Meeting of the Minds

Liability of Foreign Companies under the Digital Millennium Copyright Act

William Jacob Farrar and Daniel Gervais

©2014. Published in Landslide, Vol. 6, No. 3, January/February 2014, by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association or the copyright holder.

With the rise of Web 2.01 services, issues of copyright infringement liability have become increasingly complicated. Courts have struggled to keep up with not only the dynamic nature of the technology supporting these sites, but also the jurisdictional implications of the cases, where many of the relevant entities are international in operation. The Digital Millennium Copyright Act (DMCA), passed by Congress in 1998 to provide a safe harbor for qualifying online service providers (OSPs), must be interpreted in light of technologies that had not even been imagined at the time of its passage. Additionally, global and especially foreign OSPs face uncertainty as to whether they may be subject to liability for infringement under U.S. law, and if so, whether compliance with the DMCA safe harbor represents the best course of action.

The DMCA provides several safe harbors for OSPs that otherwise would face secondary liability for copyright infringement.2 The availability of most of these safe harbors rests on the compliance of the OSP with a “notice and takedown” procedure. Under this scheme, the OSP must have an agent registered with the United States Copyright Office to receive notices of allegedly infringing content on its website. Upon receiving a notice, the OSP must act to remove the content. Many OSPs also make use of a counternotice procedure, whereby a user may contest the removal of content he or she believes to be noninfringing. Additionally, OSPs must comply with § 512(i), which requires providers to reasonably implement a policy for terminating access to repeat infringers in certain circumstances.

The DMCA safe harbor provisions have been the subject of much litigation and even more debate. One issue that has received relatively less attention is to what extent a foreign entity may be bound by DMCA notice and takedown and repeat infringer procedures. That is, must a foreign OSP comply with the notice and takedown procedures and § 512(i) to mount a DMCA defense? When will a foreign OSP be subject to a copyright case in U.S. court anyway? And if the OSP chooses to follow the DMCA, what are the potential risks of compliance? This article seeks to answer these questions after a brief survey of the relevant case law.

Jurisdictional Issues

It is important to note that compliance with a DMCA safe harbor is a defense to an infringement action. Therefore, the initial burden to prove copyright infringement under one of the accepted theories still rests with the plaintiff. This means that the failure of an international OSP to comply with a safe harbor does not automatically spell doom. Indeed some foreign defendants have achieved dismissal where the plaintiff failed to sufficiently state a prima facie claim for infringement.3 Others have successfully dismissed claims due to a lack of jurisdiction.4

Crucial to the calculation for a foreign entity, then, is whether a U.S. court is likely to exercise jurisdiction over it. A survey of DMCA cases brought in U.S. federal court with foreign defendants reveals a general willingness of courts to exercise jurisdiction over such companies when U.S. copyright law is implicated. Corporations that are foreign in their registration and address but conduct a substantial amount of business in the United States will not be able to dodge jurisdiction based on formalities.5 In addition, companies that maintain servers in the United States with little to no other connections will likely face federal court jurisdiction. However, a foreign company with foreign ownership, foreign servers, and nothing more than a small, passive American user base may escape jurisdiction.6

In Fraserside v. Youngtek, an Iowa court dismissed for lack of personal jurisdiction a claim against a Cyprus-based company alleged to have violated the copyright of an adult entertainment company where the defendant had no offices, employees, or servers in the United States and none of the defendant’s employees had even visited the United States.7 The plaintiff, Fraserside, later filed another claim against a separate Cyprus-based company in the same Iowa court and met the same fate.8 In this case, however, there was evidence that the defendant received 20 percent of its website visits from the United States. Although the Iowa court interpreted personal jurisdiction narrowly here, there remains the possibility that the claim would have proceeded in another, more copyright-friendly venue. Indeed a Dutch search engine was held to have jurisdiction by a California court where only 6 percent of the alleged infringements occurred in the United States.9 Of course this survey is unable to say anything about the many companies operating on foreign soil that implicate U.S.-owned copyrights and have not yet been sued in the United States. It is likely that right holders have simply failed to sue in many cases where jurisdiction presents a questionable issue or the copyright violation is minor.

Additionally, the OSP must consider how its service operates, and whether a plaintiff will be able to adequately allege infringement at the pleading stage of litigation. In this inquiry, peer-to-peer (P2P) file-sharing sites have been particularly vulnerable, while search engines have been viewed more favorably by courts. Thus, the extent to which foreign companies may continue to flout U.S. copyright law depends on a number of factors, including, but not limited to: (1) how willing the right holder is to file suit, (2) how the service operates, (3) how substantial the company’s U.S. contacts are, and (4) how the relevant court interprets jurisdiction. But if recent cases are any indication, courts have taken a pro-jurisdiction stance, and foreign OSPs may no longer easily rely on lack of personal jurisdiction as grounds for dismissal of claims against them.

