GitHub jeopardizes its DMCA safe harbor status by launching its new policy

GitHub has baked in some feelgood to its new DMCA takedown policy. The new setup features clearer language, a refusal to automatically disable all forks of an allegedly infringing repository, and a 24-hour window in which the target of a takedown notice may make changes. The mechanisms of this third point ought to cause one to consider whether GitHub is risking the protections of the DMCA safe harbor.

If a DMCA takedown notice alleges that only certain files (as opposed to the whole repository) infringe, under the new policy, GitHub “will contact the user who created the repository and give them approximately 24 hours to delete or modify the content specified in the notice.” If the user makes changes to the repository, the burden shifts back to the sender of the DMCA notice. This shifing-the-burden-back seems problematic under the DMCA.

GitHub’s policy says:

If the user makes changes, the copyright owner must review them and renew or revise their takedown notice if the changes are insufficient. GitHub will not take any further action unless the copyright owner contacts us to either renew the original takedown notice or submit a revised one. If the copyright owner is satisfied with the changes, they may either submit a formal retraction or else do nothing. GitHub will interpret silence longer than two weeks as an implied retraction of the takedown notice.

The DMCA protects a party in GitHub’s position so long as the party “responds expeditiously to remove, or disable access to, the material that is claimed to be infringing upon notification of claimed infringement”. Read that provision carefully — the response must be to take down, not merely take steps to work with the alleged infringer to make it right. GitHub’s new mechanism of interpreting silence as a retraction is not an expeditious removal of or disabling access to allegedly infringing material. Nothing in the DMCA requires the sender of the takedown notice to have to ask twice.

You’ve got to hand it to GitHub for trying to make the world a better place through this new policy. The intended net effect is to reduce the number of instances in which entire repositories are taken down simply because of a few allegedly infringing files. But GitHub is putting something of great value, namely, its DMCA safe harbor protection, at risk.

Many copyright plaintiffs look for every possible angle to pin liability. You can almost be certain that a copyright owner will challenge GitHub’s safe harbor status on the ground that GitHub did not respond expeditiously. It seems odd GitHub would be willing to toss a perfectly good affirmative defense. One would think the better approach would be to go ahead and take the repository down after 24 hours, rather than leaving it up and risk a finding on “non-expeditiousness”.

Related:

Microsoft letter to GitHub over DRM-free music software is not the first copyright-ironic action against an intermediary

Evan Brown is an attorney in Chicago advising clients on matters dealing with copyright, technology, the internet and new media.

DMCA’s protection of copyright management information applied to non-electronic works

The Digital Millennium Copyright Act (DMCA) provides safe harbors from copyright infringement liability for online service providers (17 U.S.C. 512) and makes it unlawful to circumvent technological measures that effectively control access to copyrighted works (17 U.S.C. 1201). A lesser-known (and lesser-litigated) provision of the DMCA (17 U.S.C. 1202) makes it illegal to intentionally remove or alter any copyright management information or to distribute copies of works knowing that copyright information has been removed or altered without authority of the copyright owner or the law. “Copyright management information” includes information conveyed in connection with copies of the work, such as the title and the name of the author.

A recent case from federal court in Florida considered whether this regulation of copyright management information in the DMCA applies only to electronic works intended for distribution over the internet, or whether it applies to more traditional works such as hard copy technical drawings. The court interpreted the DMCA broadly to apply to all kinds of works, whether on the internet or not.

Plaintiff alleged that defendant violated the DMCA by distributing copies of plaintiff’s drawings “knowing that [plaintiff’s] name had been removed therefrom and/or that another entity’s name had been added thereto.” Defendant argued that plaintiff failed to state a claim for a violation of the DMCA because the DMCA only applies to “technological” infringement. Defendant cited to Textile Secrets Intl’l, Inc. v. Ya–Ya Brand, Inc., 524 F.Supp.2d 1184 (C.D.Cal.2007), which found that § 1202(b) “was [not] intended to apply to circumstances that have no relation to the Internet, electronic commerce, automated copyright protections, or management systems, public registers, or other technological measures or processes as contemplated in the DMCA as a whole.” To read it otherwise, the court in that case reasoned, would contradict the “legislative intent behind the DMCA to facilitate electronic and Internet commerce.”

