DMCA: A Safe Harbor for Video Sharing?

As the popularity of Web video continues to grow, so too does the potential for contributory copyright infringement on popular video-sharing Web sites. These Web sites become venues for infringing behavior, simply due to the sheer number of users uploading new videos daily.

Consequently, content owners have contended that such Web sites must take a greater role in stemming their users' infringement. The Web site owners have countered that they need only follow the dictates outlined by the Digital Millennium Copyright Act (“DMCA”) safe harbors that can immunize service providers from copyright liability.

Thus, both sides continue to dispute what it means to be compliant with the DMCA. They also dispute which entity should bear the ultimate responsibility for policing video-sharing sites for infringing content: the Web site owner or the content owner.

Recently, a California district court issued an opinion that considered whether a video-sharing Web site fulfilled its obligations under the DMCA statutory safe harbor.

In Io Group Inc. v. Veoh Networks Inc., 2008 U.S. Dist. LEXIS 65915 (N.D. Cal. Aug. 27, 2008), a California district court found that a video-sharing site that actively enforces its user policy, acts expeditiously to remove infringing material and seeks to prevent the same infringing content from being re-posted qualifies for the safe harbor contained in DMCA '512(c) that protects service providers from monetary claims for copyright infringement. The court granted the defendant's motion for summary judgment that it qualified for the DMCA '512(c) safe harbor.

This article discusses the DMCA safe harbor generally, the recent decision from the U.S. District Court for the Northern District of California, and how the Veoh decision might impact the Viacom v. YouTube litigation currently taking place in the Southern District of New York.

Veoh Factual Background

Launched in 2006, the defendant, Veoh Networks, is one of the new breed of video-sharing Web sites that enable users to upload and share video content
of their own design, or create videos using material from one of Veoh's licensed content partners. Inevitably, as with YouTube, copyrighted material is posted by users without authorization. The plaintiff, Io Group, is a producer and marketer of adult entertainment products, including copyrighted video works, that alleged that clips of its copyrighted films had been uploaded onto the defendant's site without authorization. When it discovered the alleged infringing files, the plaintiff did not send DMCA take-down notices to Veoh; instead, Veoh's first notice of the claimed infringement was the plaintiff's copyright infringement suit.

Veoh moved for summary judgment that it qualified under the DMCA safe harbor, and that any limited injunctive relief allowed under the statute was moot since Veoh subsequently prohibited the posting of adult content on its site. In response, the plaintiff contended that there were triable issues concerning whether Veoh could qualify under the safe harbor, including, among other reasons, that:

• Veoh failed to implement a repeat infringer policy in a reasonable manner;
• The materials in question were not stored on Veoh's system at the direction of a user;
• Veoh was aware of apparent infringing activity; and
• Veoh had the right and ability to control the infringing activity and obtained a direct financial benefit from such activities.

The DMCA Safe Harbor

Congress enacted the DMCA in 1998 to comply with international copyright treaties and to update domestic copyright law for the online world. See, Digital Millennium Copyright Act, Pub. L. No. 105-304, 112 Stat. 2860 (1998). In conjunction, Congress also enacted Title II of the DMCA, the Online Copyright Infringement Liability Limitation Act (“OCILLA”), 17 U.S.C. '512 (2003), to facilitate cooperation among Internet service providers and copyright owners over issues of infringement and to provide “greater certainty to service providers concerning their legal exposure for infringements '.” Ellison v. Robertson, 357 F.3d 1072, 1076 (9th Cir. 2004). Under OCILLA's four safe harbors, service providers may limit their liability for claims of copyright infringement; the relevant safe harbor in this case, Section 512(c), is available to providers that store “information residing on systems or networks at the direction of users.” See, 17 U.S.C. '512(a-d).

In sum, the DMCA safe harbors protect qualifying service providers from liability for all claims for monetary relief for direct, contributory and vicarious copyright infringement, leaving copyright owners with limited injunctive relief as set forth in 17 U.S.C. '512(j).

To be eligible for the safe harbor, a service provider must meet the certain threshold conditions. See, 17 U.S.C. '512(i). The safe harbor limitations of liability only apply to a service provider that: a) adopts, implements and informs subscribers of a policy that provides for the termination in appropriate circumstances of repeat infringers; and b) accommodates “standard technical measures” used by copyright owners to protect copyrighted works.

