Online Copyright Infringement Liability Limitation Act
The Online Copyright Infringement Liability Limitation Act (OCILLA) is United States federal law that creates a conditional safe harbor for online service providers (OSPs, including Internet service providers) and other Internet intermediaries by shielding them for their own acts of direct copyright infringement (when they make unauthorized copies) as well as shielding them from potential secondary liability for the infringing acts of others. OCILLA was passed as a part of the 1998 Digital Millennium Copyright Act (DMCA) and is sometimes referred to as the “Safe Harbor” provision or as “DMCA 512″ because it added Section 512 to Title 17 of the United States Code. By exempting Internet intermediaries from copyright infringement liability provided they follow certain rules, OCILLA attempts to strike a balance between the competing interests of copyright owners and digital users.
The 1998 DMCA was the U.S. implementation of the 1996 WIPO Copyright Treaty (WCT) directive to “maintain a balance between the rights of authors and the larger public interest, particularly education, research and access to information” when updating copyright norms for the digital age. In the context of Internet intermediaries, OCILLA strikes this balance by immunizing OSP’s for copyright liability stemming from their own acts of direct copyright infringement (as primary infringers of copyright), as well as from the acts of their users (as secondary infringers of copyright), provided that OSP’s comply with two general requirements protecting the rights of authors.
First, the OSP must “adopt and reasonably implement a policy” of addressing and terminating accounts of users who are found to be “repeat infringers.” Second, the OSP must accommodate and not interfere with “standard technical measures.” OSPs may qualify for one or more of the Section 512 safe harbors under § 512(a)-(d), for immunity from copyright liability stemming from: transmitting, caching, storing , or linking to infringing material. An OSP who complies with the requirements for a given safe harbor is not liable for money damages, but may still be ordered by a court to perform specific actions such as disabling access to infringing material.
In addition to the two general requirements listed above, all four safe harbors impose additional requirements for immunity. The safe harbor for storage of infringing material under § 512(c) is the most commonly encountered because it immunizes OSPs such as YouTube that might inadvertently host infringing material uploaded by users.
Taken as a whole, OCILLA’s passage represented a victory for telecom and Internet related industry groups over powerful copyright interests who had wanted service providers to be held strictly liable for the acts of their users. However copyright owners also obtained concessions. In addition to the general and specific preconditions on the created immunity, OCILLA requires OSP’s seeking an immunity to designate an agent to whom notices of copyright infringement can be sent, and to disclose information about those users who are allegedly infringers.
Unlike the DMCA’s anti-circumvention provisions, OCILLA is generally regarded as a successful implementation of public policy.
Safe Harbor Provision for Online Storage – § 512(c)
Section 512(c) applies to OSPs that store infringing material. In addition to the two general requirements that OSPs comply with standard technical measures and remove repeat infringers, § 512(c) also requires that the OSP: 1) not receive a financial benefit directly attributable to the infringing activity, 2) not be aware of the presence of infringing material or know any facts or circumstances that would make infringing material apparent, and 3) upon receiving notice from copyright owners or their agents, act expeditiously to remove the purported infringing material.
Direct Financial Benefit
An OSP must “not receive a financial benefit directly attributable to the infringing activity” to qualify for § 512(c) protection. However, it is not always easy to determine what qualifies as a direct financial benefit under the statute.
One example of an OSP that did receive a direct financial benefit from infringing activity was Napster. In A&M Records, Inc. v. Napster, Inc., the court held that copyrighted material on Napster’s system created a “draw” for customers which resulted in a direct financial benefit because Napster’s future revenue was directly dependent on increases in user-base. Conversely, in Ellison v. Robertson, the court held that AOL did not receive a direct financial benefit when a user stored infringing material on its server because the copyrighted work did not “draw” new customers. AOL neither “attracted [nor] retained…[nor] lost…subscriptions” as a result of the infringing material.
Knowledge of Infringing Material
To qualify for the § 512(c) safe harbor, the OSP must not have actual knowledge that it is hosting infringing material or be aware of facts or circumstances from which infringing activity is apparent. It is clear from the statute and legislative history that an OSP has no duty to monitor its service or affirmatively seek infringing material on its system. However, the statute describes two ways in which an OSP can be put on notice of infringing material on its system: 1) notice from the copyright owner, and 2) the existence of “red flags.”
This is advantageous for OSPs because OCILLA’s clear process allows them to avoid making decisions about whether or not material is actually infringing. Such decisions can be complex both because it is difficult to determine whether the copyright has expired on a material without access to complete information such as publication date, and because even copyrighted material can be used in some cases under the doctrine of fair use, the applicability of which is difficult to evaluate.
