Who's liable for cyberwrongs?

Research output: Contribution to journalArticlepeer-review


The Internet has provided new opportunities for wrongdoers and novel challenges for law enforcement. Frustrated by the relative anonymity of users, plaintiffs and law enforcers have increasingly sought to hold Internet Service Providers (ISPs) liable for their users' misconduct. Yet, legal analysis of ISP liability is balkanized, confining itself to particular doctrinal contexts, thus obscuring common issues underlying all instances of ISP liability. This Article rectifies this shortcoming by developing a new framework for evaluating ISP liability: the incentive-divergence thesis. Because the incentives of ISPs diverge from those of their users, subjecting ISPs to full liability would produce excessive censorship of Internet communication. Legal responses to this risk of excessive censorship should therefore be tailored to the market's ability to align ISPs' incentives with those of their users. The Article proposes three distinct strategies for imposing ISP liability: combining strict ISP liability with scaled-down penalties, regulating the ISP-subscriber interface, and imposing negligence-based liability. The Article also illuminates several existing legal puzzles: the peculiar doctrine of vicarious infringement and its application in the Napster case, the regulation of ISP liability under the new Digital Millennium Copyright Act, and the optimal liability regime for illegal sales on auction sites.

Original languageEnglish
Pages (from-to)901-957
Number of pages57
JournalCornell Law Review
Issue number4
StatePublished - 2002


Dive into the research topics of 'Who's liable for cyberwrongs?'. Together they form a unique fingerprint.

Cite this