Once such threshold conditions are met, a '512(c) service provider is eligible for the safe harbor if it:

• Designates an agent to receive notification of alleged copyright violations;
• Does not have actual knowledge that its systems contain infringing material; or
• Acts expeditiously to remove or disable access to the material when it:
  • a. has actual knowledge;
  • b. is aware of facts or circumstances from which infringing activity is apparent; or
  • c. has received a DMCA-compliant notice; and
  • d. Either does not have the right and ability to control the infringing activity, or, if it does, that it does not receive a financial benefit directly attributable to the infringing activity. Veoh, 2008 U.S. Dist. LEXIS 65915 at 32-33.

Repeat Infringer Policy

The court first considered whether Veoh satisfied the threshold requirements that it reasonably implemented its repeat infringer policy. The statute does not explicitly define “reasonably implemented,” but the U.S. Court of Appeals for the Ninth Circuit has ruled that a service provider acts reasonably if it has a working notification system, a procedure for dealing with DMCA-compliant notifications, and if it does not actively prevent copyright owners from collecting information needed to issue such notifications. See, Perfect 10 Inc. v. CCBill LLC, 488 F.3d 1102, 1109 (9th Cir. 2007).

The court found that Veoh had a working notification system, a record of timely responses to take-down notices and termination of repeat offenders, and used digital fingerprinting to permanently block identical infringing files from being uploaded by any user in the future. The plaintiff nevertheless argued that Veoh's policy failed because it did not prevent repeat infringers from reappearing on the site under a pseudonym and a different e-mail address. The court rejected the plaintiff's argument and stated that the DMCA requires “reasonable, not perfect policies,” and did not require service providers to track users in a particular way, such as by affirmatively policing users for evidence of repeat infringement or blocking users by IP addresses (which does not distinguish between family members who share the same computer). Veoh at 28. The court reiterated that a repeat infringer policy “is unreasonable only if the service provider failed to respond when it had knowledge of the infringement.” Id. at 30.

Storage Provider-Plus

The plaintiff Io Group also argued that Veoh should be disqualified from '512(c)'s safe harbor because it is more than a mere storage provider, due to certain automated functions that process and facilitate access to user-submitted videos on its Web site (i.e., indexing of content, conversion of user videos into Flash files, creation of still-image files for labeling purposes). The court again rejected the plaintiff's narrow interpretation of the safe harbor, stating that Congress did not intend to include a limitation as to a storage provider's modification of user-submitted information. Id. at 36. The court noted that Veoh does not actively supervise the uploading of files, nor does it preview or select the files before the upload is complete, but merely allows software to facilitate user access to the material ' activities that do not take the Web site out of the safe harbor. (The so-called “storage provider plus” portion of the ruling would seemingly favor other video-sharing sites, such as YouTube. However, at least one commentator has suggested that the DMCA safe harbor for storage providers should be read narrowly to preclude providers that also offer a panoply of additional features that facilitate distribution because a pure storage provider merely houses material, a function that is unlikely to result in further infringement of copyrighted works. See, Doug Lichtman, “YouTube's Future ' And Yes, It Has One,” IP Central Academic Advisory Council Bulletin 2.3 (December 2007), available at www.pff.org/issues-pubs/ip/bulletins/bulletin2.3youtubefuture.pdf (Mr. Lichtman is a professor of law at UCLA and a senior policy advisor at Viacom).)

'Right To Control' System

Under '512(c), even if a service provider expeditiously removes access to infringing material upon obtaining knowledge or awareness of infringing activity, it nonetheless may lose the protection of the safe harbor where it: a) had the right to control the infringing activity; and b) received a financial benefit directly attributable to such activity. See, 17 U.S.C. '512(c)(1)(B). Putting aside the financial benefit issue, the court ruled that the pertinent inquiry regarding the “right to control” issue is not whether the defendant had the right and ability to control its system, but rather whether it had the ability to control the infringing activity. Id. at 47. The court rejected the plaintiff's arguments that Veoh's control over user registration and its policing of users and “spot checking” of video files for compliance constituted the right and ability to control infringing activity. Id. at 54. In distinguishing Veoh from the infamous infringing music file-sharing site Napster, the court found that there was no suggestion that Veoh aimed to encourage copyright infringement on its system, no evidence that Veoh could control what video content users chose to upload before it was uploaded, and that it had little ability to identify infringing videos that did not bear titles resembling plaintiff's works (unlike Napster, where copyrighted song titles remained unchanged on the system).

