THE DIGITAL MILLENNIUM COPYRIGHT ACT (DMCA)

In passing the notice and takedown provisions in the Digital Millennium Copyright Act (DMCA), Congress intended to encourage copyright owners and service providers to work together to combat existing and future forms of online copyright infringement.

The DMCA notice and takedown process is a tool for copyright holders to get user-uploaded material that infringes their copyrights taken down off of websites and other internet sites. The process entails the copyright owner (or the owner’s agent) sending a takedown notice to a service provider requesting the provider to remove material that is infringing their copyright(s). A service provider can be an internet service provider (e.g., Comcast), website operator (e.g, eBay), search engine (e.g., Google), a web host (e.g., GoDaddy) or other type of online site-operator. There are several elements that should be included in a takedown notice that are specified by the copyright law. If most of these elements are not included, the service provider may refuse to take down the material. Even if a takedown notice meets all the legal requirements, the service provider still may refuse to takedown the material. However, if they fail to do so, then they open themselves up for potential secondary liability for assisting with copyright infringement. (see Safe Harbors for more)

The DMCA takedown process can be used regardless of whether the copyright owner has registered their work with the U.S. Copyright Office. It should not be used for anything other than copyright infringement claims. Many service providers offer easy-to-use online tools to submit claims directly to the provider through an online DMCA takedown form.

After a takedown notice is sent to a service provider, the provider usually notifies the user, subscriber or other person who is responsible for engaging in the infringing activity. If that person – the alleged infringer – in good faith does not think the activity is infringing, he or she can send a counter notice to the service provider explaining why they disagree with the copyright owner. After receiving a counter notice, the service provider is obligated to forward that counter notice to the person who sent the original takedown notice. Once the service provider has received a valid DMCA counter notice they must wait 10-14 days. If the copyright owner sues the alleged infringer in that time frame the material will remain down, but if no suit is filed then the service provider must re-activate or allow access to the alleged infringing activity.

Below is a list of the elements that comprise a proper DMCA takedown notice:

• Signature: The takedown notice should include the copyright owner’s signature or the signature of the person authorized to act on behalf of the owner (i.e., the owner’s agent). The signature can be in physical or electronic form. Whoever signs the notice should also identify whether they are the copyright owner or agent of the owner.
• Identify the Work Infringed: The takedown notice should clearly identify the copyrighted work or works infringed. If multiple copyrighted works are being infringed at a single online site the notice sender does not need to identify every single work, but instead can use a representative list of such works being infringed on the site. The work can be identified by title, or if it is more practical, the notice sender may provide a link to a website or other location where the work is being legally displayed. Some copyright owner attach a copy of the copyrighted work or a copy of the registration form but neither is necessary, despite what some service providers may say they require.
• Identify the Infringing Activity and its Location on the Site: The takedown notice should clearly identify the activity that is claimed to be infringing, and information reasonably sufficient to permit the service provider to locate the infringing activity on its site. Typically, notice senders provide the web address (URL) indicating where the infringing activity is being made available. A copy of the infringing material or web page where the infringing material resides can also be attached to assist in the removal.
• Contact Information: The takedown notice should contain the notice sender’s contact information. This information should include the notice sender’s email address. An address and/or telephone number may also be included.
• Good Faith Belief: The takedown notice should include a statement that the notice sender has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
• Accuracy of your Statements: The takedown notice should include a statement that the information in the takedown notice is accurate, and under penalty of perjury, that the notice sender is authorized to act on behalf of the copyright owner. Providing false information and making a false claim is punishable under federal law, and those making false notices can be sued and held civilly liable.

Takedown notices are sent to service providers. A DMCA takedown notice is not sent to the service provider’s subscriber, user or other person who is ultimately responsible for posted the infringing material. Of course, a copyright owner can send a legal notice to that subscriber or user but it would not be considered to be a DMCA notice and therefore would not need to be compliant with the DMCA. Usually a regular cease and desist letter is sent to the direct infringer by the copyright owner’s lawyer, assuming the identity and contact information of that infringer is known.

