The Digital Millennium Copyright Act of:
A Summary of Implementation of the WIPO Treaties and Limitations on Internet Service Provider Liability

by Mark Traphagen

Mark Traphagen is a Partner, Powell, Goldstein, Frazer & Murphy LLP, Washington, D.C. As the former Vice President and Counsel of the Software Publishers Association, Mr. Traphagen represented the software industry at the WIPO Diplomatic Conference on Copyright and Neighboring Rights, and was a principal participant in numerous private sector negotiations regarding the provisions of the Digital Millennium Copyright Act (DMCA).

Introduction

On October 28,. President Clinton signed into law the Digital Millennium Copyright Act of (DMCA).¹ When it was introduced on July 29,. the legislation had just one purpose - to make the changes necessary in the Copyright Act of to permit the United States to ratify two treaties administered by the World Intellectual Property Organization (WIPO) - the WIPO Copyright Treaty (WCT) and the WIPO Performances and Phonograms Treaty (WPPT). When Congress sent the DMCA to the President for signature little more than one year later, it had grown from 20 pages to 60 pages in length, and its scope had expanded to include other unrelated but significant changes in the Copyright Act.

Title I, the WIPO Copyright and Performances and Phonograms Treaties Implementation Act, remained true to the original purpose by creating significant new remedies against the unauthorized circumvention of technical protection measures used to control access to and protect exclusive rights in copyrighted works independent of infringement, and also against tampering with copyright management information associated with such works. Four new titles had been added to address particular issues that arose under pre-existing U.S. copyright law. The most prominent of these was Title II, the Online Copyright Infringement Liability Limitation Act, which clarifies the potential liability of Internet service providers (ISPs) for certain copyright infringements by their customers and others.² Except where otherwise noted, these far-reaching amendments to the Copyright Act became effective upon signature by the President.

These separate issues, implementation of the WCT and WPPT and clarification of copyright liability for service providers, had been the subject of intensive discussions in the United States, and are still under consideration by in the institutions of the European Union and the governments of other countries. Because these issues are of interest to copyright owners, high technology manufacturers, Internet service providers, and other players in electronic commerce, as well as judges and policy makers, the purpose of this report is to provide a summary of Title I and Title II of the DMCA, and of the first cases in which the federal courts have been asked to apply the new laws.

¹Pub. L. 105-304.
²The remaining titles also made important changes in the Copyright Act. Title III permitted independent computer service technicians to make certain copies of computer programs in the course of repairing and maintaining computers. Title IV permitted libraries and archives to make digital copies of works for preservation purposes, and amends the ephemeral copy arrangements for transmission of sound recordings and Digital Performance Right in Sound Recordings Act of. Title V created an entirely new federal protection in industrial designs for vessel hulls. The DMCA did not, however, include a proposed federal cause of action for misappropriation of databases that are not protected by copyright, which had been passed twice by the House but was not brought to a vote in the Senate.

Title I - WIPO Treaties Implementation

To implement the WCT and the WPPT, Title I of the DMCA amended the Copyright Act of by making a number of technical amendments to provide copyright protection to works protected under these treaties. Title I also added a new Chapter 12 to protect copyright protection technologies and rights management systems from tampering. In particular, Section 1201 prohibits unauthorized circumvention of technical measures controlling access to or restricting use of a copyrighted work, as well as certain devices and services for such unauthorized circumvention. Section 1202 prohibits certain tampering and removal of "rights management information" associated with copyrighted works. Section 1203 and Section 1204 provides civil remedies and criminal penalties for violations.

Section 1201. Circumvention of Copyright Protection Systems
The most significant change made by the DMCA is to prohibit the unauthorized circumvention of technical measures used to protect copyrighted works independent of copyright infringement. Doing so was necessary to meet the obligations of Article 11 of the WCT, which requires signatory countries to:

[P]rovide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law.

Article 19 of the WPPT is an analogous provision. The purpose of these provisions is to provide legal protection for technological measures, including encryption and password controls, that control access to copyrighted works, and copy control technologies that control unauthorized duplication and distribution of copies.

Many copyright owners now use a variety of such technologies to protect computer software, digital sound recordings, and satellite television programs from unauthorized interception and copying. Experience has shown, however, that such technology alone is inadequate because none is immune from determined efforts at circumvention, such as by bypassing password control, "cracking" encryption, or other unauthorized means. Trafficking in such piracy tools threatens copyright protection because it gives millions of prospective customers, who would normally purchase or license copyrighted works, the means to become copyright pirates.

Section 1201(a) and (b) - Prohibited Circumvention of Copyright Management Systems
Before the DMCA was enacted, Congress had enacted earlier laws that prohibit making or distributing equipment used to receive cable television service or to decrypt satellite cable television programming without authorization.⁴ These remedies are confined to particular types of works in specific media, however, and left many copyright owners without reliable remedies against those who make and sell tools to disable or otherwise circumvent technological protection for other types of works, such as books, motion pictures, and computer software. Because the WCT and WPPT require "adequate protection and effective legal remedies" for circumvention with regard to all copyrighted works regardless of type, treaty ratification required that the DMCA provide general provisions prohibiting unauthorized circumvention.