In short, the court concluded that there was no evidence that Veoh “had failed to police its system to the fullest extent permitted by its architecture” because the defendant, among other things, took down blatantly infringing content, discouraged copyright infringement and used digital fingerprint technology to prevent re-posting of infringing works. Id. at 55-56. The court further commented that Veoh's refusal to alter its business operations could not be deemed as a refusal to control infringing activity, and that the DMCA was not intended “to have Veoh shoulder the entire burden of policing third-party copyrights on its Web site (at the cost of losing its business if it cannot).” Id. at 61. In the end, the court granted the defendant's motion for summary judgment and concluded that Veoh qualified for the safe harbor.

'Viacom v. YouTube' Preview?

Beyond the present suit brought by Io Group, in 2007, Universal Music Group filed a similar copyright infringement lawsuit against Veoh in the Central District of California. As a defensive measure, Veoh filed suit in another venue seeking a declaratory judgment of non-infringement based upon the DMCA safe harbor, but the court dismissed the action on procedural grounds. See, Veoh Networks Inc. v. UMG Recordings Inc., 522 F.Supp.2d 1265 (S.D. Cal. 2007). Prophetically, the court commented that given Universal's pending suit, there was no risk that the video site would lose its chance to litigate the appropriateness of the DMCA safe harbor. That is exactly what occurred, but in a different lawsuit, and the Io Group ruling will likely impact the Universal litigation going forward.

However, a larger question remains: How will the instant ruling affect the litigation between Viacom and YouTube in New York? In its ongoing copyright infringement litigation with the video-sharing Web site YouTube, Viacom, a major entertainment company, claims that YouTube has “harnessed technology to willfully infringe copyrights on a huge scale '.” It further states that “YouTube's Web site purports to be a forum for users to share their own original 'user-generated' video content ' however, a vast amount of that content consists of infringing copies of Plaintiffs' copyrighted works '.” In its Answer, Google professes that Congress chose to immunize services such as YouTube from copyright liability, and that YouTube “fulfills its end of the DMCA bargain ' and indeed goes far beyond its legal obligations in assisting content owners to protect their works.”

While the Veoh decision is not binding precedent for the New York court, the court's interpretation of the DMCA safe harbor as it relates to contributory copyright liability for a video-sharing site certainly raises similar issues to the Viacom case and will no doubt influence the parties' legal arguments.

Indeed, the Veoh decision raises a number of interesting issues in the Viacom litigation regarding YouTube's qualification for the DMCA safe harbor:

• Will the number of alleged infringing videos previously posted (10 videos on Veoh versus a purported 150,000 plus unauthorized videos on YouTube) alter the outcome?
• Like Veoh, does YouTube police its site to the fullest extent of its architecture and do enough to prevent the re-posting of flagged videos?
• Is YouTube's repeat-infringer policy stringent enough?
• Will the fact that Viacom sent over 100,000 take-down notices regarding infringing content before commencing suit change the analysis? Does the sheer number of take-down notices constitute a “red flag” of infringement or raise the issue of whether YouTube obtained a heightened level of knowledge or awareness of infringing activity?
• Can Viacom prove its allegations that YouTube, like the music file-sharing Web site Napster, is a “business built on infringement,” thereby disqualifying it from the DMCA safe harbor?
• Limited injunctive relief is available to content owners under the DMCA safe harbor, but was moot in the Veoh case because Veoh had already independently removed all adult content from its site. However, will it be a major issue in the Viacom litigation?

Conclusion

Considering Google has stated that it is willing to go to the U.S. Supreme Court, if necessary, to defend itself in its litigation with Viacom, the Veoh case appears to be one of the initial interpretations of the DMCA safe harbor as it relates to video-sharing sites. Yet, until the New York district court rules, the answer to the above questions will have to wait for another day.

