I. INTRODUCTION

The Digital Millennium Copyright Act, passed in the dying days of the 105th Congress, dramatically alters the standards for imposing third party copyright liability on ISPs, search engine services, portals and other entities that qualify as "Service Providers" under the terms of the Act. The statute, which took effect on the day it was signed into law, imposes three threshold requirements and multiple, specific obligations, which must be complied with for a Service Provider to claim any one of five different liability limitations created by the new law. Service Providers that fail to implement new procedures therefore will be unable to benefit from the Act's safe harbor provisions.

II. CASE LAW ON SERVICE PROVIDER LIABILITY

Under existing case law, a Service Provider may be held liable for copyright infringement for the acts of third parties under theories of direct or contributory infringement or vicarious liability. Liability for direct infringement may be imposed regardless of a defendant's intent. Although the Copyright Act imposes strict liability, some lower courts have held that direct liability may be imposed on an online service provider for material posted by third parties only if the provider engaged in some "volitional conduct" or "direct action" to further the infringement.

Liability for contributory infringement may be imposed where a person or entity "induces, causes or materially contributes to the infringing conduct of another . . . ." Liability for contributory infringement is "predicated upon 'the common law doctrine that one who knowingly participates or furthers a tortuous act is jointly and severally liable with the prime tortfeaser . . . .'"

Vicarious liability traditionally may be imposed where a defendant (1) has the right and ability to supervise the infringing activity, and (2) has a direct financial interest in such activities. Vicarious copyright liability may be traced to two conflicting lines of cases: those involving landlords, who were held not liable for the infringing acts of their tenants when they lacked knowledge of the infringing conduct and exercised no control over the leased premises, and the so-called "dance hall cases," in which dance hall owners were held liable for infringing performances, because they were able to control the premises and received a direct financial benefit from the audience, which paid to enjoy the infringing performance. By definition, vicarious liability, like direct liability, is imposed without regard to a defendant's intent.

Liability for direct or contributory infringement or vicarious liability theoretically could be imposed on Service Providers at any point over the Internet where a temporary copy is made. In MAI Systems Corp. v. Peak Computer, Inc., the Ninth Circuit held that the mere act of turning on a computer, which caused the computer's operating system to be loaded from permanent storage to the computer's random access memory (RAM), constituted copyright infringement where the person turning on the computer was not licensed to use the operating system. The Ninth Circuit wrote that "[t]he representation created in the RAM 'is sufficiently permanent or stable to permit it to be perceived, reproduced, or otherwise communicated for a period of more than transitory duration.'" Because a copy of software is deemed to be created each time it is loaded into the temporary memory of a computer, copyright protection is maintained in data as it is transmitted over the Internet, on each computer through which it travels. Indeed, in Religious Technology Center v. Netcom On-Line Communication Services, Inc., the court wrote in dicta that Usenet postings of copyrighted works created "copies" under MAI Systems Corp. v. Peak Computer, Inc., (1) when automatically (and briefly) stored on a BBS computer and then (2) when automatically copied to an Internet access provider's computer and then (3) when automatically copied onto other computers on the Usenet. Under this analysis, hundreds of potentially infringing copies may be created as information travels over the Internet.

The MAI decision potentially places Service Providers at risk for significant liability for third-party infringement occurring online. In the Netcom On-Line Communication Services, Inc. case, the court suggested in dicta that an ISP might have a strong fair use defense if it were to be sued based on a temporary copy of an infringing work being automatically copied while in transit over the Internet. Courts have not actually ruled on this point, however, and the theoretical possibility that Service Providers could be held directly or vicariously liable for third-party acts of infringement that they neither knew about nor condoned is a significant concern to Service Providers-or, at least, it was a significant concern prior to enactment of the new statute.

The new statute provides greater certainty for Service Providers and immunizes them from the type of inadvertent liability which otherwise could arise by virtue of the nature of the Internet. The liability limitations created by the Digital Millennium Copyright Act only apply, however, when a Service Provider can meet multiple, specific requirements. Service Providers that fail to adopt new policies to comply with the new law, or whose policies do not meet all of the new technical requirements, will continue to risk liability under existing theories of direct, contributory and vicarious copyright liability.

