not be taken as legal advice specific to any individual network operator. If you want such advice, please consult a copyright attorney.