Can your internet provider be held liable for what you download? That’s the question the Supreme Court will wrestle with on December 1, when it hears Sony Music Entertainment v. Cox Communications – a case that could reshape how the internet handles copyright enforcement.
Back in May 2024 I wrote about the Fourth Circuit’s February 2024 decision in this case, breaking down the court’s divergent rulings on vicarious and contributory liability. Now the stakes have gotten even higher. The Supreme Court has agreed to hear Cox’s appeal, and the case has attracted an unusual ally: the U.S. Solicitor General, whose brief warns that the Fourth Circuit’s approach threatens universal internet access.
The Case in Brief
Cox Communications is one of the largest ISPs in the United States. Sony and other record labels sent Cox hundreds of thousands of infringement notices identifying subscribers who used peer-to-peer networks to trade copyrighted songs. The labels argued Cox knew certain customers were serial infringers but failed to disconnect them, preferring to keep collecting subscription fees. A jury agreed and awarded a record $1 billion in damages.
The Fourth Circuit split the verdict. It reversed the finding of vicarious liability, holding that Cox’s flat-fee model meant it earned the same revenue whether subscribers infringed or not – therefore Cox received no “direct financial benefit” from infringement. But it affirmed contributory liability, finding that Cox knew specific subscribers were repeat infringers and continued providing them internet service, which materially contributed to the infringement.
Because the jury’s award didn’t distinguish between the two theories, the court vacated the entire damages and remanded for a new trial on contributory infringement alone. Cox appealed this decision to the Supreme Court.
What’s Before the Supreme Court
Cox argues the Fourth Circuit fundamentally misread copyright law. The company points to the Supreme Court decisions in Sony v. Universal (the 1984 “Betamax case”) and MGM v. Grokster (2005), both holding that secondary liability requires intentional encouragement or inducement of infringement – not mere knowledge that a service could be misused. Cox’s central theme can be summarized as: “We sell internet access, not infringement.”
Importantly, the U.S. Solicitor General agrees with Cox. The government warned that the Fourth Circuit’s rule cannot be reconciled with precedent and would threaten universal internet access. If ISPs face liability simply for knowing users might infringe again, they’ll over-enforce – cutting off schools, libraries, and households based on unverified accusations.
Sony sees it differently. The labels argue Cox wasn’t a neutral conduit but made a calculated business decision: it received hundreds of thousands of specific notices yet chose to keep subscribers connected to preserve revenue. This isn’t passive knowledge – it’s complicity. They also point to Cox’s allegedly ineffective repeat infringer policy, which Sony claims was designed to retain revenue rather than stop infringement.
Why Didn’t the DMCA Control This Case?
Normally, Internet providers like Cox are protected by the Digital Millennium Copyright Act (DMCA), which gives online services a “safe harbor” from liability for their users’ infringement. To qualify, an ISP must adopt and reasonably enforce a repeat infringer policy – in other words, it has to disconnect customers who repeatedly violate copyright law after proper notice.
Cox, however, lost that protection years ago. In an earlier case the Fourth Circuit found that Cox had a policy on paper but didn’t actually enforce it. Internal emails showed that employees routinely reinstated known infringers to keep their monthly payments coming. That decision disqualified Cox from the DMCA’s safe harbor for the period covered in the Sony lawsuit. BMG Rights Management v. Cox (2018).
As a result, this case proceeded outside the DMCA framework, under the older, judge-made rules of secondary copyright liability – the doctrines of contributory and vicarious infringement. The Supreme Court is now being asked to decide how far those doctrines can reach when the statutory safe harbor no longer applies.
However, both sides know that if the Court sees Sony v. Cox as a one-off “Cox-was-a-bad-actor” case, the Court may decide it narrowly, or dismiss the broader policy concerns. The parties have worked hard to frame the case as not an edge case, arguing that there is industry-wide noncompliance with the safe harbor and that the case has cross-industry implications far beyond Cox.
What’s Next
The Court hears arguments on December 1, with a decision expected by June 2026.
If the Court accepts Sony’s theory – that an ISP can be contributorily liable simply for continuing to provide internet access to a subscriber after receiving infringement notices – the decision would push secondary liability far beyond the Sony/Grokster framework. Cox warns that this effectively creates a “two-notices-and-terminate” rule, forcing ISPs to cut off entire households, dorms, hospitals, and even downstream networks based on a small number of unverified accusations. Cox argues that this approach conflicts with Grokster which requires intentional, affirmative conduct to support liability; merely supplying multi-use communications infrastructure to the public on uniform terms, it argues, cannot be a culpable act.
A ruling for Sony would reverberate beyond broadband. Cloud hosts, campus networks, content delivery networks (such as Cloudflare and Akamai), and payment processors – all of whom receive automated copyright notices – would feel pressure to over-terminate users to avoid the inference that they “purposefully” facilitated infringement. The DMCA’s safe-harbor regime, which contemplates reasonable repeat-infringer policies, would become secondary to a broader judge-made duty to disconnect first and ask questions later. In that scenario, copyright enforcement would move deeper into the internet’s basic plumbing, reshaping how infrastructure providers manage risk and potentially constraining access for lawful users across entire networks.