The laws that currently govern speech and copyright online are the result
of a delicate balance that was reached between a number of competing
interests and considerations. These laws have allowed ISPs and Online
Service Providers (OSPs) to foster a dynamic ecosystem of speech,
entertainment, and debate without fear of legal liability for the actions
of users online.

If the federal government imposes a mandate requiring ISPs to filter
traffic in search of copyright violations or otherwise encourages or
condones the act of filtering, this delicate balance will be disrupted.
The protections that innovators and citizens have relied on in building
the Internet ecosystem would be substantially weakened if not outright
eliminated. More troubling, such legislation would undermine current
legal and constitutional protections for speech and free expression.
Below, we discuss the existing laws with which a copyright filtering
mandate would conflict.

I. Mandatory Copyright Filters Would Impose an Unconstitutional Burden on
Free Expression, Contrary to the Principles of Copyright Law

Regardless of how it is accomplished, content filtering will interfere
with citizens’ ability to communicate online. No matter what type
of technology is used, no filter will be capable of determining if a
communication is authorized, fair use or infringing. As a result,
copyright filters will always be overinclusive when blocking online
speech. Thus, copyright filters will inevitably interfere with and
suppress completely legal forms of speech and expression online. While
such interference is worrisome when practiced by a private company, it
may well be unconstitutional if imposed by government mandate.

Under the law, a copyright owner is never granted complete control over a
copyrighted work.^[98] Limitations on and exceptions from copyright keep
copyright law from conflicting with the First Amendment rights of
citizens. Fair use and other limitations such as the requirement of
originality, the idea/expression dichotomy, and the doctrine of thin
copyright^[99]
allow for free expression including protected forms of speech like parody
and criticism. As the Supreme Court has explained, “Copyright
… does not impermissibly restrict free speech, for it grants the
author an exclusive right only to the specific form of expression …
and it allows for ‘fair use’ even of the expression
itself.”^[100]

A fair use of a copyrighted work is therefore protected free speech.
Proponents of copyright filtering suggest that the filtering of
copyrighted material would be a straightforward and entirely legal
process. However, the nuances of copyright law make distinguishing
between a lawful and infringing use of a piece of copyrighted content
challenging even for courts. As such, no filtering technology, no matter
how advanced, will ever be able to make fair use determinations with 100
percent accuracy. And as courts have held, no law should “allow any
copyright owner, through a combination of contractual terms and
technological measures, to repeal the fair use
doctrine.”^[101] Because a use labeled by a filter as
“unauthorized” is not necessarily an illegal use, no
automated system should be allowed to give the desires of a copyright
holder priority over the First Amendment. Furthermore, a government
mandate requiring copyright filtering might also run afoul of case law
governing prior restraint, which states that speech cannot be
preemptively censored, except in extenuating circumstances (i.e. issues
of national security).^[102]

As discussed in the technological analysis section of this paper,
copyright filters are not only overinclusive—they will also be
underinclusive. As we have seen, today’s filters have proven
ineffective at stopping even moderately sophisticated infringers. And
there is no indication that future filters will be able to overcome this
technological shortcoming. As a result, a government mandate that ISPs
filter for copyright infringement would substantially interfere with free
speech and non-copyrighted content while providing little or no benefit
to copyright holders to justify this constriction of First Amendment
rights.

By virtue of their technological limitations, copyright filters will
inevitably block some protected forms of speech while allowing some
infringement. The simultaneously overinclusive and underinclusive nature
of filters will ultimately result in unconstitutional restrictions on
free speech, just as other government attempts to block access to
objectionable web sites have in the past.^[103] Therefore, we can conclude that a
government copyright filtering scheme that fails to specifically
accommodate fair use is unlikely to be constitutional.

II. Copyright Filtering Could Undermine the Safe Harbor Provisions
Granted to ISPs Under the Digital Millennium Copyright Act (DMCA)

Currently, the Digital Millennium Copyright Act offers ISPs certain safe
harbors from copyright infringement liability for activity which occurs
over their networks.^[104] It is not hard to understand the value of this
protection to an ISP, and to service providers in general. If ISPs could
be held liable for every infringement perpetrated by their customers,
they would be exposed to a flood of lawsuits from the sound recording,
motion picture and software industries. And unlike with individual
infringers, ISPs are easy to find and likely to have the resources to pay
a judgment and are therefore, attractive targets for lawsuits (suing
individuals has proven to be a time- and cost-intensive activity that is
unlikely to result in a significant financial recovery^[105]).

