The Liability Of Internet Service Providers

The World Trend

The liability of Internet service providers ("ISPs") for the content passing through their computers or included in the sites hosted by them, is the subject of fierce controversy. Their possible liability extends over a wide range of routine Internet acts and situations. Just a few examples appear below:
  • An Internet site defames someone or infringes his privacy - should the ISP which hosts the site bear liability?
  • A file which infringes copyright is hosted by an ISP - should the ISP be held liable because the file is contained on a computer operated by it?
  • Should an Israeli ISP be deemed liable for the contents of a computer elsewhere on the Internet, merely because access to it is made possible through the Israeli ISP and it keeps a copy of the material in order to speed access to it (the automatic process known as a proxy server)?

The area of copyright infringement gives rise to the most vehement debate concerning ISP liability. The desire to hold providers liable is understandable: the ISP has immediate access to the infringing work, since it is stored on its computer; the ISP's identity is known (whilst sometimes the infringing site owner does not identify himself by name, knowing that he is committing an unlawful act); the ISP is economically sound; and the ISP is an institutional entity, which should presumably tend to frustrate infringements from the outset.

Opponents maintain that the ISP's task is impossible: thousands of sites are kept on its computers, which are frequently updated (sometimes every day or even several times a day). The sites contain pictures, graphics, Java, ActiveX, VBScript, JavaScript and CGI (all of which are widespread programs), HTML code (the Internet page-making language), music files and more. In total, there are thousands of opportunities to infringe copyright, which are constantly changing. In addition to all this, ISPs can transfer unlimited e-mails every day to discussion groups, mailing lists or simply between users. Not only is it impossible to monitor so huge a quantity of information, but doing so would amount to censorship and gravely limit the freedom of expression. The ISP would thereby become a private police force.

In the USA the movie giants, like Disney and the networking moguls, like America On-Line are at odds. The point of departure is the Copyright Act (part 17 of the U.C.C.), which identifies three types of copyright infringers - direct, contributory and secondary - placing each of them under a different degree of liability. When a White Paper on the future of the worldwide web was presented to President Clinton in 1995, its authors had to consider whether the existing legal liability of service providers should be eased and their answer was in the negative. ISPs can make enquiries and take appropriate steps against copyright infringement, if and when they are given notice of its existence on their computers. Although ISPs have an important role in the development of the worldwide web, that should not be such as to place them under reduced standards of liability. According to the White Paper, the liability of an ISP is part of the business risk it assumes.

A departure from these criteria is embodied in the draft law which is currently being debated in the US Congress (the On-Line Liability Limitation Act). The draft limits liability deriving solely from the act of a third party and provides that a person shall not be liable for a direct infringement or as a secondary infringer in respect of another's act, provided that he himself did not put the infringing work on-line, did not receive pecuniary reward deriving directly from the infringement and more. The draft also provides immunity to an ISP which blocks access to infringing material in response to notification of the infringement.

On 13th June 1997 the first statute of its type in the world was passed in Germany. It seeks to regulate the issues deriving from the digital medium (and is reviewed at The statute inter alia provides that ISPs will bear liability for the content created by a third party to which they allow access, only if they were aware of it, had the technical means to prevent its use and could reasonably have been expected to take steps to prevent such use. It further provides that an ISP is not liable for a third party's content, to which it merely provides access (the third example above). In such case, liability will rest with the person who created the content and the one who put it on-line.

The Liability Of Internet Service Providers Under Israeli Law

ISPs can store thousands of sites on their computers. Each site can consist of just a few or hundreds of pages, together with countless links to sound, software, and graphics files etc. Israel's largest ISP, Netvision, hosts about a thousand sites. The ISP hires out storage space and the ability to access it. Thereafter, the site is its owner's responsibility.

The liability of ISPs for content has not yet been considered by the Israeli courts. It is therefore not clear how the existing legal rules will be applied to the new Internet environment. The issue of liability can arise in different contexts (defamation, infringement of privacy, unlawful publication and more) and in this series of articles we are considering it in the context of copyright infringement. The normative framework is laid down in the Copyright Act, 1911, which needless to say did not envisage the digital medium. It is therefore not surprising that any attempt to apply the Act's provisions to on-line service providers is fraught with difficulties:

  • Does the ISP "distribute" protected works (section 2(2)(b) of the Copyright Act)? Technically, the server computer does effect the distribution. But by the same token, a radio station transmitter also broadcasts songs. Is there a cause of action against the landowner who has let a radio station the site necessary for its antenna, merely because the station broadcasts songs without paying royalties? The writer believes that the ISP cannot be treated in practice as a "distributor". Even were the court to hold otherwise, according to the relevant section of the Act it would still be necessary to establish that the ISP was aware of the infringing content in order to be held liable for it.
  • The ISP does not exhibit a protected work by way of trade (section 2(2)(c) of the Copyright Act). It is the site which makes the work available to surfers. Subject to the provisions of the contract between the site owner and the ISP, it is the site owner who has sole control over its contents. In practice he is also the only one who revises it and puts infringing files on it. The access provider cannot technically (even if legally empowered) control the contents and changes thereto.
  • Section 2(1) of the Copyright Act provides that the copyright owner has the sole right to permit the doing of acts which are exclusive to the copyright owner. Can it be argued that the ISP, through its server computer, "permits" copying or public exhibition merely because it hires out space for the storage of the site? On the one hand, the access provider or owner of the server is no more responsible for copyright infringements by the site's owner, than the owner of a house is liable for offences committed by his tenant. On the other hand, if it is proven that the ISP was aware of the infringement and did not take reasonable action to stop it, despite having the power to do so, then his omission could amount to implied permission.
  • Indirect infringement is dealt with by section 2(3) of the Copyright Act. A person is deemed an infringer if, for his private profit, he permits a theatre or other place of entertainment to be used for the performance in public of a work without the consent of the copyright owner, unless he had no reasonable ground for suspecting the infringement. This section imposes liability on the owners of halls. To apply it to ISPs, the plea that the site is equivalent to a "place of entertainment" would have to be established. This is a far-reachianalogy. Firstly, it is doubtful whether an Internet site could be construed as a "place" in the physical sense of the 1911 Act. The doubt increases when it comes to treating the site as a "place of entertainment". Would a site concerned with AIDS be deemed a "place of entertainment" for example, merely because it includes a copied work? If the wording of the Act were to be so extended, there would be hardly any human activity which could not be construed as "entertainment". Finally, as mentioned above, the very provision of site space does not constitute permission for the use of infringing works.

