This piece is exerpted from the Law, Borders, and Speech Conference Proceedings Volume. The conference, convened by Stanford's Center for Internet and Society, brought together experts from around the world to discuss conflicting national laws governing online speech -- and how courts, Internet platforms, and public interest advocates should respond to increasing demands for these laws to be enforced on the global Internet. For two weeks in January 2018, we will be posting these materials on the CIS Blog. The Proceedings Volume itself contains these and other resources, including reading lists, conference slides, and results of participant surveys. It is Creative Commons licensed for re-use in teaching materials and elsewhere.
Panel Summary by Annemarie Bridy
- Annemarie Bridy - Professor of Law, University of Idaho; Affiliate Scholar, Stanford Center for Internet and Society
- Ben Sheffner - Senior Vice President & Associate General Counsel, Copyright & Legal Affairs, Motion Picture Association of America, Inc. (MPAA)
- Corynne McSherry - Legal Director, Electronic Frontier Foundation
- Alex Feerst - Head of Legal, Medium
From the Agenda:
Is intellectual property uniquely eligible for global enforcement, because it is relatively harmonized around the world by treaties? Are territorial restrictions so baked into copyright licensing and business practices that the law must compel geoblocking on copyright grounds? When and why should the law push in the opposite direction by prohibiting geoblocking—as the EU recently announced it would do for some copyrighted content?
The topic of this panel was cross-border issues in the online enforcement of intellectual property rights. The speakers brought a range of perspectives from the movie industry (Ben Sheffner), the public interest sector (Corynne McSherry), academia (Annemarie Bridy), and the tech industry (Alex Feerst).
The panel began with a discussion of Equustek Solutions Inc. v. Jack, a case then pending before the Supreme Court of Canada. In the case, Google challenged a lower court’s injunction requiring it to remove search results not only from its Canadian services, but globally. The sites belonged to the defendants, who were accused of trade secret misappropriation and trademark infringement. The defendants fled Canada during the course of the litigation, which led the court to strike their defenses as a sanction. The trial court ultimately issued an order enjoining the defendants from using Equustek’s trade secrets and from selling infringing inventory. The defendants predictably disregarded the court’s order. They continued to sell products from various websites they controlled from indeterminate locations. Equustek asked Google to globally remove search results for the defendants’ websites, which Google refused to do. Google agreed only to remove infringing URLs from results on its Canadian search service at www.google.ca. Equustek argued before the trial court that Google should be compelled to do more.
The trial court agreed. Specifically, the court held that (1) the plaintiffs were suffering irreparable harm by the defendants’ ongoing sales of infringing inventory on the Internet; (2) Google was inadvertently facilitating that harm through its search engines; (3) the plaintiffs had no alternative to the application brought against Google; (4) the relief sought against Google would not cause Google any expense or inconvenience, and was only a slight expansion of what Google agreed to do voluntarily; and (5) for the orders against the defendants to be effective, even within Canada, Google must stop displaying the defendants’ websites on Google’s search results on all of Google’s websites, not just www.google.ca.
Google appealed the trial court’s decision and asked the Court of Appeals to set aside the order. Google made three ultimately unsuccessful arguments. First, Google argued that the order was contrary to both Canadian jurisprudence on orders that restrict freedom of expression and parliamentary guidance on the grant of injunctions against search engines. Second, Google argued that the trial court erred in applying rules concerning injunctions against non-parties to the litigation before them. Finally, Google argued that the order violated principles of international comity. The Court of Appeals rejected all of Google’s arguments and upheld the worldwide injunction. In a ruling that post-dated the panel discussion, the Canadian Supreme Court affirmed.
Equustek is a controversial case because the court’s order required Google to de-list search results worldwide—not just from the company’s Canada-targeted service at www.google.ca, which the company said was used by some 95% of its customers in Canada. In effect, a Canadian court asserted its authority over the contents of search results globally, for Canadians and everyone else. The extraterritorial reach of the Canadian court’s order raised difficult questions about the relationship between law and borders in cyberspace.
