The promise of Internet intermediary liability.

• Author: Mann, Ronald J.

INTRODUCTION I. THE INTERNET AND MISCONDUCT A. The End-to-End Structure of the Internet B. Internet Actors 1. Primary Malfeasors 2. Internet Intermediaries a. ISPs b. Payment Intermediaries c. Auction Intermediaries C. Existing (Fault-Based) Liability Schemes II. LIABILITY WITHOUT FAULT: INTERNET INTERMEDIARIES AS GATEKEEPERS A. The Basic Premise 1. The Nature of Gatekeeper Liability 2. Gatekeeper Liability and the Internet B. Variations on the Theme C. A Framework for Analysis III. APPLICATIONS TO SPECIFIC TYPES OF CONDUCT A. Dissemination of Content 1. Trafficking in Contraband and Counterfeit Products a. Targeting Auction Intermediaries b. Targeting Payment Intermediaries 2. Internet Gambling a. Targeting ISPs b. Targeting Payment Intermediaries 3. Child Pornography a. Targeting ISPs b. Targeting Payment Intermediaries 4. Internet Piracy B. Breaches of Security 1. Lack of Strong Intermediaries 2. Market Incentives Already Exist CONCLUSION ABSTRACT

The Internet has transformed the economics of communication, creating a spirited debate about the proper role of federal, state, and international governments in regulating conduct related to the Internet. Many argue that Internet communications should be entirely self-regulated because such communications cannot or should not be the subject of government regulation. The advocates of that approach would prefer a no-regulation zone around Internet communications, based largely on the unexamined view that Internet activity is fundamentally different in a way that justifies broad regulatory exemption. At the same time, some kinds of activity that the Internet facilitates undisputedly violate widely shared norms and legal rules. State legislatures motivated by that concern have begun to respond with Internet-specific laws directed at particular contexts, giving little or no credence to the claims that the Internet needs special treatment.

This Article starts from the realist assumption that government regulation of the Internet is inevitable. Thus, instead of focusing on the naive question of whether the Internet should be regulated, this Article discusses how to regulate Internet-related activity in a way that is consistent with approaches to analogous offline conduct. The Article also assumes that the Internet's most salient characteristic is that it inserts intermediaries into relationships that could be, and previously would have been, conducted directly in an offline environment. Existing liability schemes generally join traditional fault-based liability rules with broad Internet-specific liability exemptions. Those exemptions are supported by the premise that in many cases the conduct of the intermediaries is so wholly passive as to make liability inappropriate. Over time, this has produced a great volume of litigation, mostly in the context of the piracy of copyrighted works, in which the responsibility of the intermediary generally turns on fault, as measured by the intermediary's level of involvement in the challenged conduct.

This Article argues that the pervasive role of intermediaries calls not for a broad scheme of exoneration, premised on passivity, but rather for a more thoughtful development of principles for determining when and how it makes economic sense to allocate responsibility for wrongful conduct to the least cost avoider. The Internet's rise has brought about three changes that make intermediaries more likely to be least cost avoiders in the Internet context than they previously have been in offline contexts: (1) an increase in the likelihood that it will be easy to identify specific intermediaries for large classes of transactions, (2) a reduction in information costs, which makes it easier for the intermediaries to monitor the conduct of end users, and (3) increased anonymity, which makes remedies against end users generally less effective. Accordingly, in cases where intermediaries can feasibly control the conduct, this Article recommends serious attention to the possibility of one of three different schemes of intermediary liability: traditional liability for damages, takedown schemes in which the intermediary must remove offensive content upon proper notice, and "hot list" schemes in which the intermediary must avoid facilitation of transactions with certain parties.