III. OVERVIEW OF THE NEW LAW

The Online Copyright Infringement Liability Limitation Act incorporated as Title II of the Digital Millennium Copyright Act immunizes "Service Providers"-such as ISPs, search engines, and portals-from third-party liability for damages, costs, or attorney's fees under the Copyright Act, but only if an entity complies with a series of technical requirements. A Service Provider that satisfies three threshold prerequisites set forth in section 512(i) and additional specific conditions applicable to each new liability limitation may be entitled to immunity from copyright infringement liability for: (1) transmitting, routing, and providing connections to infringing material (or what the statute refers to as "transitory digital network communications"); (2) system caching; (3) information stored by a user (the "user storage" limitation); (4) linking or referring users to infringing material (the "information location tools" limitation); or for other types of liability that might result from the Service Provider (5) disabling access to or removing in good faith allegedly infringing material. Service Providers that qualify for any of the first four limitations also may be immune from injunctive relief, except in limited circumstances.

The Act applies to Service Providers, which is a term defined as entities that offer the transmission, routing, or provision of connections "for digital online communications, between or among points specified by a user, of material of the user's choosing, without modification to the content of the material sent or received;" or that provide "online services or network access," or operate facilities therefor. The term is thus broad enough to encompass the owners and operators of corporate intranets, university networks and interactive websites, in addition to the more traditional ISPs, OSPs and search engine firms that one might think of as "service providers."

To benefit from any of the five new liability limitations created by the Act, a Service Provider must meet three threshold requirements. It must adopt and implement a policy of terminating the accounts or subscriptions of repeat infringers; inform subscribers and account holders of this policy; and accommodate and not interfere with "standard technical measures." To benefit from three of the five limitations, Service Providers also will need to designate agents to receive notification of alleged acts of infringement and comply with specific rules governing notification, counter notification and procedures for removing or blocking access to (or replacing or restoring access to) content alleged to be infringing.

While the Act provides certain specific, narrow liability limitations, the legislative history makes clear that it is intended neither to create new liabilities for Service Providers (either directly, or by negative inference based on the limitations set forth in the statute), nor affect any defense to infringement which otherwise might exist for a Service Provider under the Copyright Act or case law, including defenses such as fair use or implied license.

Significantly, while the statute immunizes Service Providers from potential liability for third-party infringement, it does not limit the rights of a copyright owner or exclusive licensee to pursue the direct infringer for liability. Nor does the statute exempt Service Providers for their own acts of direct infringement (including the acts of their employees, except in limited circumstances where a Service Provider is also a Nonprofit Educational Institution) or prevent copyright owners or exclusive licensees from pursuing the Service Provider for damages caused by such acts.

To benefit from the new limitations, Service Providers must establish procedures for receiving and responding to third-party complaints of copyright infringement. Where an entity fails to meet the specific technical requirements of the statute, it may be subject to liability for direct or contributory copyright infringement or vicarious copyright liability under existing case law.

IV. PREREQUISITES FOR "SERVICE PROVIDER" ELIGIBILITY

A Service Provider's liability may only be limited under the Act if it first satisfies three threshold requirements set forth in 17 U.S.C. § 512(i). First, the Service Provider must have adopted and "reasonably implemented" a policy providing that it will terminate, "in appropriate circumstances," the accounts or subscriptions of "repeat infringers." Second, the Service Provider must inform its subscribers and account holders of its policy. Third, the Service Provider must accommodate and not interfere with "standard technical measures."

The legislative history does not shed light on what type of policy is required, what constitutes "appropriate circumstances" or "reasonable implementation" of the policy, or at what point a person or entity might be deemed to constitute a "repeat infringer." Presumably, these standards will be fleshed out in litigation.

At a minimum, Service Providers should post their policies prominently on their websites stating that the access of subscribers or account holders may be terminated if they post or make available infringing content. Providers that enter into contracts with customers or subscribers also should reference the policy in any new contracts and notify existing customers or subscribers by email, since existing customers otherwise may not check a Service Provider's website to determine if new terms and conditions have been adopted. Employers likewise should update their employee manuals or policy books to account for the new law.

Service Providers such as search engines or portals that may not have customers or subscribers who enter into formal contracts with them may find it advisable to post a notice on the homepage of their sites notifying visitors of a change in their policies. Alternatively, such Service Providers may find it desirable to develop an icon that they could post on their site evidencing their compliance with the provisions of section 512(i) (much in the same way that many sites display a special symbol to demonstrate their compliance with industry privacy standards).

