Digital Millennium Copyright Act
  • 1 17 USC § 512 - Limitations on liability relating to material online

  • 2 17 USC § 1201 - Circumvention of copyright protection systems

  • 3 Anti-circumvention

    • 3.1 Universal City Studios, Inc. v. Corley, 273 F.3d 429 (2d Cir. 2001)

      1

      273 F.3d 429 (2nd Cir. 2001)

      2
      UNIVERSAL CITY STUDIOS, INC., PARAMOUNT PICTURES CORPORATION, METRO-GOLDWYN-MAYER STUDIOS INC., TRISTAR PICTURES, INC., COLUMBIA PICTURES INDUSTRIES, INC., TIME WARNER ENTERTAINMENT COMPANY, L.P., DISNEY ENTERPRISES INC., TWENTIETH CENTURY FOX FILM CORPORATION, PLAINTIFFS-APPELLEES,
      v.
      ERIC CORLEY, ALSO KNOWN AS EMMANUEL GOLDSTEIN, AND 2600 ENTERPRISES INC., DEFENDANTS-APPELLANTS,
      UNITED STATES OF AMERICA, INTERVENOR.
      3

      Docket No. 00-9185.
      UNITED STATES COURT OF APPEALS FOR THE SECOND CIRCUIT.
      Argued: May 1, 2001.
      Finally Submitted: May 30, 2001.
      Decided: November 28, 2001.

      4

      [433] Kathleen Sullivan, Stanford, Cal. (Martin Garbus, Edward Hernstadt, Frankfurt Garbus Kurnit Klein & Selz, New York, N.Y.; Cindy A. Cohn, Lee Tien, Robin Gross, Elec. Frontier Found., San Francisco, Cal., on the brief), for Defendants-Appellants.

      5

      Charles S. Sims, New York, N.Y. (Leon P. Gold, Jon A. Baumgarten, Carla M. Miller, Matthew J. Morris, Proskauer Rose, New York, N.Y., on the brief), for Plaintiffs-Appellees.

      6

      Daniel S. Alter, Asst. U.S. Atty., New York, N.Y. (Mary Jo White, U.S. Atty., Marla Alhadeff, Asst. U.S. Atty., New York, N.Y., on the brief), for Intervenor United States of America.

      7

      (Prof. Peter Jazsi, Wash. College of Law, American Univ., Wash., D.C.; Prof. Jessica Litman, Wayne State Univ., Detroit, Mich.; Prof. Pamela Samuelson, Univ. of Cal. at Berkeley, Berkeley, Cal.; Ann Beeson, Christopher Hansen, American Civil Liberties Union Foundation, New York, N.Y., submitted a brief in support of Defendants-Appellants, for amici curiae American Civil Liberties Union et al.).

      8

      (Andrew Grosso, Wash., D.C., submitted a brief in support of Defendants-Appellants for amicus curiae ACM Committee on Law and Computing Technology).

      9

      (James S. Tyre, Culver City, Cal., submitted a brief in support of Defendants-Appellants, for amici curiae Dr. Harold Abelson et al.).

      10

      (Edward A. Cavazos, Gavino Morin, Cavazos, Morin, Langenkamp & Ferraro, Austin, Tex., submitted a brief in support of Defendants-Appellants, for amici curiae Ernest Miller et al.).

      11

      (Arnold G. Rheinhold, Cambridge, Mass., submitted a brief amicus curiae in support of Defendant-Appellant 2600 Enterprises, Inc.).

      12

      [434] (Prof. Julie E. Cohen, Georgetown Univ. Law Center, Wash., D.C., submitted a brief in support of Defendants-Appellants, for amici curiae intellectual property law professors).

      13

      (Jennifer S. Granick, Stanford, Cal., submitted a brief in support of Defendants-Appellants, for amici curiae Dr. Steven Bellovin et al.).

      14

      (Prof. Yochai Benkler, N.Y. Univ. School of Law, New York, N.Y.; Prof. Lawrence Lessig, Stanford Law School, Stanford, Cal., submitted a brief amici curiae in support of Defendants-Appellants).

      15

      (David A. Greene, First Amendment Project, Oakland, Cal.; Jane E. Kirtley, Erik F. Ugland, Silha Center for the Study of Media Ethics and Law, Univ. of Minn., Minneapolis, Minn.; Milton Thurm, Thurm & Heller, New York, N.Y., submitted a brief in support of Defendants-Appellants, for amici curiae Online News Ass'n et al.).

      16

      (Prof. Rodney A. Smolla, Univ. of Richmond School of Law, Richmond Va., submitted a brief in support of Plaintiffs-Appellees, for amici curiae Prof. Erwin Chemerinsky et al.).

      17

      (David E. Kendall, Paul B. Gaffney, Williams & Connolly, Wash., D.C.; David M. Proper, National Football League and NFL Properties, New York, N.Y.; Thomas J. Ostertag, Office of the Commissioner of Baseball, New York, N.Y., submitted a brief in support of Plaintiff-Appellees, for amici curiae Recording Ind. Ass'n of Am. et al.).

      18

      (Jeffrey L. Kessler, Robert G. Sugarman, Geoffrey D. Berman, Weil, Gotshal & Manges Llp, New York, N.Y., submitted a brief in support of Plaintiffs-Appellees, for amicus curiae DVD Copy Control Ass'n, Inc.).

      19

      Before: Newman and Cabranes, Circuit Judges, and Thompson,[*] District Judge.

      20

      Jon O. Newman, Circuit Judge.

      21

      When the Framers of the First Amendment prohibited Congress from making any law "abridging the freedom of speech," they were not thinking about computers, computer programs, or the Internet. But neither were they thinking about radio, television, or movies. Just as the inventions at the beginning and middle of the 20th century presented new First Amendment issues, so does the cyber revolution at the end of that century. This appeal raises significant First Amendment issues concerning one aspect of computer technology—encryption to protect materials in digital form from unauthorized access. The appeal challenges the constitutionality of the Digital Millennium Copyright Act ("DMCA"), 17 U.S.C. § 1201 et seq. (Supp. V 1999) and the validity of an injunction entered to enforce the DMCA.

      22

      Defendant-Appellant Eric C. Corley and his company, 2600 Enterprises, Inc., (collectively "Corley," "the Defendants," or "the Appellants") appeal from the amended final judgment of the United States District Court for the Southern District of New York (Lewis A. Kaplan, District Judge), entered August 23, 2000, enjoining them from various actions concerning a decryption program known as "DeCSS." Universal City Studios, Inc. v. Reimerdes, 111 F. Supp. 2d 346 (S.D.N.Y. 2000) ("Universal II"). The injunction primarily bars the Appellants from posting DeCSS on their web site and from knowingly linking [435] their web site to any other web site on which DeCSS is posted. Id. at 346-47. We affirm.

      23
      Introduction
      24

      Understanding the pending appeal and the issues it raises requires some familiarity with technical aspects of computers and computer software, especially software called "digital versatile disks" or "DVDs," which are optical media storage devices currently designed to contain movies.[1] Those lacking such familiarity will be greatly aided by reading Judge Kaplan's extremely lucid opinion, Universal City Studios, Inc. v. Reimerdes, 111 F. Supp. 2d 294 (S.D.N.Y. 2000) ("Universal I"), beginning with his helpful section "The Vocabulary of this Case," id. at 305-09.

      25

      This appeal concerns the anti-trafficking provisions of the DMCA, which Congress enacted in 1998 to strengthen copyright protection in the digital age. Fearful that the ease with which pirates could copy and distribute a copyrightable work in digital form was overwhelming the capacity of conventional copyright enforcement to find and enjoin unlawfully copied material, Congress sought to combat copyright piracy in its earlier stages, before the work was even copied. The DMCA therefore backed with legal sanctions the efforts of copyright owners to protect their works from piracy behind digital walls such as encryption codes or password protections. In so doing, Congress targeted not only those pirates who would circumvent these digital walls (the "anti-circumvention provisions," contained in 17 U.S.C. § 1201(a)(1)), but also anyone who would traffic in a technology primarily designed to circumvent a digital wall (the "anti-trafficking provisions," contained in 17 U.S.C. § 1201(a)(2), (b)(1)).

      26

      Corley publishes a print magazine and maintains an affiliated web site geared towards "hackers," a digital-era term often applied to those interested in techniques for circumventing protections of computers and computer data from unauthorized access. The so-called hacker community includes serious computer-science scholars conducting research on protection techniques, computer buffs intrigued by the challenge of trying to circumvent access-limiting devices or perhaps hoping to promote security by exposing flaws in protection techniques, mischief-makers interested in disrupting computer operations, and thieves, including copyright infringers who want to acquire copyrighted material (for personal use or resale) without paying for it.

      27

      In November 1999, Corley posted a copy of the decryption computer program "DeCSS" on his web site, http://www.2600.com ("2600.com").[2] DeCSS is designed to circumvent "CSS," the encryption technology [436] that motion picture studios place on DVDs to prevent the unauthorized viewing and copying of motion pictures. Corley also posted on his web site links to other web sites where DeCSS could be found.

      28

      Plaintiffs-Appellees are eight motion picture studios that brought an action in the Southern District of New York seeking injunctive relief against Corley under the DMCA. Following a full non-jury trial, the District Court entered a permanent injunction barring Corley from posting DeCSS on his web site or from knowingly linking via a hyperlink to any other web site containing DeCSS. Universal II, 111 F. Supp. 2d at 346-47. The District Court rejected Corley's constitutional attacks on the statute and the injunction. Universal I, 111 F. Supp. 2d at 325-45.

      29

      Corley renews his constitutional challenges on appeal. Specifically, he argues primarily that: (1) the DMCA oversteps limits in the Copyright Clause on the duration of copyright protection; (2) the DMCA as applied to his dissemination of DeCSS violates the First Amendment because computer code is "speech" entitled to full First Amendment protection and the DMCA fails to survive the exacting scrutiny accorded statutes that regulate "speech"; and (3) the DMCA violates the First Amendment and the Copyright Clause by unduly obstructing the "fair use" of copyrighted materials. Corley also argues that the statute is susceptible to, and should therefore be given, a narrow interpretation that avoids alleged constitutional objections.

      30
      Background
      31

      For decades, motion picture studios have made movies available for viewing at home in what is called "analog" format. Movies in this format are placed on videotapes, which can be played on a video cassette recorder ("VCR"). In the early 1990s, the studios began to consider the possibility of distributing movies in digital form as well. Movies in digital form are placed on disks, known as DVDs, which can be played on a DVD player (either a stand-alone device or a component of a computer). DVDs offer advantages over analog tapes, such as improved visual and audio quality, larger data capacity, and greater durability. However, the improved quality of a movie in a digital format brings with it the risk that a virtually perfect copy, i.e., one that will not lose perceptible quality in the copying process, can be readily made at the click of a computer control and instantly distributed to countless recipients throughout the world over the Internet. This case arises out of the movie industry's efforts to respond to this risk by invoking the anti-trafficking provisions of the DMCA.

      32
      I. CSS
      33

      The movie studios were reluctant to release movies in digital form until they were confident they had in place adequate safeguards against piracy of their copyrighted movies. The studios took several steps to minimize the piracy threat. First, they settled on the DVD as the standard digital medium for home distribution of movies. The studios then sought an encryption scheme to protect movies on DVDs. They enlisted the help of members of the consumer electronics and computer industries, who in mid-1996 developed the Content Scramble System ("CSS"). CSS is an encryption scheme that employs an algorithm configured by a set of "keys" to encrypt a DVD's contents. The algorithm is a type of mathematical formula for transforming the contents of the movie file into gibberish; the "keys" are in actuality strings of 0's and 1's that serve as values for the mathematical formula. Decryption in the case of CSS requires a set of "player keys" [437] contained in compliant DVD players, as well as an understanding of the CSS encryption algorithm. Without the player keys and the algorithm, a DVD player cannot access the contents of a DVD. With the player keys and the algorithm, a DVD player can display the movie on a television or a computer screen, but does not give a viewer the ability to use the copy function of the computer to copy the movie or to manipulate the digital content of the DVD.

      34

      The studios developed a licensing scheme for distributing the technology to manufacturers of DVD players. Player keys and other information necessary to the CSS scheme were given to manufacturers of DVD players for an administrative fee. In exchange for the licenses, manufacturers were obliged to keep the player keys confidential. Manufacturers were also required in the licensing agreement to prevent the transmission of "CSS data" (a term undefined in the licensing agreement) from a DVD drive to any "internal recording device," including, presumably, a computer hard drive.

      35

      With encryption technology and licensing agreements in hand, the studios began releasing movies on DVDs in 1997, and DVDs quickly gained in popularity, becoming a significant source of studio revenue.[3] In 1998, the studios secured added protection against DVD piracy when Congress passed the DMCA, which prohibits the development or use of technology designed to circumvent a technological protection measure, such as CSS. The pertinent provisions of the DMCA are examined in greater detail below.

      36
      II. DeCSS
      37

      In September 1999, Jon Johansen, a Norwegian teenager, collaborating with two unidentified individuals he met on the Internet, reverse-engineered a licensed DVD player designed to operate on the Microsoft operating system, and culled from it the player keys and other information necessary to decrypt CSS. The record suggests that Johansen was trying to develop a DVD player operable on Linux, an alternative operating system that did not support any licensed DVD players at that time. In order to accomplish this task, Johansen wrote a decryption program executable on Microsoft's operating system.[4] That program was called, appropriately enough, "DeCSS."

      38

      If a user runs the DeCSS program (for example, by clicking on the DeCSS icon on a Microsoft operating system platform) with a DVD in the computer's disk drive, DeCSS will decrypt the DVD's CSS protection, allowing the user to copy the DVD's files and place the copy on the user's hard drive. The result is a very large computer file that can be played on a non-CSS-compliant player and copied, manipulated, and transferred just like any [438] other computer file.[5] DeCSS comes complete with a fairly user-friendly interface that helps the user select from among the DVD's files and assign the decrypted file a location on the user's hard drive. The quality of the resulting decrypted movie is "virtually identical" to that of the encrypted movie on the DVD. Universal I, 111 F. Supp. 2d at 308, 313. And the file produced by DeCSS, while large, can be compressed to a manageable size by a compression software called "DivX," available at no cost on the Internet. This compressed file can be copied onto a DVD, or transferred over the Internet (with some patience).[6]

      39

      Johansen posted the executable object code, but not the source code, for DeCSS on his web site. The distinction between source code and object code is relevant to this case, so a brief explanation is warranted. A computer responds to electrical charges, the presence or absence of which [439] is represented by strings of 1's and 0's. Strictly speaking, "object code" consists of those 1's and 0's. Trial Tr. at 759 (Testimony of Professor Edward Felton). While some people can read and program in object code, "it would be inconvenient, inefficient and, for most people, probably impossible to do so." Universal I, 111 F. Supp. 2d at 306. Computer languages have been written to facilitate program writing and reading. A program in such a computer language—BASIC, C, and Java are examples—is said to be written in "source code." Source code has the benefit of being much easier to read (by people) than object code, but as a general matter, it must be translated back to object code before it can be read by a computer. This task is usually performed by a program called a compiler. Since computer languages range in complexity, object code can be placed on one end of a spectrum, and different kinds of source code can be arrayed across the spectrum according to the ease with which they are read and understood by humans. See Trial Exhibits BBC (Declaration of David S. Touretzky), BBE (Touretzky Article: Source v. Object Code: A False Dichotomy). Within months of its appearance in executable form on Johansen's web site, DeCSS was widely available on the Internet, in both object code and various forms of source code. See Trial Exhibit CCN (Touretzky Article: Gallery of CSS Descramblers).

      40

      In November 1999, Corley wrote and placed on his web site, 2600.com, an article about the DeCSS phenomenon. His web site is an auxiliary to the print magazine, 2600: The Hacker Quarterly, which Corley has been publishing since 1984.[7] As the name suggests, the magazine is designed for "hackers," as is the web site. While the magazine and the web site cover some issues of general interest to computer users—such as threats to online privacy—the focus of the publications is on the vulnerability of computer security systems, and more specifically, how to exploit that vulnerability in order to circumvent the security systems. Representative articles explain how to steal an Internet domain name and how to break into the computer systems at Federal Express. Universal I, 111 F. Supp. 2d at 308-09.

      41

      Corley's article about DeCSS detailed how CSS was cracked, and described the movie industry's efforts to shut down web sites posting DeCSS. It also explained that DeCSS could be used to copy DVDs. At the end of the article, the Defendants posted copies of the object and source code of DeCSS. In Corley's words, he added the code to the story because "in a journalistic world, . . . [y]ou have to show your evidence . . . and particularly in the magazine that I work for, people want to see specifically what it is that we are referring to," including "what evidence . . . we have" that there is in fact technology that circumvents CSS. Trial Tr. at 823. Writing about DeCSS without including the DeCSS code would have been, to Corley, "analogous to printing a story about a picture and not printing the picture." Id. at 825. Corley also added to the article links that he explained would take the reader to other web sites where DeCSS could be found. Id. at 791, 826, 827, 848.

      42

      2600.com was only one of hundreds of web sites that began posting DeCSS near the end of 1999. The movie industry tried to stem the tide by sending cease-and-desist letters to many of these sites. These efforts met with only partial success; a number of sites refused to remove [440] DeCSS. In January 2000, the studios filed this lawsuit.[8]

      43
      III. The DMCA
      44

      The DMCA was enacted in 1998 to implement the World Intellectual Property Organization Copyright Treaty ("WIPO Treaty"), which requires contracting parties to "provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law." WIPO Treaty, Apr. 12, 1997, art. 11, S. Treaty Doc. No. 105-17 (1997), available at 1997 WL 447232. Even before the treaty, Congress had been devoting attention to the problems faced by copyright enforcement in the digital age. Hearings on the topic have spanned several years. See, e.g., WIPO Copyright Treaties Implementation Act and Online Copyright Liability Limitation Act: Hearing on H.R. 2281 and H.R. 2280 Before the Subcomm. on Courts and Intellectual Property of the House Comm. on the Judiciary, 105th Cong. (1997); NII Copyright Protection Act of 1995: Hearings on H.R. 2441 Before the Subcomm. on Courts and Intellectual Property of the House Comm. on the Judiciary, 104th Cong. (1996); NII Copyright Protection Act of 1995: Joint Hearing on H.R. 2441 and S. 1284 Before the Subcomm. on Courts and Intellectual Property of the House Comm. on the Judiciary and the Senate Comm. on the Judiciary, 104th Cong. (1995); H.R. Rep. No. 105-551 (1998); S. Rep. No. 105-190 (1998). This legislative effort resulted in the DMCA.

      45

      The Act contains three provisions targeted at the circumvention of technological protections. The first is subsection 1201(a)(1)(A), the anti-circumvention provision.[9] This provision prohibits a person from "circumvent[ing] a technological measure that effectively controls access to a work protected under [Title 17, governing copyright]." The Librarian of Congress is required to promulgate regulations every three years exempting from this subsection individuals who would otherwise be "adversely affected" in "their ability to make noninfringing uses." 17 U.S.C. § 1201(a)(1)(B)-(E).

      46

      The second and third provisions are subsections 1201(a)(2) and 1201(b)(1), the "anti-trafficking provisions." Subsection 1201(a)(2), the provision at issue in this case, provides:

      47

      No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that—

      (A) is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title;

      (B) has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or

      (C) is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing a technological measure [441] that effectively controls access to a work protected under this title.

      48

      Id. § 1201(a)(2). To "circumvent a technological measure" is defined, in pertinent part, as "to descramble a scrambled work . . . or otherwise to . . . bypass . . . a technological measure, without the authority of the copyright owner." Id. § 1201(a)(3)(A).

      49

      Subsection 1201(b)(1) is similar to subsection 1201(a)(2), except that subsection 1201(a)(2) covers those who traffic in technology that can circumvent "a technological measure that effectively controls access to a work protected under" Title 17, whereas subsection 1201(b)(1) covers those who traffic in technology that can circumvent "protection afforded by a technological measure that effectively protects a right of a copyright owner under" Title 17. Id. § 1201(a)(2), (b)(1) (emphases added). In other words, although both subsections prohibit trafficking in a circumvention technology, the focus of subsection 1201(a)(2) is circumvention of technologies designed to prevent access to a work, and the focus of subsection 1201(b)(1) is circumvention of technologies designed to permit access to a work but prevent copying of the work or some other act that infringes a copyright. See S. Rep. No. 105-190, at 11-12 (1998). Subsection 1201(a)(1) differs from both of these anti-trafficking subsections in that it targets the use of a circumvention technology, not the trafficking in such a technology.

      50

      The DMCA contains exceptions for schools and libraries that want to use circumvention technologies to determine whether to purchase a copyrighted product, 17 U.S.C. § 1201(d); individuals using circumvention technology "for the sole purpose" of trying to achieve "interoperability" of computer programs through reverse-engineering, id. § 1201(f); encryption research aimed at identifying flaws in encryption technology, if the research is conducted to advance the state of knowledge in the field, id. § 1201(g); and several other exceptions not relevant here.

      51

      The DMCA creates civil remedies, id. § 1203, and criminal sanctions, id. § 1204. It specifically authorizes a court to "grant temporary and permanent injunctions on such terms as it deems reasonable to prevent or restrain a violation." Id. § 1203(b)(1).

      52
      IV. Procedural History
      53

      Invoking subsection 1203(b)(1), the Plaintiffs sought an injunction against the Defendants, alleging that the Defendants violated the anti-trafficking provisions of the statute. On January 20, 2000, after a hearing, the District Court issued a preliminary injunction barring the Defendants from posting DeCSS. Universal City Studios, Inc. v. Reimerdes, 82 F. Supp. 2d 211 (S.D.N.Y. 2000).

      54

      The Defendants complied with the preliminary injunction, but continued to post links to other web sites carrying DeCSS, an action they termed "electronic civil disobedience." Universal I, 111 F. Supp. 2d at 303, 312. Under the heading "Stop the MPAA [(Motion Picture Association of America)]," Corley urged other web sites to post DeCSS lest "we . . . be forced into submission." Id. at 313.

      55

      The Plaintiffs then sought a permanent injunction barring the Defendants from both posting DeCSS and linking to sites containing DeCSS. After a trial on the merits, the Court issued a comprehensive opinion, Universal I, and granted a permanent injunction, Universal II.

      56

      The Court explained that the Defendants' posting of DeCSS on their web site clearly falls within section 1201(a)(2)(A) of the DMCA, rejecting as spurious their claim that CSS is not a technological measure that "effectively controls access to a [442] work" because it was so easily penetrated by Johansen, Universal I, 111 F. Supp. 2d at 318, and as irrelevant their contention that DeCSS was designed to create a Linux-platform DVD player, id. at 319. The Court also held that the Defendants cannot avail themselves of any of the DMCA's exceptions, id. at 319-22, and that the alleged importance of DeCSS to certain fair uses of encrypted copyrighted material was immaterial to their statutory liability, id. at 322-24. The Court went on to hold that when the Defendants "proclaimed on their own site that DeCSS could be had by clicking on the hyperlinks" on their site, they were trafficking in DeCSS, and therefore liable for their linking as well as their posting. Id. at 325.

