Over the past year Amazon, Google and Apple have all launched “cloud” music services of one kind or another. From the press, one could be forgiven for thinking that cloud storage is the hot new thing; but while it is certainly hot, it is not especially new. Generally speaking, “cloud” storage simply refers to data storage that is accessible over a wide area network (usually the Internet).

Typically, the term is used to refer to storage space sold as a service by third parties who own, manage and control the servers to users who need a place to store their data. The owner of the servers leases out space at a certain price per gigabyte, often with some free space up front, and the user can store whatever he or she wants there. The model has been around for a many years, but it is becoming more and more popular as fast Internet connections become ubiquitous and devices shed storage capacity and processing power to become cheaper and more mobile.

Cloud storage has numerous advantages over local storage—it ensures that all devices are accessing the same data, it largely eliminates backup and data loss issues, and it makes data available wherever there is a sufficiently fast internet connection. It may also be the only solution for some applications: Extensive collections of media may be too large to fit on the limited storage available on mobile devices or tablet computers. If, for example, a lawyer wants to have access to an entire document production on her iPad, the production can be stored “in the cloud” (on a service such as DropBox) and accessed wherever there is a wireless signal, even if the production is far too large to store locally on the device.

A more mainstream example—and the one driving much of the current rush to adopt these services—is music. Music files are large enough to require substantial storage space, small enough to stream over relatively low bandwidth (such as a 3G wireless connection) and desirable to have available on mobile devices. The enormous music libraries many users have amassed (through legal means or otherwise) are far too large to store on current mobile devices, so cloud storage is a perfect solution and many familiar names have rushed to fill the space.

Unsurprisingly, however, this business model brings with it various legal issues for the cloud storage provider. The provider has hundreds of thousands of clients uploading millions of files to its service. In the case of a “music locker,” many of these will likely be unauthorized copies of copyrighted works. Is the service required to police its uploads for infringement? Does it engage in direct or contributory infringement when it copies the files to its servers (or backs them up)? Does it engage in a “performance” of the works when it transmits them back to the users who uploaded them? Many of these issues were addressed recently in an opinion on cross motions for summary judgment in Capitol Records Inc. et al., v. MP3tunes, LLC et al.,1 a case pending in the federal court in the U.S. District Court for the Southern District of New York. Although the specific facts of the case make it an imperfect proxy for the larger commercial music offerings from Amazon, Google and Apple, it is nonetheless worth a close look.

The MP3tunes Service

The MP3tunes case concerns a music locker site, MP3tunes.com, founded in 2005 by Michael Robertson, a pioneer in the digital music business and (as the court noted) a man “familiar with high-stakes copyright litigation.” Robertson was the founder of MP3.com, a very early music locker site that attempted to provide on-line access to music, without requiring uploads, to any user who could prove ownership of a physical CD. That site was on the losing end of a suit by the record companies,2 but Robertson appears to have crafted his new offering to avoid those pitfalls. As one commentator noted, “MP3tunes.com looks like a site that was designed by Robertson in consultation with copyright law experts with the objective of figuring out just how much they can get away with without record company licenses.”3 Whether or not that was Robertson’s intent, the features and technical implementation of the site bring out a number of issues that are central to any discussion of cloud storage, and several of these issues are addressed in the court’s opinion.

MP3tunes.com is not associated with any commercial music provider, so users cannot buy music online and have it appear in their “lockers.” Users get music into their online storage in one of two ways: They can upload their own content from a computer or they can use Sideload.com, a search site owned by MP3tunes.com, to search the Internet for music and load that music directly into their personal storage. Music files uploaded from a user’s computer may or may not be authorized copies. Music files downloaded from the Internet via the Sideload.com search site (or “sideloaded”) also may or may not be authorized copies, but Sideload.com purports to be a way to find legitimate free music, not pirate sites.

MP3tunes.com has policies in place that prohibit the uploading of pirated music, and it bans users who are found to have repeatedly violated those policies. It also removes sites that carry pirated music from the Sideload.com search results. However, once a user has found a song through Sideload.com and sideloaded it into online storage, that copy of the song remains in storage even if the site is removed.

MP3tunes.com does not proactively police its servers for copyright violations, and it does not remove sideloaded songs from users’ storage, even when it becomes aware that those songs come from pirate sites (for example, through a take-down notice). MP3tunes.com also implements a “deduplication” algorithm on its file system designed to eliminating identical copies of files from the server and replace them with “pointers” to a single file. Each of these features and implementation details was the basis for an infringement or contributory infringement claim by the record company plaintiffs against MP3tunes.com, some successful and some not. In aggregate they provide the beginnings of a roadmap of permissible conduct for similar services.

The Safe Harbor Provision

The primary question in MP3tunes was whether the “safe harbor” provision of the Digital Millennium Copyright Act (DMCA) should apply to the service.4 The DMCA generally protects qualified service providers from the infringing acts of users, provided they meet certain criteria. Essentially, to be protected, a service provider must be “innocent.” This means, among other things, that

(i) it must implement a reasonable policy to deal with repeat infringers;

(ii) it must respond quickly and appropriately to remove infringing material of which it has actual knowledge (for example, through a DMCA “take-down” notice);

(iii) it must not ignore “red flags” or otherwise be willfully blind to infringement; and

(iv) it must not control or benefit from the infringing activity. Plaintiffs claimed that MP3tunes.com failed all of these criteria, defendants disagreed and the court found something of a middle ground.

