Two decades ago, when the RIAA tried to obtain the identities of Verizon customers via the convenient DMCA subpoena process, significant pushback led to defeat for the record labels.
The case made it clear that subpoenas obtained under section 512(h) of the DMCA only apply to ISPs that directly store, cache, or provide links to infringing material. An RIAA lawsuit against Charter failed for similar reasons.
In 2014 and after a considerable break, BMG and anti-piracy partner Rightscorp attempted to unmask 30,000 CBeyond subscribers using the same DMCA subpoena process. That also ended in disappointment but somehow, seven years later on the same legal basis, DMCA subpoena applications suddenly began producing results.
Cautiously Building Momentum
After testing the water in 2019, during 2022 and early 2023, companies including Voltage Pictures, Millennium Funding, and Capstone Studios obtained DMCA subpoenas targeting customers of CenturyLink (now Lumen). After a relatively gentle request to obtain the identities of 13 subscribers, subsequent demands turned up the heat.
An additional DMCA subpoena later sought to unmask almost four times more subscribers than the preceding one, before a follow-up application took the previous target of 63, doubled it, and added another couple of dozen subscribers on top for good measure.
After focusing on CenturyLink subscribers for more than a year, Voltage, Millennium, and Capstone obtained a DMCA subpoena targeting 41 IP addresses operated by ISP Cox Communications. Most of the IP addresses were allegedly linked to piracy of the movie ‘Fall,’ with infringements reportedly carried out by Cox subscribers using BitTorrent networks.
The DMCA subpoena application itself was somewhat unusual. Explanatory text recognized that under conventional thinking, § 512(h) doesn’t usually apply to conduit ISPs. However, it suggested that legal developments over the past few years supported a theory that the Tenth Circuit would eventually come to see § 512(h) in a whole new light; specifically, that it does apply to conduit ISPs after all.
DMCA Subpoena Immediately Challenged
When the DMCA subpoena was served on Cox Communications, the ISP contacted the relevant subscribers to determine whether any would object to having their identities disclosed. One subscriber took the opportunity to send a letter of objection to the court, which now forms part of the public record.
The letter doesn’t identify the ‘John Doe’ subscriber or their family, but since it contains sensitive personal information in the first couple of paragraphs, only the last three paragraphs are reproduced here.
The letter was construed by the court as a motion to quash, with a recommendation that the subpoena was invalid under § 512(h). A subsequent report issued by Magistrate Judge Wes Reber Porter later arrived at the same conclusion. It further noted that, to the extent any information had been derived from the invalid subpoena, it must be returned or destroyed while no further information should be obtained or placed on record.
A DMCA Subpoena Cannot Apply Here
In his order handed down this week, District Judge J. Michael Seabright provides an exceptionally clear overview of the four types of safe harbor available to ISPs under the DMCA. In doing so, the Judge also shows why the movie companies’ DMCA subpoena fails.
The breakdown seems to show why DMCA subpoenas issued under § 512(h) cannot be used to obtain the identities of P2P infringers when their ISP qualifies for protection under § 512(a). (For reference, the DMCA’s safe harbor provisions are detailed in full here)
The key points of the order read as follows (minor edits for brevity):
– The safe harbor in § 512(a) protects ISPs from liability for ‘transmitting, routing, or providing connections for’ material through a system or network.
– The safe harbors in § 512(b), (c), and (d) protect ISPs from liability for infringing material that users temporarily store in caches (§ 512(b)), on systems or networks (§ 512(c)), or at links (§ 512(d)) provided by the ISP.
– The safe harbor in § 512(a) does not require ISPs to take down material upon receiving notice from a copyright owner — if an ISP is a “mere conduit,” nothing is stored, and there is nothing to take down.
– Conversely, though their wording differs, each of the safe harbors in § 512(b), (c), and (d) requires that, when notified of alleged infringement by a copyright owner, an ISP “respond[] expeditiously to remove, or disable access to, the material that is claimed to be infringing upon notification of claimed infringement (notice and takedown)
– In contrast, the “mere conduit” safe harbor in § 512(a) does not contain any notice and take down provision referring to Subsection (c)(3)(A)—because there is no material to take down.
– In considering whether a copyright owner can obtain the IP addresses of P2P infringers by subpoenaing an ISP under § 512(h), the Eighth Circuit [Verizon] and D.C. Circuit [Charter] both reasoned that if the ISP acts as a “mere conduit” in cases of P2P filesharing, it is not possible for a copyright owner to satisfy the notice requirement in Subsection (c)(3)(A).
– On this basis, both courts ruled that the ISP fell within the safe harbor in § 512(a) and the subpoenas over P2P filesharing were improper. [..] In short, a § 512(h) subpoena cannot issue if the ISP is unable to locate and remove the infringing material, and an ISP acting as a mere conduit for allegedly infringing activity cannot do so. This court agrees with the reasoning of the Eighth and D.C. Circuits.
Movie Companies’ Objections
Despite being rejected by the Court, the main objections filed by the movie companies still make for interesting reading.
When applying for the DMCA subpoena, the movie companies submitted a list of IP addresses that allegedly participated in the infringing activity. The aim here was to demonstrate compliance under § 512(h) by providing a notification of claimed infringement that identified the allegedly infringing material/activity, along with sufficient information for the ISP to locate it.
The companies reasoned that in assigning IP addresses to the alleged infringers, Cox was “referring or linking material” under § 512(d), making their list of IP addresses a valid notice of infringement.
The movie companies also objected to a statement in the Magistrate Judge’s report, which concluded that Cox acted as a “mere conduit” in the transfer of files through its network. After arguing that they should have had the ability to submit a briefing on the issue of statutory interpretation, the Judge ordered Cox to file a declaration on its status as a service provider.
Cox responded with a declaration which confirmed that it operates as an ISP under 17 U.S.C. § 512(a). The movie companies objected to that too, but without the desired result.
The full order is linked below for those interested in the finer details. Needless to say, none of the arguments were able to prevent the DMCA subpoena from being ruled invalid, on exactly the same basis the RIAA’s attempts were rejected over 20 years ago.
District Judge J. Michael Seabright’s order is available here (pdf)