The conclusion so far is that the Copyright Act apparently does not give rise to ISPs being liable for copyright infringement, except in the extreme case where two cumulative conditions are fulfilled: (a) the ISP positively knew of the copyright infringement; and (b) it had power to frustrate the continued infringement but did not take the reasonable steps necessary to that end. In such a case the courts might then tend to view the ISP as an indirect infringer.

It would appear that anyone seeking to hold an ISP liable under existing Israeli law would have to rely on the Civil Wrongs Ordinance, which also contains the greatest obstacle, since damage would have to be proved, as a condition for obtaining relief.

A proposed Arrangement for ISP's Liability

Is it desirable or reasonable to alter the law so as to impose clear, express liability on an ISP which stores web sites on its computers and allows networking with the rest of the worldwide web, when a site is unlawful (is defamatory, infringes copyright or privacy, etc.)?

The legal articles that have dealt with this subject in Israel so far reflect a reluctance to subject ISPs to sweeping liability. First and foremost is the report of the committee, headed by the current Minister of Science, Michael Eitan, which considered the information era in Israel. The legal chapter of the report rightly notes that current law assumes that information is distributed by means of a central system of sorting and editing (the obvious example being newspapers). This is not the case with the Internet. Information flows from one site to another, without undergoing the "filter" of the ISP. The report lays down criteria for the liability of service providers and calls for legislation, whilst endeavouring to limit the liability of providers as much as possible. The report provides that:

  • ISPs are likely to be the most effective factor in enforcement of the law and in securing the vital interests regulated by legislation, but placing ISPs under liability might substantially increase the cost of providing the service, both to the provider and the user, and limit competition.
  • Placing ISPs under liability would require editorial control of subject matter before it goes on-line (to ensure that there is no infringement of the law), which is likely to infringe the freedom of expression. It should be emphasised that with existing technology, the ability of ISPs to control and supervise is very limited.
  • Increased liability (e.g. absolute liability for content) might provide an incentive to ISPs to limit web users' freedom of action and their ability to distribute content independently.
  • Increasing the degree of risk might deter many entities from entering the market and lead to an increase in the costs involved in the operation of networks and sites and in the provision of information services on the information super-highway. The increased costs would be passed on to the end user and limit the number of users and the public's access to information.

The result is that the report of the Israeli committee on the information era is only prepared to hold ISPs unreservedly liable when the damaging content derives from the ISP itself.

A legislative arrangement which seeks to avoid ISP's having immunity on the one hand, whilst limiting their liability on the other hand, would almost certainly adopt the following or similar principles. Such an arrangement would balance the conflict between the demand (e.g. by the Copyright Societies) to hold ISPs liable and the desire of ISPs and proponents of Internet freedom to avoid any such liability:

  • The legislative arrangement should, so far as possible, reflect the law applying in other countries. When law seeks to regulate a global issue, there should be no material departure from the criteria laid down in the laws of other countries.
  • The law should embrace all the types of tort which might be ascribed to ISPs: defamation, infringement of privacy, infringement of copyright etc., distinguishing between different providers.
  • An ISP should only be held liable for the unlawful content of its computers on fulfilment of the following conditions: the ISP has been given accurate information concerning a specific infringement of law and could have stopped the infringement, but failed to take action to do so without reasonable cause. The expression "reasonable cause" would allow the courts discretion in deciding whether the case is an appropriate one in which the ISP should be held liable.
  • Consideration should be given to whether interpleader proceedings, as currently laid down in the Civil Procedure Rules, 5744-1984, would suffice to enable an ISP to relieve itself of liability, when a third party alleges infringement and the site owner denies it. In the scope of such proceedings the ISP would apply to the court to summon the two parties to the dispute and decide between them, whilst the ISP would undertake to act in accordance with the court's decision.
  • So long as the ISP is not aware and has no reason to be aware of the infringement, it should not be held liable for it. The mere fact that infringing material exists on the ISP's computers should not be treated as cause for the ISP to know of the infringement. In such respect knowledge should relate to a particular infringement, rather than general knowledge (such as the knowledge that the rights in a particular catalogue of illustrations belong to someone).
  • The ISP should be relieved of the liability to initiate enquiries into the existence of infringements.
  • The ISP should not bear liability for contraventions of law, merely because of the fact that access to infringing material, which is kept on a third party's computer, is made possible through the ISP's computers. Similarly, the ISP should be relieved of liability for infringing material that is distributed in discussion groups (including those which are kept on the ISP's computers), e-mail and mailing lists.
  • The law should grant the ISP power to act against infringers, notwithstanding any contrary provision in the contract between them, and it should grant the ISP immunity, in the event that it exercises the power in good faith.