Criminal Liability v. Civil Liability under the DMCA
In January 5, 2012, a U.S. District Court grand jury in the Eastern District of Virginia issued an indictment against Megaupload Limited, Vestor Limited, and the company’s principal officials.[1] Pursued by the U.S. Department of Justice, the indictment charges Megaupload and its affiliates with conspiracy to “commit and profit from copyright infringement” through the operation of its domain name and other associated websites.[2] Aside from the “generic” criminal charges of racketeering and conspiracy under 18 U.S.C. § 1962(d) and 18 U.S.C. § 371, the Department of Justice is heavily relying on the Digital Millennium Copyright Act (DMCA) to prosecute these criminal charges against Megaupload.[3] More specifically, the Feds claim that Megaupload and its principals willingly conspired to commit criminal copyright infringement, in violation of 17 U.S.C. § 506(a)(1)(A) and 18 U.S.C. § 2319(d)(2).[4]
As most of us already know, the DMCA is both a criminal and civil statute, meaning that a copyright violation suit may be brought both by the federal government to impose criminal sanctions and by a private party seeking civil injunctive and monetary relief. However, although the DMCA can and has been used to bring both criminal and civil suits against copyright violators, it is unclear what specifically causes the federal government to prosecute for copyright infringement in a small handful of cases, instead of allowing the infringement to be dealt with civilly. In any case, there are a few sections in the DMCA that may help identify what factors the federal government looks for when deciding whether to criminally prosecute for copyright infringement. First, it should be noted that under the DMCA, criminal infringement is comprised of the same elements as civil infringement.[5] This indicates that the “unless [the] conduct meets the requirements for civil infringement, it is not a crime.”[6]
If this is the case, then when does a civil violation turn into criminal conduct? The answer is hidden within 17 U.S.C. § 506(a)(1), which states, in part, that criminal infringement arises when “[a]ny person . . . willfully infringes a copyright.”[7] This focus on mens rea really brings me back to our basic Criminal Law class during 1L year. Are any other law students getting horrific flashbacks? No? Okay. Anyway, the statute also indicates that willful infringement must be committed (1) “for purposes of commercial advantage or private financial gain,” (2) “by the reproduction or distribution . . . of . . . copyrighted works, which have a total retail value of more than $1,000,” or (3) “by the distribution of a work being prepared for commercial distribution . . . if such person knew or should have known that the work was intended for commercial distribution.”[8] Megaupload, in the indictment, has been accused of copyright infringement for the purpose of financial gain, since it has been profiting from advertisements and its premium subscriptions.[9] Moreover, the company employed several tactics that, according to the federal government, gave the illusion of compliance with the DMCA provisions, including an “abuse tool” that did not actually remove copyrighted files from the website, but would only remove a specific web address to the file in question.[10] The federal government fully believes that Megaupload only wanted to create the “veneer of legitimacy, while its employees knew full well that the site’s main use was to distribute infringing content” and it claims that several emails and chat logs between Megaupload employees prove Megaupload’s actual knowledge of (and even participation in) infringement.[11]
If all of this is true, then the Feds have a good foundation for a criminal case against Megaupload, especially since Megaupload would not be able to use the Safe Harbor provisions as a defense.[12] However, my question is, why did the government choose Megaupload when it seems like such a difficult case to pursue? For the most part, the principals of Megaupload are residents and citizens of other countries and Megaupload was incorporated in Hong Kong.[13] Yes, we could go into the intricacies of civil procedure, minimum contacts, personal jurisdiction, and etcetera, and the government could have legitimately seen a way to reach jurisdiction over Megaupload, one of the largest and multi-national file-sharing websites in the world. However, it seems strange to me that the government decided to pursue Megaupload over a more accessible (i.e., domestic) file-sharing website, at least as a test for success. For example, Grooveshark is based here in Florida and was actually started right in Gainesville.[14] Grooveshark does not have a licensing agreement with any of the labels of the music it streams to its users.[15] The company, like Megaupload, also profits from advertisements and it is also alleged, in the pending civil lawsuits against it, that its employees had actual knowledge of infringing activity.[16] Even more compelling, Grooveshark also mirrors Megaupload in its faulty and temporary take-down procedures.[17]
Am I missing something? It seems the federal government is not basing its decision to pursue criminal prosecution solely on the DMCA and corresponding statutes. Of course, there are many reasons why the government would want to pursue Megaupload over Grooveshark. Megaupload is more international than Grooveshark and possibly contributes more to copyright infringement and it also allows its users to download files for their own use, while Grooveshark is merely a streaming service. However, as I stated previously, there are also many reasons why it would be more difficult to pursue Megaupload than Grooveshark (i.e., being cyber-attacked by Anonymous, “hacktivist” collective,[18] although that was probably more foreseeable in retrospect). Is the answer just a simple case of prosecutorial discretion? And if it is, who makes that decision? I would love to know.
