Revenge Porn: "Is Anyone Up" on Copyright Law?

Posted on December 20, 2011 by David Kluft

 

Here’s something you probably don’t want fixed in a tangible medium of expression: revenge porn

Twenty-five-year-old Hunter Moore (pictured, above right) is the creator of the website Is Anyone Up (www.isanyoneup.com). In essence, here’s how revenge porn works: Remember those naked pictures you took of yourself and sent to a very close friend with the explicit instruction or implicit assumption that the images would remain private? Well, just make sure you don’t give your friend cause to become a former friend. If you did, your former friend may already have sent those pictures anonymously to Mr. Moore. Upon receipt, Mr. Moore will post them on his increasingly popular website, along with a helpful link to your actual Facebook page, just in case there was any doubt the pictures were of you.

For Mr. Moore’s troubles, he has received numerous death threats, one actual attempt on his life and, most recently, a very angry letter from Facebook’s lawyers. He has also reaped an estimated $13,000 per month in ad revenue and a great deal of media attention.

Here’s why we’re interested: In a recent episode of NPR’s On the Media, Bob Garfield interviewed Moore, who explained why he believes he is immune to legal action. Part of the conversation went like this:

HUNTER MOORE: . . . And then also with the copyright issue, you know, a lot of people are sending me DMCA requests and –

BOB GARFIELD: They say, I own this photo, you have no right to display it; please take it down.

HUNTER MOORE: Yes, but when you take a picture of yourself in the mirror, it was intended for somebody else, so actually, the person you sent the picture to actually owns that picture because it was intended as a gift. So whatever the - that person does with the picture, you don’t even own the nude picture of yourself anymore.

Is that correct? No way. With a few exceptions with respect to works made for hire, the copyright in a photograph subsists with the person who takes the photograph. Once the photograph is distributed, copyright law makes a distinction between on the one hand the object itself (which the new owner can sell or give away under the first sale doctrine), and on the other hand the rights to further reproduce or publish that image (which rights generally can only be transferred in writing).

So, it is true that you probably can’t use copyright law to stop your former friend from giving, say, a printout of your nude self-portrait away, and as a practical matter it is very difficult to stop your former friend from emailing that picture around. However, you may be able to use copyright law to stop Mr. Moore from publishing that image on-line. At the risk of incurring the wrath of the revenge porn industry, Mr. Moore appears to have learned copyright law from the same place he learned to respect other people’s privacy.

Tags: , , , , ,

Is it getting hot in here? Perfect10.com takes on Chilling Effects

Posted on January 24, 2011 by David Kluft

In what must be one of the nation’s longest-lived Internet copyright wars, Perfect10, Inc. recently opened up a new front, asserting that online publication of its Digital Millenium Copyright Act takedown notices is a copyright violation.

Perfect10, founded by former mathematics professor and professional poker player Norman Zada, is a softporn fee-based Internet site and print magazine that publishes pictures of women in various states of undress. Although Perfect10 tries to reserve these pictures exclusively for its customers, the images have a way of getting around, and are often republished online without authorization.

And how does one find these pirated images? Well, Google, of course! For example, a search for the model Amy Weber (pictured left in a page from the District Court’s opinion) in Google Image Search will retrieve automatically indexed thumbnails of a variety of pictures of Ms. Weber that derive from and link to websites which may or may not have the right to display them.

Beginning in 2001, Perfect10 began sending takedown notices to Google pursuant to the DMCA, insisting that Google cease and desist promoting the pirate sites by indexing and linking to these images. Although Google did remove many infringing images from its search results, Perfect10 was dissatisfied with what it viewed as a less-than-perfect response, and sued Google in the Federal District Court for the Central District of California. Perfect 10 alleged that a variety of activities by Google, including the thumbnail indexes and in-line links to the pirate websites, were both direct and secondary infringements of Perfect10’s display and distribution rights.

