Mass Law Blog

The EFF “Unintended Consequences” White Paper Update Marks the Ten Year Anniversary of the DMCA

It’s easy to forget that the Digital Millennium Copyright Act is really two separate laws. One protects publishers from “inadvertent” copyright infringement by creating the “notice-and-takedown” regime that requires copyright owners to demand that publishers take down copyrighted works published by third parties before asserting infringement. The other part of the DMCA is the anti-circumvention rule that generally prevents anyone from from bypassing copy protection schemes.

The Electronic Frontier Foundation (“the leading civil liberties group defending your rights in the digital world”) has published the fifth update to its comprehensive white paper, “Unintended Consequences: Ten Years Under the DMCA.”This 19 page report details the extent to which the DMCA’s anti-circumvention provisions have been used to not to mount legal challenges against pirates who develop technologies to circumvent copy protection, but against consumers, scientists, and legitimate competitors in ways not fully anticipated when the law was passed. The EFF paper provides a comprehensive history of this side of the DMCA, including the famous “Felton/SDMI challenge” incident in 2000 (“bet you can’t defeat this protection. You did? Well, any disclosure of that would violate the DMCA, so put a sock in it”), and the efforts to claim that an end-user license agreement may constitute an access control measure protected by the DMCA. This is a “must read” document for anyone interested in anti-circumvention enforcement under the DMCA.

Articles by Joe Laferrera of my firm, discussing application of the DMCA in the cases of Lexmark International v. Static Control Components, and Chamberlain Group v. Skylink Technologies are linked here and here.

New Hampshire Federal District Court Issues Comprehensive Ruling on Communications Decency Act

“[n]o provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider. … [n]o cause of action may be brought and no liability may be imposed under any State or local law that is inconsistent with this section. . . . . [However this law] shall [not] be construed to limit or expand any law pertaining to intellectual property.”

Communications Decency Act (“CDA”), 47 U.S.C.

First Circuit Applies the CDA to Protect Lycos

I’ve written often about Section 230 of the Communications Decency Act (CDA), which protects “interactive computer services” as follows:

No provider or user of an interactive computer service shall be treated as the publisher or speaker or any information provided by another information content provider

And –

No provider or user of an interactive computer service shall be liable on account of —

(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected

Put simply, this law allows web site operators to avoid liability for certain types of publications on their sites by people outside their control, and to police their sites as they wish.The most obvious example is any kind of bulletin or message board that allows comments by members of the public.The site operator is not the “publisher,” and therefore is not liable for tort claims, such as defamation.

The First Circuit Court of Appeals recently applied this law for the first time in this circuit, in the case of Universal Communication Systems, Inc. (UCS) v. Lycos, Inc. Lycos, the owner of the Raging Bull website, allows the public to discuss the fortunes of public companies.

In 2003, various posters (or possibly the same poster, operating under several different screen names) made disparaging and possibly defamatory comments about UCS on the Raging Bull UCS message board page. UCS sued these individuals under their screen names (in other words, as John Does), but also sued Lycos for publishing these comments. In other words, UCS sued the message board.

Lycos asserted the CDA in defense.After the District Court dismissed based on the CDA, the plaintiff appealed to the First Circuit, which published its decision early this year.

To no one’s great surprise, the First Circuit held that Lycos was protected by the CDA. The First Circuit rejected a variety of attempts by UCS to penetrate the protection of the CDA: that Lycos was not an “Internet service provider,” that the postings became Lycos’ “own” speech when it didn’t remove them after being notified of their existence by UCS, that Lycos had “constructed and operated” its web site so as to “contribute to the proliferation of misinformation,” and that Lycos had engaged in trademark dilution (the CDA does not protect bulletin boards from intellectual property claims, particularly trademark, trade secret and patent claims).

Lycos had the wind at its back in this case, but this is still an important precedent in understanding the CDA, and the application of this statute by the First Circuit.

