July 14, 2003
Today I want to talk about contributory and vicarious liability. As I investigate the caselaw through Napster, I will discuss a few elements where Napster could and should be refined, including the changes Grokster incorporated. [Note: I have made some additions since the original posting of this, to clarify and expand on certain arguments. I have tried to indicate this whenever significant by adding [added:] before the relevant clarification. This is my first try at something like this in the blog medium, so it’s a bit of an experiment. I’m trying to balance my need to get ideas down on the site and into the wild, and my need to add the ideas that I get only after publishing. Update: 11:17, 7/13 - one important addition comes in my discussion of how to adjust the contribution standard in contributory liability.]
If third-parties must be liable, what principles can help reasonably limit the liability standards?
First, we want standards that respect copyright’s limits. Sony recognized that the grant of the copyright monopoly requires some corresponding balance. In particular, courts should be very cautious in extending liability outside the scope Congress has defined. [added:] The majority opinion in Sony asserted: “Sound policy, as well as history, supports our consistent deference to Congress when major technological innovations alter the market for copyrighted materials. Congress has the constitutional authority and the institutional ability to accommodate fully the varied permutations of competing interests that are inevitably implicated by such new technology.”
Though, many of my suggestions herein can just as easily apply to how Congres should, if it so chooses, set liability standards. The Sony opinion spoke to this point in saying that third party liability standards should “strike a balance between a copyright holder’s legitimate demand for effective – not merely symbolic – protection of the statutory monopoly, and the rights of others freely to engage in substantially unrelated areas of commerce.”
Second, we want reliable standards. As Professor Lessig eloquently stated in a recent post, Sony recognized that there will be less innovation if technology creators must guess how federal courts will treat them. Standards must be clear, comprehendible, and somewhat stable. The standards must not be so inflexible as to be overbroad and not reasonably adaptable in future cases, but they must have some degree of predictability.
How Sony Did–And Didn’t?–Do This
We have all recited Sony‘s key holding – that new technologies “need merely be capable of substantial noninfringing uses” so as to not make manufacturers liable. This rule encompasses both potential and current non-infringing uses. At various points, the Court did add the words “commerically significant” uses, but that seems redundant since, if people are buying the product to make the non-infringing use, it has commercial value because of that non-infringing use.
What is peculiar about Sony is that the majority opinion spends significant time discussing empirical data about current uses. Extensive survey data was submitted to the District Court and seemed to play a role in Stevens’ decision. To make his point, Justice Stevens did not need to add the words “merely … capable.”
But he did anyway, so we should take that as significant. Perhaps, then, the empirical data is there to help define what “substantial non-infringing uses” are. Even that reading would be problematic, because the Court specifically avoided defining substantial and thus the use of time-shifting was not a minimum bar.
In the recent Aimster opinion, Judge Posner addresses this issue. He asserts that time-shifting was substantial because it was a “principal” use. Accepting arguendo that substantial means principal, that still is of little help if we are going to take the word “capable” seriously. How can a judge know whether a use will some day be “principal”? And, how, as Judge Posner desires, should judges determine whether a use becoming “principal” is “probable”?
This does lead us back to an interesting feature of Sony. Reading the ambiguous words “capable” and “substantial” together, Sony affirms that a product, used minimally for non-infringing uses today, is still protected because that minimal use is capable of becoming a substantial use tomorrow. Not “probable,” “capable.”
Should Napster Have Ended With Sony?
I have been wholly unable to answer this question with finality. Given the result of Napster, what has come after it, and the two basic principles I laid out at the beginning of this post, stopping with Sony seems advantageous.
But I will not stop there for the following reasons:
1. On internal page 437, Justive Stevens asserts that Sony does not address cases featuring an “ongoing relationship between the direct infringer and the contributory infringer” in which “‘contributory’ infringer was in a position to control the use of copyrighted works.” He notes that lower courts had dealt with those instances differently. I take this, as well as courts’ taking this difference seriously in Napter and beyond, to mean that this sort of liability is an established part of the caselaw.
2. I find it somewhat intuitive that there should be some sort of aiding and abetting rule. I’m just not quite sure what that rule should be.