As the popularity of Web video continues to grow, so too does the potential for contributory copyright infringement on popular video-sharing Web sites. These Web sites become venues for infringing behavior, simply due to the sheer number of users uploading new videos daily.

Consequently, content owners have contended that such Web sites must take a greater role in stemming their users' infringement. The Web site owners have countered that they need only follow the dictates outlined by the Digital Millennium Copyright Act (“DMCA”) safe harbors that can immunize service providers from copyright liability.

Thus, both sides continue to dispute what it means to be compliant with the DMCA. They also dispute which entity should bear the ultimate responsibility for policing video-sharing sites for infringing content: the Web site owner or the content owner.

Recently, a California district court issued an opinion that considered whether a video-sharing Web site fulfilled its obligations under the DMCA statutory safe harbor.

In Io Group Inc. v. Veoh Networks Inc., 2008 U.S. Dist. LEXIS 65915 (N.D. Cal. Aug. 27, 2008), a California district court found that a video-sharing site that actively enforces its user policy, acts expeditiously to remove infringing material and seeks to prevent the same infringing content from being re-posted qualifies for the safe harbor contained in DMCA '512(c) that protects service providers from monetary claims for copyright infringement. The court granted the defendant's motion for summary judgment that it qualified for the DMCA '512(c) safe harbor.

This article discusses the DMCA safe harbor generally, the recent decision from the U.S. District Court for the Northern District of California, and how the Veoh decision might impact the Viacom v. YouTube litigation currently taking place in the Southern District of New York.

Veoh Factual Background

Launched in 2006, the defendant, Veoh Networks, is one of the new breed of video-sharing Web sites that enable users to upload and share video content
of their own design, or create videos using material from one of Veoh's licensed content partners. Inevitably, as with YouTube, copyrighted material is posted by users without authorization. The plaintiff, Io Group, is a producer and marketer of adult entertainment products, including copyrighted video works, that alleged that clips of its copyrighted films had been uploaded onto the defendant's site without authorization. When it discovered the alleged infringing files, the plaintiff did not send DMCA take-down notices to Veoh; instead, Veoh's first notice of the claimed infringement was the plaintiff's copyright infringement suit.

Veoh moved for summary judgment that it qualified under the DMCA safe harbor, and that any limited injunctive relief allowed under the statute was moot since Veoh subsequently prohibited the posting of adult content on its site. In response, the plaintiff contended that there were triable issues concerning whether Veoh could qualify under the safe harbor, including, among other reasons, that:

• Veoh failed to implement a repeat infringer policy in a reasonable manner;
• The materials in question were not stored on Veoh's system at the direction of a user;
• Veoh was aware of apparent infringing activity; and
• Veoh had the right and ability to control the infringing activity and obtained a direct financial benefit from such activities.

The DMCA Safe Harbor

Congress enacted the DMCA in 1998 to comply with international copyright treaties and to update domestic copyright law for the online world. See, Digital Millennium Copyright Act, Pub. L. No. 105-304, 112 Stat. 2860 (1998). In conjunction, Congress also enacted Title II of the DMCA, the Online Copyright Infringement Liability Limitation Act (“OCILLA”), 17 U.S.C. '512 (2003), to facilitate cooperation among Internet service providers and copyright owners over issues of infringement and to provide “greater certainty to service providers concerning their legal exposure for infringements '.” Ellison v. Robertson , 357 F.3d 1072, 1076 (9th Cir. 2004). Under OCILLA's four safe harbors, service providers may limit their liability for claims of copyright infringement; the relevant safe harbor in this case, Section 512(c), is available to providers that store “information residing on systems or networks at the direction of users.” See, 17 U.S.C. '512(a-d).

In sum, the DMCA safe harbors protect qualifying service providers from liability for all claims for monetary relief for direct, contributory and vicarious copyright infringement, leaving copyright owners with limited injunctive relief as set forth in 17 U.S.C. '512(j).

To be eligible for the safe harbor, a service provider must meet the certain threshold conditions. See, 17 U.S.C. '512(i). The safe harbor limitations of liability only apply to a service provider that: a) adopts, implements and informs subscribers of a policy that provides for the termination in appropriate circumstances of repeat infringers; and b) accommodates “standard technical measures” used by copyright owners to protect copyrighted works.

