The Internet poses fundamental challenges to traditional copyright law due to the way it works. The standard operation of the Internet potentially creates broad liability under copyright law both for a company’s own acts and for acts by unrelated third parties. The Internet was originally designed as a decentralized network for use by military and academics; engineering efficiency rather than potential legal issues were the focus of its designers. As the Internet has become a mass medium, the legal issues have become of critical importance. The Digital Millennium Copyright Act ("DMCA") was enacted to strike a balance between content owners and users in this new medium. This article will review the results of three of the most important cases under the DMCA.

To understand the scope of the problem, a brief review of copyright law is useful. Copyright law imposes "absolute liability" for violation of the five traditional copyright rights: reproduction, distribution, modification, public performance and public display. Such liability is described as "absolute" because the copyright owner can receive both injunctive relief (a court order to stop the infringement) and monetary damages whether or not the person violating such rights did so intentionally or by accident. For example, if a company uses Madonna’s recording of "Material Girl" as background music for its product demonstration at a trade show, the company has violated the public performance right (as well as probably the reproduction right) in the song, whether or not it intended to do so.

Copyright law also imposes liability for actions of third parties in certain circumstances; this liability consists of two different types: vicarious or contributory infringement. "Vicarious infringement" liability is imposed when someone has infringed the copyright owner’s rights and the party being sued ("Defendant") has a relationship with the actual infringer which makes it unfair not to impose liability on the Defendant. Typically, the Defendant must have the "right and ability to supervise" the infringer and an "obvious and direct financial interest" in the infringement. The most common type of vicarious liability is a nightclub owner who benefits financially by selling more tickets when a band performs music in his nightclub. If the band fails to obtain a "public performance" license for its songs, the band is liable for "direct" infringement of the public performance right of the musical composition. But is the nightclub owner liable? Even though the nightclub owner does not play the songs or control which songs are played, he is a "vicarious infringer" because he benefits financially through increased attendance at his nightclub and he has the ability to control the band. "Contributory infringement" liability is imposed when the defendant knowingly induces, causes or materially contributes to the infringing conduct. Examples of "contributory infringement" tend to be less common than vicarious infringement: one example was a bulletin board operator who encouraged members to "upload" pirated versions of videogames for "credit" to download other videogames.1

The Internet can potentially impose all three types of liability on the numerous intermediary parties (such as Internet service providers, web hosting companies and website operators) because of its method of operation. For example, a message posted to a Usenet group is "copied" by the thousands of servers owned by different parties who participate in distributing such messages. If a Usenet message includes copyrightable material without the permission of the copyright owner, the owner of each server might be liable for direct copyright infringement by permitting a copy of the message to be copied on its server. Some of these parties might also be liable for vicarious and contributory infringement. These issues were raised in the Religious Technology Center v. Netcom case.2

The Church of Scientology through its Religious Technology Center sued three parties: an individual who posted a copy of one of their internal documents to a Usenet group (Ehrlich), the bulletin board operator who accepted the posting (Klemesrud) and the Internet service provider which provided the bulletin board operator access to the Internet (Netcom). The judge refused to find Klemesrud or Netcom liable for direct and vicarious infringement but left open the possibility of liability for contributory liability. The case against the intermediaries (Klemesrud and Netcom) later settled. Ehrlich was found liable for direct infringement.

The legal status of several other common Internet practices under copyright law is uncertain: many parties "cache" whole websites to make access to commonly used websites more rapid and many websites link to other websites. The DMCA was enacted in part to provide limited "safe harbors" for these problems.

I. Digital Millennium Copyright Act ("DMCA")

1. Overview. The DMCA was signed into law on October 28, 1998. The DMCA is the most important copyright legislation since the accession of the United States to the Berne Convention in 1988. The DMCA implements the terms of two World Intellectual Property Organization ("WIPO") treaties (The WIPO Copyright Treaty and the WIPO Performances and Phonograms Treaty, both signed in Geneva in December of 1996) and establishes certain safe harbors for common Internet activities.3 It has both immediate and long term effects: it provides immediate relief from monetary liability for certain common Internet activities through "safe harbor" provisions and establishes a legal framework for automated distribution of digital works in the future through its "black box" and copyright management information provisions. The provisions of the DMCA will be important to any company which does business on the Internet or provides products in digital form.

