Dim Light Shed on Our Understanding of DMCA Repeat-Infringer Requirement

This post is about BMG Rights Management v. Cox Communications, a case about which I’ve posted at least four times: here, here, here and indirectly here. Note my evolving take on the “Sony-Betamax” rule (which will now require further refinement). The Fourth Circuit has now issued its appellate ruling and opinion, which held mostly for the plaintiff copyright owner but nevertheless sent the case back for another trial. This post is an overview of that opinion and doesn’t really assume you’ve read my previous posts or know that much about the case. I’ll try to write another post about what this opinion does to the Sony-Betamax rule.

Cox manager in charge of administering repeat-infringer policy: “How many accusations of infringement has that been? Eleven? Oh, my, we’ll need to come down hard on him. Send him a stern email telling him that we’re very disappointed in him and that we think his mom would be, too. Yeah, no point getting tougher. It all resets Monday.” Photo by Jeremy Randell, under Creative Commons Attribution Share-Alike 4.0 International license

From now on, any time an ISP fails to implement its own repeat-infringer policy, it’s going to be called a “Cox-up.” A somewhat broader definition (based on this) might be: “a situation that is complicated, unpleasant, or difficult to deal with because someone in authority decided not to consult with his company’s own in-house lawyers.”

Super Quick Introduction to DMCA Safe Harbors and Attacks Against Them

Copyright owners more or less hate the DMCA’s safe harbors. These are defenses against copyright claims1 for “service providers,” if they meet certain requirements. The most famous of these safe harbors is known as § 512(c)2, which gives safe harbor to companies like YouTube and Dropbox for content stored on their servers at the direction of their users. This safe harbor imposes the well-known requirement that the ISP take down content in response to a properly drafted notification3 of copyright infringement.

Cox wasn’t that type of service provider4, though. It’s a regular-old ISP. It provides consumers access to the internet. As such, it wasn’t subject to the notification-and-takedown system. You can send notification after notification to Cox, and it didn’t have to do a thing about it. The only requirements for Cox to enjoy DMCA safe harbor was, basically, to act like a normal regular-old ISP.

But tucked away in the DMCA is a requirement that applies to all safe harbors, not just § 512(c). You have to have a “repeat infringer policy,” and you have to implement it “reasonably.” The actual language goes like this:

The limitations on liability established by this section shall apply to a service provider only if the serve provider—
(A) has adopted and reasonably implements, and informs subscribers and account holders … of a policy that provides for the termination in appropriate circumstances of subscribers and account holders holders of … the system or network who are repeat infringers.

For years, copyright owners with enough money have attacked the DMCA safe harbors, but they have generally stayed away from this requirement. At first, they preferred to try to cut the § 512(c) safe harbor off at its ankles by questioning what it means for content to be stored at a user’s direction. When that didn’t work, they went after other requirements of § 512(c). They failed routinely to weaken the safe-harbor protections and ended up strengthening them. Thanks to these efforts, we now have a very good sense of what it takes to enjoy protection under § 512(c).

Lather, Rinse, Repeat, but Only Under Appropriate Circumstances

Perhaps the requirement of a reasonably-implemented repeat-infringer policy had too much play in the joints for the major copyright owners. What’s an infringer—adjudicated or merely accused? How many times is “repeat.” What are “appropriate circumstances”? But it seemed to me that this play made it an attractive. Copyright holders stood a pretty good chance of convincing courts to set a high bar for what policies were acceptable and what implementations were reasonable.5 Even they lost, the play in the joints wouldn’t be lost, and service providers would have to worry about losing the next time.

At long last, there was a case that had to rely on the repeat-infringer requirements. This involved Rightscorp, a company that helps copyright owners locate infringers and get money from them. Its business model was to send takedown notifications to ISPs that were actually settlement demands, with the expectation that the ISP would then forward the notifications cum settlement demands to the subscribers.6 Rightscorp had been sending these notifications to Cox Communications, an ISP and was becoming increasingly dissatisfied with Cox’s zeal for cooperation. Indeed, at some point, Cox just stopped taking notifications from Rightscorp.

That appears to have been the last straw for Rightscorp. Its client BMG Rights Management7 sued for contributory and vicarious copyright infringement—i.e., holding Cox responsible for its subscribers’ acts of infringement. And Cox confidently asserted the DMCA safe harbor for ISPs. And why wouldn’t it? It’s a big corporation, with in-house counsel and the resources to get the best legal advice. There was no way Cox Communications was going to risk massive liability for copyright infringement—BMG would be just the tip of the iceberg.

I Have Good News and Bad News. The Bad News Is That There Is Too Much Good News.