Once such threshold conditions are met, a '512(c) service provider is eligible for the safe harbor if it:

• Designates an agent to receive notification of alleged copyright violations;
• Does not have actual knowledge that its systems contain infringing material; or
• Acts expeditiously to remove or disable access to the material when it:
  • a. has actual knowledge;
  • b. is aware of facts or circumstances from which infringing activity is apparent; or
  • c. has received a DMCA-compliant notice; and
  • d. Either does not have the right and ability to control the infringing activity, or, if it does, that it does not receive a financial benefit directly attributable to the infringing activity. Veoh, 2008 U.S. Dist. LEXIS 65915 at 32-33.

Repeat Infringer Policy

The court first considered whether Veoh satisfied the threshold requirements that it reasonably implemented its repeat infringer policy. The statute does not explicitly define “reasonably implemented,” but the U.S. Court of Appeals for the Ninth Circuit has ruled that a service provider acts reasonably if it has a working notification system, a procedure for dealing with DMCA-compliant notifications, and if it does not actively prevent copyright owners from collecting information needed to issue such notifications. See , Perfect 10 Inc. v. CCBill LLC , 488 F.3d 1102, 1109 (9th Cir. 2007).

The court found that Veoh had a working notification system, a record of timely responses to take-down notices and termination of repeat offenders, and used digital fingerprinting to permanently block identical infringing files from being uploaded by any user in the future. The plaintiff nevertheless argued that Veoh's policy failed because it did not prevent repeat infringers from reappearing on the site under a pseudonym and a different e-mail address. The court rejected the plaintiff's argument and stated that the DMCA requires “reasonable, not perfect policies,” and did not require service providers to track users in a particular way, such as by affirmatively policing users for evidence of repeat infringement or blocking users by IP addresses (which does not distinguish between family members who share the same computer). Veoh at 28. The court reiterated that a repeat infringer policy “is unreasonable only if the service provider failed to respond when it had knowledge of the infringement.” Id. at 30.

Storage Provider-Plus

The plaintiff Io Group also argued that Veoh should be disqualified from '512(c)'s safe harbor because it is more than a mere storage provider, due to certain automated functions that process and facilitate access to user-submitted videos on its Web site (i.e., indexing of content, conversion of user videos into Flash files, creation of still-image files for labeling purposes). The court again rejected the plaintiff's narrow interpretation of the safe harbor, stating that Congress did not intend to include a limitation as to a storage provider's modification of user-submitted information. Id. at 36. The court noted that Veoh does not actively supervise the uploading of files, nor does it preview or select the files before the upload is complete, but merely allows software to facilitate user access to the material ' activities that do not take the Web site out of the safe harbor. (The so-called “storage provider plus” portion of the ruling would seemingly favor other video-sharing sites, such as YouTube. However, at least one commentator has suggested that the DMCA safe harbor for storage providers should be read narrowly to preclude providers that also offer a panoply of additional features that facilitate distribution because a pure storage provider merely houses material, a function that is unlikely to result in further infringement of copyrighted works. See, Doug Lichtman, “YouTube's Future ' And Yes, It Has One,” IP Central Academic Advisory Council Bulletin 2.3 (December 2007), available at www.pff.org/issues-pubs/ip/bulletins/bulletin2.3youtubefuture.pdf (Mr. Lichtman is a professor of law at UCLA and a senior policy advisor at Viacom).)

'Right To Control' System

Under '512(c), even if a service provider expeditiously removes access to infringing material upon obtaining knowledge or awareness of infringing activity, it nonetheless may lose the protection of the safe harbor where it: a) had the right to control the infringing activity; and b) received a financial benefit directly attributable to such activity. See, 17 U.S.C. '512(c)(1)(B). Putting aside the financial benefit issue, the court ruled that the pertinent inquiry regarding the “right to control” issue is not whether the defendant had the right and ability to control its system, but rather whether it had the ability to control the infringing activity. Id. at 47. The court rejected the plaintiff's arguments that Veoh's control over user registration and its policing of users and “spot checking” of video files for compliance constituted the right and ability to control infringing activity. Id. at 54. In distinguishing Veoh from the infamous infringing music file-sharing site Napster, the court found that there was no suggestion that Veoh aimed to encourage copyright infringement on its system, no evidence that Veoh could control what video content users chose to upload before it was uploaded, and that it had little ability to identify infringing videos that did not bear titles resembling plaintiff's works (unlike Napster, where copyrighted song titles remained unchanged on the system).

