May people know that online service providers are shielded from liability for copyright infringement by their users, meaning that a court will, on summary judgment, often excuse a web platform as a named defendant when an infringement has been committed by its customers. Many people are not aware, however, that a service provider must meet certain conditions in order to remain protected by this “safe harbor.”
These conditions are voluntary, and although failure to meet them does not automatically make a provider liable for infringement; non-compliance will—or is meant to—void the automatic protection in a potential litigation. Below is a list of several–but not all–of the key conditions a service provider must meet under the DMCA statute Section 512, including an explanation of “red flag” knowledge:
THIRD-PARTY INFRINGEMENT — The infringing material must have been made available by users/customers.
This is the foundation of 512—the very reasonable assumption by early online service providers (e.g. the Baby Bells) that users will inevitably transmit infringing material online. If the platforms were held liable for infringement by its users, this would have stifled investment in developing many platforms that host User Generated Content (UGC). Infringing material may not be made available by a service provider. If a site operator directly uploads or transmits infringing material of its own volition, the “safe harbor” does not shield it from liability.
NOTICE & TAKEDOWN — The service provider must expeditiously remove infringing material upon receipt of a valid takedown notice sent by the copyright owner or their agent.
Often simply called notice-and-takedown (or just takedown), sites that wish to maintain the protection of the “safe harbor” generally comply with this provision, though it is a subject of controversy on all sides. For creators, sending takedown notices, one infringing use at a time, is the source of the “whack-a-mole” complaint. For ISPs and some users, the takedown regime is often described as rife with abuse and error. See post here responding to one “abuse” study cited by Professor Tushnet in her testimony at the first DMCA hearing 2020.
REPEAT INFRINGERS — Develop and maintain a policy that includes account termination as a final step for repeat-infringers.
This issue made big news when ISP Cox Communications lost two substantial lawsuits for failure to maintain such a policy. While the DMC does not clearly define “repeat infringer” or dictate the design of a “repeat infringer policy,” it is usually some type scaled warning process (e.g. six-strikes), but which must result in account termination if the repeat infringer refuses to stop. For instance, the courts found that Cox’s 14-strikes-and-they-will-eventually-reset-your-account process voided their “safe harbor” in court.
KNOWLEDGE — Site operators are not required to search for infringement, but they must remove material upon obtaining knowledge that it is infringing.
Because the knowledge conditions have largely been ignored in practice over the past 22 years, many people do not know they exist or what they are. Codified in 512(c), the statute expressly states that the service provider “shall not be liable” if (1) its operators do not have actual knowledge of infringement; (2) its operators are not aware of facts or circumstances from which infringing activity is apparent; and (3) upon obtaining knowledge of infringement, expeditiously removes the relevant material.
That second condition describing “facts or circumstances” is what we often refer to as “red flag” knowledge under the DMCA. This is the “walks like a duck,” common-sense knowledge standard that has generally been erased from practice. For instance, many cases and complaints involve famous works used in ways that any layperson could assume is unlicensed; or several famous litigations have found evidence of internal communications indicating that site operators had a pretty good idea that infringement was taking place.