Did the Second Circuit Just Kill “Red Flag” Knowledge?

Oh, DMCA caselaw, I can never quit you. Even though you really don’t affect my practice much, you’ve become my hobby, such that I can’t resist commenting on every appellate-level decision involving you.

The Basics of “Red Flag” Knowledge

The basics of the DMCA safe harbor are that, if you are an “internet service provider,” you are immune to claims of (civil) copyright infringement under four different circumstances—there are thus four different flavors of DMCA safe harbor—if you meet qualifications specific to the flavor you seeking protection under, and you have and reasonably implement a repeat-infringer policy. The most popular flavor is that the content you are accused of infringing was placed on your computer system at the “direction” of one of your users. This flavor is known as § 512(c). This covers a wide range of common internet services, from comments, to videos uploaded to YouTube or Vimeo, or even stuff stored in the “Cloud.” Although Congress had in mind the first and last of these scenarios, it’s been user-uploaded content to public sites, like YouTube, where the action has been.¹The recent decision against the ISP Cox Communications invoked a different flavor of DMCA safe-harbor, but involved the “repeat infringer” issue.

To qualify for protection under § 512(c), you need to prove three things: (1) you didn’t have either “actual” or “red flag” knowledge that the material in question is infringing; (2) you don’t receive a financial benefit from the infringement, at least where you had the right and ability to control the infringing activity; and (3) you maintain a designated agent who “expeditiously” removes infringing material upon receipt of a proper takedown notification²The statute says “notification,” not “notice.” Does anyone know the difference? If you fail at any of these three things, you lose your safe harbor.³If you don’t even have a designated DMCA agent, you therefore lose the safe harbor as to everything on your system. Otherwise, it’s just with regard to the material at issue.
“Red flag” knowledge looks a lot like what lawyers recognize as “constructive knowledge”: you didn’t actually know, but there were enough hints that you should have investigated (and if you had investigated, you would have obtained actual knowledge). That’s actually an easy concept for lawyers to understand. But Congress didn’t make it easy. That’s because Congress also included this little provision in the DMCA safe-harbor statute, known as § 512(m)(1): “Nothing in this section shall be construed to condition [qualification for safe harbors] on a service provider monitoring its service or affirmatively seeking facts indicating infringing activity.” So, Congress, on the on hand, conditions your qualification for § 512(c) safe-harbor protection on whether you had enough facts to investigate the possibility of infringing activity, but on the other hand, assures you that you have no duty to affirmatively investigate infringing activity.
This left courts in a quandary. Section 512(m)(1) seemed to cancel out “red flag” knowledge. Or, alternatively, we could just ignore § 512(m)(1). But courts don’t normally ignore an otherwise applicable statutory provision. The assumption is that Congress put it in there for a reason. But how to give effect to both “red flag” knowledge and § 512(m)(1)?
Courts generally dealt with the problem by saying that there was red flag knowledge, and that it could deprive you of DMCA safe-harbor protection, but that it was very, very limited. You had to be aware of so many hints of infringing activity that you could have reasonably inferred the infringing activity even without an investigation. As you can imagine, this standard was hardly ever met.
As you can also imagine, this situation was infuriating to rights holders. They saw YouTube etc. as gaming the system, maintaining just enough plausible deniability to avoid red flag knowledge (as severely modified by § 512(m)(1)), while profiting from a lot of infringing activity. Worse, the “red flag” requirement was so obviously there to deal with exactly like this sort of thing, yet this stray provision tacked on at the end of the statute took nearly all of it back. They have been trying to restore “red flag” knowledge as a useful concept ever since.

The Dread Pirate Vimeo, at Your Service.