[1] United States v. Megaupload Limited, Citizen Media Law Project (Feb. 6, 2012), http://www.citmedialaw.org/threats/united-states-v-megaupload-limited.
[2] Id.
[3] A Few Notes By A Federal Criminal Practitioner On The Megaupload Indictment, Popehat (Jan. 20, 2012), http://www.popehat.com/2012/01/20/a-few-notes-by-a-federal-criminal-practitioner-on-the-megaupload-indictment/.
[4] Id.
[5] Gerdaldine Szott Moohr, The Crime of Copyright Infringement: An Inquiry Based on Morality, Harm, and Criminal Theory, 83 B.U. L. Rev. 731, 739 n.28 (2003) (citing to United States v. Larracuente, 952 F.2d 672, 674 (2d Cir. 1992)).
[6] Id. at 739.
[7] 17 U.S.C. § 506(a)(1) (emphasis added).
[8] 17 U.S.C. § 506(a)(1)(A)–(C).
[9]Indictment at 3, United States v. Kim Dotcom, available at http://www.scribd.com/doc/78786408/Mega-Indictment.
[10] Nate Anderson, Why the feds smashed Megaupload, ArsTechnica (Jan. 19, 2012, 6:14 PM), http://arstechnica.com/tech-policy/2012/01/why-the-feds-smashed-megaupload/.
[11] Id.
[12] Id.(arguing that if Megaupload is proved to have actual knowledge of the infringing activity, then the Safe Harbor provisions do not apply as a defense). Interestingly enough, it seems that even if the federal government cannot prove that Megaupload had actual knowledge, Megaupload would still not be able to use the Safe Harbor Provisions as a defense because the Safe Harbor provisions only protect OSPs when pursued civilly for “monetary relief, or . . . for injunctive or other equitable relief.” More Notes On Federal Criminal Law And The Megaupload Case, Popehat (Jan. 24, 2012), http://www.popehat.com/2012/01/24/more-notes-on-federal-criminal-law-and-the-megaupload-case/ (citing to 17 U.S.C. § 512(c)(1)).
[13] Indictment, supra note 9, at 13–18.
[14] Grooveshark’s Interview,STARTUPS Open Sourced, http://www.startupsopensourced.com/groovesharks-interview/ (last visited Oct. 14, 2012).
[15] See Steven Musil, Grooveshark now feels lawsuit wrath of all major music labels, CNET News (Jan. 5, 2012, 8:51 PM), http://news.cnet.com/8301-1023_3-57353515-93/grooveshark-now-feels-lawsuit-wrath-of-all-major-music-labels/.
[16] Greg Sandoval, Lawsuit claims Grooveshark workers posted 100,000 pirated songs, CNET News (Nov. 18, 2011, 2:54 PM), http://news.cnet.com/8301-31001_3-57327815-261/lawsuit-claims-grooveshark-workers-posted-100000-pirated-songs/.
[17] Ben Sisario, Sony and Warner Are Said to Sue Web Music Service, N.Y. Times, December 14, 2011, at B2, available at http://www.nytimes.com/2011/12/15/business/media/sony-and-warner-are-said-to-join-suit-against-grooveshark.html?_r=0&adxnnl=1&adxnnlx=1349800018-NBKYWnlyX2ajridCvZfmTw.