Viral Video, YouTube and Whack-a-Mole, or Why Mark Cuban is Wrong

I quote from News.com on September 28th:

Cuban, co-founder of HDNet and owner of the NBA’s Dallas Mavericks, also said YouTube would eventually be “sued into oblivion” because of copyright violations.

“They are just breaking the law,” Cuban told a group of advertisers in New York. “The only reason it hasn’t been sued yet is because there is nobody with big money to sue.”

* * *

Cuban said “anyone who buys that (YouTube) is a moron” because of potential lawsuits from copyright violations.

“There is a reason they haven’t yet gone public, they haven’t sold. It’s because they are going to be toasted,” said Cuban, who has sold start-ups to Yahoo and CompuServe.

The outspoken (to put it mildly) Cuban, billionaire owner of the Dallas Mavericks and Chairman of HDTV cable network has repeated this message loudly and often, both before and after Google’s $1.6 billion purchase offer to YouTube. Many other media sources appear to have picked up the tune, and the media-giant mouthpieces have added to the volume by rattling their sabers, implying that its only a matter of time before this “mother of all lawsuits” is forthcoming.

Don’t believe a word of it. Surprisingly few observers have asked the pertinent question here: do the Supreme Court’s 1995 Grokster decision and the DMCA (the Digital Millennium Copyright Act) protect YouTube from liability for copyright-protected works posted by third parties (third parties being the law’s awkward way of saying someone other than YouTube itself)?

Grokster sets the legal standard for contributory copyright infringement, in this context a product or service (YouTube) that encourages or assists third parties to post infringing works. Based on what I’ve observed, it seems that YouTube has been well advised by some pretty savvy lawyers, and that as a result it has stayed on the safe side of the line defined by Grokster. I’ve read of no evidence suggesting that YouTube has intended its service to be used for infringing works, or that it has done anything to foster infringement. If such evidence existed, you can be sure the media companies would let us know, and they haven’t. We also can be pretty sure that Google carefully vetted YouTube for this issue, and that if it had found adverse evidence, YouTube would still be flying solo.

As to the second issue, the DMCA, this federal law provides a strict “notice and take down” procedure that requires copyright owners to give written notice of an infringing work posted by a third party to the web host, including its precise location (its URL), as part of a demand that the work be “taken down.” There is no suggestion that YouTube has not responded in a timely way to legitimate take-down requests, and in fact the press has reported that YouTube has attempted to develop technologies that can help identify copyrighted works. (If this is true it would weigh even more heavily in YouTube’s favor in evaluating YouTube’s intent for purposes of applying Grokser).

All YouTube needs to do is hire a staff capable of looking at a take-down notice and removing the work at the identified URL. Ten, fifty, maybe a hundred FTEs, perhaps working in India or another low-wage country, should be sufficient, and hence the “whack a mole” metaphor – I can for-see copyright owners being forced to constantly scan YouTube to catch their copyrighted works when they pop up over and over again (posted by different users), and repeatedly provide infringement notices to YouTube. To put it differently, and a bit crudely, every time a copyrighted work pops up the copyright owner would “whack the mole” by sending a take-down notice. Of course, the media companies could themselves hire low-wage foreign workers to scan YouTube, and issue the take-down notices, creating more third-world employment on both sides of the equation. Strange but true …

Of iPods, Lock-Ins and the DMCA

As an ambivalent owner of an Apple iPod I’ve given a lot of thought to the fact that songs I download from Apple’s iTunes will not play on a portable device other than an Apple iPod. If I want to play my iTunes music collection on another manufacturer’s MP3 player, today or five years from now, I’ll be unable to play the tunes downloaded from iTunes. The Digital Millennium Copyright Act prevents competitors from reverse engineering the protection Apple embeds in these files, and therefore Apple has, in effect, a government enabled lock-in.

The only legal way around this restriction requires users to burn the iTunes songs to a CD and then import (rip) them back into iTunes as MP3 files. This eliminates Apple’s digital rights management (DRM) and “frees” these tunes, but what a hassle and disincentive to buy music from iTunes. Do I do this? Yes. Do I like it? Ah …. (If you’d like to gain a better understanding of how iTunes DRM works and how to avoid it, click here.)

