Piracy, ISPs, and six strikes: not two outs, or even one…
In a voluntary self-policing effort most likely intended to help safeguard their Communications Decency Act (“CDA”) Section 230 immunity from suit, several Internet Service Providers (“ISPs”) have created a “Copyright Alert System” (“CAS”) to allow content owners the opportunity to report piracy, through which “strikes” can be issued to Internet service users as a warning for piracy. This YouTube user who I can’t identify as an authority, has a few generally accurate, and fairly informative videos about the CAS regime. It’s not clear whether this user is a representative of the ISPs or not. Comcast also has a pretty good set of faqs on the CAS.
Essentially, the CAS allows content owners to identify infringing IP addresses after verifying that infringement is taking place by P2P (“peer to peer”) file sharing. The ISP then sends a warning to the Internet service user who had that IP address at the relevant time. After multiple warnings the Internet service user may be required to view a video about piracy, and after several warnings that user’s service may be “throttled,” or slowed down to make piracy more difficult or time-consuming. The CAS includes an arbitration process for challenging warnings (Russell’s teapot: How do you prove you weren’t pirating?), but no circumstance under which an Internet service user’s account is to be terminated.
Frankly, no one will or even should be satisfied by this system. For Internet service users the CAS is a generally offensive, paternalistic, probably meaningless annoyance. First, those who are engaged in piracy will most likely treat the various warnings as “strikes” in the baseball sense – you can still hit a home run after two strikes, and you can still pirate after five. While those who aren’t engaged in piracy may get the benefit of an “early warning” that someone may be using their Internet connection to pirate, they may just as likely be getting “warnings” for non-piracy in the form of legitimate sharing of documents or other files or even, less likely, fair use. Furthermore, our firm has experience in cases where intellectual property owners take the position that it is the alleged infringer’s obligation to prove to them that there is no infringement, rather than their obligation to prove that there is. One can easily see where it might be easier for an intellectual property owner to simply report all the IP addresses that are file-sharing certain search terms, without verifying actual infringement, than to fully download and hash-confirm every file from every apparent infringer. Though this will violate the terms of the CAS, it will happen, and innocent users will certainly express their aggravation at the expense and hassle of arbitration. ISPs won’t enjoy their users’ aggravation.
For content owners, the system has no teeth. The one benefit is that it may make it easier for these providers to ultimately identify repeat offenders if they decide to sue. That very minor expediting, and even more minor reduction in the cost, of a lawsuit, is almost certainly less relief than they would prefer particularly since none of the voluntarily participating ISPs have indicated they will actually terminatethe service of repeat offenders. More to the point, CAS is limited to P2P file sharing – what about, say, megaupload, rapidshare, mediafire, YouTube, dailymotion, etc.? A study in the wake of the shutdown of megaupload showed little effect on piracy. How happy can intellectual property owners be about the promise to repeatedly threaten slaps on the wrist – without the promise of any actual slap, ever? Also, not all providers are participating, apparently only AT&T, Cablevision, Comcast, Time Warner Cable and Verizon are – 25% of all broadband users don’t receive service from a participating ISP. At least 25% of broadband users won’t even get the idle threat…
Worst of all, I am not at all convinced that this system doesn’t actually threaten, in some ways, the CDA immunity it was apparently intended to preserve. 47 USC §230(c), the CDA immunity provision, states that 1) the ISP cannot be considered the “publisher or speaker” of pirated materials, 2) the ISP can restrict “objectionable” content such as “obscene, lewd, lascivious, filthy, excessively violent, harassing” content, and 3) the ISP is entitled to “enable or make available to information content providers or others the technical means to restrict access to pirated material.” The immunity is intended to protect ISPs from liability for the actions of others because, obviously, they may not be aware of things said by their users (in a defamation context) or content shared (in a copyright/intellectual property context). Most courts have taken literally the immunity in the form of the ISP not being considered the publisher or speaker, thus insulating against primary liability for, say, defamation or copyright infringement. It would seem though, that when the ISP has warned the same user 6 times that they are violating copyrights, but continues to provide even throttled service, there may be secondary liability in the form of negligence or perhaps even some possible conspiracy. Of course, the CAS is far too new for there to be any caselaw on this question, but I would gladly make the argument, particularly where the same user continues to share the same file(s) after several warnings.
Frankly, CAS is more interesting as evidence of some effort by ISPs than as an actual piracy preventer. It should be interesting to see what happens as people hit or exceed their 6 strikes, but continue to run the bases.