Viacom International, Inc. v. Youtube, Inc.

Filing 125

APPENDIX, on behalf of Appellant Black Entertainment Television, LLC, Comedy Partners, Country Music Television, Inc., Paramount Pictures Corporation and Viacom International, Inc., FILED. Service date 12/10/2010 by CM/ECF. [165098] [10-3270]

A-101 Online Initiatives I Economic Constructs We must define how best to value our content online - such that online valuations are roughly consistent with linear valuations License fee! title network's average linear license fee! # of unique episodes on that network = avg. fee! title Aggregate monthly license fees to online distributors by simply multiplying avg fee! title by number of titles oltered each month Assumes linear license fee is an accurate starting price (many think our nets are underpriced relative to their viewership) Assumes that linear license fees (based on households) should translate to online (where viewership is individual) - might imply a discount (i.e. $1 on linear gets you 4 viewers - so correspondent online fee should be $0.257) Does not account for quality of titles - i.e. a more current or more "evergreen" title would command a higher fee Does not create a good means of valuing short-form content Ad sales multiple Concept: bump in CPM you see for online vs. TV eyeball = multiple to linear license fee (don't know if this is actually measurable on a reliable! consistent basis ... ) Money spent on linear ads does not generate: Confirmation that ad was seen when run (It or people leaving room) Quantifiable ROI Targeted messaging - the smallest niche you can hit is the audience you THINK is watching a certain show Potential for impulse activity - user cannot "click" on the spot made all this up - what do you think? 38 HIGHLY CONFIDENTIAL VIA00316651 A-102 Online Initiatives I General Deal Terms & C particulars of each deal will vary, the general terms we pursue consistent across all Must-have · No portability on free content · For use only on partner-hosted platforms and solely as distributed on a TCP/I P technical platform · No right to sublicense, re-distribute, syndicate, transfer or otherwise use the Licensed Property · Universally-associated DRM · <2 years · MTVN shall have the sole right to sell all advertising inventory in, around or otherwise associated with the Licensed Content · Partner shall provide all backend reporting, targeting and serving technology · End-users shall not have the ability to skip advertising · MTVN can serve any ad format it chooses (e.g., pre-roll) · · · · Dedicated placement in any storefronts / unique areas MTVN controls branded areas and UIs Right to link back to MTVN-owned websites Participation in any e-commerce revenues ·I · MTVN may access customer information/ search queries associated with our content · Any data necessary to target advertising & user communications · All search results shall be based on metadata · "Preferred placements" be separate and so-identified · Top placement with respect to certain proprietary search terms ·I HIGHLY CONFIDENTIAL VIA00316652 A-103 40 HIGHLY CONFIDENTIAL VIA00316653 A-104 Distribution Tactics I Download to Own II Economics and content models I' I' Continue executing "off-the-shelf" deals with all digital retailers - established standard terms (those closed with iTunes, AOL, Amazon) include: 7 0 / 3 0 retail revenue split Branded MTVN sales areas Advertising parameters I know there are more terms to include here ... add away II Content Investment Grow catalogue I acquire rights based on a clear content strategy that promotes programming most suited to OTO format Selectively offer full seasons 1 promotional episodes of current, on-air shows (based on channel promotional priorities) Use DTO as a means of re-packaging 1 re-monetizing "vintage" library content that has already run its course (e.g. box sets) Develop made-for-download products that demonstrate benefits of owning digital content (e.g customizable MTVN "lockers" where users can easily store faves, manage playlists, chat with other MTVN enthusiasts, access recommended new buys, etc.) II Process Definitions I: I' I' HOW BESTTO COUCH THE "WHO DOES WHAT" QUESTIONS? Transactional: Online distribution team identifies, executes, and launches OTO p'ships Programming & placement: brand teams own creative placement Operational: programming teams I NOC must automate transmission of OTO files (digitization, metadata, transport) Research 1 Study consumption patterns surrounding downloaded video content Add content based on research results and MTVN product performance 1 Optimize 41 HIGHLY CONFIDENTIAL VIA00316654 A-105 Distribution Tactics I Streaming Syndication Content Model Goals-will vary by Brand and Franchise: Formalize a flexible content distribution strategy that maximizes traffic and revenue back to MTVN without jeopardizing (a) current affiliate and ad sales businesses (b) brand equity Set contractual precedents for favorable economic exchange & MTVN value generation Short-Form Archive Amount Kind/Shows Unlimited · No restrictions Short-Form Current Broad · What gets "scattered to the winds"? · What stays on our sites? · Do we have relationships Long-Form Archive Selective · Restricted to address other contract provisions Long-Form Current Selective I promotional · Restricted to address other contract provisions (e.g. streaming caps) (e.g. streaming caps) AND to mitigate linear cannibalization Rationale & Risks · No cannibalization of linear programming · Monetizes otherwise "expired" content · Promotion to DVD sales · Additional outlets/eyeballs for Overdrive-type content · Promotion to linear channel · Minimal cannibalization of linear programming · Monetizes potentially "expired" content · Serve brand marketing and windowing goals · May pose risk to DVD Yes, using wireless model as comp -license monthly packages of content License fee None Yes "Per-rerun" price · DVD comp · 70/30 · Pre-roll · Interstitial · Commerce · Telescope Yes · "Per-ep" price · Ad sales multiple · 70/30 but possibly less if big promo value Ad Share Ad Formats [e.g. preroll, etc.] ·70/30 · Pre-roll · Billboard · Commerce link (e.g. on · 70/30 but possibly less if big promo value · Pre-roll · Billboard · Commerce · Telescope · Pre-roll · Interstitial · Commerce · Telescope product placement, DVD, CD sale) · Telescope to additional ad or entertainment content 42 HIGHLY CONFIDENTIAL VIA00316655 A-106 Distribution Tactics I Streaming Syndication II Content Investment I' Counterprogram I differentiate content vs. existing linear Exploit brand programming expertise to make internet screen a complement to (rather than a substitute lor) the linear experience Combine long- and short-Iorm programming to build new "lean-back" viewing experiences Invest in broad online clearances Establish new and additive ad inventory L i n e a r advertising should continue to serve advertisers as mass creation of awareness Online advertising and its associated lunctionalities enable much tighter targeting and calls to action Create content experiences that tie into linear experience (e.g. develop deployable, consumer-appealing ways of integrating online and set-top experiences) II Process Definitions I: HOW BESTTO COUCH THE "WHO DOES WHAT" QUESTIONS? Transactional: Online distribution team identifies, executes, and launches streaming syndication p'ships Programming & placement: brand teams own creative scheduling and content offering Operational: programming teams I NOC must automate transmission (digitization, metadata, transport) 1 Research I' I' Study consumption patterns and best-performing outlets Optimize 1 Add content based on research results and MTVN product performance 43 HIGHLY CONFIDENTIAL VIA00316656 A-107 Distribution Tactics I MTVN Sites & Destinations II II Economics and content models Primarily short-form content (Mix of current and archive) I I CPM-based ad sales: pre-roll video presented to viewer every several clips Content Investment Implement more robust search tools Create opportunities for personalization Made-for content Integration of site f')(npripnr.p~ t() ()thpr ~rn:::r.pn~ (p. (l ~TR m()hil" There must be a strategy doc for these sites somewhere - can we steal it? Process Definitions Brands own programming strategies and integration with other platforms II I I I I I Digital distribution team works takes on traffic generation Research Execute multi-platform research: better understand relationship between I usage patterns of sites, linear nets, etc. Optimize Track user flows & demos to drive more effective ad targeting Study in-site user clusters to more effectively program high-traffic areas 44 HIGHLY CONFIDENTIAL VIA00316657 A-108 Distribution Tactics New Audience Aggregation / New Content Experiences II II Economics and content models I, I VARIOUS Initial investment must focus on creating an environment that supports innovation Content Investment - Pool of "experimental" funds Prototyping II Process Definitions I' Digital distribution team works with existing and potential partners to identify viable opportunities to build out new experiences I I Research Optimize I I 45 HIGHLY CONFIDENTIAL VIA00316658 A-109 Schapiro Exhibit 168 A-110 Subject: First draft update From: "Cahan, Adam" To: Schwartz, Stefanie; Blair Harrison; Epstein, Josh; Bakish, Robert; Harrison, Blair - iFilm; Lehman, Nicholas; Patel, Kruti ; West, Denmark; nadastir@yahoo.com Date: Sat, 08 Jul 2006 21:02:05 +0000 Cc: per stef suggestion - added a MTVN/Viacom upside section. List of attachments: YouTube v2.doc CONFIDENTIAL VIA00857221 A-111 CONFIDENTIAL MTV NETWORKS and VIACOM YOUTUBE ACQUISTION RATIONALE July 7,2006 y KEY TAKEAWAYS: We believe YouTube would make a transformative acquisition for MTV Networks/Viacom (price pending) that would enable our company to tap the leader in viral video audience experiencing explosive growth. With the scale of our video library (MTVN and ParamountiDreamWorks), the depth of our consumer and advertiser relationships, the targeted promotion of our networks, and the direct relevance of our brands we can help YouTube become the category-killer for online video search, sharing and community. Our valuation based on x,y,z, suggests that YouTube value up to $yM on base case with topline $z, and margin of Y. Upside case ... In the video category YouTube is a clear leader with 12.7M uniques (MMX) (20M according to NetRatings) growing 100% month-on-month. In addition relative to the competition it is experiencing 3-5X time spent with an average of 36 minutes per unique per month (MMX). By NetRatings it has reach #20 online. With the nature of many-to-many video sharing, YouTube is tapping a network effect that will be challenging to displace - users continue to upload -60K videos per day (per You Tube ) and invest in tagging, cataloging and sharing their videos. As more users upload and provide editorial relevance, the site is expanding the breadth and depth of the content offering - with greater audience, the value of "broadcasting yourself'increases. "YouTube is currently serving 70 million videos per day to six million unique users daily, up from 3 million in December, with more than 60,000 videos being uploaded per day. YouTube is serving more than 200 million page views a day and is ranked the 18th most trafficked site on the Internet, according to Alexa." - You Tube Site From a strategic perspective, we remain concerned that a combination Fox owned MySpaceN ouTube would represent a consolidated content/distribution model targeting our core demographic's consumption patterns (what percentage of time spent online would the combined site have) From an advertiser perspective, film/studio based advertising is the #1 advertising category across MTVN representing $517M and 17% of total dollars spent (Film $403M, HV $114M). As demonstrated by recent deals (Disney, NBC, Weinstein), this community is particularly prone to migrate dollars quickly where the target audience aggregates. A 10% shift of these dollars online could represent $50M+ shift for MTVN based on 2005. Monetization will likely need to remain scaled back in the near-term as YouTube grows and maintains traffic, over time Y ouTube will be a platform for promotion with premium branded reach display advertising (homepage), targeted advertising (search related), and premium promotion (ie. Sponsored entertainment videos, professional content channels). In addition, we believe with scale, that YouTube will HIGHLY CONFIDENTIAL VIA00857222 A-112 n e e d to develop and innovate new forms of ROI/ Relevant video advertising - i.e. DR video, bid for placement (homepage trailers based on clickthrough and $$). For MTVN it represents a potential promotional vehicle back to television, and an inexpensive source/ filter for User Generated Content and talent sourcing for our networks (i.e., the ultimate payoff of getting yourself on TV). In addition, there is an opportunity over time for ad supported (chaptered, clip based) premium content from both our studio and other content providers - i.e. clip/chaptered Movie of The Week. Going forward, Y ouTube has the potential to transform from an entertainment site/destination to a video search utility, harnessing the audience to help it define video relevance -i.e. people are now "youtubing" a video they are looking for. MEDIA METRIX MONTHLY UNIQUES Monthly Uniques Thousands Source: Media Metrix ]oshISte!