Much of the burgeoning success of Internet-based business has been attributed to a fairly robust safe harbor offered to those businesses for claims arising out of the activities of their users. For example, federal laws are in place to protect service providers against claims based on their users' slanderous and libelous acts, or their users' infringements of another's copyright. Generally speaking, as long as the Internet business sets up a few simple policies and follows some basic procedures, the business can extract itself from litigation and leave it to the user and the allegedly harmed party to battle it out.

More recently, those safe harbors have come under increased scrutiny or outright attack, and businesses which depend on them should be monitoring the developments to ensure that risks are known and planned for. Some courts have crafted nuanced exceptions to the safe harbors, such as one decision that allowed a housing discrimination claim to be brought against a web site operator on the grounds that the operator's providing a drop-down list of genders made the operator complicit in the third-party advertiser's discriminatory housing advertising. Other courts are hearing cases involving allegations of large-scale copyright infringement, where the copyright owners are more or less claiming that the scale of the infringement alone is good cause to completely remove the safe harbors and make the sites liable for their users' infringements.

Other attacks on the safe harbor principles are more direct. In Europe, where the safe harbors were created somewhat similarly to the U.S., recent court cases have almost explicitly rejected the principles where a famous trademark holder was upset with the selling of counterfeit items on an online auction site. (The almost identical facts in another case subject to U.S. law, against the same auction site, has so far been found in favor of the auction site.) Moreover, there are active attempts to legislate European laws that would require internet operators to actively police for copyright infringement on their systems rather than residing in the safe harbor of being 'mere conduits' like the telephone company. Even if liability is still ultimately avoided, those policing efforts could add significant costs to those businesses, and would likely require new infrastructure as well as new insurance to cover the risk of failing to perform the duties adequately. We may well see efforts in the U.S. to implement similar costs and duties on Internet businesses.

As we sit today, the safe harbors for U.S.-based businesses are still fairly robust, at least so long as the attack is subject to U.S. law. Still, the field is shifting, and complacency is not called for even within the U.S. Businesses which seek business from across the national border, and thereby likely subject themselves to non-U.S. jurisdiction, would do well to analyze their practices in light of those other countries' laws, since what might be safe in the U.S. may well be a significant risk in other countries.

-- Originally published in Larkin Hoffman's IP/Tech Buzz.