In November, Congress began hearings for H.R. 3261, the Stop Online Privacy Act (SOPA). The proposed legislation is the House alternative to the recently passed Senate Bill S.968, PROTECT-IP Act (Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011). Each of these proposals seeks to continue improving enforcement mechanisms against online intellectual property infringement, particularly involving activities that allude traditional jurisdiction.
The proposed legislation has proven quite controversial, with tech industry leaders Google and Microsoft lining up against the legislation while media companies, AFL-CIO and the U.S. Chamber of Commerce strongly support the bills.
This is not the first time Congress has sought to expand jurisdiction over illegal online activities in recent years. In 2008, Congress enacted the Prioritizing Resources and Organization for Intellectual Property Act of 2008 (the PRO-IP Act). Under this law, civil awards were increased, civil actions were added to the powers for the Department of Justice, and the position of Intellectual Property Enforcement Coordinator (IPEC) was created to serve within the executive office of the president. Victoria A. Espinel was appointed as the initial IPEC.
The PRO-IP Act doubled damage provisions for trademark counterfeiting, making the range $1,000 to $200,000 and up to $2,000,000 in cases of willful counterfeiting. The law also clarified and codified the trademark law interpretation that indirect trademark infringers are subject to the same liability as direct infringers. Copyright law enforcement was also increased, including the ability to seize the books and records of the infringer in addition to the infringing articles. This additional remedy provides law enforcement and civil litigants a powerful tool to track the source of distribution for illegally distributed works.
Perhaps the most potent provision of the PRO-IP Act, however, was the addition of a new seizure provision added to Title 18 of the United States Code, replacing section 509 of the Copyright Act. Section 2323 provides "[a]ny property used, or intended to be used, in any manner or part to commit or facilitate the commission of an offense . . ." is subject to seizure and forfeiture. The authority is quite broad because the facilitation language could extend to every music player and any website actively promoting infringement.
Last year, the authority under §2323 (and section 18 U.S.C. §981--a broader forfeiture and seizure statute) were used by Immigration and Customs Enforcement (ICE) to seize 90 domain names and counterfeit goods through two separate raids. According to the 2010 annual report of IPEC, the value of goods seized in Fiscal 2010 was significant: "The domestic value of the seized goods-i.e., the value of the infringing goods, not the manufacturer's suggested retail price (MSRP) for legitimate product-was $188.1 million. The estimated MSRP of the seized goods-i.e., the value the infringing goods would have had if they had been genuine-was $1.4 billion."
Despite these successes, the impact of the PRO-IP Act is somewhat limited. This is a fraction of the goods counterfeited and media content illegally distributed. As described by Stephen J. Zralek and Dylan Ruga in their January/February 2009 issue of Landslide , "it is doubtful" that increased damage awards "will have much effect on the counterfeiting industry because counterfeiters, in general, are difficult to catch and rarely are capable of satisfying a judgment. Indeed, most counterfeiters operate out of back alleys or anonymous storefronts on the Internet; they are transient and disappear easily when caught."
Frustrated by the limited effect of existing laws, Congress and the White House continue to seek to do more. President Obama has called for greater action, stating in a March 2011 speech "we're going to aggressively protect our intellectual property. Our single greatest asset is the innovation and the ingenuity and creativity of the American people. It is essential to our prosperity and it will only become more so in this century."
But as IPEC director Espinel noted in her 2010 annual report, "[t]here is extensive debate about the government's role in Internet policy in general and the enforcement of intellectual property rights in the online context in particular." Perhaps nowhere is that debate more heavily concentrated than the extension of the PRO-IP Act through additional legislation.
Professor James Grimmelmann of New York Law School summed up the tension over SOPA quite elegantly: "To supporters of SOPA . . . the best way to support 'innovation' and 'creativity' is stronger enforcement, in particular against Internet and financial intermediaries. But SOPA's opponents would say that Obama has the logic exactly backwards: Among the bill's dangers is that it could be used to shut down technical innovation and to censor websites that provide platforms for personal creative expression."
Media companies, manufacturers of counterfeited goods from clothing to pharmaceuticals, and law enforcement agencies support the efforts of SOPA. They are frustrated by the often futile efforts to reach infringers operating flagrantly offshore. These companies provide vehicles for ongoing intellectual property theft. With no method of tying the assets to individuals and assets in the United States, they operate with impunity.