- would like to look at netratings as well- concerned over myspacevideo plus netratings has them at 20M. y STRATEGIC FIT As one of the largest owners and producers of video in the world, video is a core competence of MTVN/ Viacom and a category online where we believe the multip l a t f o r m nature of our advertising will first be established. Core demographic appeal (any proof) Scale in online reach and video consumption where we require additional exposure as a company Content source and filter for UGC to television - Y o u T u b e on MTVN best of weekly where users can become famous. Talent source for potential trend-spotting and new talent acquisition Promotional source for television programming HIGHLY CONFIDENTIAL VIA00857223 A-113 y UPSIDE FROM MTVNNIACOM · Audience on TV - M T V N provides an outlet for fame. Ie. Best of appears weekly on relevant MTVN property - C o m e d y Central/MTV. Reinforces the user participation and why they want to upload their content first at Y ouTube · Brands - editorial fit enables us to both source talent and make users famous. The crowd decides, we put it on air - people will push to promote themselves (make me famous) and draw in additional users and content reinforcing the model · Advertiser relations/ salesforce: leveraging our relationships with film studios and demographically targeted advertising - w e can significantly enhance CPM based on multiplatform sales approach. Video content - breadth and depth can power Y ouTube to the next level of relevance · Promotion - fit with our target audience and demo. We can reinforce and drive traffic/ promotion to Y ouTube y AUDIENCE Key trends: Time Spent May - A v e r a g e Time Spent per Unique Minutes 36.0 11.6 8.4 5.5 MySpace Video Google Video eBaums World Yahoo! Video Source: Media Metrix May Reach HIGHLY CONFIDENTIAL VIA00857224 A-114 N e t R a t i n g s Monthly Unique Visitors Millions 105 99 95 94 Top 20 as of May 72 55 44 42 40 39 38 35 34 31 29 23 22 21 20 20 -'" 0 '6 (f) u; ~ 0 0 ('J Ol ..c: 0 0 >- ro :;:, t; z (fJ :2' 0 --' >aJ OJ ro a CL :2' :::J OJ U OJ ro CL c N 0 « ro (fJ :2' >- « ro E ~ Z rr: 0 -'" (f) .c Il OJ ..c: 0 Qj OJ u 0 0 E Cil OJ Cii "5 ..0 "0 OJ CL .~ Q5 Z (f) « « CL s: « s: ~ u >--' 0 z 0 Z OJ ..0 "0 Qj Ol Ol OJ ..0 :::J 0 f0 « 0 :::J OJ >- Source: Net Ratings May y ADVERTISERS/ PROMOTIONAL PARTNERS Recent activity includes strategic partnership with NBC for content and promotion, Weinstein launch for Lucky Slevin and Entertainment advertisers including Disney (Pirates of the Carribean) Advertising example - P i r a t e s Of Caribbean Related Tags: 'ii:J_:c':' c'!.:~L:J~:j :_:J!J!~0::)J: ;_'Jl Sortby.ReI8V:sltlC8-['.'ii,cf-l'Ir.:6'1-'\Jil';',,''''::('I!'1'-~ M#@gi#'~~@~W%@@h@g Ads lJy Goooooogle ~t~il !:t,l.j!lj-' b·j~e9s r3!Vi.':'~ COl ~1~iS" fI.~U;-l'f:h~ejl: (l!'l E~~J~l:LDj · The film-based entertainment category is a "first-mover" and we have exposure across MTVN at $517M, 17% HIGHLY CONFIDENTIAL VIA00857225 A-115 y COMPETITION MySpace - - A consolidation of YouTube and MySpace would be a significant threat and competitor to MTVN core demographis. The combination would consolidate the value chain from video creation through distribution and enable Fox to become a "must have buy" for our core demographics and users. -15% of YouTube traffic comes from embedded players according to management. According to Fox, MySpace represents -70% of that number W h i l e MySpace has attempted to shut-down YouTube on 2 occasions they have been unsuccessful to date - with audience revolt. MySpace has also launched myspace video which has shown significant traffic growth but has not seen time spent as Y ouTube has. Other: Google Video, Yahoo Video, Grouper, Revver See risk below y POTENTIAL OPPORTUNITY/BUSINESS MODEL Two paths of monetization - utility (ie, video search), and entertainment - dependent upon the traction You Tube gains in broader video search (beyond user generated) - Display/ reach based advertising: Homepage inventory and display advertising P a i d placement - h o m e page auction based sponsored video (i.e. one block where film studios bid for placement of their trailers) Targeted advertising: search based advertising as users seek to find video Premium content - o v e r time the use of ad supported premium clips/content in a separate section (i.e., Movie of the week, first looks, releases, film trailers, etc). Lighter embedded video ads (not-preroll) Embedded players - identifying a utility based advertising model - ie. Text links, click through promotion, other Innovation for targeted advertising - D R video, can we identify a way to discern intent in the video and highlight relevant ads y POTENTIAL RISKS MySpace · potentially shit-down or limit access to embedded YouTube players Further accelerate MySpace video Google · Recently moved to "immediate upload" similar to YouTube. May seek to go after differentiated content by digitizing libraries of content owners Yahoo! - Recently launched Y! video with upload features, leveraging social search technology and approach from Flick'r Startups HIGHLY CONFIDENTIAL VIA00857226 A-116 A n y aggressive monetization or significant change in overall approach (i.e., corporatization) may result in audience loss · Fad-driven nature of content Is this simply "America's Funniest HomeVideos" y COMPANY BACKGROUND: Founded February 2005 