Do I Need a DMCA Agent?

Do I Need a DMCA Agent?

By: Lawrence G. Walters, Esq.

 

Introduction:

Our law firm is often asked by clients, and potential clients, whether they should designate a DMCA Agent for their site, and how to go about doing so. While that is an important first question to ask, particularly for any site that contains material provided by third parties, it is only the beginning of a somewhat complicated analysis leading to a determination of whether a particular website can avail itself of the “safe harbor” protections against copyright infringement claims, as provided by federal law. Regardless of the geographic location of the website involved, compliance with U.S. DMCA safe harbor obligations is becoming essential for global online service providers.

  1. The Development of the DMCA:

In 1998, in an attempt to curtail copyright infringement occurring via the Internet and harmonize international law, Congress passed the Digital Millennium Copyright Act (“DMCA”).1 One of the most controversial and litigated elements of the DMCA is its “safe harbor” protection for “service providers.” Copyright holders tend to hate it, while website operators that allow posting of third party content view it as essential to survival of their business model. Given the recent wave of copyright infringement litigation being asserted against tube sites and other service providers, DMCA safe harbor is becoming an essential tool for website operators.

The DMCA’s safe harbor provisions allow certain online service providers (“OSPs”) who comply with specified statutory prerequisites to take advantage of significant limitations on monetary liability for copyright claims based on material posted by third party users on the service provider’s network. Simple enough, right? Post some legal‐sounding takedown policies, file some forms, and you’re good to go. Not exactly… There are several important requirements, and even preconditions to those requirements, that an OSP must fulfill in order to even be considered for safe harbor protections. The following is a roadmap of sorts, designed to inform service providers of the hazards in navigating one of the Web’s most crucial and complicated pieces of legislation. However, this article is no substitute for legal advice, and if anything referenced in this post appears to affect your operation, a talk with your lawyer about DMCA issues is in order.

  1. Who is a Service Provider?

Although a seemingly simple question, many providers of online services to end users on the Internet do not realize that the type of service they provide affects their obligations and potential protections under the DMCA. The DMCA defines a “service provider” as an entity offering transmission, routing, or providing connections for digital online communications, between or among points specified by a user, of material of the user’s choosing, without modification to the content of the material as sent or received, or, a provider of online services or network access, or the operator of facilities thereof.2 Given its expansive definition, essentially any entity that provides end users with web space, bandwidth or access to the Internet could be considered a service provider under the DMCA. The types of business models covered by this definition range from ISP’s, to online dating sites, to adult tube sites. The statute goes on to identify four categories of conduct that enable an OSP to determine which type of service provider they are under the DMCA:

    1. Transitory Communication Systems: Network services that simply provide transitory access to the Internet, this includes basically any broadband Internet provider (i.e. – AT&T and other DSL/cable/satellite Internet access providers);3

    1. Caching Systems: Network services still providing simple conduit access to the Internet, but that also may store or copy transmitted data temporarily;4

    1. Web Hosts: Online services that host content at the direction of a user (i.e. – traditional hosting websites or almost any website/network that contains content uploaded or generated by the network’s users);5 or

    1. Information Location Tools: Search engines (i.e. – Google®)6.

Given the latest cyber litigation “target du jour”; user‐generated content (“UGC”) websites, this article will only concentrate on potential limitation of liability for OSPs that host their users’ files (i.e., #3 above). The legislative intent behind the file hosting safe harbor provision is to protect OSPs from liability based on the content posted by its users – whether in the form of online dating profiles or comments to a blog piece like this. For example, if UGC sites were responsible for each and every piece of infringing material uploaded by its users to the provider’s network, such liability would likely bring much of today’s Internet traffic to a screeching halt. OSPs that are required to monitor the content and/or conduct of their users would quickly find that the manpower necessary to accomplish that task would eat up any potential revenue to be generated, thus resulting in de facto censorship of an entire venue for online speech.

  1. Acquiring Potential Safe Harbor Protection?

Notably, the safe harbor from liability is not a blanket grant of protection or immunity from suit. Even with full compliance with all aspects of DMCA safe harbor obligations, an OSP could still get sued by an aggressive plaintiff, and be forced to ‘prove up’ its safe harbor compliance regime. Importantly, an OSP may only qualify for the DMCA’s limitation on liability if it fulfills the threshold conditions of the statute by agreeing to do the following:

  1. Identify and Designate a DMCA Agent7

  1. Accommodate technical measures to protect copyrighted works8

  1. Adopt and Implement a Repeat Infringer Policy9

In order to facilitate the notification process required for safe harbor, OSPs must designate the name and contact information of an agent who will be responsible for receiving any infringement notices from copyright owners (i.e., a “DMCA Agent.”) Take down notices sent to the DMCA Agent must include specific elements, but they essentially must state that the OSP’s network contains content that is infringing upon the owners’ intellectual property rights and is therefore on the network illegally. Upon appointing the DMCA Agent, the OSP must file a notice of designation of agent with the U.S. Copyright Office, along with the required fee; effectually providing public notice of the relationship between the OSP and the agent.10 Unfortunately, this is a step that many OSPs tend to forgo, and the failure to properly designate the agency relationship with the Copyright Office may result in total loss of safe harbor protection. The information disclosed to the Copyright Office; i.e., name, address, phone number, and email address, must also be made readily available to the public through the OSP’s service or website.11

The DMCA defines “standard technical measures,” referenced in #2 above, as attempts by intellectual property owners used to identify or protect their copyrighted works; for example, a watermark embedded on an image. An OSP accommodates, or does not interfere with, standard technical measures so long as it does not disable any such efforts by the copyright owner. Implementation of fingerprinting technology for identifying infringing videos or images may someday be considered a “standard technical measure” as such technology becomes more readily available and used by OSPs such as tube sites.