In this case, however, the court noted that other courts, focusing on the plain language of the DMCA, have held differently, and approved the DMCA’s application to non-technological contexts. See Murphy v. Millennium Radio Group LLC, 650 F.3d 295 (3d Cir.2011); Agence France Presse v. Morel, 769 F.Supp.2d 295 (S.D.N.Y.2011). Although in this case, as in Murphy, the legislative history of the DMCA was consistent with defendant’s interpretation, it did not actually contradict it. Instead, Section 1202(b) simply established a cause of action for the removal of, among other things, the name of the author of a work when it has been conveyed in connection with copies of the work.

So the court, as it found it was required to do, considered the statute’s plain meaning before it considered its legislative history. Under that analysis, it held that plaintiff’s allegations were sufficient to a state a claim for violation of the DMCA.

Roof & Rack Products, Inc. v. GYB Investors, LLC, 2014 WL 3183278 (S.D. Fla. July 8, 2014)

Evan Brown is an attorney in Chicago advising clients on matters dealing with copyright, technology, the internet and new media.

Must a service provider remove all content a repeat infringer uploaded to qualify for the DMCA safe harbor?

459px-Enjoy_Don't_DestroyDoes an online service provider forfeit the safe harbor protections of the Digital Millennium Copyright Act if, when terminating the account of a repeat infringer, it does not delete all content the repeat infringer uploaded — infringing and noninfringing alike? A recent decision involving the antique internet technology Usenet sheds light on an answer.

Active copyright plaintiff Perfect 10 sued Usenet provider Giganews for direct and secondary liability for hosting allegedly infringing materials on the Giganews servers. Giganews asserted the safe harbor of the DMCA (17 U.S.C. 512) as an affirmative defense. Perfect 10 moved for summary judgment on whether the safe harbor applied – it argued that the safe harbor did not apply, Giganews argued that it did. The court denied Perfect 10’s motion.

Perfect 10 asserted that Giganews had not reasonably implemented a policy to terminate the accounts of repeat infringers as required by 17 U.S.C. 512 (i)(1)(A). One of the arguments Perfect 10 made was that Giganews did not reasonably implement its repeat infringer policy because Giganews terminated the accounts of the infringers but did not also delete all the content the infringers had uploaded.

The court was not persuaded that § 512(i)(1)(A) requires a service provider to disable or delete all content a repeat infringer has ever posted. The plain language of the statute requires “termination … of subscribers and account holders,” not the deletion of content. And because a requirement of taking down all content, not just infringing content, would serve no infringement-preventing purpose, the court held that there was no justification for reading such a requirement into the statute.

Perfect 10, Inc. v. Giganews, Inc., — F.Supp.2d —, 2014 WL 323655 (C.D.Cal. January 29, 2014)

Court refuses to help author who was victim of alleged bogus DMCA takedown notices

Author and her publisher disagreed on the content of two of the author’s new books. (As an aside, this author is very prolific — she alleges that she publishes a new book every two weeks!) So rather than deal with publisher, author self-published the works on Amazon. Publisher sent DMCA takedown notices to Amazon, with which Amazon complied. Author sued publisher under Section 512(f) of the DMCA, which provides penalties against senders of DMCA takedown notices that knowingly materially misrepresent claims of infringement. She sought a temporary restraining order (TRO), asking the court to instruct publisher to tell Amazon to make the works available.

The court denied the TRO motion. It found that author had failed to show she would suffer irreparable harm if the works were not put back on the market. In the court’s view, author failed to show how a temporary delay in sales would affect her reputation or goodwill.

The case presents an interesting issue concerning a party’s right to send a DMCA takedown notice. Author alleges that her agreement with publisher provided she owns the copyright in her works, and that publisher merely has a right of first refusal to publish any “sequels” to her previous works. So if what author is saying is true, that publisher does not have a copyright interest in the books but merely a contract interest, she stands a good chance, ultimately, on her 512(f) claim.

Flynn v. Siren-BookStrand, Inc., 2013 WL 5315959 (September 20, 2013)

Court rules against Ripoff Report in copyright case

Xcentric Ventures, LLC v. Mediolex Ltd., 2012 WL 5269403 (D.Ariz. October 24, 2012)

Plaintiff Xcentric Ventures provides the infamous Ripoff Report, a website where consumers can go to defame complain about businesses they have dealt with. Defendant ComplaintsBoard.com is a similar kind of website.

Ripoff Report’s Terms of Service provide that users grant Ripoff Report an exclusive license in the content they post to the site. Based on this right, Xcentric sued various defendants associated with ComplaintsBoard for “encourag[ing] and permit[ing] consumers to post content that has been exclusively licensed to Xcentric.”