Cory Doctorow has written a scathing editorial in Information Week discussing the policy and legal issues involved in Apple’s DRM program. A few choice quotes from the article:

Reverse engineering is a common practice in most industries. You can reverse-engineer a blender and make your own blades, you can reverse-engineer a car and make your own muffler, and you can reverse-engineer a document and make a compatible reader. . . . But [because of the Digital Millennium Copyright Act] the iTunes/iPod product line is off-limits to this kind of reverse-engineering.

Apple’s competition-proof music makes switching away from its product expensive for Apple’s customers. The world of consumer electronics changes quickly and you’d have to be a fool to believe that no one will ever make a superior portable music player to the iPod.

Steve Jobs really doesn’t care how many CPUs you play an iTune on, or whether you burn a playlist seven or 10 times. He wants you to get locked into iPods, . . .

Read the full article here before you download another tune from iTunes. You may conclude that you still have no choice, but at least you’ll have a better understanding of your predicament.

"Hideous Company Sends Boing-Boing Pre-Emptive Nastygram"

One of the risks of sending a legal demand letter to someone in the Internet age is that they will post it on the web and ridicule you. That’s what happened when the Baker & McKenzie law firm sent the very popular web site Boing Boing a letter warning it not to broadcast the World Cup competition, and containing the ominous threat that it would have its “agents actively monitor your website and others to identify unlawful activity.” Boing Boing published the letter here. (The letter is an image, so you may have to print it to read it).

Is a preemptive strike like this legally effective? Almost certainly it is not, except as a warning to the web site owner itself not to publish video or audio from the Cup. However, no sane, established web site owner would do so even without such a warning, since the site owner would risk significant damages (and particularly “statutory” damages – aka punitive damages) of up to $150,000 per infringement ). The far greater likelihood is that a third party will publish the audio or video (on a video site such as YouTube.com, for example, where videos of the Cup continue to be rampant), and that it was publications of this nature that Baker & McKenzie was targeting.

However, the owners of the World Cup broadcast rights must give notice after the fact under the strict procedures described in the DMCA (at least in the U.S., where Boing Boing is based). A preemptive, “before the fact” letter gives the copyright owner no greater rights than if it had not sent it at all. The owner of the Cup broadcast rights would still have to go through the “after the fact” notice and “take down” procedures mandated by the DMCA.

Back to my original point, when you send these demand letters (which by their nature often are extreme examples of “lawyer-speak”), you do risk public ridicule on the Web, and people will often try very hard to effect this. One of my all-time favorite examples of this is “The Rocket Formerly Known as Black,” which is quite funny, and seems to have taken on a life of its own.

100 Million Videos, Daily

An interesting article in Business Week on the copyright issues raised by YouTube’s tremendous success.

When YouTube Inc. was sued on July 14 for copyright infringement, the shock wasn’t that the video-sharing service was being yanked into court. Questions had been swirling for months about whether the upstart, which now dishes up 100 million daily videos, was crossing copyright boundaries by letting its members upload videos with little oversight. continue . .

YouTube has a strong answer to this complaint based on the Digital Millennium Copyright Act (pdf file), which allows publishers like YouTube to avoid copyright liability for infringements posted by third parties, so long as an infringement is taken down after notice to the publisher.

Dog Bites Man, Not News

[Update: this case was affirmed by the First Circuit in 2007; link here]

Massachusetts Lawyers Weekly reports, on the front page of its October 31, 2005 issue, that Federal District Court Judge Robert Keeton has dismissed, under the Communications Decency Act, claims that Lycos was responsible for third-party defamatory postings on Lycos’ Raging Bull website. The case is Universal Communications Systems, Inc. v. Lycos, Inc. Apparently there is no written decision from Judge Keeton.

The idea that a web site is not liable for defamatory postings is not, I repeat not, news. The Communications Decency Act provides:

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

Translation: A web hosting service that permits third parties to post on its site is not the publisher or speaker of that information, and therefore cannot be liable for defamation posted by the third party.