Another critical element must be met in order for an OSP to claim safe harbor: The OSP must adopt a policy that provides for terminating the accounts of users who repeatedly infringe on another’s copyright under “appropriate circumstances.” This is known in the industry as a “Repeat Infringer Policy” or “RIP.” The OSP must inform its customers of the RIP and “reasonably implement” it as well.12 There are often two sources of confusion that correspond with the RIP requirement: Who is a “repeat infringer” and how do I “reasonably implement” a repeat infringer policy? Unfortunately for OSPs, the DMCA does not provide any guidance to resolve these ambiguities. For example, the statute does not specify whether the repetition requirement for a “repeat infringer” refers to the total number of works infringed, the number of times a single work has been infringed, or the number of times a particular user has been identified as an infringer. Nor does the statute discuss the time span within which the repeat infringements are to be calculated. Further, the DMCA does not identify particular actions that can be taken by an OSP to satisfy the statute’s requirement that it “reasonably implement” the RIP.

Ultimately, it is up to the OSP to decide exactly how it wishes to implement its RIP. Each business model may require its own type of RIP considerations, and there is no “magic number” of infringements that must result in termination of a user. Because of this lack of clarity in the statutory language, it has only been through OSPs being sued, and legal decisions being issued, that the public has gained some insight on the proper protocol in implementing an RIP. While no court has definitively described how a legally‐ compliant RIP should look, courts have discussed the importance of a consistent RIP to overall safe harbor protection.13

It should be noted that the law does not require OSPs to adopt an RIP, or to comply with any of the safe harbor provisions of the DMCA. OSPs can tolerate obvious repeat infringers, but they do so at their own peril. Compliance with DMCA safe harbor provisions is completely optional, but the benefits of compliance cannot be ignored, as a practical matter. Improper implementation of an RIP could result in the total loss of safe harbor protection, rendering OSPs completely vulnerable to traditional copyright claims based on direct, contributory and/or vicarious copyright infringement liability theories. Therefore, DMCA compliance comes down to a business decision – one that can be very important if the OSP is ever sued for copyright infringement based on UGC.

  1. Loss of Safe Harbor Protection

Not only must an OSP fulfill the conditions referenced in the above section, but it must also meet the following constant obligations relating to its knowledge of specific infringing materials and its reaction to the knowledge of such materials. The DMCA specifically states that an OSP does not have a duty to monitor its network or actively seek out infringing activity in order to maintain its safe harbor status.

However, if the OSP is put on notice of infringement within its network, this then triggers the OSP’s duty to act. An OSP may lose safe harbor protection if it:

  1. Has actual knowledge of the infringement;14 or,

  1. Is aware of facts or circumstances from which the infringing activity is apparent;15

and,

  1. Upon obtaining such knowledge or awareness, does not act expeditiously to remove, or disable access to, the infringing material.16

This means that safe harbor protection is available to OSPs only to the extent that the OSP has not been put on notice of particular infringing activity, or if it has, then it is obligated to remove the infringing content from its network. This also means that if certain “red flags” exist, suggesting rampant copyright infringement is apparent on the site, the OSP has a duty to act to take appropriate action to protect the copyright owners. Actual knowledge of alleged infringement is satisfied by receipt of a proper notice and takedown request from the copyright owner of the infringed upon material. The takedown notification must be in writing and must substantially contain the following information:

  1. The name, address, and electronic signature of the complaining party;17

  1. Identification of the infringing materials and their Internet location;18

  1. Identification of the copyrighted works that are being infringed upon;19

  1. A statement by the owner that it has a good faith belief that there is no legal basis for the use of the materials complained of;20

  1. A statement of the accuracy of the notice and, under penalty of perjury, that the complaining party is authorized to act on the behalf of the owner.21

So long as the DMCA notice is processed by the OSP, meaning, the notice is acknowledged by removal of the infringing material, it cannot be used as “actual notice” against the OSP in a subsequent secondary infringement claim.22

DMCA Notices have become relatively commonplace in today’s online marketplace. Unfortunately, the recent trend has been to abuse the quick and easy content removal system put in place through the DMCA, by competitors seeking to get the upper hand by submitting false infringement reports about competing content. This sort of activity often occurs in the online escort site and online dating site industries. DMCA abuse can be punished by anyone suffering damages as a result, but often identifying the abuser can prove difficult, since the contact information provided in the Notice is often false. The OSP has no obligation to ensure that the contact information in DMCA Notice is valid or accurate – they are merely required to act when they receive a Notice containing the necessary elements.

Given the burden on the OSP to remove infringing content the moment it gains actual knowledge of infringement, or constructive knowledge through ‘red flags,’ the statute prevents such knowledge to be used against the OSP so long as it discharges its removal obligations. In other words, the DMCA allows OSPs to remain within the realm of safe harbor protection, even after acquiring knowledge (whether actual or apparent) of infringing content, so long as the OSP “acts expeditiously to remove, or disable access to, the material.”23

  1. Consequences of Safe Harbor Loss

The primary consequence of losing DMCA safe harbor protection is exposure to monetary damages (i.e.

  • all damages, costs, attorneys’ fees, and any other form of monetary payment,”) however it is within a court’s discretion to issue injunctive relief against them as well. Such injunctions may mandate any actions that the court considers necessary to prevent subsequent infringement of the material in question.24 Loss of safe harbor protection does not mean that the OSP is automatically responsible for infringing content posted by third parties; it simply means that the OSP cannot assert the safe harbor defense. A copyright claimant would still need to prove the standard elements of copyright infringement before the OSP could be held liable.

In the event that an OSP attempts half‐hearted DMCA compliance, whether intentional or not, it may not be able to rely on the statute to come to its rescue if it is ultimately sued for copyright infringement based on infringing UGC on its network. Thus, merely posting the name of a person who has agreed to serve as your DMCA agent on your ‘Contact Us’ page does not grant an OSP any safe harbor protection. Yet, many OSP’s – particularly those located overseas who are not conversant in U.S. legal requirements

  • tend to assume that listing a DMCA agent constitutes a ‘magic shield’ that will protect them from any

U.S. claimants seeking to impose monetary liability for third party generated content.25 As demonstrated above, full DMCA safe harbor protection is much more complicated to achieve.