3. The DMCA expects, without setting, liability standards. As I said at the outset, my analysis below could apply to Congressional decisions as well.
Determining What Napster Actually Said
In holding that Sony and Napster’s substantial non-infringing potential uses did not absolve the file sharing system, Napster sets out a two part test for contributory infringement: does the service know or have reason to know of the infringement, and does it make a material contribution? In this case, the Ninth Circuit clarified the knowledge prong, based on Religious Tech. Ctr. v. Netcom On-Line Communication Servs., Inc, to be fulfilled if “the copyright holder … ‘[provides] the necessary documentation to show there is likely infringement.’”
There is another prong buried within Napster, shallow enough that Grokster could unearth it but deep enough that Posner could accidentally bury it. That piece is the capacity to act at the time you have obtained knowledge. Even though that seems related to the knowledge requirement, it is really a component of material contribution. After all, if a service provider is making a material contribution to the infringement, it obviously has some capacity to act because it can retract and terminate the contribution. Relying on Netcom (a case of Scientologists shutting critics down), the court held, “We agree that if a computer system operator learns of specific infringing material available on his system and fails to purge such material from the system, the operator knows of and contributes to direct infringement” (emphasis added). If the operator owns the system and can purge material from it, he has a capacity to act. Thus, the court also made sure to distinguish between Napster’s overall archictecture and its conduct.
This notion of capacity to act was buried because it was placed within the “knowledge” section of the court’s analysis. As Lee Burgunder points out in “Reflections on Napster: The Ninth Circuit Takes a Walk on the Wild Side,”(Footnote: See also EFF’s amicus brief for Aimster.) the difference between Sony and Napster does not have to do with knowledge, in spite of the Ninth Circuit’s misleading statement that “actual, specific knowledge of direct infringement renders Sony‘s holding of limited assistance.” ([added:] Footnote: Here, the Ninth Circuit repeated the mistake in Netcom, where the court slipped the clarification, “Unlike a landlord, Netcom retains some control over, the use of its system,” into the knowledge section.) Had Sony been sent notices of infringement from the MPAA, they would still not have been liable. The difference exists in the companies’ continuing control over their users. Napster had it, Sony didn’t.
Judge Wilson in Grokster picked up on this. Judge Posner in Aimster rejected a standard that did not truly exist when he stated “the Ninth Circuit erred … in suggesting that actual knowledge … is a sufficient condition for deeming a facilitator a contributory infringer” (emphasis added) on page 9 of his opinion. Posner was rejecting Napster’s bad structure, but not really its reasoning (at least on this point – what he really meant was that Napster‘s test should not be used to trump substantial non-infringing uses in some cases. I will discuss this more below).
The Ninth Circuit opinion was vague in another respect. Applying Fonovisa, a case about a swap meet operator being held liable for vendors’ actions, the District Court noted that Napster was similar, for “[w]ithout the support services defendant provides, Napster users could not find and download the music they want with the ease of which defendant boasts.” What are the support services? The Ninth Circuit spent little time on this, citing the District Court’s analysis which focused on Napster’s “suppl[ying] the proprietary software, search engine, servers, and means of establishing a connection between users’ computers.”
This ambiguity led many to wonder exactly what material contribution means. In the EFF’s P2P White Paper, Fred von Lohmann suggested “if your system adds any value to the user experience, a court may conclude that you have ‘materially contributed’ to any infringing user activities.” Because the capacity to act reasoning got buried, many people wondered whether Napster would make creators of software (like web browsers), protocols (like FTP), or basic routing (like an ISP) liable and responsible for filtering infringement once they were told of it.
Surely, that argument would not square well with the notion of a capacity to act. Supplying merely software does not give one the ability to “purge” infringing material from a system.
In the end, Napster was told to filter out all infringing material once it acquired actual knowledge from the copyright holder. This aspect is also a debatable part of the opinion. Rather than filtering, Napster could have been asked simply to discontinue service for the infringing users.
