Not so Safe Harbor for ISPs

Posted by: Rylan Stewart

2000px-Internet_Connectivity_Distribution_&_Core.svgThe battle rages on between copyright holders and internet service providers (“ISPs”) as the interests of these parties continue to be adverse. Copyright holders seek greater protection for their works under the DMCA in order to maximize revenue by stomping out infringers. At the same time, ISPs fight to maintain as many users as possible while maintaining immunity from liability under the safe harbor provisions of §512(a).

In order for ISPs to receive protection under the safe harbor provision, ISPs are required to adopt and reasonably implement a policy in which ISPs can terminate users who are found be engaging in repeat copyright infringement. The issue currently being played out is the interpretation of what it means to “reasonably implement” the policy adopted by an ISP. The interpretation of this language has huge implications as it can be the determining factor in deciding whether or not an ISP can claim the safe harbor provision as a defense against being held contributorily liable for infringing acts committed by the ISP’s users.

In the latest quarrel, BMG Rights Management (“BMG”) gained a victory for copyright holders by receiving a $25 million judgement against Cox Communications Inc. (“Cox”) for contributory liability for failing to reasonably implement a termination policy for users caught committing copyright infringement using Cox’s services.

BMG’s victory against Cox signals a victory for copyright holders by setting precedent which requires ISPs to actively terminate internet service to users who have been identified as infringers or face the consequences of being held contributorily liable for the infringements. While it is true that a user who has service terminated by one ISP for committing copyright infringement could just seek service from a new ISP, most areas have a finite number of service providers. In theory, if all ISPs were to strictly enforce termination policies, it could be a powerful tool to combat against repeat infringers.

Copyright holders have an interest in protecting their copyrighted material from being made available to the public for free on the internet via bit torrents and other forms of file sharing. Copyright statutes and the DMCA give copyright holders statutory authority and prescribed damages to enforce these rights. This allows Copyright holders to go after mass infringers like Mega Uploads. However, many infringers are not massive websites; in fact, they are often times ordinary people who may be judgement proof against these damages. So who is left to sue?

Often times, copyright holders will turn their attention to an online service. These are the websites that offer file sharing services which are perfectly legal services on their face until they induce and/or authorize the sharing of copyrighted files. The most notable of these file sharing services that came under fire from copyright holders was in A&M Records, Inc. v. Napster, Inc. where Napster was not able to seek the safe harbor provision because the court held it did not fit the safe harbor’s definition of a “service provider” as defined in 17 U.S.C. §512(k)(1)(A) as “an entity offering the transmission, routing, or providing for digital online communications…” However, with the increased modernization of the internet and its global reach, it can be difficult to punish services like Napster that can be operated by citizens in foreign countries and hosted on foreign servers. The next possible place to look is the internet provider which is being used as a conduit for the transfer infringing materials.

In reaction to the modernization of the internet and file sharing technology, Congress enacted the Digital Millennium Copyright Act (“DMCA”) in 1998.The DMCA attempts to strike a balance between protecting copyrighted works to encourage authors to make their works accessible through the use of the World Wide Web and shielding service providers from secondary liability to encourage investment in the speed and capacity of the internet. To strike this balance, congress created a bargain between copyright holders and service providers.

Congress granted internet service providers (“ISPs”) a safe harbor from secondary liability for acts of copyright infringement committed by those who use the internet service. However, the safe harbor provision found in 17 U.S.C. §512(a), does not come to ISPs without actions taken on their part to aid copyright holders in protecting their work against infringement, hence the bargain created by congress. In order to fall within the safe harbor provision and receive immunity from liability, ISPs must adopt and reasonably implement a policy that provides for the termination of service to subscribers who are repeat offenders. Although this duty placed upon ISPs may seem simple on its face, the DMCA does not provide a definition for who is an infringer under §512(a)or what it means to reasonably implement a policy.

As one would imagine, absent it being a prerequisite to falling within the safe harbor provision, ISPs are reluctant to terminate any user who is willing to pay for the service provided. Not only will the ISP lose the revenue from the terminated user, a competing ISP will likely gain the revue since nothing prevents the terminated used to subscribing to a new ISP. Having said this, it is easy to see why ISPs would benefit from having a narrow interpretation of who is an infringer and a less stringent standard for what it means to reasonably implement a policy of termination for infringers.

