Website operator not liable for copyright infringement despite lack of DMCA safe harbor protection

Online platforms that allow user-generated content should take advantage of the safe harbor provisions of the Digital Millennium Copyright Act (DMCA), which protect the platform in the event of a third party claim of copyright infringement over the user-generated content. But the recent case of BWP Media USA, Inc. v. T&S Software Associates, Inc., 2016 WL 1248908 (N.D. Tex., March 25, 2016) shows that a platform may still avoid liability for infringement even if it has not availed itself of the benefits of the DMCA.

Plaintiff copyright holders sued defendant online forum board operator for direct and vicarious copyright infringement, over photos uploaded by users of the online forum board. Defendant moved for summary judgment. The court granted the motion. The defendant successfully defeated these claims of copyright infringement even though it had not met the DMCA safe harbor requirement of designating an agent with the Copyright Office to receive takedown notices.

Direct Infringement

The court found there was no triable issue on plaintiffs’ claim that defendant was liable for direct infringement, because the parties did not dispute that defendant played no direct role in uploading the photos. Citing the seminal case of Religious Tech. Ctr. v. Netcom OnLine Comm’cn Servs., 907 F, Supp. 1361 (N.D.Cal. 1995), the court observed that “making an internet company liable for direct copyright infringement simply because it gave users access to copyrighted material posted by others would create unreasonable liability.”

Vicarious Liability

A defendant may be vicariously liable for copyright infringement where it “profits directly from the infringement and has a right and ability to supervise the direct infringer, even if the defendant initially lacks knowledge of the infringement.” Metro-Goldwyn-Mayer Studios, Inc. v. Grokster, Ltd., 545 U.S. 913, 930 (2005). In this case, the court found that although plaintiffs contended that (1) the copyrighted photographs were displayed alongside paid advertising, (2) defendant received revenue from the paid advertising on its forum, and (3) the revenue received was based, in part, on the website traffic, plaintiff failed to point to any evidence in the record showing that defendant directly profited from the infringing conduct.

Observation: DMCA Safe Harbor Not Needed Here

Online service providers that make their platforms available for the storage of user-generated content (even if such ability is trivial, e.g., allowing users to upload profile pictures) are encouraged to take the appropriate steps to place the service provider within the protections of DMCA safe harbor. These steps include providing appropriate information in the platform’s terms of service, employing internal processes to handle takedown requests and repeat infringers, having a plan in place for dealing with counternotifications, and designating an agent with the Copyright Office to receive takedown notices. Being in the safe harbor means that the service provider has an affirmative defense if it is sued by a third party copyright holder for infringement causaed by the platform’s users.

Many have mistakenly believed that if a service provider fails to get safe harbor protection, it is automatically liable for infringement occasioned by user generated content uploaded to the service. That is not true, and the BWP Media case serves as an example. A copyright-owning plaintiff must still establish the elements of infringement against the service provider — whether for direct infringement or under a theory of secondary liability (like vicarious infringement) — even if the defendant does not find itself within the DMCA safe harbor.

BWP Media USA, Inc. v. T&S Software Associates, Inc., 2016 WL 1248908 (N.D. Tex., March 25, 2016)


Evan_BrownAbout the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

Digital locker service not liable for copyright infringement based on user download of unlicensed ebook

digital locker

A boon for cloud service providers: Court decision protects locker service from infringement over user’s storage and downloading of unlicensed copy of ebook.

Plaintiff-author granted a license to defendant-digital locker service, authorizing users of defendant’s services to store and download sample copies of plaintiff’s ebook. Plaintiff later terminated the license. On two separate occasions, one of defendant’s customers — who had acquired a sample copy of the ebook during the license period — downloaded her sample copy from defendant’s locker storage service and onto her e-reader device. Plaintiff filed suit, claiming these post-license termination customer downloads amounted to direct and contributory infringement by the file locker service.

Both parties moved for summary judgment. The court granted defendant’s motion and denied plaintiff’s motion.

As to the question of direct infringement, the court relied heavily on Cartoon Network v. CSC Holdings, 536 F.3d 121 (2nd Cir. 2008) to hold that a lack of evidence of defendant’s “volitional conduct” in distributing and reproducing the downloaded copies precluded a claim for direct infringement. Quoting from Capitol Records v. ReDigi, 934 F.Supp.2d 640 (S.D.N.Y. 2013), the court found that defendant “did not have a ‘fundamental and deliberate role,” such that it was transformed ‘from a passive provider of a space in which infringing activities happened to occur to an active participant in the process of copyright infringement.’”

Plaintiff’s contributory infringement claim failed under the “substantial noninfringing uses” test (the “Sony-Betamax Rule”) set out in Sony v. Universal, 464 U.S. 417 (1984). The court held that defendant could not be held liable for contributory infringement because its digital locker systems was capable of substantial non-infringing uses, and indeed was used for commercially significant noninfringing uses.

Smith v. BarnesandNoble.com, No. 2015 WL 6681145 (S.D.N.Y. Nov. 2, 2015)

Evan Brown is a Chicago attorney helping clients in matters dealing with copyright, technology, the internet and new media. Call him at (630) 362-7237, send email to ebrown [at] internetcases dot com, or follow him on Twitter @internetcases

Photo courtesy of Flickr user Alex Thomson under this Creative Commons license.

Is a DMCA subpoena to identify unknown infringers valid if the infringement has ended?

The Digital Millennium Copyright Act (“DMCA”) is well-known for its notice and takedown provisions. But the DMCA provides a number of other interesting mechanisms, including a procedure for potential copyright plaintiffs to send subpoenas to online service providers to learn the identity of users who posted infringing content to that service. A recent case involving some subpoenas that a copyright owner sent to eBay examines the relationship between the notice and takedown procedures on one hand, and the subpoena mechanism on the other. The question before the court was whether a DMCA subpoena is valid if, by the time it is served on the online service provider, that online service provider has already removed or has disabled access to that content.

