Stanford CIS

What the Second Circuit Just Got Wrong about the DMCA in EMI v. MP3Tunes

By Annemarie Bridy on

With the Second Circuit’s recent decision in EMI v. MP3Tunes, the formerly small body of case law interpreting § 512(i) of the DMCA – the “repeat infringer” provision – continues to grow. Last year, for example, district courts held service providers ineligible for safe harbor for failing to comply with § 512(i) in two closely watched cases, BMG Rights Management v. Cox Communications (now on appeal, and about which I blogged here) and Capitol Records v. Escape Media Group (involving the now-defunct file-sharing site Grooveshark).

As the law in this area develops, it’s worth taking stock of how recent decisions on § 512(i) implicate the DMCA’s overall architecture and the balance of enforcement obligations it was intended to strike between right holders and ISPs seeking safe harbor. In particular, it’s important to look carefully at the interaction between the repeat infringer provision and the DMCA’s “no duty to monitor” rule in § 512(m). In order to respect the balance of obligations the safe harbors establish, courts cannot read § 512(i)’s obligation to terminate access for repeat infringers in a way that imposes de facto or de jure investigative obligations on ISPs, in violation of § 512(m), which provides that safe harbor cannot be conditioned on a provider’s “monitoring its service or affirmatively seeking facts indicating infringing activity.” That, however, is precisely what the court has done in the MP3Tunes case.

By way of background, the MP3Tunes litigation has been active since 2007. The service was founded in 2005 and declared bankruptcy two years before trial. Although MP3Tunes and its sister service, sideload.com, are very much yesterday’s news, the Second Circuit’s decision in this case will have potentially far-reaching effects in the DMCA ecosystem. The services at issue were a cloud storage locker for music files, to which users could upload files ripped from their own CDs, and a website that allowed users to search the Internet for “free” music files and then, using a plug-in provided by the site, sideload (i.e., copy) the linked files into their MP3Tunes storage lockers.

The Second Circuit’s decision vacated a grant of partial summary judgment for MP3Tunes on the repeat infringer issue. In the Second Circuit’s view, the district court erred with respect to § 512(i) in two ways. First, it defined what counts as a repeat infringer too narrowly, holding that a repeat infringer can only be one who knowingly uploads infringing content to the Internet for others to share (vs. just downloading it for personal use). Second, it erred in holding that MP3Tunes “reasonably implemented” its repeat infringer policy. The doctrinal noise the case creates vis-a-vis § 512(m)’s no-duty-to-monitor rule comes with the part of the court’s decision on implementation, so that will be the focus of my attention here.

In past cases, a provider has generally been able to show reasonable implementation of a repeat infringer policy by offering proof that it both has a system in place for receiving notices of infringement from right holders and has actually terminated the accounts of some subscribers for engaging in what the provider determined to be blatant repeat infringement. Courts have been reluctant to read § 512(i) as imposing precise qualitative or quantitative requirements on providers with respect to repeat infringer policies, because judges have tended to interpret the vague language in § 512(i) as a sign of Congressional intent to give providers discretion to craft and implement individualized policies.

In this case, MP3Tunes offered evidence that it terminated as repeat infringers 153 users who shared their passwords with other users. That, in the Second Circuit’s view, was not enough to warrant summary judgment for MP3Tunes on the question of reasonable implementation of a repeat infringer policy. The Court held that the plaintiffs created a triable issue of fact by demonstrating that MP3Tunes failed to make efforts to “connect known infringing activity of which it became aware through takedown notices to users who repeatedly created links to that infringing content in the sideload.com index or who copied files from those links.” Under the Second Circuit’s interpretation of § 512(i), the plaintiffs “could prevail by demonstrating that MP3tunes's failure to track users who created links to infringing content identified on takedown notices or who copied files from those links evidenced its willful blindness to the repeat infringing activity of its users.”

The problem with the court’s reasoning here is that “tracking” large tranches of users over time to determine whether they serially copied files from links identified in notices looks very much like the kind of affirmative fact-seeking that § 512(m) shields providers from having to undertake. Under the court’s logic, a provider can reasonably be required under § 512(i) to do all of the following upon receiving a notice identifying an infringing link: (1) identify which user uploaded the link; (2) keep track of that user’s future activity with respect to that link (to see if he re-posted it after a takedown); (3) keep track of that user’s activity with respect to any links identified in subsequent notices (to see if he uploaded any of the links himself or copied any of the underlying files from links uploaded by others); (4) search system logs to identify all of the users who copied the file underlying the link in the notice; (5) keep track of whether any of those users uploaded links identified in subsequent notices or copied files underlying links identified in subsequent notices. In this scenario, the provider’s tracking requirement applies not only to users who upload infringing links, but also to the entire universe of users—possibly thousands per link—who copy files underlying infringing links. And that tracking requirement continues in an open-ended way to the extent that serial or repeat infringers can be identified only by tracking all of their link-uploading and file-copying activity over time.

As I see it, this cascade of connecting and tracking, triggered anew each time an incoming notice identifies one or more links to infringing material, qualifies as monitoring and/or fact-seeking. The court held that these activities can’t be classified as monitoring because they involve functions routinely carried out by the provider (searches of user activity) to discover information already in the provider’s possession. I don’t see it that way. “Affirmatively seeking facts” must be read to include searching for facts already in existence, even if you don’t believe (as the court seemed not to) that “monitoring” can involve searches of existing data.

The court’s holding that MP3Tunes could reasonably have been required to “make use” of information in its possession by tracking, on a rolling basis, not only who created links to infringing material but also who copied the underlying files violates § 512(m)'s no-duty-to-monitor rule. Whereas it seems reasonable to expect a provider to keep track of users who serially upload links to infringing material identified in notices, requiring the provider to also keep track of every user who makes use of those uploaded links to copy files is a bridge too far, given the limitations on fact-seeking in § 512(m). The jury therefore should not be given an opportunity on remand to disqualify MP3Tunes from safe harbor because it failed to investigate and track which users copied files from links identified in notices. A jury could legitimately find, however, without intruding on § 512(m), that MP3Tunes failed to reasonably implement its repeat infringer policy because there was evidence in the record both that it failed to keep track of users who uploaded links identified in notices and that its agents and executives themselves engaged with impunity in serial acts of infringement by copying infringing files.