Skip to content

Digg, AACS, and the Section 230 Safe Harbor

If were sued by AACS under the Digital Millennium Copyright Act for trafficking in technology used to circumvent technological protection measures, might Digg defend itself successfully under Section 230 of the Communications Decency Act?  Does the answer depend on whether the AACS encryption scheme is a TPM that constitutes an “access control” rather than a “copy control”?  Some tentative thoughts after the jump.

Section 230 provides a defense to liability, that is, a so-called safe harbor, for an “interactive computer service” accused of being legally liable for content posted to that service by one of its users.  The most important application of Section 230 has been in the defamation context.  Usenet providers, for example, are not liable for allegedly defamatory Usenet posts.(The following sentence was added to the initial post, for clarity:)  In this case, Digg would be accused of a form of DMCA “trafficking” consisting of hosting content submitted by its users; if Digg were accused of defamation, Section 230 would apply.

Congress, however, specifically exempted “intellectual property” from the scope of Section 230.  The statute, at section 230(e)(2), reads:  “Nothing in this section shall be construed to limit or expand any law pertaining to intellectual property.”  In the recent Ninth Circuit opinion in Perfect 10 v. CCBill, the court ruled:  “In the absence of a definition from Congress, we construe the term ‘intellectual property’ to mean ‘federal intellectual property.'”  The court seized on the federal / state distinction.  In that case, Section 230 immunized CCBill from state-based IP claims. 

Does Section 230(e)(2) cover the anticircumvention and anti-trafficking provisions of the DMCA?  Section 1201 of Title 17, the statute in question, is obviously federal.  What about the question that the Perfect 10 court did not address?  Is the DMCA an intellectual property statute?

For its part, Digg might point to expansive readings of the DMCA, such as Judge Kaplan’s district court opinion in Universal City Studios v. Reimerdes, which characterized the CSS system that managed playback of DVDs as an access control regime, and that distinguished the DMCA’s statutory scheme from the Copyright Act.  In other words, some caselaw can be read as interpreting the DMCA to create property rights in “access” that exist independent of the Copyright Act.  The Copyright Act is federal intellectual property; the DMCA, arguably (and to the extent that it creates this right in “access”) is not.  DMCA coverage of “copy control” TPMs would be a different matter, since that section (1201(b)) addresses circumventing a TPM that “effectively protects a right of a copyright owner under this title in a work.” 

AACS (or, more precisely, the AACS Licensing Administrator) has two arguments.  First, it might argue that its encryption scheme is a copy control measure, not an access control measure.  Second, if it holds to the position that the scheme is an access control measure, it might point to narrower readings of the DMCA such as Chamberlain Group v. Skylink and Lexmark v. Static Control Components, which suggest that DMCA liability, even for access controlling TPMs, is derivative of the scope of copyright.  The Federal Circuit wrote in Chamberlain Group:

The essence of the DMCA’s anticircumvention provisions is that §§ 1201(a),(b) establish causes of action for liability. They do not establish a new property right. The DMCA’s text indicates that circumvention is not infringement, 17 U.S.C. § 1201(c)(1) (“Nothing in this section shall affect rights, remedies, limitations, or defenses to copyright infringement, including fair use, under this title.”), and the statute’s structure makes the point even clearer. This distinction between property and liability is critical. Whereas copyrights, like patents, are property, liability protection from unauthorized circumvention merely creates a new cause of action under which a defendant may be liable.

Either way, therefore, the DMCA arguably is part of the federal copyright scheme, and part of the federal “intellectual property” that is excluded from Section 230 immunity.

Would Digg succeed?  My initial instinct is to be skeptical of the argument that I’ve sketched.  Still, an aggressive and creative lawyer might make something of it.  There is, one might say, “traditional” federal intellectual property, and then there is “new” stuff.  Given the First Amendment implications that seem to be drawn into this situation — as Ed Felten has noted, when can it be said that a number is “owned”? – that lawyer might find wisdom in Justice Ginsburg’s opaque statement at the conclusion of Eldred v. Reno:  “[W]hen, as in this case, Congress has not altered the traditional contours of copyright protection, further First Amendment scrutiny is unnecessary.”