Digital Millennium Copyright Act (DMCA)

The Digital Millennium Copyright Act (DMCA), enacted in 1998 and effective in 2000, updated federal copyright law to meet the demands of the electronic age, particularly with regard to copyright infringement on the Internet. The DMCA contains two pieces of legislation: the World Intellectual Property Organization (WIPO) Copyright and Performances and Phonograms Implementation Act and the Online Copyright Infringement Liability Limitation Act.

WIPO Copyright and Performances and Phonograms Implementation Act

The WIPO Copyright and Performances and Phonograms Implementation Act prohibits the circumvention of technologies, also known as digital rights management, or DRMs, that have been installed to prevent online infringement. For example, copyright holders often install programs requiring computer users to enter passwords in order to access specified files or applications. Copyright holders may also encrypt data or files to prohibit access by outsiders. The DMCA prohibits circumvention of these “technological protection measures.” Section 1201 of the DMCA distinguishes between technological measures that restrict access to copyrighted works and those that restrict copying. This categorization is designed to ensure that Fair Use continues. In some cases, copying works is considered Fair Use, while in others unauthorized access may be deemed unfair.

The DMCA targets the manufacture, distribution, and use of computer programs designed to circumvent or decrypt protection devices. Even so, the DMCA includes several prominent exceptions, many of which are applicable in higher educational settings. Insofar as the DMCA does not forbid the following circumvention activities, they are Fair Uses of copyrighted works:

1. Circumvention by nonprofit library, archive, and educational institutions solely for the purpose of determining, in good faith, whether or not they wish to obtain authorized access to the works. Since this exception applies only when libraries are open to the public, it most likely covers institutions of higher education.
2. Law enforcement, intelligence, or other governmental activities.
3. Encryption research.
4. Testing technological devices that are designed to prevent access by minors to certain material on the Internet.
5. The collection or dissemination of personally identifying information about the online activities of a person.
6. Testing the security of a computer, computer system, or computer network with the permission of its owner or operator.

Persons who are injured by violations of Section 1201 may bring civil actions for equitable and monetary damages. Violations may also be subject to criminal sanctions. However, the DMCA exempts nonprofit libraries, archives, and educational institutions from criminal liability. Furthermore, the DMCA affords special protection to nonprofit libraries, archives, and educational institutions that may be entitled to complete remission of damages in circumstances where violators prove that they were unaware and had no reason to believe the alleged acts were infringing.

Online Copyright Infringement Liability Limitation Act

The second element in the DMCA is the Online Copyright Infringement Liability Limitation Act, which protects Internet service providers (ISPs) against infringement liability for the acts of their subscribers. For instance, if computer users who are given access to the Internet through service providers access, store (long term or short term), or transmit material that is unlawfully obtained, the users face liability for infringement rather than the ISPs. To the extent that most, if not all, colleges and universities offer Internet access to their students, staff, faculty, and sometimes visitors, they may qualify for these limitations on liability. Still, the burden of proof is on institution leaders to establish that officials lacked actual knowledge or awareness that the infringing activity was occurring, and institutions must not play substantive roles in identifying the infringing content or directing or communicating the transmission of the infringing material. ISPs also must act to remove infringing material or disable infringing conduct on notification of claimed infringements (also called “take-down notice”). Limitations on liability apply only to those ISPs that have established and implemented policies, such as university Acceptable Use Policies that provide for the termination of accounts, subscriptions, and/or computer use privileges of repeat violators. Officials at colleges and universities must continue to provide access to sites that are pay-per-access or password protected.

The special provision limiting the liability of nonprofit educational institutions contains one significant point necessary for elaboration. This provision makes a distinction between faculty and graduate students on the one hand and the institutions themselves on the other. In order to limit the liability of institutions for the infringing activities of their faculty members and graduate student employees, the act maintains that when such users are performing teaching or research functions, they are considered to be persons other than the institutions. In these circumstances, knowledge or awareness of the infringing activities is not to be attributed to institutions if they meet the following three conditions:

1. Faculty members or graduate students are engaged in infringing activities that do not involve the provision of online access to instructional materials that are or were required or recommended, within the preceding threeyear period, for a course taught at the institution by such faculty member or graduate student.
2. Institutions have not, within the preceding three-year period, received more than two notifications described of claimed infringement by covered faculty members or graduate students, and such notifications of claimed infringement have not been actionable as knowing material misrepresentations of copyright infringement.
3. Institutions provide all users of their systems or networks with informational materials that accurately describe, and promote compliance with, the laws of the United States relating to copyright.

There is no corresponding reference in these provisions to undergraduate students who engage in teaching and research.

Substantive litigation under the DMCA is limited, especially in educational settings. For the most part, the challenges have been from computer programmers and software developers who argue that the DMCA violates First Amendment free speech. Moreover, while courts have agreed that the development, distribution, and use of circumvention software constitutes speech, they have held that the provisions of the DMCA are valid restrictions on that speech. In Universal City Studios v. Corley (2001), the movie industry sued individuals and organizations for distributing a computer program (DeCSS) designed to circumvent the content scramble system (CSS), an encryption system that prevents copying DVDs. The Second Circuit affirmed a grant of a permanent injunction prohibiting the defendants from posting the DeCSS program on their Web site and from posting hyperlinks to other Web sites containing the DeCSS. The court was of the opinion that the DMCA was designed to target the program’s functional attributes, not its expressive ones. In other words, the court interpreted the DMCA as not prohibiting the making of lawful copies of DVDs; it simply prohibited the decryption method of copying.