The purpose of Section 1201 of the DMCA is to provide meaningful protection and enforcement of the copyright owner's right to control access to his or her work, and to control uses of the work falling within his or her exclusive rights. Section 1201 does so by prohibiting circumvention of technological measures controlling such access and use, as discussed below.

Circumvention of Access Control Technology. Section 1201(a) prohibits the act of circumventing technological measures to gain unauthorized access to copyrighted works. Section 1201(a)(1)(A) provides that "[n]o person shall circumvent a technological measure that effectively controls access to a work protected [by copyright]." A simple example of such circumvention is the use of a bootleg password or a "crackz" application to gain unauthorized access to a pirate copy of computer software.

Unlike most other provisions of the DMCA, Section 1201(a)(1)(A) will not take effect until October 28,. at which time the prohibition on the act of circumventing access controls may be selectively waived for limited time periods. Section 1201(a)(1)(C) and (D) require the Librarian of Congress to determine whether users of a "particular class" of copyrighted works "are, or are likely to be … adversely affected by virtue of such prohibition in their ability to make non-infringing uses of that particular class of works." This rulemaking proceeding is now under way,⁵ and the report is expected before the autumn of. If the Librarian finds such adverse effects, then Section 1201(a)(1)(B) would suspend the prohibition on circumvention with regard to that class of works for a period of three years, when another rulemaking will consider the question anew. To result in a suspension, such adverse effects must be distinct, verifiable and measurable, rather than de minimis.⁶ Section 1201(a)(1)(B) also makes clear that such adverse effects must result "by virtue of such prohibition" on the act of circumvention, rather than the mere use of access control technologies.

There is no delay in the provisions that prohibit providing certain technologies or services that make such circumvention possible. Section 1201(a)(2) provides that "[n]o person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof," that (A) "is primarily designed or produced for the purpose of circumventing," or (B) "has only limited commercially significant purpose or use other than to circumvent," or (C) "is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing" a technological protection measure that effectively controls access to a copyrighted work.

Because the tests are alternative, rather than cumulative, liability may be established by showing that a technology or service falls within any one alone. They are intended to distinguish devices and services that have no meaningful purpose or use other than circumvention, such as so-called "black boxes," from those that have commercially significant legitimate purposes and uses, such as personal computers.

To determine which technological measures are protected from circumvention, Section 1201(a)(3)(B) provides that a technological measure effectively controls access to a work if the measure, "in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work." Such protected technological measures include passwords, serial numbers, and encryption that are used by many copyright owners to control access to their works. They also include timers that permit access to computer programs and other works during a trial use period, but then deny access until a password from the copyright owner is applied.

Section 1201(a)(3)(A) provides the definition necessary to identify the prohibited act. It provides that to "circumvent a technological measure" means "to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner." Technologies and services prohibited under Section 1201(a)(2) include providing "bootleg" passwords and serial numbers, known as "serialz," for others to obtain unauthorized access to a copyrighted work. Moreover, because the term "technology" includes software "hacks" (i.e. computer code used to circumvent access controls),⁷ it would also be a violation of Section 1201(a)(2) to provide "crackz" programs for decrypting encrypted software or resetting an expired timer.

Already, two U.S. district courts have granted preliminary injunctions in cases claiming violations of Section 1201(a)(2). In RealNetworks, Inc. v. Steambox, Inc., U.S. Dist. LEXIS 1889 (W.D. Wash.), the court enjoined defendant from manufacturing and offering to the public a product that bypassed, i.e., circumvented, the access control technology that controls the authorized transmission of sound recordings by plaintiff's server software. In Universal City Studios, Inc. v. Reimerdes, U.S. Dist. LEXIS 906 (S.D.N.Y.., the court enjoined a number of Internet web sites that were offering to the public a computer program that circumvented the security system that restricts access to motion pictures recorded on digital video discs.

Circumvention of "Copy Control" and Other Technologies. Section 1201(b), while analogous to Section 1201(a)(2), is intended to protect technological measure that control subsequent copying by the user and other uses within the scope of the exclusive rights under the Copyright Act, rather than those that control access to the work. One example of such "copy control" measures is digital "watermarking" technology that obscures the appearance of unauthorized copies.

Therefore, the prohibition of technologies and services that enable others to circumvent such "copy control" measures are very similar to those concerning circumvention of access control measures. Section 1201(b)(1) provides that "[n]o person shall manufacture, import, offer to the public, or otherwise traffic in any technology, product, service, device, component, or part thereof" that (A) "is primarily designed or produced for the purpose of circumventing," or (B) "has only limited commercially significant purpose or use other than to circumvent," or (C) "is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing" such technological measures.

