DMCA reaches the decade mark

My friend Kevin Thompson over at Cyberlaw Central reminded me this morning in this post that President Clinton signed the Digital Millennium Copyright Act ten years ago today. Tempus fugit. It’s interesting to reflect on how this critical piece of legislation has affected (I think fostered) the growth of the online infrastructure with its safe harbor provisions found at 17 U.S.C. 512.

DMCA at 10 years

Simply stated, the DMCA at section 512 gives safe harbor protections to providers of interactive computer services (like ISPs and websites hosting user generated content) from liability when users upload content that infringes on another’s copyright rights. To sail its ship into the safe harbor, the provider has to take certain affirmative steps, like registering an agent with the Copyright Office, terminating the accounts of repeat infringers, and, most importantly, responding appropriately to “takedown notices” sent by copyright owners identifying infringing content on the provider’s system.

Though few could disagree with the principle of protecting service providers from infringement liability occasioned by the conduct of third party users (i.e., stemming from user generated content), the DMCA has its critics. And the actual mechanism has some bugs.

A big factor in the problem is the sheer volume of user generated content that’s put online. How can an operator like YouTube, who gets hours of new content loaded to its servers every minute, reasonably be expected to give meaningful review to every takedown notice that comes its way? It can’t.

So for practical reasons, big providers (and smaller ones alike) take down accused content essentially with a rubber stamp. And who can blame them? It saves administrative time and helps ensure safe harbor protection. But there are negative consequences to users and to the public. These consequences on the First Amendment and other rights are well-exemplified by the recent correspondence between the McCain-Palin campaign and YouTube, with amicus-like voices joining the chorus.

Like any ten-year old, the DMCA shows signs of maturity. It has withstood a decade of scrutiny, all the while giving service providers peace of mind, along with relatively efficient mechanisms for copyright owners to get infringing material taken down quickly. But also like a ten-year-old, the challenging years of adolescence — and the accompanying rudimentary changes — are around the corner. It’ll still be the DMCA, but I wouldn’t be surprised to see some transformation going on as user generated content becomes less a novelty and more a standard.

Birthday cake photo courtesy of Flickr user “juverna” via this Creative Commons license.

Veoh eligible for DMCA Safe Harbor

[Brian Beckham is a contributor to Internet Cases and can be contacted at brian.beckham [at] gmail dot com.]

Io Group, Inc. v. Veoh Networks, Inc., 2008 WL 4065872 (N.D.Cal. Aug. 27, 2008)

The U.S. District Court for the Northern District of California ruled that Veoh’s hosting of user-provided content is protected by the DMCA safe harbor provision, and that it does not have a duty to police for potential copyright infringement on behalf of third-parties, but rather must act to remove infringing content when so put on notice.

IO produces adult films; Veoh hosts, inter alia, its own “Internet TV channels” and user-posted content (much like YouTube). In June 2006, IO discovered clips from ten (10) of its copyrighted films ranging from 6 seconds to 40 minutes in length hosted on Veoh. Rather than sending Veoh a “DMCA Notice & Takedown” letter, IO filed the instant copyright infringement suit. (Coincidentally, Veoh had already removed all adult content sua sponte — including IO’s prior to the suit). Had Veoh received such a notice, so the story goes, it would have removed the content, and terminated the posting individual’s account.

When a user submits a video for posting, Veoh’s system extracts certain metadata (e.g., file format and length), assigns a file number, extracts several still images (seen on the site as an icon), and converts the video to Flash. Prior to posting, Veoh’s employees randomly spot check the videos for compliance with Veoh’s policies (i.e., that the content is not infringing third-party copyrights). On at least one occasion, such a spot check revealed infringing content (an unreleased movie) which was not posted.

Veoh moved for summary judgment under the DMCA’s Safe Harbors which “provide protection from liability for: (1) transitory digital network communications; (2) system caching; (3) information residing on systems or networks at the direction of users; and (4) information location tools.” Ellison, 357 F.3d at 1076-77. Finding that Veoh is a Service Provider under the DMCA, the Court had little trouble in finding that it qualified for the Safe Harbors. IO admitted that Veoh “(a) has adopted and informed account holders of its repeat infringer policy and (b) accommodates, and does not interfere with, “standard technical measures” used to protect copyrighted works”, but took issue with the manner in which Veoh implemented its repeat infringer policy.

