My note remains as relevant today as when I wrote it. Brad Stone at the New York Times Bits Blog is reporting that various ISPs are considering filtering the Internet traffic whose transmission they facilitate in order to police for copyright violations:
At a small panel discussion about digital piracy here at NBC’s booth on the Consumer Electronics Show floor, representatives from NBC, Microsoft, several digital filtering companies and telecom giant AT&T said the time was right to start filtering for copyrighted content at the network level.
Network-level filtering means your Internet service provider – Comcast, AT&T, EarthLink, or whoever you send that monthly check to – could soon start sniffing your digital packets, looking for material that infringes on someone’s copyright.
“What we are already doing to address piracy hasn’t been working. There’s no secret there,” said James Cicconi, senior vice president, external & legal affairs for AT&T.
“We are very interested in a technology based solution and we think a network-based solution is the optimal way to approach this,” he said. “We recognize we are not there yet but there are a lot of promising technologies. But we are having an open discussion with a number of content companies, including NBC Universal, to try to explore various technologies that are out there.”
As Orin Kerr noted, "I hope that 'open discussion' includes a frank discussion of legal liability under the federal Wiretap Act." Because, as both he and I agree, the kind of monitoring Cicconi's talking about doing isn't likely to be legal.
My note, CopySense and Sensibility: How the Wiretap Act Forbids Universities from Using P2P Monitoring Tools, 12 B.U. J. Sci. & Tech. L. 340 (2006), directly addressed this issue. Generally speaking, the Wiretap Act forbids the interception of private communications except in specific and narrow circumstances, none of which apply to universities trying to police for copyright infringement and are even less applicable to ordinary ISPs trying to do the same.
Of course, the devil is in the details. The Wiretap Act is a 1968 law that was written well before the Internet age and then significantly amended, sloppily, just before its dawn (with the 1986 Electronic Communications Privacy Act). The current statute, 18 U.S.C. 2500 et seq., is consequently encumbered with language that doesn't directly correlate to the nature of Internet technology, leaving courts to try to figure out whether and how its terms might still be applicable to it. As a result the evolving case law is a little messy, but nonetheless there is precedent to support the extension of the Wiretap Act's language to Internet communications. Which is as it should be, as the privacy interests users have in their Internet communications exist and are similarly worthy of the Wiretap Act's privacy protections as those of their telephonic communications, which the Act definitely protects.
Many people have been weighing in on this issue, including Orin Kerr and Bruce Boyden at Concurring Opinions and all the people in all the comments of all these posts. Many find this plan to filter upsetting and philosophically wrong on several levels, including because of the loss of privacy such monitoring would cause, the subjugation of private interests to large corporate interests these efforts would represent, and the practical problem raised by the fact that nearly everything that passes through the Internet is copyrighted by someone by simple virtue of it having been created, yet the ISPs have no way to know who owns the majority of it nor any way to tell whether if any of it is being transmitted with permission.
These are all significant concerns, but they become largely moot if such monitoring is on its own illegal under the Act. The problem is that because the Act's language is so befuddling, everyone's analysis of this legal question takes different tacks. People go back and forth debating whether and how the proposed filtering qualifies as using a "device" to "intentionally" "intercept" the "contents" of an "electronic communication," as per the Act's language. But what I haven't yet seen in this flurry of reaction is a specific analysis of how these terms relate to the technology of an Internet communication, which I think is necessary to do in order to be able to apply the Act to an Internet monitoring scheme such as this.
In my note this is the tack I took, first taking a look at the nature of an Internet "packet." A packet is a piece of an Internet communication. If you send an email, for instance, it will be broken down into pieces and then transmitted through the Internet separately. Each piece, or "packet," contains "layers" of information: the bit of the actual content itself and then layers of instructions that tell the hardware and software of the Internet where to send the packet and what to do with it once it arrives. In my view it's integral to look at the layered nature of Internet communications because I think the legal analysis hinges on what layer of the packet the Internet monitoring is working on.
It's particularly important when it comes to analyzing the idea of "interception." Because Internet packets pass through routers on the way to their destination, it would break the Internet if a router's capture and handling of a packet amounted to an illegal interception under the statute. But the basic operation of a router only requires looking at the address information attached to the packet; it's when a device looks at the message being sent within that packet -- its content -- that an illegal interception takes place. Which makes sense, because it's in the content of a communication where an Internet user has a privacy interest. Indeed, the whole reason for the monitoring exercise proposed by the ISPs is because they want to scrutinize and react to specific content. If users therefore want their communications to reach their destination unmeddled-with, then they'll need to ensure that they do remain private, legally obscured to parties transmitting them. Which the Wiretap Act should do.