      57

      Turning to the Defendants' numerous constitutional arguments, the Court first held that computer code like DeCSS is "speech" that is "protected" (in the sense of "covered") by the First Amendment, id. at 327, but that because the DMCA is targeting the "functional" aspect of that speech, id. at 328-29, it is "content neutral," id. at 329,[10] and the intermediate scrutiny of United States v. O'Brien, 391 U.S. 367, 377 (1968), applies, Universal I, 111 F. Supp. 2d at 329-30. The Court concluded that the DMCA survives this scrutiny, id. at 330-33, and also rejected prior restraint, overbreadth, and vagueness challenges, id. at 333-39.

      58

      The Court upheld the constitutionality of the DMCA's application to linking on similar grounds: linking, the Court concluded, is "speech," but the DMCA is content-neutral, targeting only the functional components of that speech. Therefore, its application to linking is also evaluated under O'Brien, and, thus evaluated, survives intermediate scrutiny. However, the Court concluded that a blanket proscription on linking would create a risk of chilling legitimate linking on the web. The Court therefore crafted a restrictive test for linking liability (discussed below) that it believed sufficiently mitigated that risk. The Court then found its test satisfied in this case. Id. at 339-41.

      59

      Finally, the Court concluded that an injunction was highly appropriate in this case. The Court observed that DeCSS was harming the Plaintiffs, not only because they were now exposed to the possibility of piracy and therefore were obliged to develop costly new safeguards for DVDs, but also because, even if there was only indirect evidence that DeCSS availability actually facilitated DVD piracy,[11] the threat of piracy was very real, particularly as Internet transmission speeds continue to increase. Id. at 314-15, 342. Acknowledging that DeCSS was (and still is) widely available on the Internet, the Court expressed confidence in

      60

      the likelihood . . . that this decision will serve notice on others that "the strong right arm of equity" may be brought to bear against them absent a change in their conduct and thus contribute to a climate of appropriate respect for intellectual property rights in an age in which the excitement of ready access to [443] untold quantities of information has blurred in some minds the fact that taking what is not yours and not freely offered to you is stealing.

      61

      Id. at 345.

      62

      The Court's injunction barred the Defendants from: "posting on any Internet web site" DeCSS; "in any other way . . . offering to the public, providing, or otherwise trafficking in DeCSS"; violating the anti-trafficking provisions of the DMCA in any other manner, and finally "knowingly linking any Internet web site operated by them to any other web site containing DeCSS, or knowingly maintaining any such link, for the purpose of disseminating DeCSS." Universal II, 111 F. Supp. 2d at 346-47.

      63

      The Appellants have appealed from the permanent injunction. The United States has intervened in support of the constitutionality of the DMCA. We have also had the benefit of a number of amicus curiae briefs, supporting and opposing the District Court's judgment. After oral argument, we invited the parties to submit responses to a series of specific questions, and we have received helpful responses.

      64
      Discussion
      65
      I. Narrow Construction to Avoid Constitutional Doubt
      66

      The Appellants first argue that, because their constitutional arguments are at least substantial, we should interpret the statute narrowly so as to avoid constitutional problems. They identify three different instances of alleged ambiguity in the statute that they claim provide an opportunity for such a narrow interpretation.

      67

      First, they contend that subsection 1201(c)(1), which provides that "[n]othing in this section shall affect rights, remedies, limitations or defenses to copyright infringement, including fair use, under this title," can be read to allow the circumvention of encryption technology protecting copyrighted material when the material will be put to "fair uses" exempt from copyright liability.[12] We disagree that subsection 1201(c)(1) permits such a reading. Instead, it clearly and simply clarifies that the DMCA targets the circumvention of digital walls guarding copyrighted material (and trafficking in circumvention tools), but does not concern itself with the use of those materials after circumvention has occurred. Subsection 1201(c)(1) ensures that the DMCA is not read to prohibit the "fair use" of information just because that information was obtained in a manner made illegal by the DMCA. The Appellants' much more expansive interpretation of subsection 1201(c)(1) is not only outside the range of plausible readings of the provision, but is also clearly refuted by the statute's legislative history.[13] See Commodity Futures Trading [444] Commission v. Schor, 478 U.S. 833, 841 (1986) (constitutional doubt canon "does not give a court the prerogative to ignore the legislative will").

      68

      Second, the Appellants urge a narrow construction of the DMCA because of subsection 1201(c)(4), which provides that "[n]othing in this section shall enlarge or diminish any rights of free speech or the press for activities using consumer electronics, telecommunications, or computing products." This language is clearly precatory: Congress could not "diminish" constitutional rights of free speech even if it wished to, and the fact that Congress also expressed a reluctance to "enlarge" those rights cuts against the Appellants' effort to infer a narrowing construction of the Act from this provision.

      69

      Third, the Appellants argue that an individual who buys a DVD has the "authority of the copyright owner" to view the DVD, and therefore is exempted from the DMCA pursuant to subsection 1201(a)(3)(A) when the buyer circumvents an encryption technology in order to view the DVD on a competing platform (such as Linux). The basic flaw in this argument is that it misreads subsection 1201(a)(3)(A). That provision exempts from liability those who would "decrypt" an encrypted DVD with the authority of a copyright owner, not those who would "view" a DVD with the authority of a copyright owner.[14] In any event, the Defendants offered no evidence that the Plaintiffs have either explicitly or implicitly authorized DVD buyers to circumvent encryption technology to support use on multiple platforms.[15]

      70

      We conclude that the anti-trafficking and anti-circumvention provisions of the DMCA are not susceptible to the narrow interpretations urged by the Appellants. We therefore proceed to consider the Appellants' constitutional claims.

      71
      II. Constitutional Challenge Based on the Copyright Clause
      72

      In a footnote to their brief, the Appellants appear to contend that the DMCA, as construed by the District Court, exceeds the constitutional authority [445] of Congress to grant authors copyrights for a "limited time," U.S. Const. art. I, § 8, cl. 8, because it "empower[s] copyright owners to effectively secure perpetual protection by mixing public domain works with copyrighted materials, then locking both up with technological protection measures." Brief for Appellants at 42 n.30. This argument is elaborated in the amici curiae brief filed by Prof. Julie E. Cohen on behalf of herself and 45 other intellectual property law professors. See also David Nimmer, A Riff on Fair Use in the Digital Millennium Copyright Act, 148 U. Pa. L. Rev. 673, 712 (2000). For two reasons, the argument provides no basis for disturbing the judgment of the District Court.

      73

      First, we have repeatedly ruled that arguments presented to us only in a footnote are not entitled to appellate consideration. Concourse Rehabilitation & Nursing Center Inc. v. DeBuono, 179 F.3d 38, 47 (2d Cir. 1999); United States v. Mapp, 170 F.3d 328, 333 n.8 (2d Cir. 1999); United States v. Restrepo, 986 F.2d 1462, 1463 (2d Cir. 1993). Although an amicus brief can be helpful in elaborating issues properly presented by the parties, it is normally not a method for injecting new issues into an appeal, at least in cases where the parties are competently represented by counsel. See, e.g., Concourse Center, 179 F.3d at 47.

      74

      Second, to whatever extent the argument might have merit at some future time in a case with a properly developed record, the argument is entirely premature and speculative at this time on this record. There is not even a claim, much less evidence, that any Plaintiff has sought to prevent copying of public domain works, or that the injunction prevents the Defendants from copying such works. As Judge Kaplan noted, the possibility that encryption would preclude access to public domain works "does not yet appear to be a problem, although it may emerge as one in the future." Universal I, 111 F. Supp. 2d at 338 n.245.

      75
      III. Constitutional Challenges Based on the First Amendment
      76
      A. Applicable Principles
      77

      Last year, in one of our Court's first forays into First Amendment law in the digital age, we took an "evolutionary" approach to the task of tailoring familiar constitutional rules to novel technological circumstances, favoring "narrow" holdings that would permit the law to mature on a "case-by-case" basis. See Name.Space, Inc. v. Network Solutions, Inc., 202 F.3d 573, 584 n.11 (2d Cir. 2000). In that spirit, we proceed, with appropriate caution, to consider the Appellants' First Amendment challenges by analyzing a series of preliminary issues the resolution of which provides a basis for adjudicating the specific objections to the DMCA and its application to DeCSS. These issues, which we consider only to the extent necessary to resolve the pending appeal, are whether computer code is speech, whether computer programs are speech, the scope of First Amendment protection for computer code, and the scope of First Amendment protection for decryption code. Based on our analysis of these issues, we then consider the Appellants' challenge to the injunction's provisions concerning posting and linking.

      78
      1. Code as Speech
      79

      Communication does not lose constitutional protection as "speech" simply because it is expressed in the language of computer code. Mathematical formulae and musical scores are written in "code," i.e., symbolic notations not comprehensible to the uninitiated, and yet both are covered by the First Amendment. If someone [446] chose to write a novel entirely in computer object code by using strings of 1's and 0's for each letter of each word, the resulting work would be no different for constitutional purposes than if it had been written in English. The "object code" version would be incomprehensible to readers outside the programming community (and tedious to read even for most within the community), but it would be no more incomprehensible than a work written in Sanskrit for those unversed in that language. The undisputed evidence reveals that even pure object code can be, and often is, read and understood by experienced programmers. And source code (in any of its various levels of complexity) can be read by many more. See Universal I, 111 F. Supp. 2d at 326. Ultimately, however, the ease with which a work is comprehended is irrelevant to the constitutional inquiry. If computer code is distinguishable from conventional speech for First Amendment purposes, it is not because it is written in an obscure language. See Junger v. Daley, 209 F.3d 481, 484 (6th Cir. 2000).

      80
      2. Computer Programs as Speech
      81

      Of course, computer code is not likely to be the language in which a work of literature is written. Instead, it is primarily the language for programs executable by a computer. These programs are essentially instructions to a computer. In general, programs may give instructions either to perform a task or series of tasks when initiated by a single (or double) click of a mouse or, once a program is operational ("launched"), to manipulate data that the user enters into the computer.[16] Whether computer code that gives a computer instructions is "speech" within the meaning of the First Amendment requires consideration of the scope of the Constitution's protection of speech.

      82

      The First Amendment provides that "Congress shall make no law . . . abridging the freedom of speech. . . ." U.S. Const. amend. I. "Speech" is an elusive term, and judges and scholars have debated its bounds for two centuries. Some would confine First Amendment protection to political speech. E.g., Robert Bork, Neutral Principles and Some First Amendment Problems, 47 Ind. L.J. 1 (1971). Others would extend it further to artistic expression. E.g., Marci A. Hamilton, Art Speech, 49 Vand. L. Rev. 73 (1996).

      83

      Whatever might be the merits of these and other approaches, the law has not been so limited. Even dry information, devoid of advocacy, political relevance, or artistic expression, has been accorded First Amendment protection. See Miller v. California, 413 U.S. 15, 34 (1973) ("The First Amendment protects works which, taken as a whole, have serious literary, artistic, political, or scientific value. . . ." (emphasis added)); Roth v. United States, 354 U.S. 476, 484 (1957) (First Amendment embraces "[a]ll ideas having even the slightest redeeming social importance," including the "'advancement of truth, science, morality, and arts in general.'" (quoting 1 Journals of the Continental Congress 108 (1774))); Board of Trustees of Stanford University v. Sullivan, 773 F. Supp. 472, 474 (D.D.C. 1991) ("It is . . . settled . . . that the First Amendment protects scientific expression and debate just [447] as it protects political and artistic expression."); see also Kent Greenawalt, Speech, Crime and the Uses of Language 85 (1989) ("[A]ssertions of fact generally fall within a principle of freedom of speech. . . ."); cf. Virginia State Board of Pharmacy v. Virginia Citizens Consumer Council, Inc., 425 U.S. 748, 763 (1976) ("prescription drug price information" is "speech" because a consumer's interest in "the free flow of commercial information" may be "keener by far" than "his interest in the day's most urgent political debate").

      84

      Thus, for example, courts have subjected to First Amendment scrutiny restrictions on the dissemination of technical scientific information, United States v. Progressive, Inc., 467 F. Supp. 990 (W.D. Wis. 1979), and scientific research, Stanford University, 773 F. Supp. at 473, and attempts to regulate the publication of instructions,[17] see, e.g., United States v. Raymond, 228 F.3d 804, 815 (7th Cir. 2000) (First Amendment does not protect instructions for violating the tax laws); United States v. Dahlstrom, 713 F.2d 1423, 1428 (9th Cir. 1983) (same); Herceg v. Hustler Magazine, Inc., 814 F.2d 1017, 1020-25 (5th Cir. 1987) (First Amendment protects instructions for engaging in a dangerous sex act); United States v. Featherston, 461 F.2d 1119, 1122-23 (5th Cir. 1972) (First Amendment does not protect instructions for building an explosive device); see also Bernstein v. United States Department of State, 922 F. Supp. 1426, 1435 (N.D. Cal. 1996) ("Instructions, do-it-yourself manuals, [and] recipes" are all "speech").[18]

      85

      Computer programs are not exempted from the category of First Amendment speech simply because their instructions require use of a computer. A recipe is no less "speech" because it calls for the use of an oven, and a musical score is no less "speech" because it specifies performance on an electric guitar. Arguably distinguishing computer programs from conventional language instructions is the fact that programs are executable on a computer. But the fact that a program has the capacity to direct the functioning of a computer does not mean that it lacks the additional capacity to convey information, and it is the conveying of information that renders instructions "speech" for purposes of the First Amendment.[19] The information [448] conveyed by most "instructions" is how to perform a task.

      86

      Instructions such as computer code, which are intended to be executable by a computer, will often convey information capable of comprehension and assessment by a human being.[20] A programmer reading a program learns information about instructing a computer, and might use this information to improve personal programming skills and perhaps the craft of programming. Moreover, programmers communicating ideas to one another almost inevitably communicate in code, much as musicians use notes.[21] Limiting First Amendment protection of programmers to descriptions of computer code (but not the code itself) would impede discourse among computer scholars,[22] just as limiting protection for musicians to descriptions of musical scores (but not sequences of notes) would impede their exchange of ideas and expression. Instructions that communicate information comprehensible to a human qualify as speech whether the instructions are designed for execution by a computer or a human (or both).

      87

      Vartuli is not to the contrary. The defendants in Vartuli marketed a software program called "Recurrence," which would tell computer users when to buy or sell currency futures contracts if their computers were fed currency market rates. The Commodity Futures Trading Commission charged the defendants with violating federal law for, among other things, failing to register as commodity trading advisors for their distribution of the Recurrence software. The defendants maintained that Recurrence's cues to users to buy or sell were protected speech, and that the registration requirement as applied to Recurrence was a constitutionally suspect prior restraint. We rejected the defendants' constitutional claim, holding that Recurrence "in the form it was sold and marketed by the defendants" did not generate speech protected by the First Amendment. Vartuli, 228 F.3d at 111.

      88

      [449] Essential to our ruling in Vartuli was the manner in which the defendants marketed the software and intended that it be used: the defendants told users of the software to follow the software's cues "with no second-guessing," id., and intended that users follow Recurrence's commands "mechanically" and "without the intercession of the mind or the will of the recipient," id. We held that the values served by the First Amendment were not advanced by these instructions, even though the instructions were expressed in words. Id. We acknowledged that some users would, despite the defendants' marketing, refuse to follow Recurrence's cues mechanically but instead would use the commands as a source of information and advice, and that, as to these users, Recurrence's cues might very "well have been 'speech.'" Id. at 111-12. Nevertheless, we concluded that the Government could require registration for Recurrence's intended use because such use was devoid of any constitutionally protected speech. Id. at 112.

      89

      Vartuli considered two ways in which a programmer might be said to communicate through code: to the user of the program (not necessarily protected) and to the computer (never protected).[23] However, this does not mean that Vartuli denied First Amendment protection to all computer programs. Since Vartuli limited its constitutional scrutiny to the code "as marketed," i.e., as an automatic trading system, it did not have occasion to consider a third manner in which a programmer might communicate through code: to another programmer.

      90

      For all of these reasons, we join the other courts that have concluded that computer code, and computer programs constructed from code can merit First Amendment protection, see Junger, 209 F.3d at 484;[24] Bernstein, 922 F. Supp. at 1434-36; see also Bernstein, 176 F.3d at 1140-41; Karn v. United States Department of State, 925 F. Supp. 1, 9-10 (D.D.C. 1996) (assuming, without deciding, that source code with English comments interspersed throughout is "speech"), although the scope of such protection remains to be determined.

      91
      3. The Scope of First Amendment Protection for Computer Code
      92

      Having concluded that computer code conveying information is "speech" [450] within the meaning of the First Amendment, we next consider, to a limited extent, the scope of the protection that code enjoys. As the District Court recognized, Universal I, 111 F. Supp. 2d at 327, the scope of protection for speech generally depends on whether the restriction is imposed because of the content of the speech. Content-based restrictions are permissible only if they serve compelling state interests and do so by the least restrictive means available. See Sable Communications of California, Inc. v. FCC, 492 U.S. 115, 126 (1989). A content-neutral restriction is permissible if it serves a substantial governmental interest, the interest is unrelated to the suppression of free expression, and the regulation is narrowly tailored, which "in this context requires . . . that the means chosen do not 'burden substantially more speech than is necessary to further the government's legitimate interests.'" Turner Broadcasting System, Inc. v. FCC, 512 U.S. 622, 662 (1994) (quoting Ward v. Rock Against Racism, 491 U.S. 781, 799 (1989)).[25]

      93

      "[G]overnment regulation of expressive activity is 'content neutral' if it is justified without reference to the content of regulated speech." Hill v. Colorado, 530 U.S. 703, 720 (2000). "The government's purpose is the controlling consideration. A regulation that serves purposes unrelated to the content of expression is deemed neutral, even if it has an incidental effect on some speakers or messages but not others." Ward, 491 U.S. at 791. The Supreme Court's approach to determining content-neutrality appears to be applicable whether what is regulated is expression, see id. at 791-93 (regulation of volume of music), conduct, see O'Brien, 391 U.S. at 377, or any "activity" that can be said to combine speech and non-speech elements, see Spence v. Washington, 418 U.S. 405, 410-11 (1974) (applying O'Brien to "activity" of displaying American flag hung upside down and decorated with a peace symbol).

      94

      To determine whether regulation of computer code is content-neutral, the initial inquiry must be whether the regulated activity is "sufficiently imbued with elements of communication to fall within the scope of the First . . . Amendment[]." Id. at 409; see also Name.Space, 202 F.3d at 585. Computer code, as we have noted, often conveys information comprehensible to human beings, even as it also directs a computer to perform various functions. Once a speech component [451] is identified, the inquiry then proceeds to whether the regulation is "justified without reference to the content of regulated speech." Hill, 530 U.S. at 720.

      95

      The Appellants vigorously reject the idea that computer code can be regulated according to any different standard than that applicable to pure speech, i.e., speech that lacks a nonspeech component. Although recognizing that code is a series of instructions to a computer, they argue that code is no different, for First Amendment purposes, than blueprints that instruct an engineer or recipes that instruct a cook. See Supplemental Brief for Appellants at 2, 3.[26] We disagree. Unlike a blueprint or a recipe, which cannot yield any functional result without human comprehension of its content, human decision-making, and human action, computer code can instantly cause a computer to accomplish tasks and instantly render the results of those tasks available throughout the world via the Internet. The only human action required to achieve these results can be as limited and instantaneous as a single click of a mouse. These realities of what code is and what its normal functions are require a First Amendment analysis that treats code as combining nonspeech and speech elements, i.e., functional and expressive elements. See Red Lion Broadcasting Co. v. FCC, 395 U.S. 367, 386 (1969) ("[D]ifferences in the characteristics of new media justify differences in the First Amendment standards applied to them." (footnote omitted)).

      96

      We recognize, as did Judge Kaplan, that the functional capability of computer code cannot yield a result until a human being decides to insert the disk containing the code into a computer and causes it to perform its function (or programs a computer to cause the code to perform its function). Nevertheless, this momentary intercession of human action does not diminish the nonspeech component of code, nor render code entirely speech, like a blueprint or a recipe. Judge Kaplan, in a passage that merits extensive quotation, cogently explained why this is especially so with respect to decryption code:

      97

      [T]he focus on functionality in order to determine the level of scrutiny is not an inevitable consequence of the speech-conduct distinction. Conduct has immediate effects on the environment. Computer code, on the other hand, no matter how functional, causes a computer to perform the intended operations only if someone uses the code to do so. Hence, one commentator, in a thoughtful article, has maintained that functionality is really "a proxy for effects or harm" and that its adoption as a determinant of the level of scrutiny slides over questions of causation that intervene between the dissemination of a computer program and any harm caused by its use.

      The characterization of functionality as a proxy for the consequences of use is accurate. But the assumption that the chain of causation is too attenuated to justify the use of functionality to determine the level of scrutiny, at least in this context, is not.

      Society increasingly depends upon technological means of controlling access to digital files and systems, whether they are military computers, bank records, academic records, copyrighted works or something else entirely. There are far too many who, given any opportunity, will bypass security measures, [452] some for the sheer joy of doing it, some for innocuous reasons, and others for more malevolent purposes. Given the virtually instantaneous and worldwide dissemination widely available via the Internet, the only rational assumption is that once a computer program capable of bypassing such an access control system is disseminated, it will be used. And that is not all.

      There was a time when copyright infringement could be dealt with quite adequately by focusing on the infringing act. If someone wished to make and sell high quality but unauthorized copies of a copyrighted book, for example, the infringer needed a printing press. The copyright holder, once aware of the appearance of infringing copies, usually was able to trace the copies up the chain of distribution, find and prosecute the infringer, and shut off the infringement at the source.

      In principle, the digital world is very different. Once a decryption program like DeCSS is written, it quickly can be sent all over the world. Every recipient is capable not only of decrypting and perfectly copying plaintiffs' copyrighted DVDs, but also of retransmitting perfect copies of DeCSS and thus enabling every recipient to do the same. They likewise are capable of transmitting perfect copies of the decrypted DVD. The process potentially is exponential rather than linear.

      . . . . .

      These considerations drastically alter consideration of the causal link between dissemination of computer programs such as this and their illicit use. Causation in the law ultimately involves practical policy judgments. Here, dissemination itself carries very substantial risk of imminent harm because the mechanism is so unusual by which dissemination of means of circumventing access controls to copyrighted works threatens to produce virtually unstoppable infringement of copyright. In consequence, the causal link between the dissemination of circumvention computer programs and their improper use is more than sufficiently close to warrant selection of a level of constitutional scrutiny based on the programs' functionality.

      98

      Universal I, 111 F. Supp. 2d at 331-32 (footnotes omitted). The functionality of computer code properly affects the scope of its First Amendment protection.

      99
      4. The Scope of First Amendment Protection for Decryption Code
      100

      In considering the scope of First Amendment protection for a decryption program like DeCSS, we must recognize that the essential purpose of encryption code is to prevent unauthorized access. Owners of all property rights are entitled to prohibit access to their property by unauthorized persons. Homeowners can install locks on the doors of their houses. Custodians of valuables can place them in safes. Stores can attach to products security devices that will activate alarms if the products are taken away without purchase. These and similar security devices can be circumvented. Burglars can use skeleton keys to open door locks. Thieves can obtain the combinations to safes. Product security devices can be neutralized.