After Perfect10 appealed the denial of a preliminary injunction, the Ninth Circuit held that the thumbnails, although otherwise meeting the elements of direct infringement, were nonetheless highly transformative fair use and, because they were small, did not harm Perfect 10’s market for high-resolution images. However, the Court remanded the matter to determine whether Google might be liable for contributory or vicarious infringement. Thus, nearly 10 years and a thousand docket entries after the first takedown notice, the case is still going strong.

Enter Chilling Effects, a non-profit educational project run jointly by the Electronic Frontier Foundation and an impressive collection of law schools. Chilling Effects invites the public to submit takedown notices, after which they are posted, commented upon by the public and studied by legal scholars. Google, being the netizen that it is, had been dutifully forwarding all of Perfect10’s takedown notices to Chilling Effects. Then, in place of the removed images, Google included a link to the takedown notice with a statement that said:

“In response to a complaint we received under the US Digital Millennium Copyright Act, we have removed 1 result(s) from this page. If you wish, you may read the DMCA complaint that caused the removal(s) at ChillingEffects.org.”

So what’s the problem? Well, in an apparent effort to be crystal clear about which pictures it did not want displayed for free, Perfect10’s takedown notices had included copies of those pictures. So, even after Google stopped displaying small thumbnails or linking to possibly low resolution pirated versions of these images, it was still linking directly to those same images on chillingeffects.com. These versions of the images, however, because they were provided directly by Perfect10 itself, were in many cases full-size and in high-resolution. In other words, they were a perfect free replacement for the very pictures Perfect10 had been trying control and sell.

Perfect10 moved once again for a preliminary injunction, this time to prevent further forwarding of its takedown notices, which it argued constituted both direct and contributory infringement. The Central District Court disagreed, and held that the posting of the images in the context of legal study was fair use, and required the full take down notices, pictures and all. Perfect10, which time after time has shown itself to be resilient in the face of defeat, predictably has appealed to the Ninth Circuit. Last month, the Electronic Frontier Foundation submitted an amicus brief, and has also made the all briefs available on its website. Oral argument has yet to be scheduled.

 

Tags: , , , , , ,

Ninth Circuit Imposes DMCA Liability, Even in the Absence of Copyright Infringement

Posted on January 10, 2011 by Joshua S. Jarvis

The Ninth Circuit's liability determination in MDY Industries v. Blizzard, discussed in my prior post, rested not on copyright infringement, but on a violation of the Digital Millenium Copyright Act (DMCA) provisions regarding circumvention of access controls.

As discussed previously, Section 1201(a)(1) prohibits “circumvent[ing] a technological measure that effectively controls access to a work protected under” Title 17. 17 U.S.C. § 1201(a)(1)(A). Both the Fourth Circuit, in MGE UPS Systems, Inc. v. GE Consumer and Industrial, Inc. et al., and the Federal Circuit, in Chamberlin Group Inc. v. Skylink Technologies, Inc., have held that the "DMCA prohibits only forms of access that would violate or impinge on the protections that the Copyright Act otherwise affords copyright owners.” MGE UPS Systems, Inc. v. GE Consumer and Industrial, Inc. et al., No. 08-10521, 2010 WL 2820006 (5th Cir. July 20, 2010). In other words, circumvention that does not infringe or facilitate the infringement of a copyright is not actionable under Section 1201(a).

The Ninth Circuit took another approach. Looking to both the text of the relevant provisions as well as the legislative history of the DMCA, the court explained that there was no textual support for the requirement of an "infringement nexus" under Section 1201(a), which addresses circumventing controls over access only. In contrast, Section 1201(b) of the DMCA addresses circumvention of protection over copyright. The court, applying this logic, upheld the lower court's DMCA verdict.

The MDY Industries decision and resulting circuit split could have significant implications. Under the Ninth Circuit's approach, owners of copyrights in digital works -- software, video games, movies, and pretty much everything else these days -- can much more easily challenge uses of their products that are deemed harmful for various reasons, but which might not otherwise be infringing uses. On the flip side, the decision could potentially chill uses of copyrighted works that are typically considered "fair" because such uses happen to require circumvention of access controls in the first instance. It will be interesting to see whether MDY petitions the Supreme Court to consider the matter. For now, copyright owners filing in Ninth Circuit courts can consider getting a little more aggressive with regard to DMCA access violations, while users circumventing access controls may wish to tread a bit more lightly.

