14 Strikes and You’re Out! (Maybe): How Cox Communications Lost its DMCA Safe Harbor

It hasn’t been a good couple of weeks for Cox Communications. The Georgia based company which services 3.5 million internet subscribers, 1 was on the receiving end of a Federal Judge’s November 19, 2015 decision that because of its business practices, it was not eligible for immunity from copyright infringement committed by their subscribers, or what is generally referred to as “safe harbor.” 2 Wasting no time, Cox’s insurance company, Certain Underwriters at Lloyd’s, London, immediately filed suit in New York State Court, seeking a declaration that it would not be obligated to insure Cox against damages for what it called Cox’s “intentional business decision” to block and ignore copyright infringement notices sent to it by the record company BMG. 3 The full 35 page decision, not released until December 1, 2015, 4 details Cox’s mighty effort to not only restrict the number of notices it received, but its efforts to keep as active customers subscribers who were known to be serial copyright infringers.

Under the provisions of the DMCA portions of the Copyright Act, in order to remain immune from liability for acts of copyright infringement committed by its subscribers, an Internet Service Provider must have “adopted and reasonably implemented, and informed subscribers and account holders of the service providers…policy that provides for the termination in appropriate circumstances of subscribers and account holders…who are repeat infringers.” 5

Cox did have an “Acceptable Use Policy” in place. It provided that account holders may not use Cox’s services “to post, copy, transmit or disseminate any content that infringes the…copyrights…or proprietary rights of any Party.” 6 Violations could result in the “immediate suspension or termination of either…access to the service and or [the] Cox account.” 7

Sounds good, doesn’t it? Except that Cox’s actual practice was to make it as hard as possible for copyright holders to file complaints, and when it received them, Cox undertook all measures necessary not to terminate the accounts of the subscriber, including a new variation of the now familiar Internet game of “whack-a-mole.”

Here is Cox’s policy for dealing with notices of infringement:

  • If Cox receives a notice of infringement against a subscriber, it places a “strike” against the account, but does not send the notice to the subscriber. 8
  • If Cox receives subsequent notices, strikes are placed on the account, and notice is sent to the subscriber. 9
  • Cox takes no further action until the account has received 8 “strikes” against the account. Then the account holder is sent to a static “detention” page warning them against further infringement and instructing them to delete all infringing files and remove file sharing software. There is no real penalty and the subscriber can re-enable the account by simply clicking on the link on the web page. 10
  • If the subscriber gets another warning notice, it is sent back to “detention,” but the subscriber account can again be re-enabled easily. 11
  • On the tenth notice, the subscriber is sent to “jail,” i.e. a web page that they cannot exit. They must call Cox customer service to get their account re-enabled. 12
  • On the eleventh notice, the subscriber is sent back to “jail,” and must call Cox customer service, again. 13
  • On the twelfth and thirteenth notices, the subscriber is sent back to “jail,” and must talk to a higher level of Cox Customer service to get their service reinstated. 14
  • On the fourteenth notice, Cox will review the account and “consider” termination, but termination is never the automatic remedy. 15

Yep. You read that right. Fourteen strikes and you’re out! Or maybe not. This is certainly a lot more generous than YouTube’s “three strikes” policy, which states:

“If you receive three copyright strikes, your account will be terminated. All the videos uploaded to your account will be removed. Users with terminated accounts aren’t able to create new accounts.” 16

And, as we have noted many times previously on this blog, YouTube is not exactly the shining light of copyright protection on the internet, but this surely beats what Cox did, or more importantly, didn’t.

In particular, it is worth noting that nowhere in the policy is termination of the account automatically the ultimate sanction. Even at the fourteenth notice, Cox still may choose not to terminate the account. And as it turns out, it rarely did.

Between January 2010 and August 2012, Cox terminated an average of 15.5 accounts per month. 17 And then it basically stopped.

“Between September 2012 until November 2014…Cox terminated an average of 0.8 accounts per month with a total of 22 terminations…Cox admits that of the 22 terminated accounts 17 of those had either failed to pay their bills on time or were excessive bandwidth users. 18

“In that same period Cox issued 711,000 email warnings and suspensions- in response to alleged infringements.” 19

The Court observes that termination is supposed to be the logical consequence of repeatedly using the internet to infringe copyrights. “[T]he penalty imposed for repeat infringers (when appropriate circumstances exist) must be termination and not some lesser consequence.” 20

“Another common benchmark, taken from the House and Senate reports is that ‘those who repeatedly or flagrantly abuse their access to the Internet through disrespect for intellectual property rights of others should know that there is a realistic threat of losing that access.’” 21

As reported by TechDirt, the Electronic Frontier Foundation and Public Knowledge attempted to file an amicus curiae brief with the Court on the dire consequences of losing one’s internet access. In a previous hearing, the Judge rejected the attempt, stating:

“I read the brief. It adds absolutely nothing helpful at all. It is a combination of describing the horrors that one endures from losing the Internet for any length of time. Frankly, it sounded like my son complaining when I took his electronics away when he watched YouTube videos instead of doing homework. And it’s completely hysterical.” 22

Good to see that the court system is finally catching on to the ways of the EFF.