This may be the first decision applying this law in Massachusetts, but it’s old news everywhere else. Cases across the country have uniformly interpreted the CDA to immunize ISPs and web hosts accused of defamation posted on their sites by third parties.

Is the Owner of a Blog an "Interactive Service Provider"?

Communications Decency Act. Traffic Power.Com has sued Aaron Wall, owner of the Search Engine Optimization Blog, alleging defamation and misappropriation of trade secrets.

Assuming that the offending material was not written by Wall himself (but rather by one of his posters), the defamation claim against him is likely to be barred by the federal Communications Decency Act (CDA), which provides in part:

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

If Wall is not the publisher or speaker of the offending words, he cannot be liable for their publication on his blog.

Although the term “interactive computer service” (ISC) is poorly defined, the courts have held that it includes not only traditional ISPs, but also web site hosts such as AOL. It’s hard to see why the definition shouldn’t extend to blog site owners.

Assuming that Wall is found to be an ISC, he’s halfway home. A number of courts have held that the law protects ISCs from defamation claims.

Immunity for trade secret misappropriation is more problematic. The CDA provides that “[n]othing in this section shall be construed to limit or expand any law pertaining to intellectual property.” However, the law fails to define “intellectual property.” While the three traditional branches of IP are unquestionably covered by this provision (patents, copyrights and trademarks, all of which are federal IP rights), it’s not clear whether trade secrets, which are a construct of state law and which have elements that lend themselves to both intellectual property analysis and tort analysis, will be treated as “intellectual property.”

Thus, this case has the potential to answer two important questions: are bloggers covered by the CDA, and does liability for trade secret claims fall within the CDA? Stay tuned….

The Wayback Machine and the DMCA

Copyright, Digital Millennium Copyright Act. Quick now, what’s a good legal strategy when you’re involved in a bitterly contested trade secret, copyright and trademark case? Sue the lawyers on the other side, accusing them of hacking, of course. At worst, you’ll distract them and knock them off their game; at best, you’ll force their disqualification, pushing them out of the case and making your opponent go to the expense and inconvenience (not to be underestimated) of hiring new counsel and and getting them up to speed on the case.

And, it doesn’t matter that your suit may be borderline or even frivolous. Every experienced lawyer knows that in the American legal system the risks of being sanctioned for bringing a frivolous suit are only slightly higher than finding a hundred dollar bill on a Times Square sidewalk during lunch hour.

So, what happened here? First, there is an underlying trademark and trade secret suit between the similarly named “Healthcare Advocates” and “Health Advocate” that is of no particular interest to anyone except the parties. One of the issues is whether Healthcare published its alleged trade secrets on the Internet in the late 1990’s. Health Advocate, the defendant, is represented by the Harding Earley law firm, the lawyers who are at the receiving end of the lawsuit in question.

Seeking to investigate Healthcare’s publications on its Internet site in the late ’90’s, Harding Earley used the Internet Archive’s “Wayback Machine” to research Healthcare’s old web sites. The Wayback Machine (described in detail by Wikipedia here) is a remarkable Internet resource. Recognizing that old web pages disappear and that the early days of the Internet would be lost if they weren’t preserved, in 1996 the Wayback Machine began archiving the Internet for posterity, and thus far it has archived a petabyte of data – (the equivalent of 500 billion pages of standard printed text. (It’s also worth mentioning that the Internet Archive includes live music. The “live music archive” section of the site contains 2,886 live performances by the Grateful Dead. If you can’t wait to get started, click here).

If you own a web site and for some reason you don’t want to be archived by the Wayback Machine, you can opt out. The Wayback Machine permits website administrators to use the voluntary SRE (Standard for Robot Exclusion) to identify files or directories that cannot be “crawled” and indexed. Exclusion is accomplished by inserting a file called robots.txt on a web server. According to Internet.org this not only prospectively excludes a site from being crawled, but will “exclude any historical pages from the Wayback Machine.”