[18] Laurie Segall, Anonymous strikes back after feds shut down piracy hub Megaupload, CNN Money (Jan. 20, 2012, 6:36 AM), http://money.cnn.com/2012/01/19/technology/megaupload_shutdown/index.htm.
Criminal Law in the Virtual Context 
To respond to Amy’s concluding thoughts, I think the government has wide discretion as to whether to pursue criminal penalties and it does so inconsistently. The wide discretion is some people’s biggest criticism of the DMCA, along with more general criticism that criminal penalties even belong in copyright law. That the government chose to do so here created a number of problematic effects. A major one is that the government seized Megaupload’s funds, meaning that 1,100 servers at their web host, Carpathia, have no one to pay for them. The servers are inaccessible, the content owners cannot get their data back, and Carpathia is stuck with a $9,000 per day bill, even though Megaupload would pay the fees if the government un-froze its accounts. Kyle Goodwin, owner of OhioSportsNet, ran his business using Megaupload storage and has been locked out of his business data since January. SInce then, he has been trying to get a hearing on behalf of himself and other users of the service and has only recently been granted one.
The various parties have been reduced to finger-pointing because the criminal enforcement process has taken down a business that would otherwise be paying its bills and fighting a civil action. Carpathia would like to re-purpose the servers and move on with life. The government’s response has been to deny that they have any responsibility to preserve legitimate users’ data. Meanwhile, the MPAA, ever rational, has gone so far as to claim that copying the servers’ data to a trustee who can at least preserve it until the matter is sorted out is ITSELF copyright infringement.
The difference between Megaupload and Grooveshark could just be the quality of evidence of willful infringement. A lot of the complaint against grooveshark is based on a post by an anonymous internet commentator (“visitor”) claiming visitor is an employee and this is the company practice. (Not the most reliable evidence there) There were other emails claiming the inability to remove songs was a technical defect, not a deliberate attempt to distribute without permission.
Megaupload’s problem was that their MD5 identifiers kept infringing material on their servers after they claimed to follow DMCA takedown requests. Megaupload also demonstrated they could have removed the MD5 for the file as they did for things like child porn.
Procedural issues aside, Megaupload’s method of infringement during the investigation appeared more “willful.”
I would think that one of the main draw to taking on Megaupload would be that toppling this giant, would make it easier to shut down all of the smaller sites violating the DMCA. I also wonder if, given the international nature of Megaupload, the government is attempting to set an example to other countries that we take our copyright laws seriously.
Of course, a more cynical take would be that the federal government is responding to the teams of lobbyists hired by companies whose rights have been infringed on by Megaupload.
I agree with Zack in that I think the government is going to bring the cases with the best proof. Along those lines, the simplest explanation is probably that prosecutors aren’t going to bring cases unless they think that they can win. While there are probably added benefits of taking down a site like Megaupload, I think that the government would also be pursuing cases against other sites if they had to proof to be successful.
With Grooveshark being so closely tied to Gainesville, it will be interesting to see how all of this unfolds for them.
I agree with the comments that have mentioned that Megaupload was targeted because they have the most proof against them. I also feel like the government is targeting them because successfully prosecuting Megaupload would send a message to smaller organizations. Smaller companies that have emulated Megaupload, but that do not have the same funds to fight such a lawsuit, would undoubtedly be deterred from continuing to operate if they were to see Megaupload face criminal sanctions. It also seems that the mens rea element to the DMCA would be the focal point of both the criminal and civil cases, including the one against Megaupload. From my perspective it seems that committing copyright infringement on the internet is relatively easy given the accessibility of information and the technological abilities of computers and their users. The key will be whether the user willfully committed copyright infringement. It will be interesting to see what specific facts the government brings forth, not just against Megaupload but also against any future cases they pursue, to prove willfulness on the part of the companies.
