Counsel for Technology, Entertainment, and Business
This past Thursday I gave a talk called “From Pages to Platforms” about the ways that Web 2.0 has affected Internet Law. Here it is in webcast form.
I recommend downloading (instead of allowing it to play in the browser) for a full-screen picture.
Last Wednesday a federal judge declared a mistrial in Capitol v. Thomas and set aside the judgment for the plaintiffs when he found that the theory of “making available” may not have been sufficient to constitute infringement.1 The core of the RIAA’s position here is that Thomas infringed by merely offering to distribute copies of a work from her computer, even if no one ever actually downloaded a single copy. The problem with this sort of a theory lies of course in the Copyright Act. While § 106(3) provides recovery for “distribution,” nowhere does the Act permit recovery for “attempted” copyright infringement of any kind.
If you haven’t been following this case, the solution might seem obvious. Why doesn’t the copyright owner simply present evidence that the defendant actually distributed some copies? But it’s not that simple, and I don’t think the RIAA can win this time. Here’s why.
Recording companies identify plaintiffs through a fairly crude process.2 When an Internet user runs a file-sharing application that uses the peer-to-peer model, the file-sharing application typically searches the user’s computer for media files and indexes all that it finds. The index will normally contain a list of the audio files sorted by artist, album, genre, and some other criteria. It then uploads this index to another computer on the peer-to-peer network with a fast connection and large storage capacity. The computers that store indexes of other users’ files are commonly called “supernodes,” while other users are called simply “nodes.”
When one node on the network wants to find a particular recording, it submits a search query to a supernode. The supernode returns a response that indicates which computers on the file-sharing network have copies of the file along with the IP addresses of those computers. When a copyright owner (or one of its contractors such as MediaSentry, a company that provides online copyright enforcement services) wants to identify infringers, it connects to a file-sharing network as a node and searches for the name of a recording for which it owns the copyright. When the supernode returns a list of computers that are offering the file for download, the copyright owner sends another query to the supernode called “find more from this user” that returns a list of all of the files being offered from one of those computers. The copyright owner then brings suit against the Internet subscriber using that IP address for damages arising from infringement of the copyright owner’s exclusive distribution right under 17 USCS § 106(3).
Assuming that the indices generated by the defendants’ computers accurately convey the media files that are hosted by that node, the copyright owner now has an accurate list of files that the defendant is making available to the public–nothing less and nothing more. The node is offering these files for download and, if a third party wants to initiate a file transfer, such a transfer will likely occur. But neither the supernode nor the node contains any evidence that such a transfer actually took place. In other words, the copyright owner has plenty of evidence that the defendant made an offer to distribute infringing copies but no evidence that anyone actually took him up on that offer. Worse yet, given the number of nodes available on most file-sharing networks at any one time (typically millions or more), for popular sound recordings and movies, it is actually exceedingly unlikely that most nodes have ever consummated an outgoing transfer because there are so many other nodes with copies of the same content.
In a court filing, an RIAA attorney contended that ”requiring proof of actual transfers would cripple efforts to enforce copyright owners’ rights online – and would solely benefit those who seek to freeload off plaintiff’s investment.”3 If the plaintiffs continue to limit themselves to the methods I described above, I don’t doubt this. But there’s no question in my mind that “making available” is not equivalent to any of the exclusive rights enumerated in the Copyright Act.4 To win with the evidence they have, the plaintiff would need to in effect fashion a new kind of claim for attempted copyright infringement. In the Ninth Circuit, judges have already resisted such attempts. In Perfect 10 v. Amazon.com, the Court in dicta blocked what it called “the proposition that merely making images ‘available’ violates the copyright owner’s distribution right.”5 A separate line of cases has also evolved out of an Eighth Circuit case6 that has been applied to file-sharing actions. These Judges consistently find that “record companies must show that an unlawful copy was disseminated ‘to the public.’”
The problem here is that, because of the way the Internet works, we don’t really have those kinds of records in an easily accessible form anywhere. The RIAA seems to understand this. It’s one thing to use the discovery process to find out what a particular computer has downloaded. That’s trivial. But finding out what other computers have downloaded from a defendant, while not impossible, could be extremely difficult.
For this reason, I don’t think Capitol and MediaSentry can win this one.
This weblog is an informational resource only. It is not designed to offer legal advice.
The Internet has created interesting copyright law questions for many different kinds of media, from the photographs in Kelly v. Arriba Soft to the audio recordings in A&M Records v. Napster. Typically these cases turn on whether the defendant–typically the trailblazing operator of some new Internet-based service–has distributed the plaintiff’s copyrighted material without authorization.
