No DMCA safe harbor for Cox’s 13-strike policy for terminating repeat infringers

No DMCA safe harbor for Cox's 13-strike policy for terminating repeat infringersOn February 1, 2018, the U.S. Court of Appeals for the Fourth Circuit issued a decision in the case, BMG Rights Management LLC v. Cox Communications, Inc. The Fourth Circuit affirmed in part the district court’s granting of summary judgment to BMG on the § 512(a) Digital Millennium Copyright Act (DMCA) safe harbor defense. The court also reversed in part and remanded for a new trial because of errors in the jury instructions.

Ultimately, the Fourth Circuit agreed with the district court’s decision that Cox was not entitled to the safe harbor defense, finding that Cox’s 13-strike policy for repeat infringers was effectively no policy at all, and far less than the termination policy required in order to maintain safe harbor protections.

Factual Background

Plaintiff BMG, an owner of copyrights in musical compositions, filed suit against Cox for copyright infringement. BMG sought to hold Cox, a high-speed Internet service provider (ISP), vicariously and contributorily liable for the infringing activities of Cox’s subscribers.

BMG alleged that some of Cox’s roughly 4.5 million subscribers shared and received copyrighted files using BitTorrent. BitTorrent, a communication protocol for peer-to-peer file sharing, allows users to directly transfer files to another’s computer over the Internet. BitTorrent transfers often involve unauthorized sharing of copyrighted music and video files.

BMG employs a third party called Rightscorp, Inc., to monitor BitTorrent for infringing activity of BMG’s rights. Upon notice of infringing conduct, Rightscorp emails an infringement notice to the infringing user’s ISP and requests the ISP to take action against the user. In 2011, Cox “blacklisted” Rightscorp and its infringement notices after Rightscorp refused to remove settlement language in its notices to Cox. In essence, when Cox received the millions of Rightscorp infringement notices, Cox either deleted the notices or took no action against the infringing users.

The court found Cox’s policies for terminating subscribers participating in infringing activities was insufficient to qualify for safe harbor protection. The DMCA’s safe harbor provision, 17 U.S.C. § 512(a), requires an ISP to adopt and reasonably implement a policy to terminate subscribers who are repeat infringers.

Cox uses an automated system for terminating user accounts that rests on a 13-strike policy, which Cox resets every six months. The Fourth Circuit explained:

Cox’s automated system rests on a thirteen-strike policy that determines the action to be taken based on how many notices Cox has previously received regarding infringement by a particular subscriber. The first notice alleging a subscriber’s infringement produces no action from Cox. The second through seventh notices result in warning emails from Cox to the subscriber. After the eighth and ninth notices, Cox limits the subscriber’s Internet access to a single webpage that contains a warning, but the subscriber can reactivate complete service by clicking an acknowledgement. After the tenth and eleventh notices, Cox suspends services, requiring the subscriber to call a technician, who, after explaining the reason for suspension and advising removal of infringing content, reactivates service. After the twelfth notice, the subscriber is suspended and directed to a specialized technician, who, after another warning to cease infringing conduct, reactivates service. After the thirteenth notice, the subscriber is again suspended, and, for the first time, considered for termination. Cox never automatically terminates a subscriber.

Who Qualifies as Repeat Infringers

The DMCA does not define the term repeat infringers, so Cox argued that the safe harbor provisions only required that it delete the accounts of those specifically adjudicated as infringers. The Fourth Circuit panel rejected this argument, pointing out that the Copyright Act uses the term “infringer” to refer to all those who engage in infringing activity, and not just the narrow subset of those who have actually been so adjudicated as infringers by a court. The Court further found that the Legislative History clearly evidenced an intent to take Internet access away from those who repeatedly engage in infringing activity regardless of whether there was actually an adjudication in court.

Because Cox failed to terminate the accounts of its repeat infringers despite being on notice to the infringing activities, the Court found that Cox could not benefit from safe harbor protections of the DMCA.

In view of this decision, it will be interesting to see whether other ISPs adopt more stringent policies to crack down on repeat infringers.


Warning & Disclaimer: The pages, articles and comments on do not constitute legal advice, nor do they create any attorney-client relationship. The articles published express the personal opinion and views of the author as of the time of publication and should not be attributed to the author’s employer, clients or the sponsors of Read more.

Join the Discussion

5 comments so far.

  • [Avatar for Mitch Stoltz]
    Mitch Stoltz
    February 22, 2018 12:35 pm

    The court describes Cox’s policy, but its holding relates to Cox’s implementation of the policy, not the particulars of the policy itself. Of course a court can interpret the statute, but it would be improper for a court to decide after the fact that “appropriate circumstances” means a particular number of “strikes” and that an ISP can lose its safe harbor for failing to follow specific requirements that were never specified.