Instead of making a complex legal determination, OCILLA allows OSPs to avoid liability provided they comply with the terms of the statute, regardless of the validity of any claim of infringement.
Notice from Copyright Owner
The first way an OSP can be put on notice is through the copyright holder’s written notification of claimed infringement to the OSP’s designated agent. This must include the following:
- (i) A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
- (ii) Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site.
- (iii) Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the service provider to locate the material.
- (iv) Information reasonably sufficient to permit the service provider to contact the complaining party, such as an address, telephone number, and, if available, an electronic mail address at which the complaining party may be contacted.
- (v) A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
- (vi) A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.
See 512(a) and (h) below if the information is not stored on the system of the OSP but is instead on a system connected to the Internet through it, like a home or business computer connected to the Internet. Legal liability may result if access to material is disabled or identity disclosed in this case.
If a notice which substantially complies with these requirements is received the OSP must expeditiously remove or disable access to the allegedly infringing material. So long as the notice substantially complies with clauses (ii), (iii), and (iv) the OSP must seek clarification of any unclear aspects.
In Perfect 10, Inc. v. CCBill LLC, the Ninth Circuit held that the properly constructed notice must exist in one communication. A copyright owner cannot “cobble together adequate notice from separately defective notices” because that would unduly burden the OSP.
After the notice has been complied with the OSP must take reasonable steps to promptly notify the alleged infringer of the action. Note that the OSP is not prohibited from doing so in advance, only required to do so afterward. If there is a counter notification from the alleged infringer, the OSP must respond appropriately to it.
If the OSP complies with this and the counter notification procedures, it is safe from legal liability to its own customer as a result of taking down the material.
There is a common practice of providing a link to legal notices at the bottom of the main web page of a site. It may be prudent, though it is not required by the provisions of section 512 of the copyright law, to include the designated agent information on the page the legal link goes to, in addition to any other places where it is available. As long as the site gives reasonable notice that there is a method of compliance, that should be sufficient. Once again the courts have not ruled on the technicalities of posting of these notices.
The second way that an OSP can be put on notice that its system contains infringing material, for purposes of section 512(c), is referred to the “red flag” test. The “red flag” test stems from the language in the statute that requires that an OSP not be “aware of facts or circumstances from which infringing activity is apparent.”
The “red flag” test contains both a subjective and an objective element. Objectively, the OSP must have knowledge that the material resides on its system. Subjectively, the “infringing activity would have been apparent to a reasonable person operating under the same or similar circumstances.”
Take down and Put Back provisions
Here’s an example of how the takedown procedures would work:
- Alice puts a copy of Bob’s song on her AOL-hosted website.
- Bob, searching the Internet, finds Alice’s copy.
- Charlie, Bob’s lawyer, sends a letter to AOL’s designated agent (registered with the Copyright Office) including:
- contact information
- the name of the song that was copied
- the address of the copied song
- a statement that he has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.
- a statement that the information in the notification is accurate
- a statement that, under penalty of perjury, Charlie is authorized to act for the copyright holder
- his signature
- AOL takes the song down.
- AOL tells Alice that they have taken the song down.
- Alice now has the option of sending a counter-notice to AOL, if she feels the song was taken down unfairly. The notice includes
- contact information
- identification of the removed song
- a statement under penalty of perjury that Alice has a good faith belief the material was mistakenly taken down
- a statement consenting to the jurisdiction of Alice’s local US Federal District Court, or, if outside the US, to a US Federal District Court in any jurisdiction in which AOL is found.
- her signature
- If Alice does file a valid counter-notice, AOL notifies Bob, then waits 10-14 business days for a lawsuit to be filed by Bob.
- If Bob does not file a lawsuit, then AOL must put the material back up.
Meaning of “expeditious”
The law provides for “expeditious” action. The meaning of “expeditious” in the context of this law has not yet been determined by the courts. Black’s Law Dictionary defines “expeditious” as “performed with, or acting with, expedition; quick; speedy.” In thecommon law, the term “expeditious” has been interpreted according to the circumstances, allowing more time than “immediate” but not undue delay. Some suggest that the most prudent courses are to comply “immediately” or to seek immediate legal advice from qualified legal counsel. In the commercial online world, taking more than 24 hours may well be viewed as undue delay. However, when legal advice is factored into the equation it is reasonable to give counsel time to review all the facts, verify the necessary elements of the notice and conduct minimal research to ascertain the current state of the law. This may reasonably occur when the material posted appears likely to be covered by a fair use, for fair use is not copyright infringement. So, in some situations it may be reasonable to determine that “expeditious” would take more than 24 hours, and if the ISP was a small not-for-profit provider, or a server run by volunteers, it may not have the resources to obtain a legal opinion with the same speed that a large multinational corporation may have resources at its disposal to comply immediately. There may not even be a person immediately available who is qualified to determine if the notice complies with the standards set forth in the act. Perhaps a reasonable court would take these factors into consideration. The courts in the United States have yet to rule on these issues.