2. Internet Safe Harbors.

2.1 Summary of Safe Harbors. The section of the DMCA of broadest interest is new Section 512 (section references refer to Title 17 of the U.S. Code) which provides for a number of limitations on liability for certain categories of online service provider ("SP") activity. These "safe harbors" provide strong incentives for SPs to assist copyright owners in detecting and dealing with copyright infringements that take place in the digital networked environment. They also provide greater certainty to SPs concerning their legal exposure for monetary damages due to infringement by third parties that may occur in the course of an SP’s activities.

Unfortunately, the scope of many of these safe harbors is far from clear. The exemptions from liability that the DMCA creates are additional to any defense that an SP might have under copyright law or any other law. However, even if its activity does not come within the bounds of a safe harbor, an SP is not necessarily an infringer and can raise other traditional defenses such as fair use. Congress also noted that the existence of a safe harbor is not meant to suggest that the activity is an infringement.

2.2 Effect of Safe Harbors. If an SP’s activity qualifies for any of the safe harbors in the DMCA, then it is not liable for any monetary relief for claims of direct, vicarious or contributory copyright infringement based on that activity. Monetary relief includes damages, court costs, attorney’s fees, and any other form of monetary payment. These concerns about potential monetary liability for actions of third parties has been a core concern of Internet service providers and telecommunication providers. The DMCA permits limited injunctions against such activity instead of such monetary liability.

3. Safe Harbors: Summary. The conditions of these safe harbors are very complicated and the following is a brief summary of the nature of the safe harbor which are discussed in more detail below:

3.1 Conduit Functions. This safe harbor applies to an SP providing transmitting, routing or connections through a network (and intermediate and transient storage) of materials.4 The conditions are that the transmission was initiated by a third party, the functions were carried out automatically (without selection by the SP), a copy is maintained only so long as is reasonably necessary to perform these functions and the material is unchanged.

3.2 System Caching. This safe harbor applies to an SP who provides temporary or intermediate storage of materials on a network.5 The conditions are that the material be posted by a third party, that the process of storage and providing access to the stored material be automatic (without selection by the SP), the material must be unchanged, the material must be updated if required by the originating site (and if the technology meets certain standards), limited access to the material based on meeting certain conditions (such as payment or password) must be maintained and the "caching" must not interfere with providing information to the originating site (such as hits) if the technology for reporting such information meets certain criteria. The SP must also remove this material or disable access to it under certain circumstances if the originating site does not have the right to make the material available.

3.3 User Storage. This safe harbor applies to a SP which provides storage on its system for material at the request of a user.6 The conditions are that the SP must not have actual knowledge or reason to know that the material is infringing, does not receive a direct financial benefit from the infringing material residing on its system and promptly removes or disables access to the infringing material upon proper notice of potential infringement. The SP must have a designated agent on its website (and provide the name of the agent to the Copyright Office) to receive these notices. The safe harbor has detailed descriptions of the contents of the notice needed to trigger the "take down" procedures and a requirement that the subscriber be notified and permitted to provide a "counter notification" to keep the material available during a lawsuit.

3.4 Information Locator. This safe harbor applies to a SP who links or refers a user to a site with infringing material or infringing activity.7 The conditions are that the SP must not have actual knowledge or reason to know that the linked site is infringing, does not receive a direct financial benefit from the infringing activity and promptly removes or disables access to the infringing material or infringing activity upon proper notice of potential infringement.

The application of these safe harbors to educational institutions is subject to special rules because of the different roles that students and faculty play in such institutions. The DMCA also provides a procedure for requiring SPs to identify subscribers who are potential infringers to the relevant copyright owner through the use of a subpoena to a federal District Court. The safe harbors are each distinct and eligibility for one safe harbor does not imply eligibility for any other.

3.5 Definition of Service Provider. The DMCA’s definition of "service providers" who are eligible for these safe harbors is both complex and ambiguous. It also has a different scope for different safe harbors.8

3.5.1 "Conduit Communications." For the purposes of only the "Conduit Communications" safe harbor, an SP is any entity that "transmits, routs or provides connections for digital online communications, between or among points specified by a user, of material of the user’s choosing, without modifying to the content of the material as sent or received." This definition represents the notion of SP as "conduit", as derived from the definition of "telecommunications" found in the Communications Act of 1934. For instance, hosting a web site would not be within this definition. However, the provision of connectivity to a web site would be within this definition.

