top of page

Q&A - Safe Harbor Under the DMCA


Question: Why don't companies like Etsy, Amazon, Instagram, etc. automatically remove copyright infringing listings from their websites?

Answer: Whenever you have a company that stores information on its network and that information was placed there by its users you have a company that is covered by the "safe harbor" provisions of the Digital Millennium Copyright Act ("DMCA"). In a nutshell, safe harbor limits liability for copyright infringement when a company can demonstrate that certain conditions have been met. Let's take a look at a few of the specifics.


The OCILLA and Why it Exists

I may be dating myself a bit but I remember life before widespread Internet use. Back in the those days, sure, people certainly made music mix tapes and shared them with friends but that bit of copyright infringement was nothing compared to something like Napster. If Napster is before your time, it was software that allowed you to upload and download ripped music files to its network; essentially letting its users reproduce and distribute copyrighted music with the click of a mouse.


Point being, copyright infringement existed before but the Internet made that same infringement larger in scale, more efficient and more difficult to control. Partly in response to this, the DMCA was added to the Copyright Act in 1998 to address the many potential issues that crop up specifically when dealing with copyrighted work on the Internet.


The Internet not only affected direct copyright infringement but also raised many issues related to secondary liability for infringement. This type of liability is called contributory or vicarious infringement. You can commit contributory infringement by intentionally inducing or encouraging someone else to infringe. Vicarious infringement happens when you profit from someone else's infringement while refusing to exercise the right to stop it from happening. [1]


For instance, in the Napster example above, if I uploaded my whole Boyz II Men CD (yup) to the Napster network, I have directly infringed the copyright in that music; I am the one that did the thing that infringed. But Napster, the host of the material and the entity that made the infringing possible, also has secondary liability even though it did not directly do anything that infringed. This was a huge part of what ultimately did Napster in.


You can see how this secondary liability would be a problem for companies like Google, Amazon, Etsy, eBay, etc. These companies often store information, product listings, images, text, etc. that were uploaded by a third-party user which may well be infringing. If they had to face secondary liability for user infringement these companies could not exist in their current forms.


To deal with this concern, the DMCA included a section called the Online Copyright Infringement Liability Limitation Act ("OCILLA"). The OCILLA includes a method by which the stated companies, and others like them, can operate as intended but also limit their legal responsibility for certain potentially infringing activities. This liability limit is referred to as a "safe harbor" above and it is available for companies to take advantage of as long as they meet all of the OCILLA's specific requirements.


Maintaining the Safe Harbor

Safe harbor under the OCILLA is a defense to a claim of copyright infringement. This defense will apply if all the following are true:


1) The company lacked actual knowledge that the material or activity on its system or network was infringing;


This provision deals with what a company that hosts content knows or does not know about specific listings and their infringing nature. People often think that if the people at Etsy, for instance, just looked around the site a bit they would clearly see infringing items and have "actual knowledge" of them and their refusal to remove these "clearly infringing" items is some sort of moral or ethical failing.


However, there are a couple of issues with this thought. First, how would Etsy know just by looking (and we are just using Etsy as an example) whether a copyright owner does not object to a use, if there is a license in place, whether the item is covered by copyright at all or if any defense, such as fair use, permits the item to be listed? Even if we look past the logistical and financial difficulty inherent in policing millions of listings, there is no foolproof method for a service provider to know or decide what is or is not a permitted use of a copyrighted item on its own.


People often bring up eBay's VeRO program and YouTube's Content ID program when discussing this topic as if those are examples of proactive copyright policing by venues. But, those intellectual property management tools 100% rely upon the rightsholders first identifying the works they intend to protect. It's not eBay and YouTube running about removing stuff that they think violates the Copyright Act.


Second, the DMCA explicitly states that its protections are not conditioned upon “a service provider monitoring its service or affirmatively seeking facts indicating infringing activity...” [2] In fact, if service providers were to active­ly police its site for infringement without input from the rightsholders, it could be opening itself up to liability. Because no business wants to increase its liability or pur­posely remove itself from safe harbors which otherwise limit said liability, it may be frustrating, but is not surprising that these companies do not actively monitor for infringement.


So, in most cases, under the law, businesses like Etsy do not have “actual knowledge” of infringement under the OCILLA unless they have received a DMCA infringement notice directly from the copyright owner.


2) The company was either (a) not aware of facts or circumstances from which specific infringing activity was apparent, or (b) when it obtained knowledge or awareness or when it received a valid notification of claimed infringement, it acted expeditiously to remove or disable access to the material; and


The first section is related to what is called "red flag" knowledge which arises when there has not been a DMCA notice issued but the service provider is aware of facts that would have made infringement objectively obvious to a reasonable person. [3] The infringement must be "immediately apparent to a non-expert" which is a "high bar." [4] Red flag knowledge likely would not be present if an employee of a company thinks something might be infringing - the infringement has to be way more obvious than that. But, the company is under no obligation to confirm or deny whether something actually is infringing.


The (b) section relates to what the service provider did once it had knowledge of a claimed infringement. It must quickly deactivate or disable access to the content in order to remain eligible for the safe harbor.


3) The company, while having the right and ability to control the infringing activity, did not receive a financial benefit directly attributable to the infringing activity.


This final requirement is a little tricky. For instance, if someone sells an infringing Super Mario scarf on Etsy, Etsy gets a cut of the purchase price via the fees it charges. So, if asked, most people would say that, yes, Etsy receives a direct financial benefit attributable to the infringement. But, under the OCILLA, Etsy would have to have the "right and ability to control the infringing activity" when it received that financial benefit for it to run afoul of the law.


Most people would also think that Etsy certainly does have the "right and ability to control" listings on its site when it can simply remove them, no questions asked. But, “right and ability to control” involves “something more than the ability to remove or block access to materials posted on a service provider’s website.” [5] The service provider does “something more” when it exerts “high levels of control over activities of users.” [6] So, in order to actually violate this last section of the safe harbor provisions, the service providers would essentially need to be prescreening and curating what is posted on its site. Looking at our Etsy example, it does not have that level of involvement in the listing process. So, despite what it looks like at first glance, Etsy did not receive a financial benefit from the sale of something that it had the right and ability to control under the OCILLA.


So, let's go back to our original question - why don't companies like Etsy or Amazon go around removing infringing listings from their sites on their own? Well, now we know - its all about maintaining that safe harbor. As you can see from the above, the safe harbor is pretty sturdy; it is not easily lost. But, certainly, if you go around looking for infringement, it then becomes your responsibility to deal with it correctly or face potentially very costly consequences. It's just not great business to open yourself up to that sort of liability when the law gives clear guidance on how to avoid it.


[2] 17 U.S.C. § 512(m)(1).

[3] Mavrix Photographs, LLC v. LiveJournal, Inc., 873 F.3d 1045, 1057 (9th Cir. 2017).

[4] Id. (internal citations omitted).

[5] Viacom, International, Inc. v. YouTube, Inc., 676 F.3d 16, 38 (2nd Cir. 2012).

[6] Id. (internal citations omitted).

Comments


bottom of page