For a commercially run on-line provider taking action within the hour to tell a customer that a takedown notice has been received and informing them that they must immediately remove the content and confirm removal, giving them six to twelve hours to comply; and otherwise informing them that the content will be taken down or their Internet connection terminated, may be considered reasonable. Some courts may find this to be too great a burden on an ISP if it receives a large number of communications at the same time or has limited resources to review § 512 notices for substantial compliance. It may also depend on how the notice is sent. If the notice is sent via regular mail or via fax, there may be a lag between the sending of the notice and its reception by those who are able to act upon it. If the notification is received by a mail delivery on a Saturday when the ISPs offices are closed and not acted upon until Monday, that may be considered reasonable.
Preemption of State Law
Even if a copyright holder does not intend to cause anything other than the removal of allegedly infringing material, compliance with the DMCA’s procedures nonetheless may result in disruption of a contractual relationship: by sending a letter, the copyright holder can effectuate the disruption of ISP service to clients. If adherence to the DMCA’s provisions simultaneously subjects the copyright holder to state tort law liability, state and federal law may conflict. Depending on the facts of the case, federal law may preempt state law i.e. there will be no liability for state law claims resulting from compliance with federal law.
Effect of Delay in Response
The other issue to keep in mind is that the delay in responding may not amount to a significant amount of damages and someone who has had their material removed by the § 512 procedure late may be more than satisfied with the result; it is much less expensive than filing a copyright infringement suit in federal court that might revolve around a minor technicality of the law. Indeed one of the purposes of this section was to remove a large number of potential infringement suits from the courts when the facts revolving around infringement were basically undisputed and the damages could be minimized within a short period without the intervention of a US federal district court judge. An infringer may be more than happy to know that the material has been taken down for the minor fee of having a lawyer draft a compliant “take down” notice rather than the costs of drafting, filing, serving and prosecuting a federal copyright infringement action.
Other Defenses for OSPs
It is also useful to remember that another law, the federal Communications Decency Act (CDA) still protects the ISP from liability for content provided by third parties (see below). Even if a removal is found not to be “expeditious” within the meaning of the law and the so-called “safe harbor” under the DMCA is lost, in many cases the ISP may still be protected. Through these two laws there are ways to balance the ISP’s intent to assist with the protection of third party copyright and the desire to preserve good customer relations. There is also a question of the infringement that is placed by a third party being an issue of negligence or another tort on the part of the ISP. If the ISP takes steps considered reasonable or is found not to have a duty of care to police potential infringers on the site then the infringement may be considered “innocent” from the point of view of the ISP and the infringer may still be held to be the liable party which posts the infringing work or works.
It is sometimes stated that the ISP needs to give the alleged infringer ten days notice before acting. This is incorrect: the ISP must act expeditiously. The ten day period refers to the counter notification procedure described in Section 512(g) after the infringing material has been removed, offering them an opportunity to counter the allegations presented to the ISP not during the stage of the so-called “take down” procedure.
It is sometimes suggested that content must be taken down before notifying the person who provided it. That is also not required, so long as the removal is expeditious. A large connectivity provider with many ISP customers would not be acting reasonably by disconnecting a whole ISP if it received a takedown notice for a web site hosted by that ISP on behalf of one of its customers. The law appears to allow the necessary flexibility to deal reasonably with relaying takedown requests to handle such situations.
Other Safe Harbor Provisions
§ 512(a) Transitory Network Communications Safe Harbor
Section 512(a) protects service providers who are passive conduits from liability for copyright infringement, even if infringing traffic passes through their networks. In other words, provided the infringing material is being transmitted at the request of a third party to a designated recipient, is handled by an automated process without human intervention, is not modified in any way, and is only temporarily stored on the system, the service provider is not liable for the transmission.
The key difference in scope between this section, transitory network communications under 512(a), and caches, websites and search engine indexes under 512(b), 512(c) and 512(d) respectively, relates to the location of the infringing material. The other subsections create a conditional safe harbor for infringing material that resides on a system controlled by the OSP. For material that was temporarily stored in the course of network communications, this subsection’s safe harbor additionally applies even for networks not under the OSP’s control.