3.5.2 All Other Safe Harbors. For all of the other safe harbors, an SP is defined more broadly to include the "Conduit Communications" definition, as well as "providers of on line services or network access or the operators of facilities therefor." According to the legislative history, this definition would include services such as providing Internet access, e-mail, chat room and web page hosting services. This definition would include universities and schools to the extent that they perform the functions in the definition. The liability limitations apply to systems "operated by or for the service provider," thereby protecting both SPs who offer service and subcontractors of the SP who may operate parts of, or an entire system for another SP. This definition clearly includes the traditional Internet service providers and web hosting companies.

4. General Conditions for Eligibility for All of the Safe Harbors.

4.1 Termination Policy. To be eligible for any of the safe harbors, an SP must adopt, reasonably implement and inform its subscribers and account holders of a termination policy for repeat infringers.9 Congress recognized different degrees of copyright infringement: from inadvertent and non-commercial to intentional and commercial. Subscribers would include account holders that have "a sufficient business relationship" with the SP to justify treating them as subscribers even if the subscriber has no formal agreements. Examples of subscribers without formal agreements would include students who gain access through their university, employees who have access through their employment, and members of a household that share in the access of one household member’s user account through a subscription agreement. Congress intends to ensure that those who "flagrantly" abuse their access to the Internet through disrespect for the intellectual property rights of others will understand that they face a realistic threat of losing that access.

4.2 Accommodation of Technical Measures. In addition, to qualify for any DMCA safe harbor an SP must accommodate and not interfere with "standard technical measures" that are used by copyright owners to identify or protect copyrighted works.10 This provision is consistent with the "black box" and "copyright management information system" measures which establish a framework for automating digital distribution of copyrighted works. "Standard technical measures" are expressly limited to technical measures that (1) have been developed pursuant to a broad consensus of copyright owners and SPs in an "open, fair, voluntary, multi-industry standards process," (2) are available to any person on reasonable and nondiscriminatory terms, and (3) do not impose substantial costs on SPs or substantial burdens on their systems or networks.

Congress recognized that these technical measures could be developed both in recognized open standards bodies, a number of which have substantial experience with Internet issues, as well as in ad hoc groups, (such as those that were instrumental in the process that developed copy protection technology for digital video disk players). This requirement is part of the integration of "technical protection" into copyright law. Congress wished to encourage these types of technical solutions, and to encourage the commencement of discussions about their implementation.

4.3 Protection of Privacy. The DMCA also includes sections which reflects the concerns of privacy of Internet users.11 An SP is not required to access, remove or disable access to material in situations where that conduct is prohibited by law such as the Electronic Communications Privacy Act. Nevertheless, Congress notes that the DMCA is not intended to discourage SPs from monitoring its service for infringing material. An SP does not lose eligibility for the safe harbors solely because it engaged in a monitoring program.

II. Napster

The case of A&M Records, Inc. v. Napster, Inc.12 is one of the most valuable in interpreting the scope of the liability of website operators for actions by third parties on their sites. Due to the widespread coverage of this case, most people are familiar with Napster and how it operates. However, the nature of its operations are so critical to understanding the case that it will be reviewed briefly here.

Napster provides a platform for "peer-to-peer" sharing of musical files in the MP3 format. To access the Napster system, a user must first go to Napster’s website and download the music sharing software to his or her computer system. Once the music sharing software from Napster is installed, the user can access the Napster system. The user is required to register with Napster with a user name and password. If the registered user wants to list available files on his or her hard drive for transfer using the Napster system for others to access, he must first create a "user library" directory on his computer’s hard drive. The user then saves his MP3 files in the library directory using self-designated file names. He must next, then, log onto the Napster system using his user name and password. His music sharing software then searches his user library and verifies that the available files are properly formatted. If in the correct MP3 format, the names of the MP3 files would be uploaded from the user’s computer to the Napster servers. The MP3 files remain stored on the user’s computer. In other words, Napster, unlike MP3.com, has not stored the actual musical files which are shared through its system. Instead, Napster provides a "collective" directory. This directory is very fluid; it tracks users who are connected in real time displaying only file names that are immediately accessible. A registered user can search Napster’s collective directory to find files which he or she may wish to copy.