These tests are alternative, rather than cumulative, as are those in the access control provisions of Section 1201(a)(2). Moreover, the technological measures protected by Section 1201(b) are those "afforded by a technological protection measure that effectively protects a right of a copyright owner under [Title 17] in a work or a portion thereof." Therefore, Section 1201(b) prohibits technologies and services that have no meaningful purpose other than to circumvent any technology that protects the exercise of exclusive rights under the Copyright Act, including the right to make copies or distribute copies to the public, to make adaptations, to perform and display the work publicly, and to authorize others to do so.⁸

Please note, however, that Section 1201(b) has no provision corresponding to Section 1201(a), which prohibits the act of circumventing access controls. The rationale is that such a prohibition on the act of circumventing copy controls, which necessarily involves making an unauthorized copy, has long been forbidden as an act of infringement.⁹

With regard to devices and components, it is important to emphasize that the approach of the DMCA is to prohibit interference with technological measures, rather than to mandate how manufacturers design their products. Therefore, Section 1201(c)(2) makes clear that electronic, telecommunications, or computer manufacturers are not required to design a component or product to "provide for a response to any particular technological measure, so long as such part or component, or the product in which such part or component is integrated, does not otherwise fall within [the anti-circumvention prohibitions of Section 1201]."

The exception to the principle above are analog video cassette recorders and the two most widely used copy control technologies based on automatic gain control and colorstripe systems, which do in fact depend on specific responses from video recorders. Therefore, while the DMCA prohibits circumventing these copy control technologies, Section 1201(k) also requires all VCRs manufactured and offered for sale in the United States to conform to, i.e. affirmatively respond to, these technologies no later than April 28,.

Sections 1203 and 1204 - Civil Remedies and Criminal Penalties
Under Section 1203(a), "[a]ny person injured" by a violation of the anti-circumvention provisions of Section 1201(a) or (b) may bring a civil action in U.S. district court. Under Section 1203(b), the court has authority to grant equitable relief, including preliminary and permanent injunctions and seizure and destruction of illegal devices, and monetary recovery, including actual damages, defendants profits, and attorney's fees. Under Section 1203(c), the complaining party may, as an alternative to actual damages and defendant's profits, elect to recover statutory damages ranging from $200 to $2,500 for each violation or illegal device or performance of service, and a court may to award triple damages for repeated violations within a three-year period. Section 1203(c)(5) provides that damages may be reduced or remitted for "innocent violations," and shall be remitted against nonprofit libraries, archives, or educational institutions that are "not aware and had no reason to believe that [their] acts constituted a violation."

Section 1204 also provides criminal penalties for willful violation of the anti-circumvention provisions for purposes of commercial advantage or private financial gain. Courts may impose fines of up to $500,000 and imprisonment for up to five years for a first offense, and may double these penalties for subsequent offenses.

Exceptions to Section 1201(a) Prohibitions on Circumventing Access Control Measures
Like earlier prohibitions against unauthorized decoding of scrambled television programming, establishing a violation of Section 1201does not require a showing that copyright infringement has occurred. Therefore, Section 1201 is not subject to a fair use defense under Section 107 or to other exceptions provided in Chapter 1 of the Copyright Act. Moreover, Section 1201(c) makes clear that nothing in Section 1201 "shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use," or "enlarge or diminish vicarious or contributory liability for copyright infringement in connection with any technology, product, service, device, component, or part thereof." See Universal City Studios, Inc. v. Reimerdes, supra.

There was concern, however, that prohibiting circumvention could impede several current technological uses, such as encryption research, security testing, and developing interoperable computer programs. As summarized below, the DMCA provides several narrowly drawn exceptions to ensure that the anti-circumvention provisions will not prejudice such uses, so long as they do not prejudice the objective of providing meaningful protection and enforcement for copyright owners.

Pre-Acquisition Evaluation by Nonprofit Libraries and Schools. Under Section 1201(d), a nonprofit library, archives or educational institution that gains access to a work "solely in order to make a good faith determination of whether to acquire a copy of that work" does not violate the prohibition on circumventing access control. The purpose of this subsection is merely to address a concern that is not likely to arise - that technological measures may impede nonprofit schools and libraries from reviewing works before acquiring them. Therefore, the exception is not available if an identical copy of the work is "reasonably available in another form," such as the evaluation copies widely available from textbook and software publishers. In those circumstances in which the exception is applicable, schools and libraries may not use copies they access as a result of such circumvention for any other purpose than making a good faith determination of whether to acquire them. Moreover, such accessed copies may not be retained longer than necessary to make this determination. These conditions underscore that this limited exception is not a "fair use" exception to the anti-circumvention provisions, but rather a "window shopping" limitation.

Reverse Engineering of Computer Programs for Interoperability. Under Section 1201(f), a person may circumvent a technological measure that effectively controls access "to a particular portion of that program for the sole purpose of identifying and analyzing those elements of the program are necessary to achieve interoperability of an independently created computer program with other programs." Section 1201(f) also permits the development and marketing of tools and other means necessary to circumvent for such limited purpose and collaboration with contractors on how to do so.

This exception is not intended to alter the current state of U.S. copyright law regarding reverse engineering of computer programs, nor to encourage or permit infringement.¹⁰ Rather, it is intended to ensure that access control technologies do not impede the independent development of computer programs that are "interoperable," which Section 1201(f)(4) defines as "the ability of computer programs to exchange information, and of such programs mutually to use the information which has been exchanged." Because interoperability is the "touchstone" of this exception, and this goal is unique to computer programs, Section 1201(f) does not permit circumvention of any technological protection measure that controls access to any work other than a computer program.¹¹

To qualify for the exception under Section 1201(f), the person engaging in circumvention must have lawfully obtained the right to use a copy of the computer program, and the use of the program following circumvention must not constitute infringement. As with the nonprofit educational evaluation exception of Section 1201(d), such circumvention is not permitted if those elements of the program necessary for interoperability have "previously been readily available to the person engaging in the circumvention."

