I’ve now had some time to read the Combating Online Infringement and Counterfeits Act (you can too). Reactions to follow, but first a quick sketch of the bill:
The bill gives the Attorney General specific powers to go after websites that are “dedicated to infringing activities.” (This is both the copyright and trademark context, but I’m going to focus on the former.) The statute defines “dedicated to infringing activities” as websites (1) “primarily designed” for trademark and copyright infringement, (2) lacking “demonstrable, commercially significant purpose or use” other than infringement, or (3) marketed by its operator to offer infringement. When taken together, these activities must be “central” to the activity of the website to meet this definition.
I used the word “infringement” above. It’s important to note that this is not speaking of traditional, primary infringement, or even established doctrines of vicarious, contributory, and inducement liability. It extends further than that, covering those “enabling” or “facilitating” infringement. (I would argue this to be further than the “knowing inducement” standard of contributory liability.) It also covers those offering or providing access to copyright-protected materials, including providing links to other Internet resources used to obtain copies. This too is an expansion of liability, though previously recognized in some lower-court opinions.
Under this bill the Attorney General has the power to proceed in rem against a domain name used by a website “dedicated to infringing activity.” The in rem nature of this is important: instead of having the lawsuit proceed against the person responsible for the infringing activity, the lawsuit is filed over the website itself. Thus, a judgment over the property binds the world with respect to the property, instead of just binding the defendant in the particular case.
The AG must send notice to the “registrant of the domain” (if available) and published notice of the action. The lawsuit would either be filed in the District of Columbia (if the registry is outside the United States) or the district housing the registrant or registry of the domain. All court document are to be served on the “domain name registrar,” or, failing that, on the “registry.” The remedy provided is injunctive and not monetary – a temporary restraining order, a preliminary injunction, and/or a permanent injunction. All the requirements for having a court issue this injunction are tied to Rule 65 of the Federal Rules of Civil Procedure presumably require the standard demonstrations of proof for those remedies. Should a court be persuaded that injunction is appropriate, the AG can then serve the court’s order on the registrant or registry, who is then ordered to suspend operation of the website and lock the domain name. If the registry is foreign, the AG can (with a court order) tell a “service provider,” a financial transaction provider, or an advertising agent on the website to cease serving that website, effectively creating a firewall for the average American user.
The bill does provide for modification of a court order. The owner or operator of the website may petition the court to modify, suspend, or vacate the order based on evidence that it is no longer “dedicated to infringing activities” or that the order should be vacated in the interest of justice. The AG can petition for modification to expand it to cover a migratory domain name and to include additional domain names “used in substantially the same manner” as the initial site. Should the domain name registration expire, the court order automatically ceases.
As mentioned above, the AG will maintain a public listing of domains subject to this order, as well as those that the DoJ believes to be qualifying, but for which AG has not yet filed an action. The AG also must inform our Intellectual Property Enforcement Coordinator (colloquially known as the “Copyright Czar”), who will also post the affected domain names on a public website. The AG must also publish a procedure for receiving information from public about sites “dedicated to infringing activities,” and give guidance to IP-holders as to how to provide the DoJ with information to begin an investigation.
******************
So that’s the bill, and here are my reservations about it:
My first reaction is one shared by EFF several other groups – this is the very first time I can think of where the United States is prepared to assert its sovereign domain over the entire Internet. By proceeding in rem and going after domain name registries directly, we are leveraging the coincidental fact that most of the major top-level root domain servers are located inside of the United States, and most of the domain registration services (the GoDaddys and Dotsters of the world) are located here too. The reason for doing this is obvious: it’s expedient. The defendant may be hard to identify, located abroad, or deliberately hard to reach. Instead of going after her they can go after the severs she uses, which usually have fixed business addresses and legal departments. (I’m not quite sure if this is meant to cover to the DNS root servers or the domain name registration services themselves – more on that below.) In the rare cases where the United States does not house the addressing servers, the bill’s solution is to simply throw up a firewall, which is a pretty extreme measure.
This would not be a problem if I believed that this would only be used to go after websites solely dedicated to posting up torrents for movies, but I doubt this is the case. The terms used here seem to expand further than that. They encompass The Pirate Bay and MegaUpload for sure (and make no mistake, they are the targets of this legislation), but the bill arguably covers many more sites. This has great potential to seriously upset the balance of liability between websites and content controllers. In the Sony Betamax case we gave technology creators a wide berth, shielding from liability when a technology was capable of “substantial non-infringing uses.” Justice Breyer’s concurrence in Grokster states that the Court in Sony was looking at about 9% non-infringing use, and found that small percent to be “substantial” enough. Is 9% non-infringing use “commercially significant” enough to avoid in rem takedown here? Tumblr is a service that is largely dedicated to sharing media, often without the copyright owner’s authorization. Should they fail to show a commercially substantial use that isn’t dedicated to hosting infringing media files, could they be subject to takedown? And what about those of us that use Bit Torrent to share legally? Or use drop.io or MegaUpload simply because our email servers don’t let us send 100 MB attachments? Or use Tumblr to share media that we ourselves created? If we don’t make up a commercially significant share of the website’s population do we lose our service?
