A few weeks ago a judge ordered Cox Communications to pay a $25 million settlement to BMG, the music rights company. This come from a trial last year where a jury decided that Cox was guilty of allowing their customers to pirate BMG music over the web. This ruling is a dangerous precedent in that it holds an ISP liable for behavior of its subscribers – something that should scare all ISPs.

The case has some unusual facts. BMG hired Rightscorp to monitor the Internet for illegal file downloads of BMG music. Rightscorps sent numeous infringement notices to Cox that it wanted forwarded on to customers. These notices told customers that they had done an illegal download of BMG copyrighted material and gave customers the ability to immediately resolve the issue by sending $30 to Rightscorp.

Cox thought these notices smacked of extortion and refused to forward the notices directly to customers. Instead Cox decided to use the same policy as most large ISPs called a three strikes test, meaning that they will disconnect a customer that has been given several notices about illegal downloads. But the suspicion has always been that the big ISPs are somewhat spotty about enforcing copyright violations and don’t want to turn off paying customers.

Cox ended up blocking 1.8 million notices that Rightscorp was trying to directly send to Cox customers, and Cox largely did nothing with those notices. Cox was found guilty by a jury, and the judge set the high penalty because Cox had not done enough to enforce the copyrights of BMG.

Cox was relying on a legal strategy called ‘safe harbor’ where they would have no liability as long as they were using a reasonable set of procedures to stop music piracy. But the judge quickly pierced the safe harbor protection by saying that Cox did not do as much as they should have done to protect BMG.

This case was certainly complicated by the unsavory tactics of Rightcorps. What’s to say that all of those customers actually had violated copyright? But the bottom line is that Cox was held responsible for the supposed music piracy of their customers. That ruling that has to concern every ISP, because this is bound to open up the floodgates of similar suits and similar tactics. And who knows where this stops? Customers can engage in all sorts of illegal activities other than copyright violations.

It’s really hard for an ISP to know what to do following this decision. One strategy would be to just pass on every notice of copyright infringement. The problem with that idea is there is likely to a bunch of scammers that will copy the tactics of Rightscorps but with no real claims against customers. ISPs don’t want to get into the middle of potential scams.

ISPs could also develop and enforce tighter policies against customers that repeatedly download pirated material. The danger of that approach is that the ISP could end up ‘convicting’ a customer with no real proof that they violated copyright. This has been one of the factors that have made ISPs uneasy about getting tough on this.

Finally, I guess ISPs could do deep packet inspection to see what their customers are doing. But most ISPs don’t want to do that. And even if ISPs try this, the FCC is contemplating customer privacy rules where customers can opt out of being tracked or followed by the ISP.

So Cox and other ISPs face a dilemma. We know that the biggest ISPs have all been involved in this issue. I would love to hear from any smaller ISPs who have been involved in copyright issues and that might want to share their experience.