Technology Law Column

This page has been speech-enabled for Macintosh owners using the Talker Netscape Plug-in. Hit Escape to discontinue speech.

Published in the Chicago Daily Law Bulletin, October 10, 1996 at p. 6.

Getting Tough on Piracy-- Without Targeting Pirates

Copyright 1996 by David Loundy

The Software Publishers Association (SPA) is taking its fight against unauthorized software copying to the Internet. It has filed a suit in a district court in Seattle against an individual it claims was distributing pirated software over the Internet, and has started sending letters to Internet Service Providers (ISPs) warning them of violations on the providers' system. The SPA has also started an education campaign, and is asking ISPs to sign an "ISP Code of Conduct" to help reduce software piracy. While the SPA clearly has worthy goals, some of its actions are generating quite a bit of controversy.

There is little question that the direct reproduction of copyrighted software implicates the copyright holder's exclusive right to make reproductions of its protected work. See 17 U.S.C. Section 106(1) and Section 501. If someone transmits pirated software over the Internet, that person could (deservedly) wind up in trouble. Most people fully support the SPA's efforts to seek out and prosecute such cases.

The harder situations are those that the SPA is currently trying to address. The questions revolve around what sort of liability a service provider should have for running a system on which infringing material is carried, and what liability there should be for people who establish World Wide Web pages that provide links to certain types of material.

As a case study, let us examine a web page removed from a system as a result of SPA threats (though in typical Internet fashion there are now more than a dozen "mirrors" of the offending page set up around the world). The web page at issue provided a sort of show-piece for a web page designer. The web page had an assortment of bells and whistles, but little original content. It did contain a collection of links to various other Internet sites. Many of these sites were web pages dedicated to "cracking," viruses, computer security, and pirating software. Reportedly, the SPA called the designer's ISP, demanded that the user's account be canceled, the pages be destroyed, and the user's contact information be turned over to the SPA. In addition, the ISP was supposedly asked to sign the SPA's "ISP Code of Conduct" in order to avoid legal action.

Let us examine some aspects of this example. The ISP Code of Conduct (located on the Internet at, at first glance, looks reasonably inoffensive. Basically, it asks ISPs to commit to a policy of making sure that they do not provide their users or others with infringing software. Furthermore, it asks ISPs to monitor their systems for infringements, and if found, to remove any infringing material. It also asks ISPs to educate their users about their legal obligations in respect to copyright law.

A deeper examination, however, suggests that the ISP Code of Conduct asks ISPs not just to police their own company offerings, but it also asks that they prevent infringements anywhere on their systems-- they must police all of their users as well. Further, it defines infringement to include not just the distribution of protected software, but also the provision of "cracker" utilities and any other information that can be used to circumvent manufacturer-installed copy protection devices. Finally, the ISP Code of Conduct also seeks to prevent linking to sites containing pirated software or other "cracking information."

Technically, under the ISP Code of Conduct even links to major Internet search engines might not be allowed, as they provide access to potentially prohibited information. One of the service providers I use has over 10,000 users-- while not all of the provider's users have web pages, policing all of the user' web pages would still be a task well beyond the ISP's resources (even if it could properly interpret what information is prohibited by the Code).

Furthermore, while the SPA claims that information about cracking copyright protection schemes constitutes a copyright infringement, courts in the past have held that copies made in the course of cracking software for the purpose of reverse-engineering the software may not be an infringement of the copyright. See, e.g., Sega v. Accolade, 977 F.2d 1510 (9th Cir. 1992).

Still more troubling is the SPA's arguments over linking on web pages. Their educational materials are somewhat misleading, and do not acknowledge some of the relevant cases applicable to these issues.

In our example, the web designer linked to other sites. She did not carry the other site's material on her web page. At no time did she or her ISP make copies of the questionable material (at least for the purposes of our analysis). For this reason, there was no direct infringement on their parts. This is because of how a hypertext link works-- it is merely a pointer to indicate where material is stored on another computer. Therefore, to find liability for linking, we have to look to some sort of third party liability-- either contributory or vicarious infringement.

The classic definition of a contributory infringer is "[o]ne who, with knowledge of the infringing activity, induces, causes or materially contributes to the infringing conduct of another, may be held liable as a 'contributory' infringer," Gershwin Publishing Corp. v. Columbia Artists Management, Inc., 443 F.2d 1159, 1162 (2d Cir. 1971). In the case of the web page creator, if the designer places a link to an infringing work, then arguably there is knowledge-- if a web surfer clicks on the link, a copy will be made, and thus an infringement will occur. As to contributing to the infringement: it is because of the selection of the link that the infringement occurred, and the link was provided by the web page designer. In such a case, finding contributory liability on the part of the web page designer would be reasonable.

Moving a step back, what if the link is to an archive of infringing software? In this case, selection of the link will not necessarily result in an infringement (though it may be very likely). Here the situation is analogous to the web page provider saying "Hey, you want copyrighted software? Get it from Infringementland-- and here's a map and train ticket to get there." In this hypothetical, there may still be contributory infringement.

What if the link is just to information about how to defeat copyright protection schemes? In this case, the knowledge of and contribution to the copyright infringement are becoming noticeably more tenuous-- perhaps tenuous enough that there should not be any liability. C.f., Sony Corp. v. Universal City Studios, Inc., 464 U.S. 417, 442 (1984) (which refused to hold the manufacturer of video recorders liable for copyright infringement if the recorders could be used for substantial non-infringing purposes).

In the case of the ISP, any liability is even more remote. The ISP, like the web page designer, must satisfy 'knowledge and participation' requirements. Here, the ISP did not put together the web page, and may not even know that it exists. Without knowledge of the infringing activity, the ISP will not be liable for contributory infringement. C.f. Religious Technology Center v. Netcom Communication Services, Inc., 907 F. Supp. 1361 (D.C. N.D. Cal., 1995) (holding that, if ISP knew of infringing activity, then the ISP could be held contributorily liable for the actions of its users).

The issues are obviously not as clear as portrayed in the SPA's educational materials, which virtually ignore the knowledge element of the contributory infringement test. The materials make claims such as: "It is thus a violation of the Copyright law for an ISP to make or allow others to use its server(s) to make, copies of computer programs available for downloading without the copyright holder's consent" (SPA Policy Statement on Contributory Infringement). None of the "educational materials" show any recognition of the Sony and Netcom decisions.

Finally, there may be vicarious liability, even without knowledge, when either the web page designer or the ISP (1) has the right and ability to control the infringer's acts and (2) receives a direct financial benefit from the infringement. See Shapiro, Bernstein & Co. v. H.L. Green Co., 316 F.2d 304, 306 (2d Cir. 1963). The financial benefit prong of this test was found not met in the Netcom case, in a similar situation to that in this example. If the Netcom case is followed, there will be no vicarious liability. (The Netcom case found that where an ISP does not receive any additional income as a result of the infringements, the financial benefit prong is not met, and therefore there is no liability.)

The SPA has a worthy goal-- reducing piracy. However, its efforts would be better spent chasing after those who are primarily responsible for committing the violations in the first place. The SPA is correct; ISPs should become informed about copyright law, which is an integral part of how their businesses function. Unfortunately, the SPA's education efforts are a little too targeted towards protecting its members' interests.

It is also reasonable to expect ISPs assist in the eradication of infringing material passing through or stored on their systems. However, the SPA should focus on the source of the problem-- there are plenty of pirates to keep the SPA busy litigating for years.

[Technology Law] [E-Law Web Page]