Tags: , , , , , , ,

The DMCA: Less Protection Than Meets The Eye Against Circumvention Of Technological Measures To Prevent Access To Software

Posted on September 16, 2010 by Marc K. Temin

The anti-circumvention provision of the Digital Millennium Copyright Act, 17 U.S.C. § 1201, continues to challenge courts in the context of computer software. Section 1201(a)(1) prohibits “circumvent[ing] a technological measure that effectively controls access to a work protected under” Title 17. 17 U.S.C. § 1201(a)(1)(A). A recent decision of the Fifth Circuit Court of Appeals, relying on a 2004 Federal Circuit decision, holds that in this provision “access” means more than access.

In MGE UPS Systems, Inc. v. GE Consumer and Industrial, Inc. et al., No. 08-10521, 2010 WL 2820006 (5th Cir. July 20, 2010) (PDF), the court affirmed the district court’s dismissal of MGE’s claim that defendant Power Maintenance International, Inc., acquired by GE in 2001, violated § 1201 by circumventing an external hardware security key (a “dongle”) that enables and limits (with a password, an expiration date, and maximum number of uses) the use of software helpful for servicing MGE’s uninterruptible power supply machines. A group of employees of PMI, which services MGE machines, had acquired the unsecured MGE software from an unknown source after hackers had defeated the security key’s features, permitting unlimited use of the software.

Defendants admitted that the PMI employees had used the software on a number of occasions but argued that the DMCA had not been violated, because the dongle did not prevent copying of MGE’s software but only access to it, and once such access was obtained there was no technological obstacle to copying the software. The PMI employees had therefore not, defendants argued, engaged in the sort of “access” that § 1201 was designed to prevent. The court agreed, holding that “[t][he DMCA prohibits only forms of access that would violate or impinge on the protections that the Copyright Act otherwise affords copyright owners.” In doing so it followed the construction of § 1201(a)(1)(A) adopted in Chamberlin Group Inc. v. Skylink Technologies, Inc., 381 F.3d 1178 (Fed. Cir. 2004).

Under § 1201(a)(3)(A), applicable to § 1201(a), to “circumvent a technological measure” means “to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner,” and a technological measure “effectively controls access to a work” if “the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.” The “antitrafficking provisions” of the DMCA distinguish between gaining access to a work and exercising rights of the copyright owner, for § 1201(a)(2) prohibits trafficking in any technology primarily designed or produced for the purpose of “circumventing a technological measure that effectively controls access to a work protected under” Title 17, whereas § 1201(b)(1) prohibits trafficking in any technology primarily designed or produced for the purpose of “circumventing protection afforded by a technological measure that effectively protects a right of a copyright owner under” Title 17. 17 U.S.C. §§ 1201(a)(2) & (b)(1) (emphases added.).

MGE argued that gaining “access” to a work means being able to view or use the work. The court rejected that meaning as too broad, since it “would permit liability under § 1201(a) for accessing a work simply to view it or use it within the purview of ‘fair use’ permitted under the Copyright Act.” Following the Federal Circuit in Chamberlin, the court concluded that the DMCA did not introduce a new property right (presumably referring to a right not to have a work viewed after circumvention of a technological measure), so there is no violation of § 1201(a) absent a “link between ‘access’ and ‘protection’ of the copyrighted work”: “The owner’s technological measure must protect the copyrighted material against infringement of a right that the Copyright Act protects, not from mere use or viewing.”