  1. Conclusion

Although acquiring DMCA safe harbor can be a burden, any compliance regime should be developed in consultation with legal counsel. The benefits of proper DMCA compliance are substantial. Few federal statutes provide a complete release of liability for a category of intellectual property infringement, and thus all OSPs that allow any UGC should strongly consider developing strict DMCA safe harbor compliance policies. DMCA safe harbor is one of the greatest shields provided to OSPs, but like most armor, if it not properly applied, it can turn the wearer into nothing more than a target.

Lawrence G. Walters, Esq., heads up Walters Law Group, a law firm which represents clients involved in all facets of the adult industry. The firm handles First Amendment cases nationwide, and has been involved in Free Speech litigation at all levels, including the United States Supreme Court. All statements made in the above article are intended for general informational purposes only and should not be considered legal advice. Please consult your own attorney on specific legal matters. You can reach Lawrence Walters at larry@firstamendment.com. More information about Walters Law Group can be found at www.FirstAmendment.com.

7 17 U.S.C. § 512(2010) et seq.

2 17 U.S.C. § 512 (k)(1).

3 17 U.S.C. § 512(a).

4 17 U.S.C. § 512(b).

5 17 U.S.C. § 512(c).

6 17 U.S.C. § 512(d).

7 17 U.S.C. § 512(c)(2). Identification occurs by posting information about how to send DMCA notices to the agent on the website (i.e. – via a Notice and Takedown Policy), and Designation occurs by filing a Designation of Agent with the U.S. Copyright Office, and payment of the required fee. See United States Copyright Office website; available at: http://www.copyright.gov/onlinesp/.

8 17 U.S.C. § 512(i)(1)(B).

9 17 U.S.C. § 512(i)(1)(A).

10 See United States Copyright Office website; available at: http://www.copyright.gov/onlinesp.

11 17 U.S.C. § 512(c)(2). This is accomplished through posting a proper Notice and Takedown Policy.

12 17 U.S.C. § 512(i)(1)(A).

13 See Perfect 10, Inc. v. CCBill LLC, 488 F.3d 1102 (9th Cir. 2007); IO Group, Inc. v. Veoh Networks, Inc., 586 F.Supp.2d 1132 (N.D. Cal. 2008)(The DMCA does not define “reasonably implement.” Nonetheless, the Ninth Circuit has held that a “service provider ‘implements’ a policy if it has a working notification system, a procedure for dealing with DMCA – compliant notifications, and it does not actively prevent copyright owners from collecting information needed to issue such notifications.” CCBill, 488 F.3d at 1109. “The statute permits service providers to implement a variety of procedures, but an implementation is reasonable if, under ‘appropriate circumstances,’ the service provider terminates users who repeatedly or blatantly infringe copyright.” Id.)

14 17 U.S.C. § 512(c)(1)(A)(i).

15 17 U.S.C. § 512(c)(1)(A)(ii).

16 17 U.S.C. § 512(c)(1)(C).

17 17 U.S.C. § 512(c)(3)(A)(i).

18 17 U.S.C. §§ 512(c)(3)(A)(ii‐iii).

19 17 U.S.C. § 512(c)(3)(A)(iv).

20 17 U.S.C. § 512(c)(3)(A)(v).

21 17 U.S.C. § 512(c)(3)(A)(vi).

22 17 U.S.C. § 512(c)(1)(A)(iii).

23 Id.

24 17 U.S.C. § 512(j)(1)(iii).

25 Not only is this factually inaccurate, but as discussed above, the DMCA has no applicability to certain claims like trademark or cybersquatting claims, which could still be asserted against OSPs that are in full compliance with the DMCA.

 

The PROTECT IP Act

The PROTECT IP Act – Warning: This Bill May Cause Seizures

If a lawmaker were to mix the overzealous propaganda of the USA Patriot Act with the overreaching executive authority of COICA, the new PROTECT IP Act would probably be the result. This new version of COICA, chock full o’ censorship issues, but with a shiny new name was recently introduced to Congress. Say hello to the “Preventing Real Online Threats to Economic Creativity & Theft of Intellectual Property” (PROTECT IP) Act.

Had it not stalled after its committee approval last year, COICA would have allowed federal authorities to seize domain names of sites using infringing content and require ISPs to cut off user access to the rogue sites. Well, the PROTECT IP Act raises the stakes a bit. The Act seeks to set up as system whereby the government, or private parties, can file suit against domain names that are tied to websites allegedly dedicated to infringing activity, get a preliminary court order based on one‐sided evidence, and use that court order to force third party service providers like hosts, registrars, payment processors and others, to effectively shut down the site.

This means that any entity providing services to an allegedly infringing site can be dragged into the suit; even “internet location tools.” That’s right, search engines. Under the proposed legislation, these third parties have every incentive to do the government’s bidding, and even police their customers’ activities, since the Act provides an immunity from claims resulting from actions taken by a service provider against a site where the provider has a “good faith belief” that the site is “dedicated to infringing activities.” Host and billing companies beware; ‘you’re either with us or you’re against us’ in this Bill.

Just like they did last year with COICA, supporters of the Act cite to its “safeguards” in defense of the anticipated backlash. These purported safeguards include the ability of an affected site to “petition the court to suspend or vacate the order” in question. As you might guess, the “safeguards” are implemented after the feds get the ball rolling and the involved service providers have already been forced to discontinue services or access to the site. In other words, censor first, ask questions later…

Equally disturbing is the Act’s “private right of action” provided to IP owners. Rights holders, along with the government, will have the ability to pursue legal action against websites that are allegedly infringing on their IP rights and other affiliated third party intermediaries such as a payment processor or “online advertising network.” The import of this provision cannot be understated. The obligations imposed on service providers could change dramatically if they face being dragged into private lawsuits based on their customers’ activities. As the Electronic Frontier Foundation accurately pointed out, “Consider whether Viacom would have bothered to bring a copyright infringement action against YouTube—with the attendant challenges of arguing around the DMCA safe harbors—had it had this cause of action in its arsenal. The act includes language that says it’s not intended to ‘enlarge or diminish’ the DMCA’s safe harbor limitations on liability, but make no mistake: rights holders will argue that safe harbor qualification is simply immaterial if a site is deemed to be dedicated to infringement.”

