With the continuous rise in popularity of user-generated content, social media platforms, including streaming content and media-sharing services, increasingly face the threat and actuality of copyright litigation by content owners — most notably the record and motion picture industries. This litigation often alleges secondary liability, claiming that the service provider either contributed to an infringement committed by a user of its service, or knew about the infringement and financially benefitted from it. In 1998, Congress enacted the Digital Millennium Copyright Act, which includes powerful safe harbors from copyright liability for these service providers — if they meet a fairly complex series of statutory requirements. As the federal judiciary develops a more sophisticated body of law on the DMCA and its safe harbors, it effectively fine-tunes the rights and obligations of service providers seeking the protection of the safe harbors.
A recent case out of the Southern District of New York is the latest chapter in this narrative. The decision — Capitol Records v. Vimeo — resolved cross-motions for summary judgment filed by a video-sharing service (Vimeo) and a pair of record labels. Vimeo sought a ruling that, as a matter of law, it was covered by the DMCA safe harbors, and the labels sought the opposite ruling.
Vimeo is an online video-sharing platform that requires users of its service to have created or participated in the creation of each video they upload. It is therefore a destination for filmmakers of all kinds. Vimeo has approximately 75 employees, 12.3 million registered users in 50 countries, and over 30 million videos in its online database.
Vimeo functions in the usual way: users register for an account in order to upload content, they can set privacy restrictions on who can view the content, and users view, comment on, or “like” the uploaded content of other users. Vimeo also allows users to create or subscribe to “channels,” which are theme-based collections of videos. In addition, Vimeo has a Staff Blog page, and it features a “Staff Picks” channel, which includes content that Vimeo staff members hand-pick to be featured on the website homepage.
In December 2009, Capitol Records and EMI Blackwood Music — record and music publishing companies — filed complaints against Vimeo alleging direct and secondary copyright infringement. Together, the complaints point to 199 videos on Vimeo that allegedly contain copyrighted musical recordings owned by the plaintiffs and used without their permission.
Before trial, in September 2012, Vimeo moved for summary judgment. It asked the court to find that it qualified for safe harbor protection under the DMCA as a matter of law, and therefore could not be held liable for the alleged secondary infringement at trial. The plaintiffs asked the court to make a contrary ruling — that Vimeo is ineligible for that safe harbor protection as a matter of law. Perhaps evidencing the complexity of the issue, the court handed down its decision over a year later, on Sept. 18, 2013.
Our analysis of that decision and its implications follows. As to the vast majority of the videos at issue — 144 of the 199 — the court granted Vimeo safe harbor protection. As to the remaining 55, however, the court found certain facts troubling and disputed, and refused to rule on the safe harbor issue at all, instead leaving it an open question for the jury at trial.
Threshold Qualification as a Service Provider
The court’s summary judgment decision starts at the beginning, considering whether Vimeo can take advantage of the DMCA safe harbors. The threshold requirements are as follows: (1) the party must be a “service provider” as that term is defined by the statute; (2) the party must have adopted and reasonably implemented a policy for termination of repeat infringers; and (3) the party must not interfere with standard technical measures used by copyright owners to identify or protect copyrighted works.
Service Provider
Under the DMCA, a “service provider” is “a provider of online services or network access, or the operator of facilities therefor.” To date, courts, including the Vimeo court, have interpreted this definition to be fairly broad: “websites that provide services over and above the mere storage of uploaded user content are [still] service providers pursuant to [17 U.S.C.] § 512(k)(1)(B).”
That is, some level of monitoring, oversight and interaction will not destroy the availability of the safe harbors, within certain parameters. And here, the court stated that “[e]ven though Vimeo’s activities are not limited to such [online services that host and permit users to upload, share, and view videos], the Court conclude[d] that Vimeo qualifies as a service provider under § 512(k)(1)(B)’s expansive definition.”
Repeat Infringer Policy
The party seeking safe harbor protection also must have adopted and implemented a policy for the termination of users who repeatedly copy, upload or distribute others’ copyrighted content. To meet this requirement, “a service provider must (i) adopt a policy that provides for the termination of service access for repeat infringers; (ii) inform users of the service policy; and (iii) implement the policy in a reasonable manner.”
Adopt a Policy: The requirement to adopt a repeat infringer policy is not an overly burdensome one to meet. The court here held that Vimeo satisfied this requirement because it “took a clear position that those who chose to violate another’s copyright would not be permitted to avail themselves of the service Vimeo provides.” The court was speaking of Vimeo’s terms of service, which clearly provided that users may not upload content that infringes on another’s rights. The terms of service were an unavoidable step to uploading content: each user had to agree to them in order to register and become eligible to upload content.
Inform Users: The second component of a legally effective repeat infringer policy “require[s] that the service provider put users on notice that they face exclusion from the service if they repeatedly violate copyright laws.” As was the case here, it is satisfied by a more general policy stating that users will be expelled if for any violation of the terms of service, provided those terms of service prohibit single or repeated instances of infringement.
