Tag Archive for copyright

Understanding DMCA Safe Harbors

November 10, 2009 Intellectual Property 2 comments

I briefly discussed the DMCA safe harbors in a previous post. However, considering the complexity of the safe harbors (and at the behest of Washu over at Gamedev.net) some elaboration is necessary.

What are the safe harbors?

Simply put, the safe harbors limit the liability of certain online service providers from copyright infringement claims. Protected service providers include ISPs, carriers, and websites that transmit or store user content. For instance, a website like youtube.com, which hosts user-generated video content, almost certainly falls under the DMCA safe harbor. Similarly your ISP or internet carrier, be it Comcast, Qwest, or Time Warner, would theoretically be protected under the safe harbor. The limitation of liability does not mean that absolutely no liability exists, but it does provide certain protections to those providers who exercise limited control over user content and the use of their services.

The History

Congress recognized the need for safe harbors years before the advent of the DMCA. As demonstrated in the passing of the "passive carrier" section of the 1976 Copyright Act (17 U.S.C. 111(a)(3)), Congress realized that services like telephones and cable providers could potentially be held liable for copyright infringement to the extent that their services were used to relay infringing content. The Internet further demonstrated the need for these protections because of the sheer quantity of content that could be transmitted through those same cable and phone lines. Both the courts and Congress decided that a line needed to be drawn in the case of internet websites, Usenet, and other automated systems by which content could be automatically reproduced and distributed without control or action by the original website or Usenet creator.

Thus under the umbrella of the DMCA, the Online Copyright Infringement Liability Limitation Act was enacted. The act created safe harbors for four "types" of services providers: (1) the ISPs and infrastructure providers who transmitted packets of information; (2) the carriers that cached content to speed up transmission; (3) the websites and service providers that allowed users to upload their own content; and (4) search engines that host links and thumbnails to content.

The Four Types

Transmission. The first exception applies to internet carriers that transmit and in some cases temporarily store and/or copy packets of information for the purpose of allowing users to connect through the network to websites, FTP hosts, and the like. Essentially the first safe harbor applies to the network infrastructure provider that allows your computer or console to connect to whatever it is you're trying to connect to. Without this safe harbor ISPs would be potentially liable for any infringement that occurred on their system depending on the method of transmission.

Caching. Similarly ISPs who cache (e.g. store and save) data on their systems so that previously visited websites load faster for a user are granted limited liability. Certain requirements must be met for this safe harbor to apply, which will be discussed below.

User Generated Content. The third exception, and the one that generally receives the most attention, applies to websites and service providers that permit users to automatically store content on the website/service provider's server or system. In this case even more requirements must be met, including the registration of a DMCA agent with the Copyright office.

Search Engines. The last exception applies to search engines, directories, indexes, references, and other internet tools that link to websites or online data containing infringing content.

Qualifying for Safe Harbor Protection

As a Transmission service provider. It's unlikely that this will apply to anyone reading this blog, but people may still be interested in learning how their ISP can limit their copyright infringement liability:

  • The service provider can't initiate the transmission—this should be obvious. If the provider is the one transmitting infringing content, they're direct infringers.
  • The transmission must be an automated technical process that doesn't filter or select material. If the ISP engages in a selection or editing process in the course of transmission they may lose their limited liability (which raises some truly fascinating questions in the Net Neutrality argument).
  • The ISP can't choose who receives the material—the process must be automatic and it must be in response to a request from an end user.
  • The next qualification has two parts: first, transmitted information on the system can't be stored in a manner that would normally allow accessibility to the content by anyone other than the requesting end user; second, the information can't be stored for longer than is necessary for the transmission to the requesting end user.
  • ISPs can't modify the content in the course of transmission.