The court found first that the MP3tunes.com service falls squarely within the DMCA safe harbor provisions at 17 U.S.C. §512(c), which deals with safe harbors for storage providers. The court further found that, absent some reason to suspect infringing activity, MP3tunes.com has no obligation to police uploads from its users and that its policy of banning users who had been caught repeatedly uploading infringing material met DMCA requirements. Thus the basic “storage locker” model was found to be entirely protected, as it has been in the past.

The “sideloading” model required more analysis. The court found that MP3tunes.com’s search site, Sideload.com, was also entitled to safe-harbor protection (under 17 U.S.C. §512(d), which deals with search engines) despite the fact that it returned results from sites such as RapidShare.com, which is known to contain some infringing material. Plaintiffs asserted that the mere presence of known “file sharing” sites in the search results should constitute “red flags” sufficient to defeat the DMCA safe harbor, but the court held otherwise. It specifically found that words like “free,” “mp3″ and “file-sharing” do not provide “red flag” notice of potential infringement, and that such notice can only arise from words like “pirate” or “bootleg” in the site name.

Turning to the specific infringing sites identified by plaintiffs in their DMCA take-down notices, however, the court found in favor of the plaintiffs. A DMCA take-down notice is a formal, sworn demand (described at 17 U.S.C. §512(c)(3)) to remove specifically identified infringing materials from a specific location. Plaintiffs had provided take-down notices relating to several websites, and those notices identified specific works found on those sites. MP3tunes.com responded by removing the offending sites from the Sideload.com search results, but it did not go back and scrub the identified works downloaded from those sites from users’ individual storage, which it could have done since it maintained data on the source of all sideloaded material.

The court found that plaintiffs could not make a general demand for removal of their “copyrighted works,” but that as to the specific works and sites identified in the take-down notices, MP3tunes.com was required not only to remove them from the search results at Sideload.com, but also to remove them from users’ online storage. Having failed to do so, the court held that MP3tunes.com was not entitled to the safe harbor as to those particular files.

Infringement

Having established the lack of a safe harbor for those files identified in plaintiffs’ take-down notices, the court went on to find MP3tunes.com liable for contributory infringement as to those files. Having received the notices, MP3tunes.com knew or had reason to know of the infringement and, by supplying the servers, it materially contributed to the infringement—the two elements of a claim for contributory liability. The court rejected a number of defenses in reaching this conclusion, including MP3tunes.com’s assertions that plaintiffs had abandoned their copyrights by distributing some songs in limited free release (for viral marketing campaigns) and that they had failed to prove the songs were works made for hire. These are defenses to infringement commonly asserted in cases such as this—and as commonly rejected.

Plaintiffs also asserted that the de-duplication system used by MP3tunes.com in its file system violated its performance rights by using a single “master copy” of each uploaded file rather than “retaining” the “actual copy” of the file uploaded by the user. This is the kind of argument that makes technically sophisticated lawyers cringe—the phrase “actual copy” has no meaning in this context—but as a legal matter it is not simple.

The copyright law permits a copyright holder to control the “public performance” of an audiovisual work.5 Allowing a user to download a file that he or she has previously uploaded is not a “public performance,” but there is law to suggest that serving a single “copy” of a file to multiple users could constitute a public performance (even if each of those users owns a legal copy), which would require a license. This area of the law is largely unsettled, and the law that exists is a mess because it was made in the context of physical copies of video tapes and CDs, but here the court correctly refused to fall into the trap of equating data on a server with copies of physical media. The court found that a data compression algorithm that eliminates redundant data does not, as a matter of law, create a “master file” of the kind that would create public performance issues. Plaintiffs’ public performance claim was therefore denied.

Conclusions

Plaintiffs’ DMCA take-down notices identified thousands of infringing files on the MP3tunes.com service, and MP3tunes.com is liable for every one of them, so this is potentially a multi-million dollar loss for Robertson, but he and others have spun it as a win. Why? In general the court approved the music locker business model and the sideloading concept (provided the sideloads come from legitimate sources), clarified the scope of the service provider’s obligations under a take-down notice and rejected the idea that licensing is required for the storage techniques necessary to make the model work on a large scale. Although the major players have structured their offerings (or paid for licenses) to avoid many of these issues, it can only be helpful to the marketplace to know exactly where the boundaries lie.

Stephen M. Kramarsky, a member of Dewey Pegno & Kramarsky, focuses on complex intellectual property litigation.

Endnotes:

1. —F.Supp.2d—, No. 07 Civ. 9931 (WHP), 2011 WL 3667335 (S.D.N.Y. Aug. 22, 2011).

2. UMG Recordings Inc. v. MP3.com, 56 U.S.P.Q.2d 1376 (2000).

3. B. Rosenblatt, “Mixed Verdict for EMI Against MP3tunes.com,” http://copyrightandtechnology.com/2011/08/23/mixed-verdict-for-emi-against-mp3tunes-com/. Rosenblatt’s blog post is also interesting for the comments by Robertson himself, in which he adamantly denies that he was trying to make any kind of “test case.”

4. 17 U.S.C. §512. The conditions applicable to online storage are at 17 U.S.C. §512(c).

5. 17 U.S.C. §106(4).