Site motto: "Broadcast yourself' Features and usage Users can instantly upload, watch, tag and share videos. Getting to comprehensive - search millions of videos uploaded by community members Personalize the experience by subscribing to member videos, saving favorites, and creating playlists. Developing a persona on Y ouTube Embed Y ouTube videos on websites using video implants or APIs Users can make their posted videos public or private Ability to watch and share videos from mobile phones or PDAs Management: Chad Hurley - C E O & co-founder - prior Paypal Steve Chen - C T O & co-founder - Prior Paypal Sales and bus dev. mostly x-Yahoo! (Chris Maxcy) Investors: YouTube announced its first round of funding in November 2005 for $3.5 million from venture-capital firm Sequoia Capital. In April 2006, Y ouTube received an additional $8 million in a second round of funding from Sequoiainvestment led by Roelof Botha, former CFO of Pay Pal HIGHLY CONFIDENTIAL VIA00857227 A-117 Schapiro Exhibit 171 A-118 CONTENT IDENTIFICATION AND MANAiGE'''E~1T AGREEMENT RIGHTS OWNER FULL LEGAL NAME: TYPE OF ENTITY: Viacom Inc, (and its whOIl\,·olivneid en1ities)(hEmeimlfter the STATE IF IN THE UNITED INCORPORATION OR RE!SIDENCE: New York TAX IDENl1FICATION NUMBER: NIA BUSINESS CONTACT TECHNICAL CONTACT ACCOUNTING CONTACT Content Idsfltifi(;!lti{ln and Malnagiem,ent Agr.eerrlent In~ J}a,;L~k ~ DAVID EUN BY ~ Vice President, Content Partne18hlps NA~Google, Inc. TITLE: Mountain ~~,"t::'A 't\t6"4T v TITLE: Executive VP, General Counsel 1600 AmphlJAlltft' ~ 1515 EJr(llSml!l8V New York, Highly Confidential Expert - L i e s G00001-02244041 A-119 1. Definitions. "Block" means the Usage Policy available in the System for Rights Owner to specify tha1 a user video be blocked from playback on YouTube in the territories selected by Rights Owner, "10 File" means the unique binary data that describes a Work and is used for the automatic identification of that Work or a portion thereof. 10 Files may be provided by Rights Owner to Google or created by Google using the Reference Files. "Monetize" means the Usage Policy available in the System for Rights Owner to license to Google in the territories, selected by Rights Owner a user video matching an ID File or claimed by Rights Owner using the search functionality that may be offered by the System. "Reference Files" means the Works provided by Rights Owner to Google pursuant to this Agreement. "Software" has the meaning given in the preamble. "System" has the meaning given in the preamble. "Track" means the Usage Policy available in the System for Rights Owner where it does not specify that the user video be blocked from playback on YouTube, but also does not grant any licenses thereto. "Usage Policy" means Monetize, Track, or Block, or such other policies as may be made available by Google from time to time, "Work~ means audio and audiovisual works owned or controlled by Rights Owner. "YouTube" means YouTube.com and subdomains. 2. Reference Files and 10 Files. (a) Rights Owner will deliver to Goog!e the Reference Files or 10 Files created using the Software. If Rights Owner prOVides Reference Flies, Google will create corresponding 10 Files. Rights Owner shall retain all rights, including without Hmltation copyright rights, in Reference Files. Rights Owner will provide metadata associated with each Reference File or 10 File (such as title,description, the Usage Policy, and the territorial scope of each Usage Policy) via an XML feed or othelWise pursuant to Google's reasonabfe specifications. Rights Owner will make commercially reasonable efforts to ensure that the metadata delivered to Google is accurate and current. Google will provide appropriate format, resolution, and bit-rate ,specifications for the delivery of Reference Fifes, ID Files, and metadata. (b) Rights Owner may inactivate from use in the System any of its Reference Fites and 10 Flies at any time and thereby terminate Google's license to use the Reference FrIes and 10 Files. Google will store the Reference Files and ID Files on secure servers and will protect Reference Files and ID Files from unauthorized access as specified in Exhibil A. Google will develop the capability to delete or destroy, at Rights Owner's Request, any or all of Rights Owner's Reference Files and 10 Files; provided, however, that nothing herein alters either party's document retention Or discovery obligations in connec;;tion with any pending or future litigation between the parties, and Google's retention of 10 Files or Reference Files in compliance with any such obligations will not be deemed a breach of this Agreement. Google will use commerCially reasonable efforts to implement such capability no later than July 31,2008, , 3. User''V'deo'Miitches:· 1he'Syste'rri'wi'n compare" allvlcteos uploaded to'YouT"uhe;·indi.idjng'all' videos designated "private" and those available through versions of YouTube localized for particular countries, against the ID Files to identify matches and apply the Usage Policies assigned by Rights Owner to any matches. Google will use commercially reasonable efforts to improve the System with the goal of minimizing the time between video upload and application of the Usage Policies set by Rights Owner, The System may also provide Rights Owner the capability to perform text searches for user videos that may contain the Works and assign Usage Pofides for such materials. Rights Owner may change any Usage Potley at any time. If a particular ID File has not yielded any matches within a one-year period of time, Google may by written notice request from Rights Owner permission to remove such ID file from the System, which Rights Owner may authorize in its sale discretion, Google may replace old 10 Files with new ID Files of a particular work at any time In connection with System upgrades and technical 2 Highly Confidential Expert - L i e s G00001-02244042 A-120 modifications. Rights Owner shall not knowingly make false claims on user videos. Knowingly false claims may lead to termination of this Agreement by Google. 