Should copyright liability attach to ownership of a thing — in this case, your ISP account — as opposed to your conduct? So suggests the RIAA in this case in Oklahoma. The defendant allegedly had “reason to know” of the infringement occurring via the ISP account, by virtue of the subscriber agreement between her and the ISP. This is very troubling — not only for open access wireless hotspots, but for universities and libraries, among other places.
In Capitol Record v. Debbie Foster, the defendant successfully introduced a “‘prove it was me using the computer’ defense.” The strategy may gain traction: “Although the judge in Elektra v. Santangelo declined to dismiss the labels’ infringement claims against Patti Santangelo, he doubted that ‘an Internet-illiterate parent who does not know Kazaa from a kazoo’ could be found liable for file sharing done in her house without her knowledge or consent.”
see
http://arstechnica.com/news.ars/post/20070207-8786.html
Why is this in principle any different for being held liable for what is done with your car by people you allow to drive it? Or what’s done with your phone, for that matter. Open access hotspots might be a different issue, but I don’t see why someone harmed from a home Internet account needs to play the shell game in a civil action of trying to figure out exactly which user it was.
Maybe my tort law is too rusty, but my understanding is that I’m liable for damage caused by someone else driving my car if I negligently entrusted the car to that person. “Negligent entrustment,” I think, incorporates an element of knowledge (actual or constructive) on the part of the entrust-or. Proving merely that the defendant owned the car that caused the harm isn’t enough. Suppose, for example, that my car is stolen and the thief causes an accident while driving it. Am I liable for the harm? I hope not.
You’re talking about the case where the driver is known to the plaintiff. Even there, some states hold owners vicariously liable for the acts of drivers, at least where the driver is acting within the scope of agency, or under a “family purpose” rule. That’s distinct from a negligent entrustment theory. And several states (e.g. NY and Cal.) provide by states that owners are liable for *all* negligent acts by third parties driving their vehicles with permission. See generally 8 Am. Jur. 2d (Automobiles and Highway Traffic) § 697.
But I’m talking about the situation where the driver is unknown — say, a civil suit over a hit-and-run fender-bender. I doubt the owner can walk into court and say, “Sure, it was my car. But prove who was driving it! Maybe it was me, or maybe it was my 16-year-old son, or maybe it was some thief. Until you prove who the driver was, you lose!” Cf., e.g., Robinson v. Doe, 829 So.2d 577 (La. Ct. App. 2002) (owner held liable even where car reported stolen prior to accident, where permittee failed to testify and car did not appear obviously stolen).
I had to retype this, and I forgot to include the bit that my reading of tort law is based on a quick look. Relevant cases are hard to find because the disputes these days are all about insurance coverage.
Maybe the fact that so many of the cases are about insurance coverage is a clue to what is (or should be) going on here?
Take the automobile case first, and set aside agency and “family purpose” cases (the latter sound like special applications of the former), both of which sound like straightforward applications of vicarious liability rules. What’s the rule if a thief injures someone with my stolen car? Perhaps the substantive rule is really a rule about burdens of proof: the owner might have the burden of proving that the car really was stolen, but if the owner meets that burden, then the owner avoids liability. (So knowledge is an element of the tort after all; merely owning the car isn’t enough.) That sounds like what the court was doing in Robinson. Is that right? And if so, does that allocation of the burden make sense? Perhaps — if the owner (i) is ordinarily in a good position to take steps to ensure that unauthorized people don’t drive the car — i.e., to break the causation chain that leads to the harm (true, I think, most of the time), and (2) are better able to buy insurance to cover unanticipated harm than potential victims of thieves who hit-and-run (true, perhaps, again). Are auto owners better insurers than accident victims? Sure; not only do NY and CA make the owner liable for the car, but CA and NY, also, I believe, require that the owner carry liability insurance.
How well does this idea carry over to copyright? Are owners of ISP accounts ordinarily in a good position to take steps to ensure that unauthorized people don’t use the account? (Related question: are those people better situated than anyone else to break the causation chain?) And is there an insurance market that protects that owner to the extent that protection against unauthorized access can’t be guaranteed?
I’m not sure we’re talking about precisely the same thing. It’s hard to tell from the Wired blog what exactly the argument is that’s being made. I tend to presume some exaggeration/simplification to get readers’ blood boiling on such matters. (I mean, look at the title; plus it’s Wired.) But perhaps the RIAA really is arguing that the owner of an account should be liable for all uses made of it, even if it can be definitively proven that a thief broke into the owner’s house on the date in question and used the computer without any permission (even implicit) to download songs. In that case, the automobile analogy isn’t much help.
But a much more reasonable argument can be (and perhaps has been) made in such cases. That is that the burden of proof on the home user for an “it wasn’t me” defense. Owners of residential ISP accounts are certainly in a better position than copyright owners to *know* who was using that account at any given time. And even if it turns out that the owner was not the user, the owner could still be on the hook for contributory and/or vicarious liability. An argument of potential contributory or vicarious liability for the downloading of a family member with permission to use a computer does not seem so crazy to me, at least where all the copyright owner has is a bare denial of downloading by the account owner.
If we’re only talking about use of a connection with permission, then it seems obvious that account owners are in a good position to control that. (Even if we’re talking about unauthorized use, they’re in a pretty good position to control that too, whether they realize it or not.) And as for the existence of an insurance market, I don’t see why it matters. Doesn’t liability typically come *before* the rise of an insurance market?
One obvious distinction between cars and internet connections is exposed in the case of the free wi-fi network. No one makes their car freely available for the community to use, without any check of identity or payment. That’s because cars are expensive, and scarce. Internet bandwidth is much less expensive and more widely available. So the analogy to automobiles breaks down at that point — the provider has no financial incentive (apart from liability) to know or care who is using the connection. But that doesn’t seem true in the home use case. Even if you don’t particularly care if a neighbor is using the connection, leaving it unsecured can cause you all sorts of non-copyright-related problems. Plus, I suspect most of these cases are not interlopers anyway. It’s just family members playing a sort of shell game with the rights holder, or hackee, or defamed person, or what have you.
So maybe my “burden shifting” analysis of the car case is on track. (As to relative priority of insurance and liability, I think that there’s a chicken-and-egg relationship there. In the home ISP account situation, the question probably would be whether a homeowner’s policy would cover a parent’s liability for a child’s abuse of the account. So there would be a preexisting insurance market that could be used to justify the liability.)
Do ordinary contributory/vicarious liablity rules apply to the ISP problem? Absolutely, and if the question is merely the character of the owner’s knowledge and/or control, then this isn’t much of a problem case. But (perhaps cynically, but borrowing from the judge’s order in the Oklahoma case) I read the RIAA’s argument as trying to expand the scope of secondary liability beyond the existing framework, that is, as making the owner’s knowledge all but irrelevant. Maybe the defendants are playing a shell game, but I don’t see a reason not to make the plaintiffs play by the accepted rules.
Comments are closed.