Good Faith Encryption Research. Encryption technologies, defined in Section 1201(g) as "the scrambling and descrambling of information using mathematical formulas or algorithms," are considered among the most promising technological means to control access to copyrighted works and confidential personal information. Encryption research often involves finding ways to circumvent encryption solutions implemented to protect such works and information. Because such technologies are considered essential to secure electronic commerce, Congress wanted to ensure that Section 1201(a) would not inadvertently discourage legitimate encryption research. At the same time, it was also concerned that too broad an exemption would create a loophole for illegitimate circumvention and "crackz" utilities.

Therefore, Section 1201(g)(2) provides an exception to Section 1201(a)(1)(A) that permits a person to circumvent encryption implemented as a technological measure to a published work "in the course of an act of good faith encryption research" provided certain conditions are met. Such research is narrowly defined as:

[A]ctivities necessary to identify and analyze flaws and vulnerabilities of encryption technologies applied to copyrighted works, if these activities are conducted to advance the state of knowledge in the field of encryption technology or to assist in the development of encryption products.

Section 1201(g)(4) also provides a narrowly focused exception to Section 1201(a)(2) that permits encryption researchers to "develop and employ technological means to circumvent a technological measures for the sole purpose of that person performing [such] acts of good faith encryption research," and to provide such means "to another person with whom he or she is working collaboratively for the purpose of conducting [such] good faith encryption research … or for the purpose of having that other person verify his or her [good faith encryption research]." Because the sole purpose of these tools must be good faith encryption research, and their exchange is restricted to collaborative research efforts, this subsection does not permit mass market distribution of circumvention tools and "crackz" utilities.

To qualify for the exception under Section 1201(g)(2), the circumvention of encryption controlling access to a copyrighted work must be necessary to conduct such encryption research. The person conducting such research must have lawfully obtained the encrypted work, and the work must have been published. Moreover, the person must have made a good faith effort to obtain authorization before circumventing, and his or her encryption research must not constitute copyright infringement or "a violation of applicable law other than this section." This requirement is intended to prevent the exception from becoming a loophole for other illegal acts, such as unauthorized computer intrusion under the Computer Fraud and Abuse Act.¹²

Because encryption research must be in "good faith" to qualify for the exception, Section 1201(g)(3) provides factors for courts to consider, including whether the information on how to circumvent access control measures was disseminated, if at all, in a manner "reasonably calculated" to advance research or, on the other hand, to facilitate violations of law, and whether the researcher provides the copyright owner with the findings of possible flaws in the encryption protecting its works.

The DMCA directed the Register of Copyrights and the Assistant Secretary for Communications and Information of the Department of Commerce to prepare a report for the Congress examining the impact of Section 1201(g) on encryption research, including legislative recommendations--if any--no later than one year after enactment of the DMCA. Public comments were requested in May.¹³ and the two agencies are expected to complete the final report soon.

Security Testing. Section 1201(j)(2) provides that it is not a violation of Section 1201(a)(1)(A) to engage in an act of "security testing," which is defined as "accessing a computer, computer system, or computer network, solely for the purpose of good faith testing, investigating, or correcting a security flaw or vulnerability." Such testing would involve, for example, a technology officer attacking non-encryption based security measures such as "firewalls" protecting the computer system of his or her organization to assess its vulnerability to unauthorized intrusion. Security testing must be done with the authorization of the owner or operator of the computer, system, or network being tested, and must not constitute copyright infringement or "a violation of applicable law other than this section," including the Computer Fraud and Abuse Act.¹⁴ Moreover, as with the encryption testing exception, Section 1201(j)(3) provides factors for courts to consider in determining whether a person qualifies for the security testing exception. These include whether the resulting information "was used solely to promote the security of the owner or operator of such computer, computer system, or computer network," and whether the information was disseminated, if at all, in a manner that does not facilitate copyright infringement or other violation of applicable law. Section 1201(j)(4) also permits the development and distribution of technological means for good faith security testing, provided that such use is their sole purpose.

Protection of Personally Identifying Information. Section 1201(h)(1) provides that it is not a violation of subsection 1201(a)(1)(A) for a person to circumvent measures controlling access to a work, provided that the circumvention "has the sole effect of identifying and disabling the capacity" of such technological measures to collect and disseminate "personally identifying information reflecting the online activities of a natural person who seeks to gain access to the work protected." This exception is intended to address concerns, thus far hypothetical, that access control technologies could retrieve and transmit user information collected by computer "cookies" in the normal course of operation without giving users notice or the opportunity to consent or decline. Therefore, Section 1201(h)(2) provides that the exception does not permit circumvention of access control measures that do not collect or disseminate personally identifying information, and which disclose to users that they do not have such capability.

