Internet Archive malfunction leads to interesting DMCA and infringement case

Healthcare Advocates, Inc. v. Harding, Earley, Follmer & Frailey, — F.Supp.2d —-, 2007 WL 2085358 (E.D. Pa., July 20, 2007). [Download the opinion]

(This case has been pretty well covered already in the legal blogosphere, including here and here, but this is my $0.02 anyway.)

Plaintiff Healthcare Advocates sued defendant law firm Harding, Earley Follmer & Frailey, as well as a number of attorneys and staff at the firm for copyright infringement and violation of the anticircumvention provisions of the Digital Millennium Copyright Act (“DMCA”). The defendants moved for summary judgment, asserting that the alleged infringement was excused under the doctrine of fair use, and that the alleged conduct under the DMCA did not constitute a “circumvention” as contemplated under the statute. The court granted the defendants’ motion for summary judgment.

The dispute between the parties arose from a novel factual scenario. The defendants used the Internet Archive’s Wayback Machine to access cached versions of the plaintiff’s website. A few days earlier, the plaintiffs had configured a robots.txt file to be used in connection with their site, which should have – in the normal course of operations – prevented the web pages from showing up in the Internet Archive. [More on robots.txt files] But as it turns out, the Internet Archive’s servers were malfunctioning when the defendants conducted their searches, so the pages that should have been excluded under the instructions in the robots.txt file showed up anyway.

The plaintiff claimed that by viewing the archived pages on their office computers without authorization (such lack of permission stemming from the exclusion instructions in the robots.txt file), the defendants violated the plaintiff’s exclusive right under 17 U.S.C. §106 to publicly display their copyrighted works, thereby committing infringement. And by accessing the cached versions in spite of the robots.txt file, the plaintiff argued, the defendants circumvented a technological measure used to prevent access to a copyrighted work, in violation of 17 U.S.C. §1201.

The court agreed that the plaintiffs established the two necessary elements of copyright infringement, namely, (1) ownership of valid copyrights in the web pages, and (2) that the defendants, by viewing the web pages on their office computers, violated the exclusive display right under §106. But the court went on to determine that there was no infringement, because the use made by the defendants was a protected fair use.

On the fair use question, the most significant factor in the court’s analysis was the “purpose and character” of the subsequent use that the defendants had made. The defendants had viewed the archived web pages in connection with their work in defending their client against allegations of infringement in another case brought by Healthcare Advocates. In holding that this investigation of the plaintiff’s online materials was a permissible fair use, the court stated that “[i]t would be an absurd result if an attorney defending a client against charges of trademark and copyright infringement was not allowed to view and copy publicly available material, especially mater that his client was alleged to have infringed.”

As for the DMCA anticircumvention claims, the court held that because the malfunctioning of the Internet Archive servers made it such that the exclusion instructions in the robots.txt file were not present, there was no protective measure in place to be circumvented. Plaintiffs had argued that even though the protective measure was not in place, defendants should have known that they did not have permission to view the cached pages, as some of the requests were met with messages that the page was blocked by the website owner. The court rejected this argument, and, nodding to the case of I.M.S. Inquiry Mgmt. Sys., Ltd. v. Bershire Info. Sys., Inc., 307 F.Supp.2d 521 (S.D.N.Y. 2004), held that a lack of permission is not circumvention under the DMCA.

More evidence needed for YouTube’s DMCA defense

Viacom’s lawsuit against YouTube has gotten quite a bit of attention, but it wasn’t the first case of its kind filed. Almost a year ago, helicopter pilot and journalist Robert Tur sued YouTube for infringement of some well-known video he shot during the Rodney King Riots.

Both parties filed motions for summary judgment, and last week the court denied both motions. The rulings shed some light on how the safe harbor provisions of the Digital Millennium Copyright Act (“DMCA”) may play out in future lawsuits over user-generated content.