If a registered user wishes to obtain a copy of a file from another registered user’s hard drive, the connections are made directly to that hard drive. The file does not "pass" through the Napster system; it is downloaded directly from one computer to another over the Internet. This architecture is very important since it is "a modified" form of peer-to-peer architecture. And the existence of a collective central directory was very important for the court’s rulings in the case. It is also important to remember the file names are selected by the actual user, and not by Napster. In fact, the court noted that the file names may contain typographical errors or otherwise inadequate descriptions of the content of the files.

After considerable discovery, the district court held a hearing on a summary judgment motion. It’s very clear from the transcript of the hearing that Judge Patel was unsympathetic to Napster’s defenses. In fact, in a rather unusual move, Judge Patel granted a preliminary injunction motion orally from the bench at the end of the hearing. She found that Napster was liable on both vicarious and contributory infringement theories. In particular, she found that users of the Napster system violate the reproduction and distribution rights of copyright owners through their exchange of copies of files.13 Based on this direct infringement, Judge Patel went on to find that Napster had knowledge or reason to know of the direct infringement which is necessary for "contributory infringement". Although Napster defended this assertion based on its lack of knowledge of particular infringements, the court was unsympathetic to this defense because literally millions of files were exchanged every hour through the Napster system. In fact, the court found that Napster had both actual and constructive knowledge of the direct infringement. Actual knowledge was based in large part on comments by Napster's co-founder, Sean Parker, who stated that there is the "need to remain ignorant of users’ real names and IP addresses since they are exchanging pirated music," as well as the RIAA’s notice to Napster of 12,000 infringing files. The court found constructive notice on the basis of four factors: (a) Napster executives have recording industry experience; (b) Napster has a sophisticated understanding of intellectual property rights and has even sued to enforce its own rights; (c) Napster executives have downloaded copyrighted songs from the system; and (d) they promoted a site with ‘screen shots listing infringing files.’14

The court went on to find that Napster provided "the site and facilities" for the direct infringement, thus providing the required "material" contribution necessary to find "contributory infringement".

In finding Napster liable for vicarious infringement, the court found that Napster had a "direct financial interest" in the infringing activity because it acts as a draw for customers. Although Napster tried to defend this allegation on the basis that it was not making any money at the current time, the court was able to point to numerous instances in which the company made clear that it intended to derive its future revenues from increases in its user base. The court also found the necessary "right and ability to supervise" through Napster’s ability to block infringers' access to its system, as well as its user agreement which expressly permitted Napster to refuse service to anyone. Given this ability, the failure to police the system resulted in liability.

The court also dismissed a number of defenses. In a separate, earlier opinion, the district court had dismissed Napster’s attempt to assert the "conduit" safe harbor under the DMCA.15 This safe harbor applies to "service providers" who are transmitting, routing or connecting through a network. The court found that Napster was not eligible for this safe harbor because it had failed to post a copyright compliance policy as required for all of the safe harbors under the DMCA. In addition, the court found that Napster did not qualify for this safe harbor because transmission of files was not "through" the Napster system: all of the file transfers were done through the Internet. Therefore, Napster’s service does not "transmit" files. The court went on to reason that the Napster system also did not provide either routing or connections through a system or network "as required by the DMCA."

On appeal, Napster also raised a defense under the "Information Location Tools" safe harbor under the DMCA. The Ninth Circuit noted that the potential applications of this exemption raised a number of important new legal issues, but that the RIAA had raised a sufficiently serious question regarding Napster’s ability to obtain shelter under this safe harbor and that the RIAA had also demonstrated that the balance of hardship tips in its favor.16 The important issues noted by the Ninth Circuit relating to the application of this defense are: (1) whether Napster is a "service provider" as defined in Section 512, (2) whether copyright owners must provide an SP "official" notice of infringing activity in order for it to have knowledge awareness of infringing activity on its system, and (3) whether Napster complies with the requirement in Section 512(i) which requires the SP to have and enforce a detailed copyright compliance policy.

Napster also raised a number of other defenses unrelated to the DMCA. The two most important of these defenses are those under the Audio Home Recording Act of 1991 ("AHRA")17 and fair use based on the Sony v. Universal Studios ("Sony")18 case. The AHRA is a very complicated statute. Briefly, in return for the agreement of consumer electronics manufacturers to include a "serial copyright management system" in their digital recording devices, the statute provided a defense for consumers who make "non-commercial use" of such devices to make copies. This defense ultimately failed because the statute’s exemption did not apply to a system such as Napster which is based on exchanging files between hard drives across the Internet. This holding is not surprising since the statute was enacted for digital audio tape recorders in 1991 before the Internet existed.

