A Failure to Take Responsibility: Grooveshark’s Lack of a Repeat Infringer Policy Lands it Outside Safe Harbors

As legitimate music-streaming services continue to gain traction, one service continues to come under fire for its shady practices. That service is Grooveshark, and it has long operated in a legal grey area. While Escape Media Group (“Escape”), the company that operates Grooveshark, insists that it operates within the law, a recent court order would hold otherwise. Setting the record straight, the Southern District of New York has granted summary judgment in favor of the record label EMI, not only holding that Escape is liable for copyright infringement, but that it does not qualify for the DMCA safe harbor. In doing so, the court has made it exceedingly clear that service providers cannot remain indifferent to copyright infringement.

The Contours of Safe Harbor

To be clear, the safe harbors provided by the DMCA are a vital tool. In an era of unprecedented levels of copyright infringement, the DMCA shields qualifying service providers from liability, lowering the heavy burden of preventing every instance of infringement so that they can more easily invest in the development of innovative services over the Internet. In many ways, this has proven successful, as sites hosting user-generated content have been able to flourish. At the same time, the sheer amount of infringement has presented a different type of heavy burden for copyright owners, who must engage in a constant game of DMCA takedown “whac-a-mole” in order to meaningfully protect their rights online.

In order to balance the burdens effectively, Congress created several requirements that a service provider must adhere to in order to qualify for the safe harbor. For websites that host user-generated content, Congress created a specific safe harbor from liability under ¤ 512(c). Services that fit within this category generally qualify for protection from liability as long as they do not have actual knowledge of specific instances of infringement, or are not aware of facts and circumstances that would make those instances of infringement apparent; and upon obtaining such knowledge, act expeditiously to remove or disable access to the infringing material.

Additionally, certain conditions for eligibility listed under ¤ 512(i) apply to all categories of service providers. Of particular note is the requirement that the ISP has adopted and reasonably implemented, and informs users of a policy that provides for the termination in appropriate circumstances of subscribers and account holders on the network who are “repeat infringers.” Anticipating the potential “whac-a-mole” problems faced by copyright owners who see unauthorized uses of their content pop up all over the Internet, Congress made such a requirement explicit in order to ensure that protection afforded by the DMCA notice and takedown process is not simply illusory.

EMI’s Case Against Grooveshark

Just last month, the Southern District of New York finalized an order for summary judgment in favor of the plaintiffs in Capitol Records, LLC v. Escape Media Group, Inc., presenting a perfect example of when a service provider’s procedures for taking down infringing content may seem alright on paper, but under the surface, present numerous headaches for copyright owners.

The case stems from the practices of Grooveshark, an online music-streaming website owned by Escape. Unlike legitimate services like Spotify, Grooveshark does not obtain the rights to all the music that it hosts. Rather, Grooveshark allows account-holders to upload music files to its website, which are then arranged by Artist, Album, and Song. In order to organize the music better, Grooveshark employs song-matching technology and a third-party database to group together content with similar but not identical names. With files containing the same song grouped together, one file is designated the “primary file” and the rest are designated as “non-primary” files. Importantly, only the “primary file” is visible online and streamed by users; the “non-primary” files can neither be searched nor streamed.

While Escape’s Terms of Service indicate that it may suspend or terminate user accounts, in reality, Escape implements two policies with regard to taking down user content. The first policy is what it calls its “one strike policy.” Under this policy, Escape will disable the uploading capabilities of a user after receiving one DMCA notice asserting that the user uploaded infringing content. It will additionally remove the file and send an email notifying the submitting user. The second policy, called the “DMCA Lite” policy, applies when Escape receives a takedown request it considers non-compliant with the DMCA’s requirements. Under this policy, Escape will remove the file, but does not disable the user’s uploading capabilities, never sends the user a notice, and never records the takedown. Escape’s database titled “Takedown Batches” showed that, since the earliest entry on February 13, 2013, 94.2% of all takedowns on Grooveshark were “DMCA Lite” takedowns. Regardless of which policy Escape follows, it does not have procedures in place for terminating a user’s account in connection with a DMCA takedown and has never done so.

