Controversial cheating website AshleyMadison.com dealt quite the blow to its 36 million users last week when they reported that the website had been hacked. The notorious site, which helps married men and women connect and meet for extramarital affairs, was the target of a major hack, and this week the hackers dumped user data stolen from the site, revealing personal email addresses linked to credit card information. They also released data and internal emails from the company’s CEO, Noel Biderman, who manages Ashley Madison’s parent company, Avid Life Media.
Tech developers quickly rushed to the scene to capitalize on this massive and highly sensitive data breach by creating programs that would allow users and their suspicious spouses alike to search for the breached information. Websites like Trustify and CheckAshleyMadison.com allow users to simply enter an email address and immediately discover whether their information got caught in the fallout of Ashley Madison’s hack.
The Ashley Madison hack severely threatens the company’s business, and executives are scrambling to get the situation under control: They’re not just dealing with the backlash from angry users, but facing some pretty serious allegations regarding their overall business model. So what’s a company based on dishonesty and shady dealings to do? It’s business as usual for Ashley Madison.
Avid Life Media has begun issuing takedown notices to websites like Trustify and Check Ashley Madison under the Digital Millenium Copyright Act, alleging that the company “owns all intellectual property in the data, which has been stolen from our data center, and disclosed in this unauthorized and unlawful manner.” Many of the companies helping users track their hacked data have been quickly shuttered in order to contravene DMCA penalties. But Trustify has refused, claiming that Ashley Madison’s use of the DMCA to keep companies like theirs from operating is a completely incorrect application of a law which was designed to protect copyright owners, not censor data.
In the case of the Ashley Madison hack, the answer is unequivocally clear: No matter how detrimental to their business, Ashley Madison cannot issue takedown notices under the DMCA. Trustify – and other websites like it – have no reason to feel threatened to shut down, and should continue operating without fear of a backlash.
The Digital Millennium Copyright Act
The Digital Millennium Copyright Act, or the DMCA, criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works. In addition, the DMCA heightens the penalties for copyright infringement on the Internet, but does provide a safe harbor for internet service providers within the Online Copyright Limitation Liability Act (OCILLA). The Act exempts internet service providers from copyright infringement liability in an effort to strike the balance between the competing interests of copyright owners and digital users. Under OCILLA, if an internet service provider is served a takedown notice, they are obliged to comply, but will not be subject to copyright infringement liability if they meet certain exceptions.
Under these conditions, many companies that were operating as data revealers for the Ashley Madison hack removed their websites in order to avoid any penalties under DMCA.
But since it became law in 1998, the DMCA has been abused by anyone who wants content off the internet. All kinds of parties, from governments to companies trying to save face, have tried using DMCA takedown notices to coerce people into taking things off the internet. Those served a takedown notice usually comply out of fear of being sued. For many small companies, it’s better to be safe than sorry.
As a rule of thumb, being served a takedown notice means you should usually remove the infringing material to avoid further issues. But Ashley Madison’s use of the DMCA in order to prevent websites from revealing the breached data can only survive if the information it’s trying to protect is copyrightable – and we know from basic copyright principles that it’s not.
Why Ashley Madison’s Data isn’t Copyrightable
As we’ve outlined in our e-book on copyright for artists, understanding what can’t be copyrighted is just as important as understanding what can be. Only creative works can be copyrighted, and only if they meet certain requirements. In order for a work to be copyrightable, it must:
- Be an original work of authorship
- Fixed in a tangible medium
- With a minimal degree of creativity.
Additionally, there are certain things that can’t be copyrighted – these include ideas, titles, names, and slogans, and facts. No matter how eloquently a fact is presented, it will not rise to the level of originality that is required for copyright protection. Weather forecasts, sport stats or posting an event on Facebook are not copyrightable.
Based on these guidelines, it’s next to impossible to prove that Ashley Madison’s breached data should be copyrighted. Data inherently lacks creativity – that the data reveals names, email addresses, phone numbers, and credit card information would render it devoid of any opportunities for protection under copyright principles, since the law specifically states that names and facts won’t be protected. Instead, Ashley Madison is abusing the DMCA in order to have sensitive information removed from the internet – but doing so amounts to censorship, which is completely unprotected by copyright principles and could even violate the first amendment rights of the data revealing website owners.
Even if the Data was Copyrighted, It Would Likely be Considered Fair Use
Even if Ashley Madison or its parent company could convince a judge that the data its users uploaded to their servers is copyrightable, websites like Trustify and CheckAshleyMadison.com could likely argue that their posting of data constitutes fair use. The fair use doctrine allows one to use copyrighted work for specific purposes. The use of a copyrighted work constitutes fair use based upon:
- The purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;
- The nature of the copyrighted work;
- The amount and substantiality of the portion used in relation to the copyrighted work as a whole; and
- The effect of the use upon the potential market for or value of the copyrighted work.
It could certainly be argued that websites like CheckAshleyMadison.com and Trustify are engaging in criticism or commentary, which is protected by the fair use doctrine. But that assumes that the data on these websites is copyrightable in the first place, which it likely won’t be.
If you’re running a website, reporting on the Ashley Madison events, or even merely tweeting about it, you should be prepared to be served a takedown notice by Ashley Madison if your work or commentary is highly visible. But there’s absolutely no reason why you should comply. When it comes to takedown notices, it’s important to ask yourself whether the offending information is copyrightable, and whether your use of the copyrighted materials might constitute fair use. While it’s sometimes better to be safe than sorry, it’s also important to hold DMCA invokers to high standards.