Linking in img tags from other sites

I did this once and it caused huge debate at the time. Generally I don't do this, and it is a risk doing it, but the interesting point was on the legality of it and whether judges understood how things work.

The scenario is that a copyright holder has an image on their site, maybe a cartoon or a picture or some such. It is included in their web pages, and maybe they have other text and perhaps advertising which makes the copyright holder money. All well and good.

Then a rogue site links to the image using an img tag in the html, showing the image within their web site.

There seem to be two ideas why this may not be legal.

1. Secondary infringement. There have been cases of web sites that index and link to usenet postings of illegal copies of files. The web site does not copy the files, but was found to be guilty of secondary infringement because they facilitated the access to the illegal copies.

2. Unauthorised publication of the image on the rogue web site, even though the web site does not actually do any copying.

Firstly, for the technically challenged, the way it works is the rogue web site includes a link to the image on the copyright holders web site. When someone visits the rogue web site they get the web page, and their browser automatically gets all the linked in images including one from the copyright holder's web site, and presents the page as a whole on the screen. The rogue web site does not ever actually copy the image, but can expect that the end users browser will do its stuff as normal.

So point 1: When the browser gets the rogue web page and then gets the image it asks the copyright holder's server for a copy of the image. The server sends one. One can assume that as the server belongs to teh copyright holder then it sending a copy of the image when requested makes that an authorised copy of the image. You go to a musician and say "can I have a free copy of your latest CD" and he hands it to you - that makes it an authorised, legal, copy. That means there is no primary infringement happening, it is not an illegal copy, so facilitating that copy being made by linking to it from the rogue site cannot be secondary infringement.

Point 2 is harder. The meaning of publication is clear in the print world. I am not sure what it means in the web. Even so, assuming for a moment that somehow the rogue site is considered to be a publication and even though all it has is a link it is somehow considered to be publishing the image that is linked, you have the question of whether it is an authorised publication.

Now it is worth considering how the browser gets the image. It asks the copyright holder's server for a copy of the image. But that is not all it says. It says "I would like a copy of that image please to include in rogue web page". It sends details of the page in which it is to be included with the request as a "referrer". Many web servers are in fact configured such that they do little more than just log the referrer, but it is actually there in the request. The choice of the copyright holder to ignore that information when handling the request is, well, their choice. If they choose to hand out a legal authorised copy even when told "to be included in rogue web site" surely that can be taken as making the "publication" of the image in that context authorised?

Contentious I know. Copying other people's stuff is not on. Telling someone where they can see it (legally) is allowed. This is bang in the middle where you are telling them where to see it in a way that is all automated. Why does the automation make it wrong? :-)

What is really silly is why any cases like this ever get to court. The copyright holder has total control on the image being served in this scenario. They only lose control if someone makes an illegal copy which is much more clear cut. They can deploy many techniques, some of which are stupidly simple, to ensure the image is not included in a rogue web site, including having their web server check the referrer. They can even serve a totally separate image which could be offensive (questionable if that is legal) or just has text with a suitably rude message or maybe an adverts they make money from. They have control. The rogue web site takes a huge risk if they link to someone else's image without their agreement, so it does not happen that often.

With such simple technical solutions to this, why on earth do questionable legal cases need to ever be considered by the courts?

It is much better to have nice clear cut law on this than grey areas, IMHO.


  1. A good example as to why current copyright law is not fit for purpose in the 21st century.

    Unfortunately, with the current lot in parliament (both Government and opposition, although there are pockets of sensible MPs) the only way copyright law is going to go is downhill. Just look at the Digital Economy Act and the unprecedented lobbying that accompanied it.

    Might be worth looking up the Pirate Party UK - PPUK's raison d'etre is copyright/patent reform (along with a range of civil liberties reforms)


  2. My solution is to use htaccess rules. Here's an example


    are stealing my content, so I let people know.

  3. I wonder if it is possible for the copyright holder to only license the use of the image (or whatever) when accessed within the context of their website (yes, that definition can be tightened up...).

    Then could they claim copyright on the URL of the image, and impose a restriction on the use of that URL that specifies it may not be included in other web pages? So anyone who links to that image in their web page infringes copyright - but of the URL rather than the resource itself?

    IANAL, obviously, just thinking out loud...

  4. Indeed, good point - is the URL itself copyright? It is a tricky one, and I would have though generally the URL is just too small to be considered copyright. It is something I have wondered but not otherwise seen put forward by anyone as a counter argument yet.

  5. There are no size limits on copyright, so although a URL is tiny, it might qualify as your copyright content.

    Having said that, absent statutory damages (and in http://www.legislation.gov.uk/ukpga/1988/48/contents the only statutory damages I can see is the right of seizure of infringing copies), you have a duty to mitigate your costs in as far as you reasonably can. In the case of an image being hotlinked without authority, surely you can mitigate your costs down to a limited usage charge by your provider by blocking on referrer or similar headers - or even by moving the image, updating legitimate users, and letting illegitimate users suffer?

