New Jersey Law Journal January 17, 2005

HEADLINE: Protecting Internet Communications;

Direct control over Internet communications brings increased liability for copyright infringement

BYLINE: By Jonathan Bick; Bick is of counsel to WolfBlock Brach Eichler of Roseland and is an adjunct professor of Internet law at Pace Law School and Rutgers Law School. He is also the author of 101 Things You Need To Know About Internet Law [Random House 2000].

BODY:

Law firms use Internet technology to communicate in ways that were simply not possible ten years ago. This has allowed lawyers to share information as never before. More importantly, the technology associated with the Internet allows law firms direct control over Internet communications because they own the individual networks that allow information to be shared. This direct control brings increased liability for copyright infringement, unless firms comply with the Digital Millennium Copyright Act [DMCA] of 1998, codified in 17 U.S.C. 512. Compliance requires little investment of time or money. Similarly, e-mail protection is readily available at little or no additional cost.

Prior to the DMCA, courts analyzing a Copyright Act claim brought against an entity that facilitated communication by copying and re-transmitting messages considered first whether there had been infringement of a valid copyright: that is, whether there had been a violation of one of the five exclusive rights granted to copyright owners in the Copyright Act, such as copying the copyrighted material. Similarly, a claim of contributory or vicarious infringement, the two forms of secondary liability under traditional copyright law, normally required the simple proof of direct infringement by a third party.

At that time, law firms were normally able to cope with such regulation because they did not usually act as common carriers. Notwithstanding the reality that law firms that facilitate Internet communications perform as common carriers, they are not by and large entitled to comprehensive liability protection. Other common carriers, such as telecommunications providers, are routinely given liability protection for forwarding others' communications. See, e.g., 47 U.S.C. 153[10] [2002], which defines a common carrier in the context of telecommunications regulation and immunity. Instead, with respect to the area of protection from liability for users' copyright infringement, law firms that manage their own Internet communications are subject to an intricate set of regulations enumerated in the DMCA. These DMCA conventions allow courts to grant protection from infringement for the firms that qualify as an Internet Service Provider [ISP].

It should be noted that law firms often deal in domestic disputes, business, tort litigation and other matters that motivate the unlawful access to e-mail or e-voicemail communications. These security breaches are not governed by the DMCA. The unauthorized access of the content of conversations or communications is an invasion of any nonconsenting person's privacy, not an infringement. Regulations concerning Internet communication privacy are detailed in the federal wiretap and stored communications acts, state wiretap and stored communications acts, and the common law privacy intrusion tort. The use of proper e-mail procedures, however, can significantly reduce such unauthorized access.

If a court characterizes a law firm as an ISP, such characterization will also establish whether a copyright holder may serve subpoenas under section 512[h], necessitating the law firm to identify the user who originated the allegedly infringing message as well as the scope of injunctive relief obtainable under section 512[j]. A court's characterization of a law firm as an ISP therefore establishes whether the activity exposes the law firm to liability and whether the identity of the other party is easily discovered.

In the event that a court distinguishes the firm's Internet activity as transmission or routing, the law firm is in actual fact safeguarded from direct and contributory liability for its users' copyright infringement, assuming that the law firm has met the threshold requirement for safe harbor applicability contained in 17 U.S.C. 512[i]. Once the threshold requirements are met, the copyright holder is not entitled to a section 512[h] subpoena requiring the law firm to identify the alleged offender. If the court characterizes the law firm's Internet communication activity in any other way, the law firm is exposed to contributory liability for its users' activities and the copyright holder may serve a section 512[h] subpoena.

Courts have not reached a consensus on how to characterize particular activities, and the relevant statutes and associated legislative history provide only limited guidance. In a particularly important example of the difficulties that section 512's characterization methodology raises, different courts have characterized Internet communication provider's participation in a mutual message-forwarding network as transmission and storage of material at a user's direction. Compare Ellison v. Robertson, 189 F. Supp. 2d 1051 [C.D. Cal. 2002], with ALS Scan, Inc. v. RemarQ Communities, Inc., 239 F.3d 619 [4th Cir. 2001].

The courts' characterization of Internet communication provider's participation in a mutual message-forwarding network decisively shaped the parties' options in later litigation. Courts' inconsistency in characterizing a mutual message forwarding network for section 512 purposes raises the possibility that courts may characterize other Internet communication systems inconsistently, leaving law firms uncertain of their exposure to liability if they participate or allow their users to participate in these systems.

