Chilling Effects Clearinghouse Weather Reports

Takedown Complaints in the Android Marketplace

Wendy Seltzer, Chilling Effects Clearinghouse, March 3, 2011

Abstract: Earlier this year, Google began sending to Chilling Effects the requests it received for takedown from the Android Marketplace. Since this represents a new source of data, we take a look at the first month's input, February 2011.

Since Apple launched its iPhone App Store, applications marketplaces have popped up with increasing prominence. Google, unlike Apple*, does not lock Android users into purchasing from its Android Market, but it does make that marketplace a convenient place to find Android applications (passing 100,000 apps late last year).

In February, Chilling Effects saw 206 complaints to Google regarding Android Market apps, almost evenly split between trademark and copyright.* Because the Android Market offers commercial transactions, its context differs somewhat from the search and blog hosting in which DMCA -- copyright -- complaints predominate. At the same time, many apps are offered free of charge.

Slightly more than half of the complaints here claim trademark infringement: misleading use of a mark (word or logo) to cause consumer confusion about the application's source or sponsorship. Facebook led the way, challenging 30+ apps that borrowed its name or "f" logo (e.g. Facebook Trademark Complaint to Google: Android Market). Banks and financial institutions challenged applications that used their logos, even to offer a mobile version of the bank's own site. Here is trademark as the law of consumer protection: you want to be sure an unauthorized Wells Fargo application won't channel your deposit into its coffers rather than your savings account. Google even filed several complaints against apps in its marketplace that were a bit too free with the Google name. Starbucks used copyright in its logo to similar end, requesting takedown or alteration of apps that used the coffee company's logo as their icon (e.g. Logo DMCA (Copyright) Complaint to Google: Android Market). Some, including My Coffee Card (formerly Starbucks Card Widget) changed their name and icon in response.

Sometimes, these complaints didn't do much to allege "likelihood of consumer confusion," the traditional hallmark of trademark infringement. South By SouthWest's complaint against the "Unauthorized SXSW" party scheduler app -- SXSW Trademark Complaint to Google: Android Market -- sounds like an overstep, into nominative fair use. There's no good alternative way to refer to the big conference/music festival in Austin later in March, and "unauthorized" plainly indicates it's not an officially endorsed product. (Neither Unofficial SXSW nor the official "SXSW® GO" gets particularly high marks from reviewers yet, but that may be because the event hasn't yet kicked off to fill them with data.)

Another 82 complaints (less 11 "logo" complaints) alleged copyright infringement -- copying of code, of graphical elements or "look and feel" (Nintendo complained about many "Super Mario" derivatives), of characters (Columbia's "Qbert"), or of audiovisual elements including video clips, wallpapers, and eBooks. Most of these were phrased in DMCA terms, since like a blog platform, the marketplace hosts "information residing on systems or networks at direction of users" 512(c).

Unique among the copyright complaints in its indirection, the RIAA filed three complaints naming dozens of apps that allegedly "facilitate the unauthorized streaming and downloading of popular sound recordings, the vast majority of which are owned or controlled by RIAA members." Its complaints, complete with screenshots, asked for the removal of apps for ringtone creation and MP3 listening. This is an attenuated claim. RIAA isn't alleging that Google, or even the apps, are direct infringers of member copyrights. Rather, it claims that because Google hosts apps (or in some cases, serves ads inside them) that enable end-users to make infringing copies of music, Google should be held responsible for the users' infringing conduct -- a sort of once-removed contributory or vicarious liability claim. Is there a law of contributory inducement, after Grokster?

I haven't followed all of the URLs to see how Google has responded to each of these complaints, but to its credit, it does not appear to have pulled the "Unauthorized SXSW," for example. Others accused of trademark infringement appear to have changed their names or logos. Because the DMCA applies only to copyright, not trademark, there is less settled procedure around the trademark claims. There's no safe-harbor, but neither is there an assumption that the service provider will be liable for its users' activity (see Tiffany v. eBay, where the Second Circuit Court of Appeals held that "for contributory trademark infringement liability to lie, a service provider must have more than a general knowledge or reason to know that its service is being used to sell counterfeit goods.").