4. Disputes. Google may establish reasonable procedures to resolve claims that appear to be in good faith by a user that a Work has been blocked due to error, mistake, or otherwise. Rights Owner will cooperate with Google to resolve such disputes. If, during the course of evaluating such claims, Rights Owner reviews content designated as private by the user, Rights Owner wi!! not disclose the content to any third party except as necessary to complete its evaluation process or in contemplation of, or participation in, a judicial proceeding. Notwithstanding the foregoing, nothing herein shaillimil Rights Owner's rights and remedies under applicable law against a user with respect to any video under review. 5. Licenses and Ownership. (a) Google grants to Rights Owner a non~exclusive, nontransferable, royalty-free, limited license to use the System and Software solely for the purpose of creating 10 Files and identifying and managing its Works on YouTube. By providing Reference Files andlor 10 Files, Rights Owner grants Google a non-exclusive, non-transferable, royalty-free, limited license to store, copy (including the right to make temporary cache and storage copies), modify or reformat. excerpt, analyze, use to create algorithms and binary representations, and otherwise use those files solely in connection with the System and subject to the terms of this Agreement. (b) Rights Owner shalf not sell, lease, lend, convey, modify, adapt, translate, prepare derivative works from, decompile, reverse engineer, disassemble or attempt to derive source code from the System or Software, All rights or licenses not explicitly granted by the parties herein are specifically reserved, Except for the licenses specifically granted above, all of Rights Owner's intellectual property rights in the Reference Files and 10 Files (whether provided by Rights Owner to Goog1e or created by Google) remain with Rights Owner, and all of Google's intellectual property rights in YouTube, the Software, the System and related information and files remain with Google. For the avoidance of doubt, Rights Owner does not grant Google the right to modify, adapt, prepare derivative works, store or reproduce Reference Files and 10 Files except as necessary to comply with the terms of this Agreement, nor does Rights Owner grant Google the right to publicly perform, publicly display, or distribute Reference Files and 10 Files, Upon any termination of thiS Agreement. both parties wit! delete all ID Files from their respective storage systems. 6. Confidentiality. Neither party will disclose the terms of this Agreement to any third party (except to outside counselor retained experts), or issue any public announcement regarding the terms of this Agreement, without the other party's prior written agreement The parties shall not disclose to any third parties nonpublic information disclosed by one party to the other under this Agreement, and shall protect such information applying the same degree of care used by the parties to protect their own confidential information. If this Agreement or any confidential information of either party is required to be produced by law, the noticed party will promptly notify the other party and, to the extent practicable, cooperate to obtain an appropriate protective order prior to disclosing any confidential information. Except with respect to the terms and existence of this Agreement, this Agreement imposes no obligation upon Goog!e or Rights Owner with respecl to the other party's confidential information that (i) a party knew before receiving it from the other p'arlY pursuant 10 this Agreement or a'party knew hefo"re 'partiCipating in 'the System;'(ii)becomes' publicly available through no fault of the other party; (iii) is rightfully received by the other party from a third party without a duty of confidentiality; or (iv) is independently developed without reference to Google's confldential information. 7. Representations and Warranties, Indemnities, Each party represents and warrants that it has authority to grant the licenses set forth in Section 5. Rights Owner represents and warrants that it believes in good faith, after reasonable investigation, that it has all rights required to set the Usage Policies that it has set with respect to its Works. Each party shall indemnify, defend and hold harmless the other party, and their respective directors, officers, employees, and agents from any third party claims ariSing out of a breach of that party's representations and warranties. 3 Highly Confidential Expert - L i e s G00001-02244043 A-121 8. DISCLAIMERS, LIMITATIONS OF LIABILITY. EXCEPT FOR THE EXPRESS WARRANTIES MADE BY THE PARTIES IN SECTION 7, THE PARTIES DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FlrNESS FOR A PARTICULAR PURPOSE. EXCEPT FOR THE INDEMNIFICATION OBLIGATIONS IN SECTION 7, NEITHER PARTY WILL BE LIABLE TO THE OTHER FOR INDIRECT, CONSEQUENTIAL, SPECIAL, PUNITIVE OR EXEMPLARY DAMAGES OR PENALTIES ARISING FROM ANY ACTION TAKEN PURSUANT TO THIS AGREEMENT. PRIOR TO RIGHTS OWNER PROVIDING REFERENCE FILES TO GOOGLE FOR THE. PREPARATION OF 10 FILES, THE PARTIES AGREE TO ENTER. INTO GOOD FAITH NEGOTIATIONS LIMITING GOOGLE'S AGGREGATE LIABILITY FOR ANY CAUSE OF ACTION ARISING FROM OR RELATED TO BREACHES OF THE SECURITY PROVISIONS IN EXHIBIT A RESULTING IN A REFERENCE FILE BEING WRONGFULLY COPIED OR ACQUIRED BY ANY THIRD PARTY. FOR THE AVOIDANCE OF DOUBT, NOTHING HEREIN SHALL BE DEEMED A RELEASE OR WAIVER BY RIGHTS OWNER WITH RESPECT TO CLAIMS FOR DAMAGES ARISING FROM THE PRESENCE OF A WORK ON YOUTUBE THAT HAS NOT BEEN LICENSED TO GOOGLE BY R1GHTS OWNER; PROVIDED, HOWEVER, GOOGLE SHALL NOT BE LIABLE TO RIGHTS OWNER FOR ANY AMOUNT UNDER ANY THEORY OF LIABILITY WITH RESPECT TO THOSE ID FILES FOR WHICH RIGHTS OWNER AFFIRMATIVELY ELECTS THE "TRACK" USAGE POLICY. 9. NO EFFECT ON PENDING, FUTURE, OR RELATED L1TJGATION. Notwithstanding the foregoing, nothing in this Agreement shall limit or expand in any way whatsoever Google's and/or Rights Owner's pursuit or introduction of evidence in any litigation or contemplated litigation between them, including but not limited to Viacom International, Inc. et 81 v. YouTube, Inc. et a/., Case No" 1:07-cv~02103·lLS, filed on March 13, 2007, and currently pending in the United States District Court for the Southern District of New York. Furthermore, nothing in this Agreement shall be cited as a defense against or agreement to the production of any relevant material in discovery in any lawsuit, subject to any protective order entered in such lawsuit, and nothing in this Agreement shall operate in any respect as a release or waiver of any of the claims in any lawsuit except as expressly provided in Section 8. ) f ! 