Policies for Intermediary Immunity

January 27, 2009

1        In the beginning …

… which was some time in early 1995, there was a moral panic. Something called the World Wide Web had appeared, and a tide of pornography threatened the moral stability of nations. Something had to be done.

A deal was struck between governments and ISPs – the ISPs would “do something” about this threat to childhood innocence, and in return they would receive immunity from liability as a publisher of the material they carried. That deal was set out explicitly in the earliest legislation, such as the US Communications Decency Act 1996, and was implicit in the  Singapore Electronic Transactions Act 1998.[1]

Within a year or so, however, it became clear that the Internet, even though not widely understood,[2] was potentially very useful. The indecency provisions of the Communications Decency Act had been struck down as unconstitutional[3] and the sky had not fallen. Lawyers were writing about the private law liability of ISPs and other intermediaries, and there was a clear risk that the sheer number of lawsuits might slow or stop the spread of Internet access.

Thus a new policy was formulated, which still shapes the current legal framework:

  • ISPs are given immunity for those activities which amount to mere carriage of data, automated caching and hosting content which is not their own.
  • The hosting immunity is lost if unlawful content is not taken down or blocked after the ISP receives notice of its unlawfulness.

These principles form the core of the second wave of legislation, such as the EU Electronic Commerce Directive 2000 and the US Digital Millennium Copyright Act 1998. They have worked well so far, in that there is near universal Internet access in developed countries and, in general, information and ideas are freely available online.

2        Changes in the landscape

Since the turn of the millennium, the technical, economic and legal landscape has changed dramatically in three important respects. First, the pre-2001 legislation presumed that most users were accessing the Internet via dial-up,[4] which of necessity places a cap on uploading and downloading. The arrival of mass market broadband has vastly increased the quantity of unlawful material which users can download and also makes new types of material, such as video, worth copying for download or streaming.

Second, the legislation contains an assumption that the role of the ISP is merely to make information available, and that ISPs have no interest in the relationship between the communicating parties. This divide is increasingly blurred – as an example, eBay does not merely provide a sales platform to its sellers, but also advises them on effective selling techniques and shares in their success via its recent move to charging mainly on the basis of transaction values.

Finally, judges (particularly in civil law Europe) have begun to express reservations about the extent of ISP immunity, and are using techniques such as issuing injunctions to prevent future hosting of unlawful content[5] or defining more closely the boundaries of the definition of intermediary.[6]

Together, these suggest that it might be time to review the scope of intermediary immunity.

3        Has the current policy’s time expired?

No convincing case can be made for the complete abolition of intermediary immunity. If nothing else, the consequences of such abolition would potentially be economically and socially catastrophic. Existing principles of liability, which were not changed by the introduction of immunity, would now apply to impose substantial liability on intermediaries. These liabilities would probably be uninsurable for most, perhaps all. The likely consequence would either be an Internet in which user-supplied or generated content becomes far less available, or where ISPs fight a running battle with those who object to content,[7] the weaker ISPs at least being forced out of business by the costs of the battle.

Universal access, coupled with the free interchange of lawful content, is an important policy objective which would be unlikely to survive the abolition of immunity. The question is thus whether a review could identify a more nuanced approach, placing limits on intermediary immunity so as to mitigate the most blatantly unlawful activities of Internet users.

4        New policy formulation – a balancing exercise

Such a nuanced approach would require policymakers to undertake a balancing exercise between a number of often contradictory policy objectives. Some of these favour retaining immunity in its current form, others limiting it, and a few are neutral.

On an initial analysis, there seem to be three policies which favour the retention of immunity in something like its present form. Achieving near universal Internet access for citizens has already been mentioned, and the existing blanket intermediary immunity has clearly assisted in producing a low cost of access and also removes a major barrier to market entry for start-up intermediaries.

Freedom of speech is a policy which is embedded in many national constitutions and the European Convention on Human Rights. Loss of immunity has the potential to chill free speech, as the intermediary has nothing to lose by taking down the content but the potential for liability if it does not. This policy factor has received particularly widespread mention in the US jurisprudence on the subject.[8]

The final policy consideration to be considered in favour of retaining the current system of immunity is that, outside contract, civil liability is generally fault-based (though with numerous exceptions), as is criminal liability. “Fault” here includes knowingly communicating unlawful material, in addition to other notions of fault. The volume of Internet traffic and quantity of hosted material means that intermediaries have little prospect of being aware of the unlawfulness of content ex ante, and where liability has been imposed (in the absence of immunity) it is usually on the basis of vicarious liability for the fault of the originator of the content.[9] The imposition of liability on an ISP for content which it has no effective means of discovering in advance is effectively an imposition of strict liability.