* Copyright geeks will recall that the last anticircumvention rulemaking exempted phone jailbreaking from the circumvention rule, so iPhone owners can confidently unlock their phones to use the cydia marketplace or others.
* Note that this is a simple count of distinct complaint submissions, each of which may target one or multiple allegedly infringing applications.

The Value of a "-book": Facebook v. Teachbook

University of San Francisco Internet and Intellectual Property Justice Clinic, December 15, 2010

Abstract: On August 18, 2010 Facebook, Inc., better known as Facebook.com, one of the world’s most popular Internet websites, filed a federal lawsuit against Teachbook.com LLC alleging trademark infringement due to the use of Teachbook.com’s “-book” suffix in its registered domain name. This will be a case of first impression in the Northern District of California, and will test the ability of wholly online services to trademark otherwise generic portions of their domain name.

iPhone Jailbreaking and the DMCA

Sinny Thai, University of San Francisco Internet + Intellectual Property Justice Clinic, December 15, 2010

Abstract: The Digital Millennium Copyright Act (DMCA) was originally enacted to prohibit “circumvention” of digital rights management and “other technical protection measures” used to protect and control access to copyrighted works. The DMCA has since cast a wide net to protect copyrighted material even when the use of the copyright materials arguably may be permissible under fair use guidelines.

Repeat Senders

Wendy Seltzer, Chilling Effects Clearinghouse, December 15, 2010

Abstract: In the last year, Chilling Effects saw more than 12,000 cease-and-desist notices reported. Over the next few weeks and into 2011, we will be doing preliminary analysis of patterns in those notices. We are also preparing the data to be more easily usable by other researchers.

In this post, I look at repeat senders -- individuals and entities who send frequent DMCA takedown notices.

Chilling Effects receives notices from several sources, but lately, the largest sources have been Internet hosts and search engines who pass on the DMCA Notices they receive and respond to: Google, Yahoo, Digg, and most recently, Twitter. (Combined DMCA takedowns totaled 11,500 between Jan 1 and Dec 15, 2010)

In that mix, we see some frequent users of the DMCA takedown process, companies and individuals who have sent multiple notices requesting removal of content -- or links to content -- they allege infringes their copyrights. We have also seen the rise of takedown agents, entities who send notices on behalf of one or more clients. The list below shows the 20 most frequent sender-principals from 2010, and the 10 most frequent agents.

Principals:

number  Sender:                                                       type
1272    IFPI (International Federation of the Phonographic Industry): music
303     Clube do Hardware:                                            articles
299     Twentieth Century Fox Film Corporation:                       film
257     MAGNOLIA PICTURES INC.:                                       film
230     APCM - Associação Anti Pirataria de Cinema e Musica:          music
221     Removeyourcontent, LLC:                                       images and video (adult content)
203     RIAA (Recording Industry Association of America):             music
166     Autodata Limited:                                             technical manuals
158     Folkert Knieper:                                              recipe photographs
122     Product Partners, LLC / Beachbody:                            fitness DVDs
117     SONY MUSIC ENTERTAINMENT / EPIC RECORDS / ESTATE OF MICHAEL JACKSON: music
106     Stones Throw Records LLC:                                     music
92      Chappell & Co:                                                music
88      Microsoft Corporation:                                        software and instructional material
88      Globo Comunicação e Participações S/A:                        video
85      The New York Times:                                           articles
84      Deckers Outdoor Corporation (UGG Australia):                  images of UGG boots
82      Vivid Entertainment Group, LLC:                               video (adult content)
81      Digiturk:                                                     TV
81      The NBA - National Basketball Association:                    video streams

Agents:

   Removeyourcontent, LLC
   Web Sheriff
   RipBlock Antipiracy
   NetResult
   Attributor Corporation
   French Solutions Ltd.
   Internet Copyright Management
   ebay_wise
   MiMTiD Corp.
   Greer, Burns & Crain, Ltd.

While the mix changes over time, the most frequent senders of DMCA takedown notices remain the music industry, whose institutional members have sent a combined total averaging roughly 5 takedowns a day.