Reasonable Implementation: It should go without saying that, in addition to adopting a repeat infringer policy and informing users of that policy, a service provider must actually follow through on the policy and implement it against infringers. This requirement is best viewed as a sliding scale. The size of a company will inform the required level of sophistication a company is required to exhibit in implementing its policy. This truism is evidenced is the Vimeo decision, where the court emphasized that, under the language of the statute, implementation need not be perfect, only reasonable.1
No Interference with Technical Measures
Finally, as a third threshold requirement, the service provider must not interfere with standard technical measures used by copyright owners to identify or protect their copyrighted works (CMI or anti-circumvention measures). One example of a standard technical measure is a digital watermark imposed on a copyrighted photograph. It is important to work with IT to make sure these kind of standard measures are not filtered out or stripped by the service.
Content-Specific Requirements
The DMCA also requires that a service provider not be too close to the infringing content to qualify for protection. 17 U.S.C. § 512(c) applies to service providers that store information on their systems or networks “at the direction” of users; hence, it is the best bet for platforms that permit file hosting and sharing. And in order to qualify for safe harbor protection pursuant to § 512(c), a service provider must meet three additional requirements: the service provider has no actual or “red flag” knowledge of the infringement; the service provider receives no direct financial benefit from the infringement; and the service provider acts promptly to disable the infringing content upon receiving a DMCA notice.
The Vimeo court addressed each of these requirements.
Holdings
1. At the Direction of Users
The plaintiffs in Vimeo first seized on three seemingly innocuous words in the statutory definition of a service provider — the safe harbor prong that Vimeo sought to invoke requires that Vimeo store content “at the direction” of users. The plaintiffs identified employee and staff conduct that they thought defied this requirement.
In particular, the plaintiffs came forward with evidence that approximately ten of the 199 infringing videos actually were uploaded by current or future employees of Vimeo. In several instances, the webpages on which the employee-loaded videos displayed were clearly marked with a yellow box that read “STAFF” and appeared next to the uploader’s name (“employee badges”). According to plaintiffs, Vimeo employees acting within the scope of their employment, or at least apparently so, uploaded these 10 or so videos, such that those employees’ actions of should be imputed to Vimeo. Vimeo disagreed.
To decide the issue, the court resorted to common law principles of agency. The court specifically honed in on the notion of apparent authority — the principle that a company may be held liable for nonsanctioned actions of its employees if it reasonably appears, from manifestations of the company, that the employee was authorized to act. In Vimeo, the court concluded that a jury might think the employee badges that Vimeo appended to its employees’ user accounts were an outward manifestation of authority. So, as to the 10 employee-uploaded videos, the court declined to grant Vimeo the § 512(c) safe harbor defense it sought.
2. Knowledge of the Infringement
Capitol Records and EMI also argued that Vimeo had actual or apparent knowledge of many of the infringing videos. To effectively assert the safe harbor defense, a service provider must demonstrate that it lacked both actual knowledge of the infringing content and that it lacked knowledge of facts and circumstances that would lead a reasonable provider to conclude that infringement was underway (called “red flag” knowledge).
Again, the plaintiffs’ theory depended on the actions of Vimeo’s employees. This time, they alleged that Vimeo had actual or “red flag” knowledge of the infringement based on actions taken by employees, such as: commenting on infringing content; “liking” infringing content; and placing infringing materials on specific topic-oriented channels, including on employee-access-only channels. A summary submitted to the court by Capitol Records and EMI indicated that Vimeo employees interacted in one of these ways with 55 of the 199 videos at issue.
On the basis of this evidence and as to these 55 videos, the court found that a triable issue of fact was presented. The court believed that a jury must decide, under the totality of the circumstances, whether and which of the various interactions Vimeo employees had with the 55 videos were sufficient to confer “red flag” knowledge onto Vimeo.
3. Willful Blindness
Capitol Records and EMI also argued a theory of willful blindness, which the Second Circuit recognizes as sufficient to strip a service provider of § 512 safe harbor protection. Willful blindness is a legal construct that, in this context, imputes knowledge to a service provider who is “aware of a high probability of the fact of infringement and consciously avoids confirming that fact.”
After running down a laundry list of internal emails — which included rather damning (if anecdotal) evidence that Vimeo employees disregarded inquiries and notifications about systemic copyright issues on its platform — the court declined to find willful blindness. The reason was simple: the service provider must be willfully blind of the infringement at issue, not just any infringement at all. Although the emails that plaintiffs presented are just the kind of evidence that might encourage a court to find willful blindness, they bore no ostensible nexus to the 199 videos at issue and could not, therefore, amount to willful blindness of the allege infringement.
4. Exert Substantial Influence on Users
Turning away from the overarching focus of the case — knowledge of infringement — the court addressed Vimeo’s right and ability to control any content from which it financially benefits. The DMCA’s safe harbor provisions are inapplicable to a service provider that has the right and ability to control infringing activity. There are two ways a service provider has this level of control over users and their activities — first, by implementing a monitoring program that substantially influences users’ decisions and activities, and second, by inducing user infringement in a significant way.