Law Enforcement. Section 1201(e) provides that the prohibitions of Section 1201 do not apply to "any lawfully authorized investigative, protective, information security, or intelligence activity" of federal, state, and local governments. The purpose is to ensure that criminals, terrorists, and foreign governments cannot rely on technological measures to shield conspiracies to commit crimes or to exploit any vulnerability in computer systems vital to national security.

Section 1202. Integrity of Copyright Management Information
The WCT and the WPPT also require the United States and other signatories to meet certain obligations regarding "rights management information" attached or associated with a work that identifies the work itself, its author or copyright owner, or information about the terms and conditions of use of the work, and any numbers or codes that represent such information. Article 12 of the WCT provides that signatories must provide "adequate and effective legal remedies" against a person who removes or alters "electronic rights management information," or who distributes or disseminates works that have been so tampered with, provided they have reasonable grounds to know their acts will facilitate or conceal copyright infringement. Article 19 of the WPPT provides a substantially identical obligation.

Accordingly, Section 1202(a) of the DMCA prohibits knowingly providing false copyright management information, or distributing false copyright management information, "with the intent to induce, enable, facilitate or conceal infringement." Provided the same intent is established, Section 1202(b) also prohibits intentionally removing or altering copyright management information, or knowingly distributing or publicly performing works from which the copyright management information has been removed or altered. Section 1202(c) defines "copyright management information" to include the title of a work, the name of its author and the copyright owner, other identifying information, and terms and conditions for use of the work, provided they are "conveyed in connection with" copies, phonorecords, performances, or displays of the work.

Section 1203 provides civil remedies identical to those available for violations of Section 1201, except that statutory damages range from $2500 to $25,000 for each violation. Section 1204 provides criminal penalties are identical to those for violating anti-circumvention provisions of the DMCA. As with the anti-circumvention provisions, law enforcement officials are exempted from the provision, and Section 1202(e) provides limited exceptions for analog and digital transmissions of works comprising copyright management information.

Section 1202 has already been applied by a U.S. district court. In Kelly v. Arriba Soft Corp., 77 F. Supp. 2d 1116 (C.D. Calif.), the court denied plaintiffs motion for a preliminary injunction against the unauthorized display of copyrighted photographs on the Internet without copyright management information. In an unclear passage of the opinion, the court apparently held that the defendant had not "removed" the copyright management information because it provided links to that information on the copyright owner's Internet web site.

³ The obligations are akin to those in earlier treaties and European Union directives. For example, Article 1707(b) of the North American Free Trade Agreement, which requires signatories to provide criminal penalties against those making available a device or system that is "primarily of assistance in decoding an encrypted program-carrying satellite signal without the authorization of the lawful distributor of such signal." Moreover, Article 7.1(c) of Council Directive on the Legal Protection of Computer Programs, 91/250/EC, 14 May. prohibits "any act of putting into circulation, or the possession for commercial purposes of, any means the sole intended purpose of which is to facilitate the unauthorized removal or circumvention of any technical device which may have been applied to protect a computer program."

⁴ 47 U.S.C. �553(a)(2 ) and 47 U.S.C. �605(e)(4), respectively. The latter prohibits devices that are "primarily of assistance in the unauthorized decryption of satellite cable programming."

⁵ Federal Register Notice 64 FR 66139 (November 24,..

⁶H.R. Rep. No. 105-551 (Part 2), 105th Cong., 2d Sess. 37 (July 22,..

⁷ H.R. Rep. No. 105-796, 105th Cong., 2d Sess. 68 (Oct. 8,).

⁸ For example, see Sections 106, 106A, and 603 of the Copyright Act, 17 U.S.C. �101 et seq.

⁹ S. Rep. No. 105-190, 105th Cong., 2d Sess. 12 (May 11,., (S. was eventually incorporated by the House into the amended H.R. 2281).

¹⁰ S. Rep. No. 105-190, 105th Cong., 2d Sess. 33 (May 11,..

¹¹ S. Rep. No. 105-190, 105th Cong., 2d Sess. 33-34 (May 11,..

¹² For example, 18 U.S.C. �1030 prohibits, among other offenses, unauthorized access to government computers, and unauthorized access to certain other computers with intent to defraud, cause damage or other offenses.

¹³ Federal Register Notice 64 FR 28802 (May 27,..

¹⁴ Id.

Title II - Online Copyright Infringement Liability Limitation

Title II of the DMCA clarifies the potential liability of Internet service providers from liability for certain copyright infringement - in some cases for infringement by their customers, and in others for their own direct infringement by their employees and agents. Title II, unlike Title I, does not amend the Copyright Act to meet the obligations of the WCT and the WPPT. Rather, Title II addresses concerns of telecommunications services - to date unfulfilled - that they could face potential liability for copyright infringement.

These concerns arose from the nature of packet-switched networks like the Internet, which transmit and receive data by making a number of intermediate and temporary copies. They also arose from the business practices of many service providers, who refrain from closely watching the activities of their customers, and the doctrines of contributory infringement and vicarious liability under U.S. copyright law, which in some circumstances impose liability on those with knowledge of or who profit from the infringing acts of others. See, e.g. Fonovisa, Inc. v. Cherry Auction, Inc., 76 F.3d 259 (9th Cir.); Gershwin Publishing Corp. v. Columbia Artists Management, Inc., 443 F.2d 1159 (2d Cir.). The DMCA does not alter such law, but rather addresses these concerns by amending the Copyright Act to include a new Section 512, which under certain circumstances limits the scope of injunctions and precludes courts from assessing monetary awards against Internet service providers for copyright infringement.

