Why SOPA Threatens the DMCA Safe Harbor

by on November 18, 2011 · 25 comments

The Stop Online Piracy Act (SOPA), a controversial bill before the House of Representatives aimed at combating “rogue websites,” isn’t just about criminal, foreign-based sites that break U.S. intellectual property laws with impunity. Few dispute that these criminal websites that profit from large-scale counterfeiting and copyright infringement are a public policy problem. SOPA’s provisions, however, extend beyond these criminal sites, and would potentially subject otherwise law-abiding Internet intermediaries to serious legal risks.

Before moving forward with rogue websites legislation, it’s crucial that lawmakers take a deep breath and appreciate the challenges at stake in legislating online intermediary liability, lest we endanger the Nozickian “utopia of utopias” that is today’s Internet. The unintended consequences of overbroad, carelessly drafted legislation in this space could be severe, particularly given the Internet’s incredible importance to the global economy, as my colleagues have explained on these pages (123456)

To understand why SOPA could be a game-changer for online service providers, it’s important to understand the simmering disagreement surrounding the Digital Millennium Copyright Act (DMCA) of 1998, which grants certain online service providers a safe harbor from liability for their users’ copyright infringing actions. In exchange for these protections, service providers must comply with the DMCA’s notice-and-takedown system, adopt a policy to terminate users who repeatedly infringe, and meet several other conditions. Service providers are only eligible for this safe harbor if they act to expeditiously remove infringing materials upon learning of them. Also ineligible for the safe harbor are online service providers who turn a blind eye to “red flags” of obvious infringement.

The DMCA does not, however, require providers to monitor their platforms for infringing content or design their services to facilitate monitoring. Courts have held that a DMCA-compliant service provider does not lose its safe harbor protection if it fails to act upon generalized knowledge that its service is used for many infringing activities, in addition to lawful ones, so long as the service provider does not induce or encourage users’ infringing activities.

Defenders of the DMCA safe harbor argue that it’s helped enable America’s Internet-based economy to flourish, allowing an array of web businesses built around lawful user-generated content — including YouTube, Facebook, and Twitter — to thrive without fear of copyright liability or burdensome monitoring mandates.

Conversely, some commentators, including UCLA’s Doug Lichtman, argue that the DMCA inefficiently tips the scales in favor of service providers, to the detriment of content creators — and, ultimately, consumer welfare. Pointing to a series of court rulings interpreting the safe harbor’s provisions, critics argue that the DMCA gives online intermediaries little incentive to do anything beyond the bare minimum to stop copyright infringement. Critics further allege that the safe harbor has been construed so broadly that it shields service providers that are deliberately indifferent to their users’ infringing activities, however rampant they may be.

What does SOPA have to do with all of this? Buried in the bill’s 78 pages are several provisions that run a very real risk of effectively sidestepping many of the protections conferred on online service providers by the DMCA safe harbor.

Section 102

Section 102 of SOPA empowers the Attorney General to seek a court order against an allegedly infringing foreign website. Such a court order would, if granted, effectively deny the site access to payment processors, ad networks, and even parts of the domain name system. Under § 102, a foreign, U.S.-directed website is deemed a “foreign infringing site” if:

[T]he owner or operator of such Internet site is committing or facilitating the commission of criminal violations [involving illegal copyright infringement, counterfeiting, or theft of trade secrets] and the Internet site would . . . [therefore] be subject to seizure in the United States . . . if such site were a domestic Internet site.

The part about websites “subject to seizure in the United States” refers to 18 U.S.C. § 2323, which states among other things that “[p]roperty subject to forfeiture” includes:

Any property used, or intended to be used, in any manner or part to commit or facilitate the commission of [criminal copyright or trademark infringement].

This definition of a “foreign infringing site” is enormously troubling. Note the absence of any requirement of actual or constructive knowledge on the part of the site operator, let alone criminal intent. Under § 102, a foreign website built around user-generated content may be deemed an “infringing site” simply because its server has facilitated the criminally infringing acts of a single user — even if the site operator neither induced nor knew of the user’s unlawful activities. While an innocent foreign site operator might eventually be able to persuade a court to vacate an order deeming it a “foreign infringing site,” SOPA imposes an astonishingly low burden on the Attorney General of showing that a site is a “foreign infringing site.” If the bill is enacted as is, foreign websites that contain any user-generated content had better watch out.

SOPA proponents defend § 102 by pointing out that its definition of infringing sites comes straight out of the 2008 PRO-IP Act, which established the aforementioned civil forfeiture provision in 18 U.S.C. § 2323. But this statute’s constitutionality is currently being challenged in federal court by a team of attorneys that includes Stanford law professor and copyright guru Mark Lemley. The law’s breadth raises serious First Amendment concerns since it permits ex parte seizures of entire outlets of speech (e.g., websites) simply because the outlet has been used in some unlawful manner. SOPA may be based on existing law, but why should Congress extend this overbroad provision of the PRO-IP Act to encompass an even broader range of websites? If anything, lawmakers should revisit PRO-IP and narrow its applicability to sites intentionally operated for the purpose of committing or facilitating criminal infringement. Via Techdirt, even Floyd Abrams, a constitutional scholar who represents content companies that strongly back SOPA, conceded in a recent letter to Congress that unanswered questions remain regarding the constitutionality of 18 U.S.C. § 2323.