These ISP safe harbors under the DMCA are not the result of a happy
accident. During the process of drafting of the DMCA, Congress was
convinced of two points—first, that effectively monitoring every
bit that travels through an ISP’s network was not technologically
feasible^[106]
and second, that if ISPs were forced to monitor their networks, that
requirement would effectively cripple the nascent Internet.^[107]

Congress ultimately determined that limiting the liability of ISPs would
ensure “that the efficiency of the Internet [would] continue to
improve and that the variety and quality of services on the Internet
[would] continue to expand.”^[108] Essentially, Congress decided to allow ISPs
to develop viable business models, fearful that the specter of liability
could, in the words of one commentator, “virtually halt American
participation in the emerging information society.”^[109] Today’s
Internet is a testament to the wisdom of that decision. It is hard to
imagine any common activity on the Internet today—be it making a
comment on a news site, posting a photograph on a social networking site,
or perusing indexed links on a search engine site—that has not
benefited from the DMCA safe harbors.

In order to qualify for the safe harbor provisions, an ISP has to meet a
certain set of requirements, which are outlined in the DMCA. The first of
these requirements is that all material that travels over the network
must be “initiated by or at the direction of a person other than
the service provider.”^[110] In layman’s terms, this means that the ISP
must act as a simple conduit through which data travels—any
transaction that takes place on the network must be initiated by someone
at the edge of the network—either a client or a server—but
may not be initiated by someone who sits in the middle of the network. If
an ISP implemented a copyright filter, that ISP could, arguably, become
an active participant in the chain of transmission, making decisions
about what data to transmit and what data to discard. Instead of merely
passing a bit of data along, the ISP would inspect, categorize, and
possibly interrupt, delay or discard that bit of data. In so doing, the
ISP could potentially be disqualified from the DMCA’s safe harbor
protections and therefore, would be exposed to liability for any
infringement that takes place over its network.

Filtering similarly jeopardizes the second requirement that an ISP must
meet in order to qualify for DMCA safe harbor protection. This
requirement states that the transmission of data must occur
“through an automatic technical process without selection of the
material by the service provider.”^[111] This use of the word
“selection” is not further clarified in the statute, creating
an open question as to what degree of filtering would qualify as
“selection”. Depending on the level of sophistication of the
prioritization process, certain packet management techniques could be
interpreted as constituting a “selection” of material. If an
ISP could be described as actively selecting what material is allowed to
travel over its network, its safe harbor protection would be jeopardized.
Furthermore, this selection process could quickly rise to the level of an
“editorial function” (i.e. choosing to prioritize
data from a preferred source over a non-preferred source), which is
likely to disqualify an ISP from DMCA safe harbor
protection.^[112]

In establishing the safe harbor provisions in the DMCA, Congress
recognized that in order for the Internet to thrive, ISPs would need to
be shielded from liability for their users’ actions. Given that any
filtering technology that actively inspects the content that flows over
an ISP’s network may eliminate that ISP’s ability to claim
protection under the DMCA’s safe harbors, it should be clear that
any government mandate that requires or condones copyright filtering by
ISPs would undermine the safe harbors on which today’s Internet was
built.^[113]

III. ISPs That Engage in Packet Inspection Risk Violating the Electronic
Communications Privacy Act (ECPA)

The Electronic Communications Privacy Act (ECPA) extended traditional
wiretap privacy protections to include communications between
computers.^[114] In passing this Act, Congress recognized that
private communications that take place on a computer network deserve the
same sorts of protections traditionally granted to communications that
take place over voice networks. Congress also extended these protections
to other types of private communications, including email.^[115]

Specifically, ECPA prohibits the interception of electronic
communications by those not party to the communication. Intercepting the
packets of Internet users, whether for copyright filtering or other
purposes, would certainly seem to implicate the statute. Even when law
enforcement agencies in the course of their duties wish to intercept
communications, the government must justify to a neutral third party why
a specific intrusion of privacy is necessary.^[116] While the standards of proof that
the government must meet in order to intercept private communications
vary, under no circumstance is the government authorized to examine all
communications in the hope of stumbling upon evidence of illegal conduct.