      101

      Our case concerns a security device, CSS computer code, that prevents access by unauthorized persons to DVD movies. The CSS code is embedded in the DVD movie. Access to the movie cannot be obtained unless a person has a device, a licensed DVD player, equipped with computer code capable of decrypting the CSS encryption code. In its basic function, [453] CSS is like a lock on a homeowner's door, a combination of a safe, or a security device attached to a store's products.

      102

      DeCSS is computer code that can decrypt CSS. In its basic function, it is like a skeleton key that can open a locked door, a combination that can open a safe, or a device that can neutralize the security device attached to a store's products.[27] DeCSS enables anyone to gain access to a DVD movie without using a DVD player.

      103

      The initial use of DeCSS to gain access to a DVD movie creates no loss to movie producers because the initial user must purchase the DVD. However, once the DVD is purchased, DeCSS enables the initial user to copy the movie in digital form and transmit it instantly in virtually limitless quantity, thereby depriving the movie producer of sales. The advent of the Internet creates the potential for instantaneous worldwide distribution of the copied material.

      104

      At first glance, one might think that Congress has as much authority to regulate the distribution of computer code to decrypt DVD movies as it has to regulate distribution of skeleton keys, combinations to safes, or devices to neutralize store product security devices. However, despite the evident legitimacy of protection against unauthorized access to DVD movies, just like any other property, regulation of decryption code like DeCSS is challenged in this case because DeCSS differs from a skeleton key in one important respect: it not only is capable of performing the function of unlocking the encrypted DVD movie, it also is a form of communication, albeit written in a language not understood by the general public. As a communication, the DeCSS code has a claim to being "speech," and as "speech," it has a claim to being protected by the First Amendment. But just as the realities of what any computer code can accomplish must inform the scope of its constitutional protection, so the capacity of a decryption program like DeCSS to accomplish unauthorized—indeed, unlawful—access to materials in which the Plaintiffs have intellectual property rights must inform and limit the scope of its First Amendment protection. Cf. Red Lion, 395 U.S. at 386 ("[D]ifferences in the characteristics of new media justify differences in the First Amendment standards applied to them.").

      105

      With all of the foregoing considerations in mind, we next consider the Appellants' First Amendment challenge to the DMCA as applied in the specific prohibitions that have been imposed by the District Court's injunction.

      106
      B. First Amendment Challenge
      107

      The District Court's injunction applies the DMCA to the Defendants by imposing two types of prohibition, both grounded on the anti-trafficking provisions of the DMCA. The first prohibits posting DeCSS or any other technology for circumventing CSS on any Internet web site. Universal II, 111 F. Supp. 2d at 346-47, ¶ 1(a), (b). The second prohibits knowingly linking any Internet web site to any other web site containing DeCSS. Id. at 347, ¶ 1(c). The validity of the posting and linking prohibitions must be considered separately.

      108
      1. Posting
      109

      The initial issue is whether the posting prohibition is content-neutral, since, as we have explained, this classification [454] determines the applicable constitutional standard. The Appellants contend that the anti-trafficking provisions of the DMCA and their application by means of the posting prohibition of the injunction are content-based. They argue that the provisions "specifically target . . . scientific expression based on the particular topic addressed by that expression—namely, techniques for circumventing CSS." Supplemental Brief for Appellants at 1. We disagree. The Appellants' argument fails to recognize that the target of the posting provisions of the injunction—DeCSS—has both a nonspeech and a speech component, and that the DMCA, as applied to the Appellants, and the posting prohibition of the injunction target only the nonspeech component. Neither the DMCA nor the posting prohibition is concerned with whatever capacity DeCSS might have for conveying information to a human being, and that capacity, as previously explained, is what arguably creates a speech component of the decryption code. The DMCA and the posting prohibition are applied to DeCSS solely because of its capacity to instruct a computer to decrypt CSS. That functional capability is not speech within the meaning of the First Amendment. The Government seeks to "justif[y]," Hill, 530 U.S. at 720, both the application of the DMCA and the posting prohibition to the Appellants solely on the basis of the functional capability of DeCSS to instruct a computer to decrypt CSS, i.e., "without reference to the content of the regulated speech," id. This type of regulation is therefore content-neutral, just as would be a restriction on trafficking in skeleton keys identified because of their capacity to unlock jail cells, even though some of the keys happened to bear a slogan or other legend that qualified as a speech component.

      110

      As a content-neutral regulation with an incidental effect on a speech component, the regulation must serve a substantial governmental interest, the interest must be unrelated to the suppression of free expression, and the incidental restriction on speech must not burden substantially more speech than is necessary to further that interest. Turner Broadcasting, 512 U.S. at 662. The Government's interest in preventing unauthorized access to encrypted copyrighted material is unquestionably substantial, and the regulation of DeCSS by the posting prohibition plainly serves that interest. Moreover, that interest is unrelated to the suppression of free expression. The injunction regulates the posting of DeCSS, regardless of whether DeCSS code contains any information comprehensible by human beings that would qualify as speech. Whether the incidental regulation on speech burdens substantially more speech than is necessary to further the interest in preventing unauthorized access to copyrighted materials requires some elaboration.

      111

      Posting DeCSS on the Appellants' web site makes it instantly available at the click of a mouse to any person in the world with access to the Internet, and such person can then instantly transmit DeCSS to anyone else with Internet access. Although the prohibition on posting prevents the Appellants from conveying to others the speech component of DeCSS, the Appellants have not suggested, much less shown, any technique for barring them from making this instantaneous worldwide distribution of a decryption code that makes a lesser restriction on the code's speech component.[28] It is true that the [455] Government has alternative means of prohibiting unauthorized access to copyrighted materials. For example, it can create criminal and civil liability for those who gain unauthorized access, and thus it can be argued that the restriction on posting DeCSS is not absolutely necessary to preventing unauthorized access to copyrighted materials. But a content-neutral regulation need not employ the least restrictive means of accomplishing the governmental objective. Id. It need only avoid burdening "substantially more speech than is necessary to further the government's legitimate interests." Id. (internal quotation marks and citation omitted). The prohibition on the Defendants' posting of DeCSS satisfies that standard.[29]

      112
      2. Linking
      113

      In considering linking, we need to clarify the sense in which the injunction prohibits such activity. Although the injunction defines several terms, it does not define "linking." Nevertheless, it is evident from the District Court's opinion that it is concerned with "hyperlinks," Universal I, 111 F. Supp. 2d at 307; see id. at 339.[30] A hyperlink is a cross-reference (in a distinctive font or color) appearing on one web page that, when activated by the point-and-click of a mouse, brings onto the computer screen another web page. The hyperlink can appear on a screen (window) as text, such as the Internet address ("URL") of the web page being called up or a word or phrase that identifies the web page to be called up, for example, "DeCSS web site." Or the hyperlink can appear as an image, for example, an icon depicting a person sitting at a computer watching a DVD movie and text stating "click here to access DeCSS and see DVD movies for free!" The code for the web page containing the hyperlink contains a computer instruction that associates the link with the URL of the web page to be accessed, such that clicking on the hyperlink instructs the computer to enter the URL of the desired web page and thereby access that page. With a hyperlink on a web page, the linked web site is just one click away.[31]

      114

      [456] In applying the DMCA to linking (via hyperlinks), Judge Kaplan recognized, as he had with DeCSS code, that a hyperlink has both a speech and a nonspeech component. It conveys information, the Internet address of the linked web page, and has the functional capacity to bring the content of the linked web page to the user's computer screen (or, as Judge Kaplan put it, to "take one almost instantaneously to the desired destination." Id.). As he had ruled with respect to DeCSS code, he ruled that application of the DMCA to the Defendants' linking to web sites containing DeCSS is content-neutral because it is justified without regard to the speech component of the hyperlink. Id. The linking prohibition applies whether or not the hyperlink contains any information, comprehensible to a human being, as to the Internet address of the web page being accessed. The linking prohibition is justified solely by the functional capability of the hyperlink.

      115

      Applying the O'Brien/Ward/Turner Broadcasting requirements for content-neutral regulation, Judge Kaplan then ruled that the DMCA, as applied to the Defendants' linking, served substantial governmental interests and was unrelated to the suppression of free expression. Id. We agree. He then carefully considered the "closer call," id., as to whether a linking prohibition would satisfy the narrow tailoring requirement. In an especially carefully considered portion of his opinion, he observed that strict liability for linking to web sites containing DeCSS would risk two impairments of free expression. Web site operators would be inhibited from displaying links to various web pages for fear that a linked page might contain DeCSS, and a prohibition on linking to a web site containing DeCSS would curtail access to whatever other information was contained at the accessed site. Id. at 340.

      116

      To avoid applying the DMCA in a manner that would "burden substantially more speech than is necessary to further the government's legitimate interests," Turner Broadcasting, 512 U.S. at 662 (internal quotation marks and citation omitted), Judge Kaplan adapted the standards of New York Times Co. v. Sullivan, 376 U.S. 254, 283 (1964), to fashion a limited prohibition against linking to web sites containing DeCSS. He required clear and convincing evidence

      117

      that those responsible for the link (a) know at the relevant time that the offending material is on the linked-to site, (b) know that it is circumvention technology that may not lawfully be offered, and (c) create or maintain the link for the purpose of disseminating that technology.

      118

      Universal I, 111 F. Supp. 2d at 341. He then found that the evidence satisfied his three-part test by his required standard of proof. Id.

      119

      In response to our post-argument request for the parties' views on various issues, including specifically Judge Kaplan's test for a linking prohibition, the Appellants replied that his test was deficient for not requiring proof of intent to cause, or aid or abet, harm, and that the only valid test for a linking prohibition would be one that could validly apply to the publication in a print medium of an address for obtaining prohibited material. Supplemental Brief for Appellants at 14. The Appellees and the Government accepted [457] Judge Kaplan's criteria for purposes of asserting the validity of the injunction as applied to the Appellants, with the Government expressing reservations as to the standard of clear and convincing evidence. Supplemental Brief for Appellees at 22-23; Supplemental Brief for Government at 19-21.

      120

      Mindful of the cautious approach to First Amendment claims involving computer technology expressed in Name.Space, 202 F.3d at 584 n.11, we see no need on this appeal to determine whether a test as rigorous as Judge Kaplan's is required to respond to First Amendment objections to the linking provision of the injunction that he issued. It suffices to reject the Appellants' contention that an intent to cause harm is required and that linking can be enjoined only under circumstances applicable to a print medium. As they have throughout their arguments, the Appellants ignore the reality of the functional capacity of decryption computer code and hyperlinks to facilitate instantaneous unauthorized access to copyrighted materials by anyone anywhere in the world. Under the circumstances amply shown by the record, the injunction's linking prohibition validly regulates the Appellants' opportunity instantly to enable anyone anywhere to gain unauthorized access to copyrighted movies on DVDs.[32]

      121

      At oral argument, we asked the Government whether its undoubted power to punish the distribution of obscene materials would permit an injunction prohibiting a newspaper from printing addresses of bookstore locations carrying such materials. In a properly cautious response, the Government stated that the answer would depend on the circumstances of the publication. The Appellants' supplemental papers enthusiastically embraced the arguable analogy between printing bookstore addresses and displaying on a web page links to web sites at which DeCSS may be accessed. Supplemental Brief for Appellants at 14. They confidently asserted that publication of bookstore locations carrying obscene material cannot be enjoined consistent with the First Amendment, and that a prohibition against linking to web sites containing DeCSS is similarly invalid. Id.

      122

      Like many analogies posited to illuminate legal issues, the bookstore analogy is helpful primarily in identifying characteristics that distinguish it from the context of the pending dispute. If a bookstore proprietor is knowingly selling obscene materials, the evil of distributing such materials can be prevented by injunctive relief against the unlawful distribution (and similar distribution by others can be deterred by punishment of the distributor). And if others publish the location of the bookstore, preventive relief against a distributor can be effective before any significant distribution of the prohibited materials has occurred. The digital world, however, creates a very different problem. If obscene materials are posted on one web site and other sites post hyperlinks to the first site, the materials are available for instantaneous worldwide distribution before any preventive measures can be effectively taken.

      123

      This reality obliges courts considering First Amendment claims in the context of the pending case to choose between two unattractive alternatives: either tolerate some impairment of communication in order [458] to permit Congress to prohibit decryption that may lawfully be prevented, or tolerate some decryption in order to avoid some impairment of communication. Although the parties dispute the extent of impairment of communication if the injunction is upheld and the extent of decryption if it is vacated, and differ on the availability and effectiveness of techniques for minimizing both consequences, the fundamental choice between impairing some communication and tolerating decryption cannot be entirely avoided.

      124

      In facing this choice, we are mindful that it is not for us to resolve the issues of public policy implicated by the choice we have identified. Those issues are for Congress. Our task is to determine whether the legislative solution adopted by Congress, as applied to the Appellants by the District Court's injunction, is consistent with the limitations of the First Amendment, and we are satisfied that it is.

      125
      IV. Constitutional Challenge Based on Claimed Restriction of Fair Use
      126

      Asserting that fair use "is rooted in and required by both the Copyright Clause and the First Amendment," Brief for Appellants at 42, the Appellants contend that the DMCA, as applied by the District Court, unconstitutionally "eliminates fair use" of copyrighted materials, id. at 41 (emphasis added). We reject this extravagant claim.

      127

      Preliminarily, we note that the Supreme Court has never held that fair use is constitutionally required, although some isolated statements in its opinions might arguably be enlisted for such a requirement. In Stewart v. Abend, 495 U.S. 207 (1990), cited by the Appellants, the Court merely noted that fair use "'permits courts to avoid rigid application of the copyright statute when, on occasion, it would stifle the very creativity which that law is designed to foster,'" id. (quoting Iowa State University Research Foundation, Inc. v. American Broadcasting Cos., 621 F.2d 57, 60 (2d Cir. 1980)); see also Harper & Row, Publishers, Inc. v. Nation Enterprises, 471 U.S. 539, 560 (1985) (noting "the First Amendment protections already embodied in the Copyright Act's distinction between copyrightable expression and uncopyrightable facts and ideas, and the latitude for scholarship and comment traditionally afforded by fair use"). In Campbell v. Acuff-Rose Music, Inc., 510 U.S. 569 (1994), the Court observed, "From the infancy of copyright protection, some opportunity for fair use of copyrighted materials has been thought necessary to fulfill copyright's very purpose, '[t]o promote the Progress of Science and useful Arts. . . .'"[33] Id. at 575 (citation omitted); see generally William F. Patry, The Fair Use Privilege in Copyright Law 573-82 (2d ed. 1995) (questioning First Amendment protection for fair use).

      128

      We need not explore the extent to which fair use might have constitutional protection, grounded on either the First Amendment or the Copyright Clause, because whatever validity a constitutional claim might have as to an application of the DMCA that impairs fair use of copyrighted materials, such matters are far beyond the [459] scope of this lawsuit for several reasons. In the first place, the Appellants do not claim to be making fair use of any copyrighted materials, and nothing in the injunction prohibits them from making such fair use. They are barred from trafficking in a decryption code that enables unauthorized access to copyrighted materials.

      129

      Second, as the District Court properly noted, to whatever extent the anti-trafficking provisions of the DMCA might prevent others from copying portions of DVD movies in order to make fair use of them, "the evidence as to the impact of the anti-trafficking provision[s] of the DMCA on prospective fair users is scanty and fails adequately to address the issues." Universal I, 111 F. Supp. 2d at 338 n.246.

      130

      Third, the Appellants have provided no support for their premise that fair use of DVD movies is constitutionally required to be made by copying the original work in its original format.[34] Their examples of the fair uses that they believe others will be prevented from making all involve copying in a digital format those portions of a DVD movie amenable to fair use, a copying that would enable the fair user to manipulate the digitally copied portions. One example is that of a school child who wishes to copy images from a DVD movie to insert into the student's documentary film. We know of no authority for the proposition that fair use, as protected by the Copyright Act, much less the Constitution, guarantees copying by the optimum method or in the identical format of the original. Although the Appellants insisted at oral argument that they should not be relegated to a "horse and buggy" technique in making fair use of DVD movies,[35] the DMCA does not impose even an arguable limitation on the opportunity to make a variety of traditional fair uses of DVD movies, such as commenting on their content, quoting excerpts from their screenplays, and even recording portions of the video images and sounds on film or tape by pointing a camera, a camcorder, or a microphone at a monitor as it displays the DVD movie. The fact that the resulting copy will not be as perfect or as manipulable as a digital copy obtained by having direct access to the DVD movie in its digital form, provides no basis for a claim of unconstitutional limitation of fair use. A film critic making fair use of a movie by quoting selected lines of dialogue has no constitutionally valid claim that the review (in print or on television) would be technologically superior if the reviewer had not been prevented from using a movie camera in the theater, nor has an art student a valid constitutional claim to fair use of a painting by photographing it in a museum. Fair use has never been held to be a guarantee of access to copyrighted material in order to copy it by the fair user's preferred technique or in the format of the original.

      131
      Conclusion
      132

      We have considered all the other arguments of the Appellants and conclude that [460] they provide no basis for disturbing the District Court's judgment. Accordingly, the judgment is affirmed.

      133

      [*] Honorable Alvin W. Thompson, United States District Court for the District of Connecticut, sitting by designation.

      134

      [1] DVDs are similar to compact disks (CDs), but differ, among other things, in that they hold far more data. For detailed information concerning DVDs and CDs, see "Fast Guide to CD/DVD" at http://searchWindowsManageability.techtarget.com/sDefinition/0,,sid_gci514667,00.html (last updated Aug. 3, 2001).

      135

      [2] "2600" has special significance to the hacker community. It is the hertz frequency ("a unit of frequency of a periodic process equal to one cycle per second," Webster's Third New International Dictionary 1061 (1993)) of a signal that some hackers formerly used to explore the entire telephone system from "operator mode," which was triggered by the transmission of a 2600 hertz tone across a telephone line, Trial Tr. at 786-87, or to place telephone calls without incurring long-distance toll charges, United States v. Brady, 820 F. Supp. 1346, 1355 & n.18 (D. Utah 1993). One such user reportedly discovered that the sound of a toy whistle from a box of Cap'n Crunch cereal matched the telephone company's 2600 hertz tone perfectly. Id. at 1355 n.18.

      136

      [3] By the end of 1997, most if not all DVDs that were released were encrypted with CSS. Trial Tr. at 409; Universal I, 111 F. Supp. 2d at 310. Moreover, DVD players were projected to be in ten percent of United States homes by the end of 2000. Trial Tr. at 442; Universal I, 111 F. Supp. 2d at 310. In fact, as of 2000, about thirty-five percent of one studio's worldwide revenues from movie distribution was attributable to DVD sales and rentals. Trial Tr. at 403; Universal I, 111 F. Supp. 2d at 310 n.69.

      137

      [4] An operating system works with the computer to perform the application's instructions. Generally, an executable application can be played only on the operating system for which it is designed, although interoperability has been improving. At the time of the trial, DeCSS could be run only on the Microsoft Windows operating system. Trial Tr. at 245 (Testimony of Robert W. Schumann).

      138

      [5] An item of some controversy, both in this litigation and elsewhere, is the extent to which CSS-encrypted DVDs can be copied even without DeCSS. The record leaves largely unclear how CSS protects against the copying of a DVD, as contrasted with the playing of a DVD on an unlicensed player. The Defendants' experts insisted that there is nothing about the way CSS operates that prevents the copying of a DVD. Declaration of Frank Stevenson ¶ 23 ("Bit-for-bit copying, which precisely duplicates the content of one DVD to another, results in a fully-playable product."); Trial Tr. at 751 (Testimony of Professor Edward Felten) (CSS "could [not] have prevented the encrypted content from being copied to somewhere else"); Deposition of Barbara Simons at 48-49, 77. Some of the Plaintiffs' experts countered simply that "copying to a hard drive is something that compliant DVD players are not allowed to do," without explaining why. Trial Tr. at 37 (Testimony of Dr. Michael I. Shamos); see also Deposition of John J. Hoy at 347-48; Deposition of Fritz Attaway at 83. Another expert indicated that while a DVD movie can be copied to a computer's hard drive in encrypted form, the movie cannot be played without a DVD actually present in the DVD drive. Deposition of Robert W. Schumann at 153; Second Supplemental Declaration of Robert W. Schumann ¶ 15. This expert did not identify the mechanism that prevents someone from copying encrypted DVDs to a hard drive in the absence of a DVD in the disk drive. However, none of this detracts from these undisputed findings: some feature of either CSS itself, or another (unidentified) safeguard implemented by DVD manufacturers pursuant to their obligations under the CSS licensing scheme, makes it difficult to copy a CSS-encrypted DVD to a hard drive and then compress that DVD to the point where transmission over the Internet is practical. See Universal I, 111 F. Supp. 2d at 338. Conversely, a DVD movie file without CSS encryption is easily copied, manipulated, and transferred. See id. at 313. In other words, it might very well be that copying is not blocked by CSS itself, but by some other protection implemented by the DVD player manufacturers. Nonetheless, in decrypting CSS, the DeCSS program (perhaps incidentally) sidesteps whatever it is that blocks copying of the files. While there may be alternative means of extracting a non-encrypted, copyable movie from a DVD—for example, by copying the movie along with its encryption "bit-by-bit," or "ripping" a DVD by siphoning movie file data after CSS has already been decrypted by a licensed player—DeCSS is the superior means of acquiring easily copyable movies, see id. at 342, and in fact, is recommended by a DVD compression web site as the preferred tool for obtaining a decrypted DVD suitable for compression and transmission over the Internet, see id. We acknowledge the complexity and the rapidly changing nature of the technology involved in this case, but it is clear that the Defendants have presented no evidence to refute any of these carefully considered findings by the District Court.

      139

      [6] The District Court determined that even at high speeds, typical of university networks, transmission times ranged from three minutes to six hours. The Court noted, however, that "the availability of high speed network connections in many businesses and institutions, and their growing availability in homes, make Internet and other network traffic in pirated copies a growing threat." Universal I, 111 F. Supp. 2d at 315.

      140

      [7] Defendant 2600 Enterprises, Inc., is the company Corley incorporated to run the magazine, maintain the web site, and manage related endeavors like merchandising.

      141

      [8] The lawsuit was filed against Corley, Shawn C. Reimerdes, and Roman Kazan. 2600 Enterprises, Inc., was later added as a defendant. At an earlier stage of the litigation, the action was settled as to Reimerdes and Kazan. See Universal II, 111 F. Supp. 2d at 346.

      142

      [9] For convenience, all references to the DMCA are to the United State Code sections.

      143

      [10] In a supplemental Order, the Court corrected a typographical error in its opinion in Universal I by changing the first sentence of the first full paragraph at 111 F. Supp. 2d 328 to read "Restrictions on the nonspeech elements of expressive conduct fall into the content-neutral category." Universal City Studios, Inc. v. Reimerdes, No. 00 Civ. 0277 (LAK) (S.D.N.Y. Aug. 17, 2001).

