Mixed DMCA Online Safe Harbor Ruling in Cloud-Based Music Locker Case–Capitol v. MP3Tunes

By Eric Goldman

Capitol Records, Inc. v. MP3Tunes, LLC, 2011 WL 3667335 (SDNY Aug. 22, 2011).

Background. This case involves MP3Tunes.com and Sideload.com. MP3Tunes is a music storage locker. Small lockers are free, but more storage is available at a price. The system doesn’t store redundant copies; if the system recognizes an identical bit stream coming from a second user, it just records the hashtag. Sideload is a music search engine that lets users find free music on the Internet. (It was also a browser plug-in). If users find a music file they like, they can “sideload” the music file into their MP3Tunes’ locker as a personal archive copy. MP3Tunes’ database tracks the sources of these personally archived files.

Due to other issues being addressed in prior proceedings, this ruling primarily focuses on the applicability of the 17 USC 512 safe harbor. This court expressly interprets 512(d), the safe harbor for linking to infringing content–one of the rare opinions to do so. Like most 512 rulings, this ruling is lengthy and detailed, reflecting the fact that the plaintiff contested a long list of safe harbor elements. As I recently mentioned, god bless the pithy 47 USC 230 immunity and the short opinions it produces.

Result. The net effect is that most of MP3Tunes’ operations got a 512 safe harbor defense, but it is contributorily liable for any infringing sideloaded files it didn’t remove following a takedown notice, and MP3Tunes’ CEO (the persistent Michael Robertson) may be personally liable for any infringing files he personally loaded into his locker. These rulings leave the defendants on the hook for potentially millions in damages. Other questions, such as liability for employees’ uploads, were rolled over to trial. Because of this mixed ruling, both sides issued public statements touting their wins. As I’ll explain momentarily, both sides also earn some brickbats from me.

Some of the post-ruling punditry has suggested this ruling provides a roadmap for other cloud-based music lockers, including the offerings from Apple, Amazon and Google. While that’s partially true, the guidance is limited at best due to the fact-specific nature of the ruling. Perhaps the best news for the other services is that lockers may not have to store redundant copies of user-uploaded files to qualify for a Cablevision defense (see the EFF post for more on this). However, as the Zediva ruling recently showed, it remains uncertain how broadly other courts will read the Cablevision case. Otherwise, I think this case mostly tells us things we already knew but that copyright owners refuse to believe.

Out of this dense and slightly inscrutable ruling, some of the points that I found most interesting:

Bogus Takedown Notices (Yet Again…) EMI sent MP3Tunes overbroad takedown notices. The court says EMI affiliates “provided a list of EMI artists and demanded that MP3Tunes ‘remove all of EMI’s copyrighted works, even those not specifically identified.'” This was in 2007, NINE YEARS after the DMCA came into effect. Seriously, guys? 512(c)(3) isn’t that complicated, and major copyright owners that send notices vastly in excess of 512(c)(3) look like greedy or clueless SOBs.

With the hope that we can avoid future SOBness, here’s an offer I extend to any and all major copyright owners. I will happily give you a FREE tutorial on how to draft proper 512(c)(3) takedown notices so that you don’t look as asinine as EMI looked here. I’m not worried about these trainings being too much of a drain on my time–they should only take about FIVE MINUTES and involve a variation of RTFM.

Needless to say, the court wasn’t impressed by EMI’s overreaching takedown notuices. It reminds EMI that a proper 512(c)(3) takedown notice requires the copyright owner to provide sufficient information to locate the infringing files (cite to Wolk v. Photobucket).

MP3Tunes’ Takedown Policy. MP3Tunes took the puzzling position that, in response to the overreaching 512(c)(3) notices, it only had to remove specified links from Sideload and not any files downloaded from those URLs into personal lockers–even though MP3Tunes kept the source URLs in its database and could therefore trace those files. Now, if the users had downloaded the files to their hard drives, that wouldn’t be MP3Tunes’ issue–though, to be clear, the users probably don’t have a fair use defense if the files are actually infringing (see, e.g,. the BMG v. Gonzalez case). However, as a cloud service provider, MP3Tunes needs to respond to 512(c)(3) notices when they meet the statutory requirements, even if the locker is supposed to be the user’s “private” space. MP3Tunes loses the 512 safe harbor for these files because EMI’s 512(c)(3) notices provided adequate information for MP3Tunes to locate the files, and the court says MP3Tunes is contributorily liable for these infringements. MP3Tunes argued a Sony defense that its lockers had substantial non-infringing uses, but the court says Sony applies only to products, not services.

