Data Center Avoids Copyright Liability By Forwarding DMCA Notices to Its Customer–ALS Scan v. Steadfast

Steadfast operates data centers. Imagebam is one of its customers. Imagebam provides image hosting services. Allegedly, Imagebam has “become an unauthorized hub of copyrighted adult material.” ALS Scan, which owns many copyrights in pornographic works, sent Steadfast DMCA takedown notices targeting images posted by Imagebam users. Steadfast forwarded the DMCA notices to Imagebam, which acted upon them. My blog post on a prior district court ruling.

The court doesn’t mention this explicitly, but ALS Scan is seeking to impose tertiary liability on Steadfast. The primary infringer is the uploading user. Imagebam is the secondary infringer. ALS Scan seeks to hold Steadfast liable for Imagebam’s facilitation of its users’ direct infringement. This should be a bridge too far. Data centers typically provide their customers with Internet access and a lease of physical space. Thus, Steadfast really should be under a 512(a) rubric, not a 512(c) rubric, and 512(a) doesn’t have a notice-and-takedown scheme at all. Even if not, what remedies does Steadfast have? It can turn Imagebam’s services on or off, but it can’t remediate any individual item in Imagebam’s database. This exposes the problems underlying all of the pending copyright infringement lawsuits against IAPs–should they be required to treat their customers as “repeat” infringers because of multiple unverified notices of allegedly infringing behavior? If that were the rule, Steadfast should have had to toss Imagebam overboard long ago.

The Ninth Circuit, in an unpublished opinion, only addresses the contributory copyright infringement legal standard (so the DMCA doesn’t play a role in this decision at all). According to Perfect 10 v. Amazon, recapitulated in Perfect 10 v. Giganews, “a party may avoid liability for contributory copyright infringement if it takes ‘simple measures’ to ‘prevent further damage to copyrighted works.’” The court said Steadfast’s “simple measures” were forwarding DMCA notices to Imagebam, and those measures prevented further damage because Imagebam apparently honored them all.

ALS Scan argued that Steadfast should have tossed Imagebam overboard because of the high volume of DMCA notices it was getting. The court essentially says that Steadfast does not have the requisite scienter for contributory copyright infringement based on past DMCA notices that were honored; the volume of past DMCA notices only gave Steadfast generalized knowledge of infringing activity.

ALS Scan argued that the legal standard trapped it in a whack-a-mole dynamic. The court says that isn’t Steadfast’s problem because of the tertiary liability implications:

Steadfast did not operate, control, or manage any functions of It could not supervise, access, locate, or delete Imagebam accounts. It had no way of knowing, based on a URL hyperlink contained in the notices of copyright infringement, where the infringing works or the Imagebam accounts responsible for illegal uploads were located on Flixya’s servers. What measures were available to prevent further damage to ALS’s copyrighted images, Steadfast took….ALS apparently has not pursued other options that may ameliorate the “whack-a-mole” problem (e.g., taking action against Imagebam’s owner or the individuals uploading the unauthorized images)

(To be fair, going after the uploading individuals does not ameliorate the whack-a-mole problem–that is the whack-a-mole problem).

A dissenting judge argues that Steadfast’s “simple” measures weren’t “effective” because infringing activity kept taking place. By analogy, the court points to the DMCA prerequisite of terminating repeat infringers. The dissent concludes: “Where, as here, there are allegations that the volume and magnitude of previous infringements caused a defendant to know that such infringements would continue tomorrow, and the next day, and the day after that, I would send this claim to the jury.”

This opinion has some bearing on the lawsuits against IAPs for subscribers’ infringing behavior. If past takedown notices don’t confer specific knowledge of future infringements, this seems like it cuts at the heart of IAPs’ contributory infringement liability. Furthermore, IAPs have no control over subscriber behavior (other than the on/off switch). If this opinion were precedential, I would say it’s a major win for IAPs. Instead, I remain unsure how the Ninth Circuit will handle IAP cases.

Case Citation: ALS Scan, Inc. v. Steadfast Networks LLC, 2020 WL 4038050 (9th Cir. July 17, 2020)