Microsoft Invokes DMCA to Take Down Cryptome.org, then Relents

David Abrams, Chilling Effects Clearinghouse, February 25, 2010

Abstract: Network Solutions has taken the Cryptome website down after receiving a DMCA takedown notice from Microsoft claiming copyright infringement. Microsoft objects to the publication of a handbook provided to law enforcement describing what information the service keeps on its users and what legal steps are required to obtain that information. However, its takedown of the well-known web site may have effect of increasing the number of people who read the document.

Network Solutions has taken the Cryptome website down after receiving a DMCA takedown notice from Microsoft claiming copyright infringement. Cryptome collects "documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance”. It has been in operation since 1996. One class of documents posted on the site are procedure manuals provided by ISP and hosting services to law enforcement describing what information the service keeps on its users and what legal steps are required to obtain that information.

Cryptome obtained and posted Microsoft’s Global Criminal Compliance Handbook and subsequently refused Microsoft’s request to remove the document. Microsoft then invoked the takedown procedures of the Digital Millennium Copyright Act (DMCA), sending a takedown notice to Cryptome’s hosting provider, Network Solutions, claiming copyright infringement late on Monday, Feb. 22. Network Solutions then sent the registered owner of the web site, John Young, a notice that it would “disable your Web site on Thursday, February 25, 2010, unless the dispute between the Notifying Party and yourself is resolved.” Young refused to remove the document, citing what appears to be a fair use/news reporting defense, that the “document provides important information for the public to understand how Microsoft violates the trust placed in it by customers to protect their privacy and confidentiality of personal data and usage of Microsoft products.” On Wednesday, Feb. 24,Young sent a counter notice to Network Solutions contesting Microsoft’s claim of infringement. Network Solutions then forwarded the counter notice to Microsoft, but apparently chose to disable the Cryptome web site immediately rather than wait until the deadline specified in its initial notice to Young. Microsoft now has two weeks to file a lawsuit against Young. If it does not, Network Solutions will be required to restore the site under DMCA rules.

In the meantime, however, Young has republished the Cryptome web site at http://cryptomeorg.siteprotect.net/ minus the contested document. Young argues that Microsoft is:

Improper[ly] us[ing] copyright to conceal from its customer violations of trust toward its customers. Copyright law is not intended for confidentiality purposes, although firms try that to save legal fees. Copyright bluffs have become quite common, as the EFF initiative against such bluffs demonstrates.

Whether true or not, the result of Microsoft’s action in having a such a high profile web site taken down is only likely to make more people aware of the very document it is trying to keep confidential. The manual is currently available on Wired’s web site and the publicity surrounding the takedown will likely cause more people to seek it out to see what the fuss is about.

Update: Perhaps realizing that it could not contain release of the document (particularly given its newsworthiness in light of the Cryptome.org takedown), Microsoft informed Network Solutions this morning (Feb. 25th) that it was withdrawing its takedown notice . The site is now back up at its original URL.

Better to Switch Than Fight?

David Abrams, Chilling Effects Clearinghouse, September 3, 2010

Abstract: The New York Times today (page B1) is reporting that "more than one-third of the two billion views of YouTube videos with ads each week are ... uploaded without the copyright owner's permission but left up by the owner's choice." The content owners are choosing to not request that the posted material be taken down because YouTube splits the ad revenue with them. The Times notes that "[h]undreds of these [content] partners make more than $100,000 per year."

While Chilling Effects is primarily concerned with the negative effects of the DMCA on legal content, the huge quantity of illegally posted material leads to a shotgun approach by content owners to takedown everything without an evaluation of fair use or, worse, the use of automated tools that block content from even being uploaded. The result is the baby (legal uses of content) gets thrown out with the bathwater (illegal uploads). This article shows that there is an alternative to the Sisyphean task of tracking copyright violations and sending DMCA takedown notices. This alternative to the DMCA takedown regime benefits content owners without restricting the public's right to enjoy content based on legal uses of copyrighted material. Link to New York Times article.

(My apologies to Taryton smokers for this Weather Report's title.)

