policy@edu
Will
Colleges and Universities Become Cybercops?
Garret Sern, EDUCAUSE policy staff
As
colleges and universities seek to provide ubiquitous Internet access
and other network services for their faculty and students, service provider
liability comes to the forefront as a major technology policy topic.
Your institution will likely be presented with a liability issue sometime
soon, if it has not already.
In recent years
some confusion has arisen about whether colleges and universities fall
within the same category as commercial Internet Service Providers (ISPs).
The precise answer to that question depends on the regulatory and legislative
context. The line of analysis used by the Federal Communications Commission
for ISPs is long and tortured and is influenced by a historical separation
between enhanced service providers and telecommunication carriers (a
model endangered somewhat by Internet Protocol telephony). Meanwhile
Congress has for the most part defined ISPs very broadly. In general,
colleges and universities appear likely to be swept in with other service
providers in any legislation that seeks to affect ISPs.
Two recent congressional
actions showcase how colleges and universities may find themselves either
(1) receiving beneficial protections from liability or (2) being increasingly
drawn into the legal morass of this new communications medium. Both
pieces of legislation define the category of network service providers
broadly: colleges and universities that provide Internet services appear
to fall within the universe of ISPs affected by the legislation.
Service
Provider Liability and the DMCA
Title II of the
recently enacted Digital Millennium Copyright Act (DMCA) includes infringement
liability exemptions for online service providers (OSPs). The definition
of "online service provider" in the context of the OSP copyright liability
is extremely broad: "a provider of online services or network access,
or the operator of facilities therefor."
Specifically, the
DMCA exempts a service provider from any legal liability for copyright
infringement conducted by customers using its network as long as the
service provider "does not have actual knowledge that the material or
an activity using the material on the system or network is infringing"
and, "upon obtaining such knowledge or awareness, acts expeditiously
to remove, or disable access to, the material."
The new law and
regulations do not require service providers to monitor their networks
for infringing material. The law requires only that the providers have
a contact person and a mechanism in place to comply with "takedown"
requirements on receiving written notification -- from a copyright owner
or the owner's authorized designated agent -- that copyright infringement
has occurred.
The U.S. Copyright
Office recently released a notice of public inquiry intended to solicit
public comment on the current system and is expected to issue a ruling
on permanent procedures for taking advantage of the liability protection
provisions in Title II of the DMCA. In the interim, the Copyright Office
requires service providers to take certain steps to be eligible for
the liability exemptions contained in Title II of the DMCA. A service
provider must designate an agent who will receive notifications of claimed
infringement. This information must be supplied to the Copyright Office
(along with a $20 fee) and must be posted on the service provider's
Web site. The service provider must also develop and post a policy for
terminating accounts of repeat offenders and must provide network users
with information about copyright laws.
Given the DMCA's
all-encompassing definition of "online service provider," one might
have expected that educational institutions would be rushing to register
with the Copyright Office in order to insulate themselves from lawsuits.
However, this has not been the case. As of April 1999, roughly 272 colleges
and universities had registered their service provider agents with the
Copyright Office for notification of claims of infringement.
Members of the
higher education community have voiced a number of concerns about this
registration requirement. Does registering with the Copyright Office
as a service provider stick a regulatory label on colleges and universities,
opening them up to more regulations and possible taxation? In a university
system, do individual campuses and schools need to register? What about
potential privacy issues arising from the practice of terminating the
violating faculty and student Internet accounts? Some state universities
have also voiced concern that registering with the Copyright Office
would void the current liability protections granted to public institutions.
Institutions that
have registered or plan to register, or are concerned about registering,
should keep in mind that these are only interim regulations. After studying
public comments on this matter, the Copyright Office will issue final
registration regulations (most likely requiring another fee). In the
meantime, consult your local counsel if your institution is concerned
about the collateral ramifications of registering with the Copyright
Office as an ISP.
Deputizing
Internet Providers
The somewhat passive
designated role of service providers under the DMCA does not mean that
future Internet legislation will follow similar lines. The recent reintroduction
of legislation in Congress to render most forms of Internet gambling
illegal may be the first of future Internet laws and regulations requiring
service providers to take a more active role in assisting law enforcement.
The Internet Gambling
Prohibition Act of 1999 requires service providers to assist law enforcement
within the realm of what is "technically and economically feasible."
This not only would entail terminating accounts of subscribers found
in violation of the act but also would require blocking access to Web
sites or taking other measures designated by a court order.
The National Collegiate
Athletic Association expressed its support for this bill at a Senate
hearing last March. Most of the higher education community, however,
is concerned that this latest congressional proposal is far too vague
in setting forth what is "reasonably" expected of service providers.
As Congress attempts
to craft laws in response to social dilemmas wrought by rapidly changing
technologies, it will likely continue to use sweeping and somewhat vague
language. Unless that elusive "technological fix" is produced to render
such laws unnecessary, service providers -- including colleges and universities
-- will likely be expected to play some role in hindering illegal activities
conducted on the Internet. The higher education community will not be
the only population to benefit if Congress is well educated about the
technical and practical boundaries faced by ISPs when they are expected
to help enforce the law.