Online copyright infringement is most certainly a concern for colleges and universities as Internet service providers, regardless of whether they are aware of the infringing conduct of users. Put another way, university officials should pay attention to the provisions of the DMCA insofar as technologically savvy students may take advantage of their institutions as Internet service providers. Unauthorized copying and downloading of material such as music and movies is rampant among students, as the facts revealed in the well-known Napster case (A & M Records v. Napster, 2001) and in Aimster (In re Aimster Copyright Litigation, 2003). Only ISPs actively enforcing policies to promote compliance with copyright laws will be able to take advantage of the limitations on liability that the DMCA provides.

Litigation Under the DMCA

Section 512(h) of the DMCA affords copyright holders “subpoena power” to compel ISPs to disclose the identities of infringing subscribers. Copyright holders are particularly active in using this provision in higher education settings where large numbers of students are presumed to be engaging in unlawful downloading and sharing of copyrighted works.

In litigation, though, the DMCA’s subpoena provision has met with mixed results. In Recording Industry Association of America v. Verizon Internet Services (2003), by way of illustration, the defendant ISP (Verizon) refused to disclose the name of an alleged infringer who downloaded 600 copyrighted songs in one day using peer-to-peer software. Verizon argued that the DMCA applied only when the infringing materials are stored on the provider’s space and not when the service provider’s space is used as a mere conduit for the alleged infringing material. The circuit court for the District of Columbia agreed with Verizon, reasoning that it is impossible for Internet service providers to take advantage of the limits on liability such as the removal of infringing materials or the disabling of access to such materials when the materials are not stored online. When infringing materials merely travel through the provider’s space without storage, the court explained that because providers have no way of identifying the materials or user, they cannot notify the users of the infringing conduct. Similar results may be possible for universities, which often provide only transmission, routing, or connections to digital online communications but do not modify or store content (Arista Records LLC v. Does 1–19, 2008; Recording Industry Association of America v. University of North Carolina at Chapel Hill, 2005). Still, subpoenas have not been quashed based on the argument that providing identities of computer users would violate the Family Educational Rights and Privacy Act (FERPA) (Arista Records LLC v. Does 1–19, 2008; Zomba Recording LLC v. Does 1–15, 2008). This interpretation is based on the notion that the information requested in subpoenas amounts to “directory information,” which is not subject to the nondisclosure rules of FERPA.

While there may be cases of undue burdens on college and university officials to provide names and contact information for alleged copyright infringers, especially when the copyrighted materials are not stored on institutional servers, it remains critically important that colleges and universities employ as many policies and practices as necessary to promote compliance with copyright laws.

In Aimster Copyright Litigation (2003), similar to the peer-to-peer file-sharing case in Napster, the Seventh Circuit upheld an injunction against Aimster, a file-sharing service that facilitates the transfer of files between users. Record companies and composers sought preliminary injunctions to shut down Aimster, arguing that its operation constituted contributory and vicarious infringement. Instead of adopting an “actual knowledge of infringement” test as the Ninth Circuit did in Napster, the Seventh Circuit adopted an “economic balancing test”:

If the infringing uses are substantial, then to avoid liability as a contributory infringer, the provider of the service must show that it would have been disproportionately costly for him to eliminate or at least reduce substantially the infringing uses. (p. 653)

The Seventh Circuit thus likened Aimster’s response to the infringing uses to “willful blindness.” Clearly, college and university officials must actively enforce policies and practices that promote compliance with copyright laws in order to avoid liability in the ever-changing technological world of higher education.

See also Intellectual Property

Further Readings

• Arista Records LLC v. Does 1–17, No. 07–6197-HO, 2008 U.S. Dist. LEXIS 106461 (D. Ore. Sept. 26, 2008).
• Copyright Act, 17 U.S.C. § 101, et seq.
• Daniel, P. T. K., & Pauken, P. D. (1999). The impact of the electronic media on instructor creativity and institutional ownership within copyright law. Education Law Reporter, 132, 1–43.
• Daniel, P. T. K., & Pauken, P. D. (2005). Intellectual Property. In J. Beckham & D. Dagley (Eds.), Contemporary issues in higher education law (pp. 347–393). Dayton, OH: Education Law Association.
• Daniel, P. T. K., & Pauken, P. D. (2008). Copyright laws in the age of technology and their applicability to the K–12 environment. In K. E. Lane, J. F. Mead, M. A. Gooden, S. Eckes, & P. D. Pauken (Eds.), The principal’s legal handbook (4th ed., pp. 507–519). Dayton, OH: Education Law Association.
• Harris, E. M. (2004). School houses rock: University response to the threat of contributory copyright infringement and forced compliance of the Digital Millennium Copyright Act: The entertainment industry may have won the battle against Napster, but can it win the war against universities? Rutgers Computer & Technology Law Journal, 31, 187–215.
• Metro-Goldwyn-Mayer Studios, Inc. v. Grokster, 545 U.S. 913 (2005).

Legal Citations

• A & M Records v. Napster, 239 F.3d 1004 (9th Cir. 2001).
• Arista Records LLC v. Does 1–19, 551 F. Supp. 2d 1 (D.D.C. 2008).
• Digital Millennium Copyright Act Pub. L. No. 105-304 (1998).
• In re Aimster Copyright Litigation, 334 F.3d 643 (7th Cir. 2003).
• Online Copyright Infringement Liability Limitation Act, 17 U.S.C. § 512.
• Recording Industry Association of America v. University of North Carolina, 367 F. Supp. 2d 945 (M.D.N.C. 2005).
• Recording Industry Association of America v. Verizon Internet Services, 351 F.3d 1229 (2003), cert. denied, 543 U.S. 924) (2004).
• Universal City Studios v. Corley, 273 F.3d 429 (2d Cir. 2001).
• WIPO Copyright and Performances and Phonograms Implementation Act, 17 U.S.C. §§ 1201–1204.
• Zomba Recording LLC v. Does 1–15, 2008 U.S. Dist. LEXIS 106500 (E.D. Ky. June 2, 2008).