SOPA is drafted to address these issues. The first of the SOPA operative provisions extends the attorney general's ability to seize foreign Internet sites on the same basis the attorney general now has to seize domestic sites. While this may have significant international law implications, from an intellectual property standpoint, this serves to extend the powers provided in the PRO-IP Act to websites foreign as well as domestic. So long as these sites serve U.S. customers sufficiently to satisfy the jurisdictional requirements, the foreign sites would be subject to U.S. law for interactions with U.S. customers.
Even more striking are SOPA's remedies. Within five days of a court order, domestic ISPs "shall take technically feasible and reasonable measures designed to prevent access by its subscribers located within the United States to the foreign infringing site (or portion thereof) that is subject to the order. . . ." The provision, therefore, enables a district court to shut off access to a particular URL. The ISPs are not parties to the action. Similarly, the court order would require search engine providers such as Google, Microsoft, and Yahoo to exclude the web address of such sites.
To cut off the financial transactions with these piratical sites, SOPA requires financial services providers such as Visa, MasterCard, and PayPal to stop conducting transactions with the sites pursuant to a court order. This technique provided an effective economic hit to the Wikileaks following the organization's publication of U.S. State Department communiqués and its threatened release of confidential bank records. While the actions of these financial service providers were consistent with their terms of service provisions that bar the use of the payments for illegal activities, the response to Wikileaks was troubling because the organization was never charged with any criminal wrongdoing. This situation set a very public precedent for the financial service company making the determination of illegal activity and responding accordingly.
The attorney general also has authority to bring an action for injunctive relief against any ISP, financial service provider, or Internet advertisement service that fails to take action, if it is knowingly and willingly serving the banned site. The proposed legislation limits this relief to injunctive relief only with no private cause of action, though presumably the court has civil and criminal contempt powers over any party that fails to follow its order.
While the law extends the PRO-IP Act in certain respects, it also has a rather novel reinvention of online "market-based" enforcement. Section 103 provides a two-step process that allows "an intellectual property right holder" (meaning a copyright or trademark owner) that believes itself harmed by an Internet site "dedicated to theft of U.S. property" to seek termination of that sites advertising and financial services.
The rights holder first notifies the site's payment network providers or Internet advertisement service that the rights holder believes the site is dedicated to infringement. Evidently the congressional expectation is that for many piratical sites, the owners will be unwilling to identify themselves, so the particular site will immediately lose its payment and advertising service providers. If the site files the counter-notice, then the rights holder can continue its action against that site with much improved information to establish personal jurisdiction.
The actual language of section 103 is quite convoluted and its concept is new to intellectual property law. Unlike the provisions involving the attorney general, the market-based responses have the processes inverted, triggering the cut-off of financial services and advertising before any adjudication takes place. While there have been objections among critics of earlier legislation regarding websites being blocked by court order prior to a final judgment, SOPA goes significantly further, choking the business needs of the site before a court action is even filed.
In the House Judiciary Committee's fact sheet, the proposed process is defended as reasonable because "[t]hese are websites that are actually being used and marketed to facilitate theft, not websites or other technologies that could simply have the potential of being misused." While this may prove to be true, the process for this determination takes place after the relationships with the financial services company and advertising company have been affected.
Undoubtedly the power to throttle back the violations of copyright and trademark theft through control over the piratical sites' advertising and economic tools will prove effective. But even recognizing that litigation is more costly than a notice-and-take-down regime, such interference should only come after a court order rather than through immunity and self-help.
Presumably, the provision is built upon the logic and effectiveness of the notice-and-take-down provisions of section 512 of the Digital Millennium Copyright Act. Section 512 trades off potential direct and secondary copyright liability for immunity so long as the publisher of the copyrighted work takes reasonable steps to respond to proper notice from a copyright holder that believes its work has been posted by a third party without authorization. Advertising services and payment services, however, have no direct copyright or trademark infringement liability and rather tenuous risk of secondary liability. Most have little ability to gain knowledge of potential copyright or trademark infringements until notice of infringement is provided. While such participants can sometimes be involved in inducing infringement or having sufficient knowledge and material participation of a direct infringer's activities, the new proposal balances a significant affirmative duty against a rather rare and remote liability risk.
In addition, the proposed legislation adds additional immunity for ISPs, Internet search engines, domain name registries, and registrars that follow comparable procedures. In essence, it incentivizes each of the Internet intermediaries to move to a voluntary notice-and-take-down system against alleged infringement sites.