[added:] The Ninth Circuit and the District Court did not explain in great detail how remedies would apply to different service providers. The courts briefly dealt with Napster’s ability to screen files because of its control over the file index, and their reasoning could easily apply to numerous other, distinct file indexing services. The District Court paid some lip service to the fact that specific files only exist on the network as long as a user is logged on, but then said, “Given the limited time an infringing file may appear on the system and the individual user’s ability to name her files, relief dependent on plaintiffs’ identifying each ‘specific infringing file’ would be illusory.” Though one could assume that the latter portion only applies because of vicarious infringement, described below, the District Court did not make such a distinction in its order. In one breath, the District Court says, the names of “specific infringing files” are needed, but that “Napster shall … prevent such files from being included in the Napster index (thereby preventing access to the files corresponding to such names through the Napster system)” (emphasis added). The order then goes on to discuss how Napster should actively “search” its index for infringing content, which seems to follow more from vicarious liability, implying that the former statement applied to contributory liability; yet, this portion asserts that knowledge is required first, which is not necessary in vicarious liability analysis.
In any case, both parts seem to be talking about some sort of filtering by file name. The courts did not seem to care too much about deciding which liability triggered the need for filtering. (As I discuss below and have dealt with before, the distinction between vicarious and contributory infringement can be so slight that determining which part of the remedy derives from which liability is too difficult.)
The most necessary clarifications that must be made to Napster are those made in Grokster. Grokster made sure to highlight the importance of the capacity to act at a time when the service provider receives knowledge; neither Morpheus nor Grokster maintained any “site and facilities” that they could use to control the infringers. Judge Wilson affirmed that material contribution means more than simply communicating with one’s users or providing them with general purpose software. Maintaining the infrastructure, the technical “site and facilities” without which no infringement could happen, is key.
Though one should be cautious to add anything to Wilson’s already remarkable opinion, it would not hurt to assert further that even support emails discussing piracy should not make a service provider’s fate. Merely providing updates to software, or creating some community-building message boards where infringement is discussed, should also not be determinative. Analyses should focus heavily on providers’ technical infrastructure (in Napster’s case, they indexed all infringing files on a central server) and only secondarily consider conduct towards users.
From here, it is difficult to narrow Napster further without using the Sony standard even for service providers. No bright line between indexing a file on Napster and indexing it on Google exists. In theory, I’d want a standard that makes Napster’s infrastructure determinant for liability, but not Google and not other potential technologies that involve some sort of central hosting. But I have not found a clear, explainable rule.
Perhaps one could base such a standard on affirmative conduct or intent to aid the infringement, which Napster would surely have failed. In Sega v. Maphia and in Grokster, this sort of contribution was referred to as “substantial” (as opposed to “material” contribution, which is Fonovisa’s standard that turns simply on providing the site and facilities). Still, this standard is too flimsy and would seem to undermine the potential effect of such a liability standard since most providers could simply deny their true intent, bringing us back effectively to the Sony standard.
[added:] To make “substantial” contribution a meaningful standard, perhaps courts could look at how a service provider financially benefits from its users’ activities. Even if a service provider does not advocate or actively aid infringing uses of its system, courts could presume substantial contribution where a provider predominantly profits through infringing uses or where a business is built around growing the userbase for infringing uses. If this standard is too lenient, then courts could presume substantial contribution if any profit is made from infringing use, putting the burden on the service provider to prove that the profit is incidental. In either case, the presumption could be overturned with sufficient evidence, and it would not replace the primary focus on technical infrastructure and the service provider’s capacity to act; copyright holders would still have to prove those crucial factors first. In this manner, Napster would still be liable, but Google and other search engines, or even services that accidentally develop a decent amount of infringing users, would not be at risk. This would function as an adaptation of vicarious liability’s principles to contributory liability, which, as I will discuss below, I think would be a good start in simplifying liability standards.
[added:] Of course, this could clear the way for a new rise of OpenNap servers, which might be an undesirable consequence. At the same time, this standard would only protect people who do not profit significantly from infringement and who simply place a file-indexing server out into the wild, with no instructions on how to use it for infringement. Thus, it would only protect people who truly put out their file-sharing system for general purpose use.
Another way to go is to move in Posner’s direction. Posner’s opinion, at times, feels like an application of Sony to service providers. It seems that he is doing what I, by default or by choice, am not doing in this post. If it is possible to create such a standard and square it with caselaw, please present such a solution.