      144

      [11] For example, advertisements for pirated DVDs rose dramatically in number after the release of DeCSS on the web, and DVD file compression web sites recommend the use of DeCSS. Universal I, 111 F. Supp. 2d at 342.

      145

      [12] In Part IV, infra, we consider the Appellants' claim that the DMCA is unconstitutional because of its effect on opportunities for fair use of copyrighted materials.

      146

      [13] The legislative history of the enacted bill makes quite clear that Congress intended to adopt a "balanced" approach to accommodating both piracy and fair use concerns, eschewing the quick fix of simply exempting from the statute all circumventions for fair use. H.R. Rep. No. 105-551, pt. 2, at 25 (1998). It sought to achieve this goal principally through the use of what it called a "fail-safe" provision in the statute, authorizing the Librarian of Congress to exempt certain users from the anti-circumvention provision when it becomes evident that in practice, the statute is adversely affecting certain kinds of fair use. See 17 U.S.C. § 1201(a)(1)(C); H.R. Rep. No. 105-551, pt. 2, at 36 ("Given the threat of a diminution of otherwise lawful access to works and information, the Committee on Commerce believes that a 'fail-safe' mechanism is required. This mechanism would . . . allow the . . . [waiver of the anti-circumvention provisions], for limited time periods, if necessary to prevent a diminution in the availability to individual users of a particular category of copyrighted materials."). Congress also sought to implement a balanced approach through statutory provisions that leave limited areas of breathing space for fair use. A good example is subsection 1201(d), which allows a library or educational institution to circumvent a digital wall in order to determine whether it wishes legitimately to obtain the material behind the wall. See H.R. Rep. No. 105-551, pt. 2, at 41. It would be strange for Congress to open small, carefully limited windows for circumvention to permit fair use in subsection 1201(d) if it then meant to exempt in subsection 1201(c)(1) any circumvention necessary for fair use.

      147

      [14] This is actually what subsection 1201(a)(3)(A) means when read in conjunction with the anti-circumvention provisions. When read together with the anti-trafficking provisions, subsection 1201(a)(3)(A) frees an individual to traffic in encryption technology designed or marketed to circumvent an encryption measure if the owner of the material protected by the encryption measure authorizes that circumvention.

      148

      [15] Even if the Defendants had been able to offer such evidence, and even if they could have demonstrated that DeCSS was "primarily designed . . . for the purpose of" playing DVDs on multiple platforms (and therefore not for the purpose of "circumventing a technological measure"), a proposition questioned by Judge Kaplan, see Universal I, 111 F. Supp. 2d at 311 n.79, the Defendants would defeat liability only under subsection 1201(a)(2)(A). They would still be vulnerable to liability under subsection 1201(a)(2)(C), because they "marketed" DeCSS for the copying of DVDs, not just for the playing of DVDs on multiple platforms. See, e.g., Trial Tr. at 820.

      149

      [16] For example, a program (or part of a program) will give a computer the direction to "launch" a word-processing program like WordPerfect when the icon for WordPerfect is clicked; a program like WordPerfect will give the computer directions to display letters on a screen and manipulate them according to the computer user's preferences whenever the appropriate keys are struck.

      150

      [17] We note that instructions are of varied types. See Vartuli, 228 F.3d at 111. "Orders" from one member of a conspiracy to another member, or from a superior to a subordinate, might resemble instructions but nonetheless warrant less or even no constitutional protection because their capacity to inform is meager, and because it is unlikely that the recipient of the order will engage in the "intercession of . . . mind or . . . will" characteristic of the sort of communication between two parties protected by the Constitution, see id. at 111-12 (noting that statements in the form of orders, instructions, or commands cannot claim "talismanic immunity from constitutional limitations" but "should be subjected to careful and particularized analysis to ensure that no speech entitled to First Amendment protection fails to receive it"); Kent Greenawalt, Speech and Crime, Am. B. Found. Res. J. 645, 743-44 (1980).

      151

      [18] These cases almost always concern instructions on how to commit illegal acts. Several courts have concluded that such instructions fall outside the First Amendment. However, these conclusions never rest on the fact that the speech took the form of instructions, but rather on the fact that the instructions counseled the listener how to commit illegal acts. See, e.g., Rice v. Paladin Enterprises, Inc., 128 F.3d 233, 247-49 (4th Cir. 1997); United States v. Barnett, 667 F.2d 835, 842 (9th Cir. 1982). None of these opinions even hints that instructions are a form of speech categorically outside the First Amendment.

      152

      [19] Of course, we do not mean to suggest that the communication of "information" is a prerequisite of protected "speech." Protected speech may communicate, among other things, ideas, emotions, or thoughts. We identify "information" only because this is what computer programs most often communicate, in addition to giving directions to a computer.

      153

      [20] However, in the rare case where a human's mental faculties do not intercede in executing the instructions, we have withheld protection. See Vartuli, 228 F.3d at 111.

      154

      [21] Programmers use snippets of code to convey their ideas for new programs; economists and other creators of computer models publish the code of their models in order to demonstrate the models' vigor. Brief of Amici Curiae Dr. Harold Abelson et al. at 17; Brief of Amici Curiae Steven Bellovin et al. at 12-13; see also Bernstein v. United States Department of Justice, 176 F.3d 1132, 1141 (9th Cir.) (concluding that computer source code is speech because it is "the preferred means" of communication among computer programmers and cryptographers), reh'g in banc granted and opinion withdrawn, 192 F.3d 1308 (9th Cir. 1999).

      155

      [22] Reinforcing the conclusion that software programs qualify as "speech" for First Amendment purposes—even though they instruct computers—is the accelerated blurring of the line between "source code" and conventional "speech." There already exist programs capable of translating English descriptions of a program into source code. Trial Tr. at 1101-02 (Testimony of Professor Andrew Appel). These programs are functionally indistinguishable from the compilers that routinely translate source code into object code. These new programs (still apparently rudimentary) hold the potential for turning "prose" instructions on how to write a computer program into the program itself. Even if there were an argument for exempting the latter from First Amendment protection, the former are clearly protected for the reasons set forth in the text. As technology becomes more sophisticated, instructions to other humans will increasingly be executable by computers as well.

      156

      [23] Vartuli reasoned that the interaction between "programming commands as triggers and semiconductors as a conduit," even though communication, is not "speech" within the meaning of the First Amendment and that the communication between Recurrence and a customer using it as intended was similarly not "speech." Vartuli, 228 F.2d at 111.

      157

      [24] The reasoning of Junger has recently been criticized. See Orin S. Kerr, Are We Overprotecting Code? Thoughts on First-Generation Internet Law, 57 Wash. & Lee L. Rev. 1287 (2000). Prof. Kerr apprehends that if encryption code is First Amendment speech because it conveys "ideas about cryptography," Junger, 209 F.3d at 484, all code will be protected "because code will always convey information about itself." Kerr, supra, at 1291. That should not suffice, he argues, because handing someone an object, for example, a padlock, is a good way of communicating how that object works, yet a padlock is not speech. Id. at 1291-92. However, code does not cease to be speech just because some objects that convey information are not speech. Both code and a padlock can convey information, but only code, because it uses a notational system comprehensible by humans, is communication that qualifies as speech. Prof. Kerr might be right that making the communication of ideas or information the test of whether code is speech provides First Amendment coverage to many, perhaps most, computer programs, but that is a consequence of the information-conveying capacity of the programs, not a reason for denying them First Amendment coverage.

      158

      [25] The Supreme Court has used slightly different formulations to express the narrow tailoring requirement of a content-neutral regulation. In O'Brien, the formulation was "if the incidental restriction on alleged First Amendment freedoms is no greater than is essential to the furtherance of that interest." 391 U.S. at 377. In Ward, the formulation was "'so long as the . . . regulation promotes a substantial government interest that would be achieved less effectively absent the regulation.'" 491 U.S. at 799 (quoting United States v. Albertini, 472 U.S. 675, 689 (1985)). Ward added, however, that the regulation may not "burden substantially more speech than is necessary to further the government's legitimate interests." Id. (emphasis added). Turner Broadcasting quoted both the "no greater than is essential" formulation from O'Brien, see Turner Broadcasting, 512 U.S. at 662, and the "would be achieved less effectively" formulation from Ward, see id. Turner Broadcasting made clear that the narrow tailoring requirement is less demanding than the least restrictive means requirement of a content-specific regulation, id., and appears to have settled on the "substantially more" phrasing from Ward as the formulation that best expresses the requirement, id. That is the formulation we will apply.

      159

      [26] This argument is elaborated by some of the amici curiae. "In the absence of human intervention, code does not function, it engages in no conduct. It is as passive as a cake recipe." Brief of Amici Curiae Dr. Harold Abelson et al. at 26.

      160

      [27] More dramatically, the Government calls DeCSS "a digital crowbar." Brief for Intervenor United States at 19.

      161

      [28] Briefs of some of the amici curiae discuss the possibility of adequate protection against copying of copyrighted materials by adopting the approach of the Audio Home Recording Act of 1992, 17 U.S.C. § 1002(a), which requires digital audio tape recorders to include a technology that prevents serial copying, but permits making a single copy. See, e.g., Brief of Amici Curiae Benkler and Lessig at 15. However, the Defendants did not present evidence of the current feasibility of a similar solution to prevent serial copying of DVDs over the Internet. Even if the Government, in defending the DMCA, must sustain a burden of proof in order to satisfy the standards for content-neutral regulation, the Defendants must adduce enough evidence to create fact issues concerning the current availability of less intrusive technological solutions. They did not do so in the District Court. Moreover, we note that when Congress opted for the solution to serial copying of digital audio tapes, it imposed a special royalty on manufacturers of digital audio recording devices to be distributed to appropriate copyright holders. See 17 U.S.C. §§ 1003-1007. We doubt if the First Amendment required Congress to adopt a similar technology/royalty scheme for regulating the copying of DVDs, but in any event the record in this case provides no basis for invalidating the anti-trafficking provisions of the DMCA or the injunction for lack of such an alternative approach.

      162

      [29] We have considered the opinion of a California intermediate appellate court in DVD Copy Control Ass'n v. Bunner, 93 Cal.App.4th 648, 113 Cal.Rptr.2d 338 (2001) (Cal. Ct. App., 6th Dist. Nov. 1, 2001), declining, on First Amendment grounds, to issue a preliminary injunction under state trade secrets law prohibiting a web site operator from posting DeCSS. To the extent that DVD Copy Control disagrees with our First Amendment analysis, we decline to follow it.

      163

      [30] "Hyperlinks" are also called "hypertext links" or "active links."

      164

      [31] "Linking" not accomplished by a hyperlink would simply involve the posting of the Internet address ("URL") of another web page. A "link" of this sort is sometimes called an "inactive link." With an inactive link, the linked web page would be only four clicks away, one click to select the URL address for copying, one click to copy the address, one click to "paste" the address into the text box for URL addresses, and one click (or striking the "enter" key) to instruct the computer to call up the linked web site.

      165

      [32] We acknowledge that the prohibition on linking restricts more than Corley's ability to facilitate instant access to DeCSS on linked web sites; it also restricts his ability to facilitate access to whatever protected speech is available on those sites. However, those who maintain the linked sites can instantly make their protected material available for linking by Corley by the simple expedient of deleting DeCSS from their web sites.

      166

      [33] Although we have recognized that the First Amendment provides no entitlement to use copyrighted materials beyond that accorded by the privilege of fair use, except in "an extraordinary case," Twin Peaks Productions, Inc. v. Publications International, Ltd., 996 F.2d 1366, 1378 (2d Cir. 1993), we have not ruled that the Constitution guarantees any particular formulation or minimum availability of the fair use defense.

      167

      [34] As expressed in their supplemental papers, the position of the Appellants is that "fair use extends to works in whatever form they are offered to the public," Supplemental Brief for Appellants at 20, by which we understand the Appellants to contend not merely that fair use may be made of DVD movies but that the fair user must be permitted access to the digital version of the DVD in order to directly copy excerpts for fair use in a digital format.

      168

      [35] In their supplemental papers, the Appellants contend, rather hyperbolically, that a prohibition on using copying machines to assist in making fair use of texts could not validly be upheld by the availability of "monks to scribe the relevant passages." Supplemental Brief for Appellants at 20.

    • 3.2 Blizzard Entertainment, Inc. v. Jung, 422 F.3d 630 (8th Cir. 2005)

      1

      422 F.3d 630

      2
      DAVIDSON & ASSOCIATES, doing business as Blizzard Entertainment, Inc.; Vivendi Universal, Inc., Plaintiffs — Appellees,
      v.
      Tim JUNG, an individual; Rob Crittenden, Defendants — Appellants,
      Intellectual Property Law Professors, Amicus Curiae,
      Internet Gateway, Defendants — Appellants,
      Computer & Communications Industry Association; Open Source & Industry Alliance; Consumers Union; Public Knowledge; Intellectual Property Law Professors; The Institute of Electrical and Electronics Engineers, Inc., Amici on Behalf of Appellants,
      Entertainment Software Association; Recording Industry Association of America; Motion Picture Association of America, Incorporated; Data Tree, LLC; First American Real Estate Solutions, LLC; Reed Elsevier, Inc. Twenty-Second Century Foundation, Inc.; Software & Information Industry Association, Amici on Behalf of Appellees.
      3

      No. 04-3654.
      United States Court of Appeals, Eighth Circuit.
      Submitted: June 20, 2005.
      Filed: September 1, 2005.

      4

      [632] Paul S. Grewal, argued, Cupertino, CA (Robert M. Galvin and Richard C. Lin, Cupertino, CA, Jason M. Schultz, San Francisco, CA, Mark Sableman and Matthew Braunel, St. Louis, MO, on the brief), for appellant.

      5

      Stephen H. Rovak, argued, St. Louis, MO (Kirill Y. Abramov, St. Louis, MO, Carol Anne Been and Gerald E. Fradin, Chicago, IL, on the brief), for appellee.

      6

      Before MURPHY, BYE, and SMITH, Circuit Judges.

      7

      SMITH, Circuit Judge.

      8

      Davidson & Associates, Inc. d/b/a Blizzard Entertainment ("Blizzard") and Vivendi Universal Games, Inc. ("Vivendi"), owner of copyrights in computer game software and online gaming service software sued Ross Combs ("Combs"), Rob Crittenden ("Crittenden"), Jim Jung ("Jung"), and Internet Gateway, Inc. ("Internet Gateway") (collectively referred to as "Appellants"), for breach of contract, circumvention of copyright protection system, and trafficking in circumvention technology. Both parties moved for summary judgment. The district court granted summary judgment in favor of Blizzard and Vivendi, and determined that: (1) Blizzard's software end-user license and terms of usage agreements were enforceable contracts; (2) Appellants waived any "fair use" defense; (3) the agreements did not constitute misuse of copyright; and (4) Appellants violated the anti-circumvention and anti-trafficking provisions of the Digital Millennium Copyright Act ("DMCA"). We affirm.

      9
      [633] I. Background
      10
      A. Factual Background
      11

      Blizzard, a California corporation and subsidiary of Vivendi, creates and sells software games for personal computers. This appeal concerns the particular Blizzard games "StarCraft," "StarCraft: Brood War," "WarCraft II: Battle.net Edition," "Diablo," and "Diablo II: Lord of Destruction." Combs and Crittenden are computer programmers, Jung is a systems administrator, and Internet Gateway is an Internet service provider based in St. Peters, Missouri. Jung is also the president, co-owner, and day-to-day operator of Internet Gateway.

      12

      In January 1997, Blizzard officially launched "Battle.net," a 24-hour online-gaming service available exclusively to purchasers of its computer games. The Battle.net service has nearly 12 million active users who spend more that 2.1 million hours online per day. Blizzard holds valid copyright registrations covering Battle.net and each of its computer games at issue in this litigation. Battle.net is a free service that allows owners of Blizzard games to play each other on their personal computers via the Internet. Battle.net mode allows users to create and join multi-player games that can be accessed across the Internet, to chat with other potential players, to record wins and losses and save advancements in an individual password-protected game account, and to participate with others in tournament play featuring elimination rounds.[1] Players can set up private "chat channels" and private games on Battle.net to allow players to determine with whom they wish to interact online. These Battle.net mode features are only accessible from within the games.

      13

      Like most computer software, Blizzard's games can be easily copied and distributed over the Internet. Blizzard has taken steps to avoid piracy by designing Battle.net to restrict access and use of the Battle.net mode feature of the game. Each time a user logs onto Battle.net, a Battle.net server examines the user's version of the game software. If a Blizzard game does not have the latest software upgrades and fixes, the Battle.net service updates the customer's game before allowing the game to play in Battle.net mode.

      14

      With the exception of "Diablo," each authorized version of a Blizzard game comes with a "CD Key." A CD Key is a unique sequence of alphanumeric characters printed on a sticker attached to the case in which the CD-ROM was packaged.[2] To log on to Battle.net and access Battle.net mode, the game initiates an authentication sequence or "secret handshake" between the game and the Battle.net server.[3] In [634] order to play the Blizzard game contained on a CD-ROM, a user must first install the game onto a computer and agree to the terms of the End User License Agreement ("EULA")[4] and Terms of Use ("TOU"),[5] [635] both of which prohibit reverse engineering. At the end of both the EULA and TOU, Blizzard includes a button with the text, "I Agree" in it, which the user must select in order to proceed with the installation. Users are also required to enter a name and the CD Key during installation of Battle.net and Blizzard games.

      15

      The outside packaging of all Blizzard games, except for Diablo, contains a statement that use of the game is subject to the EULA and that use of Battle.net is subject to the terms of the TOU. The terms of neither the EULA nor the TOU appear on the outside packaging. If the user does not agree to these terms, the game may be returned for a full refund of the purchase price within thirty (30) days of the original purchase. Combs, Crittenden, and Jung installed Blizzard games and agreed to the terms of the EULA. Crittenden and Jung logged onto Battle.net and agreed to the TOU.

      16

      The users of Battle.net have occasionally experienced difficulties with the service.[6] To address their frustrations with Battle.net, a group of non-profit volunteer game hobbyists, programmers, and other individuals formed a group called the "bnetd project." The bnetd project developed a program called the "bnetd.org server" that emulates the Battle.net service and permits users to play online without use of Battle.net. The bnetd project is a volunteer effort and the project has always offered the bnetd program for free to anyone. Combs, Crittenden, and Jung were lead developers for the bnetd project.

      17

      The bnetd project was organized and managed over the Internet through a website, www.bnetd.org, that was made available to the public through equipment provided by Internet Gateway. The bnetd.org emulator provides a server that allows gamers unable or unwilling to connect to Battle.net to experience the multi-player features of Blizzard's games. The bnetd.org emulator also provides matchmaking services for users of Blizzard games who want to play those games in a multi-player environment without using Battle.net. Bnetd.org attempted to mirror all of the user-visible features of Battle.net, including online discussion forums and information about the bnetd project, as well as access to the program's computer code for others to copy and modify.

      18

      To serve as a functional alternative to Battle.net, bnetd.org had to be compatible with Blizzard's software. In particular, compatibility required that bnetd.org speak the same protocol language that the Battle.net speaks. By speaking the same protocol language, the bnetd programs [636] would be interoperable with Blizzard games. Once game play starts, a user perceives no difference between Battle.net and the bnetd.org.

      19

      By necessity, Appellants used reverse engineering to learn Blizzard's protocol language and to ensure that bnetd.org worked with Blizzard games. Combs used reverse engineering to develop the bnetd.org server, including a program called "tcpdump" to log communications between Blizzard games and the Battle.net server. Crittenden used reverse engineering to develop the bnetd.org server, including using a program called "Nextray." Crittenden also used a program called "ripper" to take Blizzard client files that were compiled together in one file and break them into their component parts. Crittenden used the ripper program to determine how Blizzard games displayed ad banners so that bnetd.org could display ad banners to users in the format that Blizzard uses on the Battle.net service. Combs tried to disassemble a Blizzard game to figure out how to implement a feature that allowed bnetd.org to protect the password that a user enters when creating an account in Battle.net mode. Crittenden made an unauthorized copy of a Blizzard game in order to test the interoperability of the bnetd.org server with multiple games.

      20

      Blizzard designed its games to connect only to Battle.net servers. To enable a Blizzard game to connect to a bnetd.org server instead of a Battle.net server, bnetd had to modify the computer file that contained the Internet address of the Battle.net servers. As part of the bnetd project, Combs participated in the development of a utility program called "BNS" to allow Blizzard games to connect to bnetd.org servers more easily. Through the BNS program, the game sends the bnetd.org server information about its CD Key. An individual can thus play one of the Blizzard games at issue over the Internet via bnetd.org rather than Battle.net. According to Blizzard, the EULAs and TOUs prohibit this activity.

      21

      Bnetd.org has important operational differences from Battle.net.[7] When bnetd.org receives the CD Key information, unlike Battle.net, it does not determine whether the CD Key is valid or currently in use by another player. The bnetd.org server computer code always sends the game an "okay" reply regardless of whether the CD Key is valid or currently in use by another player. The bnetd.org emulator always allows the Blizzard games to access Battle.net mode features even if the user does not have a valid or unique CD Key. Blizzard did not disclose the methods it used to generate CD Keys or to confirm the validity of CD Keys.

      22

      Combs, Crittenden, and Jung used Blizzard games to log into bnetd .org. Crittenden was aware that unauthorized versions of Blizzard games were played on bnetd.org. Jung knew that the bnetd.org emulator did not require that Blizzard games provide valid CD Keys. Combs suspected that the bnetd.org emulator would not know the difference between a real game and a pirated game. Combs and Crittenden either sent portions of the bnetd software to Jung to place on the www.bnetd.org website for download or put the [637] software on the website themselves. Combs made the bnetd software available on his website located at www.cs.nmsu.edu/~rcombs/sc/. Also distributed was the BNS utility program which allowed Blizzard games to connect to bnetd.org. The source code was made available as an "open source" application, meaning that others were free to copy the source code and distribute it with or without modifications. Because the bnetd.org source code was freely available, others developed additional Battle.net emulators based on the bnetd.org source code. Binary versions of the bnetd.org were distributed which made it more convenient for users to set up and access the emulator program. Internet Gateway has donated space on its computers for use by the bnetd project. Internet Gateway also hosted a bnetd.org server that anyone on the Internet could access and use to play Blizzard games in Battle.net mode.

      23
      B. Procedural Background
      24

      Blizzard and Vivendi brought suit in the United States District Court for the Eastern District of Missouri. The second amended complaint alleged copyright infringement in violation of 17 U.S.C. § 501; circumvention of copyright protection systems and trafficking in circumvention technology in violation of 17 U.S.C. § 1201(a); federal trademark infringement in violation of 15 U.S.C. § 1114(1); federal false designation of origin in violation of 15 U.S.C. § 1125(c); common law trademark infringement and unfair competition claims; and breach of the EULA and TOU. Appellants counterclaimed, requesting declaratory relief as to non-infringement under 17 U.S.C. § 501, non-circumvention of copyright under 17 U.S.C. § 1201(a), the unconstitutionality of 17 U.S.C. § 1201(a), and unenforceability of Blizzard's EULA and TOU.

