MP3Tunes Ruling Protects DMCA Safe Harbors

from the about-time dept

It’s been many, many years since EMI started its ridiculous lawsuit against Michael Robertson and MP3Tunes, concerning a variety of factors with MP3Tunes and the concept of online music lockers. Someone told me that a final ruling was to be expected last November, but it only just came down and it’s mostly good news. You can read the full filing here (pdf) or see it embedded below. The details of the case are a bit involved, but MP3Tunes is basically a music locker, similar to Google or Amazon’s music locker/streaming player. Where it got a little complicated was that MP3Tunes also offered “” which allowed you to move MP3s found on the web into your music locker, so long as you could point it to a URL.

EMI argued that the company was not protected by DMCA safe harbors, claiming that it “purposely blinded itself to its users’ infringement and failed to take any action against hundreds of users who sideloaded copies of songs identified” by EMI as infringing. But the court rejected that. It noted that the company “tracks the source and web address of every sideloaded song in its users’ lockers and can terminate the account of a repeat infringer.” Furthermore, the company did, in fact, terminate 153 accounts. Thus, the court says that MP3Tunes clearly qualifies for DMCA safe harbors. This is a good ruling and another useful DMCA win.

The court also, importantly, notes that many people sideloading content have no idea if it’s authorized or not, and that it would be improper to treat them all as “blatant” infringers, especially since it’s just for personal use:

The record reveals that MP3tunes’s users do not upload content to the internet, but copy songs from third-party sites for their personal entertainment. There is a difference between users who know they lack authorization and nevertheless upload content to the internet for the world to experience or copy, and users who download content for their personal use and are otherwise oblivious to the copyrights of others. The former are blatant infringers that internet service providers are obligated to ban from their websites. The latter, like MP3tunes users who sideload content to their lockers for personal use, do not know for certain whether the material they are downloading violates the copyrights of others.

Separately, there’s an important win hidden in a footnote, in that the court ruled that pre-1972 recordings qualify for DMCA safe harbors. As you may recall, we’ve spoken a few times about how pre-1972 recording are generally covered by state law, rather than federal copyright law (which is why many may not hit the public domain for much longer). EMI tried to argue that pre-1972 rulings don’t qualify at all for DMCA safe harbors, but the court rejected that outright, noting the “plain meaning of the statutory language.”

Where EMI did score a victory is in asserting that when it sent DMCA takedown notices over links from, MP3Tunes should also then have to reach into users’ storage lockers and delete the associated songs. I’m not sure how this fits with the statute, but the court argues that because MP3Tunes has this information (when you sideload a song to your locker, it records where it came from), it should, in fact delete them from users’ lockers. Even here, EMI’s legal claim tried to stretch too far. It argued beyond just the specific notices, MP3Tunes should delete “all EMI content.” The court disabused the label of that notion:

EMI’s argument misconstrues the DMCA and applicable case law. Even assuming the representative lists properly identified EMI’s copyrighted works, EMI had to provide sufficient information–namely, additional web addresses–for MP3tunes to locate other infringing material…. EMI’s notifications provided only enough information for MP3tunes to remove the noticed websites from and to find and remove copies of songs sideloaded from those websites. They did not identify the location of additional infringing material, let alone all of EMI’s copyrighted works. Absent adequate notice, MP3tunes would need to conduct a burdensome investigation in order to determine whether songs in its users’ accounts were unauthorized copies. As discussed, the DMCA does not place this burden on service providers.

Another important rejection for EMI. It tried to use the infamous “red flag” knowledge aspect of the DMCA against MP3Tunes, saying that execs for the site itself uploaded works from “obviously infringing sites.” The court notes that EMI’s definition of “obviously infringing sites” is quite different than what he law suggests:

For instance, the websites,, and, as well as other sites used by MP3tunes executives to sideload songs do not use the words “pirate” or “bootleg” or other slang to indicate their illegal purpose and they are not otherwise clearly infringing. They are simply popular file sharing sites.