In a recent case involving the video-uploading service Vimeo, they thought they had a good fact pattern for red flag knowledge. They could show that Vimeo employees at least accessed uploaded videos that were obviously infringing—obviously because they were of well-known songs. The idea is that anyone looking at even a bit of the video would think to herself: “Huh, that song is new. I’ll bet having it here is infringing.” No further investigation would be necessary. Since Vimeo is deemed to have the same information as what its employees acquire in the scope of their employment, this was more than enough to give Vimeo red-flag knowledge of infringement.
This argument was accepted by the trial court, at least enough to deny some of Vimeo’s motion for summary judgment. The appeal was before Judge Leval of the Second Circuit, who is the closest thing to a copyright scholar among federal judges.⁴Justice Ginsberg is not a copyright scholar. Her daughter is, however. Justice Ginsberg and Judge Leval probably don’t see eye-to-eye on copyright matters, I’m betting. But Judge Leval is also not exactly the copyright owner’s best friend on the bench. He wrote the Google Books opinion, and he gave us the whole concept of “transformative use.” It should be noted, however, that there were no dissents from his opinion in this case.
The Second Circuit rejected these arguments. It pointed out three flaws—or, more precisely, unsupported assumptions. First, we don’t know very much about what the employee was doing with the video. All we know is that he accessed it. Did he view it? Was he paying attention? It could be he was just checking technical aspects of the video file and either didn’t watch the video or pay attention to it. Second, we don’t know very much about the employee’s knowledge of contemporary music. Lots of people have no idea what’s popular right now. In fact—and this may (and perhaps should) scandalize you—but many people hardly listen to music at all. It’s just not their thing. They listen to talk radio in the car, they tune out music played in stores, and play video games at home. What is obvious to you and me, and maybe even most people, isn’t obvious to enough people that you can just assume knowledge.

Easy Infringement and Hard Infringement

The third flaw/unsupported assumption is one I have a problem with. The Second Circuit also questioned how much about copyright law the employee knew. This has been a sticky wicket for the DMCA safe-harbor statute. Just because a work under copyright has been uploaded doesn’t mean the uploading user didn’t have the right to do so. The user might have had a license, or came under some obscure statutory carve-out, or was protected by fair use. You never really know, right? At least, not until a court rules, right? This has been an issue not only for the knowledge requirement of § 512(c) protection, but also for the general “repeat infringer” requirement (what does it mean to be an infringer?).
The Second Circuit posits that not every employee can make hard fair use determinations, or would think to wonder about authorization. That might be true, but you can apply that line of reasoning to actual knowledge, couldn’t you? Say the employee watches the whole thing, recognizes the song and knows it’s a recent song. Wouldn’t that be actual knowledge, right there? Well, not if we can imagine an employee so ignorant of the basics of copyright law that he thinks this is somehow a fair use? Yes, there’s a lot of fair-use mythology out there, but we shouldn’t coddle it, either. This line of reasoning, therefore, threatens not only red-flag knowledge but the entire knowledge prong. You just need employees who are really ignorant of copyright law.
Put it this way: if you feel (as I do) that there is “easy” fair use and “hard” fair use, and those who send takedown notifications must at least take into account “easy” fair use, then you must also conclude that there is “easy” infringement and “hard” infringement, and service providers must at least take into account “easy” infringement.
If you accept this point, then it tends to swallow up the other two: even if the employee watched and listened to the video fully—heck, even multiple times—and knew the songs were contemporary, you’d still not have red-flag knowledge so long as the employee is something less than a copyright scholar. That can’t be right.