      25

      The district court[8] entered a consent decree and permanent injunction which constituted the full and complete relief on the claims of copyright infringement, federal trademark infringement, federal false designation, and common-law trademark and infringement. The consent decree also provided complete relief on the counterclaim for declaratory judgment for non-infringement and unconstitutionality of 17 U.S.C. § 1201(a). The consent decree resolved all claims except for the claims of circumvention of copyright protection systems and trafficking in circumvention technology under 17 U.S.C. § 1201(a), breach of the EULA and TOU, and the counterclaims for declaratory relief for non-circumvention and unenforceability of the EULA and TOU.

      26

      Both sides motioned for summary judgment. The district court granted summary judgment in favor of Blizzard and Vivendi and determined that: (1) Blizzard's software end-user license and terms of usage agreements were enforceable contracts; (2) Appellants waived any "fair use" defense; (3) the agreements did not constitute misuse of copyright; and (4) Appellants violated the DMCA's anti-circumvention and anti-trafficking provisions of the DMCA. Appellants brought this appeal, disputing violations of the DMCA, and now argue that the state breach-of-contract claims were preempted by federal copyright law.

      27
      II. Discussion
      28

      We review the grant or denial of summary judgment de novo, applying the same standard as the district court and [638] may affirm on grounds supported by the record. Bechtold v. City of Rosemount, 104 F.3d 1062, 1068 (8th Cir.1997). Summary judgment is appropriate where the record shows that no genuine issue as to any material fact exists and that the moving party is entitled to judgment as a matter of law. Dorsey v. Pinnacle Automation Co., 278 F.3d 830, 834 (8th Cir. 2002). A plaintiff may not merely point to unsupported self-serving allegations, but must substantiate allegations with sufficient probative evidence that would permit a finding in the plaintiff's favor. Wilson v. Int'l Bus. Mach. Corp., 62 F.3d 237, 241 (8th Cir. 1995). "The mere existence of a scintilla of evidence in support of the plaintiff's position will be insufficient; there must be evidence on which the jury could reasonably find for the plaintiff." Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 252, 106 S.Ct. 2505, 91 L.Ed.2d 202 (1986). "Only disputes over facts that might affect the outcome of the suit under the governing law will properly preclude the entry of summary judgment." Id. at 248, 106 S.Ct. 2505.

      29
      A. Preemption
      30

      The Copyright Act provides the exclusive source of protection for "all legal and equitable rights that are equivalent to any of the exclusive rights within the general scope of copyright as specified by . . . [§] 106" of the Copyright Act. See 17 U.S.C. § 301(a). The Copyright Act preempts state laws that attempt to protect rights exclusively protected by federal law. See Nat'l Car Rental Sys., Inc. v. Computer Assocs. Intern., Inc., 991 F.2d 426, 428 (8th Cir.1993). Conversely, the Copyright Act does not preempt state law from enforcing non-equivalent legal or equitable rights. Id. A state cause of action is statutorily or expressly preempted if: (1) the work at issue is within the subject matter of copyright as defined in §§ 102 and 103 of the Copyright Act, and (2) the state-law-created right is equivalent to any of the exclusive rights within the general scope of copyright as specified in § 106. Id. at 428-29 (citing Harper & Row Pub., Inc. v. Nation Enter., 723 F.2d 195, 200 (2d Cir.1983)). Express preemption is no longer at issue in this case.[9]

      31

      This case concerns conflict preemption. Conflict preemption applies when there is no express preemption but (1) it is impossible to comply with both the state and federal law or when (2) the state law stands as an obstacle to the accomplishment and execution of the full purposes and objectives of Congress. Pacific Gas & Elec. Co. v. Energy Res. Conservation and Dev. Com'n, 461 U.S. 190, 204, 103 S.Ct. 1713, 75 L.Ed.2d 752 (1983); Jones v. Rath Packing Co., 430 U.S. 519, 525, 97 S.Ct. 1305, 51 L.Ed.2d 604 (1977). Appellants, relying upon Vault v. Quaid Software Ltd., 847 F.2d 255, 268-70 (5th Cir.1988), argue that the federal Copyright Act preempts Blizzard's state law breach-of-contract claims. We disagree.

      32

      In Vault, plaintiffs challenged the Louisiana Software License Enforcement Act, which permitted a software producer to impose contractual terms upon software purchasers provided that the terms were set forth in a license agreement comporting with the statute. Id. at 268. "Enforceable terms [under the Louisiana statute] include the prohibition of: (1) any [639] copying of the program for any purpose; and (2) modifying and/or adapting the program in any way, including adaptation by reverse engineering, decompilation or disassembly." Id. at 269 (citation omitted). The Louisiana statute defined reverse engineering, decompiling or disassembling as "any process by which computer software is converted from one form to another form which is more readily understandable to human beings, including without limitation any decoding or decrypting of any computer program which has been encoded or encrypted in any manner." Id. (citation omitted). The Fifth Circuit held that the Louisiana statute conflicted with the rights of computer program owners under the Copyright Act, specifically 17 U.S.C. § 117, which permits a computer program owner to make an adaptation of a program provided that the adaption is either created as an essential step in the utilization of the computer program in conjunction with a machine or is for archival purpose only. Id. at 270.

      33

      Unlike in Vault, the state law at issue here neither conflicts with the interoperability exception under 17 U.S.C. § 1201(f) nor restricts rights given under federal law. Appellants contractually accepted restrictions on their ability to reverse engineer by their agreement to the terms of the TOU and EULA. "[P]rivate parties are free to contractually forego the limited ability to reverse engineer a software product under the exemptions of the Copyright Act[,]" Bowers v. Baystate Techs, Inc., 320 F.3d 1317, 1325-26 (Fed.Cir.2003), and "a state can permit parties to contract away a fair use defense or to agree not to engage in uses of copyrighted material that are permitted by the copyright law if the contract is freely negotiated." Id. at 1337 (Dyk, J., dissenting). See also Nat'l Car Rental Sys., Inc., 991 F.2d at 434 (holding that the Copyright Act does not preempt a breach of contract action based on prohibited use of software contained in a license agreement). While Bowers and Nat'l Car Rental were express preemption cases rather than conflict preemption, their reasoning applies here with equal force. By signing the TOUs and EULAs, Appellants expressly relinquished their rights to reverse engineer. Summary judgment on this issue was properly granted in favor of Blizzard and Vivendi.

      34
      B. DMCA Claims and Interoperability Exception
      35

      Congress enacted the DMCA in 1998 to implement the World Intellectual Property Organization Copyright Treaty ("WIPO Treaty"). WIPO requires contracting nations to "provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors in connection with the exercise of their rights under this Treaty or the Berne Convention and that restrict acts, in respect of their works, which are not authorized by the authors concerned or permitted by law." WIPO Treaty, Apr. 12, 1997, art. 11, S. Treaty Doc. No. 105-17 (1997), available at 1997 WL 447232.[10] The DMCA contains [640] three provisions targeted at the circumvention of technological protections.

      36

      The first is § 1201(a)(1), the anti-circumvention provision. This provision prohibits a person from "circumvent[ing] a technological measure that effectively controls access to a work protected under [Title 17, governing copyright]." The Librarian of Congress is required to promulgate regulations every three years exempting from this subsection individuals who would otherwise be "adversely affected" in "their ability to make noninfringing uses." 17 U.S.C. § 1201(a)(1)(B)-(E). Section 1201(a)(1) differs from the second and third provisions in that it targets the use of a circumvention technology, not the trafficking in such a technology.

      37

      The second and third provisions are §§ 1201(a)(2) and 1201(b)(1), the "anti-trafficking provisions." These sections are similar, except that § 1201(a)(2) covers those who traffic in technology that can circumvent "a technological measure that effectively controls access to a work protected under" Title 17, whereas § 1201(b)(1) covers those who traffic in technology that can circumvent "protection afforded by a technological measure that effectively protects a right of a copyright owner under" Title 17. 17 U.S.C. §§ 1201(a)(2) & (b)(1). (Emphases added.) In other words, although both sections prohibit trafficking in a circumvention technology, the focus of § 1201(a)(2) is circumvention of technologies designed to prevent access to a work, and the focus of § 1201(b)(1) is circumvention of technologies designed to permit access to a work but prevent copying of the work or some other act that infringes a copyright. See S.Rep. No. 105-190, at 11-12 (1998).

      38

      The district court determined that Appellants's reverse engineering violated § 1201(a)(1) as well as § 1201(a)(2). We agree.

      39
      1. Anti-Circumvention Violation
      40

      Section 1201(a)(1) provides that "[n]o person shall circumvent a technological measure that effectively controls access to a work protected under this title." The term "circumvent a technological measure" "means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner." 17 U.S.C. § 1201(3)(A). "Effectively controls access to a work" means that the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work. 17 U.S.C. § 1201(3)(B).

      41

      Blizzard games, through Battle.net, employed a technological measure, a software "secret handshake" (CD key), to control access to its copyrighted games. The bnetd.org emulator developed by Appellants allowed the Blizzard game to access Battle.net mode features without a valid or unique CD key. As a result, unauthorized copies of the Blizzard games were played on bnetd.org servers. After Appellants distributed the bnetd program, others developed additional Battle.net emulators based on the bnetd source code. Appellants's distribution of binary versions of the bnetd program facilitated set up and access to the emulator program.

      42

      Relying on Lexmark Int'l, Inc. v. Static Control Components, Inc., 387 F.3d 522 (6th Cir. 2004), Appellants argue that Battle.net mode is a strictly functional process that lacks creative expression, and thus DMCA protections do not apply. Lexmark [641] Int'l, Inc., concerned two computer programs: the first was known as the "Toner Loading Program" and the second was known as the "Printer Engine Program." Id. at 528. DMCA anti-circumvention claims were brought after Lexmark's authentication sequence contained in its printer cartridges were allegedly circumvented. Id. at 528-29. The district court in that case held that Lexmark's authentication sequence effectively controlled access to the programs because it controlled the consumers' ability to make use of those programs. Id. at 546. The Sixth Circuit reversed, holding that it was not Lexmark's authentication sequence that controlled access to the programs, but the purchase of a Lexmark printer that allowed access to the program. Id. "No security device, in other words, protects access to the . . . program and no security device accordingly must be circumvented to obtain access to that program code." Id. at 547.

      43

      Here, Battle.net's control measure was not freely available. Appellants could not have obtained a copy of Battle.net or made use of the literal elements of Battle.net mode without acts of reverse engineering, which allowed for a circumvention of Battle.net and Battle.net mode. Unlike in Lexmark Int'l, Inc., Battle.net mode codes were not accessible by simply purchasing a Blizzard game or logging onto Battle.net., nor could data from the program be translated into readable source code after which copies were freely available without some type of circumvention. Appellants misread Lexmark Int'l, Inc. and we are unpersuaded that summary judgment on the anti-circumvention violations was improperly granted in favor of Blizzard and Vivendi.

      44
      2. Anti-trafficking Violations
      45

      Section 1201(a)(2) provides that:

      46

      No person shall manufacture, import, offer to the public, provide, or otherwise traffic in any technology, product, service, device, component, or part thereof, that . . . is primarily designed or produced for the purpose of circumventing a technological measure that effectively controls access to a work protected under this title; . . . has only limited commercially significant purpose or use other than to circumvent a technological measure that effectively controls access to a work protected under this title; or . . . is marketed by that person or another acting in concert with that person with that person's knowledge for use in circumventing a technological measure that effectively controls access to a work protected under this title.

      47

      17 U.S.C. § 1201(a)(2). The bnetd.org emulator had limited commercial purpose because its sole purpose was to avoid the limitations of Battle.net. There is no genuine issue of material fact that Appellants designed and developed the bnetd.org server and emulator for the purpose of circumventing Blizzard's technological measures controlling access to Battle.net and the Blizzard games. Summary judgment was properly granted in favor of Blizzard and Vivendi on the anti-trafficking violations.

      48
      3. Interoperability Exception
      49

      The DMCA contains several exceptions, including one for individuals using circumvention technology "for the sole purpose" of trying to achieve "interoperability" of computer programs through reverse engineering. See 17 U.S.C. § 1201(f). Subsection (f)(4) defines interoperability as "the ability of computer programs to exchange information, and such programs mutually to use the information which has been exchanged." 17 U.S.C. § 1201(f)(4). Appellants argue that the interoperability exception applies to any alleged infringement of Blizzard games and Battle.net. To successfully [642] prove the interoperability defense under § 1201(f), Appellants must show: (1) they lawfully obtained the right to use a copy of a computer program; (2) the information gathered as a result of the reverse engineering was not previously readily available to the person engaging in the circumvention; (3) the sole purpose of the reverse engineering was to identify and analyze those elements of the program that were necessary to achieve interoperability of an independently created computer program with other programs; and (4) the alleged circumvention did not constitute infringement. See 17 U.S.C. § 1201(f).

      50

      Appellants's circumvention in this case constitutes infringement. As detailed earlier, Blizzard's secret handshake between Blizzard games and Battle.net effectively controlled access to Battle.net mode within its games. The purpose of the bnetd.org project was to provide matchmaking services for users of Blizzard games who wanted to play in a multi-player environment without using Battle.net. The bnetd.org emulator enabled users of Blizzard games to access Battle.net mode features without a valid or unique CD key to enter Battle.net. The bnetd.org emulator did not determine whether the CD key was valid or currently in use by another player. As a result, unauthorized copies of the Blizzard games were freely played on bnetd.org servers. Appellants failed to establish a genuine issue of material fact as to the applicability of the interoperability exception. The district court properly granted summary judgment in favor of Blizzard and Vivendi on the interoperability exception.

      51

      Summary judgment in favor of Blizzard and Vivendi is affirmed.

      52

      [1] In addition to multi-player play over the Internet via Battle.net mode, the various games have the capacity for and permit non-Internet multi-player gaming for a limited number of players who connect to each other via a local area computer network ("LAN"), such as a home network, via modems connected to telephone lines, or by directly connecting two computers together with cables. The features and functions of Battle.net mode, however, cannot be accessed when players are connected through those means.

      53

      [2] The user of the game must input the CD Key into his or her computer when installing the game, and it is subsequently stored on the computer for use in logging on to Battle.net. This is part of an effort to prohibit use of unauthorized or pirated copies of Blizzard games with Battle.net.

      54

      [3] First, the game and the Battle.net server exchange random numbers (one provided by the game and one provided by the server). The game then takes the random numbers, as well as information from the CD Key, and calculates an encrypted alphanumeric sequence that is sent to the Battle.net server. The game performs this encryption to prevent individuals from stealing the game's CD Key when it is transmitted over the Internet. The Battle.net server receives the alphanumeric sequence sent by the game, along with other information sent by the game, and uses this data to determine whether the CD Key information sent by the game is valid. If the CD Key information is valid, the Battle.net server will determine whether the same CD Key is already being used by another game that is currently logged on to that Battle.net server gateway, which includes the eastern and western United States, Europe, and Asia. If the CD Key is both valid and not currently being used by other players on the same Battle.net gateway, the Battle.net server sends a signal to the game that allows the game to enter the Battle.net mode and use the Battle.net gaming services. The Blizzard game waits for this signal before entering Battle.net mode. Battle.net uses an encryption algorithm for this process based on a common encryption algorithm. The standard version of this algorithm was released by the United States government.

      55

      [4] The EULA contains the following language:

      56

      YOU SHOULD CAREFULLY READ THE FOLLOWING END USER LICENSE AGREEMENT BEFORE INSTALLING THIS SOFTWARE PROGRAM. BY INSTALLING, COPYING, OR OTHER WISE USING THE SOFTWARE PROGRAM YOU AGREE TO BE BOUND BY THE TERMS OF THIS AGREEMENT. IF YOU DO NOT AGREE TO THE TERMS OF THIS AGREEMENT, PROMPTLY RETURN THE UNUSED SOFTWARE PROGRAM TO THE PLACE OF PURCHASE OR CONTACT BLIZZARD ENTERTAINMENT CUSTOMER SERVICE . . . FOR A FULL REFUND OF THE PURCHASE PRICE WITHIN THIRTY DAYS OF THE ORIGINAL PURCHASE.

      This software program (the "Program"), any printed materials, any on-line or electronic documentation, and any and all copies and derivative works of such software program and materials are the copyrighted work of Blizzard Entertainment.

      . . . . .

      Subject to that Grant of Licence hereinabove, you may not, in whole or in part, copy, photocopy, reproduce, translate, reverse engineer, derive source code, modify, disassemble, decompile, create derivative works based on the Program, or remove any proprietary notices or labels on the Program without the prior consent, in writing, of Blizzard.

      57

      (Emphasis added.)

      58

      [5] First-time users of Battle.net are shown the terms of the TOU after a user has installed a Blizzard game and logs onto Battle.net for the first time to play with a purchased Blizzard game product. The TOU states:

      59

      Battle.net(R) ("Battle.net") is the copyrighted work of Blizzard Entertainment(R) ("Blizzard") or its suppliers. All use of Battle.net is governed by the terms of use provided below ("Battle.net Terms of Use"). Battle.net is provided "as is" solely for use by end users of Blizzard software products according to the terms of conditions contained herein. Any use of Battle.net not in accordance with the terms of the Battle.net Terms of Use is expressly prohibited.

      . . . . .

      Blizzard hereby grants, and by using Battle.net you thereby accept, a limited, personal, non-exclusive license and right to use Battle.net using either a home, work, or portable computer.

      . . . . .

      You are entitled to use Battle.net for your own personal use, but you shall not be entitled to[:]

      (i) sell or grant a security interest in or transfer reproductions of Battle.net to other parties in any way, nor to rent, lease, or license Battle.net to others without the prior written consent of Blizzard;

      (ii) copy, photocopy, reproduce, translate, reverse engineer, modify, disassemble, or de-compile [sic] in whole or in part any Battle.net software;

      (iii) create derivative works based on Battle.net;

      (iv) host or provide matchmaking services for any Blizzard software programs or emulate or redirect the communication protocols used by Blizzard as part of Battle.net, through protocol emulation, runneling, modifying, or adding components to the Program, use of a utility program, or any other technique now known or hereafter developed for any purpose, including, but not limited to, network play over the Internet, network play utilizing commercial or non-commercial gaming networks, or as part of content aggregation networks without the prior written consent of Blizzard or exploit Battle.net or any of its parts for any commercial purpose, including but not limited to, use at a location such as a cyber café, arcade, or other location where users are charged a fee, whether hourly or otherwise to use Battle.net;

      (v) use any third-party software to modify Battle.net to change game play, including, but not limited to cheats and/or hacks;

      (vi) use Blizzard's intellectual property rights contained in Battle.net to create or provide any other means through which Blizzard entertainment software products, including, but not limited to, StarCraft, StarCraft: Brood War, Diablo, Diablo II, Warcraft: Orcs & Humans, Warcraft II: Tides of Darkness, Warcraft II: Beyond the Dark Portal, Warcraft II: Battle.net Edition, and Warcraft II may be played by others, including, but not limited to, server emulators.

      60

      (Emphasis added.)

      61

      [6] Blizzard has also received complaints about user profanity and users who win games by modifying Blizzard's software ("client hacks"). In response, Blizzard has added additional server capacity, banned cheaters, and provided for private channels and games.

      62

      [7] The bnetd.org server program is highly configurable, which means that much of the operation of the server is under the control of the administrator running the server. The bnetd.org server allows users to become server administrators and not just players on another server, giving them the ability to allow or deny access to various features of bnetd.org or to modify the computer code of the bnetd.org server. This allows the administrator of bnetd.org to create a gaming environment with different options from those presented to Battle.net users. In contrast, Battle.net is operated solely by Blizzard.

      63

      [8] The Honorable Charles A. Shaw, United States District Judge for the Eastern District of Missouri.

      64

      [9] In their briefs, Appellants argued that the TOU and EULA were statutorily preempted by the Copyright Act and/or impermissibly conflicted with the fair use defense contained in the Copyright Act. However, at oral argument, Appellants conceded that the only remaining issue was whether the breach of contract claims conflicted with the interoperability exception contained in the DMCA.

      65

      [10] Even before the treaty, Congress considered the problems posed by copyright infringement in the digital age. Hearings on the topic have spanned several years. See, e.g., WIPO Copyright Treaties Implementation Act and Online Copyright Liability Limitation Act: Hearing on H.R. 2281 and H.R. 2280 Before the Subcomm. on Courts and Intellectual Property of the House Comm. on the Judiciary, 105th Cong. (1997); NII Copyright Protection Act of 1995: Hearings on H.R. 2441 Before the Subcomm. on Courts and Intellectual Property of the House Comm. on the Judiciary, 104th Cong. (1996); NII Copyright Protection Act of 1995: Joint Hearing on H.R. 2441 and S. 1284 Before the Subcomm. on Courts and Intellectual Property of the House Comm. on the Judiciary and the Senate Comm. on the Judiciary, 104th Cong. (1995); H.R.Rep. No. 105-551 (1998); S.Rep. No. 105-190 (1998). This legislative effort resulted in the DMCA.

  • 4 Safe Harbor

    • 4.1 "10 Years Later, Misunderstood DMCA is the Law That Saved the Web," David Kravets, Wired (2008)

    • 4.2 Viacom Intern., Inc. v. YouTube, Inc. [DMCA Sections]

      1

      102 U.S.P.Q.2d 1283
      2012 Copr.L.Dec. P 30,231
      676 F.3d 19

      VIACOM INTERNATIONAL, INC., Comedy Partners, Country Music Television, Inc., Paramount Pictures Corporation, Black Entertainment Television, LLC, Plaintiffs–Appellants,
      v.
      YOUTUBE, INC., YouTube, LLC, Google, Inc., Defendants–Appellees.The Football Association Premier League Limited, on behalf of themselves and all others similarly situated, Bourne Co., Cal IV Entertainment, LLC, Cherry Lane Music Publishing Company, Inc., X–Ray Dog Music, Inc., Fédération Française De Tennis, Murbo Music Publishing, Inc., Stage Three Music (US), Inc., Plaintiffs–Appellants,Robert Tur, d/b/a Los Angeles News Service, The Scottish Premier League Limited, The Music Force Media Group LLC, The Music Force, LLC, Sin–Drome Records, Ltd., on behalf of themselves and all others similarly situated, National Music Publishers' Association, The Rodgers & Hammerstein Organization, Edward B. Marks Music Company, Freddy Bienstock Music Company, d/b/a Bienstock Publishing Company, Alley Music Corporation, Plaintiffs,
      v.
      YouTube, Inc., YouTube, LLC, Google, Inc., Defendants–Appellees.

      Docket Nos. 10–3270–cv

      10–3342–cv.

      United States Court of Appeals, Second Circuit.

      Argued: Oct. 18, 2011. Decided: April 5, 2012.