Although the court ultimately found that Vimeo did not exert sufficient influence over its users and their activities via either means, it noted that Vimeo’s moderator tools — including, for instance, the ability to flag users for closer monitoring — while certainly an elaborate monitoring program, did not substantially influence users’ decisions and activities. Vimeo enforced its content prohibitions after the fact rather than by pre-screening content, and it did not define with any substantiality the character of the content users could upload. The court contrasted these circumstances with a California case in which a service provider dictated the “layout, appearance and content” of users’ websites.
The plaintiffs also argued that Vimeo substantially influenced its users’ activities by inducing them to infringe others’ copyrights — primarily pointing to employee emails and comments that advised users on how to synchronize music to video, and even a handful that tacitly or explicitly approved of user-posted content that clearly and intentionally infringed copyrights. Even in the face of this evidence, the court refused to find Vimeo liable. These instances, while shocking and inexcusable, were not pervasive enough to constitute substantial influence, the court said.
Expeditious Removal
Finally, the court brushed aside the plaintiffs’ contention that, once it had notice of the infringing content, Vimeo failed to act “expeditiously” to remove the content. The court held that the longest delay — three and a half weeks to remove 170 videos — was a reasonable response time.
Implications for Streaming Content and Media Services
Vimeo highlights some of the challenges that streaming media services face as the body of case law develops regarding DMCA safe harbor protection. Although courts are refining the law, many of the standards employed — considerations of agency in assessing red flag knowledge, or what constitutes a substantial enough monitoring program — remain vague, and therefore, dangerous and potentially costly. This is especially so when it comes to the issues in Vimeo, including how service providers promote their services and the content thereon, particularly vis-à-vis their employees. As a result, we point out some key implications that flow from this case for companies providing streaming content and media services.
- Don’t hedge on a copyright enforcement policy, and put it front and center. A threshold requirement, and one that is easy to accommodate is the adoption of a sound repeat infringer policy. Taking a hard stance on copyright infringement and making that stance known is a relatively low-cost and high yield measure.
- Actions speak louder than words. The repeat infringer policy should be implemented in a way that will reasonably identify, track, and expel users who upload infringing content. One option may be to disable user accounts for a first offense, and block email addresses associated with those accounts for subsequent offenses. The important part is that the implementation is not a façade or simply going through the motions; it’s got to be effective, or at least reasonably so.
- Streaming media companies should manage how their employees interact with users. Many content hosting websites are developing new ways for employees, moderators, and curators to interact with content posters and viewers. These service providers must be cautious about when and how their employees interact with content and with users. This case demonstrates that tacit or express approval of infringing content by employees — whether in comments, emails, “likes,” or by other means — could be imputed to service providers and result in exposure for copyright infringement.
- Service providers may want to consider not allowing employees to post content or rate, comment on, or indicate approval of hosted content. The most effective DMCA policy is one that relies on formal takedown notices as the primary (and ideally exclusive) method of receiving actual or red flag knowledge of alleged infringing content.
- While less practical than other alternatives, another approach to limit exposure is to restrict employees’ ability to create private accounts and utilize the service on their own time. As was apparent in the Vimeo case, it is often difficult to discern whether an employee is interacting with content as an independent actor or as an employee of the company. This is especially so from the viewpoint of an outsider. The safe bet is to avoid this ambiguity, and the price tag that may accompany it
- Although it may be difficult, streaming media startups should resist uploading initial content in order to populate and popularize their services. Such interaction blurs the line between service provider and user, and risks sacrificing safe harbor protection at considerable cost. Remember that the most readily available DMCA safe harbor requires a service provider to host content “at the direction” of users. Once the distinction between provider and user is lost, so is DMCA protection.
- As a general matter, tolerating “gray areas” will cost money. Perhaps the biggest single takeaway from this decision is that the safe harbors in § 512 are complex and fact-intensive. Therefore, clear policies that minimize employee interaction with user content, make such interaction anonymous or invisible, or otherwise limit employees’ ability to influence or promote user content will increase the chances a court will apply the safe harbor prior to trial, potentially staving off considerable litigation costs.
- “Red flag” knowledge and willful blindness are significant expansions on actual knowledge. While red flag knowledge has a basis in the language of the statute, willful blindness actually runs somewhat counter to the DMCA’s notion that service providers have no affirmative duty to search out infringing conduct and content. § 512(m). Either way, courts recognize these doctrines and expect providers to be diligent in addressing issues when they become reasonably apparent to the provider. As a result, effective service providers will recognize their dual prerogatives in this space: (1) to minimize their influence on user uploaded content; and (2) once information reasonably inferring infringement comes to light, to intervene expeditiously and effectively.
1 Another recent decision, in which Hotfile was sued by several motion picture companies, exemplifies a total failure to implement a repeat infringer policy. The court in Hotfile denied safe harbor protection because Hotfile did absolutely nothing to identify or track users that were uploading infringing content: by the time the complaint was filed in that case, 10 million DMCA takedown notices had been sent to Hotfile with respect to files available on its system, but Hotfile terminated only 43 users up to the filing of the complaint.
This article was originally published in Law360 on October 11, 2013.