    We’re unlikely to agree on what this case means, but the question may come up again soon, potentially in the Grande case in Texas, so I suspect we’ll see who’s right.

  • [Avatar for Gene Quinn]
    Gene Quinn
    February 21, 2018 08:36 pm


    We are in partial agreement I suppose. I agree that the Court did not rule on the policy Cox adopted and never followed. You, however, disagreed that the Court said the thirteen-strike policy was inadequate. I think any fair reading of what the Fourth Circuit says comes to the conclusion that the thirteen-strike policy was inadequate. The Fourth Circuit said that the thirteen-strike policy made it clear that Cox has no intention of dealing with repeat infringers. I’m not sure how you can conclude anything other than the Court felt that thirteen-strike policy was inadequate under the statute.

    I understand that ISPs need some latitude, but you are horribly mistaken when you conclude that it is inappropriate for the court to define what “appropriate circumstances.” It is the prerogative of the Courts to interpret the law, which they do all that time.

    Am I aware of any authority that defines the number of strikes — I think the answer is yes — this very case. You are reading the case far too narrowly.

  • [Avatar for Mitch Stoltz]
    Mitch Stoltz
    February 21, 2018 08:03 pm

    I think you’re confusing the requirement to “adopt” a policy of terminating repeat infringers in “appropriate circumstances” from the separate requirement to “reasonably implement” that policy. The Fourth Circuit’s decision turned only on the latter. “Cox formally adopted a repeat infringer ‘policy,’ but, both before and after September 2012, made every effort to avoid reasonably implementing that policy.” The court explicitly did not rule on whether the policy that Cox formally adopted was acceptable, because it was “mindful of the need to afford ISPs flexibility in crafting repeat infringer policies, and of the difficulty of determining when it is ‘appropriate’ to terminate a person’s access to the Internet.”

    I agree with Professor Nimmer on this one: the statute doesn’t say what “appropriate circumstances” are, therefore it would be improper for a court to impose specific requirements after the fact. The Fourth Circuit didn’t do that, and no other court has, either. Are you aware of any authority that defines appropriate circumstances to mean a particular number of “strikes,” or a quantum of evidence that establishes repeat infringement by a subscriber?

    Without that, it’s still up to the ISP. They just have to be reasonable and internally consistent, and probably not reconnect users immediately after termination.

  • [Avatar for Gene Quinn]
    Gene Quinn
    February 21, 2018 06:35 pm


    Pretty clearly it is you that are misrepresenting what the Fourth Circuit ruled.

    The district court held that Cox had not produced evidence that it had implemented a policy entitling it to a statutory safe harbor defense and so granted summary judgment on that issue to BMG. As the article explains, the Fourth Circuit affirmed the district court’s grant of summary judgment to BMG on the § 512(a) DMCA safe harbor defense.

    Further, the Fourth Circuit explained: “Cox formally adopted a repeat infringer policy, but, both before and after September 2012, made every effort to avoid reasonably implementing that policy. Indeed, in carrying out its thirteen-strike process, Cox very clearly determined not to terminate subscribers who in fact repeatedly violated the policy.”

    The Court did say: “Cox failed to qualify for the DMCA safe harbor because it failed to implement its policy in any consistent or meaningful way — leaving it essentially with no policy.” But any lawyer worth their own salt knows what that means, and it isn’t at all what you are suggesting. Cox failed to implement the formally adopted repeat infringer policy. The conclusion does not mean that the Cox thirteen strike policy was adequate. In fact, the Court specifically ruled the exact opposite. By refusing to implement the repeat infringer policy and instead “carrying out its thirteen-strike process, Cox very clearly determined not to terminate subscribers who in fact repeatedly violated the policy.”

    Notwithstanding your mischaracterization, it would be interesting to know if you believe a thirtee-strike policy complies with the DMCA. Is it your opinion that the thirteen-strike policy should have resulted in a safe harbor defense being allowed? And is this the official position of the EFF?


  • [Avatar for Mitch Stoltz]
    Mitch Stoltz
    February 21, 2018 05:20 pm

    I think you’ve misrepresented the court’s opinion. The court didn’t say that Cox’s thirteen-strike policy was inadequate, but only that by restoring terminated customers right away, Cox wasn’t following its own policy. The statute doesn’t specify an acceptable number of “strikes” or any other detail of a repeat infringer policy, and the court was right not to impose any specifications.