Peer-to-Peer File-Sharing Sites: A Special Case?

P2P file-sharing sites present a special case for U.S. courts. These sites have been around for years, but their technology, scope, and business models are constantly changing. By their very nature, these sites encourage users to upload copyrighted digital content and make it readily accessible to other members of the user base. In some cases, the sites provide kickbacks or payments to users who upload the most content.

Foreign P2Ps have been a popular target for right holders, but they have received inconsistent treatment from American courts. RapidShare, a Swiss-based file-sharing site, was sued by an adult entertainment company in 2010 for copyright infringement without compliance with the DMCA.10 Although RapidShare was able to successfully dismiss the proposed injunction against it, the district court found jurisdiction and indicated that RapidShare had been in violation of the DMCA notice and takedown procedure. RapidShare only escaped liability due to the inability of the plaintiff, Perfect 10, to sufficiently state a claim.

The U.S. government sent a strong message in 2012 when it filed a complaint against the founder of Megaupload, another file-sharing website, on criminal charges related to copyright infringement.11 Although this case is still developing and the government’s seizure of Megaupload has been met with criticism, it is still a landmark development with respect to the treatment of foreign defendants under U.S. copyright law. The indictment ties Megaupload to U.S. jurisdiction by pointing to the fact that the site maintained servers in three U.S. states, possessed a user base that included millions of Americans, and transferred illegal proceeds of the copyright infringement across state lines.12

Most recently, Gary Fung, the Canadian founder of several P2P sites, including isoHunt and TorrentBox, was found liable for infringement and ordered to comply with a permanent injunction.13 The injunction applies to a list of 23,000 titles supplied by Columbia Pictures and “binds both isoHunt Web Technologies, Inc., and Fung personally, wherever they may be found, including, without limitation, in Canada.”14 Once again, the presence of servers in the United States was enough to provide a jurisdictional hook for the court. Although Fung is Canadian, and ran his company from British Columbia, he conceded that he had maintained servers in Missouri and Texas.

Notably, each of these sites has maintained at least the appearance of complying with the DMCA. The extent to which each has complied, however, is instructive. Megaupload, before its seizure by the U.S. government, is alleged to have employed nothing more than a sham takedown tool, as it removed some illicit content, such as child pornography, but allowed the vast majority of infringing content to remain easily accessible to its user base. isoHunt did not have any filtering device in place, but was required to implement one as part of its injunction. isoHunt had a DMCA policy posted on its website15 until it shut down on October 21, 2013, pursuant to the terms of a settlement agreement with the Motion Picture Association of America (MPAA). On October 30, 2013, a clone of the website was back online but notes that “isoHunt Inc. is not affiliated with this website.” Its DMCA policy is not yet available.16 RapidShare has long maintained a general policy of complying with notice and takedown law and has remedied its previous DMCA defect of not having a registered agent to receive notices.

Domestic Web Host, Foreign Customers

In Louis Vuitton v. Akanoc,17 the Ninth Circuit drew a distinction between the behavior of two web host defendants, holding Managed Solutions Group (MSG) not liable, while holding Akanoc Solutions (Akanoc) liable for willful copyright and trademark infringement. The case centered on a website that facilitated orders of counterfeit goods in violation of Louis Vuitton’s trademarks and copyrights. Although the directly infringing website was based in China, its web hosts MSG and Akanoc were based in California. Importantly, MSG leased servers, bandwidth, and IP addresses to Akanoc, while Akanoc actually operated the servers, ran the business, and leased IP addresses to customers. Both were found guilty by a jury, but the verdict was upheld only with respect to Akanoc, on the theory that it had the intent to infringe and materially contributed to the infringement. Interestingly, the court held Akanoc and Steven Chen, the company’s owner, liable based on an imputed intent to infringe. That is, the court presumed intent on the part of Akanoc based on its knowledge of the direct infringement, ability to stop it, and lack of actions taken to stop it.18 MSG, however, did not sell server space or domain names to the direct infringers, nor did it operate the servers; thus, it could not have prevented the infringing activity. The court also held that Akanoc materially contributed to the infringement because its servers provided an “essential step in the infringement process.”19 Finally, Akanoc had not complied with the DMCA safe harbor due to its lack of a repeat infringer policy, lack of a registered agent, and failure to respond to 18 DMCA notices it received from Louis Vuitton. Akanoc and Chen were ultimately jointly liable for a $10.8 million statutory damage award for willful trademark and copyright infringement.