Those policies favouring at least some limited form of liability for intermediaries have received comparatively little discussion, in contrast to the policies discussed above. This may in part be because those bringing actions against ISPs have generally phrased their claims in terms of unlimited liability, rather than arguing that ISPs should be liable in some, but not all, circumstances.

First, every legal system has a general policy objective that unlawful activities should be discouraged. If the law declares certain types of content to be unlawful, there must be a policy of discouraging the production and communication of such content. However, intermediary immunity removes one of the disincentives to originators, because the originators of unlawful content are notoriously hard to identify and track down as individuals. Where a legal system asserts, as an example, that unlicensed downloading of music is a copyright infringement but then grants immunity to those whose activities create the primary means for engaging in such unlawful activity, it contains internal contradictions which need to be resolved. As demonstrated by the recent spate of music industry lawsuits against private individuals, action against those primarily responsible for unlawful online content is difficult, expensive and potentially counter-productive.

Secondly, regulatory policy increasingly seeks out “pinch points” where the application of law and regulation is most likely to achieve the law’s aims. The aim is to identify those actors or activities which are few in number but where regulatory action can control effectively the activities of many others.[10] For Internet content, intermediaries such as ISPs are the pinch points – this is the reason why they have been defendants in so many law suits worldwide. If, therefore, there is any real appetite for maintaining existing laws against unlawful content, imposition of at least some obligations on intermediaries is the obvious way to achieve this end.

Thirdly, the imposition of liability for the actions of third parties is often based on the economic involvement of the defendant in the third party’s activities. The more closely a person is involved in an economic activity, the stronger the justification for imposing liability on that person for the consequences to others of that activity. When intermediary immunity was first introduced, there was a clear economic separation between the intermediary and content originators. Modern intermediary business models are moving from a pure service basis to something more closely approaching a joint enterprise. An intermediary who benefits directly from the economic activities of its customer might reasonably be expected to share some of the costs to third parties, in our case the losses deriving from unlawful activities by customers.

Finally we should make mention of a neutral policy, or perhaps more accurately a general principle of lawmaking, which is that it should be informed by a cost/benefit balancing. Most lawmakers pay some attention to the principle that the costs of the laws and regulations they introduce should be justified by the benefits which flow as a consequence. There are clear benefits to intermediary immunity, but are they commensurate with the known costs? These include, for example, the destruction of the music industry in its pre-Internet form, and the clear threat which increased access speeds poses to the movie industry. However, we must be careful not to examine these costs too simplistically – the pre-World War I music industry sold sheet music, and the record industry which largely replaced it as a consequence of the new technology of gramophone recordings became economically far more important. Similarly the movie and TV sectors are far bigger than the music hall and vaudeville, which they largely destroyed. In any cost/benefit analysis, the potential gains must be considered, even if they are as yet very difficult to estimate or even comprehend.

5        Some tentative conclusions

If I were producing a consultation document with a view to law reform in this area, my starting point would be that the default position must remain that of intermediary immunity. Note the benefits which have arisen from immunity and the potential cost of its abolition, which clearly demonstrate that any imposition of liability should be an exception, not the general rule.

At the same time, this would be a good opportunity to clarify some of the uncertainties which presently exist. The most problematic of these is defining the line between intermediary and publisher. Case law in numerous jurisdictions has wrestled with this issue, imposing liability or granting immunity because of the intermediary’s adoption, editing or other assumption of responsibility for content. In my view this misses the point of granting immunity in the first place, and I would therefore consult on two suggestions:

  • That immunity should be granted to those whose primary function in respect of content is communicating it on behalf of others. This would render much current discussion irrelevant, eg whether soliciting content means that the intermediary has become a publisher,[11] so long as the primary function remained unchanged. The principle would be that secondary activities in respect of content would not normally affect immunity.
  • Whether there is a need to draw a boundary between the mere provision of services by the intermediary (eg tools to assist the user in more effective communication), which should not normally result in loss of immunity, and involvement of intermediary and user in a joint enterprise, which might lose immunity on the ground that the intermediary is now communicating the content on its own behalf, as well as on behalf of the content’s provider.[12]

Secondly, I would consult on whether the current loss of immunity if a host receives notice of unlawful content and fails to remove or block it should be amended. It seems to me that it might usefully be replaced with a more general principle, that where content is notified as unlawful the intermediary should do what is reasonable to prevent further communication of that notified content. This would apply to mere communicators and those who cache content, as well as to hosts, but there is clearly far less (and often nothing) which it would be reasonable to require non-hosts to do. In deciding what is reasonable, account should be taken of the economic benefit to the intermediary of communicating the content and the cost (including non-economic costs to both the intermediary and the content provider) of taking action.