I think this liability shift is especially powerful with respect to websites driven by third-party content. We generally immunize web service providers from liability based on conduct of visitors to the site, whether it be copyright under the DMCA or libelous speech under Section 230. When proceeding in rem there is no meaningful way to distinguish between content posted by third parties and content posted by the website provider. As Public Knowledge points out, a small-scale media sharing site like a nascent YouTube could easily be taken down. Why this is so dangerous is an obvious point raised by many other critics – posting material online is an exercise of free expression, and services which aggregate many users are particularly strong forums for such expression, due to their bandwagon nature and ease of access. We should not so wantonly jeopardize these fora.
All of this is contestable, of course. But with an in rem proceeding, who exactly is going to appear before the court to debate that with the government’s attorney? The bill clearly states that the “domain name registrar” (which for reasons I note below I believe is referring the person who registers the website with a registration service like Go Daddy) receives notice in this action, and thus can appear in court to contest this categorical issuance. But the statute only requires the AG to contact the website owner using the mail and e-mail addresses provided by the registrant to the registrar. Anyone who has ever registered a domain name knows that these are often faked, as the only other time these addresses are used is in the whois information. To date, there’s been no legal consequence for feigning this information (though ICANN doesn’t like it and it may violate the terms of use with your registration service). Are you then left unable to defend your website? And what of services like Go Daddy’s anonymous registration service? Does the DoJ get to look around that? And if you today were to receive an email claiming it was from the Department of Justice and that you had to appear and defend your website’s rights, would you think it spam? Email is not generally sufficient service of process (at least in federal courts); we’re not used to receiving messages of such legal consequence in our inboxes. It may not constitutionally offend due process, but it sure does in spirit.
This is not to say that all is lost in this bill. I take comfort in the fact that this purely a remedy available to the Justice Department. Prosecutorial discretion will no-doubt mitigate these fears about sweeping up free expression and put any action into some form of greater utilitarian calculus. But Prof. Seltzer makes a good point about the private sector’s involvement in this bill – IP-owners are given an input into the Attorney General’s execution of the policy, but no similar mechanism is made for advocates for the websites. The weight of this legislation is clearly in favor of existing content owners. No wonder Hollywood is so excited about the prospects of this bill. At least the bill gives us transparency, which (ideally) should help us inform public debate over the merits of this bill’s eventual execution.
Two other, more minor, problems add to my general displeasure. First, I highly doubt this will be effective at stopping online piracy. If the allegedly infringing website is only using a service like Go Daddy to register their domain name, leaving content servers elsewhere, this is going to have little practical difference. Maybe you can’t type in “thepiratebay.org” and have it resolve to the Pirate Bay anymore. But if you are sophisticated enough to type in “194.71.107.15″ into your address bar, you’ll still get the Pirate Bay. Cutting off the name server will not kill the website. The Internet is deliberately decentralized in that way. It would take active network filtering nation-wide to have the effect of blocking the Pirate Bay in the United States, which is a very drastic step indeed. But say we take that step – what’s to stop the pirates from creating a proxy server network to frustrate that means as well? Congress is trying to beat web-geeks at their own game. That is as sisyphean as it is stupid.
Second, in my opinion the bill suffers from some poor drafting. For example, who exactly does the AG give notice to under this bill? The bill carefully defines what it means to be “dedicated to infringing activity,” but other vital terms like “domain registry” and “registrant” get no clarity. When the bill speaks of the “registrant,” does it refer to the person who signs up with Go Daddy to get “mywebsite.com,” or is it Go Daddy, who has to go to VeriSign when it registers any “.com” domain name? Both parties are registering something from a registry, but with which one does the Attorney General interact? I can make an argument either way. The bill uses the term “operator” to define the person responsible for controlling the content of the site, so should we assume the website owner is the “operator,” the “registrant” is their domain name service, and the “registry” is VeriSign? On the other hand, “registrant” does appear in one other section in Title 18, referring there to the user of a web service. Should we impute a similar definition here? My guess, based on the way in which this bill distinguishes “registrants” from a “registry,” is that the “registrant” is the person who registers a domain name from a “registrar” like Go Daddy, but it’s far from certain. The bill has similar trouble trying to define who an online “service provider” is. The statute reflexively defines Internet “service provider” by its definition in 17 U.S.C. § 512(k)(1). The problem is, that section has two different definitions for service provider – either an ISP as we think of the term colloquially, or anyone who provides any service on the Internet. Would it have been so hard to pick one definition and include it in the bill?