The amount of enforcement discretion that our criminal justice system has is appalling to me. When the enforcers of a hierarchical system are given broad discretion to choose how they wield their power, abuse will always follow. For example, NYC’s Stop and Frisk policy ends up being 87% black or latino. And in 2011 only 1.7% of stops resulted in finding a weapon (reducing violent crime is the city’s argument for the unconstitutional policy).
I do not know what the statistics are for the criminal branch of the DMCA, but I would guess it has, at the least, a skewed curve of discrimination against a class of business owner that differs from the particular values of the authoritarian power. The fact that the gov. has discretion to pick and choose those it harasses seems to inevitably result in poor choices (for the case against MegaUpload is considered pretty much a disaster). I will take a moment to be balanced and say not every prosecution is based in bias and unduly discriminatory, but the point is that broad discretion inevitably exploits human bias and human bias is often an ugly thing.
I think that some prosecutorial discretion is necessary. I also think that it is a good thing that, whatever the reason may be, the government is not using its prosecutorial discretion to go after the easier target. It seems apparent that there are many factors that the government takes into consideration when deciding how to use its prosecutorial discretion and I do not pretend to know all of the considerations that went into the decision to prosecute MegaUpload instead of some other potential violator of the DMCA.
I think that there should be a significant difference between conduct that is civilly wrong and conduct that is criminally wrong. It seems that there is fundamentally a problem with a statute that can be used for both civil lawsuits and criminal prosecution. Although there is a slight difference between the requirements for both, the fact that both civil and criminal penalties are derived from the same statute will always create problems and potential second-guessing of prosecutorial discretion.
The question of “Why Megaupload?” is an interesting one. There seem to be some clear advantages and disadvantages for going after Megaupload. And while there are obvious problems with the prosecution using discretion to go after certain violators and not others, it seems necessary that they do make these decisions. James makes an interesting point about using discretion only to prosecute certain races, but in the DMCA context it would be incredibly impractical to go after everyone. So many Americans are individually violating the DMCA every single day that it would be absolutely absurd to see them try to prosecute every one of them. I know I was scared out of my mind when my parents explained to me that someone owed hundreds of dollars on each song they had illegally downloaded using “Napster”, the same program I was using way back in the day. I had no idea what I was doing was wrong. I think the American people now are more aware of what is and is not legal, but it makes sense that prosecutors would need to start off by attacking the big companies who are clearly committing willful violations. That way, the story will be more likely to appear in the news and people will be more educated before they get in trouble for something they did not even realize was wrong.
First of all I believe that mega upload was targeted to set an example. Megaupload was a huge infringer; its pages had over 50 million visitors a day. Just as with any other crime federal authorities tend to try and take down the largest offends first. Second, As Zach, said it may be difficult to prove the willfulness requirement of the DMCA. I believe Groveshark’s actions tend to try and comply with the regulations even though there actions may be on the wrong side of grey line. Grooveshark tends to fall somewhere between the legal Pandora and the illegal megaupload. In my opinion the criminal provisions of the DMCA will not be used that often because the willfulness requirement sets a high burden on the state.
Prosecutorial discretion is always an interesting thing. While it makes sense to have a system where all players who have authority to make an arrest or to bring charges have a certain range of discretion to make those decisions. The major problem that presents is that those who are interested in these decisions have little guidance on how the discretion is exercised and in most cases the decisions are not reviewable. That being said, we also see a similar discretionary choice being made within the securities environment. Why pursue a civil case against JP Morgan for example, when a criminal case might also be appropriate. There may be many factors that impact the decision: can the higher standard of proof for a criminal case be met? Does the government want to send a message or is it more interested in a financial settlement? Does it perceive the offenders as criminal wrong doers or businesses that merely went astray?
A decision to pursue criminal sanctions in this context is fairly rare, which makes the MegaUpload case that much more interesting. I do believe the government is trying to send a message about its willingness to protect the IP interests of U.S. creators. However, having said that, it is interesting that so far the attempt to prosecute MegaUplaod has been dogged by legal mistakes, such as the inability to meet the requirements for extradition. In order to try Kim Dotcom, the government has to get him here. If even that cannot be done properly, it doesn’t give one much confidence that they can pull off the rest of the case. But, we shall see.