The court’s conclusion seems difficult to reconcile with the distinction in § 1201 between technological measures protecting access to a work and those protecting the rights of copyright owners and its prohibition of the circumvention only of technological measures protecting the former – a distinction made, as the Copyright Office’s December 1998 Summary of the DMCA noted, because unauthorized copying of a work may be fair use, but unauthorized access to it is not. Nonetheless, the court found that MGE’s dongle protected only access to its software but gave no further protection once access was obtained, so it did not protect against infringement of any rights of the copyright owner (by, for example, copying the unlicensed software). “Because the dongle does not protect against copyright violations, the mere fact that the dongle itself is circumvented does not give rise to a circumvention violation within the meaning of the DMCA.” (emphasis in original) The court buttressed its conclusion that § 1201(a)(1) had not been violated by noting that the section did not apply after a technological measure had been violated, and there was no evidence that any PMI or GE employee had circumvented the technological measure, as opposed to using the software after the dongle was circumvented by others. Accordingly, the court affirmed the district court’s dismissal of MGE’s DMCA claim.

Defendants were nonetheless liable for copyright infringement of the unlicensed unsecured software, and the jury had rendered an award for infringement as well as for misappropriation of trade secrets and unfair competition. However, the appellate court found that MGE had failed to prove damages from any of those violations and reversed the district court’s denial of defendants’ motion for judgment as a matter of law under Rule 50(a). The court did, however, affirm the district court’s grant of a permanent injunction against use of MGE’s software.

Copyright owners seeking to use technological measures to protect their software from unlicensed access should recognize that, despite the distinction made in Section 1201 between technological measures that protect access and those that protect a right of a copyright owner, courts following MGE UPS Systems and Chamberlin will not find a violation of that section in the circumvention of a technological measure that protects access to software without at the same time protecting the software against being used or copied, although it remains to be seen just how the two must be linked. Of course, a copyright owner may still rely on its remedies under the Copyright Act against unlicensed copying, but, as MGE UPS Systems also demonstrates, care must be taken in pursuing such remedies.

Tags: , ,

Get Out of Jail(breaking) Free -- At Least As Far As Copyright Is Concerned

Posted on August 9, 2010 by Joshua S. Jarvis

 In the past few years, the Apple iPhone and its "smartphone" brethren have seen widespread adoption throughout the United States. Combining the features of computers and traditional mobile phones, along with additional features like movement detection, GPS capabilities, and over-the-air videoconferencing, smartphones have, for many people, become indispensible tools for both work and pleasure.

Sometimes, however, users find the native functionality of certain smartphones to be limited. Some smartphones incorporate operating systems that restrict or eliminate features otherwise built in to the hardware, provide limited software functionality, or restrict the ability of the end user to use the phone in connection with "unauthorized" programs or media. For instance, among other things, the iPhone is "locked" and will only work with AT&T's wireless network, its operating system requires that "apps" -- which are approved by Apple beforehand -- be downloaded only from the Apple iTunes App Store, and its interface has very limited customizability features. So, while users enjoy the advanced hardware of smartphones, they often find the installed software to be stifling.

Many smartphone users with this problem turn to "jailbreaking" -- removing the software restrictions of the operating software. To jailbreak the iPhone, for instance -- that is, to relieve it of its Apple-imposed limitations -- requires the user to download and run a program or a series of programs that install custom software, and which modify the existing operating software. A jailbroken iPhone can then access unofficial "app stores" such as Cydia and Installer to download non-Apple-sanctioned third-party software and enable previously locked features and functionality.

Because jailbreaking requires users to "hack" their phones, there is a legitimate copyright concern. This is because the Digital Millennium Copy Act (DMCA), 17 U.S.C. sec. 1201 et seq. (PDF), which was designed to address copyright issues in the digital age, prohibits the act of circumventing measures that control access to copyrighted works -- in other words, hacking. Because jailbreaking a smartphone requires users to hack the phone to remove certain software protections, it was likely that -- absent other considerations such as fair use exceptions -- such an action violated the DMCA's anti-circumvention provisions.

The questionable legality of jailbreaking prompted the Electronic Frontier Foundation to seek clarification from the U.S. Copyright Office as part of the Copyright Office's "Triennial Rulemaking" under the DMCA, which requires that every three years the Copyright Office conduct a process for designating exemptions -- that is, certain classes of works that for one reason or another may be "hacked" legally for certain purposes. See 17 U.S.C. Sec. 1201(a)(1)(C) and (D) (PDF).   As part of the rulemaking process, the U.S. Copyright Office questioned Apple on various issues related to jailbreaking. In its response to these questions (PDF), Apple maintained that, among other things, jailbreaking constitutes copyright infringement and the creation of infringing derivative works, violates the software license agreement covering the iPhone software, and diminishes the integrity and security of the iPhone software and the data network infrastructure generally.

