Last November, I penned an essay on these pages about the COICA legislation that had recently been approved unanimously by the U.S. Senate Judiciary Committee. While I praised Congress’s efforts to tackle the problem of “rogue websites” — sites dedicated to trafficking in counterfeit goods and/or distributing copyright infringing content — I warned that the bill lacked crucial safeguards to protect free speech and due process, as several dozen law professors had also cautioned. Thus, I suggested several changes to the legislation that would have limited its scope to truly bad actors while reducing the probability of burdening protected expression through “false positives.” Thanks in part to the efforts of Sen. Ron Wyden (D-Ore.), COICA never made it a floor vote last session.

Today, three U.S. Senators introduced a similar bill, entitled the PROTECT IP Act (bill text), which, like COICA, establishes new mechanisms for combating Internet sites that are “dedicated to infringing activities.” I’m glad to see that lawmakers adopted several of my suggestions, making the PROTECT IP Act a major improvement over its predecessor. While the new bill still contains some potentially serious problems, on net, it represents a more balanced approach to fighting online copyright and trademark infringement while recognizing fundamental civil liberties.

Some of the major differences between COICA and PROTECT IP include:

• Under COICA, a website would have been deemed “dedicated to infringing activities” if it had no “demonstrable, commercially significant purpose other than” (emphasis added) to facilitate infringing activities. PROTECT IP, however, only covers websites with “no significant use other than” to facilitate infringing activities. This slight change in wording may seem trivial, but it’s actually quite significant, as lots of blogs, forums, and other sites engaged in noncommercial, but still protected, speech that may well have been subject to domain name disabling under COICA would likely be in the clear under PROTECT IP. However, as Public Knowledge’s Sherwin Siy points out, PROTECT IP’s definition of sites “dedicated to infringing activities” remains overly broad, as it doesn’t explicitly exempt online intermediaries that are otherwise protected by the 17 U.S.C. § 512(c) safe harbor. A site operator that is not engaged in direct or willful secondary infringement should be exempt from actions taken under the PROTECT IP Act if the site abides by the DMCA notice and takedown process, has no actual knowledge of infringing activities, does not derive a financial benefit directly attributable to infringement, and does not induce infringement.

• PROTECT IP, unlike COICA, does not categorically deem websites “otherwise subject to civil forfeiture” under 18 U.S.C. § 2323 to be “dedicated to infringing activities.” Given the extraordinary breadth of section 2323, which permits the government to seize any  “property used, or intended to be used, in any manner or part to commit or facilitate the commission of” criminal copyright infringement, it’s a relief that language was removed.

• PROTECT IP requires that the Justice Department or a rights holder, in bringing an action against a site under the statute, attempt to commence an in personam action against the operator of an allegedly infringing website before an in rem action can be brought. From a due process perspective, this change is an improvement over COICA (which only provided for in rem actions), as it’s much more likely that an in personam action will provide a site operator with an opportunity to participate in an adversarial hearing prior to the issuance of a temporary restraining order or preliminary injunction requiring an intermediary to disable service to the site.

• PROTECT IP adds information location tools to the list of intermediaries that are required to disable service or cease linking to a website upon being served with a court order deeming the site “dedicated to infringing activities.” This provision would apply not only to search engines, but also to blogs, chat rooms, and message boards. Like COICA, PROTECT IP also applies to DNS operators, financial transaction providers, and Internet advertising services.

• PROTECT IP allows the Justice Department to take action only against nondomestic domain names. (DHS asserts that it is already empowered to seize domestic domain names in accordance with 18 U.S.C. § 2323, as it has done successfully on numerous occasions in recent months.)

• PROTECT IP contains a new private right of action under which a rights holder may seek a court order against any domain name. Actions initiated by rights holders, if successful, only require ad networks and/or payment processors – but not DNS servers or information location tools – to disable service to infringing sites.

Considering all the changes made to the bill, I’m inclined to disagree with commentators, such as Techdirt’s Mike Masnick, who’ve argued that the PROTECT IP, a.k.a. the “Son of COICA,” is worse than its father. On net, PROTECT IP appears to be less likely to impose incidental burdens on protected expression and more likely to afford website operators a chance to successfully challenge actions brought against their sites.

However, I’m still concerned about several aspects of PROTECT IP. Its private right of action, while limited in scope, may result in small websites whose users frequently post infringing content being targeted by costly, burdensome litigation initiated by rights holders. CDT’s David Sohn elaborates on the risks of creating a private right of action in his superb analysis of the bill.

The voluntary actions clause is also quite troubling, as I’ve argued before and as Wendy Seltzer argues on her blog. While I’m all for voluntary actions in principle, such actions should not override private contracts or terms of service agreements that would otherwise be enforceable.

