IAAL*: Peer-to-Peer File Sharing and Copyright Law after Napster

by Fred von Lohmann
Attorney-at-Law and Visiting Researcher
Berkeley Center for Law & Technology
fred@vonLohmann.com

* Acronym for "I am a lawyer," to distinguish from the common "IANAL" ("I am not a lawyer") that appears on Slashdot and other online forums. 

Executive Summary

As the Napster saga illustrates, the future of peer-to-peer file-sharing is entwined, for better or worse, with copyright law. The legal fights have already broken out, with copyright owners targeting not only the makers of file-sharing clients like Napster and Scour, but also companies that provide products that rely on or add value to public P2P networks, such as MP3Board.com, which provides a web-based search interface for the Gnutella network. The fight has only just begun. If these early skirmishes yield any lesson for future P2P developers, it's that a legal strategy needs to be in place early, preferably at the beginning of development, rather than bolted on at the end. As a result, if you are interested in peer-to-peer file sharing, whether as a developer, investor, or provider of ancillary services (such as search services or security), it's time to bone up on some copyright law basics.

Contributory and Vicarious Infringement

The central copyright law concepts that P2P developers must grapple with are the doctrines of contributory and vicarious copyright infringement. These are so-called "indirect" or "secondary" theories of copyright liability that can hold a software maker or system developer liable for the infringing activities of end-users. In a widely-used public peer-to-peer file-sharing environment, it is a virtual certainty that at least some end-users will engage in infringing activity. By invoking contributory and vicarious copyright infringement, copyright owners have been seeking to hold P2P tool-makers (like Napster and Scour) responsible for these infringing end-user activities. Consequently, an uding of these two copyright doctrines can be crucial if P2P developers wish to limit their vulnerability to copyright liability.

Contributory infringement is similar to "aiding and abetting" liability: one who knowingly contributes to another's infringement can be held accountable. In order to prove a contributory infringement claim, a copyright owner must establish the following elements: (1) some act of direct infringement (by end-users, for example); (2) that the defendant knew or should have known of the defendant of the direct infringement; and (3) that the defendant materially contributed to the direct infringement.

A person will be liable for vicarious infringement if he has the right and ability to supervise infringing activity and also has a direct financial interest in such activities. In order to prove a vicarious infringement claim, a copyright owner must establish the following elements: (1) some act of direct infringement (by end-users, for example); (2) that the defendant had the right or ability to control the direct infringer; and (3) that the defendant derived a direct financial benefit from the direct infringement.

The recent decision by the Ninth Circuit in the Napster case is the first case involving the application of contributory and vicarious liability to a peer-to-peer file sharing system. In the course of ruling against Napster, the court interpreted both contributory and vicarious infringement in an expansive way. With respect to contributory infringement, the court ruled that, after receiving notice from a copyright owner that a work is being shared on its system without authorization, Napster has a duty to take reasonable steps (including implementing technical changes to its system) to prevent further distribution of the work. This ruling creates the potential that once a P2P developer receives a "cease and desist" letter from a copyright owner, he or she must "do something" (including making changes to the system architecture) to stop the infringement, or else face liability.

With respect to vicarious infringement, the Napster court radically diluted both the "control" and "financial benefit" elements that a copyright owner must prove. First, the court found that the mere ability to terminate user accounts or block user access to the system was enough to constitute "control." This may expose a wide variety Internet-based services to potential liability, as most services retain the right to terminate users. Second, the Napster court found that "financial benefit exists where the availability of infringing material acts as a draw for customers." Once again, this is not difficult to prove in an Internet economy characterized by business models premised on attracting large numbers of users.

In addition, the Ninth Circuit's view of vicarious infringement liability creates a strong incentive to monitor the conduct of users. This stems from the fact that knowledge is not required for vicarious infringement liability; a person can be a vicarious infringer even if they are completely unaware of infringing activity. As a result, if you exercise control over direct infringers and derive a benefit from their activities, you remain ignorant of their conduct at your own risk. In the words of the Napster court, "the right to police must be exercised to the fullest extent. Turning a blind eye to detectable acts of infringement for the sake of profit gives rise to liability."

Potential Defenses

A P2P developer may be able to mount certain legal defenses to a claim of contributory or vicarious infringement. These defenses may include the following:

Because basic architecture decisions may influence a system's eligibility for these defenses, a P2P developer would be wise to consider the limits of each defense in evaluating the legal risks posed by any particular system design.

Guidelines for P2P Developers

A few general guidelines for P2P developers can be derived from an analysis of contributory and vicarious copyright infringement principles discussed above. Each guideline is discussed in further detail at the close of this white paper.

  1. Your two options: total control or total anarchy.
  2. Better to sell stand-alone software products than on-going services.
  3. Can you plausibly deny knowing what your end-users are up to?
  4. What are your substantial noninfringing uses?
  5. Disaggregate functions.
  6. Don't make your money from the infringing activities of your users.
  7. Be open source.
  8. Do not be a direct infringer: make and store no copies.
  9. Do not build any "circumvention devices" into your product.
  10. Don't use someone else's trademark in your name.

White Paper [ http://www.eff.org/IP/P2P/Napster/20010227_p2p_copyright_white_paper.html ] - for the original white paper
Peer-to-Peer question and answer forum [ http://www.eff.org/IP/P2P/Napster/20010309_p2p_faq.html ] appears here.

About the Author: Fred von Lohmann is an attorney working as a visiting researcher with the Berkeley Center for Law & Technology, a research center associated with the Boalt Hall School of Law at UC Berkeley. His current research is focused on the impact of peer-to-peer technologies on the future of copyright. He also continues to maintain a relationship with Morrison & Foerster LLP (www.mofo.com), where prior to joining the Center he was an associate with a practice concentrated on transactions and counseling involving copyright, the Internet, and information technology. His primary legal interests lie at the intersection of copyright law and the Internet, including issues relating to online music distribution and the application of the Digital Millennium Copyright Act ("DMCA") to Internet businesses. He has worked with a variety of Internet clients, including Yahoo!, Verio, Myplay, Riffage, Voquette, iUniverse.com, SpikeRadio and NBCi.

Copyright 2001