File-sharing networks remain a chief concern for the major music labels and software makers whose content continues to be copied and distributed online without authorization. Over the past several years, modern file-sharing technologies and faster broadband networks have spawned new distribution methods and have made copyrighted movies and videos popular targets of online sharing. In 2010, video comprised the majority of consumer Internet traffic (53 percent of uploads and downloads), and this number is expected to grow over the next decade. In particular, in the age of cloud computing and online data storage, cyberlockers have grown in popularity, allowing users to store and share digital files. Although many users employ cyberlockers for lawful purposes, others have used them as a mechanism to view and distribute infringing content. Efforts by copyright owners to remove infringing links and content are often hampered by the speedy replacement of removed content by other users.

This article will discuss the evolution of file-sharing technology, cyberlockers in general, including an overview of the federal prosecution of the cyberlocker site Megaupload, as well as recent efforts to fight piracy at the ISP level.

File-Sharing Evolution

The evolution of file-sharing has been shaped not only by advances in technology but also by responses to adverse court rulings finding previous peer-to-peer networks liable for copyright infringement. In the late 1990s, Napster operated a peer-to-peer network with a central “search index” that served as its collective directory for the files available on the server at any given time. To download the files from another user in the Napster network, an individual would search the Napster server for the desired file and then select the desired file from a list of available users in the network.

In the next generation of peer-to-peer software, the Grokster network did not offer central indexing of available files. Rather, an individual would enter a search term and the Grokster software itself would contact other computers seeking matching files and the searching user would then download directly from the relevant computer.

File-sharing evolved further to the modern BitTorrent network, which involves a download process unique from that of previous systems. Instead of downloading a file from an individual user, users of a BitTorrent network click on a dot-torrent file link, and, at that point, the downloading of a media work begins simultaneously from various sources around the Web. Each download of a copyrighted work may involve many ISPs and individuals located in numerous jurisdictions around the country. As each new file-sharing method has been developed, content owners have invariably brought infringement suits, shuttering some networks and giving future networks a roadmap of copyright infringement pitfalls to avoid.

While BitTorrent remains a well-used file-sharing technology, digital storage lockers, or cyberlockers, have emerged to become some of the most visited sites on the Web. Cyberlockers are essentially cloud-based storage sites. Some popular legitimate sites provide useful backup services to users and facilitate the sharing of large files too big for email, while other so-called “rogue” services have become havens for the storage and distribution (via streaming or downloading) of copyrighted material.

At cyberlocker sites, users can upload files to their account and, in return, receive a link allowing access to the file. This link can be shared with friends, but the cyberlocker sites themselves do not have a direct search function. Instead, users post such links to desirable copyrighted works onto third-party linking sites that allow others to search for cyberlocker content. Cyberlockers generally make a profit through online advertising and by charging additional fees for premium storage and other services, such as faster downloads without limitations.

In recent years, entertainment companies have brought suit against cyberlockers, alleging mass infringement of copyrighted music and movies; cyberlockers have countered that unlike the networks of the past, they do not encourage infringing behavior and merely allow users to store and share links to data.

One of the principal defenses of cyberlockers is the Digital Millennium Copyright Act (DMCA) safe harbor, 17 U.S.C. §512(c), which gives qualifying online storage providers immunity from copyright claims if they meet the certain threshold conditions regarding compliance with takedown requests and knowledge of infringing material on their systems. For example, in Capitol Records v. MP3Tunes, 2011 WL 3667335 (S.D.N.Y. Aug. 22, 2011), the court found that an online music locker that allowed users to locate and download for storage free song files qualified for the DMCA safe harbor based upon its removal of specific links to infringing content identified in takedown notices, but did not qualify for safe harbor protection for song files previously identified as infringing that the service failed to remove from users’ digital lockers. Following the ruling, MP3Tunes filed for bankruptcy.

Megaupload Indictment

The federal indictment of Megaupload, a major global cyberlocker that purportedly accounted for four percent of the total traffic on the internet, surprised many commentators and changed the landscape of the industry. In January 2012, the U.S. government indicted Megaupload and several principals and charged them with criminal copyright infringement, conspiracy to commit copyright infringement and money laundering, among other charges. See United States v. Dotcom, No. 1:12CR3 (E.D. Va. filed Jan. 5, 2012; Superseding Indictment filed Feb. 16, 2012). Megaupload’s figurehead, Kim Dotcom, led a notoriously lavish lifestyle, and when his New Zealand mansion was raided, agents seized millions of dollars in luxury cars with personalized plates such as “HACKER” and “GUILTY.”

According to the indictment, Megaupload operated a cyberlocker website that unlawfully copied and distributed copyrighted works—movies, music, software, e-books—on a massive scale, with the site purportedly boasting over one billion visits and earning $175 million in unlawful profits gained through advertising revenue and premium memberships. The indictment alleged that the defendants discouraged the non-premium members from using the site for long-term storage since data that was not regularly downloaded (i.e., the most desired copyrighted content) was automatically deleted and users were given financial incentives to upload popular content and drive traffic to the site via third-party linking sites. Moreover, the government alleged that the defendant knowingly uploaded and hosted infringing content, only selectively complied with takedown requests, and often left duplicate infringing copies of flagged copyrighted works on its servers so that they could be accessed by users even after compliance with the takedown notices.

In the wake of the Megaupload indictment, many cyberlockers changed their business models, presumably to avoid becoming a future target of the U.S. government or a party to a civil copyright suit. For example, at least one cyberlocker halted all financial incentives paid to users for uploading files and disabled the service’s sharing functionality such that users could only upload and download their own content. Several minor locker sites closed, while it was reported that other sites deleted many unauthorized copies of copyrighted works from their servers and otherwise terminated the accounts of infringing users.

