Megaupload Indictment Leaves Everyone Guessing - Part 2

Publication Type: 
Other Writing
Publication Date: 
April 6, 2012

Daily/Journal Op/Ed

The first part of this article outlined the mechanics of the Megaupload website, and the novel questions of criminal inducement on which the government's indictment is premised. Here, we explore two more extensions of existing law on which the indictment is based, and the impact this prosecution is likely to have on Internet innovators and users alike.

In addition to pushing the boundaries of criminal inducement, the government has put itself in the middle of an ongoing debate about the scope of the Digital Millennium Copyright Act (DMCA) safe harbor contained in 17 U.S.C. Section 512(c). Section 512 protects online service providers from liability based on material placed on the site at the direction of a user, so long as the service has no actual or "red flag" knowledge of infringement, does not receive a financial benefit directly attributable to infringement, terminates repeat offenders, registers an agent for receipt of complaints, and obeys a specified notice and take down procedure. Two recent cases have asked whether the operator's general knowledge that infringing activity is occurring on a service is sufficient to eliminate safe harbor protection. Both said no.
In Viacom v. YouTube, Viacom International Inc. presented its one billion dollar claim that YouTube Inc., now owned by Google, welcomed copyright-infringing material on its website, that the popularity of these works enhanced defendants' income from advertisements and that such infringing works were rampant, numbering in the "tens of thousands" just of Viacom's property alone. While the claims parallel the allegations of the Megaupload indictment, the Southern District of New York dismissed the case. It held that the company's general knowledge that the service hosted copyrighted material, even a lot of copyrighted material, did not defeat DMCA safe harbor protection. Rather, the company must have actual or red flag knowledge that particular clips are infringing, and is not otherwise required to review or police uploads. The case is currently on appeal to the 2nd U.S. Circuit Court of Appeals. Viacom International Inc. v. YouTube Inc., 10-3270 (filed Aug. 11, 2010).
The 9th U.S. Circuit Court of Appeals adopted similar reasoning in UMG v. Shelter Capital, 2011 DJDAR 18112 (Dec. 12, 2011). There, copyright owners argued that because the video site Veoh offered access to thousands of music videos without obtaining music licenses, and triggered contextual advertising based on the names of artists whose videos were on the site but with whom it had no license, it must have known that the works on its site were infringing, therefore disqualifying it from the safe harbor.
The Megaupload indictment raises the stakes while pushing the boundaries of secondary copyright liability beyond current civil law, which is already muddy and unsettled.
The 9th Circuit rejected this view, holding that "merely hosting a category of copyrightable content, such as music videos, with the general knowledge that one's services could be used to share infringing material, is insufficient to meet the actual knowledge requirement." The available information must be enough by itself to put the service on notice of specific infringing activity.
The government's indictment alleges a wide array of communications that suggest Megaupload and its principals knew there was infringing content available on the site, and even sought it out. But UMG and Viacom had both done likewise in their cases, and that evidence was not enough to show actual or "red flag" knowledge necessary to eliminate safe harbor protection.
Similarly, in both the UMG and YouTube cases, the copyright owners claimed that the sites obtained an impermissible financial benefit from infringement because they sold advertising against unauthorized content. Again, neither court agreed. As a result, Megaupload's advertising practices should not eliminate its safe harbor protection, either.
Ultimately, whether Megaupload meets the standards required for safe harbor protection may be less important than whether it believed it did. Criminal infringement requires proof of willfulness and the view of the majority of federal courts, including the 4th U.S. Circuit Court of Appeals where this case is pending, is that "willfulness" means a desire to violate a known legal duty. See RSM v. Herbert, 466 F.3d 316 (4th Cir. 2006). Did Mega register an agent? Did Mega have a repeat infringer policy? These are all interesting civil questions. But from a criminal law perspective, if Megaupload and its principals believed they met the requirements of the Safe Harbor, then they were not willfully disregarding the law, and cannot be held criminally liable.
The indictment identifies a number of steps Megaupload took that appear designed to reduce rather than induce piracy. At one time, it included a search feature that permitted users to browse for specific files (e.g. search for "Seinfeld" or "Game of Thrones"), but removed that feature. It provided copyright owners with the ability to remove infringing content directly, without submitting a DMCA notice. If true, Megaupload went beyond what is required by the DMCA to obtain a safe harbor from civil suits for monetary harm from infringement. Yet, the government cites removal of the search feature as an effort to disguise the fact that pirated material was on the site, and the refusal to give copyright owners unlimited takedown rights as further evidence of bad intent. This skepticism creates a damned-if-you-do, damned-if-you-don't conundrum for file sharing sites.
The boundaries of civil liability for contributing to, or inducing, infringement by other people have grown increasingly murky in the face of technological change. Congress designed the DMCA safe harbor to eliminate some of that uncertainty for companies that provide platforms for users to share content and thereby incentivize innovation and investment. An immense amount time and money has been expended litigating the limits of those safe harbors. Until now, the risk of guessing wrong has always been civil liability, not jail time.
This indictment ups the ante, and leaves the DMCA safe harbor looking a lot less safe. A service with substantial non-infringing uses may nevertheless be labeled a criminal enterprise based on customer misuse. New services must worry that email messages will be cited as evidence of intent to induce. Efforts to comply with the DMCA safe harbor may be ignored and programs to combat piracy outside of what the law requires may be critiqued for not having gone far enough. Entrepreneurs and funders are not going to invest their time and money creating new platforms for sharing information if the rules are murky, and guessing wrong means financial ruin and jail time.
Users have still other reasons to worry. Those who use a platform for perfectly legitimate purposes may nonetheless see their data seized by the government (or destroyed forever) based on the unknown conduct of other users. And once data is seized, users are left to wonder what the government will do with it. The privacy rules applicable to seized information are unknown. Searching a computer can expose evidence of unrelated crimes as well as embarrassing private information. Once a warrant is executed and returned, no statutory rule regulates the timing of subsequent electronic examination of that data. Discovered materials may be admissible in court under the plain view doctrine, or under the theory that the user has no expectation of privacy in data she stores with third parties.
Some judges have imposed limits on how computers are searched to try to ensure that investigations involving such troves of data will be conducted as narrowly and with as much respect for non-suspects as possible, particularly after the 9th Circuit advised the safeguard in its ruling in United States v. Comprehensive Drug Testing, 545 F.3rd 1106 (2008). But this practice is neither required nor common.
In sum, the Megaupload indictment raises the stakes while pushing the boundaries of secondary copyright liability beyond current civil law, which is already muddy and unsettled. Every innovator and future customer has to guess whether they might be targeted next.