Section 512(h) (17 U.S.C. 512(h)) spells out the DMCA subpoena process, and how it relates to the notice and takedown provisions. An online service provider must act expeditiously to identify the user who uploaded infringing content “[u]pon receipt of the issued subpoena, either accompanying or subsequent to the receipt of a [takedown request].” That plain language seems straightforward — an online service provider has to provide the identifying information in response to any subpoena it receives either with or subsequent to a takedown notice.

But it was not so straightforward in a 2011 case, where some confusing facts made for some confusing law. In Maximized Living, Inc., v. Google, Inc., 2011 WL 6749017 (N.D. Cal. December 22, 2011), the copyright holder sent a subpoena to the online service provider after the copyright holder had sent a DMCA takedown notice. That would appear to comport with the statute — the subpoena came subsequent to the takedown notice. But the problem in that case was that the takedown notice was not valid. By the time it was sent, the alleged infringer had already removed the infringing content. From that, the Maximized Living case pronounced that “the subpoena power of §512(h) is limited to currently infringing activity and does not reach former infringing activity that has ceased and thus can no longer be removed or disabled.”

In the recent case of In re DMCA Subpoena to eBay, Inc., eBay, as the recipient of subpoenas to identify some of its users, picked up on the Maximized Living holding to argue that it did not have to answer the subpoenas because it had already taken down the offending content pursuant to previous takedown notices. Since the subpoenas did not relate to “currently infringing activity,” eBay argued à la Maximized Living, that the subpoenas had not been issued under §512(h)’s power and were therefore invalid.

The court rejected eBay’s argument. The key distinction in this case was that, unlike in Maximized Living, the takedown notices in this case, when they issued, related to content that was on the eBay servers at the time the takedown notices were issued. Granted, some of those takedown notices went all the way back to early 2012 (query whether the subpoena should be valid if it would only uncover the identity of an infringer for whom the 3-year copyright statute of limitations had passed; but that wasn’t before the court).

So to simply state the rule in this case — for a DMCA subpoena to be valid, it has to relate to a valid DMCA takedown notice. That DMCA takedown notice is not valid unless it was served at a time when infringing content resided on the service. An online service provider cannot avoid the obligation of responding to a subpoena by taking down the content, thereby causing there to be no “currently infringing activity”. Such a rule would, as the court observed, cause the online service provider’s safe harbor protection to also shield the alleged infringer from being identified. That would indeed be an odd application of the DMCA’s protection. The court in this case avoided that outcome.

In re DMCA Subpoena to eBay, Inc., 2015 WL 3555270 (S.D. Cal. June 5, 2015).

Evan Brown is a Chicago attorney helping clients in matters dealing with copyright, technology, the internet and new media. Call him at (630) 362-7237, send email to ebrown [at] internetcases dot com, or follow him on Twitter @internetcases

Photo courtesy of Flickr user Thomas Galvez under this Creative Commons license.

GitHub jeopardizes its DMCA safe harbor status by launching its new policy

GitHub has baked in some feelgood to its new DMCA takedown policy. The new setup features clearer language, a refusal to automatically disable all forks of an allegedly infringing repository, and a 24-hour window in which the target of a takedown notice may make changes. The mechanisms of this third point ought to cause one to consider whether GitHub is risking the protections of the DMCA safe harbor.

If a DMCA takedown notice alleges that only certain files (as opposed to the whole repository) infringe, under the new policy, GitHub “will contact the user who created the repository and give them approximately 24 hours to delete or modify the content specified in the notice.” If the user makes changes to the repository, the burden shifts back to the sender of the DMCA notice. This shifing-the-burden-back seems problematic under the DMCA.

GitHub’s policy says:

If the user makes changes, the copyright owner must review them and renew or revise their takedown notice if the changes are insufficient. GitHub will not take any further action unless the copyright owner contacts us to either renew the original takedown notice or submit a revised one. If the copyright owner is satisfied with the changes, they may either submit a formal retraction or else do nothing. GitHub will interpret silence longer than two weeks as an implied retraction of the takedown notice.

The DMCA protects a party in GitHub’s position so long as the party “responds expeditiously to remove, or disable access to, the material that is claimed to be infringing upon notification of claimed infringement”. Read that provision carefully — the response must be to take down, not merely take steps to work with the alleged infringer to make it right. GitHub’s new mechanism of interpreting silence as a retraction is not an expeditious removal of or disabling access to allegedly infringing material. Nothing in the DMCA requires the sender of the takedown notice to have to ask twice.

You’ve got to hand it to GitHub for trying to make the world a better place through this new policy. The intended net effect is to reduce the number of instances in which entire repositories are taken down simply because of a few allegedly infringing files. But GitHub is putting something of great value, namely, its DMCA safe harbor protection, at risk.

Many copyright plaintiffs look for every possible angle to pin liability. You can almost be certain that a copyright owner will challenge GitHub’s safe harbor status on the ground that GitHub did not respond expeditiously. It seems odd GitHub would be willing to toss a perfectly good affirmative defense. One would think the better approach would be to go ahead and take the repository down after 24 hours, rather than leaving it up and risk a finding on “non-expeditiousness”.

Related:

Microsoft letter to GitHub over DRM-free music software is not the first copyright-ironic action against an intermediary

Evan Brown is an attorney in Chicago advising clients on matters dealing with copyright, technology, the internet and new media.

1 2 3 4 5 22 23 24