The one benefit offered by the PROTECT IP Act is a new, narrower definition of proscribed websites characterized with the infamous phrase of “dedicated to infringing activities.” The previous definition used in COICA was overly vague to the extent that it would have likely put legitimate websites at risk of violation. That definition, although admittedly much more lenient than its predecessor, is only a slight concession in the grand scheme of things.

Of greatest concern, from a First Amendment perspective, is the increased likelihood of pretrial seizure of domain names that are alleged to be in violation of the Act. Registrars, or even registries, are likely included in the category of service providers subject to the new Bill. Shutting down an entire venue of communication based on a preliminary finding that it is dedicated to infringing activities, before a trial or other judicial determination on the merits, runs counter to all Free Speech principles. That’s why the government cannot shut down a bookstore just because a clerk gets arrested for selling an allegedly obscene book. However, the concept of the government seizing domain names, the same domains that are home to constitutionally protected speech, and that seizure occurring before any defenses are heard, reeks suspiciously of what we constitutional lawyers call “prior restraint.” That, simply, is not allowed.

This disturbing trend of seizing domain names made headlines just a few weeks ago in what has come to be known in online gaming circles as “Black Friday.” On April 15, 2011, the United States DOJ issued an indictment, and filed a civil suit against the three largest online poker sites in the world; Poker Stars, Full Tilt Poker and Absolute Poker. As a result, the .com domain names for each of the sites were seized for ultimate forfeiture to the government, as alleged instrumentalities of the “crime.” What crime? Well, since Internet poker is technically not against any federal law, the DOJ dug up some New York misdemeanor statutes which generally prohibit gambling and related promotional activities as the purported basis for the gambling charges, and the multimillion dollar seizures of domain names and bank accounts. But the applicability of this state statute to licensed foreign gaming activities is questionable at best. Regrettably, however, due to some accompanying bank fraud charges, it is unclear whether or not this case will determine once and for if online poker illegal. Regardless of the ultimate outcome, the DOJ has made clear that it will seize any domain name – at the registry level – that it deems to be used in the violation of U.S. law – even if operated from overseas, in full compliance with the host country’s laws.

Granted, the online gaming industry is no stranger to cyber seizures; Kentucky v. 141 Internet Domain Names has been making its way through the court system for almost three years. In this case, the state of Kentucky demanded that various registrars surrender domain names of sites acting as “gambling devices.” There, the state obtained a pretrial seizure order for the domain names, and emailed the order to the sites’ registrars. Some of the domestic registrars complied, but most of the foreign registrars ignored the court order, as coming from an improper jurisdiction. The key distinction between the Kentucky case, and the recent federal online poker domain seizures, is the level at which the domains were seized. On Black Friday the feds double jumped over the registrars, which were all outside the U.S., and went right to the .com registry to enforce its pretrial seizure order. And since all .com domain names are controlled by a U.S.‐based registry, there was no jurisdictional issue to worry about.

A few domains have already been seized, under existing intellectual property laws. In November of 2010, the feds seized a number of domain names on grounds of copyright infringement and counterfeiting. As this post goes to publication, it appears that the DOJ has seized another handful of online gambling domains. The government even created its own undercover payment processor to get the sites to sign up. So the trend shows no sign of letting up.

There is no denying the detrimental impact that piracy is having on the adult industry. Copyright infringement should be punished, consistent with due process principles. But the idea of allowing the government to shut down websites by seizing their .com domain names, based on one‐sided hearings and allegations of infringement or counterfeiting – without consideration of the merits or defenses, sets a dangerous constitutional precedent. Simply substitute “obscene” for “infringing” and you get the picture.

Lawrence G. Walters, Esq., heads up Walters Law Group, a law firm which represents clients involved in all facets of the adult industry. The firm handles First Amendment cases nationwide, and has been involved in Free Speech litigation at all levels, including the United States Supreme Court. All statements made in the above article are intended for general informational purposes only and should not be considered legal advice. Please consult your own attorney on specific legal matters. You can reach Lawrence Walters at larry@firstamendment.com. More information about Walters Law Group can be found at www.FirstAmendment.com.

Moving Upstream With a Large Paddle

 

Moving Upstream With a Large Paddle

By: Lawrence G. Walters & Kevin W. Wimberly

Walters Law Group

www.FirstAmendment.com

The adult industry often finds itself at the center of precedent‐setting legal battles. Some of these cases have clarified or even changed the law. For example, the Hustler cases created precedent in the defamation and copyright fields; Victor’s Little Secret brought about the Trademark Dilution Revision Act; the Perfect 10 cases have defined the contours of DMCA safe harbor protection; and Playboy has established First Amendment principles in attempts to regulate decency in telecommunications.1

Recently, the adult industry has been making increased appearances in mainstream technology & law media such as TechDirt, ars technica, and the Electronic Frontier Foundation (“EFF”) website.2 In fact, as reported by XBIZ, the EFF was recently appointed to represent various Doe defendants in one of the many bittorrent/Doe copyright infringement cases brought by adult content producers.3 While the “massive Doe” litigation strategy is beyond the scope of this article, one cannot help but note that this strategy is receiving much the same criticism that the RIAA MP3‐sharing strategy received near the turn of the century.4 (The strategy was recently analyzed by respected adult Internet attorney Greg Piccionelli, Esq., in “Bittorrent Legal Mania.”)5 In addition to its lack of effectiveness, the recording industry abandoned that strategy after receiving backlash from traditional media publications, such as Rolling Stone, and by legal scholars, who were concerned by the lack of due process and extortion‐like qualities that make up certain flavors of the mass‐Doe model.6 Regardless of one’s opinion of the mass‐Doe strategy, one thing is generally accepted by all sides: Those who infringe copyrights (or other intellectual property rights) must be held accountable.