But then it came out. BMG didn’t really have much of a repeat-infringer policy. And when it did adopt one, it was very… loose. It gave subscribers 13 chances to screw up and avoid termination. At each step, the consequences got more severe, from not-at-all-severe to slightly annoying all the way to fairly annoying. Even after the 13th step, the subscriber wasn’t automatically terminated, just considered for it. Oh, and the 13-step process reset itself after six months.

But Cox’s “implementation” of this policy was the real star. At first, Cox would only pretend to terminate subscribers after strike 13, winking at the subscriber then reinstating them. Later, Cox decided to take termination seriously by making terminations permanent—but then compensated by essentially terminating nobody.8

Alas for Rightscorp: its case against Cox was too good. It wanted a ruling that Cox, and other ISPs, were obligated to pass along the notifications cum settlement demands in order to comply with the repeat-infringer policies (even though the notification procedures are peculiar to types of DMCA safe harbor that don’t affect plain-old ISPs like Cox). But courts are trained to choose the simplest path to a decision, and the simplest path here was to find that Cox hadn’t reasonably implemented its repeat-infringer policy. Since Cox had done such a spectacularly poor job of that, such a finding shed little light on what it means to reasonably implement a policy. And it shed no light on what constitutes an acceptable repeat-infringement policy.

Here’s a Thimble to Hold Everything We Learned About Repeat-Infringer Policies.

Well, we learned one thing. Because Cox argued that none of its subscribers were repeat infringers, the court had to decide what the DMCA meant by “infringer” in this context. Cox argued that only “adjudicated” infringers counted as “infringers”; i.e., a subscriber was an infringer only if a court said so. Rightscorp argued that merely being accused of infringement in one of its notification cum settlement demands was enough. The court didn’t define the term precisely, but it hold that adjudication wasn’t necessary, and it came close to holding9 that mere accusations weren’t enough. I suspect the definition will end up being a kind of eye-test for infringement: a subscriber is an infringer if the subscriber’s activities look like infringement, without going into hypothetical possibilities of licenses and fair use.

And I suppose we learned something else useful: a repeat-infringer policy must written and implemented so that there is a credible threat of termination for repeat infringement.

Oh, I Have Some Additional Bad News.

So Rightscorp didn’t get what it wanted, but it still won, right? Well, not really. Although the court held that Cox wasn’t entitled to DMCA safe-harbor protection, the court sent the case back for a new trial because of a mistake in the jury instructions about a different issue.

So far, we’ve been concerned about an affirmative defense. It’s not that you didn’t do it. It’s that, even if you did it, you had really good (i.e., legally justifiable) reason for it. And just because an affirmative defense doesn’t apply doesn’t mean you’re liable. The plaintiff must still prove its case.

In other words, Rightscorp still had to prove that Cox infringed copyright. Cox isn’t the one that reproduced the content, or even the one that performed the content. Cox’s subscribers did those things. But those subscribers used Cox’s servers and conduits to infringe copyright, and Cox charged money for the right to use those servers and conduits. Cox might be secondarily liable for the actions of its subscribers.

There are two flavors10 of secondary copyright liability: contributory and vicarious.11 You are vicariously liable for another’s copyright infringement if you (a) could control the infringing acts, and (b) you benefited financially from the infringement. You don’t need to know that the actions you could be controlling are infringing, only that you could’ve done something about it. The idea is that no one should make money from infringement. At trial, the jury found in Cox’s favor on vicarious infringement, probably because Cox didn’t benefit directly from the infringement. Since Cox charged subscribers based on general usage, Cox would have benefited the same whether a subscriber infringed or not.

Contributory copyright liability was a different matter. To be contributorily liable for another’s copyright infringement, you have to (a) contribute materially to the infringing acts, and (b) know that those acts are infringing. The question, of course, is what it means to “know” of infringing activity.

I Know You Know She Knew He Had Reason to Know What They Should Have Known

At trial, Rightscorp argued that this meant more than actual knowledge, but things you would have learned had you bothered to investigate: “knew or should have known.” It would be up to a jury to figure out when you were under a duty to find out what’s going on. The trial court was persuaded, and it instructed to the jury that, to be liable for contributory infringement, it has to find that Cox “knew or should have known” about its subscribers’ infringement.12 In doing so, the trial court made a mistake and further that that mistake was fatal.13

The court held that “knowledge” essentially means “intent”: “knows that the consequences are certain, or substantially certain, to result from his act, and still goes ahead….” It also held that willful blindness (i.e., having enough knowledge of an act to blind oneself to the act) was effectively the equivalent of intent.

So the case was sent back to the trial court for a do-over on contributory infringement, but with the correct jury instruction. Cox will still lack a DMCA safe-harbor, and the claim for vicarious liability will still gone, but almost everything else should be on the table. One suspects the result will be the same: liability with low damages14. But you never know with jury trials, especially on remand.

Thanks for reading!