To send the takedown notice the copyright owner will need to determine which service provider is hosting the site that is infringing his copyright(s). Sometime this is easy. For example, when the material is a link contained in a Google search or an auction posting on eBay, the service provider is Google and eBay, respectively. However, sometimes identifying the website host can be difficult. When it is not apparent from the site itself who the host is, the host can often be determined by doing what is called a Whois Search.

Many service providers offer easy-to-use online tools to submit claims directly to the service provider through an online DMCA takedown form. For those service providers who do not offer these online tools or whose tools are difficult to find on their site, information about who to send the DMCA takedown notice to can be found on the U.S. Copyright Office website. The Copyright Office has created a directory of designated agents where you can look up the service provider to determine to whom and where to send the takedown notice.

Before sending a DMCA takedown notice the copyright owner should conduct a thorough, good faith investigation of the infringing activity to ensure that one or more of the copyright owner’s rights is being infringed and that no exception or limitation, such as fair use, is applicable. Copyright owners should only use the DMCA takedown process for the purpose that it was intended – to remove infringing material off the internet – and not use this process for non-copyright related reasons, such as to remove non-infringing criticisms of the copyright owner or copyrighted work or to remove trademark infringements.

After a takedown notice is sent to a service provider, the provider usually notifies the user, subscriber or other person who is responsible for engaging in the infringing activity. If that person – the alleged infringer – in good faith does not think the activity is infringing, he or she can send a counter notice to the service provider explaining why they disagree with the copyright owner. Like the takedown notice, there are certain elements that must be contained in a counter notice. Providing false information in a counter notice is punishable under federal law, and those making false notices can be sued and held civilly liable.

After receiving a counter notice, the service provider is obligated to forward that counter notice to the person who sent the original takedown notice. Once the service provider has received a valid DMCA counter notice they must wait 10-14 days. If the copyright owner sues the alleged infringer in that time frame the material will remain down, but if no suit is filed then the service provider must re-activate or allow access to the alleged infringing activity.

Below is a list of the elements that comprise a proper DMCA counter notice:

• Signature: The counter notice must include the subscriber’s signature. The signature can be in physical or electronic form.
• Identify the Alleged Infringing Activity and its Location on the Site: The counter notice must identify the alleged infringing activity that is the subject of the takedown request, and identify where the infringing activity was located on the site before it was removed.
• Contact Information: The counter notice must contain the subscriber’s name, address and telephone number.
• Good Faith Belief: The counter notice must include a statement that the subscriber has a good faith belief that the infringing activity was removed or disabled as a result of mistake or misidentification.
• Consent to be Sued in Federal Court: The counter notice must include a statement that the subscriber consents to the jurisdiction of Federal District Court for the judicial district in which his or her address is located and will accept service of process from the person who sent the DMCA takedown notice. (note: If the person sending the counter notice is located outside the U.S. the statement is slightly different)

To incentivize the cooperation by service providers to participate in the DMCA notice and takedown process, service providers that took certain steps to educate their users, cooperate with copyright owners, remove repeat infringers from there sites were granted an immunity from possible copyright infringement liability. This is referred to as the DMCA Safe Harbor.

The law grants service providers safe harbors for four types of activities:

• Providing of networks and infrastructure;
• Caching of infringing activities;
• Hosting and storage of infringing activities;
• Linking, directing and providing other tools that points users to infringing activities.

It is important to note that these safe harbors only apply when someone other than the service provider is the direct infringer (i.e., is responsible for the infringement). If the service provider itself is engaging in the infringing activities these safe harbors will not apply.

A service provider that satisfies certain threshold prerequisites and additional specific conditions applicable to some or all of the four safe harbors will be entitled to immunity from copyright infringement liability.