Veoh clearly established that it had a functioning DMCA Notice & Takedown system:

  • Veoh has identified its designated Copyright Agent to receive notification of claimed violations and included information about how and where to send notices of claimed infringement.
  • Veoh often responds to infringement notices the same day they are received.
  • When Veoh receives notice of infringement, after a first warning, the account is terminated and all content provided by that user disabled.
  • Veoh terminates access to other identical infringing files and permanently blocks them from being uploaded again.
  • Veoh has terminated over 1,000 users for copyright infringement.

The Court held that Veoh did not have a duty to investigate whether terminated users were re-appearing under pseudonyms, but that as long as it continued to effectively address alleged infringements, it continued to qualify for the DMCA Safe Harbors; moreover, it did not have to track users’ IP addresses to readily identify possibly fraudulent new user accounts.

The Court further noted that: “In essence, a service provider [Veoh] is eligible for safe harbor under section 512(c) if it (1) does not know of infringement; or (2) acts expeditiously to remove or disable access to the material when it (a) has actual knowledge, (b) is aware of facts or circumstances from which infringing activity is apparent, or (c) has received DMCA-compliant notice; and (3) either does not have the right and ability to control the infringing activity, or – if it does – that it does not receive a financial benefit directly attributable to the infringing activity.”

The Court found that (1) there was no question that Veoh did not know of the alleged infringement — since IO did not file a DMCA Notice (2) it acted expeditiously to remove user-posted infringing content, (3) it did not have actual knowledge of infringement, (4) it was not aware of infringing activity, and (5) it did not have the right and ability to control the infringing activity (the Court did not address any financial benefit).

In sum: the Court “[did] not find that the DMCA was intended to have Veoh shoulder the entire burden of policing third-party copyrights on its website (at the cost of losing its business if it cannot). Rather, the issue [was] whether Veoh [took] appropriate steps to deal with [alleged] copyright infringement.”

There is much speculation as to how, if at all, this case will affect the Viacom / YouTube case. YouTube praised the decision, Viacom noted the differences. Each case turns on its own facts, but to the extent there are similarities, this decision is wind in YouTube’s sails.

Case is: IO Group Inc.(Plaintiff), v. Veoh Networks, Inc. (Defendant)

Sender of DMCA takedown notice should consider fair use

Lenz v. Universal Music Corp., No. 07-3783 (N.D. Cal. August 20, 2008). [Download the opinion]

Hat tip to Joe Gratz for breaking this story.

One of the things that a person sending a takedown notice under the Digital Millennium Copyright Act (DMCA) has to swear to is that he or she “has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.” 17 U.S.C. §512(c)(3)(A) (emphasis added). If the sender of the takedown notice makes a knowingly material misrepresentation as to whether the law authorizes the use of the material, the party whose content is taken down can sue under 17 U.S.C. §512(f). This serves as a backstop against DMCA takedown abuses.

Suppose that the complained-of work may be protected by fair use. If the sender is deliberately ignorant of that possibility, can that result in a misrepresentation that runs afoul of 512(f)? That question had not been answered before today, when the U.S. District Court for the Northern District of California said “yes.”

The case is Lenz v. Universal Music Corp., No. 07-3783. You may have heard of this case before, as it’s the one where the mom filmed her daughter dancing to Prince’s “Let’s Go Crazy” and uploaded that to YouTube, only to have it removed after a Universal DMCA takedown notice. Lenz sued under §512(f) and Universal moved to dismiss.

In its motion to dismiss, Universal contended that copyright owners cannot be required to evaluate the question of fair use prior to sending a takedown notice because fair use is merely an excused infringement of a copyright rather than a use authorized by the copyright owner or by law.