§ 512(b) System Caching Safe Harbor
Section 512(b) protects OSPs who engage in caching (i.e. creating copies of material for faster access) if the caching is conducted in standard ways, and does not interfere with reasonable copy protection systems. This Section applies to the proxy and caching servers used by ISPs and many other providers.
If the cached material is made available to end users the system provider must follow the Section 512(c) takedown and put back provisions. Note that this provision only applies to cached material originated by a third party, not by the provider itself. Also, the content of the material must not be modified as a result of the caching process.
§ 512(d) Information Location Tools Safe Harbor
Section 512(d) eliminates copyright liability for an OSP who links users, through a tool such as a web search engine, to an online location that contains infringing material, provided that the OSP does not know the material is infringing.
There are several other conditions for this immunity to apply. Once the OSP becomes aware that the material is infringing, it must promptly disable access to it. Also, the OSP must follow Section 512(c)’s takedown and put-back provisions. Finally, where the OSP can control the infringing activity, the OSP must not derive any financial benefit through providing the link.
§ 512(e) Limitation on Liability of Nonprofit Educational Institutions
Section 512(e) protects nonprofit educational institutions from liability for the actions of faculty and graduate student employees who place infringing material online. For the immunity to apply the materials must not be course materials for a course taught by the faculty or graduate student employee, and the institution must not have received more than two infringement notifications about the same individual, during the preceding 3 years. Also, the institution must distribute informational materials about US copyright laws to all the users of its network.
§ 512(f) Misrepresentations
Section 512(f) deters false claims of infringement by imposing liability on anyone who makes such claims, for the damages suffered by other parties as a result of the OSP’s reliance on the false claim, and for associated legal fees.
This provision really does have some bite, as illustrated by the case of Online Policy Group v. Diebold, Inc., where an electronic voting technology firm was sanctioned for knowingly issuing meritless notices of infringement to ISPs.
§ 512(g) Replacement of Removed or Disabled Material and Limitation on Other Liability
Section 512(g) contains the put back provisions described earlier and referenced by other parts of the act. OSPs are exempt from liability for the good faith removal of allegedly infringing material. This immunity is subject to their compliance with the notification and counter-notification procedure. Users must be informed of removed or disabled material. Similarly, copyright holders must be informed of the receipt of a counter-notice, and disabled material subject to a counter-notice must be enabled between 10 and 14 days after the receipt of the counter-notice.
§ 512(h) Identify infringers.
Section 512(h) contains provisions that allow a copyright owner to force an OSP to reveal identifying information about the user who allegedly infringed the owner’s copyright, through the use of a subpoena issued by a federal court at the owner’s request.
Part (h)(2)(A) requires that the owner’s request include “a copy of a notification described in subsection (c)(3)(A)” (a takedown notice, see above). Note that 512(c)(3)(A)(iii) states that the notice must identify the allegedly infringing material that is to be removed, and must provide reasonably sufficient information for the service provider to locate the material residing on its system. The owner must also swear that any information obtained through the subpoena will only be used for the purpose of protecting its rights under Section 512.
If the OSP is served with such a subpoena after or at the same time as a valid takedown notice, under Part (h)(2)(A) it must expeditiously provide the information required by the subpoena.
In 2003, the RIAA appeared to be seeking subpoenas and serving takedown notices which did not comply with these requirements, notably using the subpoena provisions for 512(a) situations, which do not provide for them.
On 20 December 2003, the DSL ISP Verizon prevailed on appeal in its case seeking to prevent the use of this section for transitory network communications, the decision reversing a court order to supply customer details. The appeal decision accepted the argument that the key distinction was the location of the files, with this section applying only when the material is stored on equipment controlled by the OSP. However, in response, RIAA member labels turned to a different method to acquire their desired information. They began suing multiple “Doe” defendants at a time and issuing third-party discovery subpoenas to ISPs for the customer details.
On 6 October 2003 Charter Communications became the first cable Internet provider to challenge the RIAA use of this provision, when it filed for a motion to quash the subpoenas to obtain the identities of 150 of its customers. Although Charter Communications initially lost this motion and was forced to turn over the identities of the requested customers, a later appeal ruled that the motion to quash should have been upheld.
§ 512(i) Conditions for Eligibility
Section 512(i) outlines the general requirements for a grant of immunity– OSPs must implement an account termination policy for repeat infringers, must inform their users of this policy, and must accommodate standard copy protection systems.
It is prudent for anyone receiving a notification for distributing allegedly infringing material to check the validity of the notice and remind their ISP, if appropriate, that the DMCA only requires action under this clause for valid notices of copyright infringement.