But as they say on TV, wait, there’s more!

Not only did Cox stop terminating subscribers for infringing activity, it placed as many roadblocks as possible in the way of copyright owners making a legitimate complaint, and deliberately undermined their own policy.

  • If a subscriber received more than one complaint in a day, say five, ten or twenty, Cox counted all of them as “one complaint” and added only one strike to the account and only forwarded the first complaint to the subscriber. 23
  • Cox imposed a “hard limit” of 200 notices from the same complainant in one day. If those limits were exceeded, the tickets above 200 were unilaterally closed and the complainant was sent a warning email, though Cox did insist to the Court that it would “work with a complainant to set a reasonable number.” 24
  • Cox refused to process any complaints that had offers of settlement. “Until a complainant complies, Cox ‘blacklists’ all complaints received from the same complainant by configuring [Cox’s system] to auto-delete messages received from that complainant’s email address.” 25 Since the agent for BMG refused to comply, Cox eventually blocked all notices from BMG’s agent, meaning no record of the complaints were received, read or retained by Cox. 26
  • Most damaging of all, if a Cox subscriber had their account suspended, and called to complain, Cox reinstated their account and reset the subscriber’s “strikes” to zero. This policy was summed up in an email that flatly stated “DMCA=reactivate.” 27

The Court ruled:

“The record conclusively establishes that before the fall of 2012 Cox did not implement its repeat infringer policy. Instead, Cox publicly purported to comply with its policy, while privately disparaging and intentionally circumventing the DMCA’s requirements. Cox employees followed an unwritten policy put in place by senior members of Cox’s abuse group by which accounts used to repeatedly infringe copyrights would be nominally terminated, only to be reactivated upon request. Once these accounts were reactivated, customers were given clean slates, meaning the next notice of infringement Cox received linked to those accounts would be considered the first in Cox’s graduate response procedure.” 28

The Court then proceeded to quote from some very damaging Cox emails:

  • “As we move forward in this challenging time we want to hold on to every subscriber we can… We must still terminate in order for us to be in compliance with safe harbor but once termination is complete, we have fulfilled our obligation. After you reactivate them the DMCA ‘counter’ restarts; The procedure restarts with the sending of warning letters, just like a first offense.” 29
  • “This is fine. If asked, I would have allowed them back on. We have been turning customers back on who have been terminated for DMCA complaints. As long as our process of warnings, suspen[sion], then termination is followed, we can turn the customer back on and start the DMCA count over. During this time, as we try to keep customers and gain more RGU’s [revenue generating units] it is important to try and balance the needs of the company with the protection of the network. DMCA does not hurt the network like DOS attack, spam or hacking. It is not something we advertise however.” 30
  • “A customer is terminated for the first time… ‘If it is for DMCA you can go ahead and reactivate. Any other issues (hacking, spam, etc.) give[ ] us a heads up and we can all look at it together.’…[I]n 99% of the cases we are going to turn the customer back on…. [I]n that 1% of the cases, the customer will not reactivate at their own discretion.” 31
  • “Internal info only. Do not forward. After termination of DMCA, if you do suspend someone for another DMCA violation, you are not wrong. However, if the customer has a cox.net email we would like to start the warning cycle over, hold for more, etc. A clean slate if you will. This way, we can collect a few extra weeks of payments for their account. ;-) Once the customer has been terminated for DMCA, we have fulfilled the obligation of the DMCA safe harbor and can start over…. We have some leeway here. But know that once a termination happens, we have fulfilled “safe harbor.” These are not in our procedures as we do not make this information publicly known.” 32
  • “You can of course suspend but I would suggest that you just forward any DMCA complaints to his email…. He just has to realize that we must send these to him. If a copyright holder dec[ides] to sue, then we want to make sure the customer knows why …. And it is the law. Make sense? I am not concerned about DMCA and not ready to terminate a CB customer for it … yet. It does not cause a big problem on the network. Not like spam, Dos attacks, hacking, etc. do …The customer is doing this on purpose. I just know it (I can feel it) and is not owned IMO. They just want to steal stuff…” 33
  • “…for DMCA – we don’t want to loose [sic] the revenue.” 34
  • “Hard/Soft verbiage stays amongst us only…. It’s kind of an ‘under the table’ procedure, again, to preserve revenues, when we were loosing [sic] Subscribers, but it only happens about once per month.” 35
  • “This customer pays us over $400/month and if we terminate their service, they will likely cancel the rest of their services. Every terminated Customer becomes lost revenue and a potential Detractor to our Net Promoter Score.” 36
  • “This customer will likely fail again, but let’s give him one more change [sic]. [H]e pays 317.63 a month.” 37
  • “This customer is well aware of his actions and is upset that ‘after years of doing this’ he is now getting caught. Customer was advised to shop sharing, check his wireless and remove his PTP programs.” 38