      2

      [676 F.3d 22] Paul M. Smith, Jenner & Block LLP, Washington, DC (William M. Hohengarten, Scott B. Wilkens, Matthew S. Hellman, and Susan J. Kohlmann, Jenner & Block LLP, New York, NY, and Washington, DC; Theodore B. Olson and Matthew D. McGill, Gibson, Dunn & Crutcher LLP, Washington, DC; Stuart J. Baskin, Shearman & Sterling LLP, New York, NY, on the brief), for Plaintiffs–Appellants Viacom International, Inc., et al.

      3

      Charles S. Sims, Proskauer Rose LLP, New York, N.Y. (William M. Hart, Noah Siskind Gitterman, and Elizabeth A. Figueira, Proskauer Rose LLP, New York, NY, on the brief), for Plaintiffs–Appellants Football Association Premier League Ltd., et al.; Max W. Berger and John C. Browne, Bernstein Litowitz Berger & Grossmann LLP, New York, NY, on the brief, for Plaintiffs–Appellants Football Association Premier League Ltd., Bourne Co., Murbo Music Publishing, Inc., Cherry Lane Music Publishing Co., Inc., X–Ray Dog Music, Inc., and Fédération Française de Tennis; Louis M. Solomon and Hal S. Shaftel, Cadwalader, Wickersham & Taft, LLP, New York, NY, on the brief, for Plaintiff–Appellant Football Association Premier League Ltd.; Jacqueline C. Charlesworth and Cindy P. Abramson, Morrison & Foerster, New York, NY, and David S. Stellings and Annika K. Martin, Lieff Cabraser Heimann & Bernstein, LLP, New York, NY, on the brief, for Plaintiff–Appellant Stage Three Music (US), Inc., and Plaintiffs–Appellants National Music Publishers' Association, Rodgers & Hammerstein Organization, Edward B. Marks Music Co., Freddy Bienstock Music Co. d/b/a Bienstock Publishing Co., [676 F.3d 23] and Alley Music Corporation; Daniel Girard and Christina Connolly Sharp, Girard Gibbs LLP, San Francisco, CA, David Garrison, Barrett Johnston & Parsley, Nashville, TN, and Kevin Doherty, Burr & Forman LLP, Nashville, TN, on the brief, for Plaintiff–Appellant Cal IV Entertainment LLC; Christopher Lovell and Christopher M. McGrath, Lovell Stewart Halebian LLP, New York, NY, Jeffrey L. Graubart, Pasadena, CA, and Steve D'Onofrio, Washington, DC, for Plaintiffs The Music Force Media Group LLC, The Music Force, LLC, and Sin–Drome Records, Ltd.

      4

      Andrew H. Schapiro, Mayer Brown LLP, New York, N.Y. (A. John P. Mancini and Brian M. Willen, Mayer Brown LLP, New York, NY; David H. Kramer, Michael H. Rubin, and Bart E. Volkmer, Wilson Sonsini Goodrich & Rosati, Palo Alto, CA, on the brief), for Defendants–Appellees.Clifford M. Sloan (Christopher G. Clark and Mary E. Rasenberger, on the brief), Skadden, Arps, Slate, Meagher & Flom LLP, New York, NY, and Washington, DC, for amici curiae Advance Publications, Inc., Association of American Publishers, Association of American University Presses, The Associated Press, The Center for the Rule of Law, Gannett Co., Inc., ICBC Broadcast Holdings, Inc., Institute for Policy Innovation, The Ladies Professional Golf Association, The McClatchy Co., The Media Institute, Minority Media & Telecommunications Council, Inc., National Association of Black Owned Broadcasters, The National Football League, Newspaper Association of America, Picture Archive Council of America, Professional Photographers of America, Radio Television Digital News Association, Rosetta Stone Ltd., The E.W. Scripps Co., Sports Rights Owners Coalition, The Washington Post, and Zuffa LLC, in support of Plaintiffs–Appellants.Peter D. DeChiara, Cohen, Weiss & Simon LLP, New York, NY, for amici curiae American Federation of Musicians, American Federation of Television & Radio Artists, Directors Guild of America, Inc., International Alliance of Theatrical Stage Employees, Screen Actors Guild, Inc., and Studio Transportation Drivers, Local 399, International Brotherhood of Teamsters, in support of Plaintiffs–Appellants.Russell J. Frackman, Mitchell Silberberg & Knupp LLP, Los Angeles, CA, for amici curiae Broadcast Music, Inc., American Society of Composers, Authors and Publishers, SESAC, Inc., The Society of Composers and Lyricists, The Association of Independent Music Publishers, Songwriters Guild of America, The Recording Academy, The Nashville Songwriters Association International, American Association of Independent Music, Music Publishers' Association of the United States, Lisa Thomas Music Services, LLC, Garth Brooks, Bruce Hornsby, Boz Scaggs, Sting, Roger Waters, Glenn Frey, Don Henley, Timothy B. Schmit, and Joe Walsh (The Eagles), in support of Plaintiffs–Appellants.Carey R. Ramos (Lynn B. Bayard and Darren W. Johnson, on the brief), Paul, Weiss, Rifkind, Wharton & Garrison LLP, New York, NY, for amici curiae Stuart N. Brotman, Ronald A. Cass, and Raymond T. Nimmer, in support of Plaintiffs–Appellants.Jonathan L. Marcus (Martin F. Hansen, Matthew Berns, Brian D. Ginsberg & Evan R. Cox, on the brief), Covington & Burling LLP, New York, NY, San Francisco, CA, and Washington, DC, for amicus curiae Business Software Alliance, in support of Plaintiffs–Appellants.Robert Penchina, Levine Sullivan Koch & Schulz, L.L.P., New York, NY, for amicus [676 F.3d 24] curiae CBS Corp., in support of Plaintiffs–Appellants.Bruce A. Lehman (Jason D. Koch and Cameron Coffey, on the brief), Washington, DC, for amicus curiae International Intellectual Property Institute, in support of Plaintiffs–Appellants.Bruce E. Boyden, Marquette University Law School, Milwaukee, WI, for amici curiae Intellectual Property Law Professors, in support of Plaintiffs–Appellants.Gregory G. Garre, Latham & Watkins LLP, Washington, DC (Lori Alvino McGill, Latham & Watkins LLP, Washington, DC, Thomas W. Burt, Microsoft Corp., Redmond, WA, and Jacob Schatz, Electronic Arts Inc., Redwood City, CA, on the brief), for amicus curiae Microsoft Corp. & Electronic Arts Inc., in support of Plaintiffs–Appellants.Kelly M. Klaus, Munger, Tolles & Olson LLP, Los Angeles, CA (Susan Cleary, Independent Film & Television Alliance, on the brief) for amicus curiae Motion Picture Association of America, Independent Film & Television Alliance, in support of Plaintiffs–Appellants.Richard B. Kendall (Laura W. Brill and Joshua Y. Karp, on the brief), Kendall Brill & Klieger LLP, Los Angeles, CA, for amici curiae Matthew L. Spitzer, John R. Allison, Robert G. Bone, Hugh C. Hansen, Michael S. Knoll, Reinier H. Kraakman, Alan Schwartz, and Robert E. Scott, in support of Plaintiffs–Appellants.Andrew M. Riddles, Crowell & Moring LLP, New York, N.Y. (Michael J. Songer, Crowell & Moring LLP, Washington, DC, and Daniel J. Popeo and Cory L. Andrews, Washington Legal Foundation, Washington, DC, on the brief), for amicus curiae Washington Legal Foundation, in support of Plaintiffs–Appellants.Ron Lazebnik, Lincoln Square Legal Services, Inc., New York, NY, for amici curiae Anaheim Ballet, Michael Moore, Khan Academy Inc., Adam Bahner, Michael Bassik, Dane Boedigheimer, Matthew Brown, Michael Buckley, Shay Butler, Charles Como, Iman Crosson, Philip De Vellis, Rawn Erickson, Hank Green, John Green, Kassem Gharaibeh, William Louis Hyde, Kevin Nalty, Allison Speed, Charles Todd, Charles Trippy, and Barnett Zitron, in support of Defendants–Appellees.Seth D. Greenstein, Constantine Cannon LLP, Washington, DC, for amicus curiae Professor Michael Carrier, in support of Defendants–Appellees.Jonathan Band, Washington, DC (Markham C. Erickson, Holch & Erickson LLP, Washington, DC, and Matthew Schruers, Computer & Communications Industry Association, Washington, DC, on the brief), for amici curiae Computer & Communications Industry Association, and Netcoalition, in support of Defendants–Appellees.Michael Barclay, Menlo Park, CA; Deborah R. Gerhardt, UNC School of Law, Chapel Hill, NC, for amicus curiae Consumer Electronics Association, in support of Defendants–Appellees.Andrew P. Bridges, Winston & Strawn LLP, San Francisco, CA, for amici curiae eBay Inc., Facebook, Inc., IAC/Interactivecorp., and Yahoo! Inc., in support of Defendants–Appellees.Corynne M. McSherry (Abigail Phillips, on the brief), Electronic Frontier Foundation, San Francisco, CA, for amici curiae Electronic Frontier Foundation, Center for Democracy & Technology, International Federation of Library Associations & Institutions, American Library Association, Association of College & Research Libraries, and Association of Research Libraries, in support of Defendants–Appellees.

      5

      [676 F.3d 25] David T. Goldberg (Sean H. Donahue, on the brief), Donahue & Goldberg, LLP, New York, NY, and Washington, DC, for amici curiae Human Rights Watch, Freedom House, Reporters Without Borders, and Access, in support of Defendants–Appellees.Rebecca S. Engrav, Perkins Coie LLP, Seattle, WA, for amici curiae Intellectual Property and Internet Law Professors, in support of Defendants–Appellees.Gregory P. Gulia (Vanessa C. Hew and R. Terry Parker, on the brief), Duane Morris LLP, New York, NY, for amicus curiae MP3Tunes, Inc., in support of Defendants–Appellees.Jennifer M. Urban, Samuelson Law, Technology & Public Policy Clinic, University of California, Berkeley School of Law, Berkeley, CA, for amici curiae National Alliance for Media Art and Culture and The Alliance for Community Media, in support of Defendants–Appellees.Anthony P. Schoenberg (Stephanie P. Skaff, Deepak Gupta, and David K. Ismay, on the brief), Farella Braun & Martel LLP, San Francisco, CA, for amici curiae National Consumers League, Consumers Union of United States, Inc., Consumer Action, and United States Student Association, in support of Defendants–Appellees.Joseph C. Gratz (Michael H. Page and Ragesh K. Tangri, on the brief), Durie Tangri LLP, San Francisco, CA, for amici curiae National Venture Capital Association, in support of Defendants–Appellees.Benjamin J. Kallos, New York, N.Y. (Sherwin Siy and Michael Weinberg, Public Knowledge, Washington, DC, on the brief), for amicus curiae Public Knowledge, in support of Defendants–Appellees.Patrick J. Coyne, Finnegan Henderson Farabow Garrett & Dunner, LLP, Washington, DC (David W. Hill, American Intellectual Property Law Association, Arlington, VA, on the brief), for amicus curiae American Intellectual Property Law Association, in support of neither party.Jeremy H. Stern, Stern Digital Strategies, Manhattan Beach, CA (Partha P. Chattoraj, Markowitz & Chattoraj LLP, New York, NY, on the brief), for amicus curiae Audible Magic Corp., in support of neither party.Stephen M. Wurzburg, Pillsbury Winthrop Shaw Pittman LLP, Palo Alto, CA, for amicus curiae Vobile, Inc., in support of neither party.

      6

      Before: CABRANES and LIVINGSTON, Circuit Judges.[*]

      7

      JOSÉ A. CABRANES, Circuit Judge:

      8

      This appeal requires us to clarify the contours of the “safe harbor” provision of the Digital Millennium Copyright Act (DMCA) that limits the liability of online service providers for copyright infringement that occurs “by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider.” 17 U.S.C. § 512(c).[1]

      9

      The plaintiffs-appellants in these related actions—Viacom International, Inc. (“Viacom”), The Football Association Premier League Ltd. (“Premier League”), and various film studios, television networks, music publishers, and sports leagues (jointly, [676 F.3d 26] the “plaintiffs”)[2] —appeal from an August 10, 2010 judgment of the United States District Court for the Southern District of New York (Louis L. Stanton, Judge), which granted summary judgment to defendants-appellees YouTube, Inc., YouTube, LLC, and Google Inc. (jointly, “YouTube” or the “defendants”). The plaintiffs alleged direct and secondary copyright infringement based on the public performance, display, and reproduction of approximately 79,000 audiovisual “clips” that appeared on the YouTube website between 2005 and 2008. They demanded, inter alia, statutory damages pursuant to 17 U.S.C. § 504(c) or, in the alternative, actual damages from the alleged infringement, as well as declaratory and injunctive relief.[3]

      10

      In a June 23, 2010 Opinion and Order (the “June 23 Opinion”), the District Court held that the defendants were entitled to DMCA safe harbor protection primarily because they had insufficient notice of the particular infringements in suit. Viacom Int'l, Inc. v. YouTube, Inc., 718 F.Supp.2d 514, 529 (S.D.N.Y.2010). In construing the statutory safe harbor, the District Court concluded that the “actual knowledge” or “aware[ness] of facts or circumstances” that would disqualify an online service provider from safe harbor protection under § 512(c)(1)(A) refer to “knowledge of specific and identifiable infringements.” Id. at 523. The District Court further held that item-specific knowledge of infringing activity is required for a service provider to have the “right and ability to control” infringing activity under § 512(c)(1)(B). Id. at 527. Finally, the District Court held that the replication, transmittal, and display of videos on YouTube constituted activity “by reason of the storage at the direction of a user” within the meaning of § 512(c)(1). Id. at 526–27.

      11

      These related cases present a series of significant questions of statutory construction. We conclude that the District Court correctly held that the § 512(c) safe harbor requires knowledge or awareness of specific infringing activity, but we vacate the order granting summary judgment because a reasonable jury could find that YouTube had actual knowledge or awareness of specific infringing activity on its website. We further hold that the District Court erred by interpreting the “right and ability to control” provision to require “item-specific” knowledge. Finally, we affirm the District Court's holding that three of the challenged YouTube software functions fall within the safe harbor for infringement that occurs “by reason of” user storage; we remand for further fact-finding with respect to a fourth software function.

      12
      BACKGROUND
      13
      A. The DMCA Safe Harbors
      14

      “The DMCA was enacted in 1998 to implement the World Intellectual Property Organization Copyright Treaty,” Universal City Studios, Inc. v. Corley, 273 F.3d 429, 440 (2d Cir.2001), and to update domestic copyright law for the digital age, [676 F.3d 27] see Ellison v. Robertson, 357 F.3d 1072, 1076 (9th Cir.2004). Title II of the DMCA, separately titled the “Online Copyright Infringement Liability Limitation Act” (OCILLA), was designed to “clarif[y] the liability faced by service providers who transmit potentially infringing material over their networks.” S.Rep. No. 105–190 at 2 (1998). But “[r]ather than embarking upon a wholesale clarification” of various copyright doctrines, Congress elected “to leave current law in its evolving state and, instead, to create a series of ‘safe harbors[ ]’ for certain common activities of service providers.” Id. at 19. To that end, OCILLA established a series of four “safe harbors” that allow qualifying service providers to limit their liability for claims of copyright infringement based on (a) “transitory digital network communications,” (b) “system caching,” (c) “information residing on systems or networks at [the] direction of users,” and (d) “information location tools.” 17 U.S.C. § 512(a)-(d).

      15

      To qualify for protection under any of the safe harbors, a party must meet a set of threshold criteria. First, the party must in fact be a “service provider,” defined, in pertinent part, as “a provider of online services or network access, or the operator of facilities therefor.” 17 U.S.C. § 512(k)(1)(B). A party that qualifies as a service provider must also satisfy certain “conditions of eligibility,” including the adoption and reasonable implementation of a “repeat infringer” policy that “provides for the termination in appropriate circumstances of subscribers and account holders of the service provider's system or network.” Id. § 512(i)(1)(A). In addition, a qualifying service provider must accommodate “standard technical measures” that are “used by copyright owners to identify or protect copyrighted works.” Id. § 512(i)(1)(B), (i)(2).

      16

      Beyond the threshold criteria, a service provider must satisfy the requirements of a particular safe harbor. In this case, the safe harbor at issue is § 512(c), which covers infringement claims that arise “by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider.” Id. § 512(c)(1). The § 512(c) safe harbor will apply only if the service provider:

      17

      (A) (i) does not have actual knowledge that the material or an activity using the material on the system or network is infringing;

      (ii) in the absence of such actual knowledge, is not aware of facts or circumstances from which infringing activity is apparent; or

      (iii) upon obtaining such knowledge or awareness, acts expeditiously to remove, or disable access to, the material;

      (B) does not receive a financial benefit directly attributable to the infringing activity, in a case in which the service provider has the right and ability to control such activity; and

      (C) upon notification of claimed infringement as described in paragraph (3), responds expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of infringing activity.

      18

      Id. § 512(c)(1)(A)-(C). Section 512(c) also sets forth a detailed notification scheme that requires service providers to “designate[ ] an agent to receive notifications of claimed infringement,” id. § 512(c)(2), and specifies the components of a proper notification, commonly known as a “takedown notice,” to that agent, see id. § 512(c)(3). Thus, actual knowledge of infringing material, awareness of facts or circumstances that make infringing activity apparent, or [676 F.3d 28] receipt of a takedown notice will each trigger an obligation to expeditiously remove the infringing material.

      19

      With the statutory context in mind, we now turn to the facts of this case.

      20
      B. Factual Background
      21

      YouTube was founded in February 2005 by Chad Hurley (“Hurley”), Steve Chen (“Chen”), and Jawed Karim (“Karim”), three former employees of the internet company Paypal. When YouTube announced the “official launch” of the website in December 2005, a press release described YouTube as a “consumer media company” that “allows people to watch, upload, and share personal video clips at www. You Tube. com.” Under the slogan “Broadcast yourself,” YouTube achieved rapid prominence and profitability, eclipsing competitors such as Google Video and Yahoo Video by wide margins. In November 2006, Google acquired YouTube in a stock-for-stock transaction valued at $1.65 billion. By March 2010, at the time of summary judgment briefing in this litigation, site traffic on YouTube had soared to more than 1 billion daily video views, with more than 24 hours of new video uploaded to the site every minute.

      22

      The basic function of the YouTube website permits users to “upload” and view video clips free of charge. Before uploading a video to YouTube, a user must register and create an account with the website. The registration process requires the user to accept YouTube's Terms of Use agreement, which provides, inter alia, that the user “will not submit material that is copyrighted ... unless [he is] the owner of such rights or ha[s] permission from their rightful owner to post the material and to grant YouTube all of the license rights granted herein.” When the registration process is complete, the user can sign in to his account, select a video to upload from the user's personal computer, mobile phone, or other device, and instruct the YouTube system to upload the video by clicking on a virtual upload “button.”

      23

      Uploading a video to the YouTube website triggers a series of automated software functions. During the upload process, YouTube makes one or more exact copies of the video in its original file format. YouTube also makes one or more additional copies of the video in “Flash” format,[4] a process known as “transcoding.” The transcoding process ensures that YouTube videos are available for viewing by most users at their request. The YouTube system allows users to gain access to video content by “streaming” the video to the user's computer in response to a playback request. YouTube uses a computer algorithm to identify clips that are “related” to a video the user watches and display links to the “related” clips.

      24
      C. Procedural History
      25

      Plaintiff Viacom, an American media conglomerate, and various Viacom affiliates filed suit against YouTube on March 13, 2007, alleging direct and secondary copyright infringement[5] based on the public performance, display, and reproduction of their audiovisual works on the YouTube website. Plaintiff Premier League, an English soccer league, and Plaintiff Bourne Co. filed a putative class action against [676 F.3d 29] YouTube on May 4, 2007, alleging direct and secondary copyright infringement on behalf of all copyright owners whose material was copied, stored, displayed, or performed on YouTube without authorization. Specifically at issue were some 63,497 video clips identified by Viacom, as well as 13,500 additional clips (jointly, the “clips-in-suit”) identified by the putative class plaintiffs.

      26

      The plaintiffs in both actions principally demanded statutory damages pursuant to 17 U.S.C. § 504(c) or, in the alternative, actual damages plus the defendants' profits from the alleged infringement, as well as declaratory and injunctive relief.[6] Judge Stanton, to whom the Viacom action was assigned, accepted the Premier League class action as related. At the close of discovery, the parties in both actions cross-moved for partial summary judgment with respect to the applicability of the DMCA safe harbor defense.[7]

      27

      In the dual-captioned June 23 Opinion, the District Court denied the plaintiffs' motions and granted summary judgment to the defendants, finding that YouTube qualified for DMCA safe harbor protection with respect to all claims of direct and secondary copyright infringement. Viacom Int'l, 718 F.Supp.2d at 529. The District Court prefaced its analysis of the DMCA safe harbor by holding that, based on the plaintiffs' summary judgment submissions, “a jury could find that the defendants not only were generally aware of, but welcomed, copyright-infringing material being placed on their website.” Id. at 518. However, the District Court also noted that the defendants had properly designated an agent pursuant to § 512(c)(2), and “when they received specific notice that a particular item infringed a copyright, they swiftly removed it.” Id. at 519. Accordingly, the District Court identified the crux of the inquiry with respect to YouTube's copyright liability as follows:

      28

      [T]he critical question is whether the statutory phrases “actual knowledge that the material or an activity using the material on the system or network is infringing,” and “facts or circumstances from which infringing activity is apparent” in § 512(c)(1)(A)(i) and (ii) mean a general awareness that there are infringements (here, claimed to be widespread and common), or rather mean actual or constructive knowledge of specific and identifiable infringements of individual items.

      29

      Id. After quoting at length from the legislative history of the DMCA, the District Court held that “the phrases ‘actual knowledge that the material or an activity’ is infringing, and ‘facts or circumstances' indicating infringing activity, describe knowledge of specific and identifiable infringements of particular individual items.” Id. at 523. “Mere knowledge of [the] prevalence of such activity in general,” the District Court concluded, “is not enough.” Id.

      30

      In a final section labeled “Other Points,” the District Court rejected two additional claims. First, it rejected the plaintiffs' argument that the replication, transmittal and display of YouTube videos are functions that fall outside the protection § 512(c)(1) affords for “infringement of copyright by reason of ... storage at the direction of the user.” Id. at 526–27. Second, it rejected the plaintiffs' argument [676 F.3d 30] that YouTube was ineligible for safe harbor protection under the control provision, holding that the “right and ability to control” infringing activity under § 512(c)(1)(B) requires “item-specific” knowledge thereof, because “the provider must know of the particular case before he can control it.” Id. at 527.

      31

      Following the June 23 Opinion, final judgment in favor of YouTube was entered on August 10, 2010. These appeals followed.

      32
      DISCUSSION
      33

      We review an order granting summary judgment de novo, drawing all factual inferences in favor of the non-moving party. See, e.g., Paneccasio v. Unisource Worldwide, Inc., 532 F.3d 101, 107 (2d Cir.2008). “Summary judgment is proper only when, construing the evidence in the light most favorable to the non-movant, ‘there is no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law.’ ” Doninger v. Niehoff, 642 F.3d 334, 344 (2d Cir.2011) (quoting Fed.R.Civ.P. 56(a)).