The advantage of this more general principle is that it would enable the intermediary to conduct a balancing exercise which includes the interests of the provider of the content and any defences that person might put forward. The disadvantage is that it is not a bright-line rule, and would thus be more difficult for intermediaries to implement. If the consultation determined that the current rule should remain, I would wish to implement specific protections for free speech, such as those elements of the DMCA which preserve immunity if the content provider originator disputes that the content is unlawful. Without such explicit provisions, the current rule gives the intermediary no incentive to do other than take down allegedly unlawful content.

The third question for consultation would be whether there are circumstances in which intermediaries should be obliged to take measures to deter the future communication of unlawful content. This is not quite so controversial as it seems – arts 12(3), 13(2) and 14(3) of the Electronic Commerce Directive already permit courts to override immunity in this way, but there is no guidance in the Directive on the circumstances in which such an order can properly be made. The suggestion is that a court should have the power to make such an order if it is just and equitable to do so, and that in coming to this decision the courts should take into account:

  • whether the order is justifiable on a cost/benefit basis, including the non-economic costs to the content provider
  • public policy in favour of freedom of speech and universal Internet access
  • the extent to which the intermediary has some effective control over the content or the actions of content providers
  • the degree of the intermediary’s economic benefit from communication of the content in question.

The final and most controversial questions are whether the intermediary should ever be obliged to assist rights owners and others complaining of unlawful content and, if so, what form that assistance might take and who should pay the costs; and whether intermediaries should in some circumstances be required to play a proactive, “policing” role in detecting unlawful content. My view is that these are matters which should be held over until the results of the consultation above have been implemented and the consequences understood.

The biggest danger lies in taking away intermediary immunity without properly thinking through the consequences. The potential consequences of imposing liability on intermediaries by exposing them to the existing law with no special defences are sufficiently frightening to justify proceeding very slowly with reform in this area.

Chris Reed is Professor of Electronic Commerce Law, Queen Mary University of London School of Law


[1] In the Communications Decency Act the bargain was set out expressly. At first sight the Singapore Act makes no demands on ISPs in return for granting them immunity, but in fact the Singapore Act introduced a licensing scheme for Singapore-established ISPs, and the obligations to control the availability of content were imposed via the licence conditions – see Info-communications Development Authority of Singapore, Guidelines for Submission of Application for Services-Based Operator Licence Annex 1 (available from www.ida.gov.sg), which states that a public Internet access service licences will contain a specific condition that ‘The Licensee shall comply with such terms and conditions as may be imposed by the Media Development Authority (MDA) for the content that is transmitted through its system.’

[2] It was about this time that I heard reliable reports that a partner in a large London law firm had asked a tech-savvy colleague, ‘This Internet thing sounds useful – should we get one?’

[3] ACLU v Reno 929 F Supp 824, 830–838 (ED Pa, 1996), affirmed 117 S Ct 2329 (1997).

[4] See, for example, the provisions requiring the identification of commercial communications in art. 7(1) of the Electronic Commerce Directive, whose aim was that users could delete unwanted advertising emails before downloading and thus save on telephone charges.

[5] SA Tiscali (Telecom Italia), AFA, France Telecom et al v UEJF, J’Accuse, SOS Racisme et al (Cour d’Appel de Paris 24 November 2006, upheld Cour de Cassation 19 June 2008).

[6] Parfums Christian Dior v eBay (TGI de Paris, June 2008).

[7] Mainly through copyright and defamation actions, the two most common causes of action against ISPs in reported litigation to date.

[8] For a recent review, see Cecilia Ziniti, ‘The Optimal Liability System for Online Service Providers: how Zeran v America Online got it right and Web 2.0 proves it’ (2008) 23 Berkeley Tech LJ 583.

[9] It is worth noting, for example, that since the US decision in Religious Technology Centre v Netcom On-Line Communications Services Inc 907 F Supp 1361 (ND Cal 1995) almost all copyright infringement actions against ISPs, both US and elsewhere, have been based on allegations of secondary infringement, rather than primary infringement by the simple making of copies.

[10] See generally Black, Lodge and Thatcher, Regulatory innovation: a comparative analysis (Edward Elgar 2005).

[11] See e.g. Fair Housing Council of San Fernando Valley v Roommates.Com 521 F.3d 1157 ( 9th Cir 2008).

[12] The courts are already considering this possibility – see, for example, the suggestion of Fogel J in Goddard v. Google 2008 WL 5245490 (ND Cal, 17 December 2008) that, ‘If Plaintiff could establish Google’s involvement in ‘creating or developing’ the AdWords, either “in whole or in part,” she might avoid the statutory immunity created by § 230.’