  6. Quite - img linking only works if copyright holders permit it to work. The fact they permit it to work must surely make it an authorised use and so not an infringement anyway, but if the copyright holder does not like it why permit it!

  7. There is a difference between permitting a use and authorising a use; for example, you permit me to use your WiFi for illegal purposes if you don't secure it beyond my ability to break.

    You don't authorise that use unless you explicitly tell me I can use it for "anything" or for "${illegal use}".

    Having said that, if you are complicit in permitting a use, your first step (before you sue) is to stop permitting it to happen. Your second step is to sue for damages for the time period between when it started, and when you realised that you were permitting it in error.

    This is one of the issues ACS:Law hit up against; they could just about show that the people they were suing had permitted their internet access to be used for copyright infringement, but not that they had authorised it. The law is clear that it's authorisation that matters.

  8. Is there an analogy in the print world at all? That would help convince
    the "man on the bus".

    What if I got copies of the free paper metro, and cut out one of the
    pictures, put it on bits of paper with a humorous caption on the front
    and gave to my friends. Maybe it is a picture of a mate of mine falling
    over getting on a bus or something.

    Now, there is no copying being done. Is that a breach of CDPA? I am not

    The end result is a final composite handout and looks like you have used
    someone else's picture in your production. It is not a set of
    instructions saying "cut out this picture from the metro and stick
    here", which is the more technical approach to this. It is the final
    duck, already composed.

    Does it make it any better if you go to metro's offices and ask for 100
    copies "so I can make a humorous handout with that photo", and they
    still give you the copies? Surely if that happened then your production
    is definitely not a breach of CDPA?

  9. "The fact they permit it to work must surely make it an authorised use and so not an infringement anyway"

    So the fact that you left your front door unlocked would allow me to walk freely into your house, heading straight for your fridge?

  10. Why do peopel come up with taht bullshit?


    It is more like if someone comes to me and says "can I have a free copy of your CD" and I say "yes, here, have one".

    It is not "taking" something - it is asking the server for it. It is even saying "I want it to include in someone else's web site" and then being given it.

  11. You're still "taking" something - my bandwidth allowance.

  12. You're assuming that the request isn't served from the browser's cache. If so, then you have no control over who it's served to*

    (*Well, Vary-On: Referer would give some control, but also half-defeat the point of the caching)

  13. Ha, that one again.

    (a) The site doing the linking "takes" nothing, and "copies" nothing.

    (b) The end user uses bandwidth to ask you for an image, and you answer. You can say no. If you choose to send the image you send the image and use bandwidth. Your choice. The question does use bandwidth, though for most hosted cases the outgoing from you is all that counts as it is higher. Handling requests, even if you say no, is a consequence of having a server on the internet.

    (c) by including an image from your site on my site I cause only the image to be fetched. If, instead, I told people to go look at the image on your site by URL for the image, that is the same. If I tell them to look at your whole site, or href it, then they use more bandwidth (not less).

    By including just the image rather than referencing the page I reduce the amount of bandwidth, so the end user (not me) "takes" less of it.

    My question though was more on legality of it not whether bandwidth is used more or less.

  14. What you are saying is that lack of denial implies consent - it does not. Take my guide page as an example at the bottom it states "Unauthorized duplication prohibited" - I don't tell you what that is or is not authorised. That's not my problem; I don't need to outline what's authorised and what isn't - you need to establish that you're in the right and to do that you need to know you are authorised eg you have an email from me saying it's ok.

    On the side of bandwidth, I may also benefit via adverts served on my page if i get a visitor, if you serve my images I don;t get that to offset my costs. Indeed you may even be directly benefiting from my work if you serve ads too - or if your total hits gets you advertising revenue.

  15. Taking your examples; there are potential breaches in both.

    The first one creates a derivative work. Although no copying has taken place, you have adapted the work; unless you have permission from the copyright holder, you cannot distribute the result.

    In the second, where you go to metro's offices and ask for copies, you may still be infringing; you need to show that someone suitably authorised gave permission to distribute the final adapted work - not everyone who works for a company is able to commit the company to authorising an adapted work.

  16. Oh, and as an ISP, you *really* don't want it established in law that permitting something to happen (which can, for example, be the result of an oversight that you've now corrected, or as a result of lacking the ability to prevent it) is the same as authorising it (which, in law, means that you intended to have something to happen). If, for example, one of your customers uploads videos of child abuse for the perverted gratification of their fellow criminals, you have permitted them to do so, but I would assume that you have not authorised them to do so - they are permitted to do so as a side effect of you authorising them to use the Internet service you supply for purposes not prohibited by law.

    Right now, that has no serious consequences for you, as you merely permitted it without intending to do so. If permitting something is the same as authorising it, and said customer claims that they only created the video in order to upload it, you have just entered the realms of causing child pornography to be made, which is a world of pain all its own.


Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.

Hot tubs are expensive (again)

Yes, my hot tub is expensive. Our whole house total power consumption was, typically, 55 to 60 kWh per day. Which is a lot. I have some excu...