10, Termination. (a) Either party may end this Agreement on 30 days written notice. Afllicenses granted in this Agreement will expire upon termination. (b) Sections 1, 5(b), 6-8, 9{b), and 10 survive termination. 11. Miscellaneous. The parties are independent contractors, and nothing in this Agreement creates an agency, partnership, or joint venture. Neither party may assign rights or obHgations under this Agreement to any third party without the prior written consent of the other. This Agreement sets forth the entire agreement between the parties and supersedes any prior or contemporaneous agreemenls regarding its subject matter. This Agreement may be amended only in a writing signed by both parties. If this Agreement conflicts with any other agreement applying to Google's use of Works on YouTube, these terms control. Each party will send any notices hereunder in writing and to the attention of the legal Department at the address listed on the first page of this Agreement. If any provision of this Agreement conflicts with applicable laws or is adfudieialed" 10" o!ilIegaf, th2tf"provision "Win beoeemed ef[mihatedfrom the Agr"eemenUlrid " the Agreement will remain In effect so long as the essential purpose can still be achieved. This Agreement is governed by the laws of the State of California (excluding its choice of law rules) and applicable federal laws. Except with respect to claims or actions involving users pursuant to Section 4, any litigation to enforce the terms of this Agreement wilt be brought in any state or federal court of competent jurisdiction in Santa Clara County, California; each party consents to venue and exclusive personal jurisdiction of such courts. This Agreement may be executed in one or more counterparts, each of which will be deemed an original and alJ of which, when taken together, wilt constitute a single instrument. I i ! I f ; f I , r 4 Highly Confidential Expert - L i e s G00001-02244044 A-122 EXHIBIT A SECURITY DOCUMENT 5 H i g h l y Confidential Expert - L i e s G00001-02244045 A-123 Security Overview for Video ID at Google Introduction Securing networked servers against would-be hackers is key to ensuring the success of any system. When it comes to partner collaboration, the importance is paramount. Google invests billions of dollars in technology, people, and process to ensure data at Google is safe, secure, and private. Google's dedicated team of security professionals is responsible for designing in security from the onset, reviewing all design, code, and finished product to ensure it meets strict Google security and data privacy standards. The same infrastructure used to host various applications at Google and to secure hundreds of thousands of user's data is also used to manage millions of consumers' data and billions of dollars in advertising transactions. Customer information and files are safe and secure. This document describes the security measures and controls that Google has put in place to ensure the security of customer data. The key aspects covered include: · · · Physical security and internal information security at Google data centers Change management processes, data backup/destruction, privacy policy Infrastructure for Video ID data This document describes a snapshot of the current procedures for security. Google reserves the right to adjust these measures as our systems change and attackers adapt. Highly Confidential Expert - L i e s G00001-02244046 A-124 S e c u r i t y Team Google employs a large team of information security experts to design and maintain our defense systems, and to make security a core part of the development philosophy and culture. Because we must protect the data of hundreds of millions of end users, we take extra care to make sure that all applications and services that we launch are secure. Google's security team consists of some of the most accomplished security veterans in the IT industry. Many have experience running security operations at Fortune 500 companies, including some of the most well known financial service institutions. Examples of the backgrounds of individuals on the security team include: · · · · Chief Information Security Officer at Charles Schwab Director of Secure Networking Research at Bell Labs Technical Director for Information Security at Charles Schwab Senior Network Forensics Specialist from the National Nuclear Security Administration The security team is involved in all aspects of the security process at Google, including the construction of a custom security infrastructure tuned to Google's unique platforms. They are responsible for the perimeter defense systems described below, as well as the security review process for applications described later in the document. Data Center Environment and PhYSical Security Google Data Center Infrasbucture Google maintains a vast number of geographically distributed data centers located primarily in the USA and the European Union. Data centers are unmarked and in undIsclosed locations to maximize security. Physical Security staffing At the Google data centers, there is a Security Operations Center, which is manned 24 hours a day, 7 days a week by a physical security services organization. The security organization deploys three shifts of 8 hours to provide continuous coverage. The security operations centers contain the monitors for the Closed Circuit TV (CCTV) cameras and all alarm systems. Internal and external patrols of the data center are performed each shift. The data centers are housed in facilities that require electronic key access, with alarms that are linked to the guard station manned 24 hours a day, 7 days a week. Highly Confidential Expert - L i e s G00001-02244047 A-125 Physical Security Access Procedures Formal access procedures exist for allowing physical access to the data centers. All entrants to the data center must identify themselves as well as show proof of identity to security operations. Valid proof of identity is a