There’s no question that one of the most popular and highly-debated topics on the internet today is piracy. Since the early days of Napster in the 90’s, piracy has been something that both the government and rights-holders alike have been trying to regulate. To this day, we haven’t reached a common-ground solution for how to handle it, and it’s been a tug of war between the media conglomerates and “the little guy” ever since.

Most recently, the internet has been abuzz about proposed laws like SOPA and PIPA that grant the US Government stronger powers to police online content. These laws, which were intended to give greater protections to intellectual property on the internet, caused a major public opposition due to the potential to cause harm to the open and free Internet structure. Under SOPA and PIPA, websites harboring illegal content could be ripped down without notice, and, in some cases, could cause people to serve jail time. After the anti-SOPA and anti-PIPA blackouts that I mentioned in a recent post, however, the proposed legislation was taken off the table in order to be re-written and renegotiated.

In the wake of the SOPA and PIPA protests, one of the biggest and best known file hosting services, Megaupload, had its domain name seized, and website ripped down by the US government. But wait…how did this happen!?  SOPA and PIPA may be on the shelf, but we can’t forget about The Digital Millennium Copyright Act (or the “DMCA”), which has been a law since 1998, and which greatly affects the way piracy and content is regulated on the Internet. 

Our intern, Megan Costello, wrote an article about the DMCA and was recently published in the Fall edition of the World Jurist Association Journal of Law and Technology. Megan is a third year law student from the University of New Hampshire School of Law who is visiting at the University of Pittsburgh to study law and technology. High-tech law is Megan’s passion. As a technologist with undergraduate expertise in computers, technology and cybersecurity, it is her goal to help other technologists understand the law and to make confusing, legal topics more accessible to those who need help. In law school, she specializes in high tech issues, especially in intellectual property, privacy, and cybersecurity. The following are some excerpts from her piece:  “Look Before You Leap: A Developer’s Guide to Copyright Infringement and Stopping Secondary Liability Before it Starts.” If you’d like to read more from this article, you can request a copy from the World Jurist Association here.  Excerpts and updates from the article appear below.

What is Infringement?

There are two types of copyright infringement: direct and secondary. Direct infringement (also known as primary infringement) cases involve people personally responsible for making copies of copyrighted material, sending copyrighted material to other people, or distributing it in any way when they do not have the right to do so. A web developer should consider some of the things he personally uploads to his website because anyone who knowingly uploads copyrighted material for others to access is apt to be liable for direct copyright infringement.

Rights holders may also sue for secondary (or indirect) infringement if a user posts infringing material to the developer’s website. Collaborative space is a common component of new web-based services, and so secondary infringement is the most common type of copyright lawsuit developers encounter. With that said, this paper hereafter is concerned only with secondary infringement. 

Secondary infringement comes in three varieties: induced, contributory, and vicarious infringement. Though each type of secondary infringement requires a rights holder to show a web developer is indirectly associated with a users’ infringement, one thing holds true throughout each: A person CANNOT be held liable for secondary infringement if NO direct infringement exists in the first place.

Inducement occurs when a web developer creates and advertises a service for the sole purpose of copyright infringement. If a developer makes a website or distributes a program that boasts “THE NEXT NAPSTER! DOWNLOAD MUSIC HERE FOR FREE!” he will likely be involved in an inducement lawsuit. Although he did not do the infringing personally, the act of facilitating the infringement through his services would be enough to hold him responsible for the actions of his users.

Contributory Infringement occurs when a web developer knows infringement is happening on his website, and he allows this infringement to continue. If users upload content to a site, and the developer learns a user is infringing, he must take measures to remove the infringing content or become a contributory infringer. Knowledge of users’ infringement is a critical requirement of contributory infringement. Past and present trends in litigation show that providing users the ability to post potentially infringing information online is not enough to prove contributory infringement, especially if there are active measures taken to remove infringing content when it is brought to a developer’s attention.

Finally, vicarious infringement occurs when a developer who has direct control over a service or program profits directly from a user’s infringement. A developer could infringe vicariously if he offers a paid service to users who, in turn, use this service to infringe on other people’s copyrights. Whether a developer realizes these users are posting illegal content is not a requirement to make him a vicarious infringer; if he obtains money from the infringing activities of others through his service, a developer is liable for these actions.

What is the DMCA, and How Can it Help Me?