Bearing the Burden of Understanding Burdens of Proof

Still, the Second Circuit had two good reasons to reject the rights-holders’ argument. You might wonder, then, what the rights holders saw in this argument in the first place, when all they really could prove is employee access to copyrighted works?
The answer lies in that really boring⁵Well, fascinating, if you’re me. discussion about burdens of proof. You see, the DMCA safe-harbor is an affirmative defense, and affirmative defenses, by definition, must be proven by the defendant. That’s how it works: the state proves you murdered someone, and you have to prove that you did it in self-defense. The rights holders prove that you copied the work without authorization, and you have to prove that, even so, you are protected by a DMCA safe harbor.
As the Second Circuit points out, it is rarely this simple in practice. Burdens of proof are much more flexible. Who needs to prove what depends in large part on who is better placed, and more motivated, to prove an element. In particular, the law prefer to avoid making parties “prove a negative.” Thus, Vimeo had to prove that it qualified for § 512(c) protection by proving that the videos in question really were uploaded by users, it didn’t really have to prove that it had no knowledge (actual or “red flag”) of the acts of infringement. That would be proving a negative. It would more naturally be on the rights holders to prove what knowledge Vimeo’s employees had.
The rights holders didn’t bother, except to establish employee access to the videos, enough to post a brief comment, “like” it or add it to an appropriate “channel.” They didn’t take the depositions of the employees in question, to find out if they actually watched the video or how much they knew about the songs in question. They apparently didn’t uncover any emails from such employees that might shed some light on these issues. They didn’t find out what songs are on the employees’ playlists (if any).
Why not? Because it would have been a great big pain to take all of that discovery—and it still might not have worked. They needed to identify at least the employees who accessed the videos in question the most—and hope that they’re still employed. (If they are, they’d need to be tracked down and subpoenaed, which is much harder.) Then they’d need to get the right kind of documents from them, then depose them. How many would they need to take discovery of? A dozen? Maybe just six? And what are the chances they remember any details?
This is a common problem in litigation: proving something might be theoretically possible, using all the discovery tools at your disposal, but it might not be feasible, given the costs. The plaintiffs in this case are fairly big, but they’re not Google or Oracle big.
I haven’t read the briefs, but based on the opinion, here’s what I’m guess was the plaintiffs’ game-plan: (1) DMCA safe harbors are affirmative defenses; (2) Vimeo will need to prove the lack of red flag knowledge; (3) proving a negative is frowned on; (4) but we can prove access by Vimeo’s employees to our videos; (5) it’ll be up to Vimeo to prove the access was innocuous, which will be difficult if not impossible to do; and (6) boom, we win.
The court (correctly, in my view) required more than proof of access. The court insisted on proof of red flag knowledge, and that meant proving that the employees viewed the videos, and that they knew the videos were likely under copyright.

Red-Flag Knowledge Is Dead. Long Live Red-Flag Knowledge!

When the plaintiffs complained that, by requiring this level of proof, the court was essentially reading red-flag requirement right out of the statute. The correct response to this complaint would be to simply point out that the plaintiffs were free to prove up their contention of red flag knowledge, and that the interplay between red flag knowledge and § 512(m)(1) just doesn’t allow a lot of room for maneuver.
And that’s what Judge Leval wrote: “While the difference between actual knowledge … and red flag knowledge … may not be vast, it is nonetheless a real difference. If the facts actually known by an employee of the service provider make infringement obvious, the service provider cannot escape liability through the mechanism of the safe harbor….” That’s more or less correct. Not quite how I’d put it, but correct.
Judge Leval didn’t kill red flag knowledge. It’s alive and well, in the sense that an ant is alive and well in a garden full of spiders.

Those Darn Emails!

But there’s more. As with the YouTube case, the plaintiffs uncovered some unflattering emails from Vimeo employees:

• One employee told a user that Vimeo would allow a lip-dub video⁶ Like this one? I think there was a suit over the Flagpole Sitta lipdub, which just shows some people can’t stand other people having fun. Remember when these were a thing? Some were actually kind of fun. I’d say a lot of them are fair use. but would have to take it down in response to a notification. That, actually, sounds legit to me.
• Another employee told another user that Vimeo doesn’t review audio content, saying “Don’t ask, don’t tell ;).”⁷In a footnote, the court explained that it understood that to be a wink. Thank goodness. But the law is clear that there’s no obligation to review content, so, so what?
• When another user asked about using a Radiohead song in posted video, a Vimeo employee wrote,“We can’t officially tell you that using copyright [sic] music is okay. But…” The idea is that Vimeo will wink at it.
• When someone else asked what Vimeo does about the use of copyrighted music⁸Who are these people? Investigators for the plaintiffs?, the Vimeo employee wisely didn’t respond but forwarded the question with the comment, “Ignoring, but sharing.” Not sure how this means anything.
• When another user asked whether there would be “issues” with using a certain copyrighted song as a “soundtrack” to a home video,“ a Vimeo employee responded, ”The Official answer I must give you is: While we cannot opine specifically on the situation you are referring to, adding a third party’s copyrighted content to a video generally (but not always) constitutes copyright infringement.“ Which is 100% correct. Good job! Oh, but then he added, ”…Off the record answer … Go ahead and post it….“⁹Dude, you understand that if you write your answer down, it’s not ”off the record.“ Ohh, stumbled at the end! Having said that, putting a copyrighted song as a ”soundtrack” to a user-created video might well be fair use, and Vimeo is hardly in a position to give specific legal advice here.
• Another Vimeo employee sent an internal email saying, “Who wants to start the felons group, where we just film [EXPLETIVE DELETED] covers of these [EMI] songs and write ‘[EXPLETIVE DELETED] EMI’ at the end?” Well, who couldn’t get behind that? And, what does this have to do with anything, other than adding colorful language to the proceedings? Also, criticizing crummy EMI album covers is clearly fair use, even if done crudely. Also, also, nobody actually did this.

The sense one gets from these snippets is that Vimeo is highly reluctant to comply with copyright laws. And they’re generally aware of copyright infringement. These are not “damning … smoking gun(s).” They show at most a generalized knowledge of copyright infringement. If that’s all it took to remove safe harbor protection, there simply wouldn’t be any sites where users could upload content for public consumption because copyright infringement will always be a concern. You’ll notice that in none of these emails does the Vimeo employee condone straight up “easy” infringement. When they get details, it’s for whether the user can use the song for a user-made video. Without viewing the video, that’s arguably fair use, and Vimeo is under no obligation to opine on that or investigate further. The other questions were too vague to ascribe anything Vimeo, other than general contempt for music labels—again, something everyone can get behind. I really don’t see anything horribly actionable about these emails.

Willfully Blind Hope

But what about “willful blindness”? When the Second Circuit held that one could acquire “red flag” knowledge through “willful blindness,” there was hope that this would restore “red flag” knowledge back to constructive knowledge. The idea is that if you have evidence that infringing activity is going on, you can’t just ignore it. This hope was destined to disappoint. Willful blindness was still going to be cabined by § 512(m)(1). The willful blindness would still require that the evidence be self-evidently obvious, so it wasn’t going to change much.
Plaintiffs made three arguments for willful blindness. First, by watching videos but not listening to them, they were willfully blind of their infringing audio content. The logic was that, if you start investigating, you need to stop. The Second Circuit rejected this argument: if § 512(m)(1) relieved you any duty to investigate, it also implied a duty to stop any investigation wherever you wanted. I would also add that, unless the video in question was obviously a commercial music video, I don’t see why a random video would even trigger a duty to investigate even under the constructive knowledge standard. Based on the emails discussed above, it appears the main point of contention was the use of copyrighted music in connection with user-created video content. If so, there’d be little in the video content to suggest there might be anything hinky about audio content.
Second, the Plaintiffs argued, based again on those emails, I surmise, that Vimeo had lots of hints of infringement. Again, the Second Circuit rejected the argument based on § 512(m)(1). I’d also add that, even under the constructive knowledge standard, those emails so vague as to what the user plans on doing that I don’t see how Vimeo was supposed to locate the possibly infringing video (unless the user gave enough identifying information that Vimeo could identify the account, maybe?).
Third, again pointing to those emails, Vimeo encouraged the posting of infringing content. If those emails are all the Plaintiffs found, then they hardly evince some kind of general policy of encouraging infringing activity, according to the Second Circuit. I would add that, again, the emails are too vague about what the user plans to do. If a song is going to be used in connection with a user-created video, I would need to know a lot more before I could give an opinion whether the use was a fair one.