Section 512. Limitations on Liability Relating to Material Online
Provided that it meets other important qualifications, Section 512 of the Copyright Act provides that a service provider shall not be liable for monetary relief or for certain injunctive or other equitable relief for infringement of copyright by reason of the following activities: (a) providing connections for transitory digital network communications, (b) intermediate and temporary system caching, (c) storing information on systems or networks at direction of users, and (d) providing information location tools.

Under this approach, Section 512 provides limitations on remedies for copyright infringement, but neither limits the exclusive rights of copyright owners nor changes existing principles of law for establishing liability for copyright infringement. Therefore, Section 512 comes into play only if an Internet service provider is first found to be liable for infringement under existing principles of law, including theories of direct infringement, contributory infringement, and vicarious liability.

These limitations on liability are based on these specified activities of the service provider with regard to the infringement, rather than on its status as a service provider. Moreover, the limitations are only available if the infringement occurs in the course of one such activity, and the service provider meets general and specific requirements for eligibility. Thus, the limitations of Section 512 do not apply if the service provider fails to meet these qualifications, or if the infringement arises from another activity of the service provider.

The characteristics of such an approach are the complexity of Title II, and its inextricable ties to the particularities of U.S. copyright law and litigation practice. The objectives hoped for such an approach are to create a framework that protects copyright in works on the Internet no less than works in other media and distribution channels, and that preserves the incentive for service providers to assist copyright owners in fighting infringement.

Limitations on Monetary and Injunctive Relief
Service providers that qualify for these limitations are free of liability for "monetary relief," which is defined by Section 512(k)(2) as "damages, costs, attorneys' fees, and any other form of monetary payment." Section 512(j) limits the scope of injunctions that may be issued against qualifying service providers under Section 502 of the Copyright Act, including ex parte orders.

While the limitation on monetary relief is uniform across Section 512, the limitations on injunctive relief vary with by subsection. Those qualifying for a limitation under Section 512(a) for transitory digital network communications are, under Section 512(j)(1)(B), subject to only two injunctive measures: orders terminating the subscriptions and accounts of customers identified as "using the provider's service to engage in infringing activity," and orders blocking access to "a specific, identified, online location outside the United States."

Service providers that qualify for limitations for system caching, storing information on systems, and providing information location tools under Section 512(b), (c), and (d), respectively, are also subject to such orders. They may also be restrained under Section 512(j)(1)(A) from "providing access to infringing material or activity residing at a particular online site on the provider's system or network." Moreover, they are subject to other injunctive relief necessary to prevent or restrain infringement of specified copyrighted material, provided that such relief is "the least burdensome to the service provider among the forms of relief comparably effective for that purpose." Section 512(j) also provides courts with several factors, fundamentally similar to those under typical practice under the Federal Rules of Civil Procedure, to consider in deciding motions for such relief.

General Qualifications for Liability Limitations
The limitations on liability under Section 512 are not available to all Internet users. Rather, to be eligible for the limitations on liability, a party must first be a "service provider" as defined by Section 512(k)(1). For purposes of the Section 512(a) limitation for providing transitory digital network communications, a service provider is "an entity offering the transmission, routing, or providing of connections for digital communications, between or among points specified by the user, of material of the user's choosing, without modification to the content of the material as sent or received." While this clearly applies to Internet "backbone" services, a "service provider" for purposes of the other limitations is "a provider of online services or network access, or the operator of facilities therefor." The scope of this latter definition is considerably broader, and probably encompasses services ranging from a mere Internet "dial tone" to comprehensive services providing Internet programming, development tools, and Web site hosting.

In addition, no limitation shall apply unless the service provider asserting it has satisfied two general conditions for eligibility required by Section 512(i). First, the service provider must have adopted, implemented, and informed its customers of its policy of terminating the subscriptions and accounts of "repeat infringers." Second, the service provider must accommodate and not interfere with "standard technical measures," defined as those that "are used by copyright owners to identify or protect copyrighted works" and have been developed in open, multi-industry standards processes.

Qualifications for Specific Limitations on Liability
Before a service provider can qualify for a limitation on liability for copyright infringement, it must also satisfy detailed conditions provided in the particular statutory limitation. In many cases, these conditions require that the infringement or infringing activity result from the act or knowledge of a party other than the service provider. Therefore, a service provider may fail to qualify for these limitations "simply because the knowledge or actions of one of its employees may be imputed to it under basic principles of respondeat superior and agency law."¹⁵ The specific limitations on liability are discussed in more detail below.

Section 512(a) - Providing Transitory Digital Network Communications. As outlined above, Section 512(a) limits the liability of a service provider for copyright infringement by reason of:

[T]he provider's transmitting, routing, or providing connections for, material through a system or network controlled or operated by or for the service provider, or by reason of the intermediate and transient storage of that material in the course of such transmitting, routing, or providing connections."