A New DMCA Exemption for Security Research

Blake Ellis Reid, Chilling Effects Clearinghouse, August 6, 2010

Abstract: By now, most readers have probably heard about the six newly minted exemptions to the anti-circumvention measures of the Digital Millennium Copyright Act (DMCA), announced last week by the Librarian of Congress. For the uninitiated, Ars Technica and David Abrams of Chilling Effects have excellent overviews of the exemptions, which provide much-needed legal cover for a variety of activities including jailbreaking and unlocking cell phones, decrypting DVDs for non-commercial remixes, and several others.

Of particular interest to folks in the security community is the exemption granted for security research on video game digital rights management (DRM) systems, stemming from both realized and potential security holes in systems like Safedisc and SecuROM.

This exemption was the brainchild of University of Michigan professor and DMCA exemption veteran Alex Halderman, who successfully lobbied with Ed Felten in 2006 for a similar exemption for security research on audio CD DRM in the wake of the Sony rootkit episode. I had the opportunity to work with Alex on the video game exemption under the excellent guidance and supervision of professors Paul Ohm, Harry Surden, and Brad Bernthal via the Glushko-Samuelson Technology Law and Policy Clinic at the University of Colorado Law School; we also received tremendous support from the Electronic Frontier Foundation and a coalition of professional and academic security researchers.

With the exemption officially on the books, some researchers may be considering research agendas directed at analyzing security flaws and vulnerabilities posed by video game DRM systems. While the exemption provides significant legal cover from the threat of DMCA lawsuits by DRM and game manufacturers, some questions about the DMCA's anti-circumvention measures remain unanswered, and traps may lie in wait for the unwary. In this post, I've attempted to lay out a rough sketch of the mechanics of the anti-circumvention measures and the video game exemption, focusing in particular on areas that may prove problematic for researchers.

(Obligatory disclaimer: this is not legal advice and shouldn't be taken as such; researchers should consult university, in-house, or outside counsel before proceeding with a research agenda that involves circumventing DRM.)

The Basics

At the outset, an overview of the anti-circumvention measures is in order. First, the DMCA distinguishes between two types of DRM systems: access controls and copy controls. Access controls are those that (you guessed it) control access to the underlying copyrighted work (here, a video game), while copy controls are those that restrict the ability to reproduce, distribute, publicly perform/display, or make derivative works of the game.

Second, the DMCA addresses two types of activities: circumvention and trafficking. Circumvention is the actual cracking, picking, or breaking of the digital lock on the game, while trafficking involves the creation and distribution of tools designed for circumvention. (If you think the latter definition sounds nebulous, you're right - more later.)

With these definitions in mind, the DMCA bans three activities: 1) circumventing access controls (the "basic provision"); 2) trafficking in access control circumvention tools (the "trafficking ban"); and 3) trafficking in copy control circumvention tools (the "additional violations"). The astute reader will notice that the DMCA does not ban circumventing copy controls; in practice, however, most video game DRM systems likely serve as both access controls and copy controls, so any circumvention will likely be barred by the basic provision.

	Access Controls	Copy Controls
Circumvention	Banned (basic provision)	Not banned
Trafficking	Banned (trafficking ban)	Banned (additional violations)

These distinctions are important because the various exemptions to the DMCA arguably only apply to specific provisions. So, even if an exemption gets a researcher out of liability under the basic provision, she may nonetheless be liable under the trafficking ban and/or the additional violations.

The Exemption

It's worth noting that there are several permanent statutory exemptions written into the DMCA; most relevant to security researchers are those for reverse engineering, encryption research, and security testing. Though an in-depth analysis is beyond the scope of this post, it should suffice to note these exemptions are loaded with caveats that may render them inapplicable to many security research agendas.

With that in mind, the new video game DRM exemption to the basic provision may provide superior protection for research agendas covering video game DRM. The exemption textually applies to:

(4) Video games accessible on personal computers and protected by technological protection measures that control access to lawfully obtained works, when circumvention is accomplished solely for the purpose of good faith testing for, investigating, or correcting security flaws or vulnerabilities, if:
(i) The information derived from the security testing is used primarily to promote the security of the owner or operator of a computer, computer system, or computer network; and
(ii) The information derived from the security testing is used or maintained in a manner that does not facilitate copyright infringement or a violation of applicable law.