Unlike the Internet, the corresponding copyright law is still clunky and pixilated. When the Internet started to gain popularity in the late 1990’s, Congress passed the Digital Millennium Copyright Act (or the DMCA) that included, among other things, “safe harbors” or protections for service providers from secondary infringement caused by user-posted content. While the DMCA safe harbor laws’ original focus was to protect the “pipes” to and from the Internet, the definition of “service provider” expanded over time to cover the rights of web developers and website owners.

A “service provider” as defined by the DMCA can range in functionality from – as interactive as a search engine. Most web developers will likely fall under the Hosting category of functionality of the DMCA. “Service providers” that host content do not necessarily provide the tubes with which the users connect to the Internet, but they do allow the average user to upload, store, and manipulate content that other users can view. Amazon, EBay, Google, and other large companies have enjoyed safe harbor protections despite being structurally different from traditional ISPs like Comcast or Verizon.

The DMCA takes a lot of pressure off web developers to play the role of editor, and to focus more on being a gatekeeper. Like a traditional service provider, a web developer should not be expected to know each and every case of copyright infringement on his website as they come about. After all, if the website is popular with users, media uploads could skyrocket, and thousands of pieces of copyrighted material could be uploaded in just seconds. Unless this website promotes copyright infringement or is created specifically with the intent to infringe (as discussed earlier), the web developer is entitled to safe harbor protections, so long as he complies with the standards to attain them.

It is important to note that failure to comply with the standards to attain safe harbor protections does not necessarily make a web developer liable for secondary infringement.  If a developer decides not to take the steps to make a website DMCA- compliant, and he is involved in a secondary liability lawsuit, he is still protected by copyright laws that are not specifically reserved for situations on the Internet. Congress created the DMCA as an extra guideline to help the courts easily decide if a service provider should be charged with secondary infringement. Instead of trying to fit standard copyright laws into a virtual context, Congress made a specific set of rules that pertained to the Internet instead.

Why Should I Comply with DMCA Standards if its Not Required?!

Because they are not required to create websites that comply with DMCA standards, it is reasonable for developers to question if the benefits of safe harbor protections are worth the extra effort. Copyright lawsuits consume a large amount of money and time, and if developers are responsible for the actions of users, they could face several of these lawsuits if users are notorious for posting infringing material. If a website falls under the DMCA’s safe harbor laws, a developer will not have to compensate a copyright holder for any direct, vicarious, or contributory infringement if users decide to post copyrighted material to his website. Please note, however, that these rules only apply to copyright infringement—and other issues in trademark, patents, defamation or privacy (to name just a fraction of the other Internet-related problems)— are covered by other laws. Other laws, especially the underpinnings of basic tort doctrine, do mimic the main goal of DMCA protections: a person is only responsible for conduct that he has the capacity to control. It would be a wise choice to comply with the DMCA, however, because the requirements are made specifically for Internet related issues, and they are relatively easy to follow, considering the attached benefits.

What do I need to do to Increase My Chances of DMCA Safe Harbor Protections?

If a developer’s website provides services that could potentially host users’ infringing material, he could be eligible for safe harbor protections under the DMCA as long as he does the following four things:

  1. Designate and Register a Copyright Agent
  2. Implement a Proper Notice and Takedown Regime
  3. Adopt and Enforce a Policy to Thwart Repeat Infringers
  4. Accommodate Technical Measures Set By Copyright Holders for Takedown Procedures

What Is a “Copyright Agent?”

An agent is simply a person or a company tied in with a website’s services that will be responsible for getting and addressing user complaints in the mail. If someone visits a developer’s website and notices that her copyright is being infringed by its users, she will have the ability to contact the website’s agent in order to start the notice and takedown procedures set by the DMCA. 

What Does “Notice and Takedown” mean?

In short, if someone visits a website and notices a user posting her copyrighted material without her permission, she can request that the developer block user access to that material or remove it completely from the website. It isn’t a developer’s duty to determine whether this material is actually infringing, but if he receives a copyright holder’s infringement complaint, it is his responsibility to take down the infringing material and to notify the accused infringer of the takedown. Complaints filed by copyrights holders are known as takedown notices, and they serve as documented knowledge to website owners that copyright infringement is taking place on their website. It is very important to comply with these takedown notices as quickly as possible in order for safe harbor protections to apply. 