A more serious defense was based on Sony.19 The Sony case deals with the very difficult issue of when should an article which has multiple uses (both infringing and non-infringing) be found liable for contributory infringement. In the Sony case, the "staple article of commerce" was a videocassette which could be used for infringing purposes to record movies (the action which formed the basis of the complaint) or non-infringing purposes to record programs whose copyright owners did not object (broadcasters of religious programs and sports events at that time did not object to such recording).

The issue is whether the Napster system has a "substantial or nonfringing use". In the Sony case, the Supreme Court found that the copying of movies by the users was fair use because the videocassette recorders permitted users to "time shift" their watching of the programs. The court did not address the possibility of individuals using video cassette recorders to create libraries of tapes. Since the plaintiffs represented a relatively small number of broadcasters and many broadcasters did not object to having their programs recorded at that time, the court found this time shifting was fair use and therefore there was no direct infringement by the users of the video cassette recorders. Consequently, there was no basis for contributory infringement liability by, Sony, the manufacturer of the video cassette recorders. Napster based its argument on three types of allegedly "non-infringing" use: "space shifting", "sampling," and "permissive use."20 The argument for space shifting was based on Napster’s argument that users employed the system to transfer their files from one computer to another or to another device. The proof of such use was very thin. Napster then asserted that "sampling," which permitted individuals to listen to music to which they would not normally have access, was a non-infringing use because the user would then go purchase CDs. The issue of whether the use of Napster system increased or decreased CD sales was one of the most hard-fought in the case. Ultimately, Judge Patel chose to believe the surveys provided by the RIAA that CD sales around colleges had dropped dramatically after the introduction of Napster. Consequently, the court found that this use was not a "fair use". Finally, the court dismissed the last proposed non-infringing use argument because the number of permissive users was relatively small. The court suggested that Napster could run its service solely for such permissive uses rather than providing access to copyrighted materials which they did not have permission to distribute.

The Ninth Circuit initially suspended the injunction against Napster. Ultimately, its ruling completely supported the findings of the district court. However, it did make some important distinctions in its reasoning. The most important of those distinctions was its analysis of the "substantial non-infringing uses" defense under Sony. The Ninth Circuit found that the district court placed "undue weight on the proportion of current infringing use as compared to current and future non-infringing use".21 Unfortunately, this part of this opinion provides little guidance as to how future (speculative) non-infringing uses are to be weighed against current infringing uses. Neither court provided guidance as to what is "substantial": is it half of the users? one-quarter of the users, etc. The Ninth Circuit also made clear that Napster could only be liable for controlling infringements within its "current architecture." This holding limited the scope of the broad injunction that had been issued by the district court.

Napster also raised a number of defenses including waiver, implied license and misuse. Though argued vigorously by Napster, these defenses were not taken seriously at either the district court or Ninth Circuit.22

After the Ninth Circuit decision, the district court issued a more limited injunction which will require Napster to filter out infringing files from its system. Since then Napster has repeatedly tried and failed to meet the district court’s standard for "filtering". In fact, the dispute is on appeal again to the Ninth Circuit, which has stated the district court’s ruling that Napster must have 100% compliance in order to continue to provide its service. The Ninth Circuit has not yet ruled on this second appeal.

The Napster decision provides an important guide to how the traditional principles of contributory and vicarious infringement will be applied on the Internet. However, given the well documented disrespect of Napster’s founders for copyright law and the millions of files that were exchanged regularly on the system, the result is not surprising. The decision has also made many professional investors very reluctant to invest in "peer-to-peer" technologies which could aid consumer use. The decision has not addressed the broader issue of pure "peer-to-peer" systems in which there is no central directory. It is not clear whether such a system would be governed by the Napster decision. However, the RIAA and MPAA have recently filed suit against three providers of pure "peer-to-peer" networks.

