Is a DMCA subpoena to identify unknown infringers valid if the infringement has ended?

The Digital Millennium Copyright Act (“DMCA”) is well-known for its notice and takedown provisions. But the DMCA provides a number of other interesting mechanisms, including a procedure for potential copyright plaintiffs to send subpoenas to online service providers to learn the identity of users who posted infringing content to that service. A recent case involving some subpoenas that a copyright owner sent to eBay examines the relationship between the notice and takedown procedures on one hand, and the subpoena mechanism on the other. The question before the court was whether a DMCA subpoena is valid if, by the time it is served on the online service provider, that online service provider has already removed or has disabled access to that content.

Section 512(h) (17 U.S.C. 512(h)) spells out the DMCA subpoena process, and how it relates to the notice and takedown provisions. An online service provider must act expeditiously to identify the user who uploaded infringing content “[u]pon receipt of the issued subpoena, either accompanying or subsequent to the receipt of a [takedown request].” That plain language seems straightforward — an online service provider has to provide the identifying information in response to any subpoena it receives either with or subsequent to a takedown notice.

But it was not so straightforward in a 2011 case, where some confusing facts made for some confusing law. In Maximized Living, Inc., v. Google, Inc., 2011 WL 6749017 (N.D. Cal. December 22, 2011), the copyright holder sent a subpoena to the online service provider after the copyright holder had sent a DMCA takedown notice. That would appear to comport with the statute — the subpoena came subsequent to the takedown notice. But the problem in that case was that the takedown notice was not valid. By the time it was sent, the alleged infringer had already removed the infringing content. From that, the Maximized Living case pronounced that “the subpoena power of §512(h) is limited to currently infringing activity and does not reach former infringing activity that has ceased and thus can no longer be removed or disabled.”

In the recent case of In re DMCA Subpoena to eBay, Inc., eBay, as the recipient of subpoenas to identify some of its users, picked up on the Maximized Living holding to argue that it did not have to answer the subpoenas because it had already taken down the offending content pursuant to previous takedown notices. Since the subpoenas did not relate to “currently infringing activity,” eBay argued à la Maximized Living, that the subpoenas had not been issued under §512(h)’s power and were therefore invalid.

The court rejected eBay’s argument. The key distinction in this case was that, unlike in Maximized Living, the takedown notices in this case, when they issued, related to content that was on the eBay servers at the time the takedown notices were issued. Granted, some of those takedown notices went all the way back to early 2012 (query whether the subpoena should be valid if it would only uncover the identity of an infringer for whom the 3-year copyright statute of limitations had passed; but that wasn’t before the court).

So to simply state the rule in this case — for a DMCA subpoena to be valid, it has to relate to a valid DMCA takedown notice. That DMCA takedown notice is not valid unless it was served at a time when infringing content resided on the service. An online service provider cannot avoid the obligation of responding to a subpoena by taking down the content, thereby causing there to be no “currently infringing activity”. Such a rule would, as the court observed, cause the online service provider’s safe harbor protection to also shield the alleged infringer from being identified. That would indeed be an odd application of the DMCA’s protection. The court in this case avoided that outcome.

In re DMCA Subpoena to eBay, Inc., 2015 WL 3555270 (S.D. Cal. June 5, 2015).

Evan Brown is a Chicago attorney helping clients in matters dealing with copyright, technology, the internet and new media. Call him at (630) 362-7237, send email to ebrown [at] internetcases dot com, or follow him on Twitter @internetcases

Photo courtesy of Flickr user Thomas Galvez under this Creative Commons license.

GitHub jeopardizes its DMCA safe harbor status by launching its new policy

GitHub has baked in some feelgood to its new DMCA takedown policy. The new setup features clearer language, a refusal to automatically disable all forks of an allegedly infringing repository, and a 24-hour window in which the target of a takedown notice may make changes. The mechanisms of this third point ought to cause one to consider whether GitHub is risking the protections of the DMCA safe harbor.

If a DMCA takedown notice alleges that only certain files (as opposed to the whole repository) infringe, under the new policy, GitHub “will contact the user who created the repository and give them approximately 24 hours to delete or modify the content specified in the notice.” If the user makes changes to the repository, the burden shifts back to the sender of the DMCA notice. This shifing-the-burden-back seems problematic under the DMCA.

GitHub’s policy says:

If the user makes changes, the copyright owner must review them and renew or revise their takedown notice if the changes are insufficient. GitHub will not take any further action unless the copyright owner contacts us to either renew the original takedown notice or submit a revised one. If the copyright owner is satisfied with the changes, they may either submit a formal retraction or else do nothing. GitHub will interpret silence longer than two weeks as an implied retraction of the takedown notice.

The DMCA protects a party in GitHub’s position so long as the party “responds expeditiously to remove, or disable access to, the material that is claimed to be infringing upon notification of claimed infringement”. Read that provision carefully — the response must be to take down, not merely take steps to work with the alleged infringer to make it right. GitHub’s new mechanism of interpreting silence as a retraction is not an expeditious removal of or disabling access to allegedly infringing material. Nothing in the DMCA requires the sender of the takedown notice to have to ask twice.

