How The DMCA’s Online Copyright Safe Harbor Failed

[Eric’s introductory note: I’m continuing my Spring housecleaning of blog posts that got stuck in draft mode for more than a half-year. I wrote this post in September intending it for Forbes, and some of it got obliquely incorporated into my 2013 year-end post. I had intended to discuss case studies of Vimeo and Hotfile as the latest examples of 512’s failings, but that never happened. So here’s what I wrote 9 months ago, FWIW:]

In 1998, Congress enacted the Digital Millennium Copyright Act (DMCA). One of its provisions (17 U.S.C. 512) gave online service providers a safe harbor from liability for user-caused copyright infringements. The safe harbor was relatively simple: copyright owners assume the burden of notifying service providers when their users are committing copyright infringement, at which point the service providers are expected to intervene if they want to avoid being liable. This system, called “notice-and-takedown,” has served the Internet well enough to create many interesting and important user-generated content websites.

Photo credit: Breaking waves on promenade with warning sign // ShutterStock

Photo credit: Breaking waves on promenade with warning sign // ShutterStock

Unfortunately, 15 years of relentless litigation by the copyright industry has created a number of cracks in the notice-and-takedown system. As a result, the notice-and-takedown system is failing as a safe harbor, progressively undermining the safe harbor’s ability to foster entrepreneurship in the user-generated content industry. In this post, I’ll explain how cracks in the safe harbor are rendering it useless.


Copyright law is a strict liability tort. That means a person is liable for copyright infringement if their actions violate a copyright owner’s rights, even if they had no idea they were doing so. In the mid-1990s, a few cases suggested that online service providers could be strictly liable for user-caused copyright infringement, even if the service providers didn’t know that its users were doing so.

These cases prompted the DMCA safe harbor codified in 17 U.S.C. 512(c), which created the notice-and-takedown system. Its key innovation is that online service providers aren’t strictly liable for user-caused copyright infringement; service providers should be liable only if they get a takedown notice from copyright owners and then fail to respond quickly. Indeed, the statute spells out what information needs to be in a takedown notice before it creates the obligation for service providers to act. Thus, it’s clear Congress wanted to override copyright law’s strict liability default rule for online service providers and require copyright owners to take affirmative steps outside the courtroom before they ran to the courtroom to sue user-generated content websites.

From the beginning, copyright owners quickly realized that sending takedown notices was a chore. As a result, copyright owners have repeatedly sued service providers for user-caused copyright infringement even where the copyright owners haven’t sent takedown notices. Naturally, if copyright owners could establish service provider liability without the need to send takedown notices, it would effectively render Section 512(c)’s notice-and-takedown scheme moot.

Undermining the Safe Harbor

Through aggressive litigation in court, copyright owners have made substantial progress in eviscerating the notice-and-takedown system, especially in the past two years or so. Some of the ways they have done so:

* In the GrooveShark case, the court held that pre-1972 sound recordings–which are governed by state copyright law, not federal copyright law–are not covered by the notice-and-takedown scheme. Because a service provider allowing users to post sound recordings has no reliable automated way of distinguishing pre- and post-1972 works, service providers cannot rely on the notice-and-takedown for any sound recordings.

* Courts have established two ways that service providers can “know” about their users’ infringing behavior even if copyright owners don’t send takedown notices. First, courts have added a new safe harbor exclusion called “willful blindness.” This exclusion doesn’t have a rigorous definition–courts are still trying to figure out what it means–and the courts created even though the safe harbor specifically described what types of information about user conduct could foreclose the safe harbor.

Second, the courts have said that “inducing” infringement also forecloses the safe harbor. We have clearer definitions of what constitutes inducement, though inducement arguments have rarely succeeded outside the peer-to-peer file sharing context. Nevertheless, lawsuits against user-generated content websites routinely allege inducement, consuming substantial litigation expenses for both parties.

* Courts have indicated that investors in online service providers aren’t covered by Section 512–leading the potentially anomalous conclusion that investors may be liable for copyright infringement even when the companies they’ve invested in aren’t. Naturally, exposing investors to personal risk for making investments in user-generate content websites is a pretty effective way of discouraging those investments.

These exclusion undermine the safe harbor in two ways. They prevent user-generated content websites from relying on the notice-and-takedown system. Simply responding to copyright owner takedown notices isn’t enough to keep a service provider out of court.

Even more problematically, copyright owners can drain defendants’ coffers of lots of money seeking evidence to support these exceptions, even if the copyright owners ultimately lose in court. This ensures that well-funded copyright owners can drive entrepreneurs out of business simply through aggressive litigation, regardless of the merits; and it substantially raises the amount of cash required to enter the user-generated content business, as a portion (effectively, the first funds raised) must be set aside for the seemingly inevitable and quite expensive ligation that will surely ensue.


For all of the angst about SOPA’s evisceration of notice-and-takedown, it’s clear that the notice-and-takedown system is dying without any legislative intervention. Congress attempted to articulate a pretty clear rule: users who upload infringing files are liable; their web hosts aren’t unless they ignore takedown notices. Somehow, the courts have gotten far enough away from this basic proposition that now copyright owners have plenty of leverage over user-generated content websites without ever sending them takedown notices at all; and in light of BS rulings like Garcia v. Google, the battle is now shifting towards requiring web hosts to ensure “stay-down,” not just “take-down.” In a prior post, I explained how Congress misarchitected Section 512. That post provides a roadmap for fixing it, not that meaningful defendant-favorable reform is likely any time soon.