Case law may establish that a Service Provider may satisfy its obligations to notify its subscribers and reasonably implement its policy by merely posting a notice on its website since copyright owners typically only search out a Service Provider's policy at the time they discover infringing material online and seek to have it removed. In the absence of judicial guidance, however, Service Providers may choose to formally notify existing customers and subscribers by email, in addition to posting prominent website notices for non-subscribers. Websites where visitors may freely access the site after initially completing a click-though agreement may want to automatically notify repeat visitors when they next visit the location, since they otherwise would likely be unaware of the change in policy. Service Providers which offer chat rooms or other locations where infringing content may be most likely to be posted by anonymous users also may want to consider providing notice via a pop-up box that could appear the first time a visitor enters after the new policy goes into effect.

Service Providers would "reasonably implement" their policies by investigating and-in "appropriate circumstances"-actually terminating the accounts (or blocking the access) of "repeat infringers." Service Providers should document and maintain records of all attempts to reasonably implement their policies so that they are not denied the benefits of the Act's liability limitations.

Service Providers also may opt to craft a specific warning to send to first-time offenders, as the term "repeat infringer" (which is not defined in the statute) likely means someone who has infringed a work on more than one occasion. This warning should advise an offender that its account or network access will be terminated if a second complaint is received. In cases where it is apparent that a subscriber or account holder is flagrantly violating the Copyright Act-such as where a person is using a site to upload infringing images from a magazine, protected software, or pirated videogames-it may be prudent for the Service Provider to simply terminate service at the time the infringement is first discovered. Except in cases where specific notification is received from a copyright owner, a Service Provider may freely terminate service to someone who it believes in good faith is engaged in acts of infringement. Moreover, when a Service Provider has reason to believe that infringing content may be online and fails to act it may be denied the benefit of the user storage and information location tools limitations. Finally, it may be advisable for Service Providers to take action against operators of websites that contain multiple infringing works because the term "repeat infringer" (which is not defined under the Act) could be construed to include someone whose website contains several infringing works.

Service Providers, as a prerequisite to being eligible to benefit from the new limitations, must accommodate and not interfere with "standard technical measures," which is defined in the Act as technical measures used by copyright owners to identify or protect their works. To qualify as a "standard technical measure," the technical measure must "have been developed pursuant to a broad consensus of copyright owners and service providers in an open, fair, voluntary, multi-industry standards process . . . ." In addition, the technical measure must be available to any person on reasonable and nondiscriminatory terms and must not impose substantial costs on Service Providers or substantially burden their systems or networks.

V. SPECIFIC LIABILITY LIMITATIONS

A. Transitory Digital Network Communications

A Service Provider that meets the threshold prerequisites for eligibility under the Act may, under certain circumstances, limit its liability for copyright infringement for "transmitting, routing, or providing connections for, material through a system or network controlled or operated by or for . . . [it,] or by reason of the intermediate or transient storage of that material in the course of such transmitting, routing, or providing connections . . . ." Although not discussed in the legislative history, this limitation is directed at the possibility that a "copy" for purposes of the Copyright Act may be created at multiple points over the Internet where a communication in transit may be made temporarily.

To qualify for this limitation, five conditions must be satisfied. First, an infringing transmission must have been initiated by or at the direction of a person other than the Service Provider. Second, the Service Provider's "transmission, routing, provision of connections, or storage" must have been carried out by "an automatic technical process without selection of the material by the service provider . . . . " Third, the Service Provider must not select the recipients of the material except "as an automatic response" to another person's request. Fourth, the Service Provider must not maintain any stored copy of the material on its system or network in a manner that would allow nonrecipients to access the copy or for longer than necessary to allow the Service Provider to transmit, route, or provide connections for the material. Fifth, the content must not have been modified while it was transmitted through the Service Provider's "system or network . . . ."

If a Service Provider initiates or modifies a transmission, stores it so that it becomes generally accessible or posts third-party content through a process involving some element of selection, presumably it will be unable to benefit from the liability limitation for transitory digital network communications. In short, the multi-part test created to evaluate whether a communication is genuinely transitory is directed specifically-and narrowly-at circumstances where liability could be imposed by virtue of MAI and its extension to the Internet.

B. System Caching

The Act, in certain circumstances, also limits the liability of a Service Provider (who otherwise meets the three general threshold requirements) for the intermediate and temporary storage of material on its system or network-commonly referred to as "system caching." This liability limitation is a logical compliment to the liability limitation created for transitory digital network communications, which only applies to the temporary storage of copyrighted material that occurs during transmission, routing, or provision of connections. Both limitations address the potential liability which could inadvertently be imposed on a Service Provider by virtue of the MAI case.