Technology companies largely oppose SOPA because the obligations of enforcement and the newly created notice-and-take-down provisions will add to their duties and overhead, with potentially significant demands on their operations. The new requirements place them as the intermediaries of not only technical aspects of the Internet but also the financial and quality assurance aspects.
The PROTECT-IP Act has many of the same conceptual goals as SOPA, though drafted with less detailed provisions. At the same time, however, the PROTECT-IP Act is arguably narrower in its definition of sites subject to the law. The definition of infringing sites in each proposal has slightly different contours. The PROTECT-IP Act references provisions of the Copyright and Trademark Acts while SOPA references provisions of the criminal intellectual property provisions of Title 18. As a result, each definition has attributes that may result in it being overly inclusive for some activities while under-inclusive for others.
The most significant difference between the two proposals aside from the technical language is the notice-and-takedown provisions for financial service providers and Internet advertising services. The PROTECT-IP Act is primarily focused on actions by the attorney general, with a much narrower provision enabling rights holders to bring in rem actions against domain names and by extension registries and registrars. It does not introduce this new form of intermediary self-regulation of Internet content.
Undoubtedly there remains significant intellectual property theft, but recent data suggests some hope that the existing efforts are starting to pay dividends. According to a recent study by the American Assembly of Columbia University, some interesting characteristics of the public are emerging:
- Piracy is common. Some 46 percent of adults have bought, copied, or downloaded unauthorized music, TV shows or movies. These practices correlate strongly with youth and moderately with higher incomes. Among 18-29 year olds, 70 percent have acquired music or video files this way.
- Large-scale digital piracy is rare, limited to 2 percent of adults for music (>1,000 music files in collection and most or all copied or downloaded for free) and 1 percent for film (>100 files, most or all from copying or downloading).
- Legal media services can displace piracy. Of the 30 percent of Americans who have pirated digital music files, 46 percent indicated that they now do so less because of the emergence of low-cost legal streaming services. Among TV/movie pirates, 40 percent.
An interesting aspect of the study addresses the public perception on adjudication. As the study explains, "Americans have relatively clear views about what constitutes due process in such matters, and it involves courts (54 percent) rather than adjudication by private companies." While a majority believes court adjudication is required, only 15 percent supported ISP based decision making and "only 18 percent percent say the music companies and movie studios should make that decision."
One other debate surrounding the proposed legislation should be noted. In a letter to the Senate Judiciary Committee regarding an earlier version of PROTECT-IP Act, longtime Internet security advocate Kathryn Kleiman, Director of Policy for the Public Interest Registry wrote how the domain name redirection protocol "breaks the Internet." It doesn't.
What Kleiman explained in her letter to the committee was that rerouting web pages around the proper domain name server (DNS) authentication is presently a security issue being addressed by ICANN and other international Internet bodies focusing on security. The technique is used to conduct phishing, denial of service, and man-in-the-middle attacks on Internet systems. As a result, there have been steps to require authenticated DNS systems as an essential part of improved Internet security. Since the traffic redirected by court order would be sent to sites have the same attributes as phishing sites, the effect of the legislation would be to frustrate the implementation of these new security protocols.
In this context, the disruption to the Internet caused by mandatory site redirection is a legitimate concern. It presently occurs in states promoting a "local" internet such as China, but the redirection is subject to substantial international criticism. Many other analysts have raised concerns that since the techniques for users to redirect around U.S. DNS systems to offshore systems are not terribly difficult, it will drive some of the public towards these less secure systems. Such users--and any family members or others sharing their computers--would then be vulnerable to additional security problems raised by non-authenticated web surfing routed through DNS servers owned by the infringers themselves.
The analysis here emphasizes that the unintended consequence of better enforcement will be a population of less secure networked computers and greater overall vulnerability to systematic criminal behavior. At a minimum, the potential harm should be carefully studied. If these problems do develop, it will be difficult to undue such harm by subsequent amendments to the laws or through technical solutions.
It is likely the controversy surrounding SOPA and the strong positions taken by the stakeholders will result in significant ongoing debate. Nonetheless, the concerns over piracy have not lessened. The growing success of some online copyright markets does not address the continued piracy nor does it provide relief from trademark infringement or dangerous pharmaceutical fraud.
The process for determining the best method of promoting innovation and rewarding creativity will continue. Hopefully, the discussion of SOPA will add transparency and understanding for the public on the best method of achieving these common goals.