YouTube argued in its motion that it qualified for safe harbor protection “based on what it purport[ed] to be its definitive ability to satisfy all of the requirements of the statutory scheme.” The court neatly parsed seven requirements from 17 U.S.C. §512 that a service provider must meet to sail into the safe harbor:

(1) adoption and reasonable implementation of a termination policy for subscribers and account holders who are repeat infringers;

(2) accommodation and non-interference with “standard technical measures” that copyright owners use to protect their works;

(3) infringement is “by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider”;

(4) lack of actual knowledge of the infringing material or no awareness of facts or circumstances from which infringing activity is apparent on the system or network, and expeditious action to remove or disable access to material upon obtaining such knowledge or awareness;

(5) no “financial benefit” directly attributable to the infringing activity,” if it had “the right and ability to control such activity”;

(6) expeditious response to remove or disable access to infringing material upon notification from the copyright owner; and

(7) proper designation of an agent to receive such notification.

The difficulty arose for YouTube under the fifth point, namely, in connection with its argument that it gained no “financial benefit” directly attributable to the infringing activity,” and did not have “the right and ability to control such activity.”

Citing to the recent 9th Circuit case of Perfect 10 v. CCBill, the court observed that this point is actually two requirements in one: a provider’s receipt of a financial benefit is only implicated where it also has the right and ability to control the infringing activity. So if YouTube did not have the right and ability to control the alleged infringing activity, there was no reason to engage in the “financial benefit” analysis.

The court held that there was insufficient evidence to allow it to determine whether YouTube had the right and ability to control the infringing activity. The court’s comments on this point are intriguing, and foreshadow what might be some interesting issues in discovery. “There is clearly a significant amount of maintenance and management that YouTube exerts over its website, but the nature and extent of that management is unclear.” The court went on to note the lack of evidence as to “the process undertaken by YouTube from the time a user submits a video clip to the point of display on the YouTube website.”

Tur v. YouTube, Inc., No. 06-4436, (C.D.Cal. June 20, 2007)

Plain meaning, plain silliness under the DMCA anticircumvention provisions

CNET is reporting on a cease and desist letter some company has sent to Microsoft, Apple, Adobe and others. (I’m not going to mention the company by name because I don’t want to play into what Jessica Litman and I agree is an attempt to garner some unwarranted publicity — see the CNET article.) Simply stated, the company, which has apparently developed some kind of technology designed to prevent ripping of digital audio streams, claims that Microsoft et al. are actively avoiding the implementation of the company’s technology in their products. It clams that this avoidance is a circumvention prohibited under the DMCA.

I don’t opine much on this site, but this company’s theory is based on, at best, a hypertechnical and unsupportable reading of the DMCA. As you know, “circumvention” under the DMCA means to “descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner.”

Did you see the word “avoid” there? That’s what the company is apparently hanging its hat on. And the argument sounds clever, until you actually think about the DMCA and what it says.

One has to read the DMCA prohibitions on avoiding, bypassing, removing, deactivating, or impairing technological measures along with the terms immediately preceding, namely, descrambling and decrypting. These prohibited activities share a common theme of some sort of active disabling of the technology, not simply choosing not to use an available technology.

There’s a maxim that Aristotle probably made up called sui generis that lawyers and courts are supposed to use when interpreting statutes. Essentially, when you see a group of terms together in a statute, one is to attribute a common meaning to those terms. Interpreting the meaning of “to avoid” in the way that this company suggests would not be consistent with this principle.

I sincerely hope to not see any reported decisions on these facts.

Hefty award to Sony in action against seller of PlayStation 2 “mod chips”

Court awards over $6 million in DMCA statutory damages

Defendant Filipiak ran an online business that sold, among other things, “mod chips” that allowed Sony PlayStation and PlayStation 2 consoles to play copied games. Sony filed suit against Filipiak under the Digital Millennium Copyright Act (“DMCA”), which makes it illegal to sell any device that is primarily designed or produced to circumvent a technological measure that effectively controls access to copyrighted works. 17 U.S.C. §1201(a)(2).

