This article was published in CAUSE/EFFECT journal, Volume 22 Number 1 1999. The copyright is by EDUCAUSE. See for additional copyright information.

What Colleges and Universities Need to Know about the Digital Millennium Copyright Act
by Casey Lide

Signed into law by President Clinton on October 28, 1998, the Digital Millennium Copyright Act1 (DMCA) represents the most dramatic change to copyright law in a generation. In addition to implementing two 1996 World Intellectual Property Organization treaties, the DMCA is a far-reaching attempt to update copyright law for the digital environment.

The new copyright law contains a number of provisions that should be of interest to college and university administrators and faculty. This article focuses on two sections of particular importance to institutional administrators and copyright commissions: (1) limitations on infringement liability for "service providers," and (2) prohibitions on circumvention of technological protection measures (TPMs). It concludes with a summary of actions campuses should consider taking in response to the provisions of the Act.

There are other provisions of the Act that affect higher education that are not discussed in this article. Distance education received special treatment in the DMCA; one of the key provisions directs the Copyright Office to report to Congress within six months of enactment on how to promote distance education through digital technologies. EDUCAUSE and other parties are actively working with the Copyright Office as this study is developed. The DMCA also contains amendments (section 404) that promote the maintenance and development of digital libraries "to accommodate digital technologies and evolving preservation practices."

Limitation on Infringement Liability for "Service Providers"

Title II of the DMCA (section 512 of the Copyright Act, as amended, enacted on November 3, 1998) establishes certain limitations of copyright infringement liability for online service providers (OSPs). It broadly defines the term "service provider" (which likely includes colleges and universities), and enumerates four categories of conduct by service providers that receive certain protections from liability. It also sets forth "notice and takedown" procedures for material such as Web site content that resides on service provider servers.

Title II requires certain steps to be taken right away by service providers before they may take advantage of the protections, including registration of an agent with the Copyright Office and the development and posting of updated copyright policies. It also has a special provision clarifying the status of faculty and graduate students.

For a more detailed explanation of the new copyright provisions establishing limitations of liability for online service providers, refer to the Act itself and a comprehensive memorandum (courtesy of the Association of Research Libraries) which are linked from the DMCA page of the Current Issues section of the EDUCAUSE Web site (

What qualifies as a "service provider" for DMCA limitations on liability

A party seeking the benefit of the limitations on liability in Title II must qualify as a service provider. The DMCA Title II definitions of service provider are broad enough to provide liability protection for entities that may not conventionally be considered ISPs (Internet Service Providers). In section 512(k)(1)(B), service provider is defined as "a provider of online services or network access, or the operator of facilities therefor."2 Most, if not all, higher education institutions probably fall within this definition.

To be eligible for any of the limitations, service providers must also (1) adopt a policy of terminating the accounts of repeat infringers, and (2) accommodate and not interfere with "standard technical measures" (defined as standardized measures used by copyright owners to identify or protect copyrighted works).3

To be eligible for the limitation on liability in the context of infringing material on Web sites hosted on the service provider system, service providers must have filed with the Copyright Office a designation of agent to receive notification of claimed infringement4 (discussed further below in the context of notice and takedown). They must also have made available online a copy of the updated service provider copyright policy.

Categories of service provider conduct eligible for protection

The DMCA limits liability in four separate contexts: transitory digital network communications, system caching, information location tools, and information on systems or networks at the direction of users. It is important to note that knowledge by the service provider of infringing material is a consideration in each of these four contexts. Generally speaking, if the service provider has such knowledge or as a general matter doesn�t act reasonably upon gaining such knowledge, then liability protection under s. 512 will be less likely.

