A recent Fourth Circuit decision, BMG Rights Mgmt LLC v. Cox Communications Inc. (4th Cir. 2018), affirmed summary judgment that an internet service provider, an ISP, was not entitled to claim Digital Millenium Copyright Act (DMCA) immunity from copyright infringement for third-party postings through its service, opening up the company to massive copyright liability.
A central part of the DMCA, a part of U.S. copyright law, is the exemption from direct and indirect liability of internet service providers and other intermediaries on the internet.
In Cox, the ISP had failed to implement a reasonable policy to remove repeat infringers, a condition of DMCA immunity, and so lost its immunity.
The Cox decision teaches several important lessons to companies who wish to use the DMCA to avoid copyright liability.
Many companies maintain websites that involve online postings by other parties – from social media giants like Facebook, to ISPs, and to corporate websites containing blogs or comment sections. A major concern, however, is avoiding liability for content posted on one’s site, especially for copyright infringement.
The Digital Millenium Copyright Act, a part of U.S. copyright law that implements two international copyright treaties, sets up several immunities that website owners can use to avoid copyright liability – but the immunity comes with conditions set out in the DMCA. In BMG Rights v. Cox Communications, an ISP learned, to its chagrin, that failure to meet the conditions set out in the DMCA can results in loss of the immunity. That loss opens up the company to massive copyright liability.
The DMCA immunities require the website owner to have “adopted and reasonably implemented . . . a policy that provides for the termination in appropriate circumstances of subscribers . . . who are repeat infringers.” 17 U.S.C. § 512(i)(1)(A). This Cox Communications utterly failed to do.
First, Cox adopted a rather feeble 13-strikes-and-you’re-out policy for infringers. (The 13 – thirteen – is not a misprint – Cox’s policy required thirteen separate acts of infringement before the infringer would be removed from its service!) While not held per se a problem, one cannot help avoid the impression that the court thought this was designed to avoid ever banning anyone.
Second, Cox failed to enforce its own policy, letting repeat infringers back to using the service after short suspensions, principally because it wanted their revenue. The record was clear that Cox never meaningfully implemented the policy in any real way. Several Cox emails produced in discovery showed that Cox had no intention of carrying out its policy and was concerned only with its own revenues. One Cox email even bragged that once a customer was terminated, then he could be reinstated – and the thirteen-strikes tally would be reset to zero!
Such evidence showed that Cox’s policy was a sham, and not surprisingly led to its losing its immunity.
Third, BMG hired a service, Rightscorp, to send takedown notices to ISPs like Cox. But Cox had a practice of categorically disregarding notices from Rightscorp because the notices contained settlement offers (e.g., settle the dispute for a payment of $2,000). While understandably such settlement notices are viewed as obnoxious, Cox could not simply completely ignore them.
Fourth, the Court of Appeals rejected Cox’s argument that the DMCA’s repeat-infringer-policy requirement is limited to adjudicated infringers – meaning those already found infringing by a court. Neither a lawsuit nor a court decision should be required.
The Cox decision teaches several important lessons to companies who wish to use the DMCA to avoid copyright liability. Among such lessons:
Create a policy that has a realistic protocol to weed out infringers. Cox’s 13-strikes-and-you’re-out policy seemed designed more to avoid actually removing any subscribers than weeding out copyright infringers.
Take real steps to implement the policy. Nothing is worse than adopting a policy on (digital) paper and then not following through – that is a sure sign to a court that the policy is likely a sham.
Don’t ignore whole classes of takedown notices. Cox did this because BMG used an outside vendor to send takedown notices that included settlement demands. While such demands seem abusive and Cox understandably wanted to avoid burdening its customers with these kinds of letters, its solution of simply ignoring them was a major factor in losing its immunity.
The repeat infringer policy cannot be limited to persons determined to be infringing by a court. The Fourth Circuit expressly rejected that construction of the DMCA advanced by Cox.
As the Fourth Circuit noted, the DMCA’s legislative history makes clear that Congress conditioned immunity on the company adopting a protocol that those who “abuse their access to the internet through disrespect for the intellectual property rights of others” should face a “realistic threat of losing” their internet access. True, this can lead to loss of revenue when some customers are terminated. But that can pale in comparison to the potentially massive liability for copyright infringement.