The second major case under the DMCA is the Universal City Studios, Inc. v. Shawn C. Reimerdes ("Reimerdes").23 The case involved a website run by Mr. Reimerdes, www.2600.net, which initially made available a copy of the program called DeCSS on the website. The DeCSS program decrypts the "contents scrambling system" (CSS) cryption imposed on DVDs. CSS involves encrypting according to an encrypting algorithm the digital sound and graphics files on a DVD that together constitute a motion picture. A CSS-protected DVD can be decrypted by an appropriate decryption algorithm employs a series of keys stored on the DVD and DVD player. In consequence, only a player’s drive containing the appropriate keys is able to decrypt DVD files and thereby play movies stored on DVDs. After being required to take down copies of the DeCSS program, Mr. Reimerdes then provided links from his website to other websites with the DeCSS program. Universal City Studios and other movie studios sued Mr. Reimerdes based on the "anticircumvention provisions" of the DMCA.24 This provision states :

  • "[N]o person shall . . . offer to the public, provide or otherwise traffic in any technology . . . that
  • is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to work protected under the Copyright Act;
  • has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to work protected under the Copyright Act; or
  • is marketed by that person or another acting in concert with that person with that person’s knowledge for use in circumventing a technological measure that effectively controls access to work protected under the Copyright Act."

By the time of the suit over 4,000 motion pictures have been released in the DVD format. DeCSS was created by a Norwegian teenager who reverse engineered a licensed DVD player and discovered the CSS encryption algorithm and keys. The DeCSS program decrypts encrypted DVDs thereby allowing playback on noncompliant computers as well as copying of decrypted files to computer hard drives. The author, Mr. Johansen, posted the code on his personal Internet website and it subsequently was reposted on the www.2600.net website. The court found that both providing the DeCSS program on its website and linking to websites that provided the DeCSS program violated the anti-trafficking section of the DMCA.

The defense was based on both a technical analysis of provisions of the DMCA and the First Amendment. The first defense asserted that CSS is not a technological means that "effectively" controls access to a copyrighted works and, thus, is not eligible for protection under the DMCA. The court rejected this defense as not supported by the legislative history which provides that if "in the ordinary course of its operation, a technology actually works in the defined way it ‘effectively controls access’ to a copyrighted work."25 The court noted that the defense is circular because any successful avoidance of a technological measure would mean that the measure was not "effective." The court also rejected an assertion that the primary function of DeCSS was not to circumvent CSS, but rather to permit DVDs to operate on the Linux operating system. The court noted that the "offering" or "providing" of the DeCSS program was prohibited and the motive of such offering is not relevant. The court also denied defenses based on the DMCA exceptions for reverse engineering since the DeCSS program was not developed "solely for the purpose" of achieving interoperability for a Linux DVD player.26 It also rejected defenses based on the encryption research and security testing exceptions.27 The court spent considerable time analyzing potential fair use defenses. It ultimately rejected these defenses based on the fact that Congress had weighed these issues and balanced the potential restriction on permitted uses with the risk of a dramatic increase in infringing uses. The court went on to note that Section 1201 overrules Sony to the extent it is inconsistent.28

The court finally addressed the First Amendment issues. First, it found that computer code is "speech" for the purposes of the First Amendment.29 The court noted that the DMCA as applied in this situation is a "content neutral" restriction on speech which will be upheld if it "furthers an important or substantial government interest; if the government interest is unrelated to the suppression of free expression, and if the incidental restriction on alleged First Amendment freedoms is no greater than is essential to the furtherance of that interest."30 The court found that the anti-trafficking provision of the DMCA furthers an important government interest, protection of copyrighted works stored on digital media from the vast expanded risk of piracy in the digital environment in that the restriction carefully tailored by Congress to have a limited impact on expression. The court even went on to note that "in any case its (computer software) particular functional characteristic is such that the court would apply the same level of scrutiny even it were viewed as content based."31 The court also rejected defenses based on prior restraint and vagueness. The court did note that this analysis could cause problems regarding links to sites which had other DeCSS-related content (for example, a Los Angeles Times story about DeCSS) but decided that particular question did not need to be addressed at this time.

Clearly the court was troubled by the potential chilling effect on permitting liability for linking. However, the court determined that this liability can be appropriately limited. The court described how such injunctions would need to be limited: "Accordingly, there may be no injunction against nor liability for linking to a site containing circumvention technology, the offering of which is unlawful under the DCMA absent clear and convincing evidence that those responsible for the link (a) know at the relevant time that the offending material is on the linked-to site, (b) know that it is circumvention technology that may not be lawfully offered, and (c) create or maintain the link for the purpose of disseminating that technology."32