What is a Policy to Thwart Repeat Infringers?

Aside from enforcing a notice and takedown regime, developers are also required to draft and enforce a policy that addresses the issue of repeat infringers on their websites. Although the cases that have already taken place have not yet identified a definition for “repeat infringer”, it is important that developers create and notify users about the actions the website will take when users are caught posting infringing material on more than one occasion. In the eyes of the court, a good repeat infringer policy stops infringers from re-registering with a website. No cases have been ruled yet to say developers are responsible for actively tracking whether repeat infringers are actually applying to use the website’s services under a different alias or IP address. It seems that, for now, as long as developers take some action against repeat infringers, they will still be eligible for safe harbor protections. 

Accomodating for Technical Measures?

[I]t is a web developer’s responsibility to accommodate for industry standards for regulating infringing copyright material. If a group of copyright holders agrees to a standard for takedown proceedings, a safe harbor-eligible website must comply with their specific requirements for a proper takedown. So far, no reported industry standards exist, but have the potential to arise in the future. 

Are There any known “Deal breakers” that Could Hurt My DMCA Protections?

Along with the extensive list of requirements for safe harbor protections, two major disqualifiers exist that will destroy safe harbor eligibility. These are:

  1. Actual, “Red Flag” Knowledge of Infringement; and
  2. Control and Direct Financial Benefits Directly Related to the Infringing Material

Developers need to be extremely careful that they do not fit the description of either of these situations in the event that users are infringing on their websites. 

Where did Megaupload Go Wrong?

In light of the information above, consider the circumstances of what happened to Megaupload: where did the website go wrong, and why was it ripped down under the DMCA? The US Justice Department released an official statement on the day that the website was ripped down, and explained that the developers conspired to allow copyright infringement to exist on the website:

Among the violations, Megaupload did the following:

It Failed to Implement a Proper Notice & Takedown Scheme

“[T]he conspirators failed to terminate accounts of users with known copyright infringement, selectively complied with their obligations to remove copyrighted materials from their servers and deliberately misrepresented to copyright holders that they had removed infringing content. For example, when notified by a rights holder that a file contained infringing content, the indictment alleges that the conspirators would disable only a single link to the file, deliberately and deceptively leaving the infringing content in place to make it seamlessly available to millions of users to access through any one of the many duplicate links available for that file.”

It Also Had Actual Knowledge of Infringement AND Benefitted Financially From this Infringement (fulfilling both DMCA “deal breakers”!)

“[T]he conspirators conducted their illegal operation using a business model expressly designed to promote uploading of the most popular copyrighted works for many millions of users to download. The indictment alleges that the site was structured to discourage the vast majority of its users from using Megaupload for long-term or personal storage by automatically deleting content that was not regularly downloaded. The conspirators further allegedly offered a rewards program that would provide users with financial incentives to upload popular content and drive web traffic to the site, often through user-generated websites known as linking sites. The conspirators allegedly paid users whom they specifically knew uploaded infringing content and publicized their links to users throughout the world. ”

The worst part about allowing the copyright infringement to exist is the potential punishment:

“The individuals each face a maximum penalty of 20 years in prison on the charge of conspiracy to commit racketeering, five years in prison on the charge of conspiracy to commit copyright infringement, 20 years in prison on the charge of conspiracy to commit money laundering and five years in prison on each of the substantive charges of criminal copyright infringement.”

Web Developers: it is more crucial than ever to be wary of the websites you create and the information your users post. While SOPA and PIPA won’t affect you, the DMCA is still in full-force, and can cause your website to be ripped down. 

While it isn’t required, there are many benefits to complying with the rules set by the DMCA because copyright infringement is a costly and serious crime. Don’t be the next Megaupload. If you are confused as to whether your website complies with the DMCA, or if you would like help complying with the safe harbor requirements, please contact me for help. After all, as the old saying goes: “It’s better to be safe than sorry!”

Author’s Note: The content quoted within this blog post was taken from: Megan Costello, A Developer’s Guide to Copyright Infringement and Stopping Secondary Liability Before it Starts, originally published in Law/Technology, Volume 44/Number 3, 18 (2011). It was reprinted with the permission of The World Jurist Association Law/Technology Journal which holds the Copyright. If you’d like to purchase a copy of this article, please contact WJA via email on or call them at 202-466-5428.