Intermediary Deputization & Section 230

The Stop Online Piracy Act (SOPA), a controversial bill before the House of Representatives aimed at combating “rogue websites,” isn’t just about criminal, foreign-based sites that break U.S. intellectual property laws with impunity. Few dispute that these criminal websites that profit from large-scale counterfeiting and copyright infringement are a public policy problem. SOPA’s provisions, however, extend beyond these criminal sites, and would potentially subject otherwise law-abiding Internet intermediaries to serious legal risks.

Before moving forward with rogue websites legislation, it’s crucial that lawmakers take a deep breath and appreciate the challenges at stake in legislating online intermediary liability, lest we endanger the Nozickian “utopia of utopias” that is today’s Internet. The unintended consequences of overbroad, carelessly drafted legislation in this space could be severe, particularly given the Internet’s incredible importance to the global economy, as my colleagues have explained on these pages (123456)

To understand why SOPA could be a game-changer for online service providers, it’s important to understand the simmering disagreement surrounding the Digital Millennium Copyright Act (DMCA) of 1998, which grants certain online service providers a safe harbor from liability for their users’ copyright infringing actions. In exchange for these protections, service providers must comply with the DMCA’s notice-and-takedown system, adopt a policy to terminate users who repeatedly infringe, and meet several other conditions. Service providers are only eligible for this safe harbor if they act to expeditiously remove infringing materials upon learning of them. Also ineligible for the safe harbor are online service providers who turn a blind eye to “red flags” of obvious infringement.

The DMCA does not, however, require providers to monitor their platforms for infringing content or design their services to facilitate monitoring. Courts have held that a DMCA-compliant service provider does not lose its safe harbor protection if it fails to act upon generalized knowledge that its service is used for many infringing activities, in addition to lawful ones, so long as the service provider does not induce or encourage users’ infringing activities.

Defenders of the DMCA safe harbor argue that it’s helped enable America’s Internet-based economy to flourish, allowing an array of web businesses built around lawful user-generated content — including YouTube, Facebook, and Twitter — to thrive without fear of copyright liability or burdensome monitoring mandates.

Conversely, some commentators, including UCLA’s Doug Lichtman, argue that the DMCA inefficiently tips the scales in favor of service providers, to the detriment of content creators — and, ultimately, consumer welfare. Pointing to a series of court rulings interpreting the safe harbor’s provisions, critics argue that the DMCA gives online intermediaries little incentive to do anything beyond the bare minimum to stop copyright infringement. Critics further allege that the safe harbor has been construed so broadly that it shields service providers that are deliberately indifferent to their users’ infringing activities, however rampant they may be.

What does SOPA have to do with all of this? Buried in the bill’s 78 pages are several provisions that run a very real risk of effectively sidestepping many of the protections conferred on online service providers by the DMCA safe harbor.

Continue reading →

This afternoon the Stop Online Piracy Act (H.R. 3261) was introduced by Rep. Lamar Smith of the House Judiciary Committee. This bill is a companion to the PROTECT IP Act and S.978, both of which were reported by the Senate Judiciary Committee in May.

There’s a lot some to like about the bill, but I’m uneasy about some quite a few of its provisions. While I’ll have plenty to say about this bill in the future, for now, here are a few preliminary thoughts:

  • The bill’s definition of “foreign infringing sites” at p. 10 borrows heavily from 18 U.S.C. § 2323, covering any site that commits or facilitates the commission of criminal copyright infringement and would be subject to civil forfeiture if it were U.S.-based. Unfortunately, the outer bounds of 18 U.S.C. § 2323 are quite unclear. The statute, which was enacted only a few years ago, encompasses “any property used, or intended to be used, in any manner or part to commit or facilitate” criminal copyright infringement. While I’m all for shutting down websites operated by criminal enterprises, not all websites used to facilitate crimes are guilty of wrongdoing. Imagine a user commits criminal copyright infringement using a foreign video sharing site similar to YouTube, but the site is unaware of the infringement. Since the site is “facilitating” criminal copyright infringement, albeit unknowingly, is it subject to the Stop Online Piracy Act?
  • Section 103 of the bill, which creates a DMCA-like notification/counter-notification regime, appears to lack any provision encouraging ad networks and payment processors to restore service to a site allegedly “dedicated to theft of U.S. property” upon receipt of a valid counter-notification and when no civil action has been brought. The DMCA contains a safe harbor protecting service providers who take reasonable steps to take down content from liability, but the safe harbor only applies if service providers promptly restore allegedly infringing content upon receipt of a counter notification and when the rights holder does not initiate a civil action. Why doesn’t H.R. 3261 include a similar provision?
  • The bill’s private right of action closely resembles that found in the PROTECT IP Act. Affording rights holders a legal avenue to take action against rogue websites makes sense, but I’m uneasy about creating a private right of action that allows courts to issue such broad preliminary injunctions against allegedly infringing sites. I’m also concerned about the lack of a “loser pays” provision.
  • Section 104 of the bill, which provides immunity for entities that take voluntary actions against infringing sites, now excludes from its safe harbor actions that are not “consistent with the entity’s terms of service or other contractual rights.” This is a welcome change and alleviates concerns I expressed about the PROTECT IP Act essentially rendering certain private contracts unenforceable.
  • Section 201 of the bill makes certain public performances via electronic means a felony. The section contains a rule of construction at p. 60 that clarifies that intentional copying is not “willful” if it’s based on a good faith belief with a reasonable basis in law that the copying is lawful. Could this provision cause courts to revisit the willfulness standard discussed in United States v. Moran, in which a federal court found that a defendant charged with criminal copyright infringement was not guilty because he (incorrectly) thought his conduct was permitted by the Copyright act?

Over the weekend, Janet Morrissey of The New York Times posted an excellent article on the U.S. government’s continuing crackdown on Internet gambling. (“Poker Inc. to Uncle Sam: Shut Up and Deal“) Ironically, her article arrives on the same week during which PBS aired the terrific new Ken Burns and Lynn Novick documentary on the history of alcohol prohibition in the United States. It’s a highly-recommended look at the utter hypocrisy and futility of prohibiting a product that millions of people find enjoyable. If there’s a simple moral to the story of Prohibition, it’s that you can’t repress human nature–not for long, at least, and not without serious unintended consequences. Which is why Morrissey of the Times notes:

And so the poker world now finds itself in a situation many liken to Prohibition. America didn’t stop drinking when the government outlawed alcoholic beverages in 1919. And, in this Internet age, it won’t be easy to prevent people from gambling online, whatever the government says. “It’s a game of whack-a-mole,” says Behnam Dayanim, an expert on online gambling and a partner at the Axinn Veltrop & Harkrider law firm. “They’ve whacked three very large moles, but over time, more moles will pop up.”

Exactly right (except that it should be “whac” not “whack”! There’s no K in whac-a-mole.)  It reminds me of the paper that my blogging colleague Tom Bell penned back in 1999 for the Cato Institute with its perfect title: “Internet Gambling: Popular, Inexorable, and (Eventually) Legal.” As Tom noted back then: Continue reading →

There is a major controversy rocking the UK over the far-reaching press gag orders known as “super-injunctions,” especially because they’ve been brought to the fore by a sex scandal between famous footballer Ryan Giggs and reality TV star Imogen Thomas. (This blog post is now officially illegal in the UK.) In [my latest TIME.com Techland post](http://techland.time.com/2011/05/21/twitters-super-duper-u-k-censorship-trouble/), I explain the controversy and say that while the injunction is legally enforceable–Facebook has a London office with over 50 employees, and [today comes word](http://blogs.ft.com/fttechhub/2011/05/twitter-london/) that Twitter is starting up its UK operation–they are not practically enforceable because once out, the information cannot be controlled. I wrote:

>Controlling information is possible, but only at the margin and at great cost. As information technology advances, that margin at which information can be controlled gets thinner and thinner, and the costs of doing so become greater and greater. So given the apparent futility of keeping facts secret, you’d think officials would look to find better ways of confronting the new reality. That’s unfortunately not the case.