However, punishing infringers is not the only piece of the equation. To a certain extent, the adult industry has become overly‐dependent on traditional DVD and full‐length film distribution, charging hefty retail purchase prices, or imposing recurring monthly billing in exchange for access to extensive libraries of content. To some extent, the customer’s tastes and expectations changed, but many content producers failed to follow suit. Thus, in addition to pursuing infringers, adult producers need to develop some form of content‐protection technology, and – like the music industry ‐ recognize the consumer’s desire for micropayments and a per‐song vs. a per‐album business model. One can only wonder whether the industry would be experiencing the same level of rampant piracy of its content, if end users were provided the opportunity to pay a reasonable fee for the specific content they want, as opposed to the prevailing monthly billing model. At least one company has envisioned the future, and reacted, as evidenced by Pink Visual’s new PVLocker.com platform, the release of which has recently been hailed by XBIZ as “redefining” content distribution.7 Admittedly, even if such distribution and protection mechanisms are developed and implemented, there will still be infringement on the Internet. There will always be people unwilling to pay for content for whatever reason. But, as many reformed Napster.com music file infringers now use iTunes at 99 cents a pop, those companies turning to micropayments for specified clips may see the same kind of results.

The Problem

Internet‐based infringement typically occurs in one of two ways: (1) distributed infringement via bittorrent; and, (2) client/server infringement via cyberlockers or other Web‐based locations. Each has legal and technological hurdles that copyright owners must overcome in order to bring infringers to justice – or at least make them pay up.

Infringement via bittorrent

Bittorrent is a technology that gained popularity as the “‐ster” (Napster, Aimster, Grokster) peer‐to‐peer applications were either judicially shut down or were otherwise forced to “go legit” in the face of being shut down. From a functionality perspective, rather than a user connecting to another user’s computer to download an entire file (as in the “‐ster” P2P apps), bittorrent drastically increases the efficiency and speed of downloads by allowing a downloader to receive “pieces” of a file from multiple other users who either possess the entire file or pieces of it.8 In the time it used to take to download a single MP3, for example, bittorrent allows an entire album to be downloaded. From a legal perspective, this provides a massive list of potential unauthorized distributors and downloaders.

The torrent infringement model lends itself to massive amounts of anonymous defendants based on the basic architecture of the bittorrent protocol. While this is somewhat of an oversimplification, there are no real culpable intermediaries in the bittorrent protocol. Other than a bittorrent user’s Internet service provider (Comcast, Bellsouth, Roadrunner, etc.), there are essentially no upstream intermediaries to contact, such as a discussion forum and/or cyberlocker’s actual host. (An example of a cyberlocker is Rapidshare.) While bittorrent does rely on a “tracker” server to initiate communication among downloaders, the tracker server does not need to contain any copyrightable material to operate, and the tracker is not necessary after the downloaders, or “peers,” have been “introduced.” As a result, there are no gatekeepers capable of removing actual content or otherwise available to receive other legal methods attempting to stop the conduct – the only persons or entities possessing the infringing content are the downloaders. The content owner seeking to stop infringement via bittorent thus has limited options – try to shut down the tracker server, which will just reappear under a new name and at a new location, or sue the individual sharers and stealers of the content and rely on deterrence of future user‐based infringement. 9

Bittorrent software clients enable the user (and others) to see the Internet Protocol addresses (“IP address”) of the machines providing and downloading the pieces of the files, and it is those IP addresses that presumably match up with the Does in the mass‐Doe lawsuits. As recent procedural hurdles have shown, however, courts are reluctant to allow plaintiffs to lump hundreds of Does into the same lawsuit when such Does may reside in multiple jurisdictions and have unique defenses (such as “My wireless network isn’t secure; a virus took over my machine; it must have been my neighbor…”).10

However difficult it may be to litigate against multiple bittorrent users at once, these plaintiffs, many of which are adult content producers, are generally seeking out the appropriate targets – those who are infringing copyrights with knowledge of doing so. Nobody can reasonably dispute that those who make the conscious efforts and decisions to either rip, share, and/or download content without authorization should be held legally accountable.

What *is* subject to legitimate debate among e‐commerce scholars and attorneys is how far the law does and should go when determining intermediary liability for infringement based on more traditional server/client models.11 Such intermediaries include discussion forums, cyberlockers, tube sites, and even hosts or billing processors.

Infringement via discussion forums and cyberlockers

The typical example of this type of infringement is as follows: Someone sets up a discussion forum that allows users to register and post links or other content on the forum. Users often upload content to a cyberlocker and then post the link to the file (which is hosted by the cyberlocker) on the discussion forum. Presuming that the file is a video, the user may also post a screenshot, thumbnail, or description of the video file on the discussion forum. Other users of the forum can then click the link to the cyberlocker and begin downloading the file. Some forums even allow users to upload content to the forum itself, thereby eliminating the need for a cyberlocker. This is typically the case when the content being illegally distributed is limited to still images or text.

At first glance, the traditional client/server model therefore provides plaintiffs with easily‐ identifiable targets that don’t exist in the bittorrent model. For the sake of argument, potential defendants include the user who posted the content or links to the cyberlocker, the cyberlocker itself, the cyberlocker’s host, the operator of the discussion forum, and the discussion forum’s host. Upon researching the status of these people and entities, however, it is often the case that the discussion forum operator is based overseas, has provided misinformation in the WHOIS database when registering its domain, provides no contact information on the site, and/or is generally unreachable absent great expense. The same goes for the user that uploaded the content or provided the links to the cyberlocker. The user is often identified only by a nickname, and without cooperation from the forum operator it is therefore difficult if not impossible, to uncover the user’s IP address. All the content owner wants to do is send a DMCA Notice, but there is no readily available recipient.