Although personal jurisdiction was not an issue in this case, as the defendants were California-based, subject matter jurisdiction was a preliminary issue for the district court. The initial infringers were located in China, but there was evidence that the parties sold counterfeit goods to customers in the United States.20 This was enough to implicate U.S. copyright law, and Akanoc and MSG were brought into court on contributory infringement allegations because the infringing images appeared on their servers.21

Louis Vuitton arguably expanded the concept of contributory liability, but it also exposed the fine line between liability and immunity for modern web hosts. A web host that has both knowledge of infringement and the ability to control it may face substantial penalties if it is not compliant with a safe harbor. On the other hand, a more removed host that does not have the ability to control potential infringers remains relatively safe. Crucial to the reversal of the verdict with respect to MSG was the fact that it did not host any infringing websites on its servers. Any prospective company whose servers host infringing material risks real liability under the Ninth Circuit’s formulation. As always, compliance with a DMCA safe harbor remains an option, and likely one that Akanoc wishes it had considered.22

What Is Compliance?

Once it is clear that a foreign OSP will be subject to American jurisdiction, strict compliance with the terms of the relevant DMCA safe harbor will be required. Of the four safe harbors set forth in § 512, three require compliance with notice and takedown.23 Additionally, an OSP seeking to rely on the § 512(c) safe harbor must register an agent with the U.S. Copyright Office and make the agent available to receive official notices.

The final statutory requirement in § 512(i) is less straightforward. The text requires that the OSP adopt, reasonably implement, and inform subscribers of a policy providing for the termination of access for repeat infringers.24 In practice, courts have required relatively little of OSPs in this area. In fact, the repeat infringer policy has not been read to impose an affirmative duty of investigation on OSPs; however, OSPs must act when there is “sufficient evidence to create actual knowledge of blatant, repeat infringement by particular users, particularly infringement of a willful and commercial nature.”25 And while OSPs must have a system in place to receive notices of infringement, it is unclear whether such notices alone suffice to create actual knowledge on the part of the OSP.26 Thus, courts still predominantly treat copyright policing as the domain of the copyright holders, requiring OSPs to be reactive, not proactive.27

Risks of Compliance

A final consideration for a foreign OSP is what risks, legal and financial, it faces upon complying fully with the DMCA safe harbor. OSPs have been somewhat reluctant to fully comply with some requirements of the DMCA safe harbor for fear of alienating their consumer base or risking legal action from them. Most notably, several American OSPs have hesitated to implement aggressive repeat infringer policies, as required under § 512(i). The fear is that the first company to crack down on repeat copyright infringers may lose revenue directly (by expelling subscribers) and indirectly (by developing a reputation for harsh enforcement policies, leading subscribers and potential subscribers to defect to competitors). To these companies, removing allegedly infringing content upon proper notice is one thing, but terminating a subscriber’s access cuts to the core of their revenue stream. Though the concern is understandable, several companies have been able to overcome this problem by negotiating a collective solution.

With little clarity from the courts, some OSPs have taken it upon themselves to implement graduated response policies. In 2012, a group of broadband providers combined with the MPAA and Recording Industry Association of America to develop the so-called six-strikes policy.28 The policy provides for a graduated response to repeat infringers culminating in the cancellation of Internet access or reduction of connection speed after the fifth or sixth violation. While this is a seemingly conservative measure, it is a practical first step by prominent OSPs and right holders to take control of the repeat infringer issue. Right holders achieved a private solution to supplement their constant stream of DMCA litigation, which had generally been successful on the merits, yet had not effectively curbed online infringement.29 OSPs gained certainty in their agreement with the artists that they had not been able to glean from the courts.

The policy has not gone without criticism, however. Notably absent from the discussions that led to the adoption of the six-strikes policy were Internet users themselves. In the wake of the public backlash to the proposed passage of the Stop Online Piracy Act in 2012, many Internet users saw the OSP-right holders agreement as another setback to freedom on the Internet. It remains to be seen whether Congress or the courts will step in to provide greater clarity on the repeat infringer issue given the high-profile nature of the debate.

On balance, the most prudent course of action for a foreign OSP is to comply with the notice and takedown procedures of § 512. The fact that many of the foreign OSPs, even those who claim to be beyond the reach of U.S. copyright law, comply with notice and takedown is instructive. With courts taking a pro-jurisdiction stance to foreign companies, OSPs have found it in their self-interest to comply with notice and takedown and formulate at least some response to repeat infringers. Strict compliance with notice and takedown procedures and a repeat infringer policy will insulate the OSP from copyright liability without being overly burdensome. An OSP of reasonable scale should have little difficulty registering a notice agent and responding to infringement notices. The alternative—as seen most recently in the file-sharing cases—is an uncertain future, with the possibility of an injunction, damages, or even criminal sanctions.