This limitation is intended to apply only when a service provider is acting as a "mere conduit" of data across digital on-line networks. For example, many intermediate and temporary copies of information may be automatically made by routers and other equipment in the course of forwarding e-mail traffic, routing messages to a mailing list agent, or transmitting a web page to a specific network user. Therefore, in addition to the general qualifications discussed above, Section 512(a) requires the service provider to establish the following circumstances:

� The transmission of the infringing material was not initiated by or at the direction of the service provider, was carried out through "an automatic technical process without selection of such material by the service provider," and was transmitted "without substantive modification of its content";

� The service provider "does not have select the recipients of the infringement except as an automatic response to the request of another"; and

� The service provider does not maintain any copies of the material on the system or network "in a manner ordinarily accessible to anyone other than anticipated recipients," or "in a manner accessible to the anticipated recipients for a longer period than is reasonably necessary for the transmission."

These statutory conditions are intended to exclude from the safe harbor such "mere conduit" service providers that exercise control over or participate in transmitting the infringement, or that make infringing copies accessible for further infringement.

Section 512(b) - Intermediate and Temporary System Caching. As outlined above, Section 512(b) limits the liability of a service provider for copyright infringement by reason of "intermediate and temporary storage of material on a system or network controlled or operated by or for the service provider," provided that a number of conditions are met. The purpose of this provision is to limit the liability for system caching, a widely used technique that reduces communications traffic, and thus Internet delay, by making intermediate and temporary, or "cached," copies of popular Web pages on "local" systems owned or operated by the service provider.

To prevent abuse, Section 512(b) requires service providers to satisfy conditions for making such cached copies on their systems, and those for making these cached copies available to system customers. The service provider may cache a copy of the material "through an automatic technical process for the purpose of making the material available to users of the system or network … who subsequently request access to that material," provided that the material was originally made available online by another party and transmitted through the service provider's system to another recipient. The service provider may provide subsequent users with access to this cached material, but the service provider must transmit the cached material "without modification to its content and comply with reasonable directions from the originating site to refresh, reload, or update the cached material. These requirements help ensure that the cached material received by system users is updated and faithful to the material on the originating site. Moreover, to ensure that system caching does not undermine electronic commerce, Section 512(b)(2) requires the service provider to respect restrictions on access to the originating site and not interfere with technologies that control conditional access to Internet sites, such as passwords that restrict access to subscription services.

Section 512(c) - Storing Information on Systems or Networks at Direction of Users ("Knowledge or Notice and Take-Down"). Section 512(c) limits the liability of a service provider for copyright infringement by reason of "storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider" under certain circumstances. This provision is intended to limit the liability of service providers for copyright infringements stored on their systems, such as a subscriber's web site, and for other infringing activity by their subscribers and other users on their system. On the other hand, infringing material or activity residing on the network through the service provider's own acts or decisions, rather than at the direction of a user, is not eligible for this limitation on liability.¹⁶

The Section 512(c) limitation is subject to a number of conditions which are intended to preserve the incentive under existing copyright law for service providers to act responsibly when their systems are being used for copyright infringement. First, to ensure that service providers do not profit from infringement from such third party infringement on their systems, Under Section 512(c)(1)(B) this limitation is available only if the service provider "does not receive a financial benefit directly attributable to the infringing activity, in a case in which the service provider has the right and ability to control such activity." Second, to prevent service providers from turning a blind eye to copyright infringement, Section 512(c)(1)(A) provides that the limitation is available only if the service provider:

(i) "[D]oes not have actual knowledge that the material or an activity using the material on the system is infringing";

(ii) "[I]n the absence of such actual knowledge, is not aware of facts or circumstances from which infringing activity is apparent"; or

(iii) "[U]pon obtaining such knowledge or awareness, acts expeditiously to remove, or disable access to, the material."

Section 512(c)(1)(A) makes clear that a service provider cannot ignore telltale signs of copyright infringement on its system. This standard of knowledge or awareness precludes a service provider from enjoying a limitation on liability if it takes no action after becoming aware of facts or circumstances from which infringing activity is apparent. An objective standard should be used to determine whether the infringing activity would have been apparent to a reasonable person under the same or similar circumstances.¹⁷ While Section 512(m) provides that a service provider is not required to monitor its service for infringement to be eligible for this and other limitations, Section 512 is also not intended to discourage such monitoring.¹⁸

Third, to encourage service providers to cooperate with copyright owners in taking action against infringement, Section 512(c)(1)(C) requires that, once the service provider is notified of claimed infringement, it must respond "expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of the infringing activity." To be eligible for this limitation, Section 512(c)(2) requires a service provider to designate an agent to receive notifications, and to provide the Copyright Office with information that permits copyright owners to contact these agents.¹⁹ The elements of notifications from copyright owners and their representatives are set out in Section 512(c)(3)(A), and include statements that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, and that the complaining party also has the authority to enforce the copyright in the material.