photo ID issued by Google and a governmental entity. Only authorized Google employees and contract~rs are allowed entry to the data centers. Data center managers must approve any visitors in advance for the speCific data center and internal areas they wish to visit. Only authorized Google employees and contractors who permanently work at the data centers are permitted to request card access to these facilities. Data center card access requests must be made through e-mail, and requires the approval of the requestor's manager and the Data Center Director. All other Google employees and authorized contractors requiring temporary data center access must sign in at the guard station, present an Google badge (Google employees or contractors) or ID issued by their employer (authorized contractors) and reference an approved data center access record identifying the individual as approved. Physical Security Devices The data centers employ electronic card key and biometric access control system that are linked to a system alarm. The access control system monitors and records each individual's access to perimeter doors, shipping/receiving, the raised floor, and other critical areas. Unauthorized activity and failed access attempts are logged by the access control system, investigated as appropriate, and reported to the security manager. The security manager reviews and approves these reports. Authorized access throughout the business operations and data centers is restricted based on zones and the individual's job responsibilfties. All entrants to the data centers must pass through a mantrap. The mantrap is designed to physically limit access to one person at a time (floor sensors and automatic 180 degree turnstile) and prohibIts the "handing off' of a badge back to a secondary person. The fire doors at the data centers are alarmed and can only be opened from the inside. The fire doors are fitted with push bars to open. There is a specified delay on the push bar unless a fire alarm has been activated. If a person tries to exit the building through a fire door without a fire alarm having been triggered, an alarm would register in the security operations center. CCTV cameras are in operation both inside and outside the data centers. The positioning of the cameras has been designed to cover strategic areas including, among others, the perimeter, doors to the data center building, shipping/receiving and the raised floor. Security operations personnel manage the CCTV monitoring, recording and control equipment. The CCTV equipment is connected by secure cables throughout the data centers. Cameras record on site via digital video recorders 24 hours a day, 7 days a week. The surveillance records are retained for 60-90 days based on activity. Highly Confidential Expert - L i e s G00001-02244048 A-126 Environmental Safeguards Redundancy The data centers are designed with resiliency and redundancy. The redundancy is intended to minimize the impact of common equipment failures and environmental risks. Infrastructure systems have been designed to eliminate single points of failure. Dual circuits, switches, networks or other necessary devices are utilized to provide this redundancy. Critical facilities infrastructure at the data centers have been designed to be robust, fault tolerant and concurrently maintainable. Preventative and corrective maintenance is performed without interruption of services. All environmental equipment and facilities have documented preventative maintenance procedures that detail the procedure and frequency of performance in accordance ~ith the manufacturer's or internal specifications. Preventative and corrective maintenance of the Google data center equipment is scheduled through the standard change process. Preventative maintenance is performed on all infrastructure systems according to documented procedures. . Power The data center electrical power systems are designed to be fully redundant and maintainable without impactto continuous operations, 24 hours a day, and 7 days a week. A primary as well as an alternate power source, each with equal capacity, is provided for every critical infrastructure component in the data center. This redundancy begins with dua] utility power feeds, primary and alternate, to parallel utility switchboards sized so that anyone can provide power to the entire facility. The output power is then routed to Automated Transfer Switches (ATS), which supply all building loads including uninterruptible power supplies (UPS), building and mechanical services, and heating, ventilation and air conditioning systems. Battery backup power is provided by UPS batteries, which supply consistently reliable power protection during utility brownouts, blackouts, over voltage, under voltage, and outoHolerance frequency conditions. During normal operations, the utility power charges the battery modules as well as supplies power to the data center raised floor. If utility Power is interrupted, the UPS batteries provide back-up until the diesel generator systems take over. In the event of unavailability of both electrical utility and diesel generators, the UPS batteries can provide emergency electrical power to run the data center at full capacity for 10 minutes. If utility power is interrupted or is out of specification, the power supply will automatically switch to battery mode to continue to supply power to the data center without interruption. When utility power returns, the switch will remain in bypass so that the data center operations team can ascertain the issue has been corrected and can bring the systems back to normal mode in a controlled manner. Solid State Transition Transfer Switches (SSTTS) are also in place. Should UPS power fail, the SSTTS can be used to transparently transfer all loads from the external dual utility power feeds to the diesel generators. Diesel engine generators are in place to provide power to critical equipment and customer loads. The generators are capable of providing enough emergency electrical power to run the data center at full capacity typically for a period of days. These generators automatically startup and provide power within seconds in the event of a power outage. Highly Confidential Expert - L i e s G00001-02244049 