chevron-down Created with Sketch Beta.

One Crack and an “Evisceration”: The Current State of the DMCA’s Safe Harbor

By Louis T. Perry and Katie A. Feiereisel

©2017. Published in Landslide, Vol. 10, No. 1, September/October 2017, by the American Bar Association. Reproduced with permission. All rights reserved. This information or any portion thereof may not be copied or disseminated in any form or by any means or stored in an electronic database or retrieval system without the express written consent of the American Bar Association or the copyright holder.

The Digital Millennium Copyright Act (DMCA) has long frustrated content owners by providing a broad safe harbor to Internet service providers (ISPs), making it extremely difficult for a content owner to meaningfully enforce its copyrights. Content owners have long (and unsuccessfully) argued that ISPs must take responsibility for infringing material on their servers. ISPs have long (and successfully) argued that they are merely an informational conduit and can avoid monetary liability provided that they maintain this (semi) passive role. ISPs point to their compliance with 17 U.S.C. § 512, which covers infringement claims that arise “by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider.” The § 512 safe harbor protects an ISP if the ISP:

  1. has no actual knowledge of specific infringing material;
  2. is not aware of facts or circumstances from which infringing activity is apparent;
  3. acts expeditiously to remove or disable access to known infringing material;
  4. designates an agent to receive notifications of claimed infringement;
  5. receives no financial benefit directly attributable to the infringing activity and has the right and ability to control such activity; and
  6. adopts and implements a policy terminating repeat infringers.

The practical effect of § 512 is that content owners often find themselves engaged in a no-win game of whack-a-mole with infringing content. For every 10 instances where infringing content is removed, 20 new instances arise. Rather than continually monitor sites and send numerous infringement notifications to ISPs, some content providers sue the ISPs directly. The results have been largely predictable: the DMCA’s safe harbor protects ISPs from monetary liability. While the bedrock of protection for ISPs remains strong, cracks are beginning to form as a result of the natural evolution of ISPs and the tendency of some to push the limits of acceptable behavior proscribed by § 512(c). These cracks have not often resulted in liability to a particular ISP, but when they do (as it happened in the recent Second Circuit decision EMI Christian Music Group, Inc. v. MP3tunes, LLC1—which was labeled an “evisceration” by some critics), the copyright world sits upright and takes notice. This article examines one such crack and the Second Circuit’s supposed evisceration.

Finding the Elusive “Something More”

Content providers often seize upon the ISP’s business model as a chink in its defense—clearly an ISP benefits financially from the material it transmits (infringing and otherwise). Were it any different, why would the ISP even exist? And it’s equally clear that an ISP has the right and ability to control infringing activity. If this is not so, then what purpose does designating a copyright agent to receive notification of infringement claims (and subsequently removing or blocking access to infringing material) serve?

The matter, however, is not so simple. Under the DMCA, the “right and ability to control” infringing activity requires “something more” than the ability to remove or block access to materials posted on an ISP’s website.2 What constitutes this “something more” has not been extensively explored. But courts are clear that to have the right and ability to control infringing activity, an ISP must exert “substantial influence” on user activity.3

The following (rather extreme) facts have been found to evidence an ISP’s right and ability to control infringing activity:

  • A monitoring program by which user websites received detailed instructions regarding issues of layout, appearance, and content, and under which the ISP forbade certain types of content and refused access to users who failed to comply with its instructions.4
  • Facts that would support a finding of inducement of copyright infringement under Metro-Goldwyn-Mayer Studios, Inc. v. Grokster, Ltd.,5 which premises liability on purposeful, culpable expression and conduct. Such facts include an ISP’s organization of infringing torrent files on its website and the provision of personal assistance to users who could not find certain material likely to be infringing.6
  • Evidence of active control over the production and shipment of at least some infringing items for sale on an ISP’s platform.7

In cases against ISPs such as YouTube, Vimeo, and Veoh, however, numerous courts have found the “something more” required by the DMCA lacking. On remand from the Second Circuit, the district court in Viacom International, Inc. v. YouTube, Inc. decided that YouTube lacked the right and ability to control within the meaning of § 512(c) because

[t]here is no evidence that YouTube induced its users to submit infringing videos, provided users with detailed instructions about what content to upload or edited their content, prescreened submissions for quality, steered users to infringing videos, or otherwise interacted with infringing users to a point where it might be said to have participated in their infringing activity.8

In Capitol Records, LLC v. Vimeo, LLC,9 Vimeo utilized an employee-implemented monitoring program, the foundation of which is its “Terms of Service” and “Community Guidelines,” and which included approximately 40 moderator tools including:

  • The “Thin Ice” and “Wiretap” tools, which allow Vimeo to monitor the activities of specific users suspected of uploading content violative of Vimeo’s policies;
  • The “Sweet Spot” filtering tool, which searches for and lists videos the duration of which Vimeo has determined corresponds to the duration of uploaded television shows or movies; and
  • The “Movie Search” tool, which runs automated keyword searches for movies currently in theaters.

Vimeo had “significant discretion” to manipulate the visibility of videos that complied with Vimeo’s content restrictions. The district court concluded that Vimeo’s monitoring program “lacks the ‘something more’ that Viacom demands.”10 The court’s decision turned largely on its determination that Vimeo “does not purport to, and in practice does not, exert substantial influence over the content of the uploaded material.”11 Rather, “Vimeo leaves such editorial decisions in the hands of its users.”12 The court also focused on Vimeo’s staff-to-user ratio, and noted that “it is difficult to imagine how Vimeo’s staff of seventy-four (as of 2012) could, through its discretionary and sporadic interactions with videos on the Website, exert substantial influence on approximately 12.3 million registered users uploading 43,000 new videos each day.”13

The Second Circuit considered the matter on interlocutory appeal. Specifically, it addressed whether an ISP’s viewing of “user-generated video containing all or virtually all of a recognizable, copyrighted song may establish ‘facts or circumstances’ giving rise to ‘red flag’ knowledge of infringement.”14 The Second Circuit found that it did not:

A copyright owner’s mere showing that a video posted by a user on the service provider’s site includes substantially all of a recording of recognizable copyrighted music, and that an employee of the service provider saw at least some part of the user’s material, is insufficient to sustain the copyright owner’s burden of proving that the service provider had either actual or red flag knowledge of the infringement.15

Finally, in UMG Recordings, Inc. v. Veoh Networks, Inc., the Ninth Circuit determined that the following facts did not rise to the level of “substantial influence”: (1) the allegedly infringing material resided on Veoh’s system; (2) Veoh had the ability to remove such material; (3) Veoh could have implemented, and did implement, filtering systems; and (4) Veoh could have searched for potentially infringing content.16

The courts make one thing clear about the elusive “something more”—a content owner is unlikely to find it without (1) an egregious fact pattern, or (2) targeted and comprehensive (and expensive) discovery efforts. Deciding to litigate against an ISP requires significant financial commitment or, as is the case below, a coalition of aggrieved plaintiffs.

Redefining Repeat Infringers

Section 512(i) of the DMCA requires that an ISP “adopt[] and reasonably implement[] . . . a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider’s system or network who are repeat infringers.” Most ISPs do have a repeat infringer policy—that is, they have a policy whereby problem accounts are flagged and removed when the ISP receives multiple infringement notifications tied to such accounts. Because the DMCA does not define “repeat infringer,” ISPs have long construed the term in the context of infringement notifications. But the Second Circuit recently upended that in EMI Christian Music Group, Inc. v. MP3tunes, LLC.17

MP3tunes has alternatively been dismissed as a product of its own egregious fact pattern (featuring owners who knowingly participated in infringement) and an evisceration of the DMCA (by those same owners and some prominent commentators). It will be some time before it is clear which characterization proves true, but the case bears examination and careful consideration. was launched in 2005 as an online platform that allowed customers to purchase music created by musicians unrepresented by a record label. Shortly thereafter, it added “locker storage,” which allowed users to store music on the site’s server in exchange for a fee. MP3tunes also owned, a site that allowed users to comb the Internet for free music and offered users a plug-in that allowed them to “download” that music to their virtual MP3tunes locker—a process also referred to as “sideloading.” Once a song was sideloaded, it was indexed and made available for other users to stream, download, or sideload into their own virtual MP3tunes lockers.18

EMI Christian Music Group, along with a variety of music publishers and record companies, sued MP3tunes alleging that it had violated thousands of copyrights. MP3tunes argued that the DMCA’s safe harbor provisions shielded it from liability. The plaintiffs argued, among other things, that MP3tunes failed to implement the required repeat infringer policy and ignored red flags of widespread infringement. The district court held that MP3tunes had reasonably implemented a repeat infringer policy and granted it summary judgment on this point, but ultimately allowed the issue of MP3tunes’ willful blindness to the rampant infringement as a question of fact for the jury. The jury found MP3tunes secondarily liable for copyright infringement and awarded the plaintiffs approximately $48 million, but this verdict was later partially vacated and reduced by the district court. An appeal to the Second Circuit followed.19

The Second Circuit began with a simple question: what is a repeat infringer? The DMCA leaves the term undefined. The district court had held that a user can only be a repeat infringer if that user knows that its conduct is infringing another’s copyright. Thus, according to the district court, only those who upload content can be repeat infringers. By contrast, users who sideload content to their virtual MP3tunes locker or stream infringing content do not know whether the material violates the copyrights of others.20

The Second Court disagreed, finding that a repeat infringer need not have any knowledge of the copyright status of a certain work. All that is required is repeated uploading and downloading of copyrighted material. The district court’s summary judgment ruling, then, was improper, because “MP3tunes did not even try to connect known infringing activity of which it became aware through takedown notices to users who repeatedly created links to that infringing content in the index or who copied files from those links.”21

That practical effect of this ruling—that MP3tunes should have “tried” to connect takedown notices to users—may not seem terribly burdensome at first glance. After all, many ISPs have a framework for terminating repeat infringers, and it is easy enough to flag an account that is the subject of a takedown notice. But in this particular instance, the court seems to suggest that MP3tunes not only should have maintained a dossier on users who uploaded infringing links, but also should have tracked all users who subsequently copied the file underlying an infringing link and also tracked those users for future activity subject to a notice. The magnitude of this undertaking not only is staggering, but it also seems at odds with another provision of the DMCA that relieves ISPs of the burden of affirmatively monitoring their users.22

It remains to be seen how other circuits will handle attacks on ISPs based on the repeat infringer provision of the DMCA,23 but the Second Circuit has laid the groundwork for a sea change in ISP liability.


The DMCA safe harbor, though perhaps not as safe as once thought, remains a strong shield to liability. But taking advantage of that shield requires ISPs to be aware of the changing currents at both the district and circuit court levels and to adapt their behaviors and policies accordingly. This can be an expensive proposition, but recent jury verdicts suggest that a failure in policy or behavior is not just expensive—it can be an ISP’s death knell.


1. 840 F.3d 69 (2d Cir. 2016).

2. Viacom Int’l, Inc. v. YouTube, Inc., 676 F.3d 19, 38 (2d Cir. 2012).

3. Id.

4. See Perfect 10, Inc. v. Cybernet Ventures, Inc., 213 F. Supp. 2d 1146 (C.D. Cal. 2002).

5. 545 U.S. 913 (2005).

6. See Columbia Pictures Indus., Inc. v. Fung, 710 F.3d 1020, 1046 (9th Cir. 2013).

7. See Gardner v. CafePress Inc., 113 U.S.P.Q.2d (BNA) 1154, 1159–60 (S.D. Cal. 2014).

8. 940 F. Supp. 2d 110, 121 (S.D.N.Y. 2013).

9. 972 F. Supp. 2d 500 (S.D.N.Y. 2013).

10. Id. at 529.

11. Id.

12. Id.

13. Id. at 530.

14. Capitol Records, LLC v. Vimeo, LLC, 826 F.3d 78, 87 (2d Cir. 2016).

15. Id. at 96 (footnote omitted).

16. 718 F.3d 1006, 1030 (9th Cir. 2013); see also Mavrix Photographs LLC v. LiveJournal, Inc., 112 U.S.P.Q.2d (BNA) 1392, 1398–1400 (C.D. Cal. 2014) (finding no right or ability to control under UMG Recordings: “The undisputed facts show that users of the LiveJournal service, not LiveJournal, select the content to be posted, put that content together into a post, and upload the post to LiveJournal’s service. LiveJournal does not solicit any specific infringing material from its users or edit the content of its users’ posts. Nor does it have the ability to do so.”).

17. 840 F.3d 69 (2d Cir. 2016).

18. Id. at 86–87.

19. Id. at 87–88.

20. Id. at 88–92.

21. Id. at 80.

22. Safe harbor protection cannot be conditioned on “a service provider monitoring its service or affirmatively seeking facts indicating infringing activity.” 17 U.S.C. § 512(m)(1).

23. ISPs and prospective litigants may not need to wait much longer, albeit in a slightly different context. The Fourth Circuit is currently reviewing a $25 million jury verdict finding Cox Communications liable for wrongful contributory copyright infringement over illegal music downloads. In that case, the plaintiff alleged that Cox ignored requests to terminate service to Cox subscribers who repeatedly shared music illegally, thus forfeiting the DMCA safe harbor. Cox argues that it was only sued because it refused to forward questionable infringement notices it alleged were aimed at extorting improper settlements from subscribers. See BMG Rights Mgmt. (US) LLC v. Cox Commc’ns, Inc., 149 F. Supp. 3d 634 (E.D. Va. 2015), appeal filed, No. 16-1972 (4th Cir. Aug. 24, 2016).

Louis T. Perry

Louis T. Perry is a partner at Faegre Baker Daniels LLP and a member of the firm’s trademark, copyright, advertising, and media (T-CAM) practice. His area of expertise is litigation.

Katie A. Feiereisel

Katie A. Feiereisel is an associate at the same firm, where she focuses her practice on intellectual property litigation involving trademarks, false advertising, copyrights, and patents.