Not Every Cease-And-Desist Letter is a DMCA Takedown Notice

Today, the Chilling Effects Clearinghouse posted a cease-and-desist letter from MediaDefender to gpio.org complaining that MediaDefender's leaked emails had been posted to the site. The operator of the site, which subsequently moved to http://mediadefender-defenders.com (but not because of the letter), also posted the letter and his reply. His reply quite effectively points out that he and his server are in Norway and thus "it appears that your legal grounds for throwing letters at me claiming this-or-that is shaky enough that you might want to relocate."

This exchange reminded me of an article in Ars Technica a few weeks back discussing the reactions of peer-to-peer site operators to similar letters from MediaDefender. I meant to post on this article at the time, but forgot about it until today. The gist of the story is that some peer-to-peer site operators received cease-and-desist letters from MediaDefender and responded with blistering comments ridiculing the MediaDefender lawyers for their impoverished understanding of U.S. copyright law. For example:

[isoHunt's] formal response to SMR&H is filled with caustic wit and considerable legal expertise. "If Mr. Gerber is truly as experienced in IP law as his bio claims he is," asks the isoHunt administrator in his response, "why is it that he is incapable of composing a DMCA takedown notice as per USC Title 17 Section 512?" The isoHunt administrator explains that Gerber failed to adequately specify the allegedly infringing content as required by law. The administrator also helpfully provides a link to a valid sample complaint so that SMR&H will be less likely to send the improper information in their second attempt. The following is an excerpt of the isoHunt administrator's response:

"This e-mail serves as a counter notification under USC Title 17 Section 512(c)(3)(A)(iii) that you have failed to properly identifying links to content that allegedly infringes your copyright/trademark/rights (or, in this case, has something to do with really embarrassing trade secrets *and* employee social security numbers) AND you have failed to address your e-mail to the appropriate agent, namely copyright@isohunt.com, so I invite you and your clients to take a long walk off a short pier, since you and/or your clients might actually manage to NOT get something that simple wrong."

In closing, the isoHunt administrator says that the he will comply with the request if it is properly submitted. "Despite us being located in Canada, if you do actually figure out how to compose a valid DMCA notice, we will honor it," he concedes, "just as soon as we're done laughing at you."

Don't get me wrong -- I understand the widely felt animosity towards MediaDefender these days. But I'm not so sure that isoHunt's "considerable legal expertise" hits the mark here. The DMCA notice-and-takedown provisions, found at 17 U.S.C. 512(c), only apply to claims of -- wait for it -- copyright infringement. Now, I didn't see the letter that isoHunt received, but it's a good bet that it's identical to the one gpio.org received. Guess what? No claim of copyright infringement there -- just the assertion that posting MediaDefender's emails violates (1) the federal Computer Fraud and Abuse Act; (2) the federal Electronic Communications Privacy Act; and (3) the California Computer Data Access and Fraud Act. (This fits with Ars Technica's description of the isoHunt letter, which apparently cited "various sections of the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act, and the California Computer Data Access and Fraud Act.")

The letter requests that gpio.org "immediately and permanently cease and desist from posting, distributing or otherwise making available MediaDefender's trade secrets and confidential information, and provide us with written confirmation regarding the same." This essentially looks like a trade secrets case, albeit a complicated one.

The formula is simple: no claim for copyright infringement, no DMCA takedown notice, full stop.

My guess is that MediaDefender is not asserting claims of copyright infringement because of an important case, Online Policy Group v. Diebold, Inc., 337 F. Supp.2d 1195 (N.D. Cal. 2004). In that case, Diebold, a manufacturer of electronic voting machines, sent DMCA takedown notices to a number of ISPs that were hosting leaked internal Diebold documents revealing flaws in its machines. The DMCA notices claimed that posting the company's internal email archive violated Diebold's copyrights and demanded that access to the email archive be disabled. An ISP and the two college students who were posting the documents sued Diebold, and the district court held that Diebold had violated Section 512(f) of the DMCA, which makes a copyright owner liable for damages, including costs and attorneys' fees, for "knowingly materially misrepresent[ing]" in a takedown notice "that material or activity is infringing." The court found that portions of the email archive were so clearly subject to the fair use exception that "[n]o reasonable copyright holder could have believed that [they] were protected by copyright." According to the EFF, Diebold subsequently agreed to pay $125,000 in damages and fees. Needless to say, there are some strong factual similarities between the Diebold leak and MediaDefender's troubles over the last couple of weeks.

There was no reason why MediaDefender had to send isoHunt a valid DMCA takedown notice under the circumstances, and the company's mocking response -- while amusing -- was not coherent from a legal point of view. This was just an ordinary cease-and-desist letter, much like the ones that website operators receive all the time in defamation cases. The DMCA gets a great deal of attention in discussions of online speech, especially in technical circles. This attention is warranted, and vigorous debate about this controversial provision of the Copyright Act is necessary. But it's important to remember that there are other legal issues affecting your online activities.