The Second Circuit has affirmed the judgment.33 The court rejected the requirement that due to potential constitutional problems the DMCA should be interpreted narrowly because the proposed interpretations by the defendants were too speculative.34 A constitutional challenge to the DMCA based on the restrictions in the Constitution on granting protection for a "limited time" was rejected based on its presentation in an amicus brief and its inapplicability to the facts of this case (since no public domain work was claimed to be protected by CSS in the DVDs).35 The Second Circuit agreed with the District Court that computer programs can be "speech" and, thus, merit First Amendment protection.36 And the judges went on to note that computer code has both "speech" and "non-speech" elements and quoted extensively and approvingly from the District Court’s opinion on this issue. The court compared DeCSS to a "skeleton key" and informed its constitutional analysis by noting that DeCSS’ program’s purpose is "unauthorized" (in fact, according to the court, "unlawful") access to copyrighted materials.37 After rejecting the First Amendment analysis in the DVD Copy Control Ass’n. v. Burner, 93 Cal.App. 4th 648 (2001), it found that the injunction against both posting and linking were content neutral and, thus, permitted.38 They noted that Judge Kaplan had set a very high standard in his order relating to linking and that they did not need to determine at this stage in the litigation if such a rigorous test was required; they needed only to reject the much weaker test proposed by the defendants. Finally, the Second Circuit dismissed as "extravagant" the defendants’ claim that the DMCA as applied by Judge Kaplan unconstitutionally "eliminates fair use".39 The decision was a very complete victory for the film industry.

The third important case under the DMCA is Hendrickson v. eBay.40 The case involved the sale on eBay of pirated copies of Manson, a documentary film. The complaint was brought by Robert Hendrickson, the copyright owner of the documentary. Hendrickson sent a cease and desist letter to eBay to stop sales of allegedly infringing copies of Manson. Despite repeated requests by eBay, he refused to provide a notice in the required DMCA format. It requires a description of exact items, as well as a statement under penalty of perjury that he owned copyrights in the documentary.41 He asserted a claim based on a theory of vicarious and contributory copyright infringement similar to that found in Fonovisa v. Cherry Auction, Inc.42

Many of you are probably familiar with eBay; however, for those who are not, a brief description is in order. eBay provides a vast electronic market place for persons interested in selling products through an auction process. eBay does not take title to the products nor does it store them. It merely provides a marketplace for those who wish to sell. The court noted that "unlike a traditional auction house, eBay is not actively involved in listing, bidding, sale and delivery of any item offered for sale on its website."43 The critical issue for the court was that eBay showed that it did not have control over the allegedly infringing items, the pirated films.

The court granted summary judgment based on its analysis of the "storage safe harbor". First, the court found that eBay was a "service provider within the meaning of Section 512" and, thus, eligible for the safe harbor.44 The possible application of the DMCA "service provider" to entities other than traditional Internet service providers has long been an open question. The courts seem to be resolving this question, both in Napster and the eBay, in a very broad manner. The storage "safe harbor" provides a defense to copyright liability if the SP meets three criteria.45 First, the SP must not have "actual knowledge" that the material stored by a third party on its system is infringing. In the absence of "actual knowledge" the SP must not be aware of "facts and circumstances" for which infringing activity is apparent. If the SP has such knowledge, it must implement a take down procedure. Second, the SP must show that "it does not receive a financial benefit directly attributable to the infringing activity if the SP has the right and ability to control such activity." Third, the SP must show that it responded expeditiously to remove the material that is the subject of infringing activity upon receiving notification of the claimed infringement in the manner described in the DMCA.

The major issue in the case was the inadequacy of the notice provided by the plaintiff. The court noted the DMCA set standards for notification under Section 512(c)(3). It must contain substantially the following six elements:

"(i) A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

(ii) Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site.

(iii) Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the SP to locate the material.

(iv) Information reasonably sufficient to permit the SP to contact the complaining party, such as an address, telephone number, and, if available, an electronic mail address at which the complaining party may be contacted.

(v) A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.

(vi) A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed46."

The DMCA expressly provides that, if the copyright holder’s attempted notification fails "to comply substantially" with the elements of notification described above, the notification shall not be considered when evaluating whether the SP had constructive knowledge of the infringing activity under the first prong in the "storage safe harbor" analysis.47 The court found that the plaintiff failed to meet the requirements for notice because there was no statement of attesting to the good faith and accuracy of the claim, and the identification of the material was inadequate.48 The court’s analysis of the inadequacy of identification also noted that the plaintiff did not notify eBay prior to filing a suit that all DVD versions of the Manson documentary were pirated copies whereas VHS versions might be authorized copies. Furthermore, the plaintiff’s failure to provide eBay with the eBay auction numbers to identify the allegedly infringing sales undercut his case for identification.