But the court disagreed. “[T]he fact remains that fair use is a lawful use of a copyright. Accordingly, in order for a copyright owner to proceed under the DMCA with ‘a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law,’ the owner must evaluate whether the material makes fair use of the copyright.” The court went on to say that “[a]n allegation that a copyright owner acted in bad faith by issuing a takedown notice without proper consideration of the fair use doctrine thus is sufficient to state a misrepresentation claim pursuant to Section 512(f) of the DMCA.”

Because Lenz’s complaint contained allegations of this nature, it was detailed enough to pass Twombly muster [Bell Atlantic Corp. v. Twombly, — U.S. —-, 127 S. Ct. 1955, 1964-65 (2007)], and the case moves forward.

The practical effect of this decision is that one sending a DMCA takedown notice without considering whether the person who posted the content is making a fair use, does so at his or her peril. Let’s be clear — the decision does not mean that sending a takedown notice in a situation where it turns out to be a fair use will automatically result in a finding of §512(f) misrepresentation. But it does add another implicit item on the checklist of the takedown notice sender.

The vexing linkage between access and protection in DMCA anticircumvention analysis

A couple of days ago David Donoghue wrote about the recent case of Nordstrom Consulting, Inc. v. M&S Technologies, Inc., No. 06-3234, 2008 WL 623660 (N.D. Ill. March 4, 2008). Dave’s post gives a very thorough treatment of all aspects of the case, which involve primarily allegations of infringement of the copyright in software.

The case also involved a claim of circumvention under the Digital Millennium Copyright Act, at 17 U.S.C. 1201(a). The court granted the defendants’ summary judgment motion on this claim.

The dispute arose from a rather typical set of facts. The parties had collaborated on the development of some software. Along the way the principal author of the software became dissatisfied and parted ways. Litigation ensued over the parties’ ownership and use of the source code.

Before plaintiff Nordstrom officially severed ties, he went on vacation. While he was gone, one of the defendant’s employees (Butler) sent Nordstrom an email saying that Butler needed access to the source code which was stored on a computer there in the office, in order to help out a customer. Nordstrom didn’t respond for several days, and in the meantime, Butler disabled the BIOS password for the computer.

Nordstrom sued under Section 1201 over this disabling of the password. The court relied heavily on the Federal Circuit’s decision in Chamberlain Group, Inc. v. Skylink Technologies, Inc., 381 F.3d 1178 (Fed. Cir. 2004) to conclude that there was no violation of Section 1201’s anticircumvention provisions.

The Chamberlain case draws a necessary connection between circumvention and infringement. And the presence of this connection is the vexing part of the analysis. A quick reading of Section 1201 does not reveal the link.

But the Chamberlain court held that Section 1201’s prohibition on circumvention does not give rise to a new property interest, only a new cause of action, one that goes after circumvention of methods controlling access to protected works. One can’t pursue a defendant just for circumvention in a vacuum, so to speak. The circumvention has to bear some “reasonable relationship to the protections that the Copyright Act otherwise affords copyright owners.” Chamberlain, 381 F.3d at 1202. In other words, without infringement or the facilitation of infringement arising from the cirumvention, a cause of action under 1201 does not arise. The linkage is one between access and protection.

The holding of the Nordstrom case as to the DMCA claim picks up on this link between access and protection. Summary judgment on the circumvention claim was proper because the plaintiff could not show that Butler’s disabling of the BIOS password protection on the computer storing the source code enabled any infringement. The evidence before the court was that Butler accessed the code to fix a problem on behalf of an authorized licensee of the software. Because of the license, there could be no infringement. Without any connection to infringement, under the teaching of Chamberlain, a cause of action for circumvention could not be sustained.

Anonymous alleged infringer identified with little substantive inquiry into infringement claim

[In re Subpoena Issued Pursuant to the Digital Millennium Copyrigt Act to: 43SB.com, No. 07- 6236, 2007 WL 4335441 (D. Idaho, December 7, 2007).]

When the general counsel for Melaleuca, Inc. saw some negative content someone had posted about the company on the Web site 43rdstateblues.com, he sent a cease and desist letter demanding the content be removed. The letter, however, did not accomplish its intended purpose. Instead, the site owner posted the entire letter.