To limit the scope of the liability limitation for system caching, the Act includes eight specific requirements that must be met by a Service Provider which otherwise has met the three threshold pre-requisites for eligibility under the Act. The first four conditions are generally applicable, while the following four apply only to specific situations:

(1) The allegedly infringing material at issue in a given suit must have been uploaded or made available online by a person other than the Service Provider.

(2) The material must have been transmitted to a third party at the request of the third party-such as when a user calls up a website.

(3) The material must have been temporarily stored on the Service Provider's network "through an automatic technical process for the purpose of making the material available to users of the system or network . . ." who requested the material from the person who originally made the content available. In other words, the content must have been temporarily stored -- or an intermediate copy must have been made-as part of the technical process of transferring data from a location where it was originally stored (or transmitted from) to the computer of the person who is either the recipient of the email or listserv message (if the content traveled by email) or who directed their browser to a particular location on the web and thereby called up the information.

(4) The material must have been transmitted (by the Service Provider) to subsequent users without modification (i.e., in exactly the same form as when it was originally posted or transmitted).

(5) In making the temporary or intermediate copy, the Service Provider must have complied with "rules concerning the refreshing, reloading, or other updating of the material when specified by the person making the material available online in accordance with a generally accepted industry standard data communications protocol for the system or network through which that person makes the material available . . . "

(6) The Service Provider must not "interfere with the ability of technology associated with the material" that returns information to the party which originally posted or transmitted it (presumably such as cookies, which tell a website owner about visitors and allow site owners to customize the content they provide to specific users). This sixth requirement only applies, however, when the technology: (a) does not significantly interfere with the performance of the Service Provider's system or network or the intermediate storage of the material; (b) is consistent with generally accepted industry standard communications protocols; and (c) does not extract information from the Service Provider's system or network other than information that would otherwise have been available to the person who originally posted or transmitted the material, had subsequent users gained access to the material directly from that person.

(7) Where the party that originally posted, transmitted or made available the infringing content conditioned access to the material on payment of a fee or provision of a password or other similar requirements, the Service Provider must have permitted access to the stored material "in significant part" only to users of its system or network that complied with those conditions.

(8) Where infringing material has been posted without the authorization of the copyright owner, the Service Provider must respond "expeditiously" to remove, or disable access to, the material . . . upon notification . . . . " The notification required, Service Provider's response to notification and Service Provider's obligation to designate an agent are discussed below in section VI. This requirement only applies, however, if the material was previously removed from the site where it originated from (or access to that site has been disabled) or a court has ordered that the material be removed (or access be disabled) and the party giving notice includes a statement confirming these facts.

C. Information Residing on Systems or Networks at the Direction of Users

Service Providers that meet the threshold eligibility requirements likewise may avoid liability for material that is stored on their systems or networks at the direction of users if they can meet three additional requirements.

The first requirement mandates that a Service Provider either lacks knowledge of the infringement or took appropriate measures once it acquired such knowledge. This requirement essentially mandates that the Service Provider lacks either actual or imputed knowledge of the infringement or has taken steps to remedy the situation once it learns of the infringement and may be satisfied if the Service Provider: (1) does not have actual knowledge that material or an activity using the material is infringing; or (2) "in the absence of actual knowledge, is not aware of facts or circumstances from which the infringing activity is apparent . . . .;" or (3) upon learning of the infringement, acted "expeditiously to remove, or disable access to, the [offending] material . . . ."

The second requirement specifies that, when a Service Provider has the right and ability to control an infringing act, it must "not receive a benefit financially directly attributable to the infringing act." This requirement is based on the standard for imposing vicarious copyright liability. Although the statute does not clarify what is meant by a financial benefit "directly attributable to the infringing act," presumably the phrase could not be broadly interpreted to include the flat, monthly service fee charged by many Service Providers, because otherwise the requirement would be impossible for most commercial ISPs to meet.

The third requirement provides that a Service Provider must remove or disable access to infringing material upon receipt of proper "notification" (as defined under the statute). The requirements for sending and responding to notifications are separately addressed below in section VI. The fourth requirement-which mandates that a Service Provider designate an agent to receive notification of claimed acts of infringement and that it make available certain contact information about the designated agent on its website "in a location accessible to the public . . . " and in a required filing with the U.S. Copyright Office-likewise is addressed below in section VI.