It’s unclear how this discussion applies to other cloud-based music lockers. The court distinguishes Viacom v. YouTube because Viacom could easily search YouTube for infringements–which isn’t possible with private cloud-based lockers (just as it isn’t possible with user hard drives). The court also asserts that any other lockers letting users “sideload” from the Internet must trace URL source and disable all files from that URL in response to a 512(c)(3) notice. But what if the music locker allows users to upload files from their hard drives and don’t allow those to be searched? The opinion seems to deliberately avoid addressing that situation. [A related unresolved Q: how copyright owners can find private YouTube videos. I’ve posted a few myself for use in my Advertising Law course.]

The court dismisses MP3Tunes’ seemingly overstated concerns about its liability to users for disabling files in their “private” lockers. MP3Tunes’ user agreement expressly allowed this, as I would expect every other cloud service providers’ user agreements to do.

Even so, it’s 100% clear that cloud storage is different from hard drive storage, and some users are going to get quite a surprise when they learn that third parties can zap files from their cloud storage. (Recall the hubbub over Amazon’s zapping of books from Kindle). If Congress weren’t so dysfunctional, this would be a good place for a statutory fix. It would make a nice complement to the Digital Due Process initiative to fix the ECPA’s application to the cloud.

It’s worth noting that users weren’t represented in this litigation and had no ability to show that their uses were fair, notwithstanding BMG v. Gonzalez and similar cases. If cloud-based music lockers simply pull the trigger on 512(c)(3) notices on an “ex parte” basis (i.e., without any input from the affected users), their fair use rights become effectively irrelevant unless the sites honor users’ putback notices. I think it’s critical for cloud-based music lockers enabling “private” lockers to address how they will deal with 512(c)(3) notices and if they will honor 512(g) putback notices. I’d welcome your thoughts on ways that we collectively can monitor cloud service providers’ policies and practices on this topic.

Repeat Infringer Policy. MP3Tunes had an adequate repeat infringer policy because, among other things, its users weren’t “blatant infringers” (they were just downloading files for personal use and may not have known better) and “MP3Tunes does not purposely blind itself to its users’ identities and activities.”

Red Flags of Infringement. I continue to assert that “red flags of infringement” is no longer possible given copyright owners’ widespread practices of freely seeding their content on the Internet as marketing. EMI did that too. Indeed, the court says “EMI executives concede that internet users, including MP3tunes’ users and executives, have no way of knowing for sure whether free songs on the internet are unauthorized.” The court further dismisses EMI’s mockable argument that the terms “free,” “mp3” and “file-sharing” automatically confer red flags knowledge. EMI’s takedown notices that didn’t comply with 512(c)(3) didn’t contribute to any red flags knowledge either.

Vicarious Infringement Standards. The court rejects that the sideloading feature contributed to “financial benefit” because, even if it was a “draw,” it had non-infringing uses, and MP3Tunes didn’t charge for its usage. MP3Tunes lacked the requisite “control” because it was a cloud storage solution.

Public Performance. EMI argued that MP3Tunes publicly performed the files in users’ lockers. MP3Tunes responded with a Cablevision defense. The court explains that MP3Tunes doesn’t deliver files from a “master copy” (even though redundant copies aren’t made) but instead “uses a standard data compression algorithm that eliminates redundant digital data” and therefore preserves exact digital copies. Thus, MP3Tunes wasn’t publicly performing. I didn’t understand the technological distinction the court was making, but I didn’t find it persuasive at all. The court also distinguished Cablevision because it couldn’t qualify for 512, while MP3Tunes does.

DMCA’s Applicability to pre-72 Sound Recordings. FN1 says that 512 applies to pre-1972 sound recordings:

The Court agrees with Defendants that the plain meaning of the statutory language makes the DMCA safe harbors applicable to both state and federal copyright claims. Thus, the DMCA applies to sound recordings fixed prior to February 15, 1972.

I believe this is the first ruling reaching this conclusion (am I forgetting one?). The court didn’t offer any citations or analysis in support of this conclusion, and I anticipate this issue will continue to be litigated fiercely.

Reminder: in case you missed it, I recently caught up on 4 months worth of online copyright rulings, including several addressing the same or similar issues as this case.

Other comments on this ruling: Techdirt, EFF, CNET News.com