That’s interesting given how frequently industry types love to insist that such sites “obviously infringe.” Turns out a federal court disagrees. Thus, the court rejected red flag knowledge, noting that while some “investigation” may have turned up that such things were infringing, “if investigation is required to determine whether material is infringing, then those facts are not ‘red flags.'” That’s going to put on ice an awful lot of cases where the entertainment industry claims “red flag” DMCA violations.

The court also rejects the terms “free,” “mp3” or “file sharing” are indicative of infringement, noting that “those terms are ubiquitous among legitimate sites offering legitimate services.” In fact, as Robertson demonstrated via a crowdsourcing effort, EMI itself “regularly distributes works on the internet for free” (something it denied earlier). However, this undermines EMI’s case:

Because of these activities, EMI’s executives concede that internet users, including MP3tunes’ users and executives, have no way of knowing for sure whether free songs on the internet are unauthorized.

That line alone could be important, given how often the industry insists that people “just know” what’s infringing. The court recognizes, correctly, that it’s not so easy.

Furthermore, and contrary to the claims of some who do not understand the law, the court notes that just because you receive DMCA notices, it does not establish that you have specific “red flag” knowledge of specific infringements.

Next up, we have another really important point that has been an issue in multiple cases. The question of financial benefit. Many people — including the Department of Justice in the Rojadirecta case — like to claim that because infringing activity on a website draws more traffic, they have proven that the site “profits from infringement.” As we’ve explained over and over again, this is not accurate. The rule is that they have to profit directly from the infringement, not indirectly from traffic from the infringement. Once again, the court agrees with us, and not the copyright maximalists:

However the financial benefit must be attributable to the infringing activity…. While may be used to draw users to and drive sales of pay lockers, it has non-infringing users. Moreover, MP3tunes did not promote infringement. Rather, it removed infringing links… and terminated the accounts of users who blatantly shared copyright files with others.

That line may be death for some of the lawsuits against cyberlockers out there, which all seem to assume that traffic = profiting from infringement. While this ruling may not be applicable in other jurisdictions yet, you can bet lawyers will be pointing to it, and hopefully other judges will understand this key point.

EMI then scores again in the contributory infringement claim, based on the same reasoning above, in that MP3tunes refused to remove files from lockers if they were sideloaded from sources later deemed infringing by EMI. Separately, since EMI sued Michael Robertson personally (rather than just the company), the court notes that he’s liable for direct infringement of infringing songs that he sideloaded.

There are a few other side issues as well, but generally speaking, this is a big victory for MP3tunes and the safe harbors of the DMCA. It is likely that there will be appeals (perhaps on both sides), so this is far from over in an already excessively long legal dispute. But this ruling is mostly good news.

Filed Under: , , ,
Companies: emi, mp3tunes

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “MP3Tunes Ruling Protects DMCA Safe Harbors”

Subscribe: RSS Leave a comment
DandonTRJ (profile) says:

It’s always nice to see a judicial opinion reinforce common sense while not meandering too far from established norms. The labels were clearly overreaching on everything but the two issues they won on. Amazing how fiercely they can fight a battle when the clear text of statutory law and a mountain of precedent cuts against them. But hey, the more they cite things like “red flag” infringement when they’re clearly inapposite, the smaller their judicial toolkit becomes.

out_of_the_blue says:

So don't use slang! If doesn't say "pirate" or "bootleg", it's fine.

And you hail that as good judicial reasoning? It’s right in line with okay to murder people in acts of war so long as called a “kinetic military action”.

I don’t expect this decision to hold up on appeal: too much of a stretch from common law. Indirectly profiting here, for example, means only that the money comes from a third party, even though the direct (and only) draw is the infringing content. While lawyers can split hairs into a hundred pieces, these sites (Rapidshare, not MP3Tunes so much) wouldn’t exist except for infringing.

By the way, from the older piece, I’m pleased to find you stating (approvingly) that corporations are to avoid personal responsibility; needs to be more widely known:
“So, once again, we’re left with an incredibly chilling situation, where execs of companies are being sued personally — exactly what the entire corporate structure is designed to prevent.”