You’ve got to hand it to GitHub for trying to make the world a better place through this new policy. The intended net effect is to reduce the number of instances in which entire repositories are taken down simply because of a few allegedly infringing files. But GitHub is putting something of great value, namely, its DMCA safe harbor protection, at risk.

Many copyright plaintiffs look for every possible angle to pin liability. You can almost be certain that a copyright owner will challenge GitHub’s safe harbor status on the ground that GitHub did not respond expeditiously. It seems odd GitHub would be willing to toss a perfectly good affirmative defense. One would think the better approach would be to go ahead and take the repository down after 24 hours, rather than leaving it up and risk a finding on “non-expeditiousness”.

Related:

Microsoft letter to GitHub over DRM-free music software is not the first copyright-ironic action against an intermediary

Evan Brown is an attorney in Chicago advising clients on matters dealing with copyright, technology, the internet and new media.

DMCA’s protection of copyright management information applied to non-electronic works

The Digital Millennium Copyright Act (DMCA) provides safe harbors from copyright infringement liability for online service providers (17 U.S.C. 512) and makes it unlawful to circumvent technological measures that effectively control access to copyrighted works (17 U.S.C. 1201). A lesser-known (and lesser-litigated) provision of the DMCA (17 U.S.C. 1202) makes it illegal to intentionally remove or alter any copyright management information or to distribute copies of works knowing that copyright information has been removed or altered without authority of the copyright owner or the law. “Copyright management information” includes information conveyed in connection with copies of the work, such as the title and the name of the author.

A recent case from federal court in Florida considered whether this regulation of copyright management information in the DMCA applies only to electronic works intended for distribution over the internet, or whether it applies to more traditional works such as hard copy technical drawings. The court interpreted the DMCA broadly to apply to all kinds of works, whether on the internet or not.

Plaintiff alleged that defendant violated the DMCA by distributing copies of plaintiff’s drawings “knowing that [plaintiff’s] name had been removed therefrom and/or that another entity’s name had been added thereto.” Defendant argued that plaintiff failed to state a claim for a violation of the DMCA because the DMCA only applies to “technological” infringement. Defendant cited to Textile Secrets Intl’l, Inc. v. Ya–Ya Brand, Inc., 524 F.Supp.2d 1184 (C.D.Cal.2007), which found that § 1202(b) “was [not] intended to apply to circumstances that have no relation to the Internet, electronic commerce, automated copyright protections, or management systems, public registers, or other technological measures or processes as contemplated in the DMCA as a whole.” To read it otherwise, the court in that case reasoned, would contradict the “legislative intent behind the DMCA to facilitate electronic and Internet commerce.”

In this case, however, the court noted that other courts, focusing on the plain language of the DMCA, have held differently, and approved the DMCA’s application to non-technological contexts. See Murphy v. Millennium Radio Group LLC, 650 F.3d 295 (3d Cir.2011); Agence France Presse v. Morel, 769 F.Supp.2d 295 (S.D.N.Y.2011). Although in this case, as in Murphy, the legislative history of the DMCA was consistent with defendant’s interpretation, it did not actually contradict it. Instead, Section 1202(b) simply established a cause of action for the removal of, among other things, the name of the author of a work when it has been conveyed in connection with copies of the work.

So the court, as it found it was required to do, considered the statute’s plain meaning before it considered its legislative history. Under that analysis, it held that plaintiff’s allegations were sufficient to a state a claim for violation of the DMCA.

Roof & Rack Products, Inc. v. GYB Investors, LLC, 2014 WL 3183278 (S.D. Fla. July 8, 2014)

Evan Brown is an attorney in Chicago advising clients on matters dealing with copyright, technology, the internet and new media.

Must a service provider remove all content a repeat infringer uploaded to qualify for the DMCA safe harbor?

459px-Enjoy_Don't_DestroyDoes an online service provider forfeit the safe harbor protections of the Digital Millennium Copyright Act if, when terminating the account of a repeat infringer, it does not delete all content the repeat infringer uploaded — infringing and noninfringing alike? A recent decision involving the antique internet technology Usenet sheds light on an answer.

Active copyright plaintiff Perfect 10 sued Usenet provider Giganews for direct and secondary liability for hosting allegedly infringing materials on the Giganews servers. Giganews asserted the safe harbor of the DMCA (17 U.S.C. 512) as an affirmative defense. Perfect 10 moved for summary judgment on whether the safe harbor applied – it argued that the safe harbor did not apply, Giganews argued that it did. The court denied Perfect 10’s motion.

Perfect 10 asserted that Giganews had not reasonably implemented a policy to terminate the accounts of repeat infringers as required by 17 U.S.C. 512 (i)(1)(A). One of the arguments Perfect 10 made was that Giganews did not reasonably implement its repeat infringer policy because Giganews terminated the accounts of the infringers but did not also delete all the content the infringers had uploaded.

The court was not persuaded that § 512(i)(1)(A) requires a service provider to disable or delete all content a repeat infringer has ever posted. The plain language of the statute requires “termination … of subscribers and account holders,” not the deletion of content. And because a requirement of taking down all content, not just infringing content, would serve no infringement-preventing purpose, the court held that there was no justification for reading such a requirement into the statute.

Perfect 10, Inc. v. Giganews, Inc., — F.Supp.2d —, 2014 WL 323655 (C.D.Cal. January 29, 2014)

1 2 3 4 5 6 7