Making Safe Harbors Expire Is Dangerous and Unnecessary

Under a new rule from the Copyright Office, website owners could be exposed to massive risk of copyright liability simply for neglecting to submit an online form on time. The rule could eliminate the safe harbor status that thousands of websites receive under the Digital Millennium Copyright Act (DMCA).

Current law (17 U.S.C. § 512, which was enacted as part of the DMCA) protects the owners of websites and online services from monetary liability based on the allegedly infringing activities of their users or other third parties. Owners must meet many requirements in order to be eligible for that protection, including participating in the notice-and-takedown procedure for allegedly infringing content.

They also must register an agent with the Copyright Office, someone who can respond to takedown requests and other communications. The Copyright Office rewrote the registration process this week, requiring everyone to re-register before December 31, 2017, and renew that registration every three years. When website owners inevitably forget to renew, copyright holders will be able to take advantage of that mistake to hold them liable for their users’ infringing activities. In fact, it will be trivial for abusive copyright holders to use the Copyright Office’s own system to compile lists of sites at risk.

The change comes as part of a multi-year project to modernize the system for registering authorized agents. Clearly, the system needed an update: the current system of scanned-in documents (PDF) is absurd; a new online database is long overdue. But as we’ve repeatedly warned the Office, automatic expirations shouldn’t be a part of the new system. They’ll do far more harm than good.

The Copyright Office’s announcement offers a litany of explanations for the change, but none of them are persuasive, and certainly none of them come close to outweighing the risks.

The Office says that the contact information for 65% of the sites in its database are different from the designated agent information that owners gave on their own sites. As Internet law expert Eric Goldman points out, that doesn’t mean that the current entries are incorrect:

Did the Copyright Office consider that service providers might offer copyright owners multiple ways to provide legitimate notice? The statute doesn’t require the onsite disclosures to mirror the contact info in the Copyright Office’s designation; and in fact it’s likely that many registrants updated their contact procedures over time but saw no reason to pay the Copyright Office to amend the existing designation–especially if they didn’t deprecate the prior contact mechanisms.

The Office also mentions that its database of authorized agents includes some defunct websites and companies. Again, the best response would be, “So?” A database with some defunct entries is a small price to pay for a vital protection that websites rely on. Besides, as Goldman notes, the problem of website owners failing to update their records solves itself: they miss takedown notices and lose the safe harbor.

The Copyright Office highlights that under the new system, the cost of registering a designated agent will be lower. That’s great news, and it makes sense: processing registrations will certainly be less time-consuming. But it still doesn’t justify or explain the need for renewals.

What’s truly frightening about this rule is who it’s likely to affect the most. YouTube and Facebook will be fine. It’s small companies, small nonprofits, and activist groups that are at risk—the same groups that are most poorly poised to fight copyright infringement suits. As we told the Copyright Office earlier this year, DMCA 512 already imposes a long list of conditions on service providers, and we’ve seen many well-meaning service providers lose their status over technicalities. Requiring providers to commit to updating their registrations indefinitely is a step too far.

Safe harbors are an essential part of how the modern Internet works. Any proposal that either weakens safe harbor protections or piles more responsibilities on participants requires extra scrutiny. We fear that this new rule will lock out precisely the organizations that most need safe harbor status.