Regarding the merits of the case against Megaupload, commentators have cited several obstacles ahead for the government.

Procedural Hurdles. In a July hearing, a Virginia judge heard arguments in Megaupload’s motion to dismiss the indictment based on the government’s failure to complete service of process via Fed. R. Crim. P. 4(c). Rule 4(c) provides:

A summons is served on an organization by delivering a copy to an officer, to a managing or general agent, or to another agent appointed or legally authorized to receive service of process. A copy must also be mailed to the organization’s last known address within the district or to its principal place of business elsewhere in the United States.

Megaupload argued that proper service is impossible because it is a Hong Kong corporation with no U.S. office where the government can mail a copy of the summons. While similar civil procedural rules provide for service by international treaty on foreign defendants, Rule 4(c) of the criminal rules contains no such provisions, nor does it expressly state what the remedy is for untimely service. The government countered that the federal rules do not give foreign corporations that violate U.S. law inherent immunity from prosecution simply because they lack a domestic office or agent. With no clear precedent on the issue, the judge reserved decision.

Substantive Issues. The Megaupload indictment also raises other legal issues, including whether a cyberlocker with specific knowledge of existing infringement can be held criminally liable for the direct infringement of its users. While Count Four charges that Megaupload employees directly posted a copyrighted movie to the site that had yet to be commercially distributed to the public (i.e., pre-release piracy), Count Five alleges claims based upon aiding and abetting the infringement by Megaupload’s users. However, contributory infringement is a judicially-created doctrine, and the Copyright Act’s criminal provisions do not explicitly mention secondary liability.

The issue of the breadth of criminal infringement was debated in Puerto 80 Projects v. United States, No. 11-3390 (2d Cir. filed Aug. 11, 2011), a case where the lower court enforced a warrant signed by a magistrate authorizing the seizure of two domain names that organized links to third-party sites that allowed users to stream live sporting events based upon a finding that there was probable cause that the domain names were being used to commit criminal copyright infringement. The defendant claimed that the government’s forfeiture action was deficient, in part, because it was based on a theory that the defendant facilitated criminal copyright infringement by linking to copyrighted content. However, this past month, the government filed a request to voluntarily dismiss the forfeiture, so the Second Circuit will seemingly not be issuing a decision on the contours of criminal liability and contributory conduct.

Importantly, to establish the requisite criminal intent, the government must also prove that the defendant committed “willful” infringement. However, “willful” is not defined in the criminal copyright statute. Under 17 U.S.C. §506(a)(1), copyright infringement is a crime if the defendant acted willfully and either (1) for commercial advantage or private financial gain, (2) by reproducing or distributing infringing copies of works with a total retail value of over $1,000 over a 180-day period, or (3) by distributing a “work being prepared for commercial distribution” (i.e. pre-release piracy) by making it available on a publicly-accessible computer network.

Most courts interpreting “willfulness” in criminal copyright cases have adopted a standard requiring the intentional violation of a known legal duty. See, e.g., United States v. Moran, 757 F. Supp. 1046, 1049 (D. Neb. 1991) (holding that willful infringement means a “‘voluntary, intentional violation of a known legal duty’”). This view coincides with the standard of willfulness applied in civil copyright cases, where a finding of willfulness can augment an award of statutory damages. See generally Twin Peaks Prods. v. Publications Int’l, 996 F.2d 1366, 1382 (2d Cir. 1993) (standard for willfulness is “whether the defendant had knowledge that its conduct represented infringement or perhaps recklessly disregarded the possibility”).

A minority of courts have seemingly applied a lower “willfulness” standard. See, e.g., United States v. Backer, 134 F.2d 533 (2d Cir. 1943) (applying a lower standard of merely having the intent to carry out the activities of infringement without knowledge that they constituted infringement).

A finding of criminal willfulness would presumably be precluded if a defendant acted with a good-faith belief that he or she was not infringing. Indeed, certain evidence will bolster a finding of willfulness, such as an acknowledgment by defendant that his or her conduct was improper, notice to the defendant that another person’s similar conduct constituted infringement, or evidence of the defendant’s bad-faith claims of compliance with copyright laws.

Conversely, certain factors may be relevant to finding an absence of “willfulness,” such as evidence of the defendant’s good-faith belief that his conduct was lawful, bolstered by legitimate attempts to comply with copyright law. In the instant case, Megaupload founder Kim Dotcom claims that his legal advisors informed him that the site was DMCA-compliant and that the site offered an “Abuse Tool” for content providers to submit infringing links for removal. The government counters that internal emails allegedly show employees were aware of infringing files uploaded by top users and purposefully manipulated the number of links it disabled pursuant to takedown requests to maintain a steady revenue.

Focus at the ISP Level

Beyond bringing legal action against cyberlockers and BitTorrent indexing sites, copyright holders have also attempted to address the problem of unlawful file-sharing at the ISP level. For example, major ISPs and content owners in 2011 agreed, in principle, to a six-strikes “graduated response” Copyright Alert Program, in which content owners would report instances of infringement to ISPs, which would then send users copyright alerts that escalate in language based upon the number of offenses, or strikes, against the subscriber. As a subscriber receives additional infringement notices, the tone would become sharper, and eventually after multiple strikes, the user would be subject to mitigation measures such as temporary Internet service slowdowns (“throttling”) or temporary suspensions of service. Account termination after the sixth strike is not mandatory under the program, but ISPs may exercise their powers to enforce repeat infringer policies. The Copyright Alert Program has procedures in place to seek independent review of an alert. The date of implementation of the program is uncertain, with the parties announcing that a purported July 2012 start date has been pushed back.

Richard Raysman is a partner at Holland & Knight and Peter Brown is a partner at Baker & Hostetler. They are co-authors of “Computer Law: Drafting and Negotiating Forms and Agreements” (Law Journal Press).