If you're caching data and content. Caching can occur at any point between request and transmission, so it's necessary to break down the players in the caching game: (1) content providers; (2) service providers; and (3) end users. It's necessary to note here that a service provider can include any site that caches user data to make logging in or other preferences readily available to the user, including site like Ebay and Amazon. Unfortunately this safe harbor is a bit convoluted, but I'll try to clarify the key points:

  • Content must be provided by someone other than the service provider. This is nothing new and is identical to the first requirement for the transmission safe harbor.
  • The system in place must be fully automated for the purpose of making material available to system users/end users.
  • The service provider can't modify the content stored on its system.
  • This is where things get tricky: the service provider must also comply with rules concerning the "refreshing, reloading, or other updating of the material when specified by the person making the material available". Ordinarily this could be exploited—for instance, an infringing content provider could establish rules that require a page to refresh every millisecond so as to make caching useless. There is fortunately a limitation to unreasonable rules. If the rules unreasonably limit or impair intermediate storage they will not interfere with the limited liability of the caching service provider.
  • Provided that the technology associated with the content doesn't (1) unreasonably impair caching (2) go against industry standards or (3) phish or extract data from the server provider's system (except already available information), a service provider who caches that content can't interfere or alter the functionality of the technology associated with the content.
  • The service provider must comply with the content provider's access conditions with respect to individual users. For instance, the content provider may require a password or fee before cached information can be received by the end user.
  • If the content provider is himself infringing, the service provider must respond promptly to notification of infringement and remove or disable the infringing material. However, because caching must be automatic, this requirement is only necessary if (1) the infringing content has been removed from the originating site and (2) the notifying party (e.g., the copyright owner) includes in the notification a statement concerning removal of infringing content on the originating site.

If users can upload and store content. This is where sites like Veoh, YouTube, and other services that permit users to upload their own content come into play. It also includes webhosts like geocities, and blog hosts like WordPress and TypePad, that enable users to store and share content on their servers. It can even apply to forums, chat rooms, and anywhere else where users designate what is uploaded or stored on the service provider's system. This safe harbor has three major requirements:

  • The service provider cannot have knowledge of the infringement. The actual knowledge requirement provides a significant safe guard to service providers—simply being told that certain content may be infringing is rarely sufficient, and those providing notification of infringement may be required to provide appropriate available evidence in support of an infringement claim.
  • The next requirement has two parts: (1) the service provider cannot receive any direct financial benefit from the infringement, and (2) the service provider cannot have any right or ability to control infringing activity. Both parts require some elaboration. In terms of direct financial benefit, a service provider may, for example, obtain a one-time registration fee or a monthly subscription fee from an infringing user without running afoul of the safe harbor. Courts generally take a common sense approach to the financial benefit requirement and have ruled that the benefit must result directly from the infringing activity, and not generally from the user's access to the service. In terms of control, it typically must exceed the ability to block or disable content—this is common sense in light of take down notifications, discussed below. Courts have gone so far as to hold that the voluntary practice of limited monitoring to screen obvious infringements doesn't amount to control. However, the question of "control" can become a slippery slope, so monitor at your own risk.
  • As with caching, if the service provider receives adequate notification of infringement (including infringement that is patently obvious, regardless of whether the copyright owner has given notification), the service provider must take down the infringing content to qualify for limited liability. Although a service provider may refuse to take down content in response to a take down notice if it is clear to the service provider that the content is not infringing, the service provider loses protection under the safe harbor and must avail itself to the defenses that would cause the content to be non-infringing.

Linking to infringing content. This is in some ways the easiest safe harbor to understand. The infringing activity doesn't occur on any server, host, or system created by the service provider. Instead, the service provider provides an html link to content that is not hosted by the service provider. The qualification are thus fairly straightforward:

  • The service provider must lack knowledge of the infringement. Even if the service provider lacks actual knowledge of the infringement it may still lose its safe harbor protection if the service provider is aware of facts or circumstances that make infringement obvious. If the service provider receive knowledge of infringement, it must disable or block the link.
  • The service provider cannot receive a direct financial benefit from the infringement. However, this requirement is only applicable if the service provider has the right or ability to control infringing activity.
  • If the service provider receives notice of infringement, they must promptly remove the link.