Posner certainly has not done so. Rather than stopping after substantial non-infringing uses have been identified, Posner wants to balance the infringing and the non-infringing uses in a case-by-case, cost-benefit analysis. This cuts both ways – it goes back to the non-infringing uses standard, but it presumably allows judges to determine when substantial infringing uses overshadow non-infringing uses. Knowledge, material contribution, and a capacity to act are not necessarily enough to create liability, but lacking one of those factors might not mean absolution. Instead, one must take into account the value of the system for non-infringing uses. In so doing, once must think about the service provider’s conduct in terms of how it seeks to assist infringement. Finally, one must analyze whether altering the system to decrease infringement significantly would be “disproportionately costly” or would substantially reduce the service’s value as used for non-infringing uses. Thus, even a system lacking a capacity to act can be liable and asked to reengineer its system.
This standard is more like the guessing game Lessig warned against. How this cost-benefit analysis will play out in most circumstances is too difficult to tell. For sure, in some cases, this standard might let Napster-like services off the hook. But, I fear, in many more, it would lump the Groksters, Morpheuses and others in with the Napsters.
The reason stems from Posner’s analysis of substantial non-infringing uses (footnote: the following reasoning came from a brief conversation with Alex Macgillivray). Posner suggests that one must analyze non-infringing uses in terms of which are principal and probable. As discussed above, probability of potential non-infringing uses becoming principal or even substantial is necessarily far more difficult to prove that mere capability. To make the sort of cost-benefit analysis Posner’s asking for, there must be more focus on how a service provider would currently be harmed by altering its system. That means primarily analyzing the value of current non-infringing uses relative to its current infringing uses. [added:][Footnote: This is why Posner repeatedly argues that commercial skipping was a current, but ultimately not determinant, infringing use in Sony's analysis, because time-shifting was the "principal" use. Because this reading rests on a misrepresentation of Sony's current infringing uses discussion and its holding, it is rather strained.]
What this means is P2P and other online services in their infancy will be much more likely to lose under his standard. Even if P2P services in their current incarnations will win, the next innovative technology–something we cannot yet imagine–might not. New service providers might lack a substantial userbase, and thus might lack non-infringing uses that, to a judge, are currently significant. This will become particularly problematic when judges analyze whether altering the system would be disproportionately costly. Surely, the cost seems much lower when the service is new and lacks a full complement of non-infringing users. The key, then, is for content industries to target new technologies before they have a chance to seem valuable and worth protecting, for probability is now more important than capability. In turn, this standard will lead to more uncertainty for technology creators.
Posner indicates the empirical data on the Betamax would have enabled it to survive his test. But I wonder: if the Supreme Court’s majority had not followed Stevens’ attitude, that the Court should allow new technology to flourish as much as possible without the Court’s encumbrances, would they have reached the same result? Posner’s attitude – that he is in a position to judge each technology’s value on a cost-benefit basis -means the Court would not have looked at the potential uses of the Betamax (the uses the MPAA and the public now depend on) in the same way.
One could object that I am treating Posner too harshly, that his standard is really just like Sony‘s. But, if it were, why didn’t he just use the Sony standard, or at least stay closer to it? One could also object that all I am proving is not that the Napster standard is better than Posner’s, but that the Sony standard should be the Napster standard. Again, I hesitate to make that jump.
If we are to stay within the Napster-line’s focus on infrastructure and capacity to act, as well as its understanding of “material” contribution, critical analysis of infrastructure should also be key to determining a remedy for contributory infringement. Narrowly tailoring remedies is a good way to start adjusting the Napster-line’s standard to follow Sony‘s principles. Remedies should carefully take into account the nature of the system and how infringement is generated through it.
Let us compare remedies for Napster and for Google, if the RIAA were to send them C+Ds of files obtainable via their search engines. Napster should be asked to filter because the nature of its system means that one searches for files (even when one types in words), the location of those files is irrelevant, and all files of one song are essentially the same. For Google, the search is for matching words and locations are relevant because all of the pages are markedly different. That is, the nature of system is not based on everyone who has “christina aguilera mp3″ or “church of scientology manifesto” on their page actually having posted the mp3 or the manifesto. Google, unlike Napster, would then not have to filter its page index for mp3s or copyrighted documents. It would simply have to takedown links to a particular site of infringing material after receiving notice about the particular site.