1. Transitory digital network communications. Generally, this provides protection5 where the service provider "merely acts as a data conduit, transmitting digital information from one point on a network to another at someone else�s request. This limitation covers transmission, routing, or providing connections for the information, as well as the intermediate and transient copies that are made automatically in the operation of the network."6 There are a number of conditions that apply here (e.g., the transmission must be initiated by a person other than the provider, the transmission must be carried out by automatic technical process, the service provider must not determine recipients, and so forth) for which one should refer to the statute. The key thing to remember, however, is that the service provider must be passive.

2. System caching. Generally, this section provides protection for the storing of material from other networks on the service provider system for the purpose of mitigating bandwidth requirements. It has certain conditions, including encouragement that service providers refresh material according to an industry standard, and that they not interfere with technology that transfers "hit" information to the person who posted it.

3. Information location tools. This section includes protection for linking or electronically referring to an infringing site.

4. Information on systems or networks at the direction of users. This section applies to storage on the service provider network at the direction of a user, and conceivably includes such services as Web site hosting. Before taking advantage of protections in this section, service providers must register an agent with the Copyright Office. In addition, according to the U.S. Copyright Office Summary, the following conditions must be met:

Notice and takedown

As the last bullet above suggests, the DMCA specifies requirements for notice (by the copyright owner to the service provider) and takedown (by the service provider of the alleging infringing material). In summary:

Under the notice and takedown procedure, a copyright owner submits a notification under penalty of perjury, including a list of specified elements, to the service provider�s designated agent. [The list of designated agents is maintained at the Copyright Office Web site]. Failure to comply substantially with the statutory requirements means that the notification will not be considered in determining the requisite level of knowledge by the service provider. If, upon receiving a proper notification, the service provider promptly removes or blocks access to the material identified in the notification, the provider is exempt from monetary liability.8

In this situation the provider is also expected to notify the subscriber--the person whose information was removed or blocked. Doing so protects the provider from liability to persons for claims based on its having taken down the material.9

Notice and takedown has the potential to present sensitive situations at colleges and universities. Martha Winnacker at the University of California Office of the President writes:

When notice of alleged infringement involves materials made available by members of the faculty, the process for making takedown decisions will have to be transparent and legitimate enough to withstand controversy. Even a temporary takedown may cause serious disruption to teaching or research, or it may be seen as threatening the principles of academic freedom. Universities will require competent staff and legal resources to help faculty, students, and staff understand what copyright law allows and to help administrators make appropriate choices when infringement is alleged. The same issues will apply in lesser degree to material made available by students, particularly if it is related to research.10

Again, for further details on OSP liability and notice and takedown, refer to the ARL memo mentioned above (at

Special OSP liability provision for actions by faculty and graduate students

Section 512(e) of the Act specifically addresses how the actions of faculty and graduate students affect the eligibility of a nonprofit educational institution that seeks protection as a service provider under the new provisions. (This section apparently does not apply to undergraduate students.) In the context of liability limitations for transitory communications or system caching, "the faculty member or student shall be considered a �person other than the provider,� so as to avoid disqualifying the institution from eligibility."11

According to the U.S. Copyright Office Summary, for the other two contexts--liability limitations for material residing on networks at the direction of users and for information location tools--the knowledge or awareness of the faculty member or student will not be attributed to the institution, provided the following conditions are met:

Prohibitions on Circumvention of Technological Protection Measures

Title I of the DMCA implements two treaties of the World Intellectual Property Organization (WIPO), the WIPO Copyright Treaty and the WIPO Performances and Phonograms Treaty. Each of these treaties contains similar language requiring member states to prevent circumvention of technological measures used to protect copyrighted works.

The new section 1201 of the DMCA is the U.S. implementation of the WIPO obligation. It covers two types of technological measures used to protect copyrighted works: those that prevent unauthorized access to and those that prevent unauthorized copying of a copyrighted work. It prohibits the making or selling of devices or services that are used to circumvent either.