Capitol Records, doing business as EMI, first brought a lawsuit against Escape for copyright infringement in May of 2009. EMI and Escape settled, executing two agreements: the Settlement Agreement and Mutual Release, which affirmatively prohibited Escape from exploiting EMI recordings without permission, and the Digital Distribution Agreement, which provided that EMI would provide Escape with “EMI content” that Escape was free to exploit on the basis that it make certain payments and produce regular sales reports for EMI. While the license was in effect, Escape engaged in fingerprint filtering for EMI content, in order to actively block unauthorized EMI content from users.

However, in 2011, Escape breached its agreements by exploiting unauthorized EMI content and failing to produce the sales reports. Though EMI gave Escape ample opportunity to cure its breaches, Escape never did so, leading EMI to terminate the Digital Distribution Agreement and bring an action for copyright infringement and breach of contract, among other claims. Following the pleadings, EMI filed a motion for summary judgment, arguing, in part, that Escape is not entitled to the safe harbor under the DMCA. The magistrate judge held in favor of EMI, based on Escape’s failure to reasonably implement a policy to terminate repeat infringers.

Reasonably Implementing a Repeat Infringer Policy

The court broke down the requirements of ¤ 512(i)(1)(A) into its three elements: in order to fulfill its requirements, a service provider must “(i) adopt a policy that provides for the termination of service access for repeat copyright infringers, (ii) inform users of the service policy; and (iii) implement the policy in a reasonable manner.” Focusing on the first two elements, whether Grooveshark adopted a policy for terminating repeat infringers’ access and informed users of such a policy, the magistrate judge was incredibly generous, finding that Grooveshark did satisfy these elements, simply by virtue of the fact that the language in Escape’s Terms of Services and evidence demonstrating Escape’s one strike policy met the minimum requirements. But whether Grooveshark “reasonably implemented” its repeat infringer policy was another matter entirely. The court divided this threshold issue into its two prongs: (1) whether Escape actually “implemented” its repeat infringer policy and (2) if so, whether that implementation was reasonable.

Regarding the first prong, because Escape did not actually implement the repeat infringer policy that it purported to adopt in its Terms of Service, the court instead looked at whether Escape effectively implemented a repeat infringer policy through its actual practices, namely, its one-strike policy and DMCA Lite policy. Quoting In re Aimster Copyright Litigation, the court pointed out that “[a]dopting a repeat infringer policy and then purposely eviscerating any hope that such a policy could ever be carried out is not an Ôimplementation’ as required by ¤ 512(i).” In that case, a court rejected the safe harbor defense for peer-to-peer file-sharing software, in part, due to its inability to implement a repeat infringer policy. Despite adopting a policy on its website claiming to terminate repeat infringers, the actual sharing of files was entirely encrypted, making it impossible for a copyright owner to ascertain which users are actually infringing.

In this case, Escape had at least some practice in place in which copyright owners could identify copyright infringement, but the court still concluded that it did not “implement” a repeat infringer policy. First, Escape did not keep adequate records of repeat infringers. It did not record users who received multiple DMCA takedown notices, did not record any users who submitted files taken down under the commonly-used DMCA Lite procedure, and there were noticeable gaps in Escape’s database from October 2010 through March 2012. Notably, the court rejected Escape’s arguments that the one-strike policy went beyond the requirements of the DMCA by disabling first-time infringers, finding it to be misleading. Recognizing the near impossibility of protecting against all direct infringement online, Congress deliberately included ¤ 512(i) in the DMCA to ensure that service providers would do their part to prevent repeat infringement. Because the evidence showed that the one-strike policy was not actually preventing repeat infringement, it was not a meaningful substitute for actual record keeping.

Second, Escape’s method of organizing its files “actively prevent[ed] copyright owners from collecting information needed to issue [DMCA] notifications” in a manner that would have any meaningful consequence. Because an aggrieved copyright owner could only view and request that a primary file be taken down, there was no way to remove the non-primary file. Thus, the user that submitted a non-primary file would never be recorded, even though that user also infringed. To illustrate, the court pointed out that there were 107 files containing Fats Domino’s recording of Blueberry Hill, owned by EMI. EMI could only request that the primary file be taken down, since the 106 non-primary files were not viewable. Should the primary file be taken down, one of the 106 non-primary files would simply replace the primary file. It’s possible that the user that submitted the primary file would be recorded (though unlikely, based on the high probability that Escape would implement its DMCA Lite policy), and no record would ever be made for the users who submitted the 106 non-primary files, or any user that would subsequently submit a file. Much like Aimster’s encryption of files, Escape’s organization of files into primary and non-primary files effectively made it impossible to ever implement a repeat infringer policy. The court found Escape’s system so egregious that it simply could not be an innocent service provider. Indeed, any service provider that could potentially receive 106 separate and consecutive notifications of infringement for a single song, and still allow that 107th song file to be searched and streamed by the public, is simply not the “innocent service provider” contemplated by Congress as being eligible for safe harbor.

