Why Grooveshark Might Not Swim into the DMCA Safe Harbor

In our last blog post, we examined two of the four main requirements for Grooveshark’s DMCA safe-harbor defense.  Those requirements were (1) having and implementing a repeat-infringer policy, and (2) compliance with the notice-and-takedown procedure.  We gave Grooveshark a pass on those two requirements.  We now look at the two remaining requirements:  (3) lack of actual knowledge or “awareness” and (4) lack of direct financial benefit.  We think these two requirements will be much trickier for Grooveshark.

Knowledge and “Awareness”

To qualify for DMCA safe-harbor protection, you (as the website operator) must (1) not have actual knowledge of the infringement,* (2) not be “aware of facts or circumstances” that make the infringement apparent, and (3) “expeditiously” stop the infringement, once you are obtain such knowledge or “awareness.”

*  Want to hear something weird?  If someone sends you a defective DMCA takedown notice, but it includes enough information to put you on notice that infringing activity is going on, you are not deemed to have actual knowledge or even “awareness” of the infringement.  Although this is illogical, there’s a good reason for it.  Otherwise, there’d be no reason for copyright owners to comply with the requirements for a takedown notice (which we discussed last time), in particular, those statements the owners must make about accuracy and good-faith investigation.

We’ll take Grooveshark’s word for it that it has no actual knowledge of infringement on its site.  Otherwise, what’s the point?

But what does it mean to be “aware of facts and circumstances from which infringing activity is apparent”?  In DMCA parlance, this is known as “red flag knowledge.”  The idea is that you have knowledge of warning signs that infringing activity is taking place on your site.

This concept, however, is in tension with another key provision of DMCA safe-harbor:  that you (as the website operator*) have no obligation whatsoever to “monitor[]” your service, or “affirmatively seek[] facts indicating infringing activity.”  In short, you have no obligation to conduct an investigation.

This provision applies to all flavors of DMCA safe-harbor protection.

By and large, the “no-investigation” provision has swallowed up the “red flag” provision.  It’s not enough that the red flags would make an ordinary person go see if there’s a problem.  The red flags must be enough, by themselves, to put you on notice of infringing activity.  (This makes the term red flag rather misleading in this context.)  Thus, for example, if you are a credit-card processing service, processing payments for websites with such domain names as “illegal.net” and “stolencelbritypictures.com,” you are not required to go see whether those websites are, in fact, hosting infringing content.  See Perfect 10, Inc. v. CCBill, LLC, 488 F.3d 1102 (9th Cir. 2007).  This gives you an idea of how low the standard is.

There is, in fact, only one reported instance in which a court found red flag knowledge, Columbia Pictures Industries v. Fung, unreported (C.D. Cal. 2009).  But, lonely as it is, this decision might prove relevant here, so it’s worth talking about.  In that case, Fung operated a number of torrent-type sites, which had content categories such as “Top 20 Movies” and “Top 20 TV Shows.”  The overwhelming majority of the content on his site was copyrighted and unauthorized.  Fung and his moderators actively assisted users in finding, downloading and playing obviously infringing content.  (Fung himself downloaded infringing content from his own website!)  The court found found that Fung had red-flag knowledge.  The court reasoned that there was so much copyrighted material on the website that the only way the defendant couldn’t have known about it was to “engage[] in an ostrich-like refusal to discover the extent to which their systems were being used to infringe copyright.”

Fung cuts both ways for Grooveshark.  One the one hand, Fung’s behavior was truly egregious–far more so than Grooveshark’s.  Among other things, Fung’s websites encouraged users to upload copyrighted content and personally assisted users in committing infringement on the download end.  Grooveshark doesn’t.  In fact, its user agreement and other messages to its users can be quite stern about  avoiding copyrighted content, and its search and playback is fully automated.  If Fung is the standard, Grooveshark is probably OK.

But Fung isn’t necessarily the standard.  Fung wasn’t necessarily a borderline case (it certainly doesn’t read like one!).  There might be a good deal of room between Fung and the line between “true red-flag” knowledge and “almost red-flag” knowledge.  If so, Grooveshark could well find itself in that space.  Like Fung, most of its content is copyrighted (despite its stern warnings to the contrary).  Unlike CCBill, the infringing content is on its own site.  Arguably, Grooveshark isn’t being asked to conduct an investigation or police its users–it’s just being asked to know what is on its own site.  At the same time, it’s been established that generalized knowledge of infringing activity your own website (i.e., knowledge that your site and sites like it are often used for infringing activity) isn’t, by itself, enough to prove red-flag knowledge.  See UMG Recordings, Inc. v. Veoh Networks, Inc., 665 F. Supp. 2d 1099 (C.D. Cal. 2009).

The truth is, we don’t know know where the line is.  It’s somewhere between Fung and Veoh, but that doesn’t tell us much.  What’s the difference between generalized knowledge of infringement and “ostrich-like refusal to discover”?  There’s a difference between saying (as Fung did), “Please upload infringing content,” and “Please upload content, but it had better not be infringing (not that we’ll be checking)!”* Is that difference enough?  With the Grooveshark case, we might get to find out.