The threshold requirements that most service providers will need to satisfy in order to qualify for the safe harbors are:

• adopting and implementing a policy of terminating the accounts or subscriptions of repeat infringers;
• informing subscribers and account holders of the repeat infringer policy;
• accommodating and not interfering with standard technical measures used by copyright owners to identify and protect their works; and
• designating agents to receive takedown notices from copyright owners and recording those designated agents with the U.S. Copyright Office;

In addition to meeting these threshold requirements, the safe harbors for hosting/storage and for linking only apply if the service provider:

• complies with the DMCA takedown and counter notice process;
• prior to receiving a takedown notice, the service provider must not be aware of the infringement or of facts or circumstances that would make the infringement apparent.

Often online infringers use pseudonyms or take other steps to conceal their identities in an effort to make it difficult for copyright owners to pursue them for their infringing activities. However, there is a provision in the DMCA that helps copyright owners learn the identities of online infringers. Specifically, the DMCA allows a copyright owner or the owner’s agent to request the clerk of any U.S. district court to issue a subpoena to an service provider ordering the service provider to disclose the identity of an alleged infringer.

To obtain the subpoena the request must include the following elements:

• a copy of the takedown notice that was sent to the service provider;
• oa proposed subpoena; and
• a sworn declaration that explains that: (i) the purpose for which the subpoena is sought is to obtain the identity of an alleged infringer, and (ii) that such information will only be used for the purpose of protecting the owner’s copyrights.

If the subpoena meets these requirements the clerk will issue the subpoena ordering the service provider to expeditiously disclose to the copyright owner or the owner’s agent to identify the alleged to the extent such information is available to the service provider.

The DMCA includes provisions that make it illegal to hack technologies that copyright owners use to protect their works against infringement, such as encryption, password protection of other types of measures. These provisions are commonly referred to as the “Anti-Circumvention” provisions of the DMCA. (They are also often referred to simply by the provision number – Section 1201). Congress enacted these provisions not only to prevent piracy and other economically harmful unauthorized uses of copyrighted materials, but also to support new ways of disseminating copyrighted materials to users, and to safeguard the availability of legitimate uses of those materials.

Importantly, enforcement of the Anti-Circumvention provisions of the DMCA do not require any sort of nexus between circumvention and infringement. If someone breaks the technologies used to protect against copyright infringement the copyright owner need not prove that an infringement took place; all the owner needs to prove is that a violation of the Anti-Circumvention provisions occurred.

The Anti-Circumvention provisions apply differently depending on whether the technology at issue is intended to control access to a copyrighted work or to control one or more of the exclusive rights. If the technology is one that controls access, then the law will prohibit the act of hacking that technology as well as prohibiting the trafficking in a product or service that is primarily designed and marketed for the purpose of hacking and has no other real commercial purpose. However, if the technology only controls one or more of the exclusive rights, then the law will prohibit the trafficking in a product or service that is primarily designed and marketed for the purpose of hacking and has no other real commercial purpose, but will not prohibit the actual act of hacking itself.

The Anti-Circumvention provisions also include numerous limitations and exceptions to the scope of the prohibition. For example, certain acts of reverse engineering, encryption research, security testing etc. are beyond the reach of the prohibition. In addition, every three years the Copyright Office undertakes an investigation to determine whether it’s appropriate to create additional (temporary) exemptions that are not codified in the statute.

The DMCA includes provisions that protect the integrity of copyright management information. Copyright management information, or CMI, is information about a copyrighted work, its creator, its owner, or use of the work that is conveyed in connection with a copyrighted work. For example, CMI would include the copyrighted work’s title, ISBN number or copyright registration number; the copyright owner’s name; the creator’s name. name; and terms and conditions for use of the work.

The CMI provisions of the DMCA prohibit someone from knowingly providing false CMI with the intent to induce, enable, facilitate, or conceal infringement. The provisions also prohibit the intentional unauthorized removal and alteration of CMI with the knowledge or having reasonable grounds to know, that it will induce, enable, facilitate, or conceal an infringement. As is the case in other areas of copyright law, the CMI provisions are also limited in scope by various exceptions.