A-127 The automatic startup and power distribution is controlled by a programmable logic controller, which has a redundant backup. Google has short notice diesel refueling contracts in place. Climate and Temperature Air·cooling is required to maintain a constant operating temperature for servers and other computing hardware, which prevents over heating and reduces the possibility of service outage. Computer room air conditioning units are powered by both normal and emergency electrical systems. Security operations teams monitor these units and perform periodic inspections and preventative maintenance. Fire Detection and Suppression At the data center, automatlc fire detection and suppression equipment has been installed to prevent damage to computing hardware. The fire detection systems utilize heat, smoke, and/or water detection sensors that are located in the data center ceiling as well as underneath the raised floor. In the event fire or smoke is detected, the detection system will sound audible and/or visible alarms in the zone affected, at the security operations console and at the remote monitoring desk of the local fire department. . In addition, there are fire extinguishers located throughout the data centers. Logical Software Infrastructure Security Measures Google Server Environment Google's servers are designed in·house from the ground up, and Google maintains control over the entire hardware and software stack. The operating system is based on Linux, and has been customized to solely run Google services. Since these are not meant to be general purpose systems like a typical as, the core services and binaries of the as have been stripped down, hardened, and heavily modified to leave only those necessary to run Google's applications. As a result of this degree of control and homogeneity over the entire staCk, Google designs its security infrastructure in a very different way from traditional systems. Rather than having to guard against a wide array of unknown inputs into many third party applications, Google can anticipate exactly what types of queries can come into the system and only accept this whitelisted set. of queries. This philosophy is utilized throughout the security framework to only accept what is expected, and this provides a highly secure application environment. Firewalls and Intrusion Detection Google employs multiple layers of firewalls and intrusion detection to ensure that that our external attack surface is protected. Highly Confidential Expert - L i e s G00001-02244050 A-128 Intrusion detection is intended to provide insight into ongoing attack activities and provide adequate information to respond to incidents. Many companies make extensive use of third-party technologies (e.g., Network Intrusion Detection Systems - NtDS, Host-based IntrUSion Detection Systems - HIDS) to look for known attacks against commonly-installed software, and Security Operations Centers (SOCs) to respond when they arise. We take a different approach by: · · · Tightly controlling the size and make-up of our attack surface through preventative measures Employing intelligent detect controls at data entry points Employing technologies that automatically remedy dangerous Situations. Most of our Internet-exposed attack surface is comprised of Google-created software and the internal environment is large and complex. Traditional IDS products are not economical, efficient or useful in these situations and we have needed to rely on smarter methods of detecting exploitation. When we approach intrusion detection concepts, we break down our attack surface according to anticipated input vectors (Le., how hackers will attempt to break in). All of Google's hosting infrastructure is custom-built so we have the ability to tightly define our perimeter and the entrance points into our network. While we cannot talk in detail about the exact defenses without potentially compromising Google's defense system, some of the major areas of coverage that achieve the goals above are as follows: · · · As mentioned previously, the on every system is stripped down, mOdified, and hardened to avoid third party vulnerabilities on running systems All IP traffic is routed through custom front end servers that detect and stop maliCious requests Traffic is examined for exploitation of programming errors via methods such as cross-site scripting, and high priority alerts are generated when such an exploit is found To prevent buffer overflow attacks, all open source software that is Internet facing or that processes external data goes through several levels of code review, audit, and modification before allowed into production. All changes are contributed back to the open source community. Systems are checked continually for binary modifications, and any unrecognized modifications are purged Router ACLs are used to provide perimeter defense, and an internally routable IP space is used t6 make sure external connections are never made to internal systems Layer 3 filtering is used to mitigate packet-level attacks as · · · · Multi-tenant Distributed Data Environment Google applications run in a multi-tenant distributed environment. Rather than segregating customer data to one machine or set of machines, data from all customers is Highly Confidential Expert - L i e s G00001-02244051 A-129 distributed amongst a shared infrastructure of tens of thousands of homogeneous machines. This provides a variety of security benefits for user data, including: · Data Distribution - Data is spread across thousands of systems. As a result, no one system has all of a user's data or all of a company's data. This makes it impossible for an intruder to target and remove a set of systems containing data for any particular customer. It would be like searching for a needle in a haystack. Infrastructure Homogeneity - Because all systems are the same, security fixes can be very quickly diagnosed and deployed for the entire infrastructure. Google does not need to worry that a particular machine has a different version of the infrastructure software than other systems. Additionally, even if an intruder were to physically breach a datacenter, they would not be able to identify one system from another since they all physically look the same