Today, the Chilling Effects Clearinghouse posted a cease-and-desist letter from MediaDefender to gpio.org complaining that MediaDefender's leaked emails had been posted to the site. The operator of the site, which subsequently moved to http://mediadefender-defenders.com (but not because of the letter), also posted the letter and his reply. His reply quite effectively points out that he and his server are in Norway and thus "it appears that your legal grounds for throwing letters at me claiming this-or-that is shaky enough that you might want to relocate."
This exchange reminded me of an article in Ars Technica a few weeks back discussing the reactions of peer-to-peer site operators to similar letters from MediaDefender. I meant to post on this article at the time, but forgot about it until today. The gist of the story is that some peer-to-peer site operators received cease-and-desist letters from MediaDefender and responded with blistering comments ridiculing the MediaDefender lawyers for their impoverished understanding of U.S. copyright law. For example:
[isoHunt's] formal response to SMR&H is filled with caustic wit and considerable legal expertise. "If Mr. Gerber is truly as experienced in IP law as his bio claims he is," asks the isoHunt administrator in his response, "why is it that he is incapable of composing a DMCA takedown notice as per USC Title 17 Section 512?" The isoHunt administrator explains that Gerber failed to adequately specify the allegedly infringing content as required by law. The administrator also helpfully provides a link to a valid sample complaint so that SMR&H will be less likely to send the improper information in their second attempt. The following is an excerpt of the isoHunt administrator's response:
"This e-mail serves as a counter notification under USC Title 17 Section 512(c)(3)(A)(iii) that you have failed to properly identifying links to content that allegedly infringes your copyright/trademark/rights (or, in this case, has something to do with really embarrassing trade secrets *and* employee social security numbers) AND you have failed to address your e-mail to the appropriate agent, namely email@example.com, so I invite you and your clients to take a long walk off a short pier, since you and/or your clients might actually manage to NOT get something that simple wrong."
In closing, the isoHunt administrator says that the he will comply with the request if it is properly submitted. "Despite us being located in Canada, if you do actually figure out how to compose a valid DMCA notice, we will honor it," he concedes, "just as soon as we're done laughing at you."
Don't get me wrong -- I understand the widely felt animosity towards MediaDefender these days. But I'm not so sure that isoHunt's "considerable legal expertise" hits the mark here. The DMCA notice-and-takedown provisions, found at 17 U.S.C. 512(c), only apply to claims of -- wait for it -- copyright infringement. Now, I didn't see the letter that isoHunt received, but it's a good bet that it's identical to the one gpio.org received. Guess what? No claim of copyright infringement there -- just the assertion that posting MediaDefender's emails violates (1) the federal Computer Fraud and Abuse Act; (2) the federal Electronic Communications Privacy Act; and (3) the California Computer Data Access and Fraud Act. (This fits with Ars Technica's description of the isoHunt letter, which apparently cited "various sections of the Computer Fraud and Abuse Act, the Electronic Communications Privacy Act, and the California Computer Data Access and Fraud Act.")
The letter requests that gpio.org "immediately and permanently cease and desist from posting, distributing or otherwise making available MediaDefender's trade secrets and confidential information, and provide us with written confirmation regarding the same." This essentially looks like a trade secrets case, albeit a complicated one.
The formula is simple: no claim for copyright infringement, no DMCA takedown notice, full stop.
My guess is that MediaDefender is not asserting claims of copyright infringement because of an important case, Online Policy Group v. Diebold, Inc., 337 F. Supp.2d 1195 (N.D. Cal. 2004). In that case, Diebold, a manufacturer of electronic voting machines, sent DMCA takedown notices to a number of ISPs that were hosting leaked internal Diebold documents revealing flaws in its machines. The DMCA notices claimed that posting the company's internal email archive violated Diebold's copyrights and demanded that access to the email archive be disabled. An ISP and the two college students who were posting the documents sued Diebold, and the district court held that Diebold had violated Section 512(f) of the DMCA, which makes a copyright owner liable for damages, including costs and attorneys' fees, for "knowingly materially misrepresent[ing]" in a takedown notice "that material or activity is infringing." The court found that portions of the email archive were so clearly subject to the fair use exception that "[n]o reasonable copyright holder could have believed that [they] were protected by copyright." According to the EFF, Diebold subsequently agreed to pay $125,000 in damages and fees. Needless to say, there are some strong factual similarities between the Diebold leak and MediaDefender's troubles over the last couple of weeks.
There was no reason why MediaDefender had to send isoHunt a valid DMCA takedown notice under the circumstances, and the company's mocking response -- while amusing -- was not coherent from a legal point of view. This was just an ordinary cease-and-desist letter, much like the ones that website operators receive all the time in defamation cases. The DMCA gets a great deal of attention in discussions of online speech, especially in technical circles. This attention is warranted, and vigorous debate about this controversial provision of the Copyright Act is necessary. But it's important to remember that there are other legal issues affecting your online activities.