Section 103

The next section of SOPA, Section 103, isn’t any better. This section provides for private rights holders to seek court orders against U.S.-directed websites — including domestic sites — to deny them access to U.S. payment processors and ad networks. Section 103 deems a website “dedicated to theft of U.S. property” if any of the following conditions are met:

  1. [The site] is primarily designed or operated for the purpose of, has only limited purpose or use other than, or is marketed by its operator or another acting in concert with that operator for use in, offering goods or services in a manner that engages in, enables, or facilitates [copyright infringement, circumvention of copyright protection systems, or trademark infringement]; or
  2. [The site operator] is taking, or has taken, deliberate actions to avoid confirming a high probability of the use of the . . . site to carry out acts that constitute [copyright infringement or the circumvention of copyright protection systems]; or
  3. [The site operator] operates the . . . site with the object of promoting, or has promoted, its use to carry out acts that constitute [copyright infringement or the circumvention of copyright protection systems], as shown by clear expression or other affirmative steps taken to foster infringement.

The first prong of this definition encompasses any website that “has only limited purpose or use other than . . . engag[ing] in, enabl[ing], or facilitat[ing]” copyright infringement, circumvention of copyright protection systems, or trademark infringement. This language comes from 17 U.S.C. § 1201, also known as the DMCA anti-circumvention provisions. Just how “limited” of non-infringing uses must a site have to meet this definition? It’s hard to say. As Rob Pegoraro cheekily observed in a recent Roll Call op-ed, “‘[l]imited’ is one of those wonderfully elastic words — notice the ever-longer yet still ‘limited’ copyright terms granted to artists and creators?” This section of SOPA would be more clear if it relied on the “capable of substantial non-infringing uses” test originally articulated by the U.S. Supreme Court in its famous 1984 Betamax opinion, Sony Corp. v. Universal City Studios, Inc., which has since been interpreted by numerous federal courts in copyright infringement cases.

The second prong of the § 103 definition, which covers websites that take “deliberate actions to avoid confirming a [high probability of infringement],” is perhaps the most worrisome of the three prongs. This language appears to have been lifted directly from a 2011 U.S. Supreme Court decision, Global-Tech Appliances, Inc. v. SEB S.A. In that case, a patent infringement lawsuit, the Court found the defendant liable for inducement on the grounds that it took willful steps to blind itself of the existence of the patent at suit. The Court held that “willful blindness” exists when (1) a defendant subjectively believes that there is a high probability that a fact exists; and (2) the defendant takes deliberate actions to avoid learning of that fact.

Note, however, that Section 103 omits the first prong of the Global Tech willful blindness test, the subjective belief element. This omission might simply be an oversight — or it could reveal the intent of the bill’s authors to cast aside the subjective knowledge standard (which currently applies to service providers in the context of knowledge for purposes of the DMCA) and replace it with an objective, “reasonable person” standard. If plaintiff bringing a SOPA action is only required to show that a website operator should have known of its users’ infringement from the perspective of a “reasonable” operator, and that the site’s operator acted in some manner that had the effect of contributing to its ignorance of infringing activities by users, a vast array of websites that currently enjoy the protections of the DMCA safe harbor may face significant new legal risks. After all, website operators make design decisions all the time that might foreseeably impact on their awareness (or lack thereof) of user’ potentially infringing activities. Who knows what sort of well-intentioned, albeit deliberate, decisions might amount to”avoiding confirming a high probability” of infringement?

As David Sohn of the Center for Democracy & Technology has pointed out, “[t]his seems like a backdoor way of imposing a monitoring obligation on any website that allows users to post content.”  Temple Law Professor David Post, writing at the Volokh Conspiracy, observed that the bill might make it a “violation of law to keep the prosecutors from ‘confirming’ that you’re violating the law — all the prosecutor has to show, to make you vanish from the Net, is that you’ve somehow tried to keep the prosecutor off of your website!”

Why SOPA Could Endanger the DMCA Safe Harbor

SOPA proponents have dismissed concerns that the bill would risk undermining the DMCA safe harbor. U.S. Register of Copyrights Maria Pallante, testifying in a House Judiciary Committee hearing on SOPA on November 16, told members of Congress that it was extremely unlikely that any actions brought under SOPA would impact websites otherwise shielded by the DMCA safe harbor. Techdirt reports that Viacom executive Stanley Pierre-Louis recently argued that SOPA would not “[expand] the scope of secondary liability claims and [diminish] DMCA protections,” noting that “[t]here is no rule that permits ‘willful blindness’ of obvious wrongdoing under U.S. law, and nothing in the DMCA or any other statute has been deemed to hold otherwise.”