Killercool (profile) says:

Re: So don't use slang! If doesn't say "pirate" or "bootleg", it's fine.

Correct me if I’m wrong, but judicial decisions are the basis for common law. Every, or nearly every, statement the judge made referenced another judgement. So how is this too far from common law?

I would go so far as to say this judgement is just a reflection of the current direction that “common law” is taking.

DandonTRJ (profile) says:

Re: So don't use slang! If doesn't say "pirate" or "bootleg", it's fine.

While lawyers can split hairs into a hundred pieces, these sites (Rapidshare, not MP3Tunes so much) wouldn’t exist except for infringing.

Ah, the exacting legal standard of “wouldn’t exist without,” based on the bulletproof evidence of “trust me, you guys.” Just a few weeks ago, one of my favorite bands [signed to a major label] released a new song as a treat to its fanbase via Mediafire, a “piracy haven” in the nomenclature of record labels. Just because a site has an infringing draw does not a rogue site make. The DMCA and case law are pretty clear about this.

Anonymous Coward says:

Re: So don't use slang! If doesn't say "pirate" or "bootleg", it's fine.

What’s that line you like to use so much when Techdirt posts about a judicial ruling they don’t like? I’ll try to paraphrase it, “The court has spoken and no one gives a shit what you think.”

The real reason you even have a problem with it though is born out in your post, you can’t see a use for a site like Rapidshare that’s non-infringing. You think that’s the only thing it’s for. I hate to break it to you but pointing out that there are myriad legal uses on file-sharing sites isn’t just ‘lawyers splitting hairs,’ it’s reality.

G Thompson (profile) says:

Re: So don't use slang! If doesn't say "pirate" or "bootleg", it's fine.

For so called “splitting of hairs” the HUGE 29 page ruling (the sound you are currently hearing is sarcasm meters exploding worldwide) does not backup your claim.

Though I can guarantee the paperwork that Capitol Records Inc would of submitted to the court to try persuade the court to go against precedent, equity, common sense and the ‘duck rule’ and instead only look at the “we say so and we are always right, and please do not be concerned with that grey looking creature of the genus Loxodonta in the room” would of been absolutely huge and a barrage of trivial, irrelevant, frivolous and banal opinions of why they should win no matter what.

Thankfully the court shot down their trivialities (hair splitting) and stated it in a very succinct and resolute manner.

Anonymous Coward says:

This is the sort of ruling that proves that DMCA notification is all but useless, and that the system is tilted heavily towards infringers rather than rights holders.

Essentially, EMI would be required to monitor the site and report any new infringements on an ongoing basis, which would be cost prohibitive to do. They must also work from the outside to identify the same work on multiple pages, even though the site owner could do the same quickly through internal access.

Yeah, seems like a quality ruling to me, if you are trying to push PROTECT IP.

Rikuo (profile) says:

Re: Re:

When you enjoy a government granted (should be temporary, but is lifetime + X years) monopoly over a given work, the last thing the world needs is to be told that they must police the work for the copyright holder.
If you want the world to have the expense of policing your work, then give us a reason to do so. Otherwise, we’re not interested.

Anonymous Coward says:

Re: Re:

Unless you can change the laws to extinguish fair use the only way to know if something infringes or not is having the fraking owner of the copyrights tell people.

Others can’t know what infringes or not, is the industry going to create an authoritative database with all their dealings, with digital fingerprints showing what was released when and under what circumstances and in what terms?

More importantly would they be able to manage something that can be trusted?

And what PROTECT IP has to do with anything? that law wouldn’t change the outcome of such rulings either.

The eejit (profile) says:

Re: Re:

Essentially, EMI would be required to monitor the site and report any new infringements on an ongoing basis, which would be cost prohibitive to do. They must also work from the outside to identify the same work on multiple pages, even though the site owner could do the same quickly through internal access.”

Then why ask others to do your job for you? I mean, that’s basically what’s going on.

