The Copyright Act (DMCA), signed into law on October 28, 1998, amended the United States Copyright Act, Title 17 of the U.S. Code provides specific legal protections to Internet Service Providers (ISP) with certain legal protections, shielding them from liability for intellectual property infringement such as copyright violations and content related claims such as libel. To take advantage of these legal protections, an ISP must generally first register an agent with the copyright office, which will allow them to receive notice of infringement claims (exceptions exist, such as if an ISP does not provide long-term storage of information, transmitting information or providing conduits, but it’s better to be safe and register).
The definition of what constitutes an ISP under the DMCA is broad. But essentially, an ISP provides users with access to the Internet. This can be to store material or transmit it. Verizon and AOL are obvious ISPs. But a library, for example, can be considered ISP under certain circumstances. Your average blogger probably isn’t.
If an ISP is notified of infringing material, the Online Copyright Infringement Liability Limitation Act (OCILLA) (which is a subsection of the DMCA, Title 17 USC 512) provides a safe harbor in which it can take down the allegedly infringing material. Once an ISP receives a takedown notice, it must move promptly or it risks losing its safe harbor.
There are some limitations. It cannot have put up the infringing material itself and it cannot directly profit from the infringing material (this can get tricky as just selling advertising for an online site isn’t going to constitute directly profiting). But if the ISP acts to remove access to the infringing material, it is shielded from liability. This means ISPs such as YouTube and Google don’t have to scan every item that goes up on their site or passes through their bandwidth and make a determination as to whether that item infringes or not. But if the holder of the copyright notifies the ISP via a takedown notice, they must take down the material or risk being sued. It gets tricky if the user who put up the page states that the takedown notice is wrong or mistaken.
The bottom line is an ISP has a safe harbor against intellectual property claims. But this is not an absolute protection. When it comes to non-intellectual property infringement claims, the protections are much, much stronger and come from Section 230 the Communications Decency Act (CDA). The CDA applies not just to ISPs, but anyone who publishes material provided by third parties. This can include online reviews, comments, photographs, etc. It provides near total immunity for defamation claims and just about any other tort that might arise from the publication of third-party material online. For example in Doe v. America Online, 783 So. 2d 1010, 1013-1017 (2001), the Court held that a chat room had immunity for a claim that it negligently allowed the publication and sale of obscene photographs of a minor by a user. Courts have consistently shielded blogs, ISPs, web sites, etc., from defamation and privacy claims based on materials uploaded by users.
Some exceptions to this rule are if the ISP created the material itself, solicited the creation of the material (though this can get tricky and courts are going to look at the particular facts of the case), or uploaded itself. Also, if an ISP makes a promise to an individual to take down certain material, the individual relies on that promise, and then the ISP reneges the promise, the ISP can be held liable for its broken promise on a theory called Promissory Estoppel. This happened to Yahoo in a Ninth Circuit case called Barnes v. Yahoo, Inc.
One of the key differences between how an ISP has to handle copyright infringement under the OCILLA versus other claims under the CDA is the absence of a takedown notice in the CDA. So even if an ISP is notified that certain material is infringing, it has no real obligation to remove the material legally.
In fact, under the CDA, an ISP probably has no legal obligation to remove even defamatory material that has been proven defamatory. A key case that addresses this issue is called Blockowicz v. Williams. In that case, an Illinois family got an injunction against the poster of certain clearly defamatory accusations. When the family tried to enforce the injunction against the site that was publishing the material, the Court refused to enforce the injunction against the provider and the family could not sue the provider because of the protections provided by the CDA.
One way around this in some case and something to be aware of as an ISP is that the CDA does not protect against copyright infringement. So a work around for a harassed individual, for example, is if they hold the copyright to the material (nude photograph for example), they can send a take-down notice under the OCILLA.
In closing, this area of the law is extremely complicated. So this article only provides a summary of its scope. An ISP is in the strongest position with respect to third-party content not protected by intellectual property laws. It has near absolute immunity. With respect to copyright infringement, it has a safe harbor and as long as it acts promptly, it should be shielded from liability.