The Specific General

Warning: the section is kind of wonky. Feel free to skip to the next section.
Lurking behind these arguments is the idea that red flag knowledge is different from actual knowledge in one crucial aspect: actual knowledge is limited to the acts of infringement complained of, while red-flag knowledge is generalized. If you have red-flag knowledge and don’t take action, you lose all of your DMCA safe-harbor protection. The basis for this argument is that the DMCA discusses actual knowledge in terms of “the material or an activity using the material … is infringing,” whereas it discusses red-flag knowledge in terms of “facts or circumstances from which infringing activity is apparent.”
Courts have interpreted both kinds of knowledge as being limited to the material at issue, and not merely that the system as a whole is being used for infringing activity. But are they correct? Congress did seem to specify material in connection with actual knowledge but generalized “infringing activity” in connection with red-flag knowledge. On the other hand, it’s not as though you ignore context when reading statutes: it’s possible Congress meant “infringing activity” in connection with red-flag knowledge to be shorthand for “activity using the material on the system or network [that] is infringing.”
I’m honestly not sure how this makes that much of a difference, in light of § 512(m)(1), which cannot be wished away. How are to know that your system is being used for infringing activity without affirmatively investigating? How many acts of infringement does it take before it’s “infringing activity”? Just one? If I operated a cloud storage system, not publicly available, and someone told me that they were storing infringing information on my system, what precisely would I need to do to keep my DMCA protection? Cut off that user? Investigate all my users, just in case?
The legislative history is of little help. The House report is here, the Senate here. When discussing actual knowledge under § 512(c), the committee explained its use of “activity” so as to broaden the types of infringement that the provider might conceivably have actual knowledge of: not just the act of copying the copyrighted material onto the system, but unauthorized performance, for example. When discussing red-flag knowledge under § 512(c), the committee didn’t explain further, except to emphasize that the provider is under no obligation to investigate.¹⁰Some point to the committee notes for the same language but under § 512(d), which provides a safe harbor for linking or referring users to infringing content. There, the committee says that a search engine or catalogue (this was written in the area when Google was in its infancy and Yahoo!‘s catalogue was most users’ way to finding things on the Web) gains red-flag knowledge if a site it links to is obviously a pirate site. The argument goes that, since Vimeo is obviously a pirate site, it must also have red-flag knowledge of infringing activity on its network. I cannot agree. Even the committee limits such “red-flag” knowledge to sites which are obviously “pirate” sites at a glance: “The common-sense result of this ‘red flag’ test is that on-line editors and catalogers would not be required to make discriminating judgments about potential copyright infringement. If, however, an Internet site is obviously pirate, then seeing it may be all that is needed for the service provider to encounter a ‘red flag.’” By contrast, Vimeo is not obviously a pirate site at a glance. You’d have to investigate in order find that out, and the committee is quite clear that you don’t need to be that “discriminating.” Further, there’s maybe a reason why this discussion is limited to § 512(d) and not § 512(c), even if the language is the same. Nothing in the legislative history suggests that § 512(m)(1) may be ignored.
But courts are right to limit red-flag knowledge to the actual material at issue—and “activity” related to that material. And you don’t need to consult any committee reports for it. Here’s why. When I was describing how the knowledge requirement of § 512(c) worked, I left out an important piece: You lose your DMCA protection if you have actual or red-flag knowledge, unless you “act[] expeditiously to remove, or disable access to, the material.“ If Congress had meant for red-flag knowledge to be generalized, and not limited to the material at issue, then Congress would have need to add, ”…or, where the provider is aware of facts or circumstances from which infringing activity is apparent, acts expeditiously to stop the infringing activity.“ Otherwise, this provision would be meaningless for those with red-flag knowledge. In fact, red-flag knowledge would irretrievably destroy DMCA safe-harbor protection because there would no way to ”fix“ is expeditiously.¹¹Nimmer, who again straying from role as a writer of treatise and into the role author law review articles that happen to be bound in a treatise, thinks that red-flag knowledge is generalized. So what should one with red-flag knowledge remove? Nothing, Nimmer. The service provider must just ”react.“ But that’s not what the statute says. It says to remove material. The committee report Nimmer cites to is no different: ”New subsection (c)(1)(A)(iii) provides that once a service provider obtains actual knowledge or awareness of facts or circumstances from which infringing material or activity on the service provider’s system or network is apparent, the service provide does not lose the limitation of liability … if it acts expeditiously to remove or disable access to the infringing material.“ Sorry, Nimmer, it does not just say ”react.”