Chris-Mouse (profile) says:

Re: Re:

Essentially, EMI would be required to monitor the site and report any new infringements on an ongoing basis, which would be cost prohibitive to do. If it is cost prohibitive for EMI to monitor the site for infringement, how is it not cost prohibitive for anyone else to monitor the site when EMI, and *only* EMI has acess to the licensing information needed to know whether or not a given file is infringing?

Chosen Reject (profile) says:

Re: Re:

If the music industry wants music lockers to police the music being uploaded to said music lockers how about they come up with their own music locker service that is better than all the others. They’ve got all that music that people want and you’re telling me they can’t provide a more compelling service? If they did, they could not only easily monitor for infringing songs, but then they’d also have personally identifying information (hello credit cards) of the infringers. Sounds like an extreme win to me. They cut out any middle men (except for themselves of course), they can easily stop infringing music being stored, and they’ll have easy access to know who infringers are that they can then sue. So why don’t they do that?

Anonymous Coward says:

So let me get this straight. According to this ruling, if Site A (a music locker service) allows you to input links so that you can sideload music into your Site A locker from Site B, a general file locker service (e.g. rapidshare, megaupload, whatever), it has to keep records of the URL’s of where you sideload content from. When Evil Record Company finds out a link on Site B (which you input on Site A, but ERC doesn’t know that) leads to some infringing content, and notifies Site A that Site B is naughty, Site A has to remove the link to Site B from its search results and delete files that came from that URL out of its’ users’ lockers. (Theoretically if the person files a DMCA counter-notice they’d have to put it back. I wonder what would happen if someone said the Site B URL wasn’t infringing; would Site A have to put ALL the users’ files back?) If it doesn’t do all that, it can’t claim safe harbor. If it does though, it’s in the clear.

While I love the fact that the judge lambasted the MAFIAA and explicitly reminded everyone that the purpose of the DMCA is innovation and growth of internet services, I don’t like this imposition of data retention requirements on an entire category of internet services by judicial fiat. The DMCA expressly states–and the judge even cited the section–that safe harbors don’t depend on services monitoring their services or policing their users. It’s one of the least-disputed parts of the DMCA. I can’t see how that possibly squares with requiring a locker service to maintain records of where its users get their files from, then actively search through those records for people who’ve used a particular URL and delete files out of their lockers, causing who knows what chaos for users, just because a record company says “Hey, anyone who downloaded off this URL has infringed our copyright.” The court correctly acknowledged that the MAFIAA has no way to tell who downloaded off a particular infringing URL, which admittedly is a problem for serving DMCA notices, and that mp3tunes can easily tell who did and can delete the allegedly-infringing copies. But that doesn’t allow the judge to concoct this data retention and retroactive deletion requirement out of thin air like he did. If sideloading is impossible for copyright owners to police, it’s Congress’ job to address it, not the courts. This ruling could have enormous implications for any provider of remote storage services, and it’s far from clear. What kind of records do they need to keep to avoid liability? How long? Can they be subpoenaed for other purposes? What about state privacy laws? These, and many others, are all questions if they’re going to be debated at all, need to be debated by the Legislature, not summarily answered by a court.

This decision is also a bit self-contradictory since the court spent so much time on how downloaders might not even know they’ve infringed a copyright by downloading since the labels and artists put out so much free content as promotional tools. I suspect that the judge may have just not wanted to make file lockers essentially untouchable. I suspect he may have intentionally wrote it so that it will be reversed on appeal (let the Court of Appeals tell the MAFIAA they’re screwed mindset) and the ONLY thing that will stand will be the legimate claims they have for Michael Robertson’s infringement by downloading infringing material to his personal locker.

