Internet hosting services

One of the roles that Internet Service Providers (ISP) perform is Internet hosting, a service that “hosts” or stores content for customers. This storage is accomplished either directly on the ISP’s network or, more usually, by offering a hosting service for entire third-party websites or platforms. If hosted directly on the ISP’s network, the ISP itself has administrator access to the site and can, if necessary, take the content down or block access to it.

In offering hosting services to others, an ISP may offer its customers storage space and development tools, so users can create their own web space on the ISP servers. The service may allow users to physically locate their own servers in the ISP-hosting facility, or it may simply enable high-bandwidth connectivity for a remotely located server. The references to ISPs in this chapter refer to ISPs that offer hosting services, although many other specialist companies offer just hosting.

Internet hosting services may be technical, automatic and passive if the ISP’s activity is limited to storing content at users’ direction. If the ISP plays a more active role in the selection, arrangement and presentation of content to users, however, the legal treatment of that ISP’s conduct is different. As with Internet transmission services considered in the next chapter, hosting services often represent only one of several functions in which a typical ISP is engaged; many ISPs fall into more than one category. Obviously, a wide range of legitimate uses exists for such services, but criminals and others also use these same services for the illicit sale and distribution of counterfeit and pirated products.

5.1.1 Infringement on Internet hosting services

Infringers use hosting services for counterfeiting and piracy in multiple ways, as described in the two preceding chapters. This chapter focuses on how non-compliant sites use hosting providers’ services. It also considers situations when the host can require its

customers to take steps against infringement or, indeed, to stop servicing those customers. The sites considered are those that may store data and then offer unauthorized copies of copyrighted works directly on the service providers’ servers. (See Figure 12) Other Internet users can copy them (“download sites”) or listen and watch them in real time (“streaming sites”). Some may actively store infringing material on a cyberlocker and then “post” a link to this infringing material on a forum, blog or dedicated site allowing users to download or stream it (“link sites”).

Films, 35.8% Television Programmes, 8.5% Books, 2.6% Other, 23.6%

Figure 12: Infringing items

genuine brand websites to fool consumers into purchasing goods that are only slightly less expensive than the genuine products. These sites regularly change the host provider and the domain names they use, making it particularly difficult to determine who is running the site.

In some cases, the host provider itself has been found to be targeting cheap services to those who are intentionally making infringing material accessible to the public or for sale. The level of involvement of service providers in such illegal activity has been found in a few cases to be quite substantial. In these cases, the service provider fails to meet the conditions for the limitations on liability reserved for an intermediary that acts only as a hosting-provider. The provider is deemed a principal or accessory actor in the illegal activity and becomes liable for the infringement either directly or under secondary liability concepts.

5.1.2 Current approaches to the problem

Internet hosting services have greater technical control over the servers and services on which third parties’ data or files are stored than the ISP access and transmission services considered in the next chapter. This is why many hosting services are engaged in programs to remove or block access to infringing material or offers hosted on their servers. Typically, they take action after receiving a notice or otherwise gaining knowledge that particular infringing activity is taking place on their services.

In many cases, host providers cannot technically “take down” individual items of infringing content, as they do not have the necessary access rights. In such cases, host providers do have the ability to terminate Internet service to the offending customers or servers. This ability is inherent in their businesses, so hosting services need to discharge their responsibilities by enforcing their terms of service so their clients run compliant sites. Rights holders, therefore, expend a great deal of effort in sending notices to the sites and services hosted by the hosting provider, requesting takedown of the illegal content or link.

Notice and takedown

Most hosting providers’ terms of service require their clients to comply with the country’s legal framework, including the following conditions: a notice and takedown policy on each client’s site; expeditious removal of content following a notice or when clients otherwise become aware of infringing material on their site; and a repeat infringer policy for their website. In many cases, hosting providers simply request that rights holders send individual notices to the contacts on their clients’ sites.

Where hosting providers work more closely with rights holders, they can be notified about the nature and operation of their clients’ sites or services. Once notified about the infringing nature of the whole site, the hosting provider must enforce its terms of service, requiring that the site remove all infringing content. Failure to respond to the notice would risk the loss of the hoster’s safe harbor protection. As sites are generally unwilling to comply, they

tend to move to another provider if they hear about these protective actions.127

Over time, relationships are developing between hosting sites and rights holders to

streamline this process. Infringing sites and services have migrated to far-flung jurisdictions and uncooperative hosting providers. While many hosting providers have provided their clients’ contact details, at least following a court order, some hosting services are unwilling to provide accurate customer contact details. This lack of cooperation has been the subject of continued litigation, particularly in the Netherlands.

In extremely urgent cases, such as when sporting events are being streamed live from a customer’s server, direct requests drive many hosting services to comply in disabling such streams directly. Increasingly, rights holders and law enforcement are notifying the hosting providers of sites and services each time a notice is sent to the individual site. This increased transparency regarding infringements by their customers enables hosting

providers to see patterns of behavior. They can measure compliance with their terms of service and make more well-informed decisions about the risk of their customers’ activities. While hosting providers are regularly notified when they are hosting infringing sites, the hosting service providers may be uncooperative, especially if they are located in far-flung jurisdictions. It should be clear that such providers lose the benefit of any safe harbor from liability at such points, and government-to-government interaction should follow where safe havens are emerging.

5.1.3 Suggested best practices

In the same way that landlords need to maintain tenant controls to guard against illegal business practices on their premises, so Internet hosting providers should effect appropriate due diligence controls to address and minimize misuse of their services.

1. Establish due diligence controls by Internet hosting providers to address and minimize misuse of their services. Controls should include, at minimum, obtaining adequate and accurate identification and contact information including, under appropriate circumstances, true name and street address so that the provider can enforce its terms of service, and rights holders can directly address infringement. 2. Develop, promote and enforce clear terms of service and acceptable use policies

that prohibit infringing activity and deny hosting services to clients engaging in infringing activity. Terms should also be consistently enforced, and services should cooperate—through information sharing in accordance with applicable law— with law enforcement in investigations and takedown operations of repeatedly infringing websites.

3. Encourage the development of reliable and transparent risk indexing services.

These services would determine the likelihood of infringing material on a given site, with the goal to incorporate such services into customer due diligence checks. Also institute clear policies for dealing with clients once infringing activities are discovered.