Defendants moved to dismiss the copyright infringement claim, asserting they were protected by the safe harbor provision of the Digital Millennium Copyright Act (“DMCA”). The court granted the motion to dismiss, but not because of the DMCA.

DMCA Analysis

The safe harbor provision of the DMCA states that a “service provider shall not be liable for monetary relief” if all of the following requirements are met:

(1) it does not have actual knowledge that the material on its network is infringing;

(2) it is not aware of facts or circumstances that would make the infringing activity apparent;and

(3) upon obtaining knowledge or awareness of such infringing activity, it acts expeditiously to remove or disable access to the copyrighted material.

In this case, Xcentric alleged that defendants actively “encouraged and permitted” copyright infringement by ComplaintsBoard users. The court held that this allegation, if taken as true, could be sufficient to preclude defendants from taking advantage of the DMCA’s safe harbor provisions.

But the court went on to hold that Xcentric had failed to state a copyright claim on which relief may be granted.

Secondary Liability Insufficiently Pled

Xcentric did not allege that defendants directly infringed copyright. Instead, it alleged that by encouraging and permitting users to copy and republish material, ComplaintsBoard was engaged in secondary infringement — either vicarious or contributory infringement.

To state a claim for contributory copyright infringement, Xcentric had to plead that ComplaintsBoard had knowledge of the infringing activity and induced, caused, or materially contributed to the infringing conduct of its users. The court found that Xcentric had not alleged any facts that would lead to a reasonable inference that defendants knew of their users’ republishing Xcentric’s copyrighted content or that defendants had induced, caused, or materially contributed to such republication.

To successfully plead vicarious infringement, Xcentric had to show that defendants had the right and ability to supervise the infringing activity and also had a direct financial interest in those activities. The court found that Xcentric had not put forward enought facts to show that defendants had the right and ability to supervise the infringing activity.

DMCA takedown notices are not just for content

Apple using the DMCA to stop early sales of iOS 6.

The infamous Digital Millennium Copyright Act takedown process gets quite a bit of press when content owners such as movie studios and record companies use it to take infringing copies of films or music offline. The safe harbor provisions of the DMCA are at the heart of content-distribution platforms’ defenses against infringement occasioned by users of the platform. (Think Viacom v. YouTube.)

Apple reminds us, however, that the DMCA gives all copyright owners — not just those who own copyrights in content — a mechanism for getting infringing works off the internet. According to this piece on Engadget, Apple has been contacting hosting providers of sites that offer unauthorized copies of the forthcoming iOS 6 for sale.

So the DMCA, acting in the name of copyright protection, provides a remedy for software providers to keep the clamps on parties who may have access to software for their own use (in this case, iOS developers) but go outside the bounds of such use and offer the technology for sale to others.

Social media legal best practices: some problems and solutions with uploading photos and tagging people

Facebook, Flickr, 500px and mobile sharing applications such as Instagram have replaced the hard copy photo album as the preferred method for letting others see pictures you have taken. Now photos are easy to take and easy to share. This easiness makes a number of legal questions potentially more relevant.

Embarrassing photos

Let’s be honest — every one of us has been in photos that we do not want others to see. It may be just bad lighting, an awkward angle, or something more sinister such as nudity or drug use, but having a photo like that made public would cause embarrassment or some other type of harm. Sometimes the law affords ways to get embarrassing photos taken down. To the same extent the law can help, the one posting the embarrassing photo puts himself at risk for legal liability.

Invasion of privacy. If someone takes a picture of another in a public place, or with a bunch of other people, the subject of the photo probably does not have a right of privacy in whatever he or she is doing in the photo. So the law will not be helpful in getting that content off the internet. But there are plenty of situations where the subject of a photo may have a privacy interest that the law will recognize.

  • “Intrusion upon seclusion,” as its name suggests, is a legal claim that one can make when someone has intentionally intruded — physically or otherwise — upon their solitude or seclusion. Surreptitiously taken photos of a person in her own home, or in a place where she expected privacy (e.g., in a hotel room or dressing room) would likely give rise to an unlawful intrusion upon seclusion.
  • “Publication of private facts” is another form of invasion of privacy. A person commits this kind of invasion of privacy by publishing private, non-newsworthy facts about another person in a way that would be offensive to a reasonable person. Posting photos of one’s ex-girlfriend engaged in group sex would be considered publication of private facts. Posting family pics of one’s nephew when he was a kid would not.