>“Why are we assuming that the world of communication, developing as rapidly as it is, can never be brought under control by other technological developments?” asked the head of the U.K.’s judiciary yesterday. “I am not giving up on the possibility that people who in effect peddle lies about others through modern technology may one day be brought under control.”

>And we should not forget to look in the mirror. While the U.S. has some of the world’s most extensive free speech and press liberties, it seems every week there is a new proposal to control what information can be published online.

One of my favorite topics lately has been the challenges faced by information control regimes. Jerry Brito and I are writing a big paper on this issue right now. Part of the story we tell is that the sheer scale / volume of modern information flows is becoming so overwhelming that it raises practical questions about just how effective any info control regime can be. [See our recent essays on the topic: 1, 23, 4, 5.]  As we continue our research, we’ve been attempting to unearth some good metrics / factoids to help tell this story.  It’s challenging because there aren’t many consistent data sets depicting online data growth over time and some of the best anecdotes from key digital companies are only released sporadically. Anyway, I’d love to hear from others about good metrics and data sets that we should be examining.  In the meantime, here are a few fun facts I’ve unearthed in my research so far. Please let me know if more recent data is available. [Note: Last updated 7/18/11]

  • Facebook: users submit around 650,000 comments on the 100 million pieces of content served up every minute on its site.[1]  People on Facebook install 20 million applications every day.[2]
  • YouTube: every minute, 48 hours of video were uploaded.  According to Peter Kafka of The Wall Street Journal, “That’s up 37 percent in the last six months, and 100 percent in the last year. YouTube says the increase comes in part because it’s easier than ever to upload stuff, and in part because YouTube has started embracing lengthy live streaming sessions. YouTube users are now watching more than 3 billion videos a day. That’s up 50 percent from the last year, which is also a huge leap, though the growth rate has declined a bit: Last year, views doubled from a billion a day to two billion in six months.”[3]
  • eBay is now the world’s largest online marketplace with more than 90 million active users globally and $60 billion in transactions annually, or $2,000 every second.[4]
  • Google: 34,000 searches per second (2 million per minute; 121 million per hour; 3 billion per day; 88 billion per month).[5]
  • Twitter already has 300 million users producing 140 million Tweets a day, which adds up to a billion Tweets every 8 days[6] (@ 1,600 Tweets per second)  “On the first day Twitter was made available to the public, 224 tweets were sent. Today, that number of updates are posted at least 10 times a second.”[7]
  • Apple: more than 10 billion apps have been downloaded from its App Store by customers in over 77 countries.[8] According to Chris Burns of SlashGear, “Currently it appears that another thousand apps are downloaded every 9 seconds in the Android Marketplace while every 3 seconds another 1,000 apps are downloaded in the App Store.”
  • Yelp: as of July 2011 the site hosted over 18 million user reviews.[9]
  • Wikipedia: Every six weeks, there are 10 million edits made to Wikipedia.[10]
  • “Humankind shared 65 exabytes of information in 2007, the equivalent of every person in the world sending out the contents of six newspapers every day.”[11]
  • Researchers at the San Diego Supercomputer Center at the University of California, San Diego, estimate that, in 2008, the world’s 27 million business servers processed 9.57 zettabytes, or 9,570,000,000,000,000,000,000 bytes of information.  This is “the digital equivalent of a 5.6-billion-mile-high stack of books from Earth to Neptune and back to Earth, repeated about 20 times a year.” The study also estimated that enterprise server workloads are doubling about every two years, “which means that by 2024 the world’s enterprise servers will annually process the digital equivalent of a stack of books extending more than 4.37 light-years to Alpha Centauri, our closest neighboring star system in the Milky Way Galaxy.”[12]
  • According to Dave Evans, Cisco’s chief futurist and chief technologist for the Cisco Internet Business Solutions Group, about 5 exabytes of unique information were created in 2008. That’s 1 billion DVDs. Fast forward three years and we are creating 1.2 zettabytes, with one zettabyte equal to 1,024 exabytes. “This is the same as every person on Earth tweeting for 100 years, or 125 million years of your favorite one-hour TV show,” says Evans. Our love of high-definition video accounts for much of the increase. By Cisco’s count, 91% of Internet data in 2015 will be video.[13]


[1]     Ken Deeter, “Live Commenting: Behind the Scenes,” Facebook.com, February 7, 2011, http://www.facebook.com/note.php?note_id=496077348919.