(This same sort of analysis could apply to website hosting providers that do not intend to allow infringing material. The nature and purpose of their system is not one that focuses on building a file-sharing index. Its nature does not enable monitoring and filtering of infringing content with ease. Files of varying types are added and taken down all the time, sometimes for legal uses and sometimes not. Filtering these files would be too difficult, probably leading to overbreadth and too much cost for hosts. Similarly, even to the extent ISPs have control over their system by deciding who can and cannot logon, they would not have to filter packets. They would only be asked to deny access to repeat infringers.)
This is one way of limiting the effect of contributory liability so that it will do the least damage but still have its intended result. Perhaps even the process for Google would be too harsh because, rather than taking down an MP3, you’re taking down a whole page which means taking down any associated non-infringing text. I have not been able to craft an exemption along these lines, short of saying that all search engines are exempt which, again, would make Napster indistinguishable. But, this reasoning illuminates that notificaton to the actual user should be a key part of the takedown process.
[added] The keen observer would respond: didn’t you just say that Napster’s and Google’s infrastructure should not be distinguishable? Well, yes. Under the Napster standard, as a matter of whether they have a responsibilty to act, within their capacity, to control infringing uses that they know about and materially contribute to, they are not distinguishable – they both must do something about it. The question is what that something is. The remedy stage (obviously) seems like an applicable, reasonable time to start sorting out exactly what should be required of them. That’s where more fine-grained analysis is optimal. I think this analysis reasonably extends the logic of Judge Wilson in Grokster into the remedy phase, carefully focusing on the relationship between the infrastructure, its users, and its uses.
Napster was held liable for vicarious infringement because there was direct infringement on its system, it gained a direct financial benefit from the infringement, and retained a right and ability to control its users.
Vicarious liability grows out of a doctrine regarding employer-employee relationships. As Michael Carroll discusses in “Innocent Innovation or Egregious Infringement? Disrputive Technology and Common Law Lawmaking: A Brief Analysis Of A&M Records, Inc. v. Napster, Inc,” [added:] this liability attempts to allocate risk of infringement according to who can control it most efficiently, rather than focusing on aiding and abetting the infringement as contributory liability does. Essentially, it is presumed that the employer is contributing to the illegal conduct, since they are employing the employee. Whether the employer can and should act on the employee is another issue, akin, it seems, to whether a material contributor has a capacity to act. [footnote: For an assessment of these doctrines as applied to ISPs before Napster, see Alfred C. Yen's "ISP Liability for Subscriber Copyright Infringement, Enterprise Liability, and the First Amendment." Because I am not familiar with all the developments and history in these judge-made liablity doctrines, I have started with Napster as my baseline and adjusted from there. Yen's approach is more complete.]
Carroll goes on to describe the two main strands of this doctrine. One involves a owner-tenant relationship, which found that owners are not responsible for their tenants’ actions because they do not have a supervisory role. The other involves a dance hall owner who was liable for a band’s infringing performances, which is more like an employer-employee relationship. Napster avoided both these lines of cases and used Fonovisa again. Napster, like the swap meet operator, had reserved a right to patrol its premises and evict users. (Carroll notes that, if users of online services had a property right in their use more akin to a tenant’s, that would make a vicarious liability claim more complex.)
The Napster court did a better job here of discussing the right and ability to control. It noted that liability must be “cabined by the system’s current architecture.” At the same time, the court’s analysis had some peculiar and devastating consequences. First, the Sony standard was totally irrelevant, even though the Sony Court used “vicarious” and “contributory” interchangeably. This would have been as threatening even if knowledge of infringement were required, but it was not. Thus, service providers, without any awareness of infringing activity, could be liable.
Carroll also points out this interesting argument from the Ninth Circuit: “To escape imposition of vicarious liability, the reserved right to police must be exercised to its fullest extent. Turning a blind eye to detectable acts of infringement for the sake of profit gives rise to liability.” Surely, the first part makes sense. But the second does not square with the right and ability to control. It suggests that not having a right and ability to control gives rise to liability as well. In any event, Napster failed this test because it controlled the file index and it stated on its site that a user’s priveleges could be revoked.
