A New Breed of Copyright Issues

Don’t worry, we’ll get to the Napster Case.

Few areas of law are being tested, prodded and challenged in the public forum as much as copyright law.  Old notions of legal standards are being scrutinized, or ignored.  The federal copyright statute has nearly doubled in size in the past ten years -- with some portions not even dealing with pure copyright issues.  Exceptions and safe harbors are being inserted into bills -- and enacted -- at the last minute, at the behest of certain interest groups.  The Digital Revolution -- with burgeoning software and online content -- is forcing Congress to question the basic tenants of copyright law and stay within the Constitutional requirement “to promote ... useful Arts.”  The way a lawyer must practice and apply copyright law has become much more complex.  As the digital world grows, new issues such as privacy and database usage become a part of the “copyright universe.”  All the while, most laymen just want to download music for free.  Don’t worry, we’ll get to the Napster case.

Any discussion must start with the basics.  To see how changes have occurred, you need to appreciate the building blocks.  Copyright law protects “original works of authorship” and gives the author a limited monopoly of sorts.  The author has the exclusive right to reproduce, distribute, perform and display the work as well as to create derivative works based upon the work.

Although the Constitution secures these rights for “limited times,” in recent years, the duration of a copyright has been extended.  Where once a copyright could be held for a maximum of 47 years, the term of a copyright now can extend for the life of the author plus 70 years, or, in the case of a corporation, the lesser of 95 years from publication or 120 years from creation (for works created on or after March 1, 1989).  A copyright’s duration depends on when in the legislative continuum the work was created.  Earlier this year, the Supreme Court upheld as constitutional the extension of copyright limits to their present length (Eldred v. Ashcroft, 537 U.S. 186 (2003)).  Many thought the 1998 Sonny Bono Copyright Term Extension Act was a nefarious plot by Disney to ensure that Mickey Mouse did not enter the public domain.  While Disney certainly benefited from extra years of exclusive use of its signature character, the Supreme Court found nothing unconstitutional with Congress’ expanding the limits to these new levels.  In determining the length of a copyright, a practitioner must carefully consider when a work was created, as different durations apply to different years of creation.

While not rising to the level of Supreme Court intervention -- yet -- privacy concerns most certainly must be a focus of anyone dealing with the Internet and new technology.  “Online privacy” has grabbed a lot of attention, yet there are only a few legislative efforts that have been enacted to address the issue.  Certain industries -- many with far-reaching effects -- have promulgated regulations for the protection of data related to their industries.  Reams have been written about HIPPA’s effect on medical and health data, and on Graham-Leach-Bliley’s effect on how financial and banking information is gathered, stored and disseminated.  So much has been written that this article will not endeavor to explain those important aspects of privacy.

The immediate inquiry for an attorney concerned about the contents and operation of an Internet website should be on what information can be collected from visitors to a website, and how that information can be used.  If a website’s target audience is children, or the site is likely to attract children, then as a lawyer, you must advise your client that the Children’s Online Privacy Protection Act (“COPPA”) applies.  If the website is not child-focused, then there are no direct regulations.  For now, Congress has allowed the area to be self-regulated.

Websites that fall under COPPA are required to follow certain requirements in the collection of children’s personally identifiable information.  These include: providing dear, prominent notice of what information is being collected, how it is used and how it is disclosed; obtaining “verifiable parent consent” before collecting, using or disclosing any information; providing an opportunity to review and restrict the use of the information; and establishing security methods to safeguard any information collected.

Whether or not a website is regulated, an attorney should always consider suggesting that a privacy policy be developed for the site.  A good privacy policy should address whatever regulatory requirements are relevant and should include a description for the site’s user of how information collected on the site will be used.  Because websites can surreptitiously collect digital information from the computer of the visitor, the privacy policy should also address how the information from that digital information -- called “cookies” -- will be used.  Because many consumers will want to know that the information gathered will not be sold to mailing lists, internet “spam” solicitors or telephone marketers, privacy policies often describe the constraints the website places on its use and distribution of the data.  Many companies decide that for marketing purposes, they want to be consumer-friendly and state that they will not provide the collected information to these undesirable entities.  However, a privacy policy must be drafted with an eye toward the future, and the policy should not be too restrictive in prohibiting others to use the data. One court has held that a policy stating that the company would “never” allow a third party to use its data meant that the company’s asset of a database could not sold in bankruptcy -- thus imperiling the restructuring of the company.