Interestingly, while it also prohibits (effective two years from now) the act of circumvention itself for access-control TPMs, it does not prohibit the act of circumventing the copy-control TPM. The U.S. Copyright Office Summary explains, "This distinction was employed to assure that the public will have the continued ability to make fair use of copyrighted works. Since copying of a work may be a fair use under appropriate circumstances, section 1201 does not prohibit the act of circumventing a technological protection measure that prevents copying."13

Among many other clauses and exceptions of various types in section 1201 is one specifically addressing "nonprofit library, archive and educational institutions"--an exception to the prohibition on circumventing access-control TPMs. It "permits nonprofit libraries, archives and educational institutions to circumvent solely for the purpose of making a good faith determination as to whether they wish to obtain authorized access to the work."14

The significance of this exception depends to a large degree on near-term technological development, specifically on what types of TPMs come to represent a standard, and whether there will be a mechanism ensuring that the exception has some real meaning.

Campus Action Agenda

So what do colleges and universities need to do in response to the provisions and regulations set forth in the Digital Millennium Copyright Act? While the Act does not explicitly classify higher education institutions as OSPs, EDUCAUSE is advising members to take advantage of the opportunity to limit their liability as online service providers as soon as possible by registering with the Copyright Office an agent to receive notification of claims of copyright infringement.

The Act suggests other actions, as well. Colleges and universities should begin to develop or update policies and procedures for handling complaints of copyright infringement that occur on networks or servers they control. To enjoy the protection from liability offered by the DMCA, such policies will need to include the procedure of terminating the accounts of repeat infringers and to accommodate and not interfere with standard measures used by copyright owners to identify and protect their works. These policies and procedures will need to be posted on the institution�s Web site.

Finally, colleges and universities will need to undertake an educational program to ensure that their campus communities understand the copyright law and to promote compliance with it. This will require competent staff and legal resources, especially to respond appropriately when infringement is alleged.


A Quick Checklist for Campus Actions

More detailed information about the DMCA, including links to a helpful summary produced by the U.S. Copyright Office and several other DMCA reference materials, is available on the EDUCAUSE Web server at


1 Pub. L. No. 105-304, 112 Stat. 2860 (October 28, 1998). The provisions in the DMCA became effective on the date of enactment, but there are a few exceptions. One of them is the prohibition on the act of circumvention of access-control technological protection measures; this prohibition does not take effect until two years after the date of enactment.

Back to the text

2 Actually, the DMCA defines service provider in two ways. In the specific context of transitory communications--where the service provider acts as a conduit--service provider is defined as "an entity offering the transmission, routing, or providing of connections for digital online communications, between or among points specified by a user, of material of the user�s choosing, without modification to the content of the material as sent or received." [s. 512(k)(1)(A)]

Back to the text

3 See also The Digital Millennium Copyright Act of 1998, U.S. Copyright Office Summary (December 1998), available online at

Back to the text

4 The Copyright Office provides a form for this purpose at

Back to the text

5 Generally speaking, the liability protections specify that service providers shall not be liable for monetary damages, and in certain cases would be immune from injunction as well. For specifics on the types and extent of liability protection afforded, refer to s. 512 of the statute.

Back to the text

6 U.S. Copyright Office Summary at 10.

Back to the text

7 U.S. Copyright Office Summary at 7.

Back to the text

8 Ibid. at 12.

Back to the text

9 If the subscriber responds by presenting a permitted counter-notification, the provider must put the material back up within ten to fourteen days.

Back to the text

10 From a draft memo distributed at the joint business meeting of the Board on Distance Education, Board on Technology Infrastructure, and Board on Library Resources of the National Association of State Universities and Land-Grant Colleges, November 12, 1998. Copy is on file with the author.

Back to the text

11 U.S. Copyright Office Summary at 13.

Back to the text

12 Ibid.

Back to the text

13 U.S. Copyright Office Summary at 4.

Back to the text

14 U.S. Copyright Office Summary at 5.

Back to the text

Casey Lide is a policy analyst on the EDUCAUSE staff in the association�s Washington, D.C. office. the table of contents