I don’t think there is any doubt that Cox knew exactly what they were doing: padding their profits at the expense of copyright owners, and refusing to undertake their legal obligations under the DMCA with any degree of care, ethics or responsibility. To repeat from Cox’s own emails:

“This customer is well aware of his actions and is upset that ‘after years of doing this’ he is now getting caught.” 39

If all of this sounds familiar, it should. Terminating a subscriber account, only to immediately reinstate the same subscriber, and resetting their strikes to “zero” is the old game of internet “whack-a-mole” in a slightly new setting-you get rid of it there, and it pops up again here.

And the dodge of having a very public policy of terminating repeat infringers, only to totally ignore that policy as a matter of practice, is the same one used by Grooveshark to operate for close to 10 years in complete violation of the copyright laws. 40

Lastly, the eternally confounding problem is that no one would have the need for the high-speed internet service that Cox provides, if there was not copyrighted content, provided by companies like BMG, that a consumer wished to access. If there was no pot-o-gold to be had, no one would need to build the road to take you there. Why treat the people that make your product attractive and necessary in the first place in such a contemptable fashion?

Now Cox finds itself with the prospect of losing an enormous copyright infringement case, with no safe harbor and potentially no insurance coverage. And the damages are likely to be enormous.

Rightscorp, BMG’s agent, “identified Cox subscribers sharing torrents that Rightscorp had also found on torrent indexing websites. Because each torrent contains a unique “hash,” an identifying code that is only created once, BMG argues these Cox users must have downloaded the torrents at some point. Second, Rightscorp downloaded over 700,000 copies of copyrighted works from Cox subscribers using Cox’s internet service and 100,000 of those copies were of the works at issue in this case. Third, Rightscorp says it identified 2.5 million instances in which Cox users made available the copyrighted works for downloading.” 41

Given that BMG has elected to pursue statutory damages, this number will likely be well over tens of millions of dollars. Further, since the copyright statute of limitations is three years, any other company holding copyrights may now sue for infringements going back to December of 2012, for which Cox will have no “safe harbor” immunity.

I do believe that is what is called “being penny-wise and pound foolish.”


  1. Cox Communications
  2. Judge Rules Cox Not Absolved from User Piracy
  3. Certain Underwriters at Lloyd’s London v. Cox Enterprises, Inc., et al 2015 WL 7708899
  4. BMG Rights Management (US) LLC et al v. Cox Communications, Inc. et al Federal District Court for the Eastern District of Virginia, 2015 WL 7756130. Citations will be to the WestLaw pagination.
  5. 17 USC 512 (i)(1) (A)
  6. BMG at 2
  7. Id.
  8. Id.
  9. Id. at 2-3
  10. Id. at 3
  11. Id.
  12. Id.
  13. Id.
  14. Id.
  15. Id.
  16. YouTube – Copyright Strike Basics
  17. Id. at 16
  18. Id.
  19. Id.
  20. Id. at 12, citing Capitol records, LLC v. Escape Media Group, Inc. District Court for the Southern District of New York 2015 WL 1402049
  21. Id., citing H.R. Rep. 105-551, pt. 2 at 61 (1998)
  22. Judge Mocks Public Interest Concerns About Kicking People Off Internet, Tells Cox It’s Not Protected By The DMCA
  23. BMG at 2
  24. Id.
  25. Id. at 3
  26. Id.
  27. Id. at 15
  28. Id. at 13
  29. Id.
  30. Id. at 14
  31. Id.
  32. Id.
  33. Id.
  34. Id. at 15
  35. Id.
  36. Id. at 17
  37. Id.
  38. Id.
  39. Id. emphasis added
  40. Grooveshark Is Now Deadshark: How an Illegal Streaming Service Hid Behind the DMCA for Nearly 10 Years
  41. BMG at 25

You can get my latest article in your email