In its ruling announced on July 26, 2010 and effective July 27, 2010 (PDF), the Copyright Office adopted six exemptions to the DMCA anticircumvention prohibitions, including:

Computer programs that enable wireless telephone handsets to execute software applications, where circumvention is accomplished for the sole purpose of enabling interoperability of such applications, when they have been lawfully obtained, with computer programs on the telephone handset.

Analogizing jailbreaking to the existing DMCA statutory exemption for reverse engineering for the purpose of making computer programs interoperable, see 17 U.S.C. sec. 1201(f), the Copyright Office explained that:

On balance, the Register concludes that when one jailbreaks a smartphone in
order to make the operating system on that phone interoperable with an independently created application that has not been approved by the maker of the smartphone or the maker of its operating system, the modifications that are made purely for the purpose of such interoperability are fair uses.

And so the jailbreaking exemption was adopted. A separate exemption was adopted for "unlocking" the phone to work with any compatible voice and data carrier.

Of course, as Apple correctly points out, copyright is hardly the only relevant legal issue -- among other things, jailbreaking an iPhone might violate Apple's iPhone license agreement and render void the iPhone warranty. However, because it is a reasonably simple process to reload a clean version of the iPhone operating system -- with nary a trace of the jailbreak -- this is probably not a significant deterrent for would-be escapees. Further, as discussed in my post regarding the first-sale doctrine and enforceability of end-user license agreements, perhaps challenges could be raised to Apple's insistence that its customers are not owners of the operating software, but only licensees (indeed, in its ruling, the Copyright Office noted that it "cannot clearly determine whether the various versions of the iPhone contracts with consumers constituted a sale or license").

Is this the end of the jailbreaking copyright inquiry? Might Apple or other smartphone manufacturers challenge the Copyright Office's exemption determination, or will they more aggressively lock down software to deter potential jailbreakers? We will probably not have to wait too long to find out.

Tags: , , , , ,

Can You Be A Little More Specific? General Knowledge of Copyright Infringement Not Sufficient to Forfeit DMCA Safe Harbor Protection: Viacom International, Inc. v. YouTube, Inc.

Posted on July 7, 2010 by David Kluft

Almost since the founding of YouTube in 2005, the on-line video service has been labeled by commentators as a top virtual destination for copyright-infringing material. According to a lawsuit brought by Viacom International, Inc., YouTube was aware of this alleged infringement as a general matter, and through advertising revenues profited handsomely from it. Nevertheless, a federal judge has held that YouTube’s general knowledge alone, without information about specific instances of infringement, was not enough to forfeit the protection of the Digital Millennium Copyright Act (“DMCA”).

The DMCA, as codified at 17 U.S.C. § 512(c), provides an internet service provider (“ISP”) with “safe harbor” protection against copyright infringement suits under certain conditions. If somebody uses the ISP’s service to store infringing material, the ISP is protected if it does not have actual or constructive knowledge of the infringement, and if it acts quickly to remove such material once it does have knowledge of it. Also, the ISP must not receive a financial benefit directly attributable to infringing activity that it has the “right and ability to control.”

When YouTube did receive notice of specific infringing material, it acted quickly. In February 2007, Viacom sent a mammoth take-down notice to YouTube, naming about 100,000 specific clips. Those clips were removed nearly overnight. However, Viacom alleged that YouTube did little, if anything, to locate and remove potentially infringing material on its own, even though it generally knew that such material existed. In March 2007, Viacom sued YouTube, claiming that this general knowledge gave rise to liability for copyright infringement. YouTube moved for summary judgment, asserting entitlement to safe harbor under the DMCA.