D. Information Location Tools

A Service Provider which otherwise meets the general threshold requirements under the Act may not be held liable for infringement for linking or referring users to infringing material or activity by using "information location tools, including a directory, index, reference, pointer, or hypertext link . . . ." None of these terms are defined in the Act. Given how quickly technology and business models change online, Congress presumably intended the term "information location tool" to be broad enough to encompass future tools which would be akin to "a directory, index, reference, pointer, or hypertext link . . . ."

To qualify for the information location tools limitation, a Service Provider must meet the four requirements of the user storage limitation discussed above. Specifically, (1) a Service Provider must not have actual knowledge or awareness of the infringement or, if it has either, it must promptly remove or disable access to the infringing material; (2) where a Service Provider has the right and ability to control the infringing activity, it must not "receive a benefit financially directly attributable to the infringing activity . . . ;" (3) the Service Provider must remove or disable access to infringing material upon receipt of proper notification (as described below in section VI); and (4) designate an agent upon whom proper notification may be served.
E. Removing or Disabling Access to Material Believed to Be Infringing

A Service Provider that otherwise has met the threshold requirements set forth in section 512(i) may be entitled to a broad exemption for any good faith act to disable access to or remove material believed to be infringing (even where a formal notification has not been submitted). The Act immunizes Service Providers from liability

to any person for any claim based on the service provider's good faith disabling of access to, or removal of, material or activity claimed to be infringing or based on facts and circumstances from which infringing activity is apparent, regardless of whether the material or activity is ultimately determined to be infringing.

This provision, by its terms, contemplates actions undertaken by a Service Provider "based on facts and circumstances from which infringing activity is apparent . . . ," and is not limited to acts undertaken in response to "notifications." Thus, Service Providers may act on their own initiative or in response to customer or other third party complaints to remove or disable access to content believed to be infringing. Moreover, unlike the other four limitations set forth in the Act, the exemption provided for removing or disabling access to content applies to "any claim" and not merely claims for copyright infringement. Indeed, the only types of claims which conceivably could be made against a Service Provider for removing or blocking access to content are tort or contract claims which would not arise under the Copyright Act. In order to be effective (given the type of claims likely to be asserted), the exemption presumably also will be construed to preempt state law.

The one exception to the broad exemption provided for removing or blocking access to content arises when a Service Provider disables access to or removes the allegedly infringing material pursuant to a notification. Once a notification has been received, a Service Provider must comply with the specific requirements governing counter notification-which are discussed below-in order to avoid liability under this fifth exemption.

Whether content is removed or access blocked pursuant to the requirements for complying with notification or under the broad exemption afforded in other circumstances, the safe havens created under the Act apply regardless of whether the removed or disabled material is ultimately found to be infringing.

Although the new Act creates incentives for Service Providers to monitor and block content, they are not required to do so or to seek facts indicating infringing activity, except to the extent consistent with a "standard technical measure" (as defined above). In addition, a Service Provider is not required to disable access to or remove any material where doing so is prohibited by law.

VI. AGENT DESIGNATION, NOTIFICATION, AND COUNTER NOTIFICATION

A. Designation of An Agent

The caching, user storage, and information location tools limitations compel Service Providers to designate an agent to receive notifications. Where applicable, an agent also must transmit notifications to subscribers and receive and process counter notifications if a Service Provider seeks full exemption from any liability for removing or disabling access to subscriber content.

Service Providers must designate an agent to receive notification of claimed acts of infringement and make available certain contact information about the designated agent on their websites "in a location accessible to the public . . . " and in a required filing with the U.S. Copyright Office. The contact information must include the name, address, phone number, and email address of the designated agent, as well as any other information that the Register of Copyrights may require (including a registration fee to cover the cost of publishing and maintaining a current directory of agents, which must be made available in both hard copy and electronic formats and made available over the Internet). Interim regulation were issued by the Copyright Office on November 3, 1998 and are available on the Copyright Office website.

B. Notification

A notification must be "a written communication" directed to the Service Provider's designated agent. This requirement may be satisfied by an email message since the signature requirement (set forth below) allows for electronic, as well as physical, signatures.

In response to a notification, a Service Provider's obligations will vary depending on the type of infringement alleged. A Service Provider expeditiously must remove or disable access to allegedly infringing material that has been cached, but only if the material first was removed from the originating site (or access to it was blocked). A Service Provider likewise must respond expeditiously to remove or disable links or similar information location tools or material stored on its system or network by a user.