At this point, plaintiffs start looking upstream. If they cannot easily find the direct infringers and those who really induced the infringement, then why not send DMCA Notices to the people hosting the forum and/or cyberlocker? These hosts are often based in the United States and provide hosting services to thousands of other customers unrelated to the infringing activity. They are easy targets and often have deep pockets. By moving upstream, the content owner is typically focused on two interests – removal of its content and/or squeezing out settlement money.

While the authors contend that a host providing hosting services to a website or forum that offers user‐generated content should not be required to process DMCA Notices based on its customers’ users’ conduct and content, that very scenario is becoming commonplace. In 2009, Microsoft sent a DMCA notice to Network Solutions concerning one document found on the Cryptome website, which Network Solutions hosted.12 Networks Solutions asked its customer to remove the file, and the customer refused, citing fair use. Since Network Solutions did not have the means to remove that single document from its customer’s site, it shut down the entire site, taking with it thousands of lawful documents and speech. Similarly, in 2009 the U.S. Chamber of Commerce sent a DMCA Notice to an upstream ISP concerning a parody site hosted by the ISP. When the ISP contacted its customer about the site, the customer explained that the site was a parody. Rather than spend the time and money to stand up for its customer – or at least evaluate the defense – the ISP terminated the customer’s account and thereby shut down many other websites that the customer operated in addition to the parody site.13

Countless other examples exist where upstream service providers are getting dragged into disputes between content owners and alleged infringers. Our firm has represented hosts and other service providers named in litigation where they had only a remote, contractual relationship with the real wrongdoer. The effect on free speech is obvious. While this may just seem like the case of a spineless ISP, such lack of spine is understandable in typical circumstances. Faced with being dragged into litigation to defend itself from a claim of secondary liability based on its customers’ material, it is easier and more economical for the host to just comply with the DMCA Notice and deny continued hosting services to the entire account, even though the host is a neutral intermediary.

To the content owner, this is of no concern. The content was removed. To believers in free speech and the rule of law, the concerns are troubling. Irrespective of one’s stake in the game, the practice of holding intermediaries responsible for the actions of its customers’ end users should alarm all involved. If the host (or billing company or other intermediary) has DMCA safe harbor protection – or even if it does not have DMCA safe harbor but could still successfully mount a “no secondary liability” defense – then why wouldn’t it assert those protections and defenses to allow the online communications to continue? The answer is simple: economics. For a host, the cost of defending itself in a secondary liability infringement case in federal court is almost guaranteed to exceed the hosting fees that the customer pays. While the DMCA allows the end user to serve a “counter‐notification,” the intermediary’s direct customer (i.e. the actual site hosting the content) may not have actual knowledge of the facts relating to the infringement sufficient to allow it to serve a counter with the required certification under the penalties of perjury.14 Moreover, by serving several DMCA notices on an intermediary, relating to customers’ end users’ activity, the specter of “repeat infringer” rears its head. The intermediary may need to terminate the customer, who may operate a plethora of sites unrelated to the infringing content ‐ even if counter‐notifications are served to some of the DMCA infringement notifications – depending on the Repeat Infringer Policy adopted by the host. However, by terminating the customer’s account or otherwise not giving the customer the opportunity to dispute the alleged infringement, the host saves enormous amounts of time and money dealing with notices, counter‐notifications, and related communications. Many of these communications need to be reviewed by legal counsel, thus increasing the cost of compliance and maintaining the customer’s account.

Once terminated, the customer is forced to find a new host, and it may seek hosting services overseas in the hopes to avoid future DMCA‐related terminations. This would ultimately frustrate any future infringement pursuits by content owners. Also, by imposing increasing monitoring and compliance obligations on hosts, the costs of hosting naturally increases, and the hosts pass along the mounting legal costs, operational costs and insurance premiums to their customers. As more hosts are dragged into costly litigation for the misdeeds of their customers – or even their customers’ customers – there is less incentive to provide the services to begin with. Regrettably, this is a textbook example of the chilling effect on speech. This also creates an incentive for an underground (or overseas) market for hosting risky user‐generated content. Not surprisingly, these hosts simply ignore DMCA obligations, and can therefore provide the services at a lower cost. Content owners may therefore end up in a much worse position by blindly naming domestic intermediaries as defendants, as opposed to working with these companies in a cooperative fashion.

Conclusion

The mass‐Doe litigation model is still in its infancy. Some plaintiffs are having success, and some are failing in a very public manner. It is too early to tell what effect these cases will have on the law or the rules of procedure that govern the law. Regardless of that outcome or the ultimate strategy used in these bittorrent cases, it is wise to consider the ultimate practical and economic impact on these intermediary service providers prior to giving in to the temptation to name the “deep pocket” in litigation. Ease of identification and financial wherewithal should not be the primary motivating factors for naming a defendant. What may seem like a quick and easy payoff has lasting First Amendment and economic effects that will reverberate long after content is removed (and undoubtedly replaced the next day by a different user, on a different forum, with a different host.) This is a time of opportunity for content owners. New piracy protection measures, micro‐payment systems, personalized content “locker” distribution– all of these can be implemented as realistic responses to the torrents of infringement. But, seeking to impose liability on easy targets with remote involvement in any infringing activity threatens to impose crushing financial burdens on an already ailing industry while also pushing the law in a direction that threatens the true expression of ideas in the online marketplace.

Lawrence G. Walters, Esq., heads up Walters Law Group, a law firm which represents clients involved in all facets of the adult industry. Kevin Wimberly, Esq., is an associate with the firm, and concentrates on intellectual property matters and new media law. The firm handles First Amendment cases nationwide, and has been involved in Free Speech litigation at all levels, including the United States Supreme Court. All statements made in the above article are intended for general informational purposes only and should not be considered legal advice. Please consult your own attorney on specific legal matters. You can reach Lawrence Walters at larry@firstamendment.com or Kevin Wimberly at kevin@firstamendment.com. More information about Walters Law Group can be found at www.FirstAmendment.com.

