Abuse of Copyright Law Online to Remove Dissent and Criticism

The Washington Post recently reported on a “reputation management” company called Eliminalia which purported to clean up the online reputation of its clients and customers and make negative information “disappear.” Now, there are lots of legal and ethical ways to respond to false information, disinformation and even negative information online, including countering the information with “good” or “positive” information and even “astroturfing”—creating lots of (AI-generated?) positive press—though the latter is ethically dubious. But one of the techniques allegedly used by Eliminalia was to get critical information removed using a copyright management law. According to the Post’s reporting:

“Between 2015 and 2021, Eliminalia sent thousands of bogus copyright-infringement complaints to search engines and web hosting companies, falsely claiming that negative articles about its clients had previously been published elsewhere and stolen, and so should be removed or hidden, the company records show. The firm sent the legal notices under made-up company names, the examination found.”

The technique is more widespread than one might think.

The Digital Millennium Copyright Act (DMCA) is a U.S. law enacted in 1998 to address copyright issues in the digital age. Among other things, the DMCA provides for a takedown process whereby copyright owners can request that internet service providers (ISPs) remove or disable access to infringing content. However, the DMCA takedown process has been widely abused, with many copyright owners using it to squelch dissent or criticism without regard for the perjury requirement or the fair use doctrine.

The Digital Millennium Copyright Act Process

The DMCA takedown process requires that copyright owners submit a takedown notice to an ISP identifying the allegedly infringing content and declaring, under penalty of perjury, that they have a good faith belief that the content is infringing. The ISP must then promptly remove or disable access to the content. The alleged infringer can then submit a counter-notice, and if the copyright owner does not take legal action within 10 to 14 days, the ISP can restore the content.

As a balance between a cumbersome copyright infringement lawsuit for every single digital copy posted online and a simple removal process, the DMCA required copyright holders and their agents to have a good faith basis for the removal. Instead of what the law would call a “verified pleading” in a lawsuit or a court complaint which would be subject to Rule 11 of the Federal Rules of Civil Procedure which implicitly represents that the allegations in the lawsuit are true, have a factual and legal basis and are not done for any improper purpose, the DMCA requires the takedown request to contain a “statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law” and a “statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.”

However, the perjury requirement is not enforced, and copyright owners often submit takedown notices without a good faith belief that the content is infringing. For example, in Lenz v. Universal Music Corp., a mother uploaded a video to YouTube of her toddler dancing to the song “Let’s Go Crazy” by Prince. Universal Music Corp. sent a takedown notice to YouTube, claiming that the video infringed their copyright. The mother sued Universal Music Corp. for misrepresenting that the video was infringing, but the case was dismissed, and the court found that copyright owners only need a subjective belief that the content is infringing, not an objectively reasonable belief.

Lying Robots

In 2012, the Electronic Frontier Foundation (EFF) published a report on the use of automated DMCA takedown notices by content owners. The report found that many takedown notices were sent for non-infringing content, including fair uses such as criticism, commentary and news reporting. The report also found that many takedown notices were sent automatically without any human review, leading to false positives and the removal of legitimate content.

As a result, these automated programs are sending out thousands of DMCA takedown requests a day, demanding that ISPs remove copyrighted materials and stating under oath that the ISP’s hosted content is infringing the rights of the copyright holder and that there is no lawful basis for the publication, when there is no basis for this assertion. The robot is wrong, but the demand is made under penalty of perjury. So who is punished for the criminal violation of the perjury statute? The robot? The programmer? The answer is—nobody.

Impact on ISPs

The abuse of the DMCA takedown process is not only a problem for free speech and fair use but also for the administrative burden it places on ISPs and the legal system. The DMCA takedown process places a heavy burden on ISPs to comply with takedown notices, even if they are frivolous or abusive. The DMCA also provides for damages for misrepresentations in takedown notices, but these damages are rarely sought or awarded.

Abuse of DMCA

This lack of enforcement of the perjury requirement has led to widespread abuse of the DMCA takedown process, with copyright owners using it to squelch dissent or criticism. For example, in 2019, the non-profit group Public.Resource.Org published thousands of standards developed by private organizations, such as the National Fire Protection Association and the American Society for Testing and Materials. The standards had been incorporated by reference into federal and state laws and regulations but were not available to the public without purchasing them from the private organizations. The organizations sent takedown notices to Public.Resource.Org, claiming that they owned the copyright in the standards, but Public.Resource.Org argued that the standards were not subject to copyright because they had been incorporated by reference into law. The court agreed, and held that the standards were not copyrightable, but the organizations continued to send takedown notices, leading Public.Resource.Org to file a lawsuit for abuse of the DMCA takedown process.

Similarly, in 2020, the Center for Investigative Reporting published a report on Facebook’s content moderation practices, relying in part on internal documents leaked by a former Facebook employee. Facebook sent a takedown notice to the Center for Investigative Reporting, claiming that the report contained copyrighted material, but the Center for Investigative Reporting argued that the use of the documents was a fair use. Facebook subsequently withdrew the takedown notice, but the incident illustrates how copyright owners can use the DMCA takedown process to suppress critical reporting.

