Just how easy is it to censor speech on the web under current copyright laws? Apparently, it's not very difficult to do. The Bits of Freedom group, a non-profit Dutch digital rights advocacy organization, recently completed a study to show how easy it is to compel ISPs to disable a customer's web site. They opened an account with 10 different Dutch ISPs and uploaded text from the famous author Multatuli, from 1871. The text stated that the work belonged to the public domain (Multatuli died in 1881, 117 years ago). They then created a fake society to act as the copyright holder and sent take down notices to all the ISPs from a Hotmail e-mail account. 7 of the 10 ISPs took the site down without even having looked at the site. 1 ISP forwarded the customer's information to the fake plaintiff, even though that information was never asked for. In all cases, the customer was informed, but few ISPs sent the full complaint to the customer, and gave only a very short amount of time to the customer to reply. One ISP gave the customer only 3 hours to respond before it removed the material. Only one ISP requested verification of the fake plaintiff's identity because of the dubious hotmail e-mail address.
This experiment was similar to one done a year ago by researchers at the Oxford Centre for Socio-Legal Studies. This one consisted of one account with a US ISP, and one with a UK ISP. The UK ISP removed the material within 24 hours. The US ISP insisted the fake plaintiff declare to act in good faith. It seemed the US ISP was willing to remove the material had the fake plaintiff done so, as there was no indication the ISP had even looked at the site.
The difference, the Oxford researchers noted, was probably due to the differences in the service provider liability provisions betweeb the US and the UK. The EU Directive exempts providers from liability if they have no knowledge of the alleged infringement, or if they do know, then they must act expeditiously to remove it. In the US, DMCA Section 512 contains the safe harbor provisions for ISPs - the provider must not know of the alleged infringement or must block the content upon receipt of the complaint and inform the customer, and if the customer gives counter notice, the ISP must put back the content after 10-14 days. This section also requires plaintiff and customer act in good faith, and that the customer's identification can only be obtained with a subpoena.
On the one hand, ISPs shouldn't bear the burden of verifying the copyright status of a work everytime they receive a take down notice. They get thousands of these, and it would be a huge burden on ISPs. Nor are their employees equipped to do so even if they only get a few of these on occasion; many of their staff that handle these matters do not have a grasp of copyright basics. For US providers, under DMCA 500(g)(1), however, ISPs will not have liability to the customer for removing the content in good faith. So knowing that they will not have liability to the customer, and facing possibly huge liabilities to the copyright holder if they fail to remove the alleged infringing materials immediately, their first reaction is to remove the content first, subject only to notice and counter notice procedures. The notice procedures seem highly inadequate because many ISPs will only give the customer 24-48 hours to respond.
It's interesting to note that the one ISP in the Bits of Freedom study that forwarded the customer's identity violated the EU Directive, because the safe harbor provision only allows ISPs to reveal consumer's data without the user's permission to a third party only for criminal investigations or national or public security, and then only when necessary and appropriate. The EU Directive is big on privacy, but perhaps not as big on freedom of speech under US laws. It's a bit scary, however, to learn that speech can be chilled relatively easy with just Hotmail account. While ISPs shouldn't be heavily burdened, allowing them to just remove content with very little checks in place seems like too high a price to pay in the free speech arena. A better balance needs to be found. The Bits of Freedom study suggested that there needs to less liability risk for ISPs but we would require them to leave the content alone and to remove the content only under narrow circumstances, such as immediate danger or proven financial damages to the copyright owner. ISPs should also not have liability (for not removing the alleged infringing content) if a court ultimately determines the customer committed copyright infringement. This balance makes much more sense. It would eliminate the current situation where prank or frivolous take down notices can cause the censorship of valuable free speech materials.