Federal Court Expands DMCA Subpoena Power to Cover Peer-to-Peer File Sharing of Alleged Infringing Materials
On Jan. 21, 2003 a federal district court in Washington, D.C., significantly expanded the ability of copyright holders to use the subpoena power under the Digital Millennium Copyright Act (“DMCA”) to force Internet service providers to disclose the identity of subscribers alleged to be using peer-to-peer services to download and store infringing copies of music on their home PCs. In re Verizon Internet Services, Inc., CA No. 02-MS-0323 (JDB) (D.D.C. Jan. 21, 2003). The decision in this closely watched proceeding is the first step in a test case establishing the appropriate relationship between copyright owners and ISPs when it comes to peer-to-peer services.
The 1998 DMCA did not expand the potential liability of Internet service providers. It instead established “safe harbors” for ISPs who did not wish to test the scope of their potential liability (under various theories of vicarious or contributory copyright infringement) for the activities of their customers. One familiar safe harbor is colloquially knows as “notice and takedown.” It provides that an ISP that makes available Web hosting services is not liable for infringing copies posted to a hosted server if it responds to proper DMCA notices by removing an allegedly infringing copy of a copyrighted work from a subscriber’s site on the ISP’s server, after offering the subscriber an opportunity to dispute the allegation. Another safe harbor provides that ISPs that merely provide transport are protected from liability if they maintain policies to terminate the ISP accounts of repeat infringers. Another provision permits copyright owners to obtain a subpoena requiring an ISP to “expeditiously disclose” the name of a subscriber (publicly known only by a dynamic or static numerical IP address), merely by filing appropriate declarations with the clerk of a federal district court, rather than commencing any form of litigation under which subpoenas are traditionally issued. Enforcing or invalidating those subpoenas does require the commencement of litigation.
Application of these rules to hosted websites are spelled out in reasonable detail in the DMCA, and enforcement practices had fallen into predictable patterns until the advent of peer-to-peer (“P2P”) services. When the allegedly infringing copy resides only on a customer’s PC, and nowhere on an ISP’s network or facilities, it is problematic to expect an ISP to be in any position to check claims of infringement. In the eyes of many privacy advocates, it is even more problematic to disclose the identity of a customer based only on the (unverifiable) claim that some infringing material resides on the customer’s PC—perhaps in a shared file or an email attachment. Oftentimes the copyright owners’ claims of infringement are based merely on the title of a file, and not on any knowledge of what is actually contained in any such file or attachment.
This case arose after the Recording Industry Association of America (“RIAA”) served a DMCA subpoena on Verizon’s ISP affiliate seeking the identity of a subscriber who had allegedly downloaded more than 600 music files from KaZaA, a popular P2P file sharing service. (KaZaA’s software has been downloaded more than 100 million times and is utilized by more than two million users trading files at any particular time.) Verizon declined to disclose the subscriber’s identity, arguing that a DMCA subpoena does not apply to ISPs when the alleged infringing materials do not reside on the ISP’s network or servers. The RIAA then sued Verizon to compel judicial enforcement of the subpoena.
The Court’s Decision
The district court held that a copyright owner may use the DMCA subpoena process to require an ISP to disclose the name of a subscriber alleged to have downloaded and used or stored infringing copies on the subscriber’s PC.
As a matter of legal interpretation, the court agreed that Congress had not anticipated P2P file sharing software and services in the DMCA, but held that the definition of “service provider” subject to a 512(h) subpoena is “unequivocally” broad enough to encompass ISPs who serve customers who in turn use P2P software and services. References within 512(h) to the kinds of notices that are required in subsection (c)’s “notice and takedown” provisions do not limit the subpoena to that context, but merely require the copyright owner to file such a notice along with its declaration to the court clerk.
As a policy matter, the court saw no reason that Congress would distinguish disclosures of identities in one context (hosted web sites, or the kind of “John Doe” suits used in Internet defamation litigation) from another (P2P files stored on an Internet subscriber’s PC). As far as the court was concerned, the threat to copyright arising from massive and instant P2P file sharing justified the same rapid disclosures, based solely on declarations filed by the copyright owners without notice to the subscriber. The court saw this as part of the balance in the DMCA: ISPs obtain safe harbor protection from liability for vicarious and contributory copyright infringement if they share the enforcement burden with copyright owners by helping to identify alleged infringers. The court gave no apparent weight to privacy interests. It rejected concerns about violating First Amendment rights by assuming that the files alleged to be infringed were illicit, and therefore not subject to protection by the First Amendment. The district court also criticized Verizon for suggesting alternative processes that would have required federal courts to assume a greater role and thus bear additional procedural burdens before issuing subpoenas. The court exhibited only slight concern about the potential Constitutional infirmity of federal courts issuing subpoenas where there is no filed “case or controversy,” which suggests that such an argument could be pursued in more thoroughly briefed motions to quash DMCA subpoenas.
The court punted to Congress the need for readjusting the relative rights and burdens of owners and ISPs, much as the Supreme Court did last week when it rejected Eldred’s challenge to the extension of the term for copyright protection generally.
This decision reflects one more extension of the DMCA to the advantage of copyright owners, part of a noticeable trend in the courts. It reveals little sympathy for any privacy interests of individuals who are concededly only alleged infringers. It regards the enforcement burden on ISPs as part of a previously assigned statutory burden, rather than incident to new P2P services that would require a different analysis. It appears indifferent to the concern raised by Verizon that “bots” (automated software tools roaming the Internet to detect unauthorized copies of copyrighted materials) could generate millions of automated subpoenas and overwhelm service providers. We expect that the recording industry and studios will use this ruling to broaden their efforts to identify and sue users of online file sharing services. All of this suggests that ISPs seeking to comply with this interpretation of the DMCA (which is bound for appeal) should evaluate the means for expeditious disclosure upon proper subpoenas. Cable operator ISPs should closely evaluate their privacy notices to assure that the possibility of disclosure without advance notice or express consent is adequately revealed to customers.
It is worth noting what the decision does not address. Although this decision rejects the distinction between P2P and hosted sites for subpoena purposes, it did not do so for purposes of analyzing infringement liability. It remains debatable how much liability an ISP has in the first place for P2P files resident on a customer’s PC, even outside of the DMCA’s safe harbors—although ISPs may not be eager to test those limits.
If you have further questions about this decision, or other DMCA related issues, please contact us.