There are a few things to be concerned about here. The first is that an company which has shown a desire to pursue aggressive litigation to eliminate its intellectual property from the web now has access to identifying information of each person who is actually responsible for the infringement, at least on YouTube. The record industry, which has long since passed this phase and gone on to directly suing its customers en masse, has already proved that IP addresses are all it needs to extract substantial sums of money from people on peer-to-peer networks. So far, they've had to track down uploaders on an individual basis and would consider this ready-made list of tens of millions of people who have uploaded their property a veritable bonanza, and potentially a lucrative revenue source. People who have uploaded copyrighted content to YouTube should be especially worried by the decision. Like any web site or ISP, YouTube is considered an "interactive computer service", under section 230(c)(1) of the Communications Decency Act, the so-called "safe harbor" provision, which immunizes such service providers from the illegal actions of their users, subject to a few caveats. This law is the legal foundation for all web sites featuring user contributions, including this one. It's why I can't be sent to prison if someone posts a terrorist training video in the comments of my blog, and why YouTube has so far managed to avoid criminal and civil liability. The text of this section is simple and clearly written:

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

It has been cited in a number of decisions including(from Wikipedia):

• Chicago Lawyers' Committee For Civil Rights Under Law, Inc. v. Craigslist, Inc. 519 F.3d 666 (7th Cir. 2008) (CDA immunity applied to Craiglist on Fair Housing Act claims based on discrimination in postings);
• Doe v. MySpace, 474 F.Supp.2d 843 (W.D. Tex. Feb. 13, 2007) (social networking site immune from negligence and gross negligence liability for failing to institute safety measures to prevent sexual assaults of minors and failure to institute policies relating to age verification);
• Delfino v. Agilent Technologies, 145 Cal. App. 4th 790 (2006), cert denied, 128 S. Ct. 98 (2007) (An employer who provides employees with internet access through employers' internal computer is immune from state tort claims arising from the wrongful actions of an employee using that access);
• Barrett v. Rosenthal, 40 Cal. 4th 33 (2006) (individual internet user immune as a "user of interactive computer services" from liability for republication of defamatory statement);
• Batzel v. Smith, 333 F.3d 1018 (9th Cir. 2003) (website operator immune for distributing email sent to listserv);
• Carafano v. Metrosplash.com, 339 F.3d 1119 (9th Cir. 2003) (Internet dating service provider was entitled to Section 230 immunity from liability stemming from third party's submission of false profile);
• Ben Ezra, Weinstein & Co. v. America Online, 206 F.3d 980, 984-985 (10th Cir. 2000), cert. denied, 531 U.S. 824(2000) (no liability for posting of incorrect stock information);
• Blumenthal v. Drudge, 992 F. Supp. 44, 49-53 (D.D.C. 1998) (AOL has Section 230 immunity from liability for the content of an independent contractor's news reports, despite agreement with the contractor allowing AOL to modify or remove such content);
• Gentry v. eBay, Inc., 99 Cal.App.4th 816, 830 (2002) (CDA immunity applied to eBay for claims based on forged autograph sports items purchased);
• Kathleen R. v. City of Livermore, 87 Cal.App.4th 684, 692 (2001) (city immune under § 230 from liability for public library's providing computers allowing access to pornography to a minor under state law claims);
• Doe v. America Online, 783 So.2d 1010, 1013-1017 (Fl. 2001), cert. denied, 122 S.Ct. 208 (2000) (CDA applied to state claims of negligence based on "chat room marketing" of obscene photographs of minor by third party);
• Zeran v. AOL, 129 F.3d 327 (4th Cir. 1997) (immunity applied to claim that AOL unreasonably delayed in removing defamatory messages posted by third party, failure to post retractions, and failure to screen for similar postings)

The only reason that Viacom has put forth so far on why YouTube should be exempt from this law is that the infringement in question takes place on a "massive scale". However, there's no exemption in the law for scale, and besides, several of the cases where safe harbor has been successfully invoked involved crime on a very large scale indeed. So it seems likely based on the available precedent that Viacom will not prevail. But maybe, by getting this list, they already have.

Users uploading videos to are *not* immune, in fact they have almost certainly broken the law by distributing copyrighted materials. The fines for this crime (which was written with physical media in mind) are usually per-copy distributed. If Viacom does elect to sue individuals, and the courts find that each download counts as a distribution, the potential liability for a single popular video could be in the millions. It may seem surreal to expect an industry to start suing people who enjoy its product and promote it by sharing it with others, but a few years ago, it would have been just as surreal for record industry trade groups to sue 20,000 music lovers in three years. The second thing to be concerned about is the fact that Google even has such a database. Call me naive, but I find it a little alarming that Google has a list of every video I've *ever watched* on YouTube I don't have anything to hide, but I value my privacy and keeping tabs on media consumers to such detail is unprecedented. Their privacy policy makes it clear that every click you make on the site is recorded. This shouldn't be surprising, as Google/YouTube makes its money via advertising, and watching what you do very carefully is a good way to offer you more targeted, and hence valuable, advertisements. That said, this sort of targeting could be done with less than a complete database of all activity. Google defends against its critics by saying that, like Willy Wonka's chocolate, no human eyes ever touch this data; all advertising choices are made by a computer. Now that the database is out of their hands, Augustus Gloop has fallen in the river, and they can no longer keep their promise.

By maintaining this database, Google has thrown its users, who are the sole reason for its 168 billion value, straight under the bus. They must have known that someone would get their hands on this list eventually, and by greedily hoarding every scrap of data they could manage, they've exposed their users to immense liability. I use YouTube regularly, though not for uploading, but as a result of this decision I plan to curtail my use significantly. I also am considering selectively blocking google's advertisements across the entire web in protest. There's not much else I can do, other than try to make others aware.

Google needs to be know that people care about being surveiled online. If their business rests on this, so be it, but they must try as hard as they can to limit the persistence of data gathered and make it much more clear what they are doing. The way companies behave in these formative years of the internet and how the legal system responds will be a model for how the industry works for years to come. Let's try to make it work in the people's interests for once.