Notification Requirements

What must a web site do when requiring notification? Below is a very rough outline of what the DMCA Notification portion of your Terms of Service should look like if you own or operate a web site that contains a forum or other mechanism that permits users to upload content:

  • Formalities: The notification must include (1) the signature of the copyright owner or a person authorized to act on behalf of the owner; (2) the notification must state that the complaining individual is authorized to do so; (3) the complaining individual must make a statement asserting that they believe in good faith that the content is infringing;
  • Identification of the copyrighted work and infringing material: The notification must link to or include copies of the copyrighted work, or otherwise appropriately describe the content. The complaining party must also link to or otherwise direct the DMCA agent to the content that infringes on the copyrighted work in question. Note that in both of these cases, the material provided must be enough for the DMCA agent to identify and locate the content.
  • Service on a designated agent: The web site MUST have a designated agent registered with the Copyright Office, and must provide the contact information for that agent.

Exercising  Caution When Sending Notifications

One important aspect of the notification requirement is a "good faith" belief that the material is infringing. Courts have found that this includes taking into account valid fair use defenses before submitting the notification. 17 U.S.C. 512(f)(2) holds complainants liable when they misrepresent an infringement. In those cases the the complainant is accountable for damages, costs, and attorneys' fees. 


Copyright Registration Problems: Alleviating backlog worries

May 21, 2009 Intellectual Property No comments

    An article in the Washington Post raised numerous issues concerning the new electronic copyright registration system. While the system definitely needs work, the belief that this problem is prohibiting people from marketing, publishing, or otherwise exploiting their creative ventures is misguided. Copyright protection is automatic from the time the work is fixed in a tangible medium. This means that once you create your work and put it in a fixed form (including computer files) your work is protected. While registration is necessary to enforce a copyright in court failing to register does not mean that people can openly copy or otherwise pirate your work without your permission. There are benefits to registering early, including statutory damages and attorneys’ fees awards. However, because copyright registrations backdates to the time it was registered (i.e., put in the hands of the copyright office) and not at the time of certificate issuance, the fear that the benefit of early registration will be lost because of the backlog is without merit.

    We can hope that the online system will be updated soon. In the mean time it is important to bear in mind the benefits of registration, regardless of when you obtain the actual certificate.

    Copyright attorney John E. Grant wrote extensively on this topic. If you would like to learn more, check his blog.

The Pirate Bay Ruling

April 17, 2009 Current Affairs No comments

    A Swedish court handed down The Pirate Bay ruling today, convicting four administrators of The Pirate Bay website (namely Fredrik Neij, Gottfrid Svartholm Warg and Peter Sunde). The reason for the judgment is probably in no small part due to the ideology espoused by The Pirate Bay operators and the notoriety the site enjoys. The Pirate Bay website provides both a search engine for torrent files and runs BitTorrent trackers for the files listed. The conviction included somewhere in the vicinity of $3.5 million in fees, to be awarded to various studios and record companies, and a one year prison sentence. Currently the site is still up and the men are still walking free pending further proceedings. It may be years before a final determination is made on appeal. The ruling raises a whole mess of legal issues, not the least of which is the effect this will have on BitTorrent technology and the repercussions of linking to infringing material.

    BitTorrent

    BitTorrent is a file sharing protocol that enables rapid downloads without putting a great burden on any one particular host. It starts with the creation of a torrent file that contains metadata about the torrent tracker (the only central point in the process and the server that connects peers and coordinates distribution of data) and information about the file a client wants to access. Note that the torrent file doesn't contain copyrighted material—it only contains parameters that can identify pieces of data from that file on the tracker's network. To access the file a user must download the torrent and connect to the specified tracker that then designates how the bits of data are downloaded from various peers on the network. Once a piece of data is taken from the seed that piece of data can be shared from peer to peer and each piece can be downloaded from a variety of peers.

    The advantage of this file-sharing technique is that it puts less strain on the content provider and it reduces strain on individual peers—instead of downloading one large file from one host or peer, small data requests are sent out on the network and are downloaded from multiple sources. The protocol does more than bypass the original content provider/copyright owner (although it can and has been used for that purpose). It reduces the cost to content providers and, in the case of secure trackers like the one used by the World of Warcraft downloader, it can provide a faster downloading mechanism to rapidly distribute patches and updates.

    This raises a major point. The BitTorrent protocol wasn't on trial here.