Melaleuca did not give up, but just adapted its strategy. It served a DMCA subpoena [see 17 U.S.C. §512(h)] on the site, seeking to identify the person who posted the letter “so that [Melaleuca] might seek redress for copyright infringement.” Melaleuca claimed that its copyright rights in the letter were infringed when it was posted online. (Claiming copyright in cease and desist letters is not a new tactic.  See, e.g., here and here.) 

The website moved to quash the subpoena, asserting, among other things, that the letter was not subject to copyright protection, and that the failure by Melaleuca to establish a prima facie case of copyright ownership was fatal to the subpoena.

The court denied the motion to quash. The Web site had argued that Melaleuca could not own a copyright in the letter, according to 17 U.S.C. 102(b)’s exclusion of “any idea, procedure, process, system, method of operation, concept, principle or discovery” form copyright protection. But the court rejected that argument.

Declining to “go into an in-depth analysis of the merits of a copyright infringement claim in determining whether to quash [the] subpoena,” the court found that Melaleuca’s copyright registration in the letter was sufficient to establish ownership of a valid copyright.  As for alleged copying, the court found that posting of the entire letter was sufficient.

There are a couple of interesting observations to be made from this decision.  First, unlike cases in which plaintiffs seek to uncover the identity of anonymous defendants accused of defamation [see here], this court gave – relatively speaking – little inquiry into the merits of the plaintiff’s case.  Perhaps it felt that such an analysis was not necessary given that the Copyright Office had already determined copyrightable subject matter to exist (when it issued the registration certificate).

A second interesting question arises when one considers how the court might have ruled had the defendant asserted fair use as a basis for the motion to quash. (Doesn’t it seem like posting a cease and desist letter on the Internet, ostensibly for eliciting public ridicule, is a transformative use?) Given the fact intensive inquiry of a fair use analysis, the court would have probably reached the same conclusion, if anything to put off the factfinding until later.  But would a court do that in other cases where the offending, anonymous use is more obviously fair?     

Beaded jewelry website tussle turns into lawsuit alleging bogus DMCA takedown notice

Does a hosting provider breach the contract with its customer when it responds to a DMCA takedown notice concerning its customer’s content? The plaintiff in this case would have you believe that. [Download the Complaint]

Jades Creations, LLC v. White, No. 07-50225 (N.D. Ill., Filed November 16, 2007)

Rockford, Illinois-based Jades Creations, LLC has filed suit in federal court against its competitor in the beaded jewelry industry over what Jades claims were unmeritorious takedown notices sent to Earthlink under the Digital Millennium Copyright Act.

Back in October, SW Creations sent a DMCA takedown notice to Earthlink, the host of Jades Creations’ Web site, claiming that material located thereupon infringed SW Creations’ copyright and trademark rights. (Never mind the DMCA does not apply to trademarks.) Jades, of course, disputed the fact that there was infringing content on its site, and successfully had access to its site restored after sending Earthlink a counternotification.

But Jades didn’t stop there. Obviously perturbed by what it believed to be an unwarranted takedown notice that caused it to lose business, it filed a lawsuit in the Northern District of Illinois, asking for a declaration of non-infringement and asserting various tort claims for the takedown notice.

One of the claims is for tortious interference with the contract between Jades and her hosting provider Earthlink. This is intriguing, but it looks like there could be a bit of a hurdle here.

Under Illinois law, a successful plaintiff in a tortious interference with contract action has to prove, among other things, that an actual breach of contract occurred because of the defendant’s conduct. Belden Corp. v. InterNorth, Inc., 413 N.E.2d 98 (Ill. App. 1st Dist. 1980). Did Earthlink breach the contract with its hosting customer when it obeyed the demands of a third party DMCA takedown notice?

Jades alleges that this was a breach (see paragraph 60 of the complaint). Do you agree?

Earthlink’s terms of service can be found here. And remember, 17 U.S.C. 512(g) provides that “a service provider shall not be liable to any person for any claim based on the service provider’s good faith disabling of access to, or removal of, material or activity claimed to be infringing or based on facts or circumstances from which infringing activity is apparent, regardless of whether the material or activity is ultimately determined to be infringing.”

Scroll to top