A commercial enterprise possesses even less justification for warrantless
and unwarranted surveillance of private communications.^[117] Nor does it seem
likely that any of the exceptions provided within ECPA allow an ISP to
inspect all of its customers in order to pass judgment on the
desirability or legality of their communications. While a provider may
engage in activity “necessary incident to the provision of service,
or to the protection of the rights or property of the provider of that
service,” this exception would not apply to an ISP seeking to
enforce an outside party’s rights. The exception exists to preserve
the ability of a network to operate, not to give free reign to a carrier
to act as arbiter of its users’ content. In order to make use of
this exception, a provider must show a “necessary incident,”
or at the very least, a “substantial nexus,” between the
monitoring and the protection of the provider’s rights and
property.^[118]
Nor would fine print or a clickthrough EULA seem to suffice for the
purposes of consent to wiretapping. The necessary amount of notice for
consent to wiretapping may be far higher than for consent in ordinary
contract terms.^[119]

Since such exceptions would likely not apply to ISP filtering, we are
left with the fact that a filtering ISP would be unlawfully intercepting
electronic communications between citizens, a violation of the
intricately constructed wiretap laws.

Allowing ISPs to filter all communications for potential copyright
infringement would turn this finely calibrated system on its head.
Congress would be permitting private parties to engage in
privacy-violating activities that it elsewhere explicitly prevents
private actors and government agencies alike from conducting. If ISPs
were authorized to engage in copyright filtering, the end result would be
a massive invasion of the privacy of all Internet users, carried out by
those few, privileged gatekeepers through whom U.S. web traffic passes.

^[98] Exclusive
rights “do[] not give a copyright holder control over all
uses.” Fortnightly Corp. v. United Artists, 392 U.S. 390,
393 (1963).

^[99] “Thin
copyright” refers to the lower level of copyright protection for
compilations of fact. The doctrine was first explained by the Supreme
Court in Feist Publications, Inc. v. Rural Telephone Service Company,
Inc. 499 U.S. 340 (1991).

^[100]
Eldred v. Ashcroft, 537 U.S. 186, 197 (2003).

^[101]
Chamberlain Group, Inc. v. Skylink Technologies, Inc., 381 F.3d
1178, 1202 (Fed. Cir. 2004).

^[102] Near
v. Minnesota, 283 U.S. 697 (1931).

^[103] CDT
v. Pappert, 337 F. Supp. 2d 606 (E.D. Pa. 2004).

^[104] 17
U.S.C. § 512(a).

^[105] See,
e.g., Capitol Records Inc. v. Thomas, 579 F. Supp. 2d 1210.
(D. Minn. 2008).

^[106]
SeeCopyright Protection on the Internet: Hearings on H.R.
2441 – The NII Copyright Protection Act of 1995 Before The
Subcommittee on Courts and Intellectual Property of The House Committee
on the Judiciary, 104th Cong. (1996) (statements of Stephen M.
Heaton, General Counsel and Secretary, CompuServe Incorporated and Scott
Purcell, Commercial Internet eXchange Association).

^[107]
Ibid.

^[108] S. Rep.
No. 105-190, at 8 (1998)

^[109]
Copyright Protection on the Internet: Hearings on H.R. 2441
– The NII Copyright Protection Act of 1995 Before The Subcommittee
on Courts and Intellectual Property of The House Committee on the
Judiciary, 104th Cong. (1996) (statements of Stephen M. Heaton,
General Counsel and Secretary, CompuServe Incorporated).

^[110] 17
U.S.C. § 512(a)(1).

^[111] 17
U.S.C. § 512(a)(2).

^[112] S. Rep.
No. 105-190, at 42 (1998).

^[113]
“Has AT&T Lost its Mind?,” Slate, January 16,
2008 (http://www.slate.com/id/2182152).

^[114] SeeP. L.
99-508, 100 Stat.1848.

^[115] See 18
U.S.C. §2701-11.

^[116] See18
U.S.C. § 2710 (15) and § 2711(2).

^[117]
Controversy surrounding ISP use of DPI for advertising purposes raised
the question of ECPA violations by ISPs and their ad network partners.
See, e.g., Center for Democracy and Technology, An Overview
of the Federal Wiretap Act, Electronic Communications Privacy Act, and
State Two-Party Consent Laws of Relevance to the NebuAd System and Other
Uses of Internet Traffic Content from ISPs for Behavioral
Advertising, July 8, 2008 (http://www.cdt.org/privacy/20080708ISPtraffic.pdf)
(commenting on the likelihood of ECPA violations by NebuAd and other
DPI-based advertising systems).

^[118]
Id. at 5; Paul Ohm, The Rise and Fall of Invasive ISP
Surveillance, U. Ill. L.R. (forthcoming 2009) (manuscript at 69-71),
available at http://ssrn.com/abstract=1261344 (detailing the
high bar providers must meet to avail themselves of the “protection
of rights and property” exception).

^[119]
Id. at 72-73.