The Digital Millennium Copyright Act (DMCA) is a U.S. law that provides a series of safe harbors for website operators in relation to certain copyright infringements. The DMCA relinquishes liability of a website operator when a user uploads to the website content infringing on a third party’s copyright. In order to take advantage of the protection, the statute requires that specific procedures be followed. One of those procedures instructs that operators ban users who repeatedly infringe on the site. A recent court decision shed light on this provision and the expensive consequences of failing to comply.
On February 1, 2018, the U.S. Court of Appeals for the Fourth Circuit (the “Court”) issued its decision in the case of BMG Rights Management (US) LLC v. Cox Communications, LLC and Coxcom, LLC (collectively, “Cox”). BMG Rights Management (US) LLC (“BMG”), which owns copyrights in musical compositions, filed suit alleging copyright infringement against Cox, providers of high-speed Internet access. The complaint accused Cox of being contributorily liable for infringement of BMG’s copyrights by subscribers to Cox’s Internet service.
Contributory infringement occurs where “[o]ne who, with knowledge of the infringing activity, induces, causes, or materially contributes to the infringing conduct of another” (Gershwin Publishing Corp. v. Columbia Artists Management, Inc., 443 F.2d 1159, 1162 (2d Cir. 1971)). Therefore, the two elements of contributory infringement are (1) knowledge of the infringing activity, and (2) material contribution to the activity.
The district court held that Cox had not produced evidence that it had implemented a policy entitling it to benefit from the DMCA’s safe harbor defense and, therefore, granted summary judgment on that issue to BMG. After a two-week trial, a jury found Cox liable for willful contributory infringement, awarding BMG $25 million in statutory damages. Cox appealed, asserting that the district court erred in denying it the safe harbor defense and incorrectly instructed the jury.
The Court found that the language of Cox’s agreement with its subscribers does include a reservation of the right to suspend or terminate subscribers who use Cox’s service “to post, copy, transmit, or disseminate any content that infringes the patents, copyrights . . . or proprietary rights of any party.” To enforce that agreement and protect itself from liability, however, Cox created an automated system to process notifications of alleged infringement using a thirteen-strike policy. According to the system, the action to be taken is indicated based on how many notices Cox has previously received regarding infringement by a particular subscriber. The Court described Cox’s procedure as follows:
The first notice alleging a subscriber’s infringement produces no action from Cox. The second through seventh notices result in warning emails from Cox to the subscriber. After the eighth and ninth notices, Cox limits the subscriber’s Internet access to a single webpage that contains a warning, but the subscriber can reactivate complete service by clicking an acknowledgement. After the tenth and eleventh notices, Cox suspends services, requiring the subscriber to call a technician, who, after explaining the reason for suspension and advising removal of infringing content, reactivates service. After the twelfth notice, the subscriber is suspended and directed to a specialized technician, who, after another warning to cease infringing conduct, reactivates service. After the thirteenth notice, the subscriber is again suspended, and, for the first time, considered for termination. Cox never automatically terminates a subscriber.
In addition, the Court noted further limitations of Cox’s system. Cox restricts the amount of notices it will process from any copyright holder or agent in a single day. Any notice coming in after this threshold has been met does not count in Cox’s graduated response escalation. Moreover, Cox also counts only one notice per subscriber per day. Finally, Cox resets a subscriber’s thirteen-strike counter every six months.
In the lawsuit, as a conduit ISP, Cox sought the benefit of the safe harbor contained in 17 U.S.C. § 512(a). To qualify for the protection of that safe harbor though, Cox needed to show that it met the requirement common to all § 512 safe harbors, in particular, that it had “adopted and reasonably implemented . . . a policy that provides for the termination in appropriate circumstances of subscribers . . . who are repeat infringers.” 17 U.S.C. § 512(i)(1)(A).
Cox’s main argument was that “repeat infringers” means “adjudicated” repeat infringers, or in other words, people who have been held liable by a court for multiple instances of copyright infringement. Along those lines, Cox claimed that it complied with § 512(i)(1)(A)’s requirement and, accordingly, is entitled to the § 512(a) DMCA safe harbor because BMG did not show that Cox failed to terminate any “adjudicated” infringers. The Court rejected this argument, stating, that “[i]ndeed, the risk of losing one’s Internet access would hardly constitute a ‘realistic threat’ capable of deterring infringement if that punishment applied only to those already subject to civil penalties and legal fees as adjudicated infringers.”
Section 512(i) thus requires that, to obtain the benefit of the DMCA safe harbor, Cox must have reasonably implemented “a policy that provides for the termination in appropriate circumstances” of its subscribers who repeatedly infringe copyrights. The Court stated that it is mindful of the need to give ISPs some flexibility in making repeat infringer policies, and of the difficulty of determining when it is “appropriate” to terminate a user’s access to the Internet. The Court, however, also explained that, “[a]t a minimum…, an ISP has not “reasonably implemented” a repeat infringer policy if the ISP fails to enforce the terms of its policy in any meaningful fashion.” The Court interpreted that Cox, in carrying out policy of its thirteen strike process, “made every effort to avoid reasonably implementing that policy” and was “…very clearly determined not to terminate subscribers who in fact repeatedly violated the policy.”
The Court pointed to emails from Cox’s own employees in support of this conclusion. One of the emails from an executive managing the Abuse Group, a team tasked with addressing subscribers’ violations of Cox’s policies, advised a customer service representative asking whether she could reactivate a terminated subscriber that “[i]f it is for DMCA you can go ahead and reactivate.” In another email, that executive explained to another representative: “Once the customer has been terminated for DMCA, we have fulfilled the obligation of the DMCA safe harbor and can start over.” He elaborated that this would allow Cox to “collect a few extra weeks of payments for their account. ;-).” In yet another email, it was stated that “DMCA = reactivate.” The Court indicated that as a result of this practice, from the beginning of the litigated time period until September of 2012, Cox never terminated a subscriber for infringement without reactivating them.
To make matters even worse, the Court noted that Cox dispensed with terminating subscribers who repeatedly infringed BMG’s copyrights in particular when it decided to delete automatically all infringement notices received from BMG’s agent, Rightscorp. As a result, Cox received none of the millions of infringement notices that Rightscorp submitted to Cox on BMG’s behalf during the relevant period.
Based on all of this evidence, it’s hardly surprising that the Court held that Cox did not qualify for the benefit of the DMCA safe harbor because of failure to implement a repeat infringer policy in any consistent or meaningful way — “leaving it essentially with no policy,” as the Court put it. The Court, however, did order a new trial for Cox, finding that the jury instructions from the initial trial were faulty. The instructions at the trial court level had indicated that Cox could be found liable for contributory infringement if it “knew or should have known of such infringing activity.” The formulation “should have known” reflects standard of negligence and is therefore too low a threshold. The Court held that proving contributory infringement requires proof of at least “willful blindness,” meaning negligence is insufficient. Remember, the definition above requires “knowledge,” so the Court got it right here.
Accordingly, this case clarifies that in order to be held liable for contributory copyright infringement, including under the DMCA, it must be proven that the defendant had intent above negligence or recklessness – The standard is willful blindness or actual knowledge of the infringement.
In sum, there are a few take-aways from this case. If you allow users to post or upload content to your website (e.g., a tube site), be sure to provide and enforce a reasonable repeat infringer policy… And don’t expect to ban only adjudicated infringers. Use common sense and ban users that appear to repeatedly upload or post infringing content. Use caution – If you’re found only negligent in enforcing your policy, you may not be liable in court, but why risk it and have to endure expensive and time-consuming litigation? Do it right, and don’t get caught with your pants down like Cox did!