[4]     eBay, “Who We Are,” http://www.ebayinc.com/who

[5]     Matt McGee, “By The Numbers: Twitter Vs. Facebook Vs. Google Buzz,” SearchEngineLand, February 23, 2010, http://searchengineland.com/by-the-numbers-twitter-vs-facebook-vs-google-buzz-36709

[7]     Nicholas Jackson, “Infographic: A Look at Twitter’s Explosive Five-Year History,” The Atlantic, July 18, 2011, http://www.theatlantic.com/technology/archive/2011/07/infographic-a-look-at-twitters-explosive-five-year-history/242070

[9]     “10 Things You Should Know about Yelp,” Yelp.com, http://www.yelp.com/about [accessed July 18, 2011]

[10]   “Wikipedia: Edit Growth Measured in Time between Every 10,000,000th Edit,” http://en.wikipedia.org/wiki/User:Katalaveno/TBE

[11]   Martin Hilbert and Priscila Lopez, “The World’s Technological Capacity to Store, Communicate, and Compute Information,” Science, February 10, 2011, http://annenberg.usc.edu/News%20and%20Events/News/110210Hilbert.aspx.

[12]   Rex Graham, “Business Information Consumption: 9,570,000,000,000,000,000,000 Bytes per Year,” UC San Diego News Center, April 6, 2011, http://ucsdnews.ucsd.edu/newsrel/general/04-05BusinessInformation.asp.

[13]   Julie Bort, “10 Technologies That Will Change the World in the Next 10 Years,” Network World, July 15, 2011, http://m.networkworld.com/news/2011/071511-cisco-futurist.html?page=1

My latest Forbes column is a celebration of 47 U.S.C. §230, otherwise known as “Section 230.” Sec. 230 turns 15 years old this year and I argue that this important law has “helped foster the abundance of informational riches that lies at our fingertips today” and has served as “the foundation of our Internet freedoms.”  Sadly, however, few people have even heard of it. Worse yet, as I note in my essay, this important law is under attack from various academics and organizations who want it modified to address a variety of online problems. But, as I note:

If the threat of punishing liability is increased, the chilling effect on the free exchange of views and information would likely be quite profound. Many site administrators would immediately start removing massive amounts of content to avoid liability. More simply, they might just shut down any interactive features on their sites or limit service in other ways.

Head over to Forbes to read the rest. And here’s a graphic I put together illustrating all the new fault lines in the war against Sec. 230. It will be included in a new paper on the issue that I am wrapping up right now.

Last November, I penned an essay on these pages about the COICA legislation that had recently been approved unanimously by the U.S. Senate Judiciary Committee. While I praised Congress’s efforts to tackle the problem of “rogue websites” — sites dedicated to trafficking in counterfeit goods and/or distributing copyright infringing content — I warned that the bill lacked crucial safeguards to protect free speech and due process, as several dozen law professors had also cautioned. Thus, I suggested several changes to the legislation that would have limited its scope to truly bad actors while reducing the probability of burdening protected expression through “false positives.” Thanks in part to the efforts of Sen. Ron Wyden (D-Ore.), COICA never made it a floor vote last session.

Today, three U.S. Senators introduced a similar bill, entitled the PROTECT IP Act (bill text), which, like COICA, establishes new mechanisms for combating Internet sites that are “dedicated to infringing activities.” I’m glad to see that lawmakers adopted several of my suggestions, making the PROTECT IP Act a major improvement over its predecessor. While the new bill still contains some potentially serious problems, on net, it represents a more balanced approach to fighting online copyright and trademark infringement while recognizing fundamental civil liberties.

