Under the US Digital Millennium Copyright Act (DMCA) online service providers are liable for illegal file-sharing on their service unless certain conditions are met, including that "the service provider responds expeditiously to remove, or disable access to, the material that is claimed to be infringing upon notification of claimed infringement". This defence against liability is known as 'safe harbor' protection.
MP3Tunes is an online music storage website that allows users to store music in their own "lockers". The website also lets users add music to their locker using technology operated by its sister website sideload.com. The website allows users that find music on other websites to "sideload" the files into their MP3Tunes locker and stores searchable links to the files for others to find, according to the ruling.
Global music company EMI, which licenses the use of music by artists such as The Beatles, Kylie Minogue and Coldplay, argued that MP3Tunes was in breach of its copyright. It sent takedown notices which requested MP3Tunes remove "350 song titles and web addresses" and "all of EMI's copyrighted works, even those not specifically identified", the ruling said.
MP3Tunes deleted the links to the copyright infringing content EMI identified but did not remove the files themselves from users' personal lockers and did not delete all EMI copyrighted works, the ruling said. The court ruled that the company was in breach of EMI's copyright because it did not remove the content from the personal lockers.
"MP3Tunes was obligated to remove specific works traceable to users' lockers," the court said in its ruling (29-page / 1.27MB PDF).
"Because MP3Tunes keeps track of the source and web address for each sideloaded song in each users' locker, EMI's notices gave sufficient information for MP3Tunes to locate copies of infringing songs in user lockers," it said.
"There is no genuine dispute that MP3Tunes does not qualify for safe harbor protection for songs stored in users lockers that were sideloaded from the unauthorised websites identified in the ... takedown notices," the ruling said.
The court said that MP3Tunes did not have to delete all EMI copyrighted content from its site because the rights holder had not identified where infringing content could be located.
"Absent adequate notice, MP3Tunes would need to conduct a burdensome investigation in order to determine whether songs in its users' accounts were unauthorised copies," the ruling said. "The DMCA does not place this burden on service providers," it said.
The court said that MP3Tunes employees did not know when sideload links were copyright infringing and that therefore by reacting to EMI's takedown requests it showed there was "no genuine dispute" that the company qualified for relief from being a contributory copyright infringer through its linking to infringing content.
"MP3Tunes does not purposefully blind itself to its users' identities and activities," the court said.
"In contrast, MP3Tunes tracks the source and web address of every sideloaded song in its users' lockers and can terminate the account of a repeat infringer. And MP3Tunes employed those resources to implement its policy by terminating the accounts of 153 users who blatantly allowed others to access their lockers and copy music files without authorisation," it said.
"MP3Tunes responded to [EMI's] notices and removed the links listed on sideload.com," the court ruling said.
Michael Robertson, the owner of MP3Tunes, was ruled to be "directly liable for the songs he personally sideloaded from unauthorised sites".
Intellectual property law expert Iain Connor of Pinsent Masons, the law firm behind OUT-LAW, said the case illustrated the balance between the interests of rights holders and service providers.
"In order to strike a balance between the interests of copyright owners and online service providers, the US Digital Millennium Copyright Act provides certain “safe harbour” provisions which put limits on the remedies available to copyright holders in the event that infringement is found. This case demonstrates how US law strikes this balance," Connor said.
"Rights holders must properly identify both the copyright works and the location of the infringing works and the online service provider must act quickly to remove these works. Where EMI simply said “remove all songs”, MP3tunes was entitled not to act and could rely on the “safe harbour” provisions as it did not have any knowledge that its site was being used for illegal purposes. However, MP3tunes was liable for infringement where it had specific knowledge of copyright infringement and did not act," Connor said.
"The lesson for rights holders is to ensure that any cease and desist letter is very specific and identifies the location of every infringing work. On the other hand, online service providers need to act quickly on receipt of letters and remove the works specifically identified but do not have to go beyond that and take down other material that may infringe as there is no obligation to investigate general claims of infringement. If the case was brought in the UK, the defences under the E-Commerce Directive would operate in a very similar manner," Connor said.
Under the provisions of the E-Commerce Directive a service provider that complies with the laws is generally not liable for any material where it acts as a mere conduit, caches the material or hosts the material.