As Kelly illustrated, web pages are absolutely fair game for copyright infringement actions when they contain infringing materials. Take a closer look at this very post as it appears in your computer’s web browser. There are a few small graphics here and there such as the small “Linkedin” icon to the right, but the vast majority of this page is text. As the author of the substance of this text–the “words” of it–I own the copyright to it and, by publishing it on this blog, I’m granting you a license to download, read, and use it under certain license terms that are outlined in the Creative Commons License that I’ve indicated at the bottom of the page. But how about the “design” of the words? I don’t own the copyright to the typography or font. I certainly don’t have a right to distribute the font, and I’m certainly not authorized to convey any rights to you in that regard. Luckily, thanks to the basic design of HTML and the Web, this has traditionally never been a problem. No web page actually contains or distributes a copy of a font. Web pages instead rely on tags written into the HTML which simply tell the receiving party’s computer’s web browser (in this case your web browser) which font or fonts to use for rendering the web page’s text.
So, for example, if I want the text of this post to display in the font called “Helvetica,” I insert a tag that tells your web browser to display that text in “Helvetica” and rely on your computer already having that font and using it to display the text. If for some reason your computer does not have that font, your web browser will probably substitute the typeface with some other one, perhaps “Times New Roman.” There’s no potential for copyright infringement here because the web standards in place simply don’t provide a mechanism for the distribution of a font; we’re merely using ones that you (the viewer) already have.
As you can imagine, this results in a frustrating situation for many web designers. The inability to “push” fonts to visitors’ computers means that web designers are typically limited to a very small selection of “web-safe fonts,” or typefaces that are likely to be installed by default on wide variety of computers and operating systems. Apple and others in the software business have recently been promoting a new standard for the web called CSS Level 3 (or “CSS3″) which provides, among many other things, a way for web designers to easily embed a copy of a font into a web page. In theory, this would mean that a web designer could use any font he likes in his designs instead of being limited to only a handful of “web-safe” fonts. The latest version of Safari, Apple’s freeware web browser application for Windows and Mac OS X, is among the first to support CSS3 and Apple has begun promoting this. Specifically, the Safari website contains the following text as of this writing:
With CSS3 web fonts in Safari 3.1, web designers can go beyond web-safe fonts and use any font they want to create stunning new websites using standards-based technology. Safari automatically recognizes websites that use custom fonts and downloads them as they’re needed.
Typography designers are understandably disturbed by this sort of marketing because it could give some web designers the mistaken impression that it’s permissible to distribute copies of a font without authorization from the owner of the copyright in that font. This sort of marketing language bears a scary resemblance to the U.S. Supreme Court’s holding in MGM v. Grokster, in which the Court unanimously declared that one who “actively induces” copyright infringement is secondarily liable for that infringement. I don’t think it would be a stretch to call Apple’s “use any font they want to create stunning new websites” text an “active inducement” of that infringing activity.
Of course, there are obvious differences between the Grokster application and Safari. Grokster was designed specifically to attract former users of Napster’s peer-to-peer network following that service’s annihilation, for the same purpose as Napster. The Safari application is merely a cutting-edge web browser. Indeed, Safari itself doesn’t provide for file distribution at all; it only provides a way to download information that has been posted. There’s also a weak argument that Apple’s Safari website is aimed at end-users (communicating what they can expect from the application) and not web designers (telling them what they should do). But, for the purposes of secondary liability, none of this matters. At the end of the day, Apple’s Safari website is actively telling visitors that web designers can distribute any fonts they want for users to download through CSS3, and this sort of marketing language is dangerous. There’s nothing wrong with offering CSS3 compatibility and advertising that fact, but in a post-Grokster world, Apple and other software companies with cutting-edge technology need to be more careful about publishing information that seems to promote use without regard to infringement.
Disclaimer: This weblog is an informational resource only. It is not designed to offer legal advice.
Update: I remembered this morning that PDFs can also include copies of the fonts used therein, depending on the settings of the software used to make them. Some PDF creation software, like the one built into Mac OS X, seems to embed font files for every font used in a document. Unless the PDF format provides some way to prevent end-users from accessing and using embedded fonts, this poses the same question as CSS3.
Here’s a summary of the stories I’ve been following this week:
JuicyCampus is an Internet forum that encourages visitors to post gossip and rumors relating to people at any of a number of colleges and universities in the U.S. (currently 59). The operators of the website purport to offer complete anonymity to posters by way of IP address masking and other policies; they claim that this fosters free speech that otherwise could not be possible. The website has been in service since sometime in August 2007. In the short period of time that has passed since then, it has already become a target of controversy because of its potential for anonymously spreading objectionable content like hate speech, libel, and privacy invasions. I have been periodically checking the website’s home page since I first learned of it two days ago; since then I have read front-page posts that purport to challenge particular students’ sexualities (typically called out by the targets’ full names), defend anti-Semitic viewpoints, and much more.