1 Hustler Magazine, Inc. v. Falwell, 485 U.S. 46 (1988); Moseley v. V Secret Catalogue, Inc., 537 U.S. 418 (2003);

Perfect 10, Inc. v. Amazon.com, Inc., 508 F.3d 1146 (9th Cir. 2007); Perfect 10, Inc. v. CCBILL LLC, 488 F. 3d 1102 (9th Cir. 2007); United States v. Playboy Entertainment Group, Inc., 529 U.S. 803 (2000).

2 Nate Anderson, “Judge eviscerates P2P lawyer: ‘I accepted you at your word,’” Ars Technica, n.d. Available at:

http://arstechnica.com/tech‐policy/news/2011/03/judge‐eviscerates‐p2p‐lawyer‐i‐accepted‐you‐at‐your‐word.ars; Mike Masnick, “More Mass Porn Copyright Infringement Lawsuits Get Dumped,” TechDirt.com, January 3, 2011.

Available at: http://www.techdirt.com/articles/20110101/21182712478/more‐mass‐porn‐copyright‐infringement‐ lawsuits‐get‐dumped.shtml; Mike Masnick, “Unicorns And Leprechauns Aren’t Real… But Trolls Are (And They Have Lawyers),” TechDirt.com, March 11, 2011. Available at: http://www.techdirt.com/articles/20110311/12332513464/unicorns‐leprechauns‐arent‐real‐trolls‐are‐they‐have‐ lawyers.shtml; “Copyright Trolls,” Electronic Frontier Foundation, n.d. Available at: http://www.eff.org/issues/copyright‐trolls.

3 See http://www.xbiz.com/news/news_piece.php?id=130171.

4Grant Gross, “Congress Scrutinizes RIAA Tactics,” PCWorld, September 17, 2003. Available at: http://www.pcworld.com/article/112535/congress_scrutinizes_riaa_tactics.html; John Schwartz, “She Says She’s No Music Pirate. No Snoop Fan, Either.” The New York Times, September 25, 2003. Available at: http://www.nytimes.com/2003/09/25/business/media/25TUNE.html?ex=1098849600&en=6960e362c873ed2e&ei

=5070; “Not‐so‐Jolly Rogers,” Economist.com Global Agenda, September 10, 2003. Available at: http://www.economist.com/agenda/PrinterFriendly.cfm?Story_ID=2050467.

5 See http://www.xbiz.com/articles/legal/131701.

6 Sarah McBride and Ethan Smith, “Music Industry to Abandon Mass Suits,” The Wall Street Journal, December 19, 2009. Available at: http://online.wsj.com/article/SB122966038836021137.html?mod=rss_whats_news_technology.

7 See http://www.xbiz.com/news/news_piece.php?id=130211.

8 “What is BitTorrent?” Bittorrent.com. Available at: http://www.bittorrent.com/btusers/what‐is‐bittorrent.

9 John Borland, “Feds shut down BitTorrent hub,” Cnet News, May 25, 2005. Available at: http://news.cnet.com/Feds‐shut‐down‐BitTorrent‐hub/2100‐1028_3‐5720541.html; Michael Ingram, “LokiTorrent caves to MPAA,” Slyck.com, February 10, 2005. Available at: http://www.slyck.com/news.php?story=661

10 Lawrence G. Walters, “Beggars Can’t Be Forum Choosers,” Xbiz.com, March 22, 2011. Available at:

http://www.xbiz.com/blogs/larrywalters.

11 “Secondary and Intermediary Liability on the Internet,” Stanford Technology Law Review 2011 Symposium, March 3, 2011. Information available at: http://stlr.stanford.edu/symposia/2011‐secondary‐liability‐online/; Robert D. Atkinson, et al., “The Next Digital Decade: Essays on the Future of the Internet,” TechFreedom, 2010. Available at: http://nextdigitaldecade.com/contents.

12 Corynne McSherry, “The Weakest Link Redux,” Electronic Frontier Foundation, March 4, 2010. Available at: http://www.eff.org/deeplinks/2010/03/weakest‐link‐redux.

13 “Chamber of Commerce Takes Aim at Yes Men: Business Group Tries to Take Down Parody Site After

Embarrassing Prank,” Electronic Frontier Foundation, October 22, 2009. Available at: http://www.eff.org/press/archives/2009/10/22.

14 See, 17 U.S.C. § 512(g)(2)&(3).

Legal Issues Surrounding Mobile Apps

Legal Issues Surrounding Mobile Apps

Why apps are different than websites?

By: Lawrence G. Walters, Esq.

Walters Law Group

www.FirstAmendment.com

Providing a mobile application for customers and potential customers has become as ubiquitous as having a website. Whether the app is used as a simple marketing tool (i.e. a trivia app that features the images of stars in an upcoming film), or a feature‐packed version of an adult dating website, consumers are beginning to expect ‐ if not demand ‐ that their favorite online destinations have accompanying mobile applications. In fact, a leading Morgan Stanley Internet analyst recently released an “Internet Trends” report which predicts that within the next four years “more users will connect to the Internet over mobile devices than desktop PCs.”1 This statistic isn’t surprising considering the popularity of the iPhone/iPad, Android‐based phones, and the slew of other pad‐type devices slated for imminent release.

What has resulted is an opportunity‐filled time for businesses that are positioned to offer such apps. Webmasters and content providers can now literally be in their consumers’ pockets and purses. The metaphorical analog to that statement is just as exciting: To put it bluntly, apps offer a perpetual method for revenue generation. In the office, on the couch, at a restaurant, in the bathroom – a direct line from the customers’ pockets to the provider’s bank account.

But WAIT! Before you start searching the Internet for code‐jockeys who promise to build an app for you on the cheap, careful consideration should be paid to the myriad of complicated legal issues that releasing an app creates. Just as apps can generate positive new opportunities, releasing an app without careful planning can also generate new financial and legal liabilities, given the relatively uncharted waters in which they operate.