Filipiak stipulated to liability for selling circumvention devices. The court awarded Sony over $6 million in statutory damages under 17 U.S.C. §1203(c)(3)(A), which provides that

At any time before final judgment is entered, a complaining party may elect to recover an award of statutory damages for each violation of [17 U.S.C. § 1201] in the sum of not less than $200 or more than $2,500 per act of circumvention, device, product, component, offer, or performance of service, as the court considers just.

The court drew a number of noteworthy conclusions in arriving at the damages figure. First, it held that §1203(c)(3)(A) authorizes a separate award of statutory damages for each device sold. (Filipiak had sold thousands of devices.) Next, the court looked to §504 of the Copyright Act (17 U.S.C. §504) to help it construe the meaning of the word “just” as it appears in §1203. No previous case had construed the meaning of the term in §1203, so the attorney’s fees provision of §504 provided guidance.

The amount of damages was calculated by awarding $800 per mod chip sold before June 12, 2004, and the full amount of $2,500 per mod chip sold after June 12, 2004. On that date, Filipiak had signed a stipulated injunction in which he agreed to discontinue sales of the chips and related software. The court concluded that the sales made after Filipiak signed the agreement constituted a willful violation of the DMCA, thus justifying a higher amount of statutory damages.

Sony Computer Entertainment America, Inc. v. Filipiak, (Slip. Op.) 2005 WL 3556676 (N.D. Cal., December 27, 2005).

Technorati:




Unauthorized use of username and password not a “circumvention” under DMCA

The recent case of Egilman v. Keller & Heckman LLP addressed a close question arising under a provision of the Digital Millennium Copyright Act (“DMCA”) found at 17 U.S.C. § 1201. The issue was whether accessing a computer system through the unauthorized use of a valid username and password constitutes an unlawful circumvention of a technological measure. The court held that such conduct is not “circumvention,” and thus not a violation of the DMCA.

Plaintiff Egilman maintained a website that was only available to visitors who entered a correct username and password. He had employed such measures so that only certain people (e.g., his students) would have access. Egilman alleged that, without authorization, the defendants obtained the correct username and password combination, and subsequently gained “improper and illegal” access to the site. He filed suit in federal court asserting, among other things, that the use of the unauthorized username and password was an illegal circumvention of a technological measure, in violation of 17 U.S.C. § 1201.

One defendant moved to dismiss for failure to state a claim, and the others moved for judgment on the pleadings. The court granted the motions.

An essential fact that drove the court’s holding was that the username and password which the defendants allegedly used were the actual username and password which the plaintiff had chosen to protect his website from unauthorized access. For this reason, the defendants were alleged to have merely “used” the technological measure put in place by the plaintiff, and not to have “circumvented” the measure. The court specifically adopted the language and analysis of the case of I.M.S. Inquiry Mgmt. Sys., Ltd. v. Berkshire Info. Sys., Inc., 307 F.Supp.2d 521 (S.D.N.Y. 2004), a case with similar facts and issues.

Quoting from I.M.S., the court stated:

Whatever the impropriety of defendant’s conduct, the DMCA and the anti-circumvention provision at issue do not target the unauthorized use of a password intentionally issued by plaintiff to another entity.

The court went so far as to say:

It was irrelevant who provided the username/password combination to the defendant, or, given that the combination itself was legitimate, how it was obtained. (Emphasis added.)

With this last statement, namely, that the means by which the username and password are obtained is irrelevant, did the court adjudicate a loophole in Section 1201? What if a defendant uses technological means to guess a username and crack a password? In that case, the defendant would ultimately be using the plaintiff’s intended username and password, and thus, according to the court, would merely be “using” and not “circumventing” a technological measure. In such a case, could one really say that for purposes of a Section 1201 analysis, how a username and password are obtained is irrelevant?

Egilman v. Keller & Heckman, LLP, — F.Supp.2d —, 2005 WL 3077260 (D.D.C., November 10, 2005).

[Text of opinion]

Technorati:


Circumvention