EFF, Public Knowledge, and the Center for Democracy and Technology Urge The United States Court of Appeals for the Fourth Circuit to Protect Internet Subscribers in BMG v. Cox.

No one should have to fear losing their Internet connection because of unfounded accusations. But some rights holders want to use copyright law to force your Internet service provider (ISP) to cut off your access whenever they say so, and in a case the Washington Post called “the copyright case that should worry all Internet providers,” they’re hoping the courts will help them.

We first wrote about this case—BMG v. Cox Communications—when it was filed back in 2014, and last month, EFF, Public Knowledge (PK) , and the Center for Democracy and Technology (CDT) urged the Court of Appeals for the Fourth Circuit to overturn a ruling that ISP Cox Communications was liable for copyright infringement. EFF, PK and CDT advised the court to consider the importance of Internet access in daily life in determining when copyright law requires an ISP to cut off someone’s Internet subscription.

The case turns in part on a provision in copyright law that gives Internet intermediaries a safe harbor—legal protection against some copyright infringement lawsuits — provided they follow certain procedures. Online platforms like Facebook and YouTube, along with other Internet intermediaries, have to “reasonably implement” a policy for terminating “subscribers and account holders” that are “repeat infringers” in “appropriate circumstances.” But given the importance of Internet access, the circumstances where it’s appropriate to cut off a home Internet subscription entirely are few and far between.

The law as written is flexible enough that providers can design and implement policies that make sense for the nature of their service and their subscribers’ circumstances. A repeat infringer policy for the company that provides your link to the Internet as a whole should take into account the essential nature of Internet access and the severe harm caused by disconnection.

But music publisher BMG wants to use this provision to force ISPs to become tougher enforcers of copyright law. According to BMG, ISPs should be required both to forward rights holders’ threatening demand letters to their subscribers and terminate a subscriber’s Internet access whenever rights holders allege that person has repeatedly violated copyright law. A subscriber is a “repeat infringer” and subject to termination, they argue, whenever they say so.

Unfortunately, the district court agreed with the music publisher, ruling that notices of copyright infringement sent by copyright troll Rightscorp were enough for Cox to know that a subscriber was repeatedly using its network to infringe copyright. Because Cox failed to terminate enough of those subscribers on the basis of Rightscorps’ accusations, Judge Liam O’Grady of U.S. District Court for the Eastern District of Virginia ruled that Cox was ineligible for the safe harbor and liable for millions of dollars in damages for contributory copyright infringement.

Cox’s appeal of the ruling raises two very important issues: (1) Who should be considered a “repeat infringer” who should be cut off from the Internet, and (2) whether ISPs must either cede to rights holders’ demands or monitor their subscribers’ Internet habits to avoid liability.

Who should determine when someone is a “repeat infringer”?

The law as it’s written doesn’t require ISPs to terminate their subscribers whenever repeated accusations of infringement are made. As Cox's brief explains, elsewhere in copyright law, terms like “alleged” or “claimed” infringement indicate that allegations are relevant. The “repeat infringer” provision leaves them out. The law only requires ISPs to have a policy for termination of actual “repeat infringers,” not “alleged” or “claimed” repeat infringers.

In giving rightsholders the ability to determine for themselves who counts as a “repeat infringer,” Judge O’Grady created a powerful tool they can use to pressure ISPs to comply with their copyright enforcement schemes. And they get an extra boon as well — they can shake down Internet subscribers for settlement fees with threats that they’ll lose their Internet access.

This is especially worrisome in light of the frequency of false or erroneous allegations of infringement–-on Cox’s network alone, for example, Rightscorp misidentified hundreds of files as infringing. In one case, for example, Rightscorp identified “a Grateful Dead song that was actually an article about a Grateful Dead performance.”

Faced with a dubious notice, ISPs are ill-suited to investigate whether the allegations it contains are true. Because Cox doesn’t host subscribers’ content but only provides the network through which their data travels, to examine whether that data infringes copyright, Cox would need to use deep-packet inspection to investigate every packet that subscriber sends and receives. That level of monitoring is frighteningly privacy-invasive and clearly not contemplated by the law.

Even if ISPs did examine their subscribers’ traffic, determining whether a particular file is infringing (rather than in the public domain, licensed, or a fair use) is a difficult call even for courts and copyright lawyers, and even for the rightsholders themselves. Where an Internet subscriber’s very connection to the larger world is at risk, courts should hesitate before asking ISPs to make that call on their own.

IP Addresses are "Unreliable Informants.”

Your ISP can see only the Internet Protocol (IP) address associated with your account, not who is using that address at any one time. This means that infringement notices that identify an IP address only cannot show whether the subscriber or a different person was using that connection at the time. Any one IP address can provide Internet access to any number of people; many people share their Internet connections within their household or with their community, and they generally aren’t able to control what others do online. In this case, many of Rightscorp’s notices identified infringement carried out by third parties, and not the subscriber themselves. Terminating that subscriber’s account would be unfair to that subscriber, and would cut-off Internet access to everyone else sharing that connection.

A court, not a rights holder or ISP should make the call.

The only way to reliably determine when a subscriber is a repeat infringer is when that person has been found by a court of law to have repeatedly committed copyright infringement. The law should allow ISPs to insist on an adjudication of infringement before terminating someone’s Internet account.

Holding ISPs like Cox liable for contributory infringement opens the door to widespread monitoring and filtering.

As Cox's brief explains, even without protection of the safe harbor, ISPs like Cox aren’t necessarily liable merely because they provide Internet service to someone who infringed a copyright. Two landmark Supreme Court cases, Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., and Sony Corp. of America v. Universal Studios made clear that if a service is capable of significant lawful uses, and the provider doesn’t actively encourage users to commit copyright infringement, the provider shouldn’t be held responsible when someone nonetheless uses the service unlawfully. And, a provider’s mere failure to act doesn’t qualify as active encouragement. In ignoring this important rule and holding Cox liable for contributory copyright infringement, the district court created the risk that providers like Cox may have to choose between complying with rightsholders’ termination demands or monitoring and filtering their subscribers’ online activities if they want to avoid liability.

Like “cutting off someone’s water”, terminating someone’s Internet connection should be, at least, a measure of last resort. As Cox’s appeal continues, we hope this time the court gets it right.