********************
I said a few days ago that I agree in spirit with the bill, and I still feel the same way today. I do not follow my colleagues who categorically reject using in rem tactics to try and stop infringing activity on the Internet. I do not think cyberspace should be categorically immune from government intervention. I recognize that there will be times when we cannot reach the person, and can only exercise power over the data the person left in a server in Virginia. But going after a website for its content should be a last resort, narrowly defined and restrained in execution. I accept the view that speech which infringes copyright is not subject to First Amendment protection, but any attempt to restrain expression should only follow a full and fair adjudication of the infringement question. It should be applicable only to those services which already fit our existing doctrines of secondary infringement liability. We should not attempt to sweep so broadly without mechanisms to better protect what might get swept up as collateral damage. It is not hard to imagine a website that has important expressive value, but nevertheless is removed from the Internet or blocked in the United States due to its inducement of copyright infringement. Hell, even the Pirate Bay runs a blog.
And there is one remedy here that I will never endorse: Internet filtering. We are seriously debating installing what can only be described as a nation-wide firewall. Consider the company we would keep doing so.
Andy — Great post. Some comments:
This isn’t the first time Congress has “asserted its sovereign domain over the entire Internet.” The Anticybersquatting Consumer Protection Act, 15 U.S.C. § 1125(d), lets trademark owners file in rem actions against domain names that infringe their trademarks. Courts are empowered to order “the forfeiture or cancellation of the domain name or the transfer of the domain name to the owner of the mark.” So, for better or for worse, laws permitting this kind of action against a domain name aren’t without precedent.
“Forfeiture”, “cancellation”, and “transfer” of a domain name (as in ACPA), and “suspend[ing] operation of, and lock[ing]” a domain name (as in COICA § (e)(1)) all require a third party to take some action, but they’re not really that far removed from other in rem cases. If you accept the legal fiction of an action against a piece of property, these remedies aren’t that remarkable. (Especially since ACPA and COICA take pains to make sure the cases will be heard in courts that already have personal jurisdiction over the registries and such that will be required to take those actions.)
What is unprecedented, though (as far as I can tell), is the inclusion of remedies entirely directed at third parties, beyond deciding the disposition of the piece of property at question in the in rem suit. Enjoining a credit-card company from processing payments “based on purchases associated with the domain name”, for example, raises a host of due-process issues, including personal jurisdiction over the credit-card company, notice and chance to respond, and so on. Preliminary injunctions and TROs are only supposed to be issued against the parties to a suit, their agents, and others “who are in active concert and participation” with them — is this bill arguing that every ISP that runs a DNS server is “in active concert and participation” with every domain that hosts infringing content?
And regarding the usage of the word “infringement” in this bill, I’d say your complaints above don’t go far enough. The bill defines infringement by referring to offering “goods or services in violation of title 17, United States Code”. Title 17 defines copyright infringement in section 501, but there are a ton of other sections that define violations as well—violations that traditionally haven’t been considered “infringement”. The obvious one is circumvention of DRM, from section 1201, but my favorite for the purpose of showing the overbreadth of this bill is section 407′s deposit requirement. If you publish a copyrighted work, you have to give copies of it to the Copyright Office within three months, or else you’re violating Title 17. So any website that displays copyrighted photographs, for example, that haven’t been deposited with the Copyright Office is “in violation of title 17″, regardless of the copyright holder’s authorization. Oops.
Comment by Mart — 24 September 2010 @ 2:41 pm |
Mart, I’ve been thinking more about the comparison between § 1125(d) and this bill. I wonder if we could look at the prosecution history and see how the courts have responded to a free speech or nominative fair use defense in Cybersquatting cases. “Pure” trademark infringement doesn’t raise the same First Amendment fears as copyright does, generally, but abusive application could reach the same end.
Comment by Andy — 28 September 2010 @ 5:12 pm |
[...] is, of course, unless we’re filtering the Internet to protect someone’s copyright. And all of this makes me wonder: if we are going to filter the Internet, and order companies to [...]
Pingback by Wiretapping the Internet « Andy on the Road — 27 September 2010 @ 10:35 am |
I am regular reader, how are you everybody? This
article posted at this web site is really fastidious.
Comment by iphone repair malaysia — 6 May 2013 @ 2:02 pm |
You’re so interesting! I don’t believe I have read a single thing like that
before. So good to discover somebody with genuine thoughts on
this subject matter. Seriously.. thanks for starting this up.
This website is something that is required on the internet, someone with a bit of originality!
Comment by ipad repair kepong — 7 May 2013 @ 4:26 pm |
Hi there, its good post about media print, we all understand media is a enormous source of information.
Comment by Ipad Repair Petaling Jaya — 9 May 2013 @ 1:27 am |
Hello! I could have sworn I’ve been to this blog before but after reading through some of the post I realized it’s
new to me. Anyways, I’m definitely delighted I found it and I’ll be bookmarking
and checking back often!
Comment by Trey — 13 May 2013 @ 12:49 am |
I was wondering if you ever considered changing the page layout of your site?
Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could connect with it better.
Youve got an awful lot of text for only having one or 2 images.
Maybe you could space it out better?
Comment by imacrepairmalaysia.drupalgardens.com — 13 May 2013 @ 12:56 pm |