Blasts from the Past

Hey, there’s more to this case. Although the ruling on red-flag knowledge seemed to draw the most flack, though it barely moved the needle, the ruling held for the first time that the DMCA safe-harbor protections apply to pre–1972 musical sound recordings! OK, that sounded more exciting in my head, but it’s actually a big deal. Here’s why. Believe or not, before 1972, the Copyright Act didn’t cover sound recordings. Songwriters got protection, but the musical artists (and sound engineers, etc.) didn’t for the artistry involved in bringing a song to life.¹²Reminder: almost every song you listen to has two separate copyrights: one for the musical composition, which belongs to the songwriters, and one for the sound recording, which belongs to the artists. If you perform someone else’s song live, you infringe the composition but not the recording. If you publicly play a recording of the song, you infringe both copyrights. Got it? Yes, music and copyright is unnecessarily complicated.
But the artists weren’t completely without protection, because in those days, states could have their own copyright laws, which were OK so long as they didn’t cover the same ground as the Copyright Act. Some states, like California, were explicit in this protection. Others… not so much. Honestly, we have no idea if a pre–1972 recording was protected in probably 75% of the states.
Congress finally added sound recordings to the scope of what was protected by the Copyright Act then in force (the Copyright Act of 1909). In 1978¹³It was passed in 1976, but took effect in 1978., the current Copyright Act took effect, and completely got rid of all of those old state copyright protections. Well, completely, except for pre–1972 sound recordings. Congress could have retroactively protected those recordings, thus sparing us a lot of pain, but it didn’t. And they continued to be protected, if at all, by a hodgepodge of state laws. That’s not insignificant, since a lot of great music was recorded before 1972.
The question has arisen whether the DMCA safe harbors apply to pre–1972 sound recordings because those sound recordings are not protected by the Copyright Act. This could be pretty significant because if someone uploads a video that uses a pre–1972 song as its “soundtrack” to Vimeo, Vimeo has no protection whatsoever. Even if Vimeo expeditiously removed the video upon discovery, it’d still be liable. The most rational business strategy is probably fatalism: hope that no one uploads anything like that, and if someone does, hope that no one notices.
The problem was that, when Congress addressed pre–1972 sound recordings in the current Copyright Act, it wasn’t just benign neglect. Congress provided, “rights or remedies under [the law] of any State shall not be annulled or limited by this title.” But that’s precisely what § 512(c), which is part of “this title,” would do if it were applied to pre–1972 recordings.
The Second Circuit got around this problem by pointing out three things. First, the DMCA was passed in 1998, after the current Copyright Act was passed, so Congress could be assumed to know about this general prohibition against limiting state copyright law. Second, the DMCA safe harbors protection against “infringement of copyright,” without limiting it to federal copyright (which it sometimes does by adding “under this title”). Third, removing pre–1972 recordings from the protections would be weird, er, “substantially defeat the statute’s purposes.” Which is true enough, though Congress sometimes writes crazy-bad laws.¹⁴Sometimes I think Congress writes such sloppy laws because it knows courts will bail them out. It’d be nice if Congress got better at drafting statutes. You’d think that’d be a core Congressional skill.
Although this result neatens things up—it really gets tiresome to keep having to say, “…except for pre–1972 sound recordings, of course”—I’m not sure I’m on board with this reasoning. You could easily turn it around and say that, since Congress knew about the prohibition against limiting state law, it would have been explicit in the DMCA when it over-rode that prohibition.
But, hey, you know what? Now we have clear appellate caselaw on the matter, and that clarity is what matters most to the practitioner—and to businesses affected by the law.
Thanks for reading!