As always, content is king. As reported by XBIZ recently, the notoriously‐fickle Apple made its App Store Review Guidelines public. Dipping its toes in the jurisprudence pool, Apple’s guidelines quote the U.S. Supreme Court’s 1964 Jacobellis v. Ohio obscenity case in which Justice Potter Stewart, referring to hard‐core pornography, stated: “I know it when I see it.”2 Apple thinks that app developers will likewise know when they have gone “over the line” with their content.3 The company does provide a slightly more concrete definition in the guidelines by indicating that apps containing pornography will be rejected, where “pornography” is defined by reference to Webster’s Dictionary. Interestingly, that definition requires that content be “explicit” to be pornographic. While Apple has been getting the bulk of negative press concerning banning “adult” apps in its App Store, Google’s Android Market content policy may be even more restrictive than Apple’s in that it prohibits “nudity” along with “pornography, obscenity, or sexual activity.”4 Of course, Google’s lack of an app approval process allows developers to essentially publish whatever app they desire in the Android Market. Google may then retroactively remove apps from the Market for content violations, which may be discovered via community‐policing and the “flagging” efforts of users. It is important to be aware of the distinction between publishing an app in the Android Market vs. publishing an Android app elsewhere. Unlike users of Apple’s products, who must resort to “jailbreaking” their devices in order to use third‐party app marketplaces, Android users have many different marketplaces from which to download and install apps, and each marketplace may have its own regulations. For example, as discussed in this article, Android’s “official” Market has restrictions on nudity, yet a third‐party marketplace exists primarily for adult content.5

Content is therefore important because it may be what keeps an app out of a marketplace (or the marketplace when referring to Apple apps). Perhaps more important, however, is what happens if an app is accepted. Are there trademark concerns generated based on the name of the app? Do copyright and/or trademark considerations exist with respect to the app’s icon? Importantly, the legal terms and conditions imposed by the app’s specific marketplace significantly impact the relationship between the developer and its customers.

Some of these terms may be found in the developer agreement for the specific platform and marketplace.6 Apple’s is called the “iPhone Developer Program License Agreement,” and Android’s is the “Android Market Developer Distribution Agreement.”7 While they share similarities, they also have important differences and varying degrees of detail. Apple requires that developers provide specific provisions in the terms that govern the app. These requirements can depend on the technology the app uses. For example, if a given app uses certain GPS functions (popular in dating apps), the associated terms must contain specified language. However, Apple also states that developers are not required to include any terms for the app. But if such terms are omitted, then Apple’s own terms will govern the use of the app. Deferring to Apple’s one‐size‐fits‐all terms may not be in the best interests of the individual developer, so careful consideration should be given to this issue.

Similarly, Google’s Android Market Developer Distribution Agreement places requirements on app developers, including required privacy disclaimers and notices, support obligations (which continue even if the app is removed from the market), restrictions on free vs. paid apps, and a protocol (which includes mandatory refund provisions) that must be followed should the app be alleged to be in violation of various intellectual property rights and/or publicity/privacy rights, or should it include defamatory material.

An experienced new media attorney can help developers take advantage of important legal protections by properly drafting and implementing legal terms, disclosures and disclaimers governing the use of mobile applications. Issues such as Section 230 protection, DMCA Safe Harbor, age verification and

§2257 exemptions can all be addressed in a mobile app’s terms. Merely including such terms in the existing website terms may not be sufficient to bind users of the mobile app. Moreover, mobile apps generate different legal concerns for developers relating to access by minors to age‐restricted content – especially given the ready access that minors have to purchasing services via mobile devices, as compared to their restricted access to credit cards necessary to purchase similar services on a traditional website. Accordingly, mobile apps require a renewed emphasis on user age verification, in addition to a host of other issues.

Some webmasters still remember the Golden Age of the Internet when throwing up some content on a website and creating a membership page made it rain money. While releasing mobile apps in today’s sophisticated marketplace may not result in the same kind of easy money, it does provide a new and profitable revenue source. However, as with any cutting edge technology, the legal issues are likewise novel and sometimes complex. The release of any mobile app should only be done after evaluating the important legal concerns generated by this new business model.

Date of Release: 9/28/10

Lawrence G. Walters, Esq., heads up Walters Law Group, a law firm which represents clients involved in all facets of the adult industry. Kevin Wimberly, Esq., is an associate with the firm, and concentrates on intellectual property matters and new media law. The firm handles First Amendment cases nationwide, and has been involved in Free Speech litigation at all levels, including the United States Supreme Court. All statements made in the above article are intended for general informational purposes only and should not be considered legal advice. Please consult your own attorney on specific legal matters. You can reach Lawrence Walters at larry@firstamendment.com or Kevin Wimberly at Kevin@firstamendment.com. More information about Walters Law Group can be found at www.FirstAmendment.com.

1http://gigaom.com/2010/04/12/mary‐meeker‐mobile‐internet‐will‐soon‐overtake‐fixed‐internet/ (full report available here: http://www.morganstanley.com/institutional/techresearch/pdfs/Internet_Trends_041210.pdf)

2 See Jacobellis v. Ohio, 378 U.S. 184, 197 (1964) (Stewart, P., concurring).

3 In attempting to explain the apparent double standard between allowable content in songs, books, and apps, all of which are available in the iTunes App Store, the guidelines say that “If you want to describe sex, write a book or a song, or create a medical app” (emphasis added). So, apparently you can describe sex without limitation via songs and/or books, but descriptions of sex must be medically‐related for apps. Apple admits “It can get complicated.” No kidding!

4 Google is the developer of the Android mobile operating system.

5 See MiKandi at www.mikandi.com.

6 This article focuses on apps developed for Apple devices and apps developed for the Android platform (i.e. the

Motorola Droid and HTC Evo), but there are others out there, and each has its own set of conditions which must be accepted when developing an app for that platform and/or marketplace.

7 Not surprisingly, Apple makes it very difficult to find its Agreement. In fact, it took a Freedom of Information Act

request from the Electronic Freedom Frontier concerning an app that NASA released in order for the Agreement to become public. See http://www.eff.org/deeplinks/2010/03/iphone‐developer‐program‐license‐agreement‐all.