Under the statute, a notification must include:

(i) A physical or electronic signature of a person authorized to act on behalf of the copyright owner or exclusive licensee.

(ii) Identification of the copyrighted work claimed to be infringed. If a notice refers to multiple works posted at a single location, it is sufficient to include a representative list of works infringed at the site.

(iii) Identification of the material claimed to be infringing together with "information reasonably sufficient to permit the service provider to locate the material." For purposes of the information location tools limitation, the notification must also identify the reference or link to the material or activity claimed to be infringing and information "reasonably sufficient" to permit the Service Provider to locate the reference or link.

(iv) Information "reasonably sufficient" to permit the Service Provider to contact the complaining party. Such information may include the complaining party's address, telephone, or email address.

(v) A statement that the complaining party believes, in good faith, that the copyrighted material identified is being used in a manner that is not authorized by "the copyright owner, its agent, or the law."

(vi) A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

All six requirements do not necessarily have to be met for a particular notification to be considered proper. The Act merely requires "substantial" compliance with these requirements. While it is not clear what would constitute substantial compliance, a notification that only satisfies the second, third, and fourth requirements apparently is not sufficient, based on a later provision of the Act which refers to a notice that "fails to comply substantially with all the provisions of subparagraph (A) but substantially complies with clauses (ii), (iii), and (iv) . . . ." Congress thus apparently believed that some level of authentication was required for a notification to be in substantial compliance since elements (i), (v), and (vi) relate, respectively, to the requirements for signatures, a good faith statement that the material in question is infringing, verification of the accuracy of the notification and certification under penalty of perjury that the person lodging the complaint is authorized to do so.

A notification that is not a "written communication provided to the designated agent of a service provider" would be defective, although it is unclear whether a notice complying with all six content requirements would be found to be in substantial compliance if it was directed to someone other than the designated agent. Presumably, Congress would not have included the requirements for agent designation and the publication of lists of designated agents if the requirement that notice be provided to a designated agent was not considered to be important. Failure to submit notification to the particular designated agent identified in the Copyright Office's records therefore may make a notification fatally defective (at least absent evidence of actual receipt by the Service Provider).

The standard of mere substantial compliance ultimately obliges Service Providers to respond even to defective notices, rather than risk a later judicial determination that a nonconforming notice was in substantial compliance. A court generally may not consider whether a defective notice-which fails to comply substantially with the requirements of the Act-nonetheless gave a Service Provider actual notice within the meaning of the third (user storage) or fourth (information location tools) limitations. Where a defective notice provided to a Service Provider's designated agent substantially complies with requirements (ii), (iii), and (iv), however, the notice may be cited as evidence that the Service Provider had knowledge of the infringement unless, upon receipt of the defective notice, the Service Provider promptly attempted to contact the person who submitted it "or takes other reasonable steps" to obtain notification that substantially complies with the statutory requirements.
C. Counter Notification

Upon receipt of a notification, a Service Provider will be exempt from liability to its subscribers for its good faith removal of or disabling access to allegedly infringing content residing on its server at the direction of the subscriber. This exemption will only apply with respect to material residing at the direction of a subscriber, however, if the Service Provider "take[s] reasonable steps promptly to notify the subscriber that it has removed or disabled access to the material" and thereby allows the alleged infringer to respond to the notification. An infringer's response is referred to in the statute as a "counter notification."

Like a notification, a counter notification, to be considered proper, must be "a written communication provided to the service provider's designated agent . . . " and satisfy certain content requirements. Specifically, a counter notification must include:

(1) A physical or electronic signature of the alleged infringer;

(2) Identification of the material that was removed or disabled by the Service Provider and the location where the material appeared before it was removed or access to it was disabled;

(3) A statement under penalty of perjury that the alleged infringer has a good faith belief that the material at issue was mistakenly removed or misidentified; and

(4) The alleged infringer's name, address, and telephone number and a statement that the alleged infringer consents to the jurisdiction of the federal district court for the judicial district in which the address it provides is located and that it will accept service of process from the person who provided the original notification. If the alleged infringer is located outside the United States, the alleged infringer must include a statement that it consents to the jurisdiction of any U.S. federal district court in which the Service Provider may be found.

The counter notification-like the notification-need only "substantially" include the information required by the statute.