BitTorrent, Inc. (the developer of the protocol) is a San Francisco, CA company that has licenses from various media providers to share hundreds of shows, songs and films through its website and search engine. Trackers can be private and secure—their primary function is to list and sort the IP addresses of peers and coordinate what downloads from where, and they're necessary for the BitTorrent protocol to function.

    The Pirate Bay

    The Pirate Bay was created in 2003 by the Swedish anti Copyright group Piratbyrån and later separated as its own organization. It utilizes OpenTracker software to coordinate communication between peers. While anyone can download torrents from the site, only registered users can upload torrents and post comments and messages. The Pirate Bay is a bit antagonistic when it comes to legal threats—in one memorable reply to a take-down notice from DreamWorks SKG, "It is the opinion of us and our lawyers that you are ……. morons, and that you should please go sodomize yourself with retractable batons."

    The Pirate Bay strongly held to its belief that it was immune from suit because, up until 2005, Sweden had some fairly lenient copyright laws. Previously it was legal in Sweden to copy and distribute unauthorized copyrighted works through the Internet. However, the EC Directive on aspects of copyright and related rights in the information society forced Sweden to adopt laws criminalizing this conduct. This put Sweden more in line with EU and US law. However, Swedish law doesn't really distinguish between criminal and civil litigation, and the Swedish Copyright Legislation lacks the safe harbors for ISPs and website operators provided for in 17 U.S.C. § 512. Because The Pirate Bay made it a point to be as visible as possible they were the first to fall under the proverbial Axe.

    The Charges

     Investigation into The Pirate Bay began in 2006. The prosecution of The Pirate Bay began with two charges under Chapter 7 of the Swedish Copyright Legislation. The two charges included "assisting copyright infringement," and "assisting making available copyrighted material." The first charge for assisting copyright infringement was later dropped and The Pirate Bay administrators were only charged with assisting making available copyrighted materials.

    The Trial

    The Trial took place in February 2009 and lasted for nine days. During the trial, if the Internet is to be believed, The Pirate Bay received ample support and held fast to its defense: no copyrighted material at any time existed on The Pirate Bay's servers and neither the site nor its operators committed copyright infringement. They also contended that search engines such as Google can perform the same function as The Pirate Bay. 

    The Outcome

    None the less, as of today the Court found that The Pirate Bay did assist in making available copyrighted material by  creating a "sophisticated" search function and acting as a torrent tracker for what was predominantly unauthorized copyrighted material. From an outside perspective this seems more a matter of politicking than actual justice–Swedish prosecutors and Courts were under pressure to enforce new copyright laws. The Pirate Bay is a highly visible and vocal website with a massive community that contained links to torrents that lead to a lot of unauthorized copyrighted works. They made a good target.

      It's a sticky, quicksand kind of issue because the technology can be extraordinarily decentralized and a website could do nothing more than act as an internet search engine (i.e. Google) and provide similar functionality as The Pirate Bay. In that argument The Pirate Bay is certainly correct. Many torrents operate on a "trackerless" system that makes each peer a tracker, so all you need to do is find a torrent on Google, download it and open it in a BitTorrent client. No one is going to shut down BitTorrent or try to prohibit BitTorrent protocol because the clients are functional beyond circumventing content owners and many content providers use BitTorrent protocol. Certainly no one's going to shut down Google.

    The frightening but somewhat expected outcome of this ruling is the suggestion that merely providing a hyperlink to a file or site that will probably lead to unauthorized copyrighted works is contributory infringement if you express a particular ideology. One could argue that The Pirate Bay was prosecuted because of its political affiliation.

    This could raise a freedom of speech issue.

    The Pirate Bay prided itself in its piracy. It promotes a particular ideology in copyright reform: that the current state of copyright law is a grossly exaggerated shield to protect major content providers as opposed to promoting individual contribution to the intellectual marketplace. There is a very active and very real political party in Sweden that expresses this ideology. The Pirate Bay operated under the protection of Sweden's liberal copyright laws for over two years before what they viewed as their right to freely distribute content on the Internet was removed.

    The outcome for now looks dim and strange, but it is by no means certain.

« Older Entries   Recent Entries »