Decentralized web technologies have the potential to make the internet more robust and efficient, supporting a new wave of innovation. However, the fundamental technologies and services that make it work are already being hit with overreaching legal threats.
Exhibit A: the Interplanetary File System (IPFS). IPFS operates via a “distributed hash table,” essentially a way to look up the number (or “hash”) corresponding to a given file and see which network locations have chosen to offer the file. Using the hash, a machine then learns where to request the file from, and then retrieves it in pieces from those locations. IPFS gateways in particular perform these functions on behalf of a user who tells it what hash to retrieve the file for. It’s a conduit, like a traditional proxy server, virtual private network, or ISP.
Our client, computer scientist Mike Damm, offers a free IPFS gateway. He doesn’t control how people user it or what files they access. But a company called Jetbrains insists that that Mr. Damm could be liable under Section 1201 of the Digital Millennium Copyright Act because JetBrains’ lawyers are allegedly able to use his gateway to request and retrieve software keys for Jetbrains software from the IPFS network.
We were glad to have the opportunity to set them straight.
Section 1201 is a terrible law, but it doesn’t impose liability on a general-purpose conduit for information. First, a conduit does not fall into any of the three categories of trafficking under Section 1201: its primary purpose is not circumvention, it has extensive other uses, and it is not marketed for circumvention. Second, Congress has expressly recognized the need to protect conduits from legal risk given their crucial role in supporting the basic functioning of the internet. In Section 512(a) of the DMCA, Congress singled out conduits to receive the highest level of safe harbor protection, recognizing that the ability to dispose of copyright claims at an early stage of litigation was crucial to the operation of these services. It would be absurd to suggest that Congress granted conduits special immunity for copyright claims based on third party activity but then, in the same statute, made them liable for pseudo-copyright Section 1201 claims.
The DMCA has serious flaws, but one thing Congress got right was protecting basic infrastructure providers from being liable for the way that third parties choose to use them. This is in line with longstanding legal principles whereby courts require plaintiffs to target their complaints towards the individuals choosing to misuse general-purpose services, rather than assigning blame to service providers.
Deviating from this rule could have extinguished the internet in its infancy and threatens to do the same with new information technologies. As always, EFF stands ready to defend the open web.