The 4th Circuit recently addressed these issues in BMG Rights Mgt. (US) LLC v. Cox Comm’s, Inc.. BMG Rights Management owns a number of copyrights in musical compositions and brought this action against Cox Communications (“Cox”) for contributory liability for infringement of BMG’s copyrights. Unlike Napster, Cox clearly falls within the type of service provider that can be granted protection of the safe harbor provision. Cox qualifies as a service provider under 17 U.S.C. §512(k)(1)(A), as Cox is “an entity offering the transmission, routing, or providing for digital online communications…” Instead, BMG asserts that Cox does not fall within the safe harbor provision because it failed to meet the threshold requirement of reasonably implementing a policy for the termination of users whom Cox has been notified of committing infringement of BMG’s works.

In this case, Cox properly adopted a policy that reserved to Cox the right to suspend or terminate service to users who “post, copy, transmit, or disseminate any content that infringes the patents, copyrights… or proprietary rights of any party.” This policy appears to be in compliance with the safe harbor provision §512(a) of the DMCA and thus Cox would not be held liable for the infringement committed by users of Cox’s internet services. However, adopting the policy is just one of the requirements for the safe harbor provision to apply; the policy must also be reasonably implemented.

Cox’s implementation of this policy included an automated system which consisted of a 13-point policy where each notice alleging a user of infringement garnished 1 point against the user. The first point garnered not action from Cox’s automated system. Points two through seven resulted in emails to the user warning the user to cease the infringing conduct. Points eight and nine limited the user to a single webpage that contained a warning, but would be dismissed as soon as the user acknowledged the warning. After the tenth and eleventh notices, Cox suspended the user’s service until the user contacted a Cox technician who explained why the service was suspended and advised the user to remove infringing content before immediately reactivating the service. After notice twelve the subscriber is directed to a “specialized” Cox technician but again received nothing more than a warning and then had their service reactivated. After notice thirteen a user was finally considered for termination under the policy yet Cox never actually automatically terminated a user. Theses notices would reset every six months giving users a clean slate and restarting the notices.

The court ultimately found that Cox had failed to uphold their end of the bargain under the DMCA and thus did not qualify for protection under the safe harbor provision. Cox, unsuccessfully, tried to argue that since these users had not been found guilty of infringement under a court of law, they were not required to terminate service to remain in the safe harbor. Unsurprisingly, the court did not buy this argument. Without the protection of the safe harbor, BMG could prevail so long as they could prove the necessary elements of contributory liability for copyright infringement.

To prove contributory infringement, a plaintiff has to show that a defendant knew or should have known of the infringing activity and that the defendant induced, caused, or materially contributed to such infringing activity. Absent the safe harbor provision, all a plaintiff bringing suit against an ISP like Cox is show that notice of the infringing activity was provided. This notice serves to prove that the ISP had, at the very least, constructive knowledge of the infringing activity. The second prong, whether the ISP induced, caused, or materially contributed to such infringing activity is fairly easy to prove since the service provided by an ISP is designed to provide access to and the ability to share files via the World Wide Web.

In this case, BMG had hired a Rightscorp to monitor bit torrents and send notices on BMG’s behalf to ISPs, including Cox, of infringing activity. Rightscorp was able to provide evidence of notices sent to Cox and thus Cox had constructive notice of the infringing activity. The court found Cox contributorily liable for the infringing activity and issued judgement in favor of BMG assessing statutory damages of $25 million against Cox.

This case serves as a clear message to ISPs that in order to meet the threshold of reasonably implementing a policy for termination of copyright infringers for the safe harbor provision §512(a), an ISP must actually terminate service to repeat infringers using their services. It remains unclear how many warnings may be given to a user before termination or, in other words, how many warnings an ISP may give a user before terminating service while still reasonably implementing a termination policy that complies with §512(a). Without a bright line test, this is unlikely to be the last battle between copyright holders and ISPs as copyright holders will continue to fight to protect their rights and ISPs will continue to terminate the fewest users possible while maintaining immunity in the safe harbor of §512(a). What is clear is that ISPs who fail to qualify for the safe harbor will pay a hefty price for being contributorily liable for the acts of their users.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s