In short, the court concluded that there was no evidence that Veoh “had failed to police its system to the fullest extent permitted by its architecture” because the defendant, among other things, took down blatantly infringing content, discouraged copyright infringement and used digital fingerprint technology to prevent re-posting of infringing works. Id. at 55-56. The court further commented that Veoh's refusal to alter its business operations could not be deemed as a refusal to control infringing activity, and that the DMCA was not intended “to have Veoh shoulder the entire burden of policing third-party copyrights on its Web site (at the cost of losing its business if it cannot).” Id. at 61. In the end, the court granted the defendant's motion for summary judgment and concluded that Veoh qualified for the safe harbor.

'Viacom v. YouTube' Preview?

Beyond the present suit brought by Io Group, in 2007, Universal Music Group filed a similar copyright infringement lawsuit against Veoh in the Central District of California. As a defensive measure, Veoh filed suit in another venue seeking a declaratory judgment of non-infringement based upon the DMCA safe harbor, but the court dismissed the action on procedural grounds. See , Veoh Networks Inc. v. UMG Recordings Inc. , 522 F.Supp.2d 1265 (S.D. Cal. 2007). Prophetically, the court commented that given Universal's pending suit, there was no risk that the video site would lose its chance to litigate the appropriateness of the DMCA safe harbor. That is exactly what occurred, but in a different lawsuit, and the Io Group ruling will likely impact the Universal litigation going forward.

However, a larger question remains: How will the instant ruling affect the litigation between Viacom and YouTube in New York? In its ongoing copyright infringement litigation with the video-sharing Web site YouTube, Viacom, a major entertainment company, claims that YouTube has “harnessed technology to willfully infringe copyrights on a huge scale '.” It further states that “YouTube's Web site purports to be a forum for users to share their own original 'user-generated' video content ' however, a vast amount of that content consists of infringing copies of Plaintiffs' copyrighted works '.” In its Answer, Google professes that Congress chose to immunize services such as YouTube from copyright liability, and that YouTube “fulfills its end of the DMCA bargain ' and indeed goes far beyond its legal obligations in assisting content owners to protect their works.”

While the Veoh decision is not binding precedent for the New York court, the court's interpretation of the DMCA safe harbor as it relates to contributory copyright liability for a video-sharing site certainly raises similar issues to the Viacom case and will no doubt influence the parties' legal arguments.

Indeed, the Veoh decision raises a number of interesting issues in the Viacom litigation regarding YouTube's qualification for the DMCA safe harbor:

• Will the number of alleged infringing videos previously posted (10 videos on Veoh versus a purported 150,000 plus unauthorized videos on YouTube) alter the outcome?
• Like Veoh, does YouTube police its site to the fullest extent of its architecture and do enough to prevent the re-posting of flagged videos?
• Is YouTube's repeat-infringer policy stringent enough?
• Will the fact that Viacom sent over 100,000 take-down notices regarding infringing content before commencing suit change the analysis? Does the sheer number of take-down notices constitute a “red flag” of infringement or raise the issue of whether YouTube obtained a heightened level of knowledge or awareness of infringing activity?
• Can Viacom prove its allegations that YouTube, like the music file-sharing Web site Napster, is a “business built on infringement,” thereby disqualifying it from the DMCA safe harbor?
• Limited injunctive relief is available to content owners under the DMCA safe harbor, but was moot in the Veoh case because Veoh had already independently removed all adult content from its site. However, will it be a major issue in the Viacom litigation?

Conclusion

Considering Google has stated that it is willing to go to the U.S. Supreme Court, if necessary, to defend itself in its litigation with Viacom, the Veoh case appears to be one of the initial interpretations of the DMCA safe harbor as it relates to video-sharing sites. Yet, until the New York district court rules, the answer to the above questions will have to wait for another day.