Photoshop jobs

Some people enjoy using Photoshop or a similar advanced photo editing application to paste the head of one person onto the body of another. (Reddit has an entire category devoted to Photoshop requests.) This can have drastic, negative consequences on the person who — through this editing — appears to be in the photo doing something he or she did not and would not do. This conduct might give rise to legal claims of infliction of emotional distress and defamation.

Infliction of emotional distress. We expect our fellow members of society to be somewhat thick-skinned, and courts generally do not allow lawsuits over hurt feelings. But when it’s really bad, the law may step in to help. One may recover for infliction of emotional distress (sometimes called “outrage”) against another person who acts intentionally, and in a way that is extreme and outrageous, to cause emotional distress that is severe. Some states require there to be some associated physical harm. A bride who sued her photographer over the emotional distress she suffered when the photographer posted pictures of her in her underwear lost her case because she alleged no fear that she was exposed to physical harm.

Defamation. A person can sue another for defamation over any “published” false statement that harms the person’s reputation. Some forms of defamation are particularly bad (they are called defamation per se), and are proven when, for example, someone falsely states that a person has committed a crime, has engaged in sexually immoral behavior, or has a loathsome disease. A realistic Photoshop job could effectively communicate a false statement about someone that is harmful to his or her reputation.

Copied photos

Since copying and reposting images is so easy, a lot of people do it. On social media platforms, users often do not mind if a friend copies the photos from last night’s dinner party and reuploads them to another account. In situations like these, it’s simply “no harm, no foul.” Technically there is copyright infringement going on, but what friend is going to file a lawsuit against another friend over this socially-acceptable use? The more nefarious situations illustrate how copyright can be used to control the display and distribution of photos.

In most instances, the person who takes a photo owns the copyright in that photo. A lot of people believe that if you appear in a photo, you own the copyright. That’s not true unless the photo is a self portrait (e.g., camera held at arm’s length and turned back toward the person, or shot into the mirror), or unless the person in the photo has otherwise gotten ownership of the copyright through a written assignment (a much rarer situation).

A person who finds that his or her copyrighted photos have been copied and reposted without permission has a number of options available. In the United States, a quick remedy is available under the notice and takedown provisions of the Digital Millennium Copyright Act. The copyright owner sends a notice to the platform hosting the photos and demands the photos be taken down. The platform has an incentive to comply with that demand, because if it does, it cannot be held responsible for the infringement. Usually a DMCA takedown notice is sufficient to solve the problem. But occasionally one must escalate the dispute into copyright infringement litigation.

Some other things to keep in mind

With the protections afforded by free speech and the difficulties involved in winning an invasion of privacy or infliction of emotional distress lawsuit, one can get away with quite a bit when using photos in social media. One court has even observed that you do not need a person’s permission before tagging him or her in a photo.

A person offended by the use of a photo by him or of him may have recourse even in those situations where it is not so egregious as to give him a right to sue. Social media platforms have terms of service that prohibit users from harassing others, imitating others, or otherwise engaging in harmful conduct. The site will likely remove content once it is made aware of it. (I have sent many requests to Facebook’s legal department requesting content to be removed — and it has been removed.) The norms of social media communities play an important role in governing how users treat one another, and that principle extends to the notions of civility as played out through the use of photos online.

Evan Brown is a Chicago technology and intellectual property attorney. He advises businesses and individuals in a wide range of situations, including social media best practices. 

Photo credit: AForestFrolic

Fair use, the DMCA, and presidential politics

The 2012 presidential election cycle is already giving internet law enthusiasts things to talk about. Last week it was Ron Paul’s grumblings about an unauthorized campaign ad on YouTube. Now NBC is moaning about a Mitt Romney ad comprised almost entirely of Tom Brokaw on the Nightly News in 1997.

NBC has asked the ad be pulled, claiming it is a copyright infringement. Smart people are already saying the ad is fair use. It probably is fair use.

And NBC knows that. Romney’s campaign posted the ad on YouTube five days ago, and it is yet to be the subject of a DMCA takedown notice. Though such a notice would be easy to draft and send, NBC is aware that the fallout could be expensive. Section 512(f) of the DMCA penalizes the senders of bogus takedown notices. And the courts have not taken kindly to purported victims of infringement who do not fully consider fair use before having content taken off YouTube.