* Update: At the University of Colorado lecture I gave on this subject, a Grooveshark employee happened to be present and pointed out that Grooveshark would certainly prefer to be licensed, and, in fact it has obtained licenses from a large number of independent (but minor) labels, plus EMI (which license resulted from the settlement of EMI’s lawsuit against Grooveshark). What’s interesting is that the more that Grooveshark’s content is licensed, the weaker the attack on this prong of its DMCA safe-harbor defense becomes. In effect, the number of “red flags” decreases. I don’t have actual statistics, but there’s a big difference for red-flag purposes (in my mind) between having 95% of your content be infringing and, say, 75%. A rights holder might grumble that Grooveshark knows what songs are authorized and be able to filter unauthorized songs out (and wonder aloud why Grooveshark doesn’t), but the DMCA safe-harbor provision would seem to spare Grooveshark from that task.

Direct Financial Benefit

You are also not eligible for DMCA safe-harbor protection if (1) you (as the website operator) “receive a financial benefit directly attributable to the infringing activity” and (2) you have “the right and ability to control” the infringing activity.

If you’ve been reading this series, you might notice that this sounds almost exactly like the standard for vicarious infringement.  Remember?  Direct financial ability plus control.  In drafting this provision, did Congress mean to invoke the standard for vicarious liability?  This might sound like an arcane question, but its answer might determine Grooveshark’s legal fate.

Here’s why.  There are a number of court decisions that have marked out some of the contours of vicarious liability.  In one of these decisions, involving the old Napster file-sharing system, a federal appellate court held that Napster was vicariously liable for music files made available by its users.  The court found that Napster received a direct financial benefit from those files because they acted as a “draw” for customers of Napster music-downloading service.  In short, if Napster didn’t have the quality and quantity of the music supplied by its users, it wouldn’t have much of a business.  There are limits to this line of reasoning, however.  Just because infringing content makes your website more attractive to consumers doesn’t mean you directly benefit financially from the infringing content.  See Ellison v. Robertson, 357 F.3d 1072 (9th Cir. 2004) (the “Harlan Ellison versus the Usenet” case).  In Napster’s case, its whole business model was dependent on the accessibility of infringing content.

Can we, in effect, import those decisions into this provision of DMCA safe-harbor?  At least one federal appellate court–in the CCBill decision–has said yes.  If so, it’s hard to see how Grooveshark escapes Napster.  The service Grooveshark offers is streaming music, and (as I understand it) Grooveshark’s sole source for the music is user uploads.

But Congress may not have so intended.  The Senate committee report made no mention of vicarious liability, except to say that DMCA safe harbors were meant to protect against claims of vicarious infringement (among other things).  But, if we were to equate direct financial benefit with vicarious infringement, vicarious infringement would become a de facto exception to DMCA safe-harbor protection (at least for those flavors with the “no direct financial benefit” requirement).  Further, the Senate said that there is no direct financial benefit where the infringers make the same kind of payments as non-infringers.  That describes Grooveshark (as I understand it): those that upload music files receive no special benefit from Grooveshark.  That is also a salient point of difference between Grooveshark and the old Napster, where only those participating in the infringing activity (i.e., making their music files available) could benefit from Napster’s services.

Grooveshark’s success on this issue will depend on getting the courts to ignore CCBill* and focus on the Senate report.  That’s tough, but not impossible.  CCBill is powerful (but not controlling) authority.  At the same time, the CCBill court’s analysis of this issue was breezy and ignored the Senate report.

On this one issue.  Otherwise, CCBill is a pretty friendly decision for Grooveshark.

To wrap up:  Grooveshark has its work cut out for it, but it has a fighting chance.  Given its business model, it’s taken all the right legal steps to give itself the best chance for success–its legal discipline has been remarkable.  Is it enough?

Finally, this should go without saying, but I’ll say it.  Any analysis of Grooveshark’s case is based on publicly available information.  There is a lot we don’t know, that the parties will find out in discovery.  If you were following the Viacom-YouTube case, you’ll remember all kinds of juicy and highly relevant internal emails that YouTube had to disclose in that lawsuit (although it prevailed in the end).  The same thing could happen here.  Also, the law could change radically (like when the court of appeals rules in the Viacom-YouTube case…).  It might seem crazy that an entire business model can stand and fall on the winds of court decisions, but that’s the online music service business for you.

OK, we’re done with Grooveshark!*  When we next take up this series, we’ll look at Pandora and Turntable.fm.  Pandora’s clearly legal, but do you know why?  Turntable.fm wants to be legal, too:  does it fall into the same category as Pandora?  (Update:  Because the MP3Tunes decision came down right after we published this post, we went out of order and examined the music-locker services next.)

*  Finally.

Thanks for reading!