This failure to comply with the notice section meant that eBay did not have "actual" notice as required under the first prong of the statute and the court also found eBay did not have constructive notice. Consequently, the notices provided to eBay did not trigger the "take down" obligations under Section 512(c)(1)(A)(iii). Second and, more importantly for eBay, the court held eBay did not have the "right and ability to control the infringing activity" which if it defined as, the sale and distribution of pirated copies of Manson.49 The court reasoned that such sales are consummated "off line" and it is not the display of the infringing material on eBay’s website which constitutes infringing activity.50 The court noted that eBay makes its money through the collection of an insertion fee for its listing and final value fee based on the percentage of the highest bid amount of the auction.

This finding contrasts with the Napster decision which was based not on the actual infringing activity, but on the control of the central directory which made it possible.

The ruling is in part due to the unsympathetic actions of the plaintiff who repeatedly refuse to properly identify and assist eBay in identifying the infringing sales. The court also extended the DMCA safe harbors to eBay’s intellectual property counsel and chief executive officer who had been sued individually. The court noted that if the DMCA "protects the company but not its employees for the same alleged bad acts, it would produce an absurd result."51 The court granted summary judgment to all of the defendants. The decision demonstrates the very technical approach that courts are taking to interpretation of the DMCA.

Conclusion. The DMCA remains a very controversial statute. The balance that Congress struck between rights of copyright holders and users of copyrighted materials is still being tested in the courts. These tests will determine the scope of liability for activities which are fundamental to the nature of the Internet.

1 Sega Enterprises, Ltd. v. Maphia, 857 F.Supp. 679 (N.D. Cal. 1994).

2 F.Supp. 1361 (N.D. Cal. 1995).

3 WIPO Copyright Treaty, Apr. 12, 1997, Treaty Doc. No. 105-17 (1997).

4 15 U.S.C. § 512(a) (2001).

5 Id. at 512(b) (2001).

6 Id. at 512(c) (2001).

7 Id. at 512(d) (2001).

8 Id. at 512(k)(i) (2001).

9 Id. at 512(i)(1)(A) (2001).

10 Id. at 512(i)(1)(B) (2001).

11 Id. at 512(m) (2001).

12 114 F. Supp. 2d 896 (2000), aff’d in part and rev’d in part 239 F.3d 1004 (9th Cir. 2001).

13 Id. at 918-920.

14 Id. at 919.

15 A&M Records, Inc. v. Napster, Inc., 2000 WL 573136 (N.D. Cal. May 12, 2000).

16 Supra note 12 at 1025.

17 17 U.S.C. § 1001-1010 (2001).

18 464 U.S. 417 (1984).

19 Id. at 915.

20 Id.

21 Id.

22 Id. at 922-23.

23 Universal City Studios v. Shawn C. Reimerdes, 111 F.Supp.2d 346 (S.D.N.Y., 2000) aff’d sub nom Universal City Studios v. Corley, 273 F.2d 427 (2nd Cir. 2001) .

24 17 U.S.C. § 1201(a)(ii)(B) (2001).

25 Id. at 318.

26 Id. at 318-319.

27 Id. at 320-322.

28 Id. at 323.

29 Id. at 326-334.

30 Id. at 329-330.

31 Id. at 332-333.

32 Id. at 341.

33 Universal City Studios v. Corley, 273 F.2d 429 (2nd Cir. 2001).

34 Id. at 443.

35 Id. at 445.

36 Id. at 446.

37 Id. at 453.

38 Id. at 454.

39 Id. at 458.

40 Hendrickson v. eBay, Inc., 165 F.Supp.2d 1082 (C.D. Cal. 2001).

41 17 U.S.C. §512(c)(3) (2001).

42 76 F.3d 259 (9th Cir. 1996).

43 Supra note 33 at 20.

44 Id. at 9.

45 Section 512(c)(3) (2001).

46 Id. at 512(c)(3)(A).

47 Supra note 33 at 16.

48 Id. at 20-21.

49 Id. at 20.

50 Id.

51 Id. at 21.

The content of this article does not constitute legal advice and should not be relied on in that way. Specific advice should be sought about your specific circumstances.