Researchers should pay careful attention to the following caveats when thinking about the exemption:

The exemption applies only to video games. Broadly speaking, this means that the exemption doesn't cover DRM research on movies (including DVD and Blu-Ray), audio CDs, eBooks, non-video game software, or any other type of copyrighted work. More narrowly, there are some corner cases of software that may or may not constitute a video game; certain educational software comes to mind.

The exemption applies only to PC and Mac-based video games. That means that it doesn't cover console-based or handheld games (e.g., Wii, Xbox 360, PlayStation 3, Game Boy, etc.), though it should extend to the PC or Mac versions of games that have coincidentally been released on a console or handheld.

The exemption applies only to good faith security research standing alone. That means that pirates who happen to correct a security flaw in the course of cracking a game for illegal distribution don't qualify for the exemption, nor do private users who crack the DRM for non-security related purposes (such as avoiding the inconvenience of DRM, format-shifting, or making backups).

The exemption likely applies only to the basic provision of the DMCA, and not the trafficking ban or the additional violations. Essentially, this means that researchers can circumvent, but probably can't traffic in circumvention tools. (Though some academics have argued to the contrary, it's a tough row to hoe in light of the unfavorable text of the statute and legislative history.)
The question, then, is what exactly "trafficking" encompasses. The DMCA is rather vague, stating that "[n]o person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof . . . " that is "primarily designed" to circumvent, has only "limited commercially significant" non-circumvention purposes, or is "marketed" for circumvention purposes.
Two legitimate and productive outputs of security research come to mind that might nonetheless constitute trafficking under the DMCA. The first is a tool that allows end users to fix a security flaw in video game DRM by circumventing the DRM; the second is the publication of security research on video game DRM that describes how to circumvent the DRM. Do either of these fall under the DMCA's definition of trafficking? I honestly don't know, and it's extremely difficult to predict how a court would rule on the issue.
Regardless, researchers should probably tread lightly when it comes to the output of their research. Even if the aforementioned outputs fall outside of the trafficking ban and additional violations, the caveats in subsections (i) and (ii) of the exemption place a burden on researchers to ensure that their research is only used for security-related purposes and never to facilitate copyright infringement. Ultimately, researchers will have to work with counsel (and potentially with DRM and game manufacturers) to create a set of best practices for publishing research results and fixing security flaws.

Finally, the video game exemption will be in effect until the Copyright Office conducts the next anti-circumvention rulemaking; although the rulemaking is supposed to take place every three years, it is unclear when the next one will take place, since the decision in the latest rulemaking was delayed for nearly nine months. It's a long ways out regardless, but researchers should take care to make sure that long-term agendas aren't threatened by the expiration of the exemption, or better yet, get involved in renewing, evolving, and expanding the exemption during the next rulemaking.

Though the exemption obviously comes with some baggage, we hope that it will provide some utility for researchers interested in the security of DRM systems who might have otherwise been scared off by the threat of lawsuit.

Cross-posted at Freedom to Tinker.

Fight For Your Right For Fair Use

David Abrams, Chilling Effects Clearinghouse, July 27, 2010

Abstract: The Library of Congress has released a list of six circumstances in which circumvention of copyright access controls will not be a violation of the Digital Millennium Copyright Act (DMCA). In addition to limited exceptions for security testing of video games and dealing with obsolete hardware dongles, these include "jailbreaking" an iPhone to run user software, circumventing restrictions on connecting a used mobile phone to an alternate wireless network, removing CSS protection from a DVD to extract small portions for the purpose of criticism or comment and enabling read-aloud access to electronic books where there is no other way to get similar functionality.

