An internet service provider (“ISP”) must respond to a subpoena issued under the Digital Millennium Copyright Act (DMCA), regardless of whether the ISP has removed allegedly infringing material in response to a DMCA notification.

On June 5, 2015, the United States District Court for the Southern District of California granted in part and denied in part eBay’s motion to quash in a copyright infringement dispute infringing content posted by eBay subscribers. In RE DMCA Subpoena to eBay, Inc., Civil Action No. 15cv922-BEN-MDD (S.D.C.A. June 5, 2015)

Barry Rosen filed many DMCA notifications to inform eBay of allegedly infringing content posted by various eBay subscribers.  Upon receipt of these notifications, eBay claimed that it investigated the listings and disabled access to them.  Pursuant to section 512(h) of the DMCA, Rosen requested that the court issue a subpoena requiring eBay to identify the users who posted the allegedly infringing  materials.  eBay challenged Rosen’s subpoena, claiming that the subpoena was overbroad and invalid because no allegedly infringing material existed on eBay’s servers at the time the subpoena was served.

The court held that the subpoena was valid but overbroad and required modification.  With respect to validity, the court found that a DMCA subpoena is valid, whether it is served simultaneously with, or after the service of a satisfactory DMCA notification.  A satisfactory DMCA notification requires that the allegedly infringing material be available on the server at the time of service.  The court also held that a subpoena is valid and enforceable with or without a provider’s response to a notification.

In this case, the propriety of Rosen’s notifications was not at issue; instead the primary dispute was whether the allegedly infringing material must remain available to render a DMCA subpoena enforceable.  The court interpreted section 512(h) to provide a safe harbor to internet service providers who respond to a satisfactory DMCA notification, but did not interpret this section to provide a shield to alleged infringers. Therefore, eBay’s response to the notifications, by disabling access to the allegedly infringing material, provided eBay with a safe harbor but did not render the subpoena invalid.

In analyzing the scope of the subpoena, the court agreed with eBay, finding that the subpoena sought disclosure of information surpassing the information available under section 512(h)(3). The court held that section 512(h)(3)only requires the ISP to provide information “sufficient to identify the alleged infringer.” The court concluded it was appropriate to modify the subpoena and limit its scope to the “last name, last known address, last known telephone number, and any electronic mail addresses associated with each allegedly infringing subscriber, as well as any logs of Internet Protocol addresses used to access the subject accounts”.

In light of this decision, an ISP who responds to a DMCA notification and otherwise meets the DMCA safe harbor requirements will establish a safe harbor for itself; however, this protection does not extend to the subscriber who posted the allegedly infringing materials.  The ISP is required to provide identifying information in response to a valid DMCA subpoena.