Microsoft Requests Removal of Product Keys from DVM0day Blog (#2)

Sender Information:
Microsoft Corporation
Sent by: [Private]
[Private]
Redmond, WA, 98052, US

[back to notice text]

Answer: In 1998, Congress passed the On-Line Copyright Infringement Liability Limitation Act (OCILLA) in an effort to protect service providers on the Internet from liability for the activities of its users. Codified as section 512 of the Digital Millennium Copyright Act (DMCA), this new law exempts on-line service providers that meet the criteria set forth in the safe harbor provisions from claims of copyright infringement made against them that result from the conduct of their customers. These safe harbor provisions are designed to shelter service providers from the infringing activities of their customers. If a service provider qualifies for the safe harbor exemption, only the individual infringing customer are liable for monetary damages; the service provider's network through which they engaged in the alleged activities is not liable.

[back to notice text]

Answer: A service provider is defined as "an entity offering transmission, routing, or providing connections for digital online communications, between or among points specified by a user, of material of the user's choosing, without modification to the content of the material as sent or received" or "a provider of online services or network access, or the operator of facilities thereof." [512(k)(1)(A-B)] This broad definition includes network services companies such as Internet service providers (ISPs), search engines, bulletin board system operators, and even auction web sites. In A&M Records, Inc. v. Napster Inc., the court refused to extend the safe harbor provisions to the Napster software program and service, leaving open the question of whether peer-to-peer networks also qualify for safe harbor protection under Section 512.

There are four major categories of network systems offered by service providers that qualify for protection under the safe harbor provisions:

• Conduit Communications include the transmission and routing of information, such as an email or Internet service provider, which store the material only temporarily on their networks. [Sec. 512(a)]
  
• System Caching refers to the temporary copies of data that are made by service providers in providing the various services that require such copying in order to transfer data. [Sec. 512(b)]
  
• Storage Systems refers to services which allow users to store information on their networks, such as a web hosting service or a chat room. [Sec. 512(c)]
  
• Information Location Tools refer to services such as search engines, directories, or pages of recommended web sites which provide links to the allegedly infringing material. [Sec. 512(d)]

[back to notice text]

Answer: In addition to informing its customers of its policies (discussed above), a service provider must follow the proper notice and takedown procedures (discussed above) and also meet several other requirements in order to qualify for exemption under the safe harbor provisions.

In order to facilitate the notification process in cases of infringement, ISPs which allow users to store information on their networks, such as a web hosting service, must designate an agent that will receive the notices from copyright owners that its network contains material which infringes their intellectual property rights. The service provider must then notify the Copyright Office of the agent's name and address and make that information publicly available on its web site. [512(c)(2)]

Finally, the service provider must not have knowledge that the material or activity is infringing or of the fact that the infringing material exists on its network. [512(c)(1)(A)], [512(d)(1)(A)]. If it does discover such material before being contacted by the copyright owners, it is instructed to remove, or disable access to, the material itself. [512(c)(1)(A)(iii)], [512(d)(1)(C)]. The service provider must not gain any financial benefit that is attributable to the infringing material. [512(c)(1)(B)], [512(d)(2)].

[back to notice text]

Answer: Infringement occurs whenever someone who is not the copyright holder (or a licensee of the copyright holder) exercises one of the exclusive rights listed above.

The most common defense to an infringement claim is "fair use," a doctrine that allows people to use copyrighted material without permission in certain situations, such as quotations in a book review. To evaluate fair use of copyrighted material, the courts consider four factors:

1. the purpose and character of the use
   
2. the nature of the copyrighted work
   
3. the amount and substantiality of copying, and
   
4. the market effect.
   

(17 U.S.C. 107)

The most significant factor in this analysis is the fourth, effect on the market. If a copier's use supplants demand for the original work, then it will be very difficult for him or her to claim fair use. On the other hand, if the use does not compete with the original, for example because it is a parody, criticism, or news report, it is more likely to be permitted as "fair use."

Trademarks are generally subject to fair use in two situations: First, advertisers and other speakers are allowed to use a competitor's trademark when referring to that competitor's product ("nominative use"). Second, the law protects "fair comment," for instance, in parody.

[back to notice text]

Answer: A service provider is defined as "an entity offering transmission, routing, or providing connections for digital online communications, between or among points specified by a user, of material of the user's choosing, without modification to the content of the material as sent or received" or "a provider of online services or network access, or the operator of facilities thereof." [512(k)(1)(A-B)] This broad definition includes network services companies such as Internet service providers (ISPs), search engines, bulletin board system operators, and even auction web sites. In A&M Records, Inc. v. Napster Inc., the court refused to extend the safe harbor provisions to the Napster software program and service, leaving open the question of whether peer-to-peer networks also qualify for safe harbor protection under Section 512.

There are four major categories of network systems offered by service providers that qualify for protection under the safe harbor provisions:

• Conduit Communications include the transmission and routing of information, such as an email or Internet service provider, which store the material only temporarily on their networks. [Sec. 512(a)]
  
• System Caching refers to the temporary copies of data that are made by service providers in providing the various services that require such copying in order to transfer data. [Sec. 512(b)]
  
• Storage Systems refers to services which allow users to store information on their networks, such as a web hosting service or a chat room. [Sec. 512(c)]
  
• Information Location Tools refer to services such as search engines, directories, or pages of recommended web sites which provide links to the allegedly infringing material. [Sec. 512(d)]

[back to notice text]

Answer: In order for material to be copyrightable, it must be original and must be in a fixed medium.

Only material that originated with the author can support a copyright. Items from the public domain which appear in a work, as well as work borrowed from others, cannot be the subject of an infringement claim. Also, certain stock material might not be copyrightable, such as footage that indicates a location like the standard shots of San Francisco in Star Trek IV: The Voyage Home. Also exempted are stock characters like the noisy punk rocker who gets the Vulcan death grip in Star Trek IV.

The requirement that works be in a fixed medium leaves out certain forms of expression, most notably choreography and oral performances such as speeches. For instance, if I perform a Klingon death wail in a local park, my performance is not copyrightable. However, if I film the performance, then the film is copyrightable.

Single words and short phrases are generally not protected by copyright, even when the name has been "coined" or newly-created by the mark owner. Logos that include original design elements can be protected under copyright or under trademark. Otherwise, words, phrases and titles may be protected only by trademark, however.

[back to notice text]

Answer: Proper notice under the safe harbor provisions requires the copyright owners to specifically identify the alleged infringing materials, or if the service provider is an "information location tool" such as a search engine, to specifically identify the links to the alleged infringing materials. [512(c)(3)(iii)], [512(d)(3)]. The provisions also require the copyright owners to identify the copyrighted work, or a representative list of the copyrighted works, that is claimed to be infringed. [512(c)(3)(A)(ii)]. Rather than simply sending a letter to the service provider that claims that infringing material exists on their system, these qualifications ensure that service providers are given a reasonable amount of information to locate the infringing materials and to effectively police their networks. [512(c)(3)(A)(iii)], [512(d)(3)].

However, in the recent case of ALS Scan, Inc. v. Remarq Communities, Inc., the court found that the copyright owner did not have to point out all of the infringing material, but only substantially all of the material. The relaxation of this specificity requirement shifts the burden of identifying the material to the service provider, raising the question of the extent to which a service provider must search through its system. OSP customers should note that this situation might encourage OSP's to err on the side of removing allegedly infringing material.

[back to notice text]

Answer: The Digital Millennium Copyright Act (DMCA) is the latest amendment to copyright law, which introduced a new category of copyright violations that prohibit the "circumvention" of technical locks and controls on the use of digital content and products. These anti-circumvention provisions put the force of law behind any technological systems used by copyright owners to control access to and copying of their digital works.

The DMCA contains four main provisions:

1. a prohibition on circumventing access controls [1201(a)(1)(A)];
   
2. an access control circumvention device ban (sometimes called the "trafficking" ban) [1201(a)(2)];
   
3. a copyright protection circumvention device ban [1201(b)]; and,
   
4. a prohibition on the removal of copyright management information (CMI) [1202(b)].

The first provision prohibits the act of circumventing technological protection systems, the second and third ban technological devices that facilitate the circumvention of access control or copy controls, and the fourth prohibits individuals from removing information about access and use devices and rules. The first three provisions are also distinguishable in that the first two provisions focus on technological protection systems that provide access control to the copyright owner, while the third provision prohibits circumvention of technological protections against unauthorized duplication and other potentially copyright infringing activities.

[back to notice text]

Answer: Technological protection systems are already in place in DVDs, eBooks, video game consoles, robotic toys, Internet streaming, and password-protected sections of web sites. The fact that a digital protection may be really weak and easy to circumvent has not prevented courts from applying this law to punish those who bypass them.

The DMCA defines an access control mechanism as a measure which "in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work." [1201(a)(3)(B)] An access control is a technology, like a password or encryption that controls who or what is able to interact with the copyrighted work. It is a violation of the DMCA to circumvent access controls, but it is also a violation to provide tools to others that circumvent access controls (including selling, distributing free of charge, and possibly even linking to a site with such technology

[back to notice text]

Answer: While there is a difference in the types of activities controlled by these technological protection measures, some copyright owners try to merge access and use controls in the implementation of these systems. For example, in trying to implement a "pay-per-use" business model, some copyright owners use a single persistent control system that charge separately for the different uses of a work even after paying to access a work.

[back to notice text]

Answer: It depends. In general, the anti-circumvention provisions of the DMCA reserve broad authority to copyright holders to determine who can circumvent their systems.

For example, while the DMCA contains an encryption research exemption, to come under the exception, a researcher must request the permission from the copyright holder to engage in circumvention in order to be exempted [1201(g)(2)(C)]. In addition, under the DMCA only individuals who are studying, trained, or employed in encryption research are likely to be considered legitimate researchers under the law [1201(g)(3)(B)]. Finally, an encryption researcher is required to immediately notify the creator of the protection system when she breaks it. [1201(g)(3)(C)] The security testing exemption is even more restrictive in its rules about obtaining authorization from the copyright owner, requiring individuals engaged in security testing to not only request, but must actually obtain the authorization. [1201(j)(1)] On the other hand, the exemption relating to law enforcement, intelligence, and other government purposes have no such requirements to notify copyright owners of their activities. [1201(e)]

One important limitation to the control given to copyright owners is that manufacturers and developers of consumers electronics, telecommunications, or computing products are not required to design their products to respond to the digital protection systems implemented by copyright owners in their works. [1201(c)(3)] In this limitation, the DMCA anticipated the excessive control that copyright owners might exercise over the products used to play their works in addition to the works themselves.

[back to notice text]

Answer: It depends. In general, the anti-circumvention provisions of the DMCA reserve broad authority to copyright holders to determine who can circumvent their systems.

For example, while the DMCA contains an encryption research exemption, to come under the exception, a researcher must lawfully obtain the work and request the permission from the copyright holder to engage in circumvention in order to be exempted [1201(g)(2)(C)]. In addition, under the DMCA only individuals who are studying, trained, or employed in encryption research are likely to be considered legitimate researchers under the law [1201(g)(3)(B)]. Finally, an encryption researcher is required to immediately notify the creator of the protection system when she breaks it. [1201(g)(3)(C)] The security testing exemption is even more restrictive in its rules about obtaining authorization from the copyright owner. It requires individuals engaged in security testing to not only request, but must actually obtain the authorization. [1201(j)(1)] On the other hand, the exemption relating to law enforcement, intelligence, and other government purposes have no such requirements to notify copyright owners of their activities. [1201(e)]

One important limitation to the control given to copyright owners is that manufacturers and developers of consumers electronics, telecommunications, or computing products are not required to design their products to respond to the digital protection systems implemented by copyright owners in their works. [1201(c)(3)] In this limitation, the DMCA anticipated the excessive control that copyright owners might exercise over the products used to play their works in addition to the works themselves.

[back to notice text]

Answer: In order to have an allegedly infringing web site removed from a service provider's network, or to have access to an allegedly infringing website disabled, the copyright owner must provide notice to the service provider with the following information:

• The name, address, and electronic signature of the complaining party [512(c)(3)(A)(i)]
  
• The infringing materials and their Internet location [512(c)(3)(A)(ii-iii)], or if the service provider is an "information location tool" such as a search engine, the reference or link to the infringing materials [512(d)(3)].
  
• Sufficient information to identify the copyrighted works [512(c)(3)(A)(iv)].
  
• A statement by the owner that it has a good faith belief that there is no legal basis for the use of the materials complained of [512(c)(3)(A)(v)].
  
• A statement of the accuracy of the notice and, under penalty of perjury, that the complaining party is authorized to act on the behalf of the owner [512(c)(3)(A)(vi)].

Once notice is given to the service provider, or in circumstances where the service provider discovers the infringing material itself, it is required to expeditiously remove, or disable access to, the material. The safe harbor provisions do not require the service provider to notify the individual responsible for the allegedly infringing material before it has been removed, but they do require notification after the material is removed.

[back to notice text]

Answer: In order to ensure that copyright owners do not wrongly insist on the removal of materials that actually do not infringe their copyrights, the safe harbor provisions require service providers to notify the subscribers if their materials have been removed and to provide them with an opportunity to send a written notice to the service provider stating that the material has been wrongly removed. [512(g)] If a subscriber provides a proper "counter-notice" claiming that the material does not infringe copyrights, the service provider must then promptly notify the claiming party of the individual's objection. [512(g)(2)] If the copyright owner does not bring a lawsuit in district court within 14 days, the service provider is then required to restore the material to its location on its network. [512(g)(2)(C)]

A proper counter-notice must contain the following information:

• The subscriber's name, address, phone number and physical or electronic signature [512(g)(3)(A)]
  
• Identification of the material and its location before removal [512(g)(3)(B)]
  
• A statement under penalty of perjury that the material was removed by mistake or misidentification [512(g)(3)(C)]
  
• Subscriber consent to local federal court jurisdiction, or if overseas, to an appropriate judicial body. [512(g)(3)(D)]

If it is determined that the copyright holder misrepresented its claim regarding the infringing material, the copyright holder then becomes liable to the person harmed for any damages that resulted from the improper removal of the material. [512(f)]

See also How do I file a DMCA counter-notice?, and the counter-notification generator.