Liability of Internet Service Providers under Law

This article is written by Sanskriti Sharma of University School of Law and Legal Studies, Intern under Legal Vidhiya

Introduction

The Internet is ubiquitous, it shadows every aspect of our cultural, social, and personal lives. The extent of the internet’s presence in our daily lives cannot be neglected, it dictates our schedules equally as we tune its services to make our lives feasible and efficient. Internet service providers are one such entity that governs our connection and relation with cyberspace. They connect individuals to the cyber world and disseminate various services linked to the internet. Primarily it includes services like website building, email services, domain registration, browser packages, etc. Often Internet service providers (ISP) are also called information service provider, Internet network service provider (INSP) or any combination of these three based on the services the company provides.

An ISP essentially allows an individual to access the internet in a demarcated geographical area through equipment and telecommunication lines. There is also the presence of myriad intermediaries, forming a structural network and responsible for catering services to the customers. For example, a hosting service provider enables an individual to create a website that shall be based on the frameworks of the “host’s” servers. Similarly, an access provider guides the consumer or recipient to the end service wherein there may be involvement of other entities and corporations. It directs and routes the services from the host to the end user. However, the ISPs are instrumental in transmitting and disseminating the content but they don’t take part in initiating or deciding on the dissemination of particular materials.

The two major services provided by an ISP are –

• Website hosting and building enable individuals and business corporations to build websites and provide space for the same purpose.
• Access provides wherein the access to individuals and corporations is controlled, monitored, and delivered by the ISPs.

The widespread presence and employment of Internet Service Providers in cyberspace makes it imperative to have legislation governing, protecting and preventing the abuse of power at the disposal of such intermediaries.

In India, the provisions relating to Internet Service Providers are specifically dealt in the Information Technology Act of 2000 which details in section 2(w) defining an intermediary as any person who on behalf of other individuals receives, stores, and transmits that particular record or provides any other services with respect to that record and includes services like online auction service, web-hosting services, online payment service, network service providers etc.

Considering the proliferation of cyberspace and its incorporation in our daily lives, the responsibilities of ISPs increase manifold. Likewise, there are myriad arenas of legal field wherein the liability of these intermediaries may emerge prospectively. This necessitates the presence of laws to curb such menace. There are primarily two approaches which are adopted while affixing liabilities on ISPs that may emerge in criminal law, copyright law, unfair competition law, trademark law, trade secret law and others. These two approaches are – Horizontal Approach and Non- horizontal Approach.

• Horizontal Approach

Under this approach one statue is applied while determining the liabilities of the Internet Service Providers. Such a liability is also affixed at one particular place. For example, a violation of an ISP relating to defamation shall be tried in accordance with the defamation laws of the land and likewise copyright violation under copyright laws. This approach is prevalent and has been adopted in countries like Germany, Japan, Sweden etc.

• Non-horizontal Approach

The non-horizontal approach differs from the horizontal approach on the basis that here the liability may be applied through more than one statute. This is contrary to a single statute determining liability as in horizontal approach. For example the copyright law would be empowered to assess the liability in copyright violations while simultaneously the defamation laws can be applied for violations relating to it. This approach has been incorporated in countries like the United States of America, Hungary, Ireland and Singapore.

Development

The issue first came under the scrutiny of the global community in the WIPO Copyright Treaty, 1996. It resulted in the updation of the existing Berne Convention by adding to it the TRIPS provisions which were already in place. This led to granting of additional rights to the authors in relation to the internet. To cover internet communication of the works, the right to make the work accessible to the public was added into the WCT. Members of the public may access the work from a location and time that they choose on their own. Two new rights – right of distribution and the right of communication to the public were explicitly stated. Additionally, it offered legal recourse in the event that the writers’ technological protections for their work were evaded. Additionally, the authors’ usage of rights management information systems for conveying their works in a digital context was given legal protection.

However due to no conclusive agreement on the extent and nature of liability of Internet Service Provider, there was no uniformity and individual countries had to intervene and make  laws on the subject for themselves

The first such attempt was undertaken by the US under the Digital Millennium Copyright Act of 1998. Furthermore the landmark case of Playboy Enterprises v. Frena.^[1]

The question of whether the electronic Bulletin Board System operator (BBS) was responsible for the actions of users who downloaded and posted the copyrighted images of the plaintiff was brought before the court. The plaintiff’s right to have copies of its work publicly distributed and shown was violated, and the court held Frena to be accountable.

The defendant argued that he had really taken the pictures down from the BBS when he got the complaint and that he had subsequently kept an eye on it to make sure no further pictures of Playboy were uploaded. On the grounds that knowledge or intention are not necessary elements of infringement, the court found the case in favour of the plaintiff.