While drafting a privacy policy, an attorney should also consider whether her client’s situation demands that she include certain “safe harbors” under the Digital Millennium Copyright Act (“DMCA”) 17 U.S.C. § 512.  The DMCA has caused a lot of discussion over the extent to which software developers can stop people from copying their software.  The DMCA includes strong -- some say draconian -- language limiting the ability of third parties to reverse engineer software.  The proponents of the DMCA say the strong language was needed to prevent software pirates from stealing legitimately protected software.  The opponents of the DMCA say that the measures inhibit the long-accepted premise that a certain amount of “fair use” of copyrighted work is allowed and that a healthy amount of reverse engineering is necessary to foster uniform computer programs and compatible systems.  A strict reading of some portions of the DMCA allow it to prohibit copying, even if the materials copied are not otherwise protected by copyright.

Since its enactment in 2000, the DMCA has already caused quite a stir.  The most celebrated case is of a Russian programmer being jailed after he entered the country to give a lecture.  The programmer had posted in his website the method of breaking through certain encryption features of software.  Because the DMCA can be read to make that activity illegal, the Justice Department sought to make an example of such a flagrant act.  The DMCA also has gained some notoriety because some say its enactment was slyly shepherded through while Congress was pre-occupied with the impeachment proceedings of President Clinton.

Beyond these extreme cases, the DMCA does provide some needed protection for Internet service providers who host websites that include content that others may provide.  Prior to enactment of the DMCA, a website operator could be liable for copyright infringement if someone else posted infringing material on their website.  The DMCA now provides relief from such liability.  The relief comes in the form of language that should be posted in a website’s “legal language” to explain what controls the website operator employs.  Though the more famous beneficiaries of the protection are ISP’s such as AOL who invite third party content, there are many companies who allow third parties to include information on or through their website.  To make use of the protections, the ISP’s must not be the infringers themselves, must take reasonable actions to eradicate the infringement when they know about it and must otherwise be operating in a non-culpable manner.

One key feature of the DMCA is that for an ISP to make use of this insulation from suit, it must establish a designated agent to receive notice of alleged, copyright infringement, and must make the agent’s contact information available to the public through its website and to the Copyright Office.  The DMCA also specifically insulates from liability a company that merely routes Internet messages and does not become involved in who gets what types of content.  The DMCA also provides a safe harbor to ISP’s who merely provide a link to infringing materials.

A practitioner whose client is more involved in the Internet also will have to understand something about protecting a database.  In our “information society,” the information included in a database can be enormous.  A dozen years ago, the Supreme Court provided copyright protection to collected data so long as some creativity was used in deriving a database.  In Feist Publications, Inc. v. Rural Telephone Service Co., 499 U.S. 340 (1991), the alphabetically listed data in a telephone directory was deemed not subject to protection.  Courts do acknowledge that more creatively organized and assembled collection of data can be protected.

If your client wants to protect its data, it needs to have made its own conclusion about what factors are important and unimportant, and what data can be omitted or discarded. For example, a list of data for a business that includes only name, address and telephone number may be freely used by third parties without violating a copyright. But when the data includes information about the frequency of a customer’s visits or the dollar value a customer spends, then the data becomes protectable due to the creative selection of data.

A client who wants to use data compiled by another should not be fooled into thinking that all mundane information can be copied.  It is enticing to think that data available on a myriad of websites can be culled and regurgitated for a client’s own dissemination.  As the attorney, you should warn your client to be aware of the licensing language that accompanies any data they might access.  Most companies who provide databases for third parties do so only under a specific license.  Even the online purveyors of data keep strict controls over how data can be used.  The licenses protect the data through contract terms, where copyright protection may fail to protect the mundane features of the data.  Generally, the scenario is that your client is only allowed to view the data if it agrees -- usually by “clicking here” -- to contract terms prohibiting the further use or distribution of the data.