To return to our story, the case against Health Advocate was filed in 2003. Healthcare had been operating a website since 1998. In early July 2003, the robots.txt instructions were inserted by Healthcare. The next day (coincidence?) Harding Earley used the Wayback Machine to access Healthcare’s website material. Harding Earley hit the Healthcare site (using the Wayback Machine) very aggresively, and the robots.txt instruction failed to completely bar Harding Earley from accessing this material, nor did it warn the lawyers that the Healthcare material was “off limits.” The Harding Earley lawyers admit, however, that they had to “hit” the Healthcare URL repeatedly in order to gain access to it.

Fast forward two years, leaving out unimportant details. In early July 2005, based on the conduct described above, Healthcare filed suit against Harding Earley in the United States District Court for the Eastern District of Pennsylvania, Healthcare Advocates, Inc. v. Harding, Earley, Follmer & Frailey.

Most of Healthcare’s claims against the lawyers are hardly worth discussing (Trespass? Intrusion Upon Seclusion? Yeah, right…).

The only claim that might have merit is that Harding Earley violated the Digital Millenium Copyright Act (DMCA). Section 1201(a) of the DMCA states: “No person shall circumvent a technological measure that effectively controls access to a [copyright] work protected under this title.” Healthcare claims that robots.txt is a technological measure that controls access to the archived copies of its web site, and that the Harding Earley law firm circumvented that measure.

There are several problems with this argument. First, it’s not clear that Harding Earley took any affirmative steps to “circumvent” robots.txt, or that the law firm was even aware that Healthcare had attempted to restrict access to the material. In other words, Harding Earley did not use some form of de-encryption technology (common to DMCA claims). Did creating an automated script to hit the site repeatedly constitute circumvention under the DMCA?

Second, the DMCA defines a technological measure as one that “effectively protects a right of a copyright owner . . . if the measure, in the ordinary course of its operation, prevents, restricts, or otherwise limits the exercise of a right of the copyright owner under this title.” It’s not certain that the Standard for Robot Exclusion (implemented by robots.txt), a voluntary protocol, meets the DMCA’s definition of a technological measure. Moreover, the fact that the law firm got access simply by accessing the URL may suggest that the technological measure was not “effective.”

Third, since the archived website was accessed in connection with discovery in pending litigation, there may be no claim for copyright infringement. Absent the potential for copyright infringement, at least one case decided under the DMCA (Chamberlain v. Skylink) suggests that mere access to protected content may be insufficient to trigger the DMCA. As the Court noted in that case, the DMCA provides an additional avenue of protection for copyrightable content, but does not create a new property right.

Fourth, the lawyers can argue that it is significant that the web site content in question was fully and publicly accessible for five years. They may be able to argue that the the content was effectively licensed to the public or placed in the public domain when it was originally put on the web site, undermining the argument that the defendant’s access to it was in some way unauthorized.

Fifth, the plaintiff’s DMCA claim is clearly not what was contemplated by the law. The DMCA has traditionally (to the extent that term can be used for a statute of relatively recent vintage) been used to protected encrypted content, not external locks used to limit access to that content. Aggresive use of the DMCA in unanticipated ways is nothing new, but thus far has failed. Plaintiffs have unsuccessfully attempted to use the DMCA to prevent the sale of aftermarket printer cartridges and software codes embodied in garage door openers. We predict a similar conclusion is the likely outcome in this case.

Lastly, it’s worth noting that plaintiff’s theory, if successful, would discourage archivists like the Internet Archive from using voluntary measures like robots.txt upon pain of creating a DMCA violation if the measure fails, and therefore would open a host of copyright issues for the Archive that could endanger its existence.

Thanks to Joseph Laferrera, who has written a number of insightful articles on the DMCA (Court Limits Reach of DMCA – The Chamberlain Case and Court Preserves Aftermarket Competition Under the DMCA – The Lexmark Case), for his assistance in preparing this piece.

For some additional interesting commentary on this case by Rebecca Bolin, see LawMeme, here.