If law firms are exposed to liability for forwarding others' messages -- messages originating with other law firms or with the law firm's own users -- the norm of universal mutual message forwarding that underlies the present operation of the value of the Internet for communications will be significantly reduced.

The present regime governing a law firm's Internet communications' liability for copyright infringement on the part of their end users can be limited by complying with the DMCA. According to 17 U.S.C. 501 [2002], anyone who violates an exclusive right of a copyright holder is liable for copyright infringement. Any Internet communication that includes unlicensed copyrighted works will violate these exclusive rights. Routers and cache servers, for example, produce reproductions of copyright protected material that they receive. Computer monitors display copyright protected material that they receive. The courts have found that parties who materially contribute to infringement by another with actual or constructive knowledge of that infringement will be liable for contributory infringement. See A&M Records, Inc. v. Napster, Inc., 239 F.3d 1004, 1019 [9th Cir. 2001].

The Ellison court found that a firm is not liable for direct infringement when the firm's Internet communications allow passive, automatic copying of copyrighted works incident to forwarding others' messages. In the absence of statutory protection, however, that firm may be liable for contributory infringement where it has actual or constructive knowledge of the infringement, since passive, automatic copying qualifies as material contribution to infringement. Fortunately, statutory protection is available if a firm registers as an Internet Service Provider in accordance with the DMCA.

New subsection 512[c] of the copyright law limits a service provider's liability for information residing [at direction of a user] on a system or network that the service provider controls or operates.

For purposes of section 512[c], a "service provider" is defined as a provider of online services or network access, or the operator of facilities, including an entity offering the transmission, routing, or providing of connections for digital online communications, between or among points specified by a user, of material of the user's choosing, without modification to the content of the material as sent or received. Thus, most law firms that provide Internet communication facilities would qualify for protection.

The Copyright Office has published requirements by which a service provider may qualify for protection. Among the most important qualifications is the designation of an agent; the service provider must designate an agent for notification of claimed infringement by providing contact information to the Copyright Office and through the service provider's publicly accessible Web site.

The Copyright Office does not provide printed forms for filing a designation of agent, but suggested formats for such forms are available on www.copyright.com. The United States Copyright Office's site offers a form that may be filled in on screen and printed, and a form that may be downloaded and completed. The form, and a $30 fee, must be mailed or hand delivered to the Copyright Office.

In addition to using the DMCA to reduce liability, law firms are also reducing liability associated with e-mail distribution, including negligence and privacy protection failure, by encasing private information in attachments to e-mails rather than putting such information in the body of the e-mail. When attachments are used to provide Internet security, the text of the e-mail [to which the attachment is appended] typically contains a privacy notice similar to a fax cover sheet.

A typical notice might state:

The attachment associated with this e-mail is intended for the party to whom this e-mail is addressed. It contains confidential information. If you have received this e-mail, please delete the e-mail and the associated attachment immediately.

Normally, Internet messages are sent through a vast system of routers and servers. Some Internet communications travel across the country, even when the e-mail sender and recipient are in the same building. At various points along this path, e-mail messages are stored, digital e-mail identifications logged, and the contents of private conversations and business transactions can be retrieved, read, and abused. In addition, e-mail messages are habitually logged and may even be stored on backup tapes that are kept for years.

The government has an active lawful e-mail reading program in place. Section 215 of the Patriot Act relieves certain government agencies from the requirement of obtaining a warrant to read the public's e-mail. Carnivore, the information-gathering software created by the FBI to combat criminals who use the Internet, is now being used to read public e-mail. Carnivore is housed in a computer that connects to an Internet Service Provider's servers and mines all incoming and outgoing mail for information. The use of an attachment and appropriate notice is likely to require additional government action to lawfully read it. This in turn will provide additional protection for attorney Internet communications.

For additional protection, law firms can password protect attachments. Those firms that use Microsoft word need only follow this procedure:

Open the file. On the Tools menu, click Options, and then click Security. In the Password to open box, type a password, and then click OK. In the Re-enter password to open box, type the password again, and then click OK.

This series of steps will create a password, which the recipient would need to open the attachment. This sort of protection is typical of the protection afforded to laws firms that have word processing security options available to them.