Guidelines Evolving on ISP Liability for Users’ Misdeeds

Recently, there have been a number of interesting cases dealing with the liability of an ISP for the misdeeds of a user.

In the case of CoStar Group v. Loopnet Inc., the U.S. Court of Appeals for the Fourth Circuit found that ISPs are not liable for copyright infringement when they passively store data. Specifically, the court found that “the automatic copying, storage, and transmission of copyrighted materials, when instigated by others, does not render an ISP strictly liable for copyright infringement under Sections 501 and 106 of the Copyright Act.”

However, the court found that an ISP could become liable indirectly upon “a showing of additional involvement sufficient to establish a contributory or vicarious violation of the Act, in which case, the ISP could still look to the Digital Millennium Copyright Act (‘DMCA’) for a safe harbor if it fulfilled the conditions contained in the DMCA for the protection of ISPs.

In two other recent cases, appellate courts have questioned the scope of the immunity provided by the Good Samaritan provisions of the Communications Decency Act 1996 (CDA) to ISPs.

Not a Publisher

In Doe v. GTE, the U.S. Court of Appeals for the Seventh Circuit affirmed the district court’s decision to dismiss charges filed by college athletes from several universities against, among others, the (i) e-tailers that advertised video tapes of the athletes taken without their knowledge or consent in locker rooms, bathrooms and showers, and (ii) ISPs that provided the e-tailers with Internet access and Web hosting services.

The claim against the ISPs, GTE (which has since merged with Bell Atlantic to form Verizon) and Genuity, had been dismissed. The district court based its decision on (i) Section 230(c) of the CDA, which states that “[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider, and (ii) Section 230(e)(3) of CDA, which states that this provision preempts contradictory state law.

On appeal, the plaintiffs invoked the Electronic Communications Privacy Act, arguing that the ISPs intercepted and disclosed oral communications (the video tapes also included audio).

The appellate court rejected this argument on the basis that the ISPs were not the direct perpetrators of the acts.

Duty to Protect

Notwithstanding the foregoing, the court may have opened a door for similar cases in the future by acknowledging that the plaintiffs “would have had a better argument that, by its contracts with the [sellers], GTE assumed a duty to protect them.

Moreover, the court noted that previous interpretations of Section 230 suggesting that ISPs cannot be held liable for either censoring or failing to censor material seems unlikely to reflect the original purpose of a section entitled “Protection for ‘Good Samaritan’ blocking and screening of offensive material.

The immunity provided under Section 230 was also raised before the Court of Appeal of the State of California in Barrett v. Rosenthal. At issue was the scope of immunity for those who merely republish defamatory statements.

The state court declined to adopt the reasoning of the federal court in Zeran v. America Online Inc. (4th Cir 1997, 129 F 3d 327), which interpreted the terms “publisher or speaker” in Section 230 to include distributors.

Instead, the state court held that the Good Samaritan provisions should be read in accordance with the common law principle of distributor or knowledge-based liability. This would mean that such provisions would not provide blanket immunity to distributors who would otherwise be liable under common law.

Canadian Case

North of the border, in a landmark recent decision, the Supreme Court of Canada unanimously held that ISPs cannot be held liable for violations of Canadian copyright law committed by their subscribers.

The Canadian court found that ISPs simply provide the means for the telecommunication of published materials, and, accordingly are shielded from liability under Section 2.4(1)(b) of the Canadian Copyright Act, which deems that participants in a communication who only provide the means necessary for telecommunications are deemed not to be communicators.

This decision marks the culmination of close to 10 years of litigation and regulatory appeals, which began in 1995 when the Society of Composers, Authors and Music Publishers of Canada (SOCAN) asked the Canadian Copyright Board to impose royalties, known as Tariff 22, on ISPs that facilitated the transfer of published works over the Internet.

The central concern was the downloading of music files. SOCAN argued that ISPs were infringing on the rights of copyright owners to communicate and authorize the communication of their works to the public found in section 3(1)(f) of the Act.

No Exception

The Board refused to hold ISPs liable because of the exception found in Section 2.4(1)(b) of the Act.

The Canadian Court of Appeal found that the exception did not apply to ISPs due, in part, to the practice of caching by ISPs (caching refers to the temporary storage of data on servers of ISPs).

The majority ruled that when ISPs engage in caching they are no longer simply facilitators of the telecommunications process, but become communicators and attract liability for copyright infringement.

The Canadian Supreme Court accepted the Boards finding that ISPs fall within the exception provided in Section 2.4(1)(b) of the Act. The relevant test is to look at each transaction individually to determine whether an intermediary, such as an ISP, acts merely as a conduit for communications for other persons, or whether it is acting as something more.

The court found the practice of caching did not vitiate the exception since caching is a serendipitous consequence of improvements in Internet technology, [caching] is content neutral and [it] ought not to have any legal bearing on the communication. Caching is dictated by the need to deliver faster and more economic service, and should not, when undertaken only for such technical reasons, attract copyright liability.

Knowledge Not Decisive

The court also found that knowledge of potential infringements by subscribers does not make an ISP liable for authorizing the infringement because ISPs are entitled to presume that their facilities will be used in accordance with the law, and ISPs do not grant licenses or permission to subscribers that permit infringement.

On the issue of determining whether a Canadian court could assert jurisdiction in Internet copyright matters, the court found that there must be a real and substantial connection between Canada and the country where the communication originated. Relevant factors include a consideration of location of the content provider, the host server, intermediaries and the end user. The court rejected the Boards ruling that jurisdiction could only be asserted when the host server was located in Canada.

The Canadian decision is in line with international and U.S. trends, where basically courts in different jurisdictions have afforded ISPs a high level of protection for the misdeeds of their users as long as the ISPs role was limited to hosting and/or providing access to the user, and the ISP was acting in good faith.

Having said that, there will always be claims against ISPs for the transgressions of their users even if they follow all the rules. Simply stated, ISPs are the messengers who are around long after the offending user has disappeared, and usually ISPs are the ones with the deep pockets.

Javad Heydary, an E-Commerce Times columnist, is an e-businessattorney (Ontario & New York) at the Toronto-based law firm of HeydaryHamilton LLP and the managing editor of

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

E-Commerce Times Channels