Even states have gotten into the act.  Though many databases of state records are online, some state legislatures have enacted laws prohibiting the commercial re-use of the data provided.  Before your client believes it can reuse data available online, the prudent attorney will inspect the websites from which the data was derived and determine if any licensing language prohibits the use of the data as the client intends.

This area of law is still in some flux, however.  The copyright notion of “pre-emption” states that the copyright law pre-empts any state law claim based on the same set of facts.  Because the contract claim that a database provider would use is a state action, defendants have said that the state claim is pre-empted and that the federal copyright law does not protect databases with such general information.  Circuits are divided on the pre-emption issue as it relates to databases, with the Fourth Circuit tending to come down with a slightly broader reading of the ability of copyright law to pre-empt a state claim.  However, there is still a risk in totally ignoring language in a website that restricts the use of the data that is provided.  Plaintiffs have also raised traditional causes of action such as misappropriation, unfair competition and trespass to chattels when faced with a defendant who used data on the plaintiff’s website in a manner not to the plaintiff’s liking.  Any of these theories could avoid a pre-emption defense.  Additionally, if information is gathered from the Internet, it allows a plaintiff more opportunity to shop for a forum that does not avoid a state claim due to pre-emption.

An obscure portion of the Copyright Code was recently changed and should be noted.  When a copyright is transferred and has not been relinquished, there is an opportunity to take back the rights in the future.  Effective January 1, 2003, 17 U.S.C. § 203, was revised so that authors may terminate the copyright grants between the 35th and 40th years following execution of the grant.  In the case of grants including the right of publication, such grants may be terminated the earlier of 35 years after publication in accordance with the grant or 40 years after the grant is executed.  As with grants that do not include the right of publication, the termination period is five years.  Attorneys whose clients make copyright grants should inform their clients of this option and calendar the appropriate expiration date to provide a later notice to the clients.

A few years ago, Maryland was abuzz because it was the first state to pass a version of the Uniform Computer Information Transactions Act (“UCITA”), (“MUCITA” in Maryland).  Only a few states have since passed UCITA.  The intent of UCITA is to create a uniform state law similar to the Uniform Commercial Code (“UCC”), that is applicable to computer information transactions. UCITA is intended to provide “gap fillers,” when a contract respecting software did not address all necessary aspects of the transaction.  UCITA has lost an amount of luster because attorneys are drafting contracts that opt out of UCITA’s coverage.

For those who do not opt out, or who wish for the statute to help fill out contract terms, there are some beneficial aspects to the statute.  MUCITA clearly validates click-through and shrink-wrap type agreements where there is no written agreement from the user, but instead the “agreement” is formed by unwrapping the disk or CD on which the software is stored or by clicking on a certain part of a website to acknowledge that the user agrees to use the software under the terms of the license provided online.  MUCITA also sets out certain express and implied warranties and prohibits licensors in mass-market licenses from disclaiming warranties of merchantability and fitness for a particular purpose.  MUCITA also prohibits licensor self-help in mass-market licenses, and provides strict guidelines for such action in other licenses.

Independent authors and artists scored a significant victory when the Supreme Court found that large media companies could not “repackage” entire works to which the artist contributed.  The case of Tasini v. New York Times, 533 U.S. 483 (2001), should have attorneys for inde pendent contractors primed to protect their clients’ rights.  In Tasini, a freelance writer had contributed a story with the publisher’s agreement that his story would appear only as one of a number of stories in a publication.  When the magazine publisher allowed online resources such as Lexis to reprint the entire publication, users were able to view the article on its own and not as part of the larger publication.  The Court found that the publisher had no rights to allow for the reproduction of just the article.  Attorneys for writers and other artists should read this case as a chance to gain further protection and fees for your client.  Attorneys for publishers should read Tasini as a warning that all contracts should address the issue of Internet use and the possibility that the independent contractors’ work might take a different form.