Third, regardless of whether a policy was implemented, nothing about Escape’s one-strike policy or DMCA Lite policy actually provided for the termination of repeat infringers, as Congress intended “termination” to mean under ¤ 512(i)(1)(A). Indeed, while Congress afforded flexibility to service providers regarding how its policy is implemented, Congress was quite clear that whatever policy service providers do implement must nonetheless actually terminate a repeat infringer’s account, and not simply disable a user’s access or upload capabilities. In other words, it’s not enough that a service provider merely takes measures to impede infringing activity while still allowing infringing users to maintain an account. Rather, a service provider is affirmatively required to disassociate itself fully from those found to be repeat infringers. Thus, while a service provider may not be able to prevent every single infringement on its service, it is absolutely required to take measures to prevent bad actors from taking advantage of its service for copyright infringement.

Finally, the court concluded that, even if Escape had been found to implement its policy, the implementation would still not have been considered reasonable. Significantly, besides finding evidence that Escape rarely recorded infringers, due to both the misuse of its DMCA Lite policy as well as simply a lack of records for 16 months between November 2010 and February 2013, the court also found that Escape’s utter failure to investigate whether any non-primary were infringing after a primary file was removed amounted to willful blindness. In other words, Escape’s indifference to investigating files that it had already matched to a known infringing file amounted to awareness “of facts or circumstances from which infringing activity is apparent” under ¤ 512(c)(1)(A)(ii), otherwise known as the “red flag” test. Moreover, Escape’s failure to disable the uploading privileges of any user who submitted EMI content following the termination of the Distribution Agreement was further evidence that Escape did not reasonably implement its policies. This was because Escape had the ability to filter files containing EMI recordings while the Agreement was in effect, but simply stopped filtering those files after the Agreement terminated. The court accordingly imputed knowledge on the part of Escape, finding that it “ignored circumstances in which users submitted content that was plainly infringing.”

Striking the Right Balance

Consequently, Escape provides a perfect example of the importance of cooperation between service providers and copyright owners in the DMCA arena. Some in the tech sphere, understandably concerned about the burden that policing against infringement could create for burgeoning Internet content start-ups, like to frame the DMCA in a way that puts the brunt of the burden on the copyright owners. For instance, Katherine Oyama, Senior Copyright Counsel for Google, stated last year in front of Congress, “Only copyright owners know what material they own and where they want their works to appear, and when they send takedown notices, online platforms disable access to infringing content in response.” As the court in Escape made clear, this is simply not true, and such a position takes for granted the ability of service providers to identify copyright infringement when they are actually willing to cooperate with copyright owners. The evidence showed that Escape already had the resources to identify EMI’s works. Had it put any effort into truly cooperating with EMI, EMI would at least have some semblance of the ability to protect its rights on the Grooveshark platform.

Even more so, self-described Internet rights groups consistently imply that requiring service providers to monitor and police users’ activities would completely undermine the purpose of the DMCA, understating the responsibilities that service providers are already required to take. What these tech-slanted groups seem to discount is that Congress deliberately added the requirements of ¤ 512(i)(1)(A) to ensure that service providers are responsible, not simply for taking down content at the request of users, but ensuring that “those who repeatedly or flagrantly abuse their access to the Internet through disrespect for the intellectual property rights of others should know that there is a realistic threat of losing that access.” To quote an earlier case out of the Central District of California, “[a] termination policy could not be considered ‘reasonably implemented’ if the ISP remained willfully ignorant of users on its system who infringe copyrights repeatedly.” Thus, while service providers do not have an affirmative requirement to monitor for infringement, they do have an affirmative requirement to ensure that bad actors are effectively deterred from disrespecting other’s rights online. This subtlety is often lost, yet recognizing it is critical to safeguarding the balance of the DMCA. For if the DMCA is to function as Congress intended, in a way that balances the responsibility of copyright owners and service providers in an equitable manner, the Internet ecosystem as a whole will benefit.

photo credit: thesentimentalgeek/iStock/thinkstock

get blog updates