§ 512(j) Injunctions
Section 512(j) describes the forms of injunctive (i.e. court order) relief available to copyright holders. Even though OSPs have immunity from monetary damages under Section 512, they may be compelled by copyright holders, in appropriate situations, to stop providing access to infringing material or to terminate the account of a particular infringer.
§ 512(k) Definitions
Section 512(k) defines “service provider” and “monetary relief.”
§ 512(l) Other Defenses Available
Section 512(l) notes that a service provider’s ineligibility for a safe harbor from monetary damages under this section does not affect the validity of any other legal defenses that may be applicable (notably the CDA, although it isn’t specifically identified).
§ 512(m) Protection of Privacy
Section 512(m) notes that OSPs retain the protections of parts (a) through (d) even if they don’t monitor their service looking for infringing activity, as long as they comply Section 512(i)’s general requirements relating to the institution of account termination policies for infringers and accommodation of copy protection systems. Furthermore, OSP’s are not required to remove or disable access to material if doing so would break another law.
§ 512(n) Independent Construction of Safe Harbors
Section 512(n) states that the limitations on liability in parts (a), (b), (c) and (d) apply independently. Hence, the fact that an OSP qualifies for a limitation on liability under one subsection has no impact on whether the OSP qualifies for a limitation under a different subsection. This is because subsections (a), (b), (c), and (d) describe separate and distinct functions.
The past decade of experience with the safe harbor provisions has shown them to be reasonably effective. Copyright holders have the incentive to monitor Internet sites for offending material, and to send ISPs notifications where appropriate, of material that should be taken down. ISPs have incentive to cooperate with copyright holders and terminate the accounts of repeat infringers on pain of forfeiting the safe harbor created by OCILLA. At the same time, copyright holders are deterred from improperly sending out notices by provisions that make them liable for resulting damages, and also by bad publicity.
That is not to say that OCILLA functions perfectly in practice. There are several problems resulting from imperfect incentives created by the law, from the complexity and requirements of the counter-notice procedures, and from evolving Web Technology.
Improper Removal of Content
There is some evidence that ISPs tend to quickly take down allegedly infringing content on request by copyright holders, in situations where the content is actually non-infringing and should be preserved. This may be because ISPs have much more to lose by forfeiting their safe harbor than by angering a user whose content is improperly removed.
Chilling Effects estimates that OSPs remove allegedly offending content even though approximately 60% of all takedown notices are flawed. Notices can be flawed in several ways. Many fail to follow the requirements of the statute. Others ask for material to be taken down for reasons such as trademark infringement and defamation that are unrelated to copyright infringement.
Ineffective Counter-Notice Procedure
There is evidence of problems with the counter-notice procedure, arising from its complexity and also because ISPs are not required to inform users of its existence. According to Chilling Effects, while Google has taken hundreds of sites out of its index because of DMCA requests, not a single person has filed a counter-notice or received a counter-notice from any other OSP.
This may result from the inherent imbalance in prerequisites for the original complaint and the counter-notice. To get content removed, copyright holder Bob need only claim a good-faith belief that neither he nor the law has authorized the use. Bob is not subject to penalties for perjury. In contrast, to get access to content re-enabled, Alice must claim a good faith belief under penalty of perjury that the material was mistakenly taken down. This allows for copyright holders to send out take-down notices without incurring much liability; to get the sites back up, the recipients might need to expend considerably more resources. Section 510(f) makes the sender of an invalid claim liable for the damages resulting from the content’s improper removal, including legal fees, but that remedy is not always practical.
Furthermore, ISP’s tend to remove allegedly offending material immediately, while there is a 10-14 day delay before the ISP re-enables access in response to a counter-notice. For example, if a website advertised an upcoming labor protest outside BlameCo, BlameCo could send a DMCA notice to the site’s ISP alleging copyright infringement of their name or logo a week before the protest. The site would then be disabled; even if the site’s owners immediately filed a counter-notice, access would not be re-enabled until after the protest, too late to be useful.
Additionally, there is no public record of takedown requests and counter-notices. This prevents the public from seeing how the process is used. (Chilling Effects has tried to make up for this shortcoming, but, so far, few OSPs besides Google submit their takedown notices.)
Web 2.0 & New Technologies
There have been recent claims that the DMCA-embedded concepts of direct financial benefit, interference with standard technical measures, and the legislative red flag test for identifying infringing material are significantly challenged by the explosion of user-generated content unleashed by Web 2.0 technologies.
The DMCA puts the burden for policing the Internet for copyright infringement primarily on the copyright owner, and assumes that online service providers must cooperate only when necessary. This burden may be inequitable in light of newer web technologies; it may be more appropriate for the burden to be shared