More ambiguity exists in the financial benefit section. The Napster court asserted that the infringing files were a “draw” for customers, but it is unclear how far this argument would go in future cases. Other cases had found this “draw” when profits increased proportionately to more infringing users. The court specifically distinguished this case from Netcom along these lines. Even if Netcom had a supervisory role in spite of its landlord-tenant similarity, Netcom did not result in vicarious liability because, according to Burgunder, there was no proof that existence of files was a main draw for users or that profits related proportionally to infringing uses since they charged a flat fee for space; however, this does not sort out cases that fall more in between, where the evidentiary record might be more fully developed. Certainly, Napster’s advertising and rebellious attitude did not help its cause.
Finally, there is ambiguity in what the remedy should have been. Napster had to actively patrol its file index, looking for infringers (again, knowledge via a C+D letter from the RIAA was not necessary). But, did this mean that Napster simply had to evict people who were infringing? Or, did this require filtering as well? The case’s two parties argued over this question.
As before, Judge Wilson’s Grokster clarified many of the difficult issues in the Napster opinion. He emphasized that software creators would not be asked to rewrite their software to create a right and ability to control. If the archictecture does not provide for control, then they do not need to engineer such a capacity.
As I have explained before, I am suspicious of the practical difference between contributory and vicarious infringement, and I do not really see the need to extend this separate line of liability into copyright. I see no reason why contributory liabilty is not sufficient. The risk allocation versus aiding and abetting distinction makes sense in other contexts, but it does not seem to make a difference in many online contexts. All vicarious liability seems to do is add more ambiguity, more potential for uncertainty, without changing the result in many cases. This seems particularly true given the Ninth Circuit’s treatment of remedies under each liability doctrine. Collapsing the two doctrines would be a good start in making third party liability more clear cut.
Basically, it seems that the only reason to extend this doctrine is if we want to say: contributing is bad, but contributing so as to profit is really bad. If that is the case, why not follow my suggestion above, regarding “substantial contribution” standards? If not that, then why not at least consider financial benefit loosely, as a non-dominant factor, in the material contribution analysis? Deriving revenue that is then pumped back into infringing conduct could be contribution.
If the standard must be maintained separately, vicarious liability should be further clarified to protect service providers. First, there should be a knowledge requirement like in contributory liability. For online providers, uses of their system will often be so expansive, so disparate, that it is too much of a burden for them to do all the policing. Second, financial benefit should be narrowed to only include situations where the service provider is explicitly and predominantly making money off of infringement. Evidence could include advertisements, internal memos, financial information, and other company materials that flaunt the infringement. Moreover, some form of substantial non-infringing uses analysis should be used to help frame the financial benefit prong. Though non-infringing uses wouldn’t protect the service provider, discussing these uses would help ensure that infringing uses that draw certain users in do not overshadow the equally drawn non-infringing users.
Let’s think about this in terms of Google again. Google does not draw most of its customers in from infringing uses, but I’m sure some use it to find copyrighted files. But such financial benefit is completely tangential to the search engine’s main purposes. They should not be liable. [added:] Google might already be able to get off under the current standard, because its profits do not go up substantially more if it catalogs more infringing materials; it’s getting paid the same amount by advertisers regardless of what infringing material it locates. At the same time, cataloguing infringing material could lead to more searches and thus proportionately more advertising revenue. If Google would already not be covered because the standard is already such that providers are only liable for predominantly profiting from infringement, then my worries are unfounded, and I’m quite fine with that.
Finally, because I am suspicious of the practical difference between the two doctrines in the first place, I see no reason why the remedy analysis should be different. My statements above apply here, too.
As you can tell, I have made no revolutionary suggestions for third party liability law and have not created a permanent solution for all liability for service providers online. I instead suggest moderate changes to add clarity to the doctrines. That, after the sometimes conflicting and confusing opinions of Napster, Grokster, and Aimster, is what service providers need right now.
[Note: I have not hyperlinked much of this yet. Sorry, I'm on dial-up.]