      34
      A. Actual and “Red Flag” Knowledge: § 512(c)(1)(A)
      35

       The first and most important question on appeal is whether the DMCA safe harbor at issue requires “actual knowledge” or “aware[ness]” of facts or circumstances indicating “specific and identifiable infringements,” Viacom, 718 F.Supp.2d at 523. We consider first the scope of the statutory provision and then its application to the record in this case.

      36
      1. The Specificity Requirement
      37

      “As in all statutory construction cases, we begin with the language of the statute,” Barnhart v. Sigmon Coal Co., 534 U.S. 438, 450, 122 S.Ct. 941, 151 L.Ed.2d 908 (2002). Under § 512(c)(1)(A), safe harbor protection is available only if the service provider:

      38

      (i) does not have actual knowledge that the material or an activity using the material on the system or network is infringing;

      (ii) in the absence of such actual knowledge, is not aware of facts or circumstances from which infringing activity is apparent; or

      (iii) upon obtaining such knowledge or awareness, acts expeditiously to remove, or disable access to, the material....

      39

      17 U.S.C. § 512(c)(1)(A). As previously noted, the District Court held that the statutory phrases “actual knowledge that the material ... is infringing” and “facts or circumstances from which infringing activity is apparent” refer to “knowledge of specific and identifiable infringements.” Viacom, 718 F.Supp.2d at 523. For the reasons that follow, we substantially affirm that holding.

      40

      Although the parties marshal a battery of other arguments on appeal, it is the text of the statute that compels our conclusion. In particular, we are persuaded that the basic operation of § 512(c) requires knowledge or awareness of specific infringing activity. Under § 512(c)(1)(A), knowledge or awareness alone does not disqualify the service provider; rather, the provider that gains knowledge or awareness of infringing activity retains safe-harbor protection if it “acts expeditiously to remove, or disable access to, the material.” 17 U.S.C. § 512(c)(1)(A)(iii). Thus, the nature of the removal obligation itself contemplates knowledge or awareness of specific infringing material, because expeditious removal is possible only if the service provider knows with particularity which items to remove. Indeed, to require expeditious removal in the absence of specific knowledge [676 F.3d 31] or awareness would be to mandate an amorphous obligation to “take commercially reasonable steps” in response to a generalized awareness of infringement. Viacom Br. 33. Such a view cannot be reconciled with the language of the statute, which requires “expeditious[ ]” action to remove or disable “ the material ” at issue. 17 U.S.C. § 512(c)(1)(A)(iii) (emphasis added).

      41

      On appeal, the plaintiffs dispute this conclusion by drawing our attention to § 512(c)(1)(A)(ii), the so-called “red flag” knowledge provision. See id. § 512(c)(1)(A)(ii) (limiting liability where, “in the absence of such actual knowledge, [the service provider] is not aware of facts or circumstances from which infringing activity is apparent”). In their view, the use of the phrase “facts or circumstances” demonstrates that Congress did not intend to limit the red flag provision to a particular type of knowledge. The plaintiffs contend that requiring awareness of specific infringements in order to establish “aware[ness] of facts or circumstances from which infringing activity is apparent,” 17 U.S.C. § 512(c)(1)(A)(ii), renders the red flag provision superfluous, because that provision would be satisfied only when the “actual knowledge” provision is also satisfied. For that reason, the plaintiffs urge the Court to hold that the red flag provision “requires less specificity” than the actual knowledge provision. Pls.' Supp. Br. 1.

      42

      This argument misconstrues the relationship between “actual” knowledge and “red flag” knowledge. It is true that “we are required to ‘disfavor interpretations of statutes that render language superfluous.’ ” Conn. ex rel. Blumenthal v. U.S. Dep't of the Interior, 228 F.3d 82, 88 (2d Cir.2000) (quoting Conn. Nat'l Bank v. Germain, 503 U.S. 249, 253, 112 S.Ct. 1146, 117 L.Ed.2d 391 (1992)). But contrary to the plaintiffs' assertions, construing § 512(c)(1)(A) to require actual knowledge or awareness of specific instances of infringement does not render the red flag provision superfluous. The phrase “actual knowledge,” which appears in § 512(c)(1)(A)(i), is frequently used to denote subjective belief. See, e.g., United States v. Quinones, 635 F.3d 590, 602 (2d Cir.2011) (“[T]he belief held by the defendant need not be reasonable in order for it to defeat ... actual knowledge.”). By contrast, courts often invoke the language of “facts or circumstances,” which appears in § 512(c)(1)(A)(ii), in discussing an objective reasonableness standard. See, e.g., Maxwell v. City of New York, 380 F.3d 106, 108 (2d Cir.2004) (“Police officers' application of force is excessive ... if it is objectively unreasonable in light of the facts and circumstances confronting them, without regard to their underlying intent or motivation.” (internal quotation marks omitted)).

      43

      The difference between actual and red flag knowledge is thus not between specific and generalized knowledge, but instead between a subjective and an objective standard. In other words, the actual knowledge provision turns on whether the provider actually or “subjectively” knew of specific infringement, while the red flag provision turns on whether the provider was subjectively aware of facts that would have made the specific infringement “objectively” obvious to a reasonable person. The red flag provision, because it incorporates an objective standard, is not swallowed up by the actual knowledge provision under our construction of the § 512(c) safe harbor. Both provisions do independent work, and both apply only to specific instances of infringement.

      44

      The limited body of case law interpreting the knowledge provisions of the § 512(c) safe harbor comports with our view of the specificity requirement. Most [676 F.3d 32] recently, a panel of the Ninth Circuit addressed the scope of § 512(c) in UMG Recordings, Inc. v. Shelter Capital Partners LLC, 667 F.3d 1022 (9th Cir.2011), a copyright infringement case against Veoh Networks, a video-hosting service similar to YouTube.[8] As in this case, various music publishers brought suit against the service provider, claiming direct and secondary copyright infringement based on the presence of unauthorized content on the website, and the website operator sought refuge in the § 512(c) safe harbor. The Court of Appeals affirmed the district court's determination on summary judgment that the website operator was entitled to safe harbor protection. With respect to the actual knowledge provision, the panel declined to “adopt[ ] a broad conception of the knowledge requirement,” id. at 1038, holding instead that the safe harbor “[r]equir [es] specific knowledge of particular infringing activity,” id. at 1037. The Court of Appeals “reach[ed] the same conclusion” with respect to the red flag provision, noting that “[w]e do not place the burden of determining whether [materials] are actually illegal on a service provider.” Id. at 1038 (alterations in original) (quoting Perfect 10, Inc. v. CCBill LLC, 488 F.3d 1102, 1114 (9th Cir.2007)).

      45

      Although Shelter Capital contains the most explicit discussion of the § 512(c) knowledge provisions, other cases are generally in accord. See, e.g., Capitol Records, Inc. v. MP3tunes, LLC, 821 F.Supp.2d 627, 635, 2011 WL 5104616, at *14 (S.D.N.Y. Oct. 25, 2011) (“Undoubtedly, MP3tunes is aware that some level of infringement occurs. But, there is no genuine dispute that MP3tunes did not have specific ‘red flag’ knowledge with respect to any particular link....”); UMG Recordings, Inc. v. Veoh Networks, Inc., 665 F.Supp.2d 1099, 1108 (C.D.Cal.2009) (“ UMG II ”) (“[I]f investigation of ‘facts and circumstances' is required to identify material as infringing, then those facts and circumstances are not ‘red flags.’ ”). While we decline to adopt the reasoning of those decisions in toto, we note that no court has embraced the contrary proposition—urged by the plaintiffs—that the red flag provision “requires less specificity” than the actual knowledge provision.

      46

      Based on the text of § 512(c)(1)(A), as well as the limited case law on point, we affirm the District Court's holding that actual knowledge or awareness of facts or circumstances that indicate specific and identifiable instances of infringement will disqualify a service provider from the safe harbor.

      47
      2. The Grant of Summary Judgment
      48

      The corollary question on appeal is whether, under the foregoing construction of § 512(c)(1)(A), the District Court erred in granting summary judgment to YouTube on the record presented. For the reasons that follow, we hold that although the District Court correctly interpreted § 512(c)(1)(A), summary judgment for the defendants was premature.

      49
      i. Specific Knowledge or Awareness
      50

      The plaintiffs argue that, even under the District Court's construction of the safe harbor, the record raises material issues of fact regarding YouTube's actual knowledge or “red flag” awareness of specific instances of infringement. To that end, the plaintiffs draw our attention to various estimates regarding the percentage of infringing content on the YouTube website. For example, Viacom cites evidence [676 F.3d 33] that YouTube employees conducted website surveys and estimated that 75–80% of all YouTube streams contained copyrighted material. The class plaintiffs similarly claim that Credit Suisse, acting as financial advisor to Google, estimated that more than 60% of YouTube's content was “premium” copyrighted content—and that only 10% of the premium content was authorized. These approximations suggest that the defendants were conscious that significant quantities of material on the YouTube website were infringing. See Viacom Int'l, 718 F.Supp.2d at 518 (“[A] jury could find that the defendants not only were generally aware of, but welcomed, copyright-infringing material being placed on their website.”). But such estimates are insufficient, standing alone, to create a triable issue of fact as to whether YouTube actually knew, or was aware of facts or circumstances that would indicate, the existence of particular instances of infringement.

      51

      Beyond the survey results, the plaintiffs rely upon internal YouTube communications that do refer to particular clips or groups of clips. The class plaintiffs argue that YouTube was aware of specific infringing material because, inter alia, YouTube attempted to search for specific Premier League videos on the site in order to gauge their “value based on video usage.” In particular, the class plaintiffs cite a February 7, 2007 e-mail from Patrick Walker, director of video partnerships for Google and YouTube, requesting that his colleagues calculate the number of daily searches for the terms “soccer,” “football,” and “Premier League” in preparation for a bid on the global rights to Premier League content. On another occasion, Walker requested that any “clearly infringing, official broadcast footage” from a list of top Premier League clubs—including Liverpool Football Club, Chelsea Football Club, Manchester United Football Club, and Arsenal Football Club—be taken down in advance of a meeting with the heads of “several major sports teams and leagues.” YouTube ultimately decided not to make a bid for the Premier League rights—but the infringing content allegedly remained on the website.

      52

      The record in the Viacom action includes additional examples. For instance, YouTube founder Jawed Karim prepared a report in March 2006 which stated that, “[a]s of today[,] episodes and clips of the following well-known shows can still be found [on YouTube]: Family Guy, South Park, MTV Cribs, Daily Show, Reno 911, [and] Dave Chapelle [sic].” Karim further opined that, “although YouTube is not legally required to monitor content ... and complies with DMCA takedown requests, we would benefit from preemptively removing content that is blatantly illegal and likely to attract criticism.” He also noted that “a more thorough analysis” of the issue would be required. At least some of the TV shows to which Karim referred are owned by Viacom. A reasonable juror could conclude from the March 2006 report that Karim knew of the presence of Viacom-owned material on YouTube, since he presumably located specific clips of the shows in question before he could announce that YouTube hosted the content “[a]s of today.” A reasonable juror could also conclude that Karim believed the clips he located to be infringing (since he refers to them as “blatantly illegal”), and that YouTube did not remove the content from the website until conducting “a more thorough analysis,” thus exposing the company to liability in the interim.

      53

      Furthermore, in a July 4, 2005 e-mail exchange, YouTube founder Chad Hurley sent an e-mail to his co-founders with the subject line “budlight commercials,” and stated, “we need to reject these too.” Steve Chen responded, “can we please [676 F.3d 34] leave these in a bit longer? another week or two can't hurt.” Karim also replied, indicating that he “added back in all 28 bud videos.” Similarly, in an August 9, 2005 e-mail exchange, Hurley urged his colleagues “to start being diligent about rejecting copyrighted / inappropriate content,” noting that “there is a cnn clip of the shuttle clip on the site today, if the boys from Turner would come to the site, they might be pissed?” Again, Chen resisted:

      54

      but we should just keep that stuff on the site. i really don't see what will happen. what? someone from cnn sees it? he happens to be someone with power? he happens to want to take it down right away. he gets in touch with cnn legal. 2 weeks later, we get a cease & desist letter. we take the video down.

      And again, Karim agreed, indicating that “the CNN space shuttle clip, I like. we can remove it once we're bigger and better known, but for now that clip is fine.”

      55

      Upon a review of the record, we are persuaded that the plaintiffs may have raised a material issue of fact regarding YouTube's knowledge or awareness of specific instances of infringement. The foregoing Premier League e-mails request the identification and removal of “clearly infringing, official broadcast footage.” The March 2006 report indicates Karim's awareness of specific clips that he perceived to be “blatantly illegal.” Similarly, the Bud Light and space shuttle e-mails refer to particular clips in the context of correspondence about whether to remove infringing material from the website. On these facts, a reasonable juror could conclude that YouTube had actual knowledge of specific infringing activity, or was at least aware of facts or circumstances from which specific infringing activity was apparent. See § 512(c)(1)(A)(i)-(ii). Accordingly, we hold that summary judgment to YouTube on all clips-in-suit, especially in the absence of any detailed examination of the extensive record on summary judgment, was premature.[9]

      56

      We hasten to note, however, that although the foregoing e-mails were annexed as exhibits to the summary judgment papers, it is unclear whether the clips referenced therein are among the current clips-in-suit. By definition, only the current clips-in-suit are at issue in this litigation. Accordingly, we vacate the order granting summary judgment and instruct the District Court to determine on remand whether any specific infringements of which YouTube had knowledge or awareness correspond to the clips-in-suit in these actions.

      57
      ii. “Willful Blindness”
      58

      The plaintiffs further argue that the District Court erred in granting summary judgment to the defendants despite evidence that YouTube was “willfully blind” to specific infringing activity. On this issue of first impression, we consider the application of the common law willful blindness doctrine in the DMCA context.

      59

       “The principle that willful blindness is tantamount to knowledge is hardly novel.” Tiffany (NJ) Inc. v. eBay, Inc., 600 F.3d 93, 110 n. 16 (2d Cir.2010) (collecting [676 F.3d 35] cases); see In re Aimster Copyright Litig., 33,4 F.3d 643 (7th Cir.2003) (“Willful blindness is knowledge, in copyright law ... as it is in the law generally.”). A person is “willfully blind” or engages in “conscious avoidance” amounting to knowledge where the person “ ‘was aware of a high probability of the fact in dispute and consciously avoided confirming that fact.’ ” United States v. Aina-Marshall, 336 F.3d 167, 170 (2d Cir.2003) (quoting United States v. Rodriguez, 983 F.2d 455, 458 (2d Cir.1993)); cf. Global–Tech Appliances, Inc. v. SEB S.A., ––– U.S. ––––, 131 S.Ct. 2060, 2070–71, 179 L.Ed.2d 1167 (2011) (applying the willful blindness doctrine in a patent infringement case). Writing in the trademark infringement context, we have held that “[a] service provider is not ... permitted willful blindness. When it has reason to suspect that users of its service are infringing a protected mark, it may not shield itself from learning of the particular infringing transactions by looking the other way.” Tiffany, 600 F.3d at 109.

      60

      The DMCA does not mention willful blindness. As a general matter, we interpret a statute to abrogate a common law principle only if the statute “speak[s] directly to the question addressed by the common law.” Matar v. Dichter, 563 F.3d 9, 14 (2d Cir.2009) (internal quotation marks omitted). The relevant question, therefore, is whether the DMCA “speak[s] directly” to the principle of willful blindness. Id. (internal quotation marks omitted). The DMCA provision most relevant to the abrogation inquiry is § 512(m), which provides that safe harbor protection shall not be conditioned on “a service provider monitoring its service or affirmatively seeking facts indicating infringing activity, except to the extent consistent with a standard technical measure complying with the provisions of subsection (i).” 17 U.S.C. § 512(m)(1). Section 512(m) is explicit: DMCA safe harbor protection cannot be conditioned on affirmative monitoring by a service provider. For that reason, § 512(m) is incompatible with a broad common law duty to monitor or otherwise seek out infringing activity based on general awareness that infringement may be occurring. That fact does not, however, dispose of the abrogation inquiry; as previously noted, willful blindness cannot be defined as an affirmative duty to monitor. See Aina–Marshall, 336 F.3d at 170 (holding that a person is “willfully blind” where he “was aware of a high probability of the fact in dispute and consciously avoided confirming that fact”). Because the statute does not “speak[ ] directly” to the willful blindness doctrine, § 512(m) limits—but does not abrogate—the doctrine. Accordingly, we hold that the willful blindness doctrine may be applied, in appropriate circumstances, to demonstrate knowledge or awareness of specific instances of infringement under the DMCA.

      61

      The District Court cited § 512(m) for the proposition that safe harbor protection does not require affirmative monitoring, Viacom, 718 F.Supp.2d at 524, but did not expressly address the principle of willful blindness or its relationship to the DMCA safe harbors. As a result, whether the defendants made a “deliberate effort to avoid guilty knowledge,” In re Aimster, 33,4 F.3d at 650, remains a fact question for the District Court to consider in the first instance on remand.[10]

      62
      [676 F.3d 36] B. Control and Benefit: § 512(c)(1)(B)
      63

       Apart from the foregoing knowledge provisions, the § 512(c) safe harbor provides that an eligible service provider must “not receive a financial benefit directly attributable to the infringing activity, in a case in which the service provider has the right and ability to control such activity.” 17 U.S.C. § 512(c)(1)(B). The District Court addressed this issue in a single paragraph, quoting from § 512(c)(1)(B), the so-called “control and benefit” provision, and concluding that “[t]he ‘right and ability to control’ the activity requires knowledge of it, which must be item-specific.” Viacom, 718 F.Supp.2d at 527. For the reasons that follow, we hold that the District Court erred by importing a specific knowledge requirement into the control and benefit provision, and we therefore remand for further fact-finding on the issue of control.

      64
      1. “Right and Ability to Control” Infringing Activity
      65

      On appeal, the parties advocate two competing constructions of the “right and ability to control” infringing activity. 17 U.S.C. § 512(c)(1)(B). Because each is fatally flawed, we reject both proposed constructions in favor of a fact-based inquiry to be conducted in the first instance by the District Court.

      66

      The first construction, pressed by the defendants, is the one adopted by the District Court, which held that “the provider must know of the particular case before he can control it.” Viacom, 718 F.Supp.2d at 527. The Ninth Circuit recently agreed, holding that “until [the service provider] becomes aware of specific unauthorized material, it cannot exercise its ‘power or authority’ over the specific infringing item. In practical terms, it does not have the kind of ability to control infringing activity the statute contemplates.” UMG Recordings, Inc. v. Shelter Capital Partners LLC, 667 F.3d 1022, 1041 (9th Cir.2011). The trouble with this construction is that importing a specific knowledge requirement into § 512(c)(1)(B) renders the control provision duplicative of § 512(c)(1)(A). Any service provider that has item-specific knowledge of infringing activity and thereby obtains financial benefit would already be excluded from the safe harbor under § 512(c)(1)(A) for having specific knowledge of infringing material and failing to effect expeditious removal. No additional service provider would be excluded by § 512(c)(1)(B) that was not already excluded by § 512(c)(1)(A). Because statutory interpretations that render language superfluous are disfavored, Conn. ex rel. Blumenthal, 228 F.3d at 88, we reject the District Court's interpretation of the control provision.

      67

      The second construction, urged by the plaintiffs, is that the control provision codifies the common law doctrine of vicarious copyright liability. The common law imposes liability for vicarious copyright infringement “[w]hen the right and ability to supervise coalesce with an obvious and direct financial interest in the exploitation of copyrighted materials—even in the absence of actual knowledge that the copyright mono [poly] is being impaired.” Shapiro, Bernstein & Co. v. H.L. Green Co., 316 F.2d 304, 307 (2d Cir.1963); cf. Metro–Goldwyn–Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. 913, 930 n. 9, 125 S.Ct. 2764, 162 L.Ed.2d 781 (2005). To support their codification argument, the plaintiffs rely [676 F.3d 37] on a House Report relating to a preliminary version of the DMCA: “The ‘right and ability to control’ language ... codifies the second element of vicarious liability.... Subparagraph (B) is intended to preserve existing case law that examines all relevant aspects of the relationship between the primary and secondary infringer.” H.R.Rep. No. 105–551(I), at 26 (1998). In response, YouTube notes that the codification reference was omitted from the committee reports describing the final legislation, and that Congress ultimately abandoned any attempt to “embark[ ] upon a wholesale clarification” of vicarious liability, electing instead “to create a series of ‘safe harbors' for certain common activities of service providers.” S.Rep. No. 105–190, at 19.

      68

      Happily, the future of digital copyright law does not turn on the confused legislative history of the control provision. The general rule with respect to common law codification is that when “Congress uses terms that have accumulated settled meaning under the common law, a court must infer, unless the statute otherwise dictates, that Congress means to incorporate the established meaning of those terms.” Neder v. United States, 527 U.S. 1, 21, 119 S.Ct. 1827, 144 L.Ed.2d 35 (1999) (ellipsis and internal quotation marks omitted). Under the common law vicarious liability standard, “ ‘[t]he ability to block infringers' access to a particular environment for any reason whatsoever is evidence of the right and ability to supervise.’ ” Arista Records LLC v. Usenet.com, Inc., 633 F.Supp.2d 124, 157 (S.D.N.Y.2009) (alteration in original) (quoting A & M Records, Inc. v. Napster, Inc., 239 F.3d 1004, 1023 (9th Cir.2001)). To adopt that principle in the DMCA context, however, would render the statute internally inconsistent. Section 512(c) actually presumes that service providers have the ability to “block ... access” to infringing material. Id. at 157; see Shelter Capital, 667 F.3d at 1042–43. Indeed, a service provider who has knowledge or awareness of infringing material or who receives a takedown notice from a copyright holder is required to “remove, or disable access to, the material” in order to claim the benefit of the safe harbor. 17 U.S.C. § 512(c)(1)(A)(iii) & (C). But in taking such action, the service provider would—in the plaintiffs' analysis—be admitting the “right and ability to control” the infringing material. Thus, the prerequisite to safe harbor protection under § 512(c)(1)(A)(iii) & (C) would at the same time be a disqualifier under § 512(c)(1)(B).

      69

      Moreover, if Congress had intended § 512(c)(1)(B) to be coextensive with vicarious liability, “the statute could have accomplished that result in a more direct manner.” Shelter Capital, 667 F.3d at 1045.

      70

      It is conceivable that Congress ... intended that [service providers] which receive a financial benefit directly attributable to the infringing activity would not, under any circumstances, be able to qualify for the subsection (c) safe harbor. But if that was indeed their intention, it would have been far simpler and much more straightforward to simply say as much. Id. (alteration in original) (quoting Ellison v. Robertson, 189 F.Supp.2d 1051, 1061 (C.D.Cal.2002), aff'd in part and rev'd in part on different grounds, 357 F.3d 1072 (9th Cir.2004)).