After summarizing the case, Sheffner discussed the MPAA’s position concerning the issuance of non-party injunctions against Internet intermediaries in cases of online infringement where defendants disregard court orders entered against them and thereby frustrate plaintiffs’ ability to realize their remedies. He described a four-factor test proposed in an amicus brief filed in the Supreme Court of Canada in Equustek by the Fédération Internationale des Associations de Producteurs de Films (FIAPF), a trade group of which the MPAA is a member. Under the FIAPF’s proposed test, the four factors a court should consider are: (1) the likely effectiveness of the order in remedying the harm caused to the claimants, and the availability of alternative remedies; (2) the cost to the intermediary of implementing the order; (3) the impact of the order on freedom of expression; and (4) evidence that the order will have extraterritorial effect in a manner that offends comity. Under this test, Sheffner asserted, the order issued in Equustek was proper and should be upheld. At the same time, he suggested, the test would not support global removal based on speech-restrictive laws that vary widely between countries, such as laws against blasphemy.
McSherry argued that such an approach would not adequately protect speech and due process rights around the world, and said that a ruling in Equustek’s favor would set dangerous precedent. She described two alternative multi-factor tests presented to the Canadian Supreme Court in amicus briefs filed by the EFF and human rights organizations. EFF recommended that the Court consider six factors before issuing an order against a non-party online intermediary: (1) whether the order would offend another (relevant) State’s core values; (2) whether the plaintiff made a strong prima facie case on the underlying claim; (3) whether the defendant is causing substantial irreparable harm; (4) whether the order is narrowly tailored to address that harm; (5) whether the order is technically feasible and effective; and (6) whether the balance of equities favors issuance. Human Rights Watch and other human rights organizations in a joint brief suggested to the Court a test derived from the International Covenant on Civil and Political Rights. Under that test, the Court would consider (1) whether the order is valid under domestic law; (2) whether it is necessary to protect rights, national security, public order, public health, or morals; and (3) whether it is proportional in light of impacts on freedom of expression and alternative means of achieving the goal. Applying these tests, both EFF and the human rights organizations urged the Canadian Supreme Court to overturn the lower court’s decision.
Sheffner and McSherry agreed in principle that protecting freedom of expression is important in these kinds of cases, and that consideration of conflicting speech norms between relevant States is necessary, both in its own right and as an element of the international comity analysis. McSherry expressed concern that the ability of national courts to issue Internet-wide injunctions against online intermediaries could lead to a “race to the bottom” in which plaintiffs forum shop for courts in jurisdictions with weak speech norms and strong copyright laws. She emphasized that applying principles of comity to cases involving conflicts over online content removal requires consideration of whether the relevant jurisdictions recognize fair use and, if so, whether they recognize it to the same extent. In response to concerns about asymmetrical fair use norms between jurisdictions, Sheffner asserted that the MPAA does not seek injunctions against online intermediaries in “close” copyright cases, meaning those in which fair use would be a colorable defense in the jurisdictions that recognize it. He expressed a belief that comity concerns are not triggered by the injunctions the MPAA seeks because the MPAA targets only “blatantly infringing sites” that have no legitimate claim to fair use.
Bridy, the panel’s third speaker, shifted the discussion of global content blocking from the courts to the Internet’s technical infrastructure. What if, she asked, the jurisdiction of courts over nonparty intermediaries could be made irrelevant to anti-piracy enforcement? What if right holders could get the keepers of the global Domain Name System (DNS) to start policing content on websites and unilaterally suspending or cancelling domain names in response to their complaints?
Responding to these questions, Bridy described recent efforts by right holders to avoid the “law and borders” issues raised in cases like Equustek by implementing, with ICANN’s cooperation, a privately ordered framework for notice and blocking within the DNS. The framework is outlined in a “trusted notifier” agreement between the MPAA and two registry operators—Donuts and Radix—that control hundreds of new global Top Level Domains (gTLDs), including .movie, .wine, and .computer.
The backstory on the MPAA-Donuts/Radix agreement begins with ICANN’s launch in 2011 of a substantial expansion of the Internet’s domain name space through the introduction of over a thousand new gTLDs. Right holders saw in the new gTLD process an opportunity to inject anti-piracy obligations into the hierarchy of private agreements governing the relationship between ICANN and the various downstream entities that administer the DNS. The MPAA and the Recording Industry Association of America (RIAA) successfully lobbied within ICANN’s multi-stakeholder governance forum for a “flow down” provision in the 2013 ICANN-Registry agreement. The provision requires registries to include in their contracts with registrars a provision that requires registrars to include in their contracts with registrants a provision that prohibits copyright infringement and promises consequences for infringement, including suspension of the domain name.