On June 23, 2010 Judge Louis L. Stanton, federal District Court Judge for the Southern District of New York, issued an opinion and order agreeing with YouTube. It was not enough that YouTube was generally aware of, and even welcomed, copyright-infringing material on its website. Rather, in order to lose safe harbor protection, YouTube had to have had knowledge of specific infringing materials, and sufficient information (such as the URL address) to locate and take down those materials. Additionally, Judge Stanton held that, even if YouTube directly profited, it could not be charged with “the right and ability to control” the infringing activity until it had that specific knowledge.

Consistent with the language of 17 U.S.C. § 512(m), Judge Stanton’s ruling puts the burden of on-line policing squarely, and solely, on the copyright holder. An ISP, by contrast, has essentially no duty to determine the copyright ownership of the material it is storing, no matter how prevalent infringement may be, and no matter how much money is gained from that infringement.

Viacom plans to appeal to the Second Circuit which, interestingly enough, recently encountered similar policing issues, albeit unrelated to the DMCA, in Tiffany (NJ), Inc. v. eBay Inc. In that case, in a decision that may foreshadow an appellate defeat for Viacom, the Court held that even though eBay may have known in a very general sense that its website facilitated sales of counterfeit Tiffany products, such general knowledge alone was not sufficient to establish trademark infringement.

Tags: , , , , ,

Microsoft No Longer Seeking DMCA Take-Down of Cryptome or Leaked Compliance Handbook

Posted on March 5, 2010 by LexBlog

Last week, lawyers from Microsoft issued a demand under the Digital Millennium Copyright Act (DMCA) seeking the removal of leaked copies of Microsoft's "Global Criminal Compliance Handbook" that pulled website Cryptome.org from the Internet, at least temporarily.  The DMCA provides copyright owners with the ability to request that internet service providers remove infringing materials from websites.  Microsoft's DMCA demand to Cryptome's service provider, Network Solutions, apparently resulted in removing Cryptome from the Web entirely, until Microsoft attorneys sent an email withdrawing the DMCA takedown demand.

Microsoft made this public statement:

Like all service providers, Microsoft must respond to lawful requests from law enforcement agencies to provide information related to criminal investigations. We take our responsibility to protect our customers privacy very seriously, so have specific guidelines that we use when responding to law enforcement requests. In this case, we did not ask that this site be taken down, only that Microsoft copyrighted content be removed. We are requesting to have the site restored and are no longer seeking the document’s removal.

Cryptome advertises itself as a site that "welcomes documents for publication that are prohibited by governments worldwide."  The site also promises that "[d]ocuments are removed from this site only by order served directly by a US court having jurisdiction." 

The Microsoft Compliance Handbook, dated March 2008, is a guide for law enforcement officers seeking to investigate users of Microsoft services such as Hotmail email, IM, Windows Live and other services.  The Handbook outlines the data Microsoft keeps with respect to its users and provides law enforcement with instructions on what legal process is necessary for investigators to gain access to specific information.  In the Handbook, Microsoft offers to provide the following information to investigators in response to a subpoena:

Basic subscriber information includ[ing] name, address, length of service (start date), screen names, other email accounts, IP address/IP logs/Usage logs, billing information, content (other than e-mail, such as in Windows Live Spaces and MSN Groups) and e-mail content more than 180 days old . . . .

This provision contrasts with Microsoft's limits on access to other user data, such as recent email,  "e-mail address book, Messenger contact lists, . . . [and] internet usage logs."  According to the Handbook, Microsoft will release this data in response to a search warrant or court order which, unlike a subpoena, must be approved by a judge after the government presents sufficient evidence.

Posts at Cryptome, as well as CNet, Tom's Hardware, and The Register, describe the Handbook variously as a "spy guide" and "wiretap guide."  Cooperation with government agencies has been a touchy subject for privacy advocates and service providers in the wake of alleged abuses by some that occurred after the 2001 terrorist attacks.  However, the heart of the controversy generally has been the disclosure of customer information without any legal process or court involvement.  In this case, Microsoft's Handbook merely identifies what data is available in response to formal legal process, such as subpoenas, warrants and court orders. 

 

Tags: , , , , ,