Technically, Pallante and Pierre-Louis are correct; SOPA’s provision at 102(c)(2)(A)(iii) appears to leave existing doctrines of copyright liability vis-à-vis the DMCA safe harbor untouched.

In practice, however, SOPA has the potential to effectively usurp the DMCA safe harbor in important respects. If the bill is enacted, online service providers would face a new worst nightmare: being cut off from payment processors, ad networks, and possibly even Internet service providers. As Eric Goldman recently explained, if a “website goes offline because of cash flow problems caused by the cutoff attributable to a single UGC content item, all of the UGC on that website goes dark because of a single content item.”

To avoid such an outcome, website operators will likely do everything they can to avoid falling under SOPA’s definitions — even if that means going above and beyond the requirements of the DMCA safe harbor. While I’m all for websites voluntarily taking prudent and measured actions to combat unlawful user activities (e.g., YouTube’s Content ID system), there are good reasons to be very skeptical of any legislation that effectively imposes on site operators any duty or obligation to monitor, or facilitate the monitoring of, user activities.

Fair concerns have been raised by thoughtful commentators about the DMCA’s limitations and shortcomings. Those concerns deserve a serious examination in the halls of Congress, and perhaps may even merit some careful, targeted tweaks to the DMCA. But the extraordinary remedies provided contained in SOPA should be reserved for genuine rogue sites that willfully flout U.S. laws with impunity and are beyond the reach of U.S. law enforcement authorities. While there are U.S.-based websites out there that violate copyright and trademark laws, extraordinary remedies (such as “going after the money”) should not be the primary method of penalizing such sites. If a rights holder believes that a domestic website is infringing on its copyright or trademark, the proper means of obtaining recourse is to file a civil lawsuit and, when appropriate, seek injunctive relief. The U.S. Marshals Service is tasked with enforcing civil judgments and other court orders entered against domestic actors by federal courts, and parties may obtain writs of execution to order law enforcement intervention against American individuals or businesses that violate court orders.

We Have To Pass The Bill To Find Out What’s In It

Reasonable people read SOPA’s provisions in very different ways. For instance, Terry Hart, writing at Copyhype, has eloquently defended SOPA’s definitions, arguing that “[t]he actions that would subject a provider to SOPA’s provisions are the same ones that would subject it to a copyright infringement suit under existing law and are actions that would not be protected under DMCA safe harbors.” But while SOPA’s definitions are based largely on well-established, time-tested statutes and precedents, some of the language isn’t as clear-cut as it might seem at first glance, as I explain above.

As a result, it’s tough to predict how SOPA would actually impact online service providers. Federal judges vary widely in the methods they employ in attempting to interpret vague statutes. There is no such thing as stare decisis when it comes to statutory construction; some judges focus on the plain meaning of a statute’s language, while others pour through committee reports and hearing transcripts in hopes of divining the legislature’s true underlying intent.

With apologies to Nancy Pelosi, what this means is that we probably won’t know what’s in SOPA until it’s passed. Even then, only after years of costly litigation will the contours of the bill’s provisions likely begin to approach a state of clarity. Consider that the DMCA, now thirteen years old, continues to engender serious disagreement among federal courts to this day. (For instance, courts disagree on what it means for a service provider to take “volitional acts” that encourage users to engage in infringement.)

SOPA’s potential breadth is especially problematic given that its potential victims are small, entrepreneurial Internet start-ups that lack the resources to pay a team of lawyers to examine their operational decisions for potential SOPA violations. As leading high-tech venture capitalist Fred Wilson has argued, “venture capitalists will think more than twice about putting $3mm of early stage capital into startups if they know that the vast majority of the funds will go to pay lawyers to defend the companies instead of to hire engineers to create and build product.”

Lawmakers Should Tread Carefully

While combating rogue foreign websites that violate U.S. laws flagrantly and with impunity should be a priority for lawmakers, SOPA’s definitions and remedies are simply too broad and too vague in their current form. They would cast a cloud of legal uncertainty over America’s innovative, startup-driven Internet economy. It would be a grave mistake to grant such powerful new tools to Justice Department and rights holders and assume that federal trial judges will interpret SOPA’s provisions as narrowly as is necessary to ensure legitimate Internet companies do not suffer adverse effects.

The recent House Judiciary Committee hearing on SOPA made clear just how much work remains to be done to craft an effective but targeted approach to rogue sites. Serious questions remain unresolved — not only about SOPA’s impact of the DMCA safe harbor, but also about cybersecurity, due process and free speech. Additional hearings are needed to explore these important issues with Internet engineers, law professors, and venture capitalists. Marking up the legislation before the end of 2011 — as Chairman Lamar Smith desires, according to the National Journal — would be a serious mistake.

For more on SOPA and rogue websites legislation; see: 


Previous post:

Next post: