In Brief: The recent Second Circuit decision in EMI Christian Music, Inc. v. MP3tunes, LLC builds on BMG Rights Management et al v. Cox Communications, further emphasizing that courts expect online service providers and website platforms to develop and enforce robust infringement response policies — or else risk losing their safe harbor under the Digital Millennium Copyright Act (DMCA). EMI stands as an important notice to all online service providers, especially those with peer-to-peer sharing or user-generated content features, to be vigilant and thoughtful about addressing infringement.

Online service providers should not turn a blind eye to copyright infringement happening on their watch. Since the rise of peer-to-peer file sharing, Internet service providers (ISPs) and website platforms have become the front line for preventing copyright infringement.

Content sharing on the Internet sparked a new line of case law in the early 1990s, including the seminal Religious Technology Center v. Netcom On-Line Communication Services, Inc., 907 F. Supp. 1361 (N.D. Cal. 1995), wherein the court found that a large Internet access provider could be liable for the copyright infringement of its subscribers. A few years after the case, in 1998, Congress passed the DMCA as a means of regulating online service providers and giving them some safeguards.

As peer-to-peer sharing platforms began to gain popularity in the early 2000s, copyright holders could no longer easily pursue individual infringers and began looking for alternative ways to protect their interests. The DMCA proved to initially be a barrier because it has a safe harbor to shield online service providers from monetary liability when someone brings a copyright infringement claim, making recovery against online service providers difficult for copyright holders. But the safe harbor is not a free lunch — online service providers must meet a variety of criteria in order to remain eligible for its protections.

Copyright holders have taken hold of the safe harbor eligibility requirements as a litigation tool for recovering from ISPs and website platforms. In BMG Rights Management et al. v. Cox Communications, 2016 WL 4224964 (E.D. Va. Aug. 8, 2016), which has been appealed to the Fourth Circuit, the court began its opinion by setting the historical stage: “This lawsuit is the latest in a years-long initiative by copyright holders to enlist the courts in the effort to curb the rampant infringement made possible by peer-to-peer file sharing on the Internet.”

One major statutory requirement for safe harbor protection is that the service provider must have adopted and reasonably implemented an internal policy for terminating subscribers and users of its system or network who are repeat infringers. Courts have increasingly emphasized the importance of this statutory requirement. It has become a key battleground, forming the center of the disputes in two pivotal cases: BMG Rights Management et al. v. Cox Communications, 2016 WL 4224964 (E.D. Va. Aug. 8, 2016) and EMI Christian Music, Inc. v. MP3tunes, LLC, 2016 WL 6211836 (2d Cir. Oct. 25, 2016).

In BMG, the copyright holder went directly to the source — the ISP — as the party responsible for preventing copyright management and ensuring users do not abuse website platforms. The BMG court allowed this approach, putting the onus on ISPs to develop real programs to combat infringement. The work begun in BMG was amplified in EMI, wherein the court held that online service providers that passively allow website or service users to engage in copyright infringement and fail to develop real policies to prevent abuse run the risk of losing their DMCA safe harbor protections. The resounding message from this line of cases: If ISPs and website platforms want to maintain their DMCA safe harbor, they need to develop and enforce robust response mechanisms.

Repeated Infringement Policies and Safe Harbor: A Closer Look

The BMG case involved BMG, a music company, suing Cox Communications, an ISP, for users of Cox’s ISP engaging in illegal music sharing on their network. Cox claimed that it could rely on the DMCA safe harbor because it had a response system for addressing repeat infringers. The court described Cox’s system as “essentially a thirteen-strike policy” wherein a user would have to commit several violations in order to be terminated — and even then could be reactivated quickly. The jury sided with BMG, finding Cox liable for willful contributory infringement and awarding BMG $25 million in damages. Cox sought to have the court overturn the verdict, but the Court declined. Instead, the court found, among other things, that “there was sufficient evidence for a reasonable jury to hold Cox responsible for the infringement of BMG’s copyrights on its network. . . . Cox could not [ ] turn a blind eye to specific infringement occurring on its network.” The court acknowledged that exposing ISPs and other intermediary online service providers to exposure for their users’ behavior “raises the specter of undesirable consequences that may follow,” but the court hoped the BMG case “may provide the vehicle for consideration of those questions.” The BMG case certainly held open the door for other courts to consider what policies and practices ISPs and other online service providers must have in place against repeat infringers to keep their DMCA safe harbor intact.

In EMI, the Second Circuit took up this question with MP3tunes, a music storage site that allows users to upload and store songs obtained from elsewhere on the Internet. EMI brought an action against MP3tunes in the Southern District of New York, claiming that MP3tunes was lax in responding to repeat infringers. The District Court disagreed, but the Circuit Court overturned the District Court and held MP3tunes in violation. The Circuit Court issued two main holdings:

1. The meaning of “repeat infringers” in the DMCA does not require that the infringers be willful. Someone can qualify as a repeat infringer even if they have no knowledge that their behavior is infringing another’s work. “[T]he legislative history of the DMCA indicates that a ‘repeat infringer’ does not need to know of the infringing nature of its online activities, or to upload rather than download content.” This puts more pressure on online service providers to take serious efforts to connect infringing activity to users, checking for patterns and notifying all users who infringe. MP3tunes failed to do this because it did not investigate those who downloaded content and did not attempt to monitor use patterns in a consistent way.

2. The EMI Circuit Court turned to what triggers need to be present before the online service provider needs to act to keep its DMCA safe harbor. The DMCA does not obligate a service provider to actively monitor or act on only a “generalized awareness” of infringement. If a copyright owner wants to overcome a service provider’s DMCA safe harbor, the copyright owner needs to prove that the service provider had 1) actual knowledge or 2) an awareness of facts or circumstances making specific acts of infringement obvious. The Circuit Court, based on this rule, upheld the jury’s verdict due to MP3tunes’ apparent knowledge.

Following the EMI ruling, MP3tunes requested reconsideration under the argument that the EMI court had effectively eliminated the DMCA safe harbor. The Second Circuit recently declined to reconsider its decision.

The Bottom Line: Take Steps to Stop Repeat Infringers

The case law is still in flux, but what the BMG and EMI opinions demonstrate is an increasing judicial focus on ensuring that ISPs and online service providers take tangible measures to prevent repeat infringers — or risk jeopardizing their DMCA safe harbor.