Upon receipt of a counter notification, a Service Provider must promptly provide the original complainant with a copy of the counter notification and inform her that it will replace the removed material or cease disabling access to it within ten business days. The original complainant must then file suit within the ten-day period to obtain a court order restraining the subscriber from engaging in infringing activity if it wants to prevent access to the material from being restored. Absent evidence that a lawsuit has been filed "seeking a court order to restrain the subscriber from engaging in infringing activity . . ." a Service Provider is required by the Act to "replac[e] the removed material and cease disabling access to it not less than 10, nor more than 14, business days following receipt of the counter notice . . . ." It is noteworthy that the statute merely requires notice of a court action being filed-rather than evidence that litigation has commenced or the entry of a court order-in order to trigger the Service Provider's obligation to maintain its blocking of the material.

The time frame contemplated by the statute may work to the potential disadvantage of complainants-especially when a complainant fails to react in "Internet time." Although there is no specific time period mandated for an alleged infringer to file a counter notification, once one is filed, Service Providers must notify complainants "promptly" of receipt of the counter notification, and must in any event restore access to the content within 10-14 business days absent receipt of notice from the original complainant that a lawsuit has been filed. Since the time period runs from the time a Service Provider receives the counter notification-rather than the time the counter notification is sent to or received by the original complainant-a Service Provider's delay in "promptly" transmitting the counter notification could be detrimental to a copyright owner. Therefore, it is essential that Service Providers forward counter notifications immediately to the complainant and complainants be prepared to initiate litigation immediately upon receiving a copy of a counter notification.

The procedures set forth in the act for notification and counter notification relieve Service Providers of any obligation to evaluate the merits of a dispute. To minimize the likelihood that fraudulent notifications or counter notifications would be filed, Congress provided that both complainants and alleged infringers would be subject to liability if they made material misrepresentations. Specifically, any person who "knowingly materially misrepresents" that material or activity is infringing or was removed or disabled by mistake or misidentification may be held liable for damages, including costs and attorneys' fees, in an action brought by an alleged infringer, a copyright owner or authorized licensee or a Service Provider injured by a Service Provider's reliance on the misrepresentation.

D. Subpoenas to Identify Infringers

A copyright owner or person authorized to act on the owner's behalf may request a clerk of "any United States district court" to issue a subpoena to a Service Provider requiring identification of an alleged infringer. Each request must include a copy of the notification, a proposed subpoena, and a sworn declaration stating that the copyright owner will only use the information obtained from the subpoena for protecting its rights under the Copyright Act.

If the request contains each of these elements and the notification is proper, a subpoena will issue. The subpoena will authorize and order the Service Provider to expeditiously disclose to the copyright owner (or person authorized by the copyright owner) information sufficient to identify the alleged infringer, to the extent that such information is available to the Service Provider. Upon receiving the subpoena, the Service Provider must "expeditiously" disclose the information required by the subpoena, notwithstanding any other provision of law and regardless of whether the Service Provider responds to the notification. To "the greatest extent practicable . . . ," the procedures for issuing, delivering and enforcing Service Provider subpoenas are to be governed by those provisions of the Federal Rules of Civil Procedure governing the issuance, service and enforcement of a subpoena duces tecum.

The special subpoena contemplated by section 512(h) most likely would issue in a lawsuit brought against an alleged infringer (either to obtain injunctive relief if a counter notification were filed or strictly for damages if no objection were raised to the original notification). The infringer initially would be sued by its fictitious or pseudonymous Internet identification. Upon the Service Provider's compliance with the terms of the subpoena, the copyright owner could then serve the alleged infringer and, if appropriate, amend its complaint to properly identify the alleged infringer.

VII. LIABILITY LIMITATION FOR NONPROFIT EDUCATION INSTITUTIONS

The Act creates an additional liability limitation for Service Providers that are also Nonprofit Education Institutions (NEIs) out of recognition that-according to the House Report-"the university environment is unique." In addition to the specific limitations created for all Service Providers, NEIs may benefit from special rules that may immunize universities for the infringing acts of faculty members or graduate students which otherwise might be imputed to an NEI, as employer, and prevent it from benefiting from the transitory digital network communications, system caching, or user storage limitations. As explained in the House Report,

Ordinarily, a service provider may fail to qualify for the liability limitations in Title II simply because the knowledge or actions of one of its employees may be imputed to it under basic principles of respondeat superior and agency law. The special relationship which exists between universities and their faculty members (and their graduate student employees) when they are engaged in teaching or research is different from the ordinary employer-employee relationship. Since independence-freedom of thought, word and action-is at the core of academic freedom, the actions of university faculty and graduate student teachers and researchers warrant special consideration . . . embodied in new . . . special rules . . . .