Furthermore, the DMCA takedown process can also be used to prevent fair uses of copyrighted materials, even if no actual infringement has occurred. The DMCA does not require an allegation of infringement but only of unauthorized use, which can encompass a wide range of activities that might be considered fair use under copyright law. For example, in 2015, the company Automattic, which operates the blogging platform WordPress, received a takedown notice from the publisher of the novel “The Truth About the Harry Quebert Affair,” claiming that a user had posted an excerpt from the book as a comment on a blog. Automattic believed that the use of the excerpt was a fair use, but it still had to disable the comment and inform the user of the takedown notice.

Similarly, in 2018, the non-profit group Freedom of the Press Foundation received a takedown notice from Sony Pictures Entertainment, claiming that a trailer for the film “The Interview” infringed on their copyright. However, the trailer included clips from news reports about the film and the Freedom of the Press Foundation argued that the use of the clips was a fair use. Sony subsequently withdrew the takedown notice, but the incident illustrates how the DMCA takedown process can be used to suppress political speech and critical reporting.

In another case, NASCAR demanded that YouTube take down videos made by spectators at an event where a car crashed into the stands, causing horrific injuries. NASCAR claimed a copyright to the videos because they were made in a stadium used by NASCAR, and they claimed that the spectators were required (by signs posted in the stadium) to assign the rights to their homemade videos to NASCAR. On this slender reed, NASCAR sent DMCA takedown demands to YouTube (which it later claimed it did out of respect to the victims). The problem here was not copyright infringement but bad publicity. Remember, that DMCA takedown demand was made under penalty of perjury. Did anyone go to jail for the false certification? Not on your life.

Go Ahead, Lie to Me

In addition to the abuse of the DMCA takedown process, there is also a lack of enforcement when it comes to perjury. The perjury requirement is intended to deter copyright owners from submitting false or fraudulent takedown notices, as they could be subject to legal penalties for making false statements under penalty of perjury. However, to date, there have been no known cases of anyone being prosecuted for perjury in connection with a false DMCA takedown demand.

This lack of enforcement has further emboldened copyright owners to use the DMCA takedown process to squelch dissent or criticism without any fear of legal repercussions. For example, in 2015, the Electronic Frontier Foundation (EFF) filed a lawsuit against the law firm of Prenda Law which had filed numerous fraudulent copyright infringement lawsuits on behalf of a pornography company. The lawsuits were based on alleged infringements of videos that Prenda Law had uploaded to file-sharing sites themselves, and then sent takedown notices for. The EFF argued that the takedown notices were fraudulent and therefore constituted perjury. However, while Prenda Law was eventually sanctioned and disbarred for its conduct, no one was prosecuted for perjury.

We have made it easy for companies, people, and robots (and now AI-powered robots) to demand that stuff be taken down with little or no consequence for false certifications. While the problem of infringement is real, is huge and is growing, the DMCA perjury requirements need to be used to ensure that the real reason that stuff is being removed is “To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries” and not simply because we don’t like what someone has to say. It won’t change until someone goes to jail. Certainly that “someone” won’t be me. Hopefully, it won’t be you either.

Avatar photo

Mark Rasch

Mark Rasch is a lawyer and computer security and privacy expert in Bethesda, Maryland. where he helps develop strategy and messaging for the Information Security team. Rasch’s career spans more than 35 years of corporate and government cybersecurity, computer privacy, regulatory compliance, computer forensics and incident response. He is trained as a lawyer and was the Chief Security Evangelist for Verizon Enterprise Solutions (VES). He is recognized author of numerous security- and privacy-related articles. Prior to joining Verizon, he taught courses in cybersecurity, law, policy and technology at various colleges and Universities including the University of Maryland, George Mason University, Georgetown University, and the American University School of law and was active with the American Bar Association’s Privacy and Cybersecurity Committees and the Computers, Freedom and Privacy Conference. Rasch had worked as cyberlaw editor for SecurityCurrent.com, as Chief Privacy Officer for SAIC, and as Director or Managing Director at various information security consulting companies, including CSC, FTI Consulting, Solutionary, Predictive Systems, and Global Integrity Corp. Earlier in his career, Rasch was with the U.S. Department of Justice where he led the department’s efforts to investigate and prosecute cyber and high-technology crime, starting the computer crime unit within the Criminal Division’s Fraud Section, efforts which eventually led to the creation of the Computer Crime and Intellectual Property Section of the Criminal Division. He was responsible for various high-profile computer crime prosecutions, including Kevin Mitnick, Kevin Poulsen and Robert Tappan Morris. Prior to joining Verizon, Mark was a frequent commentator in the media on issues related to information security, appearing on BBC, CBC, Fox News, CNN, NBC News, ABC News, the New York Times, the Wall Street Journal and many other outlets.

mark has 203 posts and counting.See all posts by mark