Even if the appeals court doesn’t correct this one flaw in an otherwise wonderful decision, technology will. Of course, it would be an enormous PITA for users to have their files being randomly deleted because some MAFIAAoso claims the URL they were sideloaded from was infringing. But how few lines of code will it take for file lockers to add a feature so that when you go to a file URL page, you can generate a random one-time-use URL to use on other locker sites? Half a dozen? Then, even if the MAFIAA thinks the original URL has infringing content on it, you’ve never used that URL to sideload anything–you’ve used the one-time-use URL’s–so the only thing they can do is demand the ORIGINAL FILE be taken down. Sure, the source file lockers will still get takedown notices, and those files will still be taken down, but nobody who’s sideloaded those files to other sites using random URL’s generated by the source file sites will have to worry about their files being deleted. As far as your personal locker service is concerned, every file you’ve sideloaded has a unique URL that nobody in the MAFIAA has complained about.

Overall a good decision, though it needs to be polished up a bit. In the meantime, anyone want to take bets on how long it will take locker operators to figure out how to protect their users? 🙂

TtfnJohn (profile) says:


We are talking about the same industry that can’t figure out whether or not the file infringes in their sense of the word or if one of their promotional or A&R people uploaded the song as part of a promotional campaign. Right?

Of course, I’d expect you to volunteer to help them out being that they’re almost bankrupt from having to use Google or Bing once or twice a day to see what they can find. Or not find. The cost is right up there with a manned mission to Mars, isn’t it? So they obviously need volunteer help before they end up on skid road.

TtfnJohn (profile) says:


Actually I found the ruling to be quite clear. The judge sets up the various scenarios EMI pled and knocks them down.

My understanding is that in a counter notice the locker is only required to “delete” the link to the allegedly infringing file and not the file itself. If the counter notice is successful then the locker is expected to restore the file link.

As for records of who side/up loaded to a site and when the server and the database where this information is kept will already be storing this information in a properly designed site. Otherwise you’re stuck with a bunch of hand coded HTML links and if something goes wrong no one knows where anything really is because the design has invited disaster. So you just turn off or rehome the link/file with an appropriate message. There’s no chaos except for the normal WTF when the person who side loaded the file. Ideally that would never happen but we’re human and far from ideal.

It’s a good ruling all the way around and while I’m sure it will go to appeal, IF an appeal court will hear it, it appears to be on solid ground no matter what OOTB may think. Nor do I see file lockers being made untouchable by this ruling because MP3tunes respond appropriately when they received them much as YouTube does.

Should a range of IPs be fraudulently used to sideload the file/link then there’s a registrar who needs a good legal spanking. There are enough protections built into Apache, for example, to quickly stop the sort of shenanigans you suggest. Even should the IP disappear a backtrace on the route the file is taking from Point A to Point Z would also lead back to the originating server. Should there be a baddie (man in the middle, say) it can be discovered and dealt with that way.
What I’m saying is that one time use URLs have a short life span and with the increasing shortage of free IPv4 URLs they’ll get shorter. The other problem with one time use URLs is that they are also taken as the symptom of an attack either underway or planned. That’s one of the reasons I used “fraudulent” earlier. Not that the file itself is infringing but that the method used is a warning sign of far more than just allegedly infringing files.

In fact one of the sites I run does exactly that not because of files but other issues.

Keeping transaction records in a MySQL database, properly designed, compresses the transaction down to a few bytes. The transaction record itself is small and text rather than large and digital as is the case with a MP3 file or movie or photograph. That transaction is linked to the file and there it is. Done.

As for the time and energy that may be needed for EMI or any other major label, well, that’s part of the cost of doing business. Always has been where IP is concerned so I won’t lose any sleep over it and nor should anyone else despite what apologists like OOTB say.

The key thing in the Common Law is that it takes a number of rulings and precedents to clearly establish a response to a given issue. Little or none if it occurs “overnight”. When you say “But that doesn’t allow the judge to concoct this data retention and retroactive deletion requirement out of thin air like he did. If sideloading is impossible for copyright owners to police, it’s Congress’ job to address it,” you are 90% wrong. The vast majority of the Common Law is decided by and defined by courts and juries. Civil codes or Statue Law, while present in most jurisdictions, form a tiny part of the Common Law with rulings and precedents stretching back to the says of King Alfred The Great who set the system up. Where Statue Law is insufficient or lacking legally then a judge is expected to, guided by precedent, rule in the fashion this judge has. An Appeals Court overturning this ruling automatically isn’t expected simply because of the novelty of the ruling. Disabling a link to an allegedly infringing file is one of the normal responses now to a take down notice. The file remains, however, until the dispute is resolved one way or another until the dispute is settled. That is expected under the DCMA, if I understand it correctly.