Citing the prohibition on copyright infringement in the ICANN contracts as their legal justification, Donuts and Radix have agreed to act as private investigators and adjudicators of the MPAA’s complaints that domain name registrants are operating “pirate sites.” Under the agreement, the registry operators treat MPAA’s complaints “expeditiously and with a presumption of credibility.” The standard for the submission of a complaint is “clear and pervasive copyright infringement.” Before approaching the registry, MPAA must go first to the registrar of record and the site’s hosting provider. However, if it is not satisfied with the outcome of those interactions, the registry operator becomes the private court of last resort.
Bridy identified a host of normative concerns relating to the trusted notifier framework:
- There is a presumption of guilt for accused registrants.
- Complaints target (and sanctions affect) an entire second-level domain rather than specific content.
- There is a lack of clarity about what constitutes “clear and pervasive copyright infringement.”
- There are no established procedures for registrants to contest complaints and/or appeal sanctions.
- There is a lack of transparency about sanctions taken under the agreement and no mechanism for public reporting.
The final panelist, Feerst, offered a practical perspective on “holes” in the DMCA. One jurisdiction-related issue arises when right holders outside the US send DMCA notices to US-based platforms. Do such notices effectively signal acceptance of US legal jurisdiction over the dispute, and potentially even waiver of remedies under other countries’ laws? Must right holders assert only copyright claims that are valid under US law, or can they use the DMCA to assert claims under the law of the sender’s country? Has notice and takedown for copyright become de facto harmonized through platforms’ global application of the DMCA?
Another issue arises from publishing platforms’ increasing reliance on enterprise cloud services. Feerst explained that many user-generated content (UGC) platforms, including Medium, do not operate their own servers, but instead rely on third party hosting providers like Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform. The cloud provider hosts the platform’s content, including UGC. This arrangement creates ambiguity and complexity under the DMCA—as Feerst illustrated with the example of a DMCA takedown notice Medium received, via AWS, from the government of Ecuador for images published by a user on Medium.
First, the arrangement creates multiple entities that could be viewed as online storage providers—a content platform as well as its upstream cloud provider. Right holders who want to file DMCA notices that target content appearing on a content platform like Medium might logically be expected to file those notices with the platform’s designated DMCA agent. Instead, however, they might file notices directly with the upstream cloud provider. This creates serious questions under the DMCA: are both the platform and the cloud provider “hosts” with removal obligations? What is the permissible turnaround time for “expeditious” removal in this two-host situation? Can the platform host send a counternotice to the cloud provider? The problem is exacerbated by the cloud host’s limited technical options: it may be able to shut down a platform’s entire website and service, but not able to remove an individual item of UGC from that platform. Finally, the chain of contractual relations running between the intermediaries may, in practice, displace the law. The content platform may be asked to remove the content in question with a deadline imposed by private contract, with a time limit that may be less flexible than the DMCA’s standard of “expeditious” removal. If the content platform fails to remove the disputed content, it risks breach of its contract and potentially existential consequences for that breach (at the extreme, termination of the contract and, as a result, removal of all hosted content). Whereas a content platform would risk a lawsuit from an aggrieved right holder if it chose to ignore a DMCA notice directed to its own DMCA agent, it potentially risks its entire business operations if it chooses to ignore a DMCA notice directed to its cloud provider. The DMCA risk calculus for smaller platforms that outsource hosting to major cloud providers is thus very different than it is for larger platforms that operate their own storage facilities.
In a world where web-based publishing platforms routinely rely on cloud storage vendors to host their UGC, an individual platform can find itself between a rock and a hard place when it comes to copyright takedown demands. As the apparent-but-not-actual host of its users’ content and as a user itself of the cloud services that actually store the content, a platform is potentially liable on two fronts if it resists takedown demands: to right holders for infringement and to its storage provider for breach of contract/Terms of Service.
In further discussion, the panel considered the jurisdictional significance of the two-host situation. A platform’s relationship with the cloud provider may also effectively put it within reach of claimants around the world—including in countries where the platform itself is not subject to jurisdiction. Even if both the user who creates content and the platform to which he posts it operate entirely within one country, the same is likely not true of the cloud hosting provider. Its international business operations may create the basis of jurisdiction for claims affecting content on small and medium-sized platforms around the world. The consolidation of Internet infrastructure in the hands of a few major hosting providers may thus create a new, and under-considered, legal and practical mechanism for cross-border content removal.
 2015 BCCA 265, available at http://www.courts.gov.bc.ca/jdb-txt/CA/15/02/2015BCCA0265.htm. The panel discussion predated the Canadian Supreme Court’s subsequent decision, which affirmed the appellate ruling.