The most obvious potential for litigation against JuicyCampus, aside from the largely meritless consumer fraud action brewing against them in New Jersey, is a suit for libel by a hypothetical student who claims s/he has been defamed by something posted by a visitor to the website. Defamation is the communication of a false statement of fact that may harm the reputation of an individual. Courts have held that the posting of a defamatory statement to an Internet website is libel, the strongest form of defamation which is characterized by having the harmful statement published in a fixed medium. Section 230(c)(1) of the Communications Decency Act of 1996 provides immunity from certain kinds of civil liability, including defamation, for “providers of interactive computer services” who publish information provided by others. “Interactive computer services” includes website operators such as the operators of JuicyCampus. The relevant caselaw suggests that even when a website operator does not take steps to police content on his/her site, s/he will not be liable as a publisher for statements posted to the site by third-party visitors. The law instead views the website operator as more akin to an owner of a newsstand, distributing content written by others and not directly responsible for that content.
Section 230, a law that took effect in 1996, was inspired in part by Stratton Oakmont, Inc. v. Prodigy Services Co., a 1995 case in the New York State Supreme Court, in which a controversial opinion held that the defendant (an ISP and forum operator) could in fact be treated as the publisher of third-party postings to its Internet forum because it had an ability to police and delete messages that it found to be offensive. Service providers feared that the Stratton Oakmont decision would force them into one of two extreme positions, both of which were likely to cause backlash from users and would threaten the development of the Internet. On the one hand, service providers could opt to police Internet forums vigorously, filtering messages and aggressively deleting objectionable content to limit their liability. On the other hand, service providers could opt to shut their eyes entirely, refraining from moderating any posts whatsoever such that they could argue that they did not exercise any editorial control over the forum. With § 230, Congress gave service providers the safe harbor they required to build services like Internet forums free from fears of liability over content contributed by others. Section 230 also allowed for the proliferation of other Internet phenomena such as blogging, social networking, and content sharing. For example, could you imagine the burden that would be imposed on the authors of popular blogs if they were forced to moderate and research the accuracy of each and every comment that third parties post? In a world without § 230, it is likely that most popular bloggers would have preferred to disallow commenting entirely in order to avoid the burdens associated with it.
But JuicyCampus is not a blog. It is also not a typical Internet forum. There are at least two good reasons for this.
First, on most Internet websites that allow third-party contributions, users are required to identify themselves in some way. For example, if you choose to comment to this post on my blog, you are asked to provide an email address and choose a name. The name you choose may not be the name you use in real life, but it is designed to identify you in the discussion of comments that follows this post. This creates accountability in that your reputation–as pseudonymous as it may be–is attached to each comment you post. In contrast, JuicyCampus seems to make no such attributions. When a user writes a post on JuicyCampus, s/he has no incentive to warrant the accuracy or objectivity of the post. The website is entirely anonymous, which promotes a platform for posters who wish to recklessly disregard the truth, or worse.
Secondly, most Internet websites that allow third-party contributions keep certain logs about users that contribute content. For example, if you decide to leave a comment on this post as described above, the server that hosts this blog will also make note of your computer’s IP address, which is an identifier that could in most cases be used to accurately determine your identity if necessary. In the event that a plaintiff decides to bring an action against me as the publisher of information that you posted, I would be able to (and a court would probably order me to) provide the plaintiff with that information, helping the plaintiff to find the true publisher of the objectionable content. Ergo, although the plaintiff will not be successful in an action against me as publisher, the plaintiff might still have a cause of action against the third-party poster. In the case of this blog, that plaintiff still has a way to recover for his/her damages. But the same would not be true for an equivalent plaintiff bringing an action against JuicyCampus. Under the current body of caselaw associated with § 230, that plaintiff’s action against JuicyCampus would likely fail because the court would find that JuicyCampus is a mere distributor, and the plaintiff would probably not be able to ascertain the identity of third-party poster who is the proper defendant.
The operators of JuicyCampus would likely argue that their website is analogous to a big open area where anyone can speak without identifying himself. But, in the real world, even when people speak anonymously to strangers in an open area, they reveal certain aspects about themselves to that group, such as their voice and face. Internet posts often contain no such identifying characteristics. The consequences of this are clear: some victims of online torts may be left with absolutely no way to recover where the third-party poster–unquestionably the true tortfeasor–cannot be identified due to the anonymity policies of forums like JuicyCampus.
I’m not yet sure of the best solution to this problem. Should websites like JuicyCampus be prohibited from providing such complete anonymity to posters? Or, should they be required to give up some of their § 230 immunity in exchange for providing such anonymity? Or, can we as a society simply find it acceptable that, in this new age of technology, some plaintiffs simply will not be able to recover for their damages because of the anonymity required to allow free speech on sites like JuicyCampus?
Disclaimer: This weblog is an informational resource only. It is not designed to offer legal advice.