Perhaps the most talked-about aspect of copyright law is the recent line of cases and the entire societal trend known by the first case of its kind: Napster. (A&M Records, Inc. v. Napster, Inc., 239 F.3d 1004 (9th Cir. 2001)).  The broad question raised by Napster is whether it is contrary to copyright law for individuals to “share” their digital files by allowing others to access their personal files on their computer at home and copy certain files, most notably, songs which the user has copied onto their hard drive.  Such file sharing has driven the recording industry into a frenzy and is certain to do the same to any other industry that mass markets its copyrightable work.  The issue has arisen now because technology has allowed for very fast transmission of these relatively large computer files.

The debate rages on as to whether any law should prohibit this activity.  Some equate this activity as merely lending your friend a CD that you bought, so there is no harm.  Others see it a significant disincentive to create new work if there is no method of being paid for the copies people make and use. Still others, such as Apple Computer has avoided the debate, as Apple has harnessed the desire for easy access to songs online by offering the right to download a song for 99¢.

Under copyright law, when you purchase a CD at a store, you are merely acquiring the right to play the songs for your own personal use.  The artist -- or his assignee such as the recording company -- retains the right to reproduce the song.  Thus, when you copy a song from someone else’s computer, you are making an unauthorized copy.  If you only do this a few times, you might have the defense that your copying is so minimal that it is a fair use.  The recording industry has been hesitant to sue consumers directly whose copying has gone beyond the “fair” use, for fear of a public relations backlash (although some suits are springing up against individuals making a significant number of unauthorized copies).  Suing a consumer may be a winnable case, but it would be a marketing nightmare

So the recording industry decided to sue the entity that created the software and ran the system that facilitated the file sharing.  Since the users exchanged materials directly, Napster itself was not involved in the music transfer and could not commit primary copyright infringement.  The Recording Industry Association of America (“RIAA”) brought suit against Napster alleging contributory and vicarious infringement.  To prove contributory infringement, the plaintiffs were required to show both that Napster knew that its users were infringing and that Napster had materially contributed to this infringement.  The 9th Circuit found that Napster had both actual and constructive knowledge that its users were infringing plaintiff’s copyrighted works.  The 9th Circuit also found that in providing server space and software, Napster provides the “site and facilities” to enable infringement and thus materially contributed to the infringement.

Respecting vicarious infringement, the plaintiffs had to show that Napster had the duty and ability to supervise the infringing activities of its members and that Napster had a financial stake in those activities.  The court found that Napster failed to “police” its system to prohibit the infringing activities.  The court also found that Napster’s financial well-being was directly related to its members’ ability to continue their infringing activities.

Believing that the Napster case was lost on these “technicalities,” new systems have evolved that do not operate in the way that doomed Napster.  These new programs, such as StreamCast’s Morpheus and Grokster’s Kazaa, operate similarly to Napster in that they are freely distributed and allow users to directly share files.  However, they differ from Napster in that they do not require a centralized computer with a list of available songs to facilitate the transfers.

In Metro-Goldwyn-Mayer Studios, Inc. v. Grokster, Ltd., CV 01-08541-SVW (PJWx), CV 01-09923-SVW (PJWx), 2003 U.S. Dist. LEXIS 6994 (C.D. Cal. 2003), the court determined that this is a crucial difference.

As was the case with Napster, there was evidence of direct infringement by users of defendants’ programs.  However, since defendants’ systems did not involve a centralized computer, the court found that defendants could not have materially contributed to users’ infringing activities and as a result, there could be no contributory infringement.  Without a centralized computer, the court found that the defendants were unable to supervise the infringing activities of their members and thus, there was no vicarious infringement.  These fights will wage on.

As new technologies are developed, a copyright lawyer will have to continue to apply existing laws to unpredicted situations.  Legislative efforts will most likely remain a step or two behind current technology, and the societal debate over free access versus payment for creative work will remain.  It makes the practice of copyright law exhilarating.

A version of this article was published in The Maryland Bar Journal Volume XXXVI, Number 6 November/December 2003.