  Liability of ISP under Indian laws

            Copyright Act, 1957

The Copyright Act of 197 was drafted without conceiving the possibility of an entity named, internet or Internet Service Provider. Hence it does not have guidelines for protection of data or work from being subjected to unauthorized usage. However, certain provisions of the act can be constructed and applied in a manner to impose liabilities on the ISPs. One such provision is section 51(a)(ii) of the aforementioned act which details instances when a work may be considered to be infringed. The reading of the section allows one to decipher two main components material for imposing the liability –

• Permits for profit
• Any place

In case of the expression ‘any place’, since the ISPs employ telecommunication facilities for storage of any material belonging to a third party, they can be held liable if found involved in infringing activities of the third party.  Since the computer servers and telecommunication possessing these materials are inevitably under the possession of the ISPs satisfying the requirements for this expression. Similarly ‘permits for profit’ is fulfilled in the operation of ISP as they often charge for the services offered by them and even in case of free of charge services, they make profits indirectly which shall fall under the head of this requirement.

Furthermore in case of Copyright Act, ISPs can only be made secondarily liable for infringement. The liability is divided into two parts – primary and secondary considering the extent of infringement. While primary infringers are made strictly liable, the liability of secondary infringers can only be accepted when there is contribution to the infringement. The expressions ‘not aware’ and ‘had no reasonable ground for believing’ in section 51(a)(ii) thereby limits imposing secondary liability on ISPs as it is based on knowledge of infringement.

Information Technology Act, 2000

In the context of the Information Technology Act, no classification of ISPs has been attempted or undertaken. They have been limited to be identified by expression network service providers and limited to this term alone with no regard for what function is executed by an ISP in the network of intermediaries. This in turn, makes it hard to impose liability based on specific actions of the ISP as all of them are awarded the same responsibility despite the magnitude of erroneous act differing. Hence, categorization of ISPs becomes essential and necessary in the process of finding their liability. 

The term network service provider finds space in section 79 which defines it as an intermediary. Furthermore, an intermediary has been defined as one who is involved on behalf of another person in receiving, storing or transmitting a message or providing any service with respect to that message. 

As per the act, the ISPs are not liable as long as –

• Their function is limited to providing access to the communication system
• They are not involved in –
  • Initiating transmission
  • Selecting the receiver of the transmission and,
  • Selecting or modifying the information contained in the transmission
• They adhere to the guidelines and exercise diligence required on their part  

Moreover, there exist presence of two circumstances where the liability of Internet Service Providers can be excused or exempted

• Lack of knowledge

To hold the ISP responsible under Section 79 of the IT Act, 2000, knowledge of the illicit contents is crucial. If it can be shown that the ISP was not aware of the content transmitted via its servers and through this it can escape liability. However, the ISP must take the necessary steps to remove or deactivate any infringing material if it is informed that it is being stored on or passed via servers. Otherwise, it risks being held accountable.

• Observing due diligence

Section 79 of the Act requires ISPs to exercise “due diligence” to avoid liability for infringing material passing through their servers. This requires actual knowledge or a breach of duty of care. The scope of the claim is a complex issue, as it is not possible to fully verify and assess the legality of all files. ISPs are not responsible for the transmission of infringing material through their servers unless they are aware of it. If an ISP encounters particularly suspicious circumstances, it may be subject to a duty of care to investigate more closely whether the material it hosts or to which it refers is illegal and, if so, to block access.

However, due to lack of concrete laws and provisions for determining the liability of the ISPs, there is a need to review and revise the laws.

Case Laws

1. SMC Pneumatics India Pvt Ltd. v. Jogesh Kwtara^[2]

It was Asia’s first case concerning cyber defamation filed in 2001. In this case, the accused Jogesh Kwatra, an employee of the plaintiff company began sending defamatory emails to his employers and the company’s various subsidiaries around the world. The plaintiff then submitted a statement a permanent injunction restraining the accused from publishing such defamatory remarks. The Delhi High Court allowed ex parte ad interim proceedings, in that case, an injunction stating that the plaintiff had established a prima facie case and sent a preliminary inquiry the defendant to send such comments.

2. Avnish Bajaj v. State^[3]

Also known as the DPS MMS scandal, it included the respondent, Anvish Bajaj’s company baazee.com posting an offer from an IIT Kharagpur student, and Ravi Raj posting on the website lewd and obscene offers. Though the material was posted for a short duration of just two days, the Crime Branch of Delhi took notice of the matter and prepared an FIR. Later a charge sheet showing Avnish Bajaj, Ravi Raj, and Sharat Digumurati as the accused was released. 

Conclusion

In India, the present scenario reflects the inadequacy of measures to make ISPs liable for their negligence and breach of duty towards the consumers. Adding worries to the woes are the ambiguous and ineffective laws which provide an excuse to the internet service providers for shrugging off their liabilities in serious matters. There needs to be an urgent need for reforms in the legal system to ensure accountability of the intermediaries and to deal with their liability in cases of copyright infringement.

References

1. Liability of Internet Service Providers, IGNOU, https://egyankosh.ac.in/bitstream/123456789/7674/1/Unit-13.pdf, last seen on 17/04/2023
2. S. 51(a)(ii), Copyright Act, 1957
3. S. 79, Information Technology Act, 2000

---

^[1] Playboy Enterprises, Inc. v. Frena, 839 F. Supp. 1552 (1993)

^[2] SMC Pneumatics India Pvt Ltd. v. Jogesh Kwtara, CS(OS) No. 1279/2001, Delhi High Court

^[3] Avnish Bajaj v. State, (2005) 3 CompLJ 364 Del