The DMCA prohibits a user from circumventing access controls on a copyrighted work, even if the intended use would qualify as fair use and therefore not be a violation of the owner's copyright. Thus, for example, while you have the right to use small portions of a copyrighted work for comment or criticism, it may be illegal to obtain that snippet of the copyrighted work if doing so would entail breaking a copy protection scheme added to the work by the copyright holder. However, there is a provision in the DMCA which allows the Librarian of Congress to create exceptions to this prohibition where a person would be "adversely affected by virtue of such prohibition in their ability to make non-infringing uses of that particular class of works." These exceptions only last three years and must be renewed by reapplying to the Library of Congress. The Librarian has just released the latest set of circumvention exceptions which apply to six separate sets of circumstances. Two of the exceptions relate to security/vulnerability testing and instances where the access control device is broken and no replacement exists. However, the remaining exceptions will be welcome news to wireless phone owners, to a limited group of people commenting or critiquing DVDs and to vision-impaired persons.

The first exception relating to wireless phones is targeted at iPhone owners. It allows use of computer programs that circumvent access controls on wireless telephone handsets in order to enable interoperability of software applications with computer programs on the telephone handset, commonly known as "jailbreaking" the iPhone. At the request of the Librarian of Congress, the Register of Copyrights examined the issue and determined that jailbreaking a phone "in order to make the operating system on that phone interoperable with an independently created application that has not been approved by the maker of the smartphone" likely constitutes fair use.

In addition, the Register determined that allowing the use of jailbreaking programs would not adversely affect the market for the copyrighted programs, i.e. the iPhone operating system, because the user of such jailbreaking programs must purchase the iPhone with Apple's software on it in order to jailbreak it. This means that an iPhone user should find it easier to obtain a program to jailbreak his or her phone and may use it secure in the knowledge that no DMCA violation has occurred. This is a significant loss in Apple's attempt to control all iThings. [Note that while this decision allows the use of an iPhone jailbreaking program, it is still a separate violation of the DMCA, 1201(a)(2), to supply such programs.]

The second wireless phone exception applies not only to smartphones such as the iPhone, but to wireless phone providers who use software or firmware "locks" to prevent the phone owner from switching to a competing network. Here the Register noted that the access controls were put in place not to protect the rights of copyright holders, but rather "to keep consumers bound to their existing networks." Therefore, the Register recommended that the owner of a used mobile phone be allowed to use a computer program to circumvent any access controls that prevent changing the wireless carrier.

The Register also expanded slightly an existing exemption to allow "college and university professors and university film and media studies students" to circumvent the CSS protection system on movie DVDs to incorporate short portions of the movie into new works "for the purpose of criticism or comment." This exemption now also applies to documentary filmmakers and makers of noncommercial videos, including fan vidders. The exemption does not apply to elementary and secondary schools, where the Register felt that lower resolution screen capture of the work would be adequate.

The Register considered, but rejected, exemptions on circumventing access controls that limit the types of devices DRM protected streaming video can be played on, exemptions for circumventing access controls on music where the authenticating server is no longer available, circumventing the "broadcast flag" that limits time-shifting of certain off-the-air broadcasts and circumventing access controls that limit high-resolution video on Blu-Ray players unless the HDMI hand-shaking-protocol is used.

Interestingly, the Register recommended to the Librarian of Congress that it not grant an exception to allow read-aloud of ebooks, but the Librarian chose not to follow the recommendation and allowed the exception. This narrow exception applies only when there is no other way to purchase rights to listen to the book. Thus, a blind Kindle user may bypass access controls to listen to an ebook only if no one is willing to sell him or her a read-aloud version. This suggests that a copyright owner could effectively prevent this exception from being applied by offering a read-aloud version for an absurdly high price. Hopefully, the bad press from such a strategy will dissuade such tactics and content owners will decide instead to offer read-aloud versions at reasonable prices to prevent widespread adoption of access circumvention software.

While the exemptions are a positive step, the fact that American consumers have to petition the government to obtain the right to access copyrighted media when the intended use is perfectly legal is a sad state of affairs. It is even sadder that the number of exceptions granted is so limited and that they last only three years (previous exemptions, such as the right to circumvent to archive obsolete software formats, expired because no one came forward to plead their case in this round). Consumers are still beholden to content owners as to what media they can listen to and watch, when they can enjoy it and on what devices they can play it on and companies continue to use the anti-circumvention clause of the DMCA not to protect copyrighted works, but to stifle competition.

ThinkGeek : Officially our best-ever cease and desist

ThinkGeek, June 21, 2010

Abstract: ThinkGeek describes its "best-ever cease and desist letter" recently received for its April Fools' product Canned Unicorn Meat:

"The very special but also very real letter is from the National Pork Board, who claims we're infringing on the slogan "The Other White Meat," a slogan they're apparently thinking about phasing out anyways."

The New York Times blogs it as Unicorns. They’re Not the Other White Meat.

What a meaty issue!

East Coast Enlightenment - Protect the Innocent

David Abrams, Chilling Effects Clearinghouse, May 21, 2010

Abstract: A recent ruling by the Court of Appeals for the Second Circuit, applicable to residents of Connecticut, New York, and Vermont, appears to recognize the "innocent infringer" defense for copyright infringement of sound recordings. This runs counter to decisions of two other circuit courts which effectively read this defense out of the law for music infringement. In addition, the decision defines a record album as a single "work" to which only a single statutory penalty applies, rather than holding that each song on the album is a separate work, thus reducing the risk of ruinous penalties for innocent infringement.

Under current U.S. copyright law (17 U.S.C. 504), the owner of a copyrighted work found to be infringed may seek "statutory damages" rather than actual damages. The minimum statutory penalty that a court may impose is $750 per work infringed unless the defendant can show he or she "was not aware and had no reason to believe that his or her acts constituted an infringement of copyright, [in which case] the court in its discretion may reduce the award of statutory damages to a sum of not less than $200 [per work infringed]."

In 1988, Congress amended the copyright law to make placing a notice of copyright on sound recordings optional; however, it also added an exception which eliminated the innocent infringer reduction of the minimum statutory damages (known as the innocent infringer defense) if "a notice of copyright in the form and position specified by this section appears on the published phonorecord or phonorecords to which a defendant in a copyright infringement suit had access." Two federal courts of appeals (the Fifth Circuit and the Seventh Circuit) have interpreted “to which a defendant . . . had access” to mean that if any recording anywhere contains a copyright notice, then the innocent infringement defense is not available even if the infringer downloaded the work electronically without ever seeing the media bearing the copyright notice. This effectively eliminated the innocent infringer defense for defendants who live in Louisiana, Mississippi, Texas, Wisconsin, Illinois and Indiana.

In the recent Second Circuit case, a music production company agreed to resell physical copies of two of the plaintiffs' albums, each containing ten songs. The production company, in turn, contracted with a music wholesaler, Orchard, to distribute the albums "by any and all means and media (whether now known or existing in the future), including ... via the Internet." Orchard initially sold only physical copies of the album, but later made individual songs on the albums available for purchase over the Internet, believing such distribution was allowed by the agreement. The plaintiffs sued both Orchard and the production company for copyright infringement, asserting that they had only authorized physical distribution, and sought statutory penalties for each song. The court held that although Orchard had infringed the plaintiffs' copyright by distributing the albums electronically without their permission, that infringement was innocent since Orchard had been assured by the production company that such distribution would not infringe any copyrights. In addition, the court noted that under the copyright statute, "all the parts of a compilation ... constitute one work" and held that the ten songs on each album comprised a single work subject to the statutory penalty. The court, therefore, assessed the $200 per work minimum innocent infringer statutory penalty only as to the two albums, not the twenty songs they contained, for a total penalty of $400 against Orchard.

This case is encouraging because the court concluded that someone who sincerely but erroneously believes he or she has permission to make a copy of a sound recording should not face the harshest penalties of the copyright statute. Because the appellate court did not directly address the availability of the innocent infringer defense, the matter is not completely settled. (Unless a party to a lawsuit raises a particular argument on appeal the court will normally not consider that issue -- thus if the plaintiffs in this case did not argue that the innocent infringer defense should not be available because there was a physical CD with a copyright notice on it, the court will assume that it is an available defense.) However, this case provides a glimmer of hope to residents of the states of New York, Connecticut and Vermont that if they accidentally infringe a copyright without meaning to they will not find themselves bankrupt by mindless application of the statutory penalties.