Content Type: 

Subject Area: 

Comments

To understand the mockery

To understand the mockery one must consider that

(a) the federal Computer Fraud and Abuse Act;
(b) the federal Electronic Communications Privacy Act; and
(c) the California Computer Data Access and Fraud Act

are US laws. This fact seems to escape arrogant lawyers sending threats overseas. America acts otherwise, but there are still Sovereign nations beyond its borders.

To understand the mockery of "Guest"

To understand my mockery of "Guest"'s comment, one must consider:

Personal Jurisdiction

A person is subject to in personam jurisdiction on any of the following theories:

...

(4) Minimum Contacts. Having sufficient dealings or affiliations with the forum jurisdiction which make it reasonable to require the defendant to defend a lawsuit brought in the forum state. (Int'l Shoe) Hence, a defendant who has never set foot in California may nevertheless be subject to valid personal jurisdiction so as to be compelled to defend a lawsuit in California provided that he has minimum contacts with the forum state such that compelling him to appear and defend in the forum does not offend traditional notions of fair play and substantial justice. (International Shoe Co. v. Washington, 326 U.S. 310, 66 S.Ct. 154, 90 L.Ed. 95 (1945).)

trade secrets by definition must be a 'secret'

My boss pointed me to this site and there are a few things that I would like to clarify for the benefit of Sam Bayard.


just the assertion that posting MediaDefender's emails violates (1) the federal Computer Fraud and Abuse Act; (2) the federal Electronic Communications Privacy Act; and (3) the California Computer Data Access and Fraud Act.

(1) Since isoHunt, its employees or agents did not knowingly, intentionally or accidentally access anybody's gmail accounts, this point is very reasonably moot. You ARE welcome to argue this. (also, the indexing system of isohunt.com is an automatic process which happens without human interaction, so it cannot be charged that we made any particular effort to specifically pick up files with metadata in them which may or may not describe some emails a company which admits to breaking the law might have had leaked onto the internet.)
(2) Since the reported method of collection of the emails in question involved the compromise of a gmail account, it cannot reasonably be argued that the emails were 'in transit' at the time of collection by unknown parties, hence the MD lawyer's argument falls flat.
(3) see #1 -- also, since neither isoHunt, its employees or agents are attempting to profit specifically from any information included within the leaked emails, fraud allegations would most likely be completely baseless in the eyes of the court.

While I do appreciate your arguments, I would also like to point out that a trade secret by definition is a secret, and that claims of illegal dissemination of a trade secret cannot be made when said secret has already become public knowledge. The moment this story hit the news outlets and more importantly, when mediadefender-defenders.com was launched, and even MORE so when SMR&H issued their C&Ds, which really did nothing but confirm that the emails were in fact MD leaks, all claims of 'trade secret' flew out the door.

SMR&H should have known that once the cows have gone out to pasture, it makes no sense to close the barn.

isoHunt is located in Canada, not the United States. That I know of, we have no intention of ever suing anyone for invalid notifications. Furthermore, it's a matter of 'good faith' that we accept properly formatted DMCA notices from copyright holders or their agents. As long as they hold the rights to the content in question, we'll remove it! So... a safe bet would have been a 'proper' DMCA Notice sent to the appropriate agent -- which SMR&H didn't even get right the 2nd and 3rd times they emailed us (actually asking for reprieve under the DMCA, just completely ignoring the 'sufficient identification' and 'designated agent' clauses).

re: trade secrets by definition must be a 'secret'

I appreciate your comments. It's useful to have the perspective of someone from the inside. I have no opinion about the merits of MediaDefender's trade secrets claim. My point is simply that, from the looks of MediaDefender's letters to others and the description of the isoHunt letter in the Ars Technica article, there is no assertion of copyright infringement, and thus DMCA takedown procedures are entirely besides the point. It would be interesting to see what MediaDefender wrote in the 2nd and 3rd letters -- I'm not sure I understand what "asking for reprieve under the DMCA" is?

As to "As long as they hold the rights to the content in question, we'll remove it" -- this is a good strategy when someone is making a claim of copyright infringement, because that way your site will enjoy immunity from a copyright-based lawsuit under the DMCA safe harbor provisions. But, if the"rights" asserted are trade secrets, the safe harbor provisions do not apply, and the question about whether to remove the material or not is more complex. It might be a good situation for talking to a lawyer with expertise in trade secret law. If you dispute the fact that the material in question is a "trade secret," then you don't need to take it down, regardless of whether or not the cease-and-desist letter is sent to the "appropriate agent."