It’s also unfortunate that the PROTECT IP Act does not include a cost reimbursement section, as I suggested last year, or at least an exemption for small entities. While the bill establishes an affirmative defense for an information location tools that doesn’t comply with an order “by showing that the defendant does not have the technical means to comply . . . without incurring an unreasonable economic burden,” it’s far from clear what exactly court would deem “unreasonable.” News of the Justice Department seeking injunctive relief against a small search site operator for failing to comply with a court order issued under PROTECT IP will have a chilling effect on all kinds of small-time Internet platforms.

As lawmakers consider the PROTECT IP Act in coming weeks and months, they should also revisit 18 U.S.C. § 2323, a civil forfeiture provision enacted in 2008 as part of the PRO-IP Act. This extraordinarily broad statute has recently been criticized by many legal scholars. Rep. Zoe Lofgren, among other legislators, has been very critical of the way in which seizures have been conducted. While seizures are certainly justified in some instances, the statute should be narrowed to include only websites “dedicated to infringing activities,” and it should require the government to attempt to commence in personam actions in all instances. Domain names aren’t movable property — unlike illegal drugs or weapons, there is no risk of a criminal “hiding” a domain name or destroying it before evidence of its illegality can be secured.

Update: The final version of the bill text changed the term “interactive computer service” to “information location tool,” which is a positive change. I’ve changed this essay slightly to reflect the distinction.

On November 18, the Senate Judiciary Committee unanimously approved the “Combating Online Infringements and Counterfeits Act” (COICA). The bill would enable the U.S. Attorney General to obtain a court order disabling access to web domains that are “dedicated to infringing activities.”

These “rogue websites” are a real problem, as the website Fight Online Theft explains, so it’s a good thing that Congress is working to address them. However, some of COICA’s provisions raise profound constitutional concerns, and the bill lacks adequate safeguards to protect against the unwarranted suspension of Internet domain names, as the website Don’t Censor the Net argues. The bill also doesn’t provide a mechanism for website operators targeted by the Attorney General to defend their site in an adversary judicial proceeding. This week, a group of over 40 law professors submitted a letter to the U.S. Senate arguing that COICA, in its current form, suffers from “egregious Constitutional infirmities.”

To address these concerns, CEI is urging Congress to amend COICA to provide for more robust safeguards, including:

• ŸProviding a meaningful opportunity for Internet site operators to challenge before a federal court an Attorney General’s assertion that their site is “dedicated to infringing activities” prior to the suspension of their domain name;

• Requiring that the Attorney General, upon commencing an in rem action against a domain name, make a reasonable and good faith effort to promptly notify the site’s actual operator of the action;

• Clarifying the definition of an Internet site “dedicated to infringing activities” to ensure that websites with nontrivial lawful uses that facilitate infringing acts by third parties will not face domain name suspension if their operators:
  • Comply with legitimate takedown requests from rightsholders;
  • Do not receive a financial benefit directly attributable to infringing activities;
  • Do not design their site primarily for the purpose of facilitating infringing activities; and
  • Do not induce infringing activities.

• Instructing the Department of Justice and federal prosecutors not to request that domain name registrars, registries, or service providers suspend domain names that have not been deemed to be “dedicated to infringing activities,” or otherwise unlawful, by a federal court; and

• Requiring the Department of Justice to compensate domain name registrars, registries, and service providers for any reasonable costs they incur in the course of disabling access to infringing domain names.

EDIT 11/24/10: After reviewing in greater detail the amended version of the bill (PDF), I’d like to suggest a sixth change:

• Eliminating the “Voluntary Actions” clause, which grants blanket immunity from civil liability to any domain name registry, registrar, financial provider, or ad service that “voluntarily” disables a website that it reasonably believes to be dedicated to infringing activities.

Carl Malamud is a breakthrough thinker and doer on transparency and open government. In the brief video below, he makes the very interesting case that various regulatory codes are wrongly withheld from the public domain while citizens are expected to comply with them. It’s important, mind-opening stuff.

It seems a plain violation of due process that a person might be presumed to know laws that are not publicly available. I’m not aware of any cases finding that inability to access the law for want of money is a constitutional problem, but the situation analogizes fairly well to Harper v. Virginia, in which a poll tax that would exclude the indigent from voting was found to violate equal protection.

Regulatory codes that must be purchased at a high price will tend to cartelize trades by raising a barrier to entry against those who can’t pay for copies of the law. Private ownership of public law seems plainly inconsistent with due process, equal protection, and the rule of law. You’ll sense in the video that Malamud is no libertarian, but an enemy of an enemy of ordered liberty is a friend of liberty.

In discussions about data-intensive government programs like watchlists, people often talk about the importance of “redress” – giving the public some way to correct information or dispute adverse decisions arising from these programs.

“Redress” is a misnomer that diminishes the importance of the subject at hand. Constitutional Due Process is what’s at stake. So says the Ninth Circuit in the case of Humphries v. County of Los Angeles.