The Digital Millennium Copyright Act: Scope, Reach, and Safe Harbors
With businesses engaging in increasingly more commerce over the internet, it is crucial to understand the consequences of displaying, using, and transferring another entity’s works online. Enter The Digital Millennium Copyright Act (DMCA) of 1998, which was signed into law by President Clinton to keep pace with the new realities of internet technology and commerce. The Act sought to protect intellectual property rights while simultaneously advancing the growth and development of e-commerce.
The DMCA is divided into five titles.
- Title I implements the 1996 World Intellectual Property Organization (WIPO) treaties and makes it unlawful to manufacture or distribute products, services, or technologies that can be used to circumvent any technological measures intended to control access to copyrighted works, such as passwords or encryptions.
- Title II contains various “safe harbors” for internet service providers (ISPs) that limit their liability for direct, contributory, or vicarious copyright infringement.
- Title III creates an exemption from infringement liability for computer program copying conducted for purposes of repair, diagnosis, or troubleshooting.
- Title IV contains miscellaneous provisions for items such as ephemeral recordings and the transfer of rights to motion pictures.
- Title V creates a new form of protection for vessel hull designs, overturning the United States Supreme Court’s Bonito Boats decision, which denied copyright protection to such boat designs.
Under the DMCA, ISPs such as AT&T, Comcast Xfinity, and Verizon, cannot be held liable for copyright infringement when they neither know, nor have reason to know, that they are providing internet services to a website that is engaged in copyright infringement. The safe harbors include:
- A “storage safe harbor” that protects an online service provider’s hosting and storing, and makes available infringing matter stored at a third-party user’s direction.
- A “transmission safe harbor” that protects the transmitting or providing of a connection to infringing material, typically evoked by telecommunications companies.
- A “caching safe harbor” that protects an ISP from liability for intermediate and temporary storage of a third-party’s infringing material on a system or network either controlled or operated by the service provider or for the service provider.
- A safe harbor for search engine websites that protects the linking or referring of users to online third-party locations with infringing material. In order for providers to invoke this protection, internet providers must make an ongoing investigation of their users’ material, “take down” any infringing material once they are made aware of the infringement and inform any of their subscribers of the illegal consequences of making use of that infringing material through, for example, a set of terms and conditions that appear on the site.
In light of the safe harbors, it is important to note what the DMCA does not protect against – trademark infringement, unfair competition, rights of publicity, invasion of privacy, defamation, foreign law copyright claims, the ISP’s own, directly infringing activities, and any collusion between ISPs and third parties to create infringing material. ISPs must therefore continuously monitor third-party conduct in addition to its own conduct to prevent any activity that could lead to liability or loss of an affirmative defense to copyright infringement.
Two recent cases illustrate the complexities of the DMCA. In Disney Enterprises Inc. et al. v. VidAngel Inc., a federal appeals court affirmed an injunction that shut down VidAngel, a web service that lets users stream Hollywood films without seeing nudity or violence. VidAngel essentially purchased authorized copies of DVDs and Blu-ray discs, decrypted one disc of each film to create a digital, unauthorized copy of the work, removed objectionable violent or obscene content from its created copy, and streamed a filtered version of the copy to its customers. Finding that VidAngel infringed on the studios’ copyrights and violated the ban on circumvention of digital encryption measures (VidAngel bypassed locks on the physical discs in order to upload and stream the movies), the district court issued a preliminary injunction to stop the company from streaming the altered films.
On appeal, the Ninth Circuit Court of Appeals sided with the district court despite VidAngel’s arguments that its actions were lawful because, as purchasers of the DVDs and Blu-ray discs, it was authorized by the Studios to decrypt the technical protection mechanisms installed to view the discs’ contents. The law, however, distinguishes between those entities the content owner authorizes to circumvent the access controls and those the owner authorized to access the work. Falling into the latter category, VidAngel was not be able to claim exemption from copyright liability under DMCA’s safe harbor provisions. The takeaway for business owners is that the DMCA cannot be used as a shield by purchasers of copyrighted works who use them for unlawful copying and dissemination.
In another case, Mavrix Photographs, LLC v. LiveJournal, Inc., 873 F.3d 1045 (9th Cir. 2017), a celebrity photography company that sells its photographs to celebrity magazines brought suit against LiveJournal for posting 20 of its copyrighted photographs online.
LiveJournal is an online platform where users create and run communities to post and comment on content. LiveJournal utilized the help of three unpaid administrative roles:
- “Moderators” who reviewed posts submitted by users to ensure compliance with company rules;
- “Maintainers” who reviewed and deleted posts and who had the ability to remove moderators; and
- “Owners” who removed maintainers and monitors.
The district court held that the DMCA’s safe harbor provision protected LiveJournal from liability since the photos were stored at the direction of its users and not LiveJournal itself. On appeal to the Ninth Circuit, however, using principles of the law of agency, the court ruled that the moderators might be “agents” of the websites they police and could lose DMCA safe harbor immunity if they permit infringing content to be posted. The court stated that moderators were provided with specific directions from LiveJournal, and LiveJournal employees substantively supervised, selected, and removed the moderators. On the other hand, moderators were also free to stop working for LiveJournal and volunteer their time elsewhere. Nonetheless, the court vacated the lower court’s order denying discovery of the moderators’ identities because it believed that the newfound, possible agency relationship impacted the decision to conceal the moderators’ identities.
The implications of the LiveJournal decision remain unclear. Some have criticized the holding as inconsistent with the DMCA framework because the statute was enacted to create a safe harbor that broadly protects service providers for material stored at the direction of its users, not literally for material stored directly by users themselves. But going forward, internet businesses and content providers who previously approved and monitored posts the way LiveJournal did may consider opting to forego such thorough oversight of its users’ posted content if they believe they would be unable to assert a safe harbor defense to copyright infringement.