Part III of this Article uses that framework to analyze the propriety of intermediary liability for several kinds of Internet-related misconduct. This Article is agnostic about the propriety of any particular regulatory scheme, recognizing the technological and contextual contingency of any specific proposal. Because any such scheme will impose costs on innocent end users, selecting a particular level of regulation should depend on policymakers' view of the net social benefits of eradicating the misconduct, taking into account the intermediaries' and innocent users' compliance costs associated with the regulation. Still, the analysis of this Article suggests three points. First, the practicality of peer-to-peer distribution networks for the activity in question is an important consideration because those networks undermine the regulatory scheme's effectiveness, thereby making regulation less useful. Second, the highly concentrated market structure of Internet payment intermediaries makes reliance on payment intermediaries particularly effective as a regulatory strategy because of the difficulty illicit actors have in relocating to new payment vehicles. Third, with respect to security harms, such as viruses, spam, phishing, and hacking, this Article concludes that the addition of intermediary liability in those cases is less likely to be beneficial because market incentives appear to be causing intermediaries to undertake substantial efforts to solve these problems without the threat of liability.

INTRODUCTION

To think about the role of law in electronic commerce is to consider the balance between government regulation and freedom of action in the private sector. Juxtaposing that balance with the Internet's commercialization in 1994 and its rapid growth since then presents an unusually dynamic policy problem. In her book Ruling the Waves, Debora Spar portrays the problem aptly, arguing that society's reactions to important discoveries follow a cyclical historical pattern. (1) Using examples that start with the fifteenth century reign of Prince Henry, "the Navigator of Portugal," and continue through the rise of the Internet in the twentieth century, she discerns four phases through which the society that exploits those discoveries commonly passes: innovation, commercialization, creative anarchy, and rules. (2) The phase of innovation is the flash point of discovery. Morse's invention of the telegraph provides an example. (3) The phase of commercialization is the phase in which pioneers, or pirates, depending on your perspective, move into the new area seeking to exploit its potential. For example, Spar discusses the pirates who exploited the newly discovered Atlantic trade routes in the seventeenth century. (4) The phase of creative anarchy is the phase when the needs of ordinary commerce come into tension with the theretofore freewheeling spirit of the new frontier. (5) Spar's best example of that phase is from the early years of radio broadcasting, when competing and wholly unregulated radio stations broadcasted on overlapping frequencies, thereby making any station difficult for listeners to hear. (6) The final phase, the rules phase, follows ineluctably as the commercial enterprises unable to suppress anarchy on their own call upon government intervention as the best vehicle to bring order and profit to the wild frontier. (7)

Using that framework, the Internet is in the midst of the third phase. Numerous examples exist of early actors whose businesses have provided a major impetus for the Internet's growth. A set of legal rules also exists that have granted those actors broad freedom of action or exempted them from rules that govern analogous conduct outside cyberspace. Consider, for example, the immunity the Communications Decency Act (CDA) (8) and the Digital Millennium Copyright Act (DMCA) (9) granted Internet Service Providers (ISPs), the protection from new taxation the Internet Tax Freedom Act granted, (10) the rise of unregulated peer-to-peer music sharing, and the lack of regulation of person-to-person payment providers.

Each of those instances, however, has been associated with a growing backlash of pressure, as parties, who perceive that those exemptions disadvantage them, seek the establishment of more rigorous regulatory regimes. That backlash is a primary indication that an industry has developed to the point where regulation is appropriate. This Article considers how to implement regulatory regimes that are better suited for the Internet context. (11) The basic problem is that although the Internet undeniably has brought increased efficiency to American firms, eased communication among distant friends, and changed how we shop, book travel arrangements, and provide and enjoy entertainment, it also affords the same ease of communication, increased efficiency, and, importantly, anonymity for those who prefer to use those advantages to violate the law. Legal reactions to one pervasive violation, the Internet-based piracy of copyrighted works, have been especially vigorous, perhaps because that activity poses a serious threat to an entrenched industry scared of losing its grasp over its only asset--copyrighted works. Countless numbers of reporter and law review pages have been devoted to finding ways to prevent Internet piracy. Nevertheless, Internet piracy continues and promises to recover from its recent dip, (12) as software developers and users adapt and evolve to avoid the legal regime's current attempts to control their activities.

Piracy is not this Article's focus, in part because the eradication of piracy would require an exercise more in...