Last November, I penned an essay on these pages about the COICA legislation that had recently been approved unanimously by the U.S. Senate Judiciary Committee. While I praised Congress’s efforts to tackle the problem of “rogue websites” — sites dedicated to trafficking in counterfeit goods and/or distributing copyright infringing content — I warned that the bill lacked crucial safeguards to protect free speech and due process, as several dozen law professors had also cautioned. Thus, I suggested several changes to the legislation that would have limited its scope to truly bad actors while reducing the probability of burdening protected expression through “false positives.” Thanks in part to the efforts of Sen. Ron Wyden (D-Ore.), COICA never made it a floor vote last session.
Today, three U.S. Senators introduced a similar bill, entitled the PROTECT IP Act (bill text), which, like COICA, establishes new mechanisms for combating Internet sites that are “dedicated to infringing activities.” I’m glad to see that lawmakers adopted several of my suggestions, making the PROTECT IP Act a major improvement over its predecessor. While the new bill still contains some potentially serious problems, on net, it represents a more balanced approach to fighting online copyright and trademark infringement while recognizing fundamental civil liberties.
Some of the major differences between COICA and PROTECT IP include:
- Under COICA, a website would have been deemed “dedicated to infringing activities” if it had no “demonstrable, commercially significant purpose other than” (emphasis added) to facilitate infringing activities. PROTECT IP, however, only covers websites with “no significant use other than” to facilitate infringing activities. This slight change in wording may seem trivial, but it’s actually quite significant, as lots of blogs, forums, and other sites engaged in noncommercial, but still protected, speech that may well have been subject to domain name disabling under COICA would likely be in the clear under PROTECT IP. However, as Public Knowledge’s Sherwin Siy points out, PROTECT IP’s definition of sites “dedicated to infringing activities” remains overly broad, as it doesn’t explicitly exempt online intermediaries that are otherwise protected by the 17 U.S.C. § 512(c) safe harbor. A site operator that is not engaged in direct or willful secondary infringement should be exempt from actions taken under the PROTECT IP Act if the site abides by the DMCA notice and takedown process, has no actual knowledge of infringing activities, does not derive a financial benefit directly attributable to infringement, and does not induce infringement.
- PROTECT IP, unlike COICA, does not categorically deem websites “otherwise subject to civil forfeiture” under 18 U.S.C. § 2323 to be “dedicated to infringing activities.” Given the extraordinary breadth of section 2323, which permits the government to seize any “property used, or intended to be used, in any manner or part to commit or facilitate the commission of” criminal copyright infringement, it’s a relief that language was removed.
- PROTECT IP requires that the Justice Department or a rights holder, in bringing an action against a site under the statute, attempt to commence an in personam action against the operator of an allegedly infringing website before an in rem action can be brought. From a due process perspective, this change is an improvement over COICA (which only provided for in rem actions), as it’s much more likely that an in personam action will provide a site operator with an opportunity to participate in an adversarial hearing prior to the issuance of a temporary restraining order or preliminary injunction requiring an intermediary to disable service to the site.
- PROTECT IP adds information location tools to the list of intermediaries that are required to disable service or cease linking to a website upon being served with a court order deeming the site “dedicated to infringing activities.” This provision would apply not only to search engines, but also to blogs, chat rooms, and message boards. Like COICA, PROTECT IP also applies to DNS operators, financial transaction providers, and Internet advertising services.
- PROTECT IP allows the Justice Department to take action only against nondomestic domain names. (DHS asserts that it is already empowered to seize domestic domain names in accordance with 18 U.S.C. § 2323, as it has done successfully on numerous occasions in recent months.)
- PROTECT IP contains a new private right of action under which a rights holder may seek a court order against any domain name. Actions initiated by rights holders, if successful, only require ad networks and/or payment processors – but not DNS servers or information location tools – to disable service to infringing sites.
Considering all the changes made to the bill, I’m inclined to disagree with commentators, such as Techdirt’s Mike Masnick, who’ve argued that the PROTECT IP, a.k.a. the “Son of COICA,” is worse than its father. On net, PROTECT IP appears to be less likely to impose incidental burdens on protected expression and more likely to afford website operators a chance to successfully challenge actions brought against their sites.
However, I’m still concerned about several aspects of PROTECT IP. Its private right of action, while limited in scope, may result in small websites whose users frequently post infringing content being targeted by costly, burdensome litigation initiated by rights holders. CDT’s David Sohn elaborates on the risks of creating a private right of action in his superb analysis of the bill.
The voluntary actions clause is also quite troubling, as I’ve argued before and as Wendy Seltzer argues on her blog. While I’m all for voluntary actions in principle, such actions should not override private contracts or terms of service agreements that would otherwise be enforceable.
It’s also unfortunate that the PROTECT IP Act does not include a cost reimbursement section, as I suggested last year, or at least an exemption for small entities. While the bill establishes an affirmative defense for an information location tools that doesn’t comply with an order “by showing that the defendant does not have the technical means to comply . . . without incurring an unreasonable economic burden,” it’s far from clear what exactly court would deem “unreasonable.” News of the Justice Department seeking injunctive relief against a small search site operator for failing to comply with a court order issued under PROTECT IP will have a chilling effect on all kinds of small-time Internet platforms.
As lawmakers consider the PROTECT IP Act in coming weeks and months, they should also revisit 18 U.S.C. § 2323, a civil forfeiture provision enacted in 2008 as part of the PRO-IP Act. This extraordinarily broad statute has recently been criticized by many legal scholars. Rep. Zoe Lofgren, among other legislators, has been very critical of the way in which seizures have been conducted. While seizures are certainly justified in some instances, the statute should be narrowed to include only websites “dedicated to infringing activities,” and it should require the government to attempt to commence in personam actions in all instances. Domain names aren’t movable property — unlike illegal drugs or weapons, there is no risk of a criminal “hiding” a domain name or destroying it before evidence of its illegality can be secured.
Update: The final version of the bill text changed the term “interactive computer service” to “information location tool,” which is a positive change. I’ve changed this essay slightly to reflect the distinction.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.