Continue reading →

POLITICO reports that a bill aimed at combating so-called “rogue websites” will soon be introduced in the U.S. Senate by Sen. Patrick Leahy. The legislation, entitled the PROTECT IP Act, will substantially resemble COICA (PDF), a bill that was reported unanimously out of the Senate Judiciary Committee late last year but did not reach a floor vote. As more details about the new bill emerge, we’ll likely have much more to say about it here on TLF.

I discussed my concerns about and suggested changes to the COICA legislation here last November; the PROTECT IP Act reportedly contains several new provisions aimed at mitigating concerns about the statute’s breadth and procedural protections. However, as Mike Masnick points out on Techdirt, the new bill — unlike COICA — contains a private right of action, although that right may not permit rights holders to disable infringing domain names. Also unlike COICA, the PROTECT IP Act would apparently require search engines to cease linking to domain names that a court has deemed to be “dedicated to infringing activities.”

For a more in-depth look at this contentious and complex issue, check out the panel discussion that the Competitive Enterprise Institute and TechFreedom hosted last month. Our April 7 event explored the need for, and concerns about, legislative proposals to combat websites that facilitate and engage in unlawful counterfeiting and copyright infringement. The event was moderated by Juliana Gruenwald of National Journal. The panelists included me, Danny McPherson of VeriSign, Tom Sydnor of the Association for Competitive Technology, Dan Castro of the Information Technology & Innovation Foundation, David Sohn of the Center for Democracy & Technology, and Larry Downes of TechFreedom.

CEI-TechFreedom Event: What Should Lawmakers Do About Rogue Websites? from CEI Video on Vimeo.

A federal judge in Illinois has refused to allow a plaintiff to match IP addresses to individual names in a piracy case, indicating that use of IP addresses without any other evidence is too unreliable in identifying actual perpetrators, and as such, violates the rights of those caught in what he termed a “fishing expedition.”

In his decision, Judge Harold Baker pointed to one of several recent cases where paramilitary-type police raids on the residences of persons suspected of downloading child pornography that turned up nothing. What had happened was that real culprit had used that household’s unsecured wireless Internet connection.

Continue reading →

User-driven websites — also known as online intermediaries — frequently come under fire for disabling user content due to bogus or illegitimate takedown notices. Facebook is at the center of the latest controversy involving a bogus takedown notice. On Thursday morning, the social networking site disabled Ars Technica’s page after receiving a DMCA takedown notice alleging the page contained copyright infringing material. While details about the claim remain unclear, given that Facebook restored Ars’s page yesterday evening, it’s a safe bet that the takedown notice was without merit.

Understandably, Ars Technica wasn’t exactly pleased that its Facebook page — one of its top sources of incoming traffic — was shut down for seemingly no good reason. Ars was particularly disappointed by how Facebook handled the situation. In an article posted yesterday (and updated throughout the day), Ars co-founder Ken Fisher and senior editor Jacqui Cheng chronicled their struggle in getting Facebook to simply discuss the situation with them and allow Ars to respond to the takedown notice.

Facebook took hours to respond to Ars’s initial inquiry, and didn’t provide a copy of takedown notice until the following day. Several other major tech websites, including ReadWriteWeb and TheNextWeb, also covered the issue, noting that Ars Technica is the latest in a series of websites to have suffered from their Facebook page being wrongly disabled. In a follow-up article posted today, Ars elaborated on what happened and offered some tips to Facebook on how it could have better handled the situation.

It’s totally fair to criticize how Facebook deals with content takedown requests. Ars is right that the company could certainly do a much better job of handling the process, and Facebook will hopefully re-evaluate its procedures in light of this widely publicized snafu. In calling out Facebook’s flawed approach to dealing with takedown requests, however, Ars Technica doesn’t do justice to the larger, more fundamental problem of bogus takedown notices.

Continue reading →