This "notice and take-down" procedure is not mandatory,²⁰ but rather formalizes the practice that some service providers follow when copyright owners inform them of copyright infringements on their systems. It is important to emphasize, however, that following this procedure will limit the liability of a service provider only if, prior to notification by the copyright owner, the service provider does not have knowledge, awareness, or financial benefit from the infringing activity on their systems.

There is hope that these notifications will also assist copyright owners in identifying and taking action directly against the source of the infringing material. For example, Section 512(h) authorizes the clerk of any U.S. district court to issue a subpoena requiring a service provider "to expeditiously disclose to the copyright owner or person authorized by the copyright owner information sufficient to identify the alleged infringer of the material described in the notification." Subsection 512(g) also provides procedures for Internet subscribers to restore their material if it has been wrongly removed by a service provider, and remedies against those who misrepresent the nature of allegedly infringing activity to compel such removal.

Section 512(d) - Providing Information Location Tools. Section 512(d) limits the liability of a service provider for copyright infringement by reason of "referring or linking users to an online location containing infringing material or infringing activity, by using information location tools, including a directory, index, reference, pointer, or hypertext link." The requirements for this safe harbor are virtually identical to those for the information storage safe harbor - lack of knowledge or awareness, lack of financial benefit, and expeditious response to prescribed notice by copyright owners. Unlike the limitation under Section 512(c), however, this provision limits liability for unlawful acts by the service provider itself, including its employees and agents, rather than liability for the acts of third parties.

Other Provisions Affecting Colleges and Universities
Rather than providing another limitation on liability, Section 512(e)(1) provides direction for applying the limitations discussed above when professors and teaching graduate students infringe copyrights using college and university Internet services. The provision does not alter the rules of liability when colleges and universities are not acting as service providers.²¹ Instead, it makes such institutions of higher learning eligible for the limitations on service provider liability under some circumstances in which the imputed acts or knowledge of such faculty and graduate students, over whom they exercise less control than other employees, would otherwise disqualify them.

Therefore, if a college or university satisfies the conditions of this provision, and thus qualifies for a limitation on liability under Section 512, it will not be liable for monetary relief for copyright infringement. Unlike the limitations in other circumstances, however, Section 512(e)(2) makes clear that such colleges and universities will not be eligible for limitations on the scope of injunctive relief, with the exception of those involving ex parte orders.

Assuming that other conditions are satisfied, Section 512(e)(1) provides that, "[w]hen a public or other nonprofit institution of higher education is a service provider, and when a faculty member or graduate student who is an employee of such institution is performing a teaching or research function," such faculty member or graduate student "will be considered a person other than the institution" for purposes of deciding whether the institution qualifies for the limitations under Sections 512(a) and (b)-. Section 512(e)(1) also provides that, under these same circumstances, that "such faculty member's or graduate student's knowledge or awareness of his or her infringing activities shall not be attributed to the institution" for purposes of Sections 512(c) and (d).

Therefore, Section 512(e) provides no protection against liability for an institution if the infringement occurs "[w]hen the faculty member or the graduate student is performing a function other than teaching or research," such as university administration or service provider operations.²² There is also no protection for "sham" research and teaching used as a pretense for infringing activity. To ensure that these rules of interpretation do not result in colleges and universities turning a blind eye to infringement, Section 512(e)(1) disqualifies an institution that has received more than two valid notifications of claimed infringement by such faculty member or graduate student in the preceding three years. Another safeguard is provided by Section 512(e)(1), which requires that the infringing activities "do not involve the provision of online access to instructional materials that are or were required or recommended … for a course taught at the institution by such faculty or graduate student." Such instructional materials include textbooks, computer programs, and other copyrighted works.

¹⁵ H.R. Rep. No. 105-796, 105th Cong., 2d Sess. 74 (Oct. 8,).

¹⁶ Rep. No.105-190, 105th Cong., 2d Sess. 43 ( May 11,..

¹⁷ S .Rep. No. 105-190, 105th Cong., 2d Sess. 44 ( May 11,..

¹⁸ H.R. Rep. No. 105-796, 105th Cong., 2d Sess. 73 (Oct. 8,).

¹⁹ On Nov. 3, the Copyright Office has issued interim regulations for submitting designations of such agents to receive notification. See 63 Fed. Reg. 63749.

²⁰ S. Rep. No. 105-190, 105th Cong., 2d Sess. 45 (May 11,..

²¹ H.R. Rep. No. 105-796, 105th Cong., 2d Sess. 76 (Oct. 8,).

²² H.R. Rep. No. 105-796, 105th Cong., 2d Sess. 74 (Oct. 8,).

Conclusion

Title I of the Digital Millennium Copyright Act represents a significant step forward in providing legal protection for technological protection to control access to and unauthorized use of all types of copyrighted works, and in protecting the integrity of copyright management information. In particular, Congress and the President recognized that, as in earlier legislation protecting encrypted television programming, circumvention of technological measures should be a violation of law that does not require proof of copyright infringement nor limitations and defenses thereto. Title II provides clarification for determining the extent of monetary and injunctive relief under U.S. law when Internet service providers are found liable for copyright infringement. The courts have only begun to apply these new laws, and they are bound to not only produce new questions for courts to resolve in coming years, but to influence the legal framework for electronic commerce in copyrighted works in the United States and around the world.