      71

      In any event, the foregoing tension—elsewhere described as a “predicament”[11] and a “catch22”[12]—is sufficient to establish that the control provision “dictates” [676 F.3d 38] a departure from the common law vicarious liability standard, Neder, 527 U.S. at 21, 119 S.Ct. 1827. Accordingly, we conclude that the “right and ability to control” infringing activity under § 512(c)(1)(B) “requires something more than the ability to remove or block access to materials posted on a service provider's website.” MP3tunes, LLC, 821 F.Supp.2d at 645, 2011 WL 5104616, at *14; accord Wolk v. Kodak Imaging Network, Inc., ––– F.Supp.2d ––––, ––––, 2012 WL 11270, at *21 (S.D.N.Y. Jan. 3, 2012); UMG II, 665 F.Supp.2d at 1114–15; Io Grp., Inc. v. Veoh Networks, Inc., 586 F.Supp.2d 1132, 1151 (N.D.Cal.2008); Corbis Corp. v. Amazon.com, Inc., 351 F.Supp.2d 1090, 1110 (W.D.Wash.2004), overruled on other grounds by Cosmetic Ideas, Inc. v. IAC/Interactivecorp., 606 F.3d 612 (9th Cir.2010). The remaining—and more difficult—question is how to define the “something more” that is required.

      72

      To date, only one court has found that a service provider had the right and ability to control infringing activity under § 512(c)(1)(B).[13] In Perfect 10, Inc. v. Cybernet Ventures, Inc., 213 F.Supp.2d 1146 (C.D.Cal.2002), the court found control where the service provider instituted a monitoring program by which user websites received “detailed instructions regard[ing] issues of layout, appearance, and content.” Id. at 1173. The service provider also forbade certain types of content and refused access to users who failed to comply with its instructions. Id. Similarly, inducement of copyright infringement under Metro–Goldwyn–Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. 913, 125 S.Ct. 2764, 162 L.Ed.2d 781 (2005), which “premises liability on purposeful, culpable expression and conduct,” id. at 937, 125 S.Ct. 2764, might also rise to the level of control under § 512(c)(1)(B). Both of these examples involve a service provider exerting substantial influence on the activities of users, without necessarily—or even frequently—acquiring knowledge of specific infringing activity.

      73

      In light of our holding that § 512(c)(1)(B) does not include a specific knowledge requirement, we think it prudent to remand to the District Court to consider in the first instance whether the plaintiffs have adduced sufficient evidence to allow a reasonable jury to conclude that YouTube had the right and ability to control the infringing activity and received a financial benefit directly attributable to that activity.

      74
      C. “By Reason of” Storage: § 512(c)(1)
      75

       The § 512(c) safe harbor is only available when the infringement occurs “by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider.” 17 U.S.C. § 512(c)(1). In this case, the District Court held that YouTube's software functions fell within the safe harbor for infringements that occur “by reason of” user storage. Viacom, 718 F.Supp.2d at 526 (noting that a contrary holding would “confine[ ] the word ‘storage’ too narrowly to meet the statute's purpose”). For the reasons that follow, we affirm that holding [676 F.3d 39] with respect to three of the challenged software functions—the conversion (or “transcoding”) of videos into a standard display format, the playback of videos on “watch” pages, and the “related videos” function. We remand for further fact-finding with respect to a fourth software function, involving the third-party syndication of videos uploaded to YouTube.

      76

      As a preliminary matter, we note that “the structure and language of OCILLA indicate that service providers seeking safe harbor under [§ ] 512(c) are not limited to merely storing material.” Io Grp., 586 F.Supp.2d at 1147. The structure of the statute distinguishes between so-called “conduit only” functions under § 512(a) and the functions addressed by § 512(c) and the other subsections. See 17 U.S.C. § 512(n) (“Subsections (a), (b), (c), and (d) describe separate and distinct functions for purposes of applying this section.”). Most notably, OCILLA contains two definitions of “service provider.” 17 U.S.C. § 512(k)(1)(A)-(B). The narrower definition, which applies only to service providers falling under § 512(a), is limited to entities that “offer[ ] the transmission, routing or providing of connections for digital online communications, between or among points specified by a user, of material of the user's choosing, without modification to the content of the material as sent or received.” Id. § 512(k)(1)(A) (emphasis added). No such limitation appears in the broader definition, which applies to service providers—including YouTube—falling under § 512(c). Under the broader definition, “the term ‘service provider’ means a provider of online services or network access, or the operator of facilities therefor, and includes an entity described in subparagraph (A).” Id. § 512(k)(1)(B). In the absence of a parallel limitation on the ability of a service provider to modify user-submitted material, we conclude that § 512(c) “is clearly meant to cover more than mere electronic storage lockers.” UMG Recordings, Inc. v. Veoh Networks, Inc., 620 F.Supp.2d 1081, 1088 (C.D.Cal.2008) (“UMG I”).

      77

      The relevant case law makes clear that the § 512(c) safe harbor extends to software functions performed “for the purpose of facilitating access to user-stored material.” Id.; see Shelter Capital, 667 F.3d at 1031–35. Two of the software functions challenged here—transcoding and playback—were expressly considered by our sister Circuit in Shelter Capital, which held that liability arising from these functions occurred “by reason of the storage at the direction of a user.” 17 U.S.C. § 512(c); see Shelter Capital, 667 F.3d at 1027–28, 1031; see also UMG I, 620 F.Supp.2d at 1089–91; Io Group, 586 F.Supp.2d at 1146–48. Transcoding involves “[m]aking copies of a video in a different encoding scheme” in order to render the video “viewable over the Internet to most users.” Supp. Joint App'x I:236. The playback process involves “deliver[ing] copies of YouTube videos to a user's browser cache” in response to a user request. Id. at 239. The District Court correctly found that to exclude these automated functions from the safe harbor would eviscerate the protection afforded to service providers by § 512(c). Viacom, 718 F.Supp.2d at 526–27.

      78

      A similar analysis applies to the “related videos” function, by which a YouTube computer algorithm identifies and displays “thumbnails” of clips that are “related” to the video selected by the user. The plaintiffs claim that this practice constitutes content promotion, not “access” to stored content, and therefore falls beyond the scope of the safe harbor. Citing similar language in the Racketeer Influenced and Corrupt Organizations Act (“RICO”), 18 U.S.C. §§ 1961–68, and the Clayton [676 F.3d 40] Act, 15 U.S.C. §§ 12 et seq., the plaintiffs argue that the statutory phrase “by reason of” requires a finding of proximate causation between the act of storage and the infringing activity. See, e.g., Holmes v. Sec. Investor Prot. Corp., 503 U.S. 258, 267–68, 112 S.Ct. 1311, 117 L.Ed.2d 532 (1992) (holding that the “by reason of” language in the RICO statute requires proximate causation). But even if the plaintiffs are correct that § 512(c) incorporates a principle of proximate causation—a question we need not resolve here—the indexing and display of related videos retain a sufficient causal link to the prior storage of those videos. The record makes clear that the related videos algorithm “is fully automated and operates solely in response to user input without the active involvement of YouTube employees.” Supp. Joint App'x I:237. Furthermore, the related videos function serves to help YouTube users locate and gain access to material stored at the direction of other users. Because the algorithm “is closely related to, and follows from, the storage itself,” and is “narrowly directed toward providing access to material stored at the direction of users,” UMG I, 620 F.Supp.2d at 1092, we conclude that the related videos function is also protected by the § 512(c) safe harbor.

      79

      The final software function at issue here—third-party syndication—is the closest case. In or around March 2007, YouTube transcoded a select number of videos into a format compatible with mobile devices and “syndicated” or licensed the videos to Verizon Wireless and other companies. The plaintiffs argue—with some force—that business transactions do not occur at the “direction of a user” within the meaning of § 512(c)(1) when they involve the manual selection of copyrighted material for licensing to a third party. The parties do not dispute, however, that none of the clips-in-suit were among the approximately 2,000 videos provided to Verizon Wireless. In order to avoid rendering an advisory opinion on the outer boundaries of the storage provision, we remand for fact-finding on the question of whether any of the clips-in-suit were in fact syndicated to any other third party.

      80
      D. Other Arguments
      81
      1. Repeat Infringer Policy
      82

      The class plaintiffs briefly argue that YouTube failed to comply with the requirements of § 512(i), which conditions safe harbor eligibility on the service provider having “adopted and reasonably implemented ... a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider's system or network who are repeat infringers.” 17 U.S.C. § 512(i)(1)(A). Specifically, the class plaintiffs allege that YouTube “deliberately set up its identification tools to try to avoid identifying infringements of class plaintiffs' works.” This allegation rests primarily on the assertion that YouTube permitted only designated “partners” to gain access to content identification tools by which YouTube would conduct network searches and identify infringing material.[14]

      83

      Because the class plaintiffs challenge YouTube's deployment of search technology, [676 F.3d 41] we must consider their § 512(i) argument in conjunction with § 512(m). As previously noted, § 512(m) provides that safe harbor protection cannot be conditioned on “a service provider monitoring its service or affirmatively seeking facts indicating infringing activity, except to the extent consistent with a standard technical measure complying with the provisions of subsection (i).” 17 U.S.C. § 512(m)(1) (emphasis added). In other words, the safe harbor expressly disclaims any affirmative monitoring requirement—except to the extent that such monitoring comprises a “standard technical measure” within the meaning of § 512(i). Refusing to accommodate or implement a “standard technical measure” exposes a service provider to liability; refusing to provide access to mechanisms by which a service provider affirmatively monitors its own network has no such result. In this case, the class plaintiffs make no argument that the content identification tools implemented by YouTube constitute “standard technical measures,” such that YouTube would be exposed to liability under § 512(i). For that reason, YouTube cannot be excluded from the safe harbor by dint of a decision to restrict access to its proprietary search mechanisms.

      84
      2. Affirmative Claims
      85

      Finally, the plaintiffs argue that the District Court erred in denying summary judgment to the plaintiffs on their claims of direct infringement, vicarious liability, and contributory liability under Metro–Goldwyn–Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. 913, 125 S.Ct. 2764, 162 L.Ed.2d 781 (2005). In granting summary judgment to the defendants, the District Court held that YouTube “qualif[ied] for the protection of ... § 512(c),” and therefore denied the plaintiffs' cross-motion for summary judgment without comment. Viacom, 718 F.Supp.2d at 529.

      86

      The District Court correctly determined that a finding of safe harbor application necessarily protects a defendant from all affirmative claims for monetary relief. 17 U.S.C. § 512(c)(1); see H.R.Rep. No. 105–551(II), at 50; S.Rep. No. 105–190, at 20; cf. 17 U.S.C. § 512(j) (setting forth the scope of injunctive relief available under § 512). For the reasons previously stated, further fact-finding is required to determine whether YouTube is ultimately entitled to safe harbor protection in this case. Accordingly, we vacate the order denying summary judgment to the plaintiffs and remand the cause without expressing a view on the merits of the plaintiffs' affirmative claims.

      87
      CONCLUSION
      88

      To summarize, we hold that:

      89

      (1) The District Court correctly held that 17 U.S.C. § 512(c)(1)(A) requires knowledge or awareness of facts or circumstances that indicate specific and identifiable instances of infringement;

      (2) However, the June 23, 2010 order granting summary judgment to YouTube is VACATED because a reasonable jury could conclude that YouTube had knowledge or awareness under § 512(c)(1)(A) at least with respect to a handful of specific clips; the cause is REMANDED for the District Court to determine whether YouTube had knowledge or awareness of any specific instances of infringement corresponding to the clips-in-suit;

      (3) The willful blindness doctrine may be applied, in appropriate circumstances, to demonstrate knowledge or awareness of specific instances of infringement under § 512(c)(1)(A); the cause is REMANDED for the [676 F.3d 42] District Court to consider the application of the willful blindness doctrine in the first instance;

      (4) The District Court erred by requiring “item-specific” knowledge of infringement in its interpretation of the “right and ability to control” infringing activity under 17 U.S.C. § 512(c)(1)(B), and the judgment is REVERSED insofar as it rests on that erroneous construction of the statute; the cause is REMANDED for further fact-finding by the District Court on the issues of control and financial benefit;

      (5) The District Court correctly held that three of the challenged YouTube software functions—replication, playback, and the related videos feature—occur “by reason of the storage at the direction of a user” within the meaning of 17 U.S.C. § 512(c)(1), and the judgment is AFFIRMED insofar as it so held; the cause is REMANDED for further fact-finding regarding a fourth software function, involving the syndication of YouTube videos to third parties.

      On remand, the District Court shall allow the parties to brief the following issues, with a view to permitting renewed motions for summary judgment as soon as practicable:

      (A) Whether, on the current record, YouTube had knowledge or awareness of any specific infringements (including any clips-in-suit not expressly noted in this opinion);

      (B) Whether, on the current record, YouTube willfully blinded itself to specific infringements;

      (C) Whether YouTube had the “right and ability to control” infringing activity within the meaning of § 512(c)(1)(B); and

      (D) Whether any clips-in-suit were syndicated to a third party and, if so, whether such syndication occurred “by reason of the storage at the direction of the user” within the meaning of § 512(c)(1), so that YouTube may claim the protection of the § 512(c) safe harbor.

      We leave to the sound discretion of the District Court the question of whether some additional, guided discovery is appropriate in order to resolve “(C)” (“[w]hether YouTube had ‘the right and ability to control’ infringing activity”), and “(D)” (“[w]hether any clips-in-suit were syndicated to a third party”). As noted above, for purposes of this case, the record with respect to “(A)” (“[w]hether ... YouTube had knowledge or awareness of any specific infringements”) and “(B)” (“[w]hether. YouTube willfully blinded itself to specific infringements”) is now complete.

      90

      Each party shall bear its own costs.

      91
      APPENDIX ARELEVANT PROVISIONS OF THE DIGITAL MILLENNIUM COPYRIGHT ACT 17 U.S.C. § 512
      92

      (c) Information residing on systems or networks at direction of users.

      (1) In general.—A service provider shall not be liable for monetary relief, or, except as provided in subsection (j), for injunctive or other equitable relief, for infringement of copyright by reason of the storage at the direction of a user of material that resides on a system or network controlled or operated by or for the service provider, if the service provider—

      (A) (i) does not have actual knowledge that the material or an activity using the material on the system or network is infringing;

      [676 F.3d 43] (ii) in the absence of such actual knowledge, is not aware of facts or circumstances from which infringing activity is apparent; or

      (iii) upon obtaining such knowledge or awareness, acts expeditiously to remove, or disable access to, the material;

      (B) does not receive a financial benefit directly attributable to the infringing activity, in a case in which the service provider has the right and ability to control such activity; and

      (C) upon notification of claimed infringement as described in paragraph (3), responds expeditiously to remove, or disable access to, the material that is claimed to be infringing or to be the subject of infringing activity.

      (2) Designated agent.—The limitations on liability established in this subsection apply to a service provider only if the service provider has designated an agent to receive notifications of claimed infringement described in paragraph (3), by making available through its service, including on its website in a location accessible to the public, and by providing to the Copyright Office, substantially the following information:

      (A) the name, address, phone number, and electronic mail address of the agent.

      (B) other contact information which the Register of Copyrights may deem appropriate.

      The Register of Copyrights shall maintain a current directory of agents available to the public for inspection, including through the Internet, and may require payment of a fee by service providers to cover the costs of maintaining the directory.

      (3) Elements of notification.—

      (A) To be effective under this subsection, a notification of claimed infringement must be a written communication provided to the designated agent of a service provider that includes substantially the following:

      (i) A physical or electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

      (ii) Identification of the copyrighted work claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site.

      (iii) Identification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit the service provider to locate the material.

      (vi) Information reasonably sufficient to permit the service provider to contact the complaining party, such as an address, telephone number, and, if available, an electronic mail address at which the complaining party may be contacted.

      (iv) A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law.

      (v) A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

      (B)(i) Subject to clause (ii), a notification from a copyright owner or from a person authorized to act on behalf of the copyright owner that fails to comply substantially with the provisions of subparagraph

      [676 F.3d 44] (A) shall not be considered under paragraph (1)(A) in determining whether a service provider has actual knowledge or is aware of facts or circumstances from which infringing activity is apparent.

      (ii) In a case in which the notification that is provided to the service provider's designated agent fails to comply substantially with all the provisions of subparagraph (A) but substantially complies with clauses (ii), (iii), and (iv) of subparagraph (A), clause (i) of this subparagraph applies only if the service provider promptly attempts to contact the person making the notification or takes other reasonable steps to assist in the receipt of notification that substantially complies with all the provisions of subparagraph (A).

      (i) Conditions for Eligibility.

      (1) Accommodation of technology.—The limitations on liability established by this section shall apply to a service provider only if the service provider—

      (A) has adopted and reasonably implemented, and informs subscribers and account holders of the service provider's system or network of, a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider's system or network who are repeat infringers; and

      (B) accommodates and does not interfere with standard technical measures.

      (2) Definition.—As used in this subsection, the term “standard technical measures” means technical measures that are used by copyright owners to identify or protect copyrighted works and—

      (A) have been developed pursuant to a broad consensus of copyright owners and service providers in an open, fair, voluntary, multi-industry standards process;

      (B) are available to any person on reasonable and nondiscriminatory terms; and

      (C) do not impose substantial costs on service providers or substantial burdens on their systems or networks.

      (k) Definitions.

      (1) Service provider.—

      (A) As used in subsection (a), the term “service provider” means an entity offering the transmission, routing, or providing of connections for digital online communications, between or among points specified by a user, of material of the user's choosing, without modification to the content of the material as sent or received.

      (B) As used in this section, other than subsection (a), the term “service provider” means a provider of online services or network access, or the operator of facilities therefor, and includes an entity described in subparagraph (A).

      (2) Monetary relief.—As used in this section, the term “monetary relief” means damages, costs, attorneys' fees, and any other form of monetary payment.

      (m) Protection of privacy.—Nothing in this section shall be construed to condition the applicability of subsections (a) through (d) on—

      (1) a service provider monitoring its service or affirmatively seeking facts indicating infringing activity, except to the extent consistent with a standard technical measure complying with the provisions of subsection (i); or

      (2) a service provider gaining access to, removing, or disabling access to material [676 F.3d 45] in cases in which such conduct is prohibited by law.

      (n) Construction.

      Subsections (a), (b), (c), and (d) describe separate and distinct functions for purposes of applying this section. Whether a service provider qualifies for the limitation on liability in any one of those subsections shall be based solely on the criteria in that subsection, and shall not affect a determination of whether that service provider qualifies for the limitations on liability under any other such subsection.

      93

      [*] The Honorable Roger J. Miner, who was originally assigned to the panel, died prior to the resolution of this case. The remaining two members of the panel, who are in agreement, have determined the matter. See 28 U.S.C. § 46(d); 2d Cir. IOP E(b); United States v. Desimone, 140 F.3d 457, 458–59 (2d Cir.1998).

      94

      [1] The relevant provisions of 17 U.S.C. § 512(c) appear in Appendix A.

      95

      [2] The plaintiffs-appellants in Viacom Int'l, Inc. v. YouTube, Inc., No. 10–3270–cv, are Viacom, Comedy Partners, Country Music Television, Inc., Paramount Pictures Corporation, and Black Entertainment Television, LLC (jointly, the “Viacom plaintiffs”). The plaintiffs-appellants in Football Ass'n Premier League Ltd. v. YouTube, Inc., No. 10–3342–cv, are Premier League, Bourne Co., Cal IV Entertainment, LLC, Cherry Lane Music Publishing Company, Inc., X–Ray Dog Music, Inc., Fédération Française de Tennis, Murbo Music Publishing, Inc., and Stage Three Music (US), Inc. (jointly, the “class plaintiffs”).

      96

      [3] The class plaintiffs also sought class certification pursuant to Rule 23 of the Federal Rules of Civil Procedure.

      97

      [4] The “Flash” format “is a highly compressed streaming format that begins to play instantly. Unlike other delivery methods, it does not require the viewer to download the entire video file before viewing.” Joint App'x IV:73.

      98

      [5] Doctrines of secondary copyright infringement include contributory, vicarious, and inducement liability. See Metro–Goldwyn–Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. 913, 930–31, 936–37, 125 S.Ct. 2764, 162 L.Ed.2d 781 (2005).

      99

      [6] National Music Publishers' Association, one of the named plaintiffs in the putative class action, seeks only equitable relief.

      100

      [7] It is undisputed that all clips-in-suit had been removed from the YouTube website by the time of summary judgment, mostly in response to DMCA takedown notices. Viacom Int'l, 718 F.Supp.2d at 519.

      101

      [8] Veoh Networks operates a website that “allows people to share video content over the Internet.” Shelter Capital, 667 F.3d at 1026.

      102

      [9] We express no opinion as to whether the evidence discussed above will prove sufficient to withstand a renewed motion for summary judgment by YouTube on remand. In particular, we note that there is at least some evidence that the search requested by Walker in his February 7, 2007 e-mail was never carried out. See Joint App'x III:256. We also note that the class plaintiffs have failed to identify evidence indicating that any infringing content discovered as a result of Walker's request in fact remained on the YouTube website. The class plaintiffs, drawing on the voluminous record in this case, may be able to remedy these deficiencies in their briefing to the District Court on remand.

      103

      [10] Our recent decision in Tiffany (NJ) Inc. v. eBay Inc., 600 F.3d 93 (2d Cir.2010), lends support to this result. In Tiffany, we rejected a willful blindness challenge, holding that although eBay “knew as a general matter that counterfeit Tiffany products were listed and sold through its website,” such knowledge “is insufficient to trigger liability.” Id. at 110. In so holding, however, we rested on the extensive findings of the district court with respect to willful blindness. Id. (citing Tiffany (NJ) Inc. v. eBay, Inc., 576 F.Supp.2d 463, 513 (S.D.N.Y.2008)). Thus, the Tiffany holding counsels in favor of explicit fact-finding on the issue of willful blindness.

      104

      [11] Ellison, 189 F.Supp.2d at 1061.

      105

      [12] UMG II, 665 F.Supp.2d at 1112.

      106

      [13] Other courts have suggested that control may exist where the service provider is “actively involved in the listing, bidding, sale and delivery” of items offered for sale, Hendrickson v. eBay, Inc., 165 F.Supp.2d 1082, 1094 (C.D.Cal.2001), or otherwise controls vendor sales by previewing products prior to their listing, editing product descriptions, or suggesting prices, Corbis Corp., 351 F.Supp.2d at 1110. Because these cases held that control did not exist, however, it is not clear that the practices cited therein are individually sufficient to support a finding of control.

      107

      [14] The class plaintiffs also assert, in a single sentence, that YouTube failed to implement any repeat infringer policy prior to March 2006, and that the defendants are therefore excluded from the safe harbor for any infringing activity before that date. This one-sentence argument is insufficient to raise the issue for review before this Court. Accordingly, we deem the issue waived on appeal. See, e.g., Norton v. Sam's Club, 145 F.3d 114, 117 (2d Cir.1998) (“Issues not sufficiently argued in the briefs are considered waived and normally will not be addressed on appeal.”).

  • 5 Lessig v. Liberation Music