Dim Light Shed on Our Understanding of DMCA Repeat-Infringer Requirement
This post is about BMG Rights Management v. Cox Communications, a case about which I’ve posted at least four times: here, here, here and indirectly here. Note my evolving take on the “Sony-Betamax” rule (which will now require further refinement). The Fourth Circuit has now issued its appellate ruling and opinion, which held mostly for the plaintiff copyright owner but nevertheless sent the case back for another trial. This post is an overview of that opinion and doesn’t really assume you’ve read my previous posts or know that much about the case. I’ll try to write another post about what this opinion does to the Sony-Betamax rule.
From now on, any time an ISP fails to implement its own repeat-infringer policy, it’s going to be called a “Cox-up.” A somewhat broader definition (based on this) might be: “a situation that is complicated, unpleasant, or difficult to deal with because someone in authority decided not to consult with his company’s own in-house lawyers.”
Super Quick Introduction to DMCA Safe Harbors and Attacks Against Them
Copyright owners more or less hate the DMCA’s safe harbors. These are defenses against copyright claims15Not just secondary liability, though that’s most common. for “service providers,” if they meet certain requirements. The most famous of these safe harbors is known as § 512(c)16Guess what the other ones are called? § 512(a), § 512(b) § 512(d)., which gives safe harbor to companies like YouTube and Dropbox for content stored on their servers at the direction of their users. This safe harbor imposes the well-known requirement that the ISP take down content in response to a properly drafted notification17Never merely a “notice.” of copyright infringement.
Cox wasn’t that type of service provider18Warning: the DMCA defines “service provider” rather broadly—not just someone who gives you access to the internet, but someone who provides services involving the internet., though. It’s a regular-old ISP. It provides consumers access to the internet. As such, it wasn’t subject to the notification-and-takedown system. You can send notification after notification to Cox, and it didn’t have to do a thing about it. The only requirements for Cox to enjoy DMCA safe harbor was, basically, to act like a normal regular-old ISP.
But tucked away in the DMCA is a requirement that applies to all safe harbors, not just § 512(c). You have to have a “repeat infringer policy,” and you have to implement it “reasonably.” The actual language goes like this:
The limitations on liability established by this section shall apply to a service provider only if the serve provider—
(A) has adopted and reasonably implements, and informs subscribers and account holders … of a policy that provides for the termination in appropriate circumstances of subscribers and account holders holders of … the system or network who are repeat infringers.
For years, copyright owners with enough money have attacked the DMCA safe harbors, but they have generally stayed away from this requirement. At first, they preferred to try to cut the § 512(c) safe harbor off at its ankles by questioning what it means for content to be stored at a user’s direction. When that didn’t work, they went after other requirements of § 512(c). They failed routinely to weaken the safe-harbor protections and ended up strengthening them. Thanks to these efforts, we now have a very good sense of what it takes to enjoy protection under § 512(c).
Lather, Rinse, Repeat, but Only Under Appropriate Circumstances
Perhaps the requirement of a reasonably-implemented repeat-infringer policy had too much play in the joints for the major copyright owners. What’s an infringer—adjudicated or merely accused? How many times is “repeat.” What are “appropriate circumstances”? But it seemed to me that this play made it an attractive. Copyright holders stood a pretty good chance of convincing courts to set a high bar for what policies were acceptable and what implementations were reasonable.19To their credit, copyright owners were not afraid to go after large service providers who could go toe-to-toe with them legally. A more cynical strategy would have gone after mid-sized service providers, with enough money to survive to summary judgment but not enough to flesh out all argument or track down all evidence or hire the best experts. Even they lost, the play in the joints wouldn’t be lost, and service providers would have to worry about losing the next time.
At long last, there was a case that had to rely on the repeat-infringer requirements. This involved Rightscorp, a company that helps copyright owners locate infringers and get money from them. Its business model was to send takedown notifications to ISPs that were actually settlement demands, with the expectation that the ISP would then forward the notifications cum settlement demands to the subscribers.20The alternative was to sue thousands of subscribers at a time, based on their IP addresses at a certain time and date, and subpoena their names and contact information from the ISP. Although this is a fairly common strategy, especially among owners of copyright in pornography, it doesn’t scale to Rightscorp’s needs. Rightscorp had been sending these notifications to Cox Communications, an ISP and was becoming increasingly dissatisfied with Cox’s zeal for cooperation. Indeed, at some point, Cox just stopped taking notifications from Rightscorp.
That appears to have been the last straw for Rightscorp. Its client BMG Rights Management21Since Rightscorp didn’t actually own the copyrights at issue, it lacked standing to sue to enforce those copyrights. It had to prevail upon its client, the actual owner, to do so. You may now ask yourself who might have paid the plaintiff’s lawyers. This lawsuit wasn’t cheap. sued for contributory and vicarious copyright infringement—i.e., holding Cox responsible for its subscribers’ acts of infringement. And Cox confidently asserted the DMCA safe harbor for ISPs. And why wouldn’t it? It’s a big corporation, with in-house counsel and the resources to get the best legal advice. There was no way Cox Communications was going to risk massive liability for copyright infringement—BMG would be just the tip of the iceberg.
I Have Good News and Bad News. The Bad News Is That There Is Too Much Good News.
But then it came out. BMG didn’t really have much of a repeat-infringer policy. And when it did adopt one, it was very… loose. It gave subscribers 13 chances to screw up and avoid termination. At each step, the consequences got more severe, from not-at-all-severe to slightly annoying all the way to fairly annoying. Even after the 13th step, the subscriber wasn’t automatically terminated, just considered for it. Oh, and the 13-step process reset itself after six months.