Compliance Is the Best Course of Action

The clash between American copyright holders and foreign OSPs is an important one, and one that is not likely to disappear soon. As a threshold matter, federal courts have been more willing to find jurisdiction for foreign OSPs with minimal connections to the United States. Further, for those OSPs that rely solely on the DMCA safe harbor as a defense, strict compliance with the technical terms will likely be required. One possible exception to this, and a current area of uncertainty in the law, is the repeat infringer policy. While courts thus far have required very little of OSPs on the repeat infringer front, several providers have implemented policies of their own accord, perhaps sensing an opportunity to avoid lengthy and contentious litigation with right holders. Given the relatively low costs associated with compliance, and the very real prospect of infringement liability without it, compliance represents the best course of action for foreign OSPs.


1. There are several accepted definitions for Web 2.0, but it generally refers to the proliferation of a new brand of websites focused on the creation and aggregation of user-generated content, including social media, file-sharing sites, blogs, and web apps.

2. 17 U.S.C. § 512(a)–(d).

3. See, e.g., Perfect 10, Inc. v. RapidShare A.G., No. 09-CV-2596 H (S.D. Cal. May 18, 2010).

4. See, e.g., Fraserside IP L.L.C. v. Youngtek Solutions Ltd., 796 F. Supp. 2d 946, 957 (N.D. Iowa 2011).

5. See United States v. Dotcom, No. 1:12CR3, 2012 WL 517537 (E.D. Va. Feb. 16, 2012).

6. See Youngtek, 796 F. Supp. 2d 946.

7. Id.

8. Fraserside IP L.L.C. v. Hammy Media, Ltd., No. C11-3025 (N.D. Iowa Jan. 17, 2012).

9. Perfect 10, Inc. v. Yandex N.V., No. C 12-01521 WHA, 2013 WL 1899851 (N.D. Cal. May 7, 2013).

10. Perfect 10, Inc. v. RapidShare A.G., No. 09-CV-2596 H (S.D. Cal. May 18, 2010).

11. United States v. Dotcom, No. 1:12CR3, 2012 WL 517537 (E.D. Va. Feb. 16, 2012).

12. Id.

13. Columbia Pictures Indus., Inc. v. Fung, 710 F.3d 1020, 1030 (9th Cir. 2013).

14. Id. (internal quotation marks omitted).

15. See Digital Millennium Copyright Act (DMCA) Notice and Takedown Procedures, isoHunt, available at (last visited Nov. 11, 2013).

16. See isoHunt, (last visited Nov. 11, 2013).

17. Louis Vuitton Malletier, S.A. v. Akanoc Solutions, Inc., 658 F.3d 936 (9th Cir. 2011).

18. See also A&M Records, Inc. v. Napster, Inc., 239 F.3d 1004, 1020 (9th Cir. 2001) (“Contributory liability requires that the secondary infringer ‘know or have reason to know’ of direct infringement.”).

19. Louis Vuitton, 658 F.3d at 944 (quoting Perfect 10, Inc. v. Visa Int’l Serv. Ass’n, 494 F.3d 788, 812 (9th Cir. 2007)).

20. Louis Vuitton Malletier, S.A. v. Akanoc Solutions, Inc., No. C 07-03952, 2010 WL 5598337 (N.D. Cal. Mar. 19, 2010), aff’d in part, vacated in part, remanded, 658 F.3d 936 (9th Cir. 2011).

21. See Perfect 10, Inc. v., Inc., 508 F.3d 1146, 1159 (9th Cir. 2007) (explaining the “server test” for jurisdiction).

22. Note that the DMCA safe harbors only immunize OSPs from monetary relief and limited injunctive liability, and the provisions say nothing of potential trademark liability.

23. 17 U.S.C. § 512(b)–(d).

24. Id. § 512(i).

25. Perfect 10, Inc. v. Cybernet Ventures, Inc., 213 F. Supp. 2d 1146, 1177 (C.D. Cal. 2002).

26. Annemarie Bridy, Graduated Response and the Turn to Private Ordering in Online Copyright Enforcement, 89 Or. L. Rev. 81, 93 (2010).

27. See Perfect 10, Inc. v. CCBill LLC, 488 F.3d 1102, 1113 (9th Cir. 2007).

28. Mary Rasenberger & Christine Pepe, Copyright Enforcement and Online File Hosting Services: Have Courts Struck the Proper Balance?, 59 J. Copyright Soc’y U.S.A. 627, 695 (2012); see Mike Masnick, Organization Overseeing Six Strikes Agreement between Labels and ISPs Includes Advisory Board to Try to Keep Tech Folks Happy, TechDirt (Apr. 2, 2012), agreement-between-labels-isps-includes-advisory-board-to-try-to-keep-tech-folks-happy.shtml.

29. Bridy, supra note 26, at 83.