As for record keeping while it may be novel in this context it’s hardly unheard of in the real world of running web sites, at least good ones that allow user participation. It’s become, over time, the normal way of doing business. Site builders like Jommla!, Drupal and WordPress set up their databases doing just that.

Nor does it come out of thin air. EMI had been demanding this or a similar ruling from the start. On the surface they got it which may appear to be a win for them but I think they’ll live to regret that they ever put this card in play as the quality of the records will improve and may do more to prove a non-infringing use by the person who up/side/standing-on-my-head loading.

As to your question about privacy, please keep in mind that privacy is not the same as anonymity. The context you use it in indicates, to me, that confusion. If a file locker requires registration then there is plainly no anonymity of a transaction in that the user must be logged in in order to upload or side load. I’d guess that to the extent strong privacy laws exist in the United States that State laws would prevail as a result of this ruling.

I’d also agree that ultimately Congress and various States will have to take this matter up to address some of the issues you bring up though I’m also sure that in the broad ocean of Common Law the answers already exist. From their records I don’t expect much from the legislative process at this time because all they tend to do is view things in the *AAs extremist views which could eliminate the gains in this ruling rather than clarify anything. “Be careful what you pray for.”

It’s equally true that technology itself will move in to correct some of what you see as flaws. Servers such as Apache have a greater ability to identify and deal with ephemeral IP addresses for their own security rather than anything the *AAs want to make use of. IPv6 will mean a complete rethink on the IP maximalist side of things as a direct result of how it’s structured and the security features built into it.

Keep in mind, too, that there has been a general acceptance by the courts that an IP address does not lead to identification of a human being at either end of the transaction. So the record keeping the ruling requires, which is only a minor change in how many sites operate now, may not interfere with privacy though again keep in mind that privacy and anonymity are two entirely different things.

Though the ruling is far from perfect it does mark a giant step forward, in my opinion from the situation that exists now and may reduce the constant abuse of process the MAFIAA, as you call them, indulge in. Nor do I see anything which would cause an appellate court to overturn the entire ruling. Once again, the setting of a potential precedent and that the novelty of parts of the ruling by themselves aren’t grounds unless they have drastically changed or, more likely, ignored the Statue and Common Law as it stood before the ruling was made. If either had been the case the MAFIAAs lawyers would be screaming blue murder by now and they don’t appear to be by all reports.

TtfnJohn (profile) says:


As Mike’s pointed out the cost has always been borne by the rights holder. It’s only since the “rights holders” have decided that everyone and every file is a real or potential thief that costs such as this have become an issue.

“Can you imagine how much it would cost if each copyright holder in the world had to hire enough staff to check every file locker, every p2p site, all the millions of torrents and every search engine daily to track down violators?”

There, FIFY.

Not that it makes any more sense but might as well take it all in. They don’t HAVE to now. They CHOOSE to. There IS a difference.

The *AAs have hired people to do just that for all the good it’s done them I doubt that “piracy” has declined all that much. It’s like looking for prions and much less useful to society as a whole. Nor has it added a penny to the productivity of the rights holders when the money spent on tracking down the monster under the bed than busting grannies and 14 year olds.

I don’t know how much longer they can withstand all this before the costs of lawyers, shady investigative firms who seem to find “pirates” in the atoms of water, buying legislators and governments around the planet, propping up ACTA and TPP and ever increasing profits drive them into the poor house and eventual bankruptcy. Or worse some sort of Dickensian workhouse to pay off their debts while they exist on gruel instead of caviar.

Oh, and the high judgements are a result of Statue Law and bought off legislators not, in almost all cases, the validity of their case or evidence of real damages caused.

Cry me a river of crocodile tears.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...