But Cox’s “implementation” of this policy was the real star. At first, Cox would only pretend to terminate subscribers after strike 13, winking at the subscriber then reinstating them. Later, Cox decided to take termination seriously by making terminations permanent—but then compensated by essentially terminating nobody.22For two years, Cox terminated 21 subscribers, 17 of whom were subject to termination on grounds nearer and dearer to Cox’s heart, namely payment of bills and use of bandwidth.
Alas for Rightscorp: its case against Cox was too good. It wanted a ruling that Cox, and other ISPs, were obligated to pass along the notifications cum settlement demands in order to comply with the repeat-infringer policies (even though the notification procedures are peculiar to types of DMCA safe harbor that don’t affect plain-old ISPs like Cox). But courts are trained to choose the simplest path to a decision, and the simplest path here was to find that Cox hadn’t reasonably implemented its repeat-infringer policy. Since Cox had done such a spectacularly poor job of that, such a finding shed little light on what it means to reasonably implement a policy. And it shed no light on what constitutes an acceptable repeat-infringement policy.
Here’s a Thimble to Hold Everything We Learned About Repeat-Infringer Policies.
Well, we learned one thing. Because Cox argued that none of its subscribers were repeat infringers, the court had to decide what the DMCA meant by “infringer” in this context. Cox argued that only “adjudicated” infringers counted as “infringers”; i.e., a subscriber was an infringer only if a court said so. Rightscorp argued that merely being accused of infringement in one of its notification cum settlement demands was enough. The court didn’t define the term precisely, but it hold that adjudication wasn’t necessary, and it came close to holding23But didn’t because it didn’t have to to rule against Cox. that mere accusations weren’t enough. I suspect the definition will end up being a kind of eye-test for infringement: a subscriber is an infringer if the subscriber’s activities look like infringement, without going into hypothetical possibilities of licenses and fair use.
And I suppose we learned something else useful: a repeat-infringer policy must written and implemented so that there is a credible threat of termination for repeat infringement.
Oh, I Have Some Additional Bad News.
So Rightscorp didn’t get what it wanted, but it still won, right? Well, not really. Although the court held that Cox wasn’t entitled to DMCA safe-harbor protection, the court sent the case back for a new trial because of a mistake in the jury instructions about a different issue.
So far, we’ve been concerned about an affirmative defense. It’s not that you didn’t do it. It’s that, even if you did it, you had really good (i.e., legally justifiable) reason for it. And just because an affirmative defense doesn’t apply doesn’t mean you’re liable. The plaintiff must still prove its case.
In other words, Rightscorp still had to prove that Cox infringed copyright. Cox isn’t the one that reproduced the content, or even the one that performed the content. Cox’s subscribers did those things. But those subscribers used Cox’s servers and conduits to infringe copyright, and Cox charged money for the right to use those servers and conduits. Cox might be secondarily liable for the actions of its subscribers.
There are two flavors24Some would say three, depending on whether inducement is its own flavor or a sub-flavor of contributory. of secondary copyright liability: contributory and vicarious.25These categories aren’t unique to copyright law. Indeed, vicarious liability is found in pretty much all torts. You are vicariously liable for another’s copyright infringement if you (a) could control the infringing acts, and (b) you benefited financially from the infringement. You don’t need to know that the actions you could be controlling are infringing, only that you could’ve done something about it. The idea is that no one should make money from infringement. At trial, the jury found in Cox’s favor on vicarious infringement, probably because Cox didn’t benefit directly from the infringement. Since Cox charged subscribers based on general usage, Cox would have benefited the same whether a subscriber infringed or not.
Contributory copyright liability was a different matter. To be contributorily liable for another’s copyright infringement, you have to (a) contribute materially to the infringing acts, and (b) know that those acts are infringing. The question, of course, is what it means to “know” of infringing activity.
I Know You Know She Knew He Had Reason to Know What They Should Have Known
At trial, Rightscorp argued that this meant more than actual knowledge, but things you would have learned had you bothered to investigate: “knew or should have known.” It would be up to a jury to figure out when you were under a duty to find out what’s going on. The trial court was persuaded, and it instructed to the jury that, to be liable for contributory infringement, it has to find that Cox “knew or should have known” about its subscribers’ infringement.26Reading through the trial court’s opinion on the subject (on pages 27–28), it’s a little difficult to tell how the trial court ended up with the “knew or should have known” language. It cites authority for “knew or had reason to know,” which might or might not be the same standard and is of doubtful provenance, and for a sliding scale (the “closer” you are to the infringement, the less you need to know). The only authority it cites for this language is some pattern jury instructions, which in turn gets its authority from the same authority that uses “knew or had reason to know.” In doing so, the trial court made a mistake and further that that mistake was fatal.27By definition, if the appellate court disagrees with the trial court, the trial court made a mistake, assuming the Supreme Court doesn’t get involved and say the appellate court made a mistake and the trial court was right all along (which sometimes happens).
The court held that “knowledge” essentially means “intent”: “knows that the consequences are certain, or substantially certain, to result from his act, and still goes ahead….” It also held that willful blindness (i.e., having enough knowledge of an act to blind oneself to the act) was effectively the equivalent of intent.
So the case was sent back to the trial court for a do-over on contributory infringement, but with the correct jury instruction. Cox will still lack a DMCA safe-harbor, and the claim for vicarious liability will still gone, but almost everything else should be on the table. One suspects the result will be the same: liability with low damages28$25 million is low under these circumstances. Cox is a big company, and the infringement of the plaintiff’s copyrights was extensive.. But you never know with jury trials, especially on remand.
Thanks for reading!