Under this special limitation, the acts or knowledge of a faculty member or graduate student will not be imputed to the "public or other nonprofit institution of higher education" that employs her if four specific criteria can be met. First, the "faculty member or graduate student" must be "an employee of such institution . . . performing a teaching or research function . . . ." Second, the faculty member's or graduate student's infringement must not involve the provision of online access to instructional materials that are or were required or recommended by that faculty member or graduate student within the proceeding three-year period for a course taught at the NEI. Third, the NEI must not have received more than two notifications (as defined in Section VI), which claim copyright infringement by such faculty member or graduate student, within the three-year period (provided such notifications do not contain material misrepresentations, as defined in section 512(f)). Fourth, the NEI must provide all users of its system or network with informational materials that accurately describe and promote compliance with U.S. copyright laws.

The legislative history emphasizes that the special limitation for NEIs does not apply "[w]hen the faculty member or the graduate student employee is performing a function other than teaching or research . . . ." For example, "exercising institutional administrative responsibilities, or . . . carrying out operational responsibilities that relate to the institution's function as a service provider" would not constitute exempt activities under the statute. Moreover, the House Report states that "the research must be a genuine academic exercise-i.e. a legitimate scholarly or scientific investigation or inquiry-rather than an activity which is claimed to be research but is undertaken as a pretext for engaging in infringing activity."

VIII. INJUNCTIVE RELIEF

The Act authorizes limited injunctive relief to deny access to infringers and block infringing content, both in the United States and overseas. Specifically, a court may grant only three specific forms of equitable relief against a Service Provider (other than a Service Provider that is also an NEI) which is otherwise immune from liability under the system caching, user storage, or information location tools limitations (i.e., limitations two through four):

(1) a court order restraining the Service Provider "from providing access to infringing material or activity residing at a particular site on the provider's system or network;"

(2) a court order requiring a particular infringer's account or subscription be terminated by the Service Provider in order to deny it access to the system or network; or

(3) such other injunctive relief as the court may consider necessary to prevent or restrain infringement of specific material at a particular online location "if such relief is the least burdensome to the service provider among the forms of relief comparably effective for that purpose."

By contrast, a court may only enjoin a Service Provider (that is not also an NEI) whose liability is otherwise limited under the transitory digital network communications limitation (i.e., limitation one) from providing access to a subscriber or account holder who is using the Service Provider's services to engage in infringing activity by terminating its account or restraining it from providing access (through reasonable steps to be specified in the court order) to infringing material at a particular online location outside the United States. This provision is significant for copyright owners, in that it specifically authorizes a court to compel a Service Provider subject to jurisdiction in the United States to block access to content which would be infringing under U.S. law, even though the content is located overseas in a country where it may not be deemed infringing under that country's laws or is located on a server owned by an entity which may be beyond the jurisdiction of a U.S. court.

In determining whether to grant injunctive relief against a Service Provider otherwise immune from liability, courts are directed to weigh several factors, including: (1) whether the order would significantly burden either the Service Provider or the operation of its system or network; (2) the magnitude of harm likely to be suffered by the copyright owner if steps are not taken to prevent or restrain the online infringement; (3) whether implementation of a proposed injunction would be technically feasible and effective and would not interfere with access to noninfringing material at other online locations; and (4) whether other less burdensome and comparably effective means of preventing or restraining access to the infringing material are available. These criteria generally are consistent with the standards for granting injunctive relief applied in the various federal circuits in copyright infringement lawsuits.

The Act provides that injunctive relief may only be granted where a Service Provider is given notice and the opportunity to appear, except for orders "ensuring the preservation of evidence or other orders having no material adverse effect on the operation of the service provider's communications network." The ability of third parties to obtain ex parte relief to preserve evidence will be a significant benefit to copyright owners given how quickly information may be removed online and how difficult it has proven on occasion to convince a judge of the technological reasons why a TRO must be granted in an Internet infringement case.

The considerations for granting injunctive relief and requirement for notice apply equally to Service Providers that are also NEIs, although the limitations on the specific forms of injunctive relief which may be granted (as set forth in section 512(j) and discussed in this section) do not apply to NEIs. Thus, broader injunctive relief may be obtained against NEIs, which is not unreasonable since their potential immunity from liability for monetary damages is greater than for other Service Providers.