With the election still months away, we may yet see controversial action like we did in 2008 by the news media to disable political content. These situations underscore the problem presented by how long it takes to process DMCA counternotifications and 512(f) actions.

A candidate’s defeat makes these processes moot. So maybe we should hope for a longer republican primary season just so we can see some good DMCA and fair use litigation. Come on NBC, send that takedown notice!

YouTube victorious in copyright case brought by Viacom

District court grants summary judgment, finding YouTube protected by DMCA safe harbor.

Viacom v. YouTube, No. 07-2103, (S.D.N.Y. June 23, 2010)

The question of whether and to what extent a website operator should be liable for the copyright infringement occasioned by the content uploaded by the site’s users is one of the central problems of internet law. In talks I’ve given on this topic of “secondary liability,” I’ve often referred it simply as “the YouTube problem”: should YouTube be liable for the infringing content people upload, especially when it knows that there is infringing material.

Charlie Bit My Finger - Harry and his little b...
Image via Wikipedia

Today was a big day in the history of that problem. The district court granted summary judgment in favor of YouTube in the notorious billion dollar copyright lawsuit brought against YouTube by Viacom way back in 2007.

The court held that the safe harbor provisions of the Digital Millennium Copyright Act (“DMCA”) (at 17 USC 512) protected YouTube from Viacom’s direct and secondary copyright claims.

Simply stated, the DMCA protects online service providers from liability for copyright infringement arising from content uploaded by end users if a number of conditions are met. Among those conditions are that the service provider “not have actual knowledge that the material or an activity using the material on the system or network is infringing,” or in the absence of such actual knowledge, “is not aware of facts or circumstances from which infringing activity is apparent.”

The major issue in the case was whether YouTube met these conditions of “non-knowledge” (that’s my term, not the court’s) so that it could be in the DMCA safe harbor. Viacom argued that the infringement was so pervasive on YouTube that the site should have been aware of the infringement and thus not in the safe harbor. YouTube of course argued otherwise.

The court sided with YouTube :

Mere knowledge of prevalence of such activity in general is not enough. . . . To let knowledge of a generalized practice of infringement in the industry, or of a proclivity of users to post infringing materials, impose responsibility on service providers to discover which of their users’ postings infringe a copyright would contravene the structure and operation of the DMCA.

Given the magnitude of the case, there’s little doubt this isn’t the end of the story — we’ll almost certainly see the case appealed to the Second Circuit Court of Appeals. Stay tuned.

Enhanced by Zemanta

Should ISPs get paid to respond to DMCA takedown notices?

CNET News is running a story about how Jerry Scroggin, the owner of Louisiana’s Bayou Internet and Communications, expects big media to pay him for complying with DMCA takedown notices. No doubt Scroggin gets a little PR boost for his maverick attitude, and CNET keeps its traffic up by covering a provocative topic. After all, people love to see the little guy stick it to the man.

Here is something from the article that caught my attention:

Small companies like [Bayou] are innocent bystanders in the music industry’s war on copyright infringement. Nonetheless, they are asked to help enforce copyright law free of charge.

A couple of assumptions in this statement need addressing. I submit that:

ISPs are not innocent bystanders.

As much as one may disdain the RIAA, the organization is enforcing legitimate copyright rights. Though an ISP may have no bad intent to help people infringe (i.e., the “innocent” part), infringing content does pass through their systems. And few would disagree that the owner of a system is in the best position to control what happens in that system. So unless we’re going to turn the entire network over to a government, we must rely on the ISPs at the lower parts of the web to comply with the DMCA. They owe a duty. It’s in this way that the ISPs are anything by innocent bystanders in the copyright wars. In fact, they’re soldiers (albeit perhaps drafted).

Though the administrative burdens of DMCA compliance fall on the ISPs, the work is not undertaken for free.

The safe harbor that ISPs enjoy in return for compliance is a huge compensation. An entity in the safe harbor has more certainty that a suit for infringement would be unsuccessful. Were there more doubt about the outcome, there would be more litigation. More litigation equals more cost. And I guarantee you that those litigation costs would dwarf the administrative costs associated with taking down content identified in a notice. So substract the administrative costs from the hypothetical litigation costs, and there you have the compensation paid to ISPs for compliance.

What do you think?

Pirate Christmas photo courtesy Flickr user Ross_Angus under this Creative Commons license.

Scroll to top