How to distinguish
Legitimate takedowns for copyright infringement
Some phishing traps
While it’s safe to delete and ignore most phishing emails – like one from a mysterious foreign prince offering you a slice of his fortune – it’s a headache to have to wonder whether what appears to be a Digital Millennium Copyright Act (DMCA) takedown notice is legitimate or potentially harmful.
Any operator of a website that allows users to post content to a site without the operator’s direct involvement must know and comply with the DMCA.
For example, a website may allow users to directly post:
- Comments and questions on news or blogs
- Forum Comments and Replies
- Lists of goods and services for sale
- The music
- Creative works, such as articles, poems, artwork, etc.
- Reviews of books, movies, music, etc.
If users/visitors cannot post anything directly to a website, Safe Harbor is irrelevant. A website operator is not protected from liability for infringing material posted directly by the operator or by others working for the operator (such as employees or contractors of the operator).
If users CAN post directly to a site, then the site must include a terms of service document that includes an appropriate DMCA policy. These Terms are often accessible via a link in the footer of each page.
A service provider will not be responsible for monetary relief, or, except as provided in paragraph (j), for injunctive or other equitable relief, for copyright infringement due to storage at user’s direction of material that resides on a system or network controlled or operated by or for the service providerif the service provider—
has no actual knowledge that the material or any activity using the material on the system or network is infringing;
in the absence of such actual knowledge, has no knowledge of facts or circumstances from which infringing activity is apparent; Where
upon obtaining such knowledge or awareness, acts promptly to remove or disable access to the material;
does not receive a financial benefit directly attributable to the infringing activity, in the event that the service provider has the right and ability to control such activity; and
Upon notification of an alleged infringement as described in subsection (3), respond promptly to remove or disable access to the material allegedly infringing or the subject of infringing activity.
To take advantage of DMCA protections, a website operator must designate a DMCA agent.
A DMCA agent can be anyone who works with or for the operator of the website. No special skills, training or certification is required.
The DMCA agent is the person a copyright owner can notify if there is allegedly infringing material posted by users on a website. The agent is responsible for examining the material and removing it, if necessary.
VERY IMPORTANT, a DMCA agent must be REGISTERED with the US Copyright Office. If a DMCA is not registered, the operator of the website is not protected from liability under the safe harbor.
Registering a DMCA agent is a quick, simple and inexpensive process that starts with creating a DMCA Designated Agent Registration Account. A copyright attorney is not necessary to help you.
A business that receives a DMCA Takedown Notice must answer to quickly and correctly or risk being held liable for the user’s infringement. This is why something that appears to be a DMCA notice – as opposed to regular spam – should be taken seriously.
How do I know if a withdrawal email is legitimate or not?
- If you don’t have any User Content on your website, it’s less likely that someone will send you a DMCA takedown notice. You are more likely to receive a cease and desist notice from a copyright attorney if you have posted allegedly infringing material yourself.
- If you have properly designated a DMCA agent in your Terms of Service, only that person should receive DMCA takedown notices. If someone other than the agent receives such emails, these emails are more likely to be phishing scams.
The safest course of action with any suspected phishing email is to forward it to your IT department so it can be opened and all links clicked in a secure environment.
Phishing emails can also be reported to FTC.
Just like the haiku above, we like to keep our posts short and sweet. I hope you have found this brief information useful.