Erik Estrada, Caitlin Cronin, and Bill Gillespie †
In November 2015, in BMG Rights Mgmt. (US) LLC v. Cox Commc'ns, Inc., the United States District Court for the Eastern District of Virginia announced a legal standard that if widely adopted would undo the tiered safe harbor protections afforded online service providers (OSPs) under the Digital Millennium Copyright Act (DMCA). These services have different functions, capabilities, and needs. Recognizing that one size does not fit all for OSPs, Title II of the DMCA (codified at 17 U.S.C. § 512) sets out different safe harbor qualifications for four different types of services: (1) transitory digital network communications (ISPs); (2) system caching (transitory storage); (3) information residing on systems or networks at direction of users (content hosts—websites, etc.); and (4) information location tools (search engines). However § 512 does require that at a minimum all OSPs “adopt and reasonably implement, and inform subscribers and account holders of . . . a policy that provides for the termination in appropriate circumstances of subscribers and account holders . . . who are repeat infringers.” Despite Congress’s intent to differentiate between the four services, the court in BMG v. Cox used the termination policy requirement to impute a standard from §§ 512(c) and (d)—a lack of actual knowledge—to §§ 512(a) and (b). Other courts should not adopt this standard for ISP termination policies but should apply a stricter standard when the service is just Internet access.
The ruling on safe harbor protections for ISPs is likely an example of the axiom “bad facts make bad law.” BMG is a copyright owner that employs Rightscorp to enforce its copyrights. Rightscorp sent notices to Cox, an ISP, which Cox did not forward to its customers. BMG sued, and Cox claimed immunity under the DMCA’s ISP safe harbor provision, § 512(a). Cox’s refusal to pass on the notices was not central to the court’s DMCA holding; it merely showed that Cox was aware that BMG believed its copyrights had been infringed. What mattered more for the § 512 holding were Cox’s policies for repeat infringers and its internal communications showing that such policies either were legal fig leaves or only enforced with a wink and a nod. On the record, it appears that Cox claimed ISP safe harbor while not complying with the spirit of the DMCA’s grant of such safe harbor.
The court in BMG v. Cox probably reached the right result, but it reached it in the wrong way; the court could have reached the same result without ignoring the plain text of the DMCA. The court acknowledged that the Cox services at issue in the case fit the § 512(a) safe harbor, then correctly stated that for any of the § 512(a)–(d) safe harbors to apply, the provider must comply with § 512(i). The court’s analysis of § 512(i) is where it departs from the plain text of the statute. Because this case is the first where a court has analyzed § 512(i) for a service receiving § 512(a) safe harbor, the court relied on § 512(i) analysis from cases involving services receiving § 512(c) and § 512(d) safe harbor. Such cases probably give adequate guidance as to splitting § 512(i)’s requirement for a reasonably implemented termination policy into two questions: (1) did the service provider implement its policy; and (2) was the service provider’s policy reasonable? Further, applying such cases to the analysis of whether a provider has implemented its policy is appropriate insofar as: (1) a provider’s notification system must be functional; (2) a provider must have a procedure for dealing with notifications; (3) a provider “must ‘not actively prevent copyright owners from collecting information needed to issue such notifications’”; and (4) the penalty for repeat infringers must be termination when appropriate circumstances exist. However, the court inappropriately relied on these cases in determining that “appropriate circumstances” for termination means when an ISP has actual knowledge that a user is a repeat copyright infringer. In § 512(n) Congress expressly said that:
Subsections (a), (b), (c), and (d) describe separate and distinct functions for purposes of applying this section. Whether a service provider qualifies for the limitation on liability in any one of those subsections shall be based solely on the criteria in that subsection, and shall not affect a determination of whether that service provider qualifies for the limitations on liability under any other such subsection.
Thus, analyses of §§ 512(c) and 512(d) cannot be properly applied to §§ 512(a) and (b) where the requirements of subsections (c) and (d) differ from the requirements of subsections (a) and (b). The text of § 512 makes clear that an actual knowledge standard is required for services falling under §§ 512(c)–(d), but not for services that receive safe harbor under §§ 512(a)–(b).
The actual knowledge standard applied was inappropriate under the DMCA because Congress purposefully did not apply an actual knowledge standard to ISPs, but it did to content hosts and search engines. It is a well-established rule of statutory construction that “where Congress includes particular language in one section of a statute but omits it in another section of the same Act, it is generally presumed that Congress acts intentionally and purposely in the disparate inclusion or exclusion.” Here, there is a requirement that providers of a service falling within §§ 512(a) or 512(b) lack actual knowledge of the infringing activity, but there is no such requirement in §§ 512(a) and 512(b). Moreover, the rule against surplusage “directs courts to give effect to each word used by the legislature.” The Supreme Court has clarified that the rule against surplusage is not an absolute: The rule should not be applied in cases where the text is clear if the word is superfluous but would be ambiguous after applying the rule. This is not the case with § 512. Accordingly, the rule against surplusage should preclude an interpretation that reads a requirement that all OSPs lack actual knowledge of the infringing activities into § 512(i), where such a requirement is explicit in §§ 512(c) and (d), but conspicuously absent from §§ 512(a) and (b).
On top of the rules for statutory construction, there are important policy reasons why the actual knowledge standard is inappropriate for ISP safe harbor. Section 512 “is intended to preserve incentives for online service providers and copyright owners to cooperate to detect and address copyright infringements that occur in the digital networked environment.” But “OSPs and ISPs need more certainty in this area in order to attract the substantial investments necessary to continue the expansion and upgrading of the Internet.” Nevertheless, “those who repeatedly or flagrantly abuse their access to the Internet through disrespect for the intellectual property rights of others should know that there is a realistic threat of losing that access.” It is clear that § 512 is intended to strike a balance between the rights of copyright holders and OSPs’ abilities to enforce those rights. Of course, there are at least four kinds of OSP, and each type functions differently. The actual knowledge standard does not overburden content hosts and search engines, which can easily view the content they host or reference; they need only click a link or load the webpage. ISPs, on the other hand, are dumb pipes. Because ISPs exercise no editorial control, merely pass information from one user to another at the direction of the user, and the transmitted material is not “ordinarily accessible to anyone other than anticipated recipients,” ISPs cannot simply view content that a copyright holder claims infringes their copyright. Nor does society want ISPs to view the contents of all of the packets sent through their pipes. Moreover, because the ISP does not store the information, the ISP must take the copyright holder’s word that the material was infringing. That can be problematic because even if the user transmitted copyrighted material, the use may not be infringing at all, but rather a fair use. Of course, there is no requirement for a copyright holder to conduct a fair use analysis before sending an infringement claim to an ISP, as there is for content hosts and search engines. In short, reading an actual knowledge standard into § 512(a) is impracticable, creates perverse incentives, and will unduly burden ISPs.
So with the balance between protecting copyright and developing infrastructure in mind, what is the appropriate standard by which to determine if termination is appropriate? The court cited Nimmer on Copyright, saying that there was a spectrum of meanings for “repeat infringer”: At one end, there is an adjudicated infringer; at the other, there is an accused infringer; in the middle, there is the accused infringer that the provider actually knows is a repeat infringer. Cox asked the court to hold that the user must be an adjudicated infringer before an ISP must terminate her. This would certainly be more practicable and a much lesser burden on ISPs, and it would be appropriate under the plain text of § 512. However, courts will not likely adopt this standard because it shifts the burden to the courts. Thus, for § 512(i) analysis of a § 512(a) provider, courts should adopt a standard that falls somewhere between an adjudicated infringer—which would overburden courts—and an accused infringer that the provider actually knows is a repeat infringer—which would overburden ISPs and is impermissible by the plain text of § 512. For example, the standard could be a summary judgment standard—e.g., there is “no genuine issue as to any material fact” that the user is a repeat infringer, there is not even a colorable argument that the use was noninfringing. Cox would likely have still lost safe harbor under this standard, but such a standard would be consistent with the text and policy of § 512. But the proper standard is for the courts to determine; this paper simply argues that it must be higher than actual knowledge.
Courts should adopt a standard that is higher than the actual knowledge standard. By doing so, courts can comply with the text of the statute and better adhere to the spirit of § 512 by preserving the tiered safe harbor protections, balancing the needs of ISPs with those of copyright holders, and making it clear to repeat infringers that they may lose their access to the Internet if they persist in downloading/sharing copyrighted material.
† Erik Estrada, Esq. earned a Bachelor of Arts from the University of Colorado, a Master of Public Administration from the University of Colorado School of Public Affairs, a Juris Doctor from the University of Denver Sturm College of Law, and a Master of Laws from the Boston University School of Law. He is a Senior Corporate Counsel with Level 3 Communications, Inc. (Level 3). Caitlin Cronin earned a Bachelor of Arts from Syracuse University, and her Juris Doctor from the University of Colorado Law School. She is a Law Clerk with Level 3. Bill Gillespie earned a Bachelor of Arts from the University of Texas at Austin, and is a Juris Doctor candidate at the University of Colorado Law School where he is the Managing Editor of the Colorado Technology Law Journal. He is a Law Clerk with Level 3. The views reflected in this note are those of the authors. The authors acknowledge the inherit conflict of interest that exists in addressing a topic that may impact their employer.
 BMG Rights Mgmt. (US) LLC v. Cox Commc'ns, Inc., 149 F. Supp. 3d 634 (E.D. Va. 2015).
 17 U.S.C. § 512(a) (2012).
 Id. § 512(b).
 Id. § 512(c).
 Id. § 512(d).
 Id. § 512(i).
 BMG Rights Mgmt. (US) LLC v. Cox Commc'ns, Inc., 149 F. Supp. 3d 634, 638 (E.D. Va. 2015).
 Id. at 642. Rightscorp reportedly sent 2.5 million notices to Cox. Id. at 640.
 Id. at 653.
 See id. at 654, 655.
 Id. at 655–61.
 Id. at 653.
 Id. at 653–54. Perfect 10, Inc. v. CCBill LLC is a § 512(c) case: The Ninth Circuit found that CCBill did not qualify for § 512(d) safe harbor, and could not determine if it qualified for § 512(a) safe harbor, but did find that CWIE qualified for § 512(c) safe harbor. Perfect 10, Inc. v. CCBill LLC, 488 F.3d 1102, 1116–18 (9th Cir. 2007). Disney Enterprises, Inc. v. Hotfile Corp. and Capitol Records, LLC v. Escape Media Grp. are also § 512 (c) cases. Disney Enterprises, Inc. v. Hotfile Corp., No. 11-20427-CIV, 2013 WL 6336286, at *19 (S.D. Fla. Sept. 20, 2013); Capitol Records, LLC v. Escape Media Grp., Inc., No. 12-CV-6646 AJN, 2015 WL 1402049, at *13 (S.D.N.Y. Mar. 25, 2015). Capitol Records, Inc. v. MP3tunes is a § 512(c) and § 512(d) case. Capitol Records, Inc. v. MP3tunes, LLC, 821 F. Supp. 2d 627, 639 (S.D.N.Y. 2011) on reconsideration in part, No. 07 CIV. 9931 WHP, 2013 WL 1987225 (S.D.N.Y. May 14, 2013).
 BMG, 149 F. Supp. 3d at 653–54.
 17 U.S.C. § 512(n) (2012) (emphasis added).
 See id.
 Russello v. United States, 464 U.S. 16, 23 (1983) (alteration and original quotation marks omitted).
 17 U.S.C. § 512(c)(1)(A)(i); 17 U.S.C. § 512(d)(1)(A).
 17 U.S.C. § 512(a); 17 U.S.C. § 512(b).
 Estate of Moreland v. Dieter, 576 F.3d 691, 699 (7th Cir. 2009).
 Lamie v. United States Tr., 540 U.S. 526, 536 (2004).
 Compare 17 U.S.C. § 512(a)–(b) with 17 U.S.C. § 512(c)–(d).
 144 Cong. Rec. S11887-01 (daily ed. Oct 8, 1998) (statement of Sen. Leahy).
 144 Cong. Rec. S11887-01 (daily ed. Oct 8, 1998) (statement of Sen. Hatch).
 H.R. REP. 105-551(II), at 61 (1998).
 See 17 U.S.C. §§ 512(a)–(d).
 Dumb pipes are transport “that route signals from point A to point B.” Am. Broad. Companies, Inc. v. Aereo, Inc., 134 S. Ct. 2498, 2515 (2014). Dumb pipes “exercise no editorial control.” Cablevision Sys. Corp. v. F.C.C., 597 F.3d 1306, 1322 (D.C. Cir. 2010).
 17 U.S.C. §§ 512(a)(2), (a)(5).
 Id. §§ 512(a)(1), (a)(3).
 Id. § 512(a)(4).
 Information travels over the Internet in packets; think of them as letters sent through the mail. Susan Landau, National Security on the Line, 4 J. Telecomm. & High Tech. L. 409, 424 (2006). A packet transports the data (a message) in its body (the envelope), and the packet header (address/return address) tells the network where to send it. Murat Torlak, Professor, U. Tex. Dall., Packet Switching and Computer Networks, 4, https://www.utdallas.edu/~torlak/courses/ee4367/lectures/packet.pdf. ISPs need to read the packet header (the address)—through an automated process—to route the packet to the correct destination. See Manish Kumar, Constitutionalizing E-Mail Privacy by Informational Access, 9 Minn. J.L. Sci. & Tech. 257, 283 (2008). However, technology exists that enables ISPs to inspect the content of packets (i.e., look inside the envelope, at the contents of messages) if so compelled. Rob Frieden, Internet Packet Sniffing and Its Impact on the Network Neutrality Debate and the Balance of Power Between Intellectual Property Creators and Consumers, 18 Fordham Intell. Prop. Media & Ent. L.J. 633, 652 (2008).
 Unless of course the user confesses.
 See, e.g., Lenz v. Universal Music Corp., 801 F.3d 1126, 1132 (9th Cir. 2015).
 Compare 17 U.S.C. § 512(c)(3)(A)(v) and 17 U.S.C. § 512(d)(3) with 17 U.S.C. § 512(b).
 BMG Rights Mgmt. (US) LLC v. Cox Commc'ns, Inc., 149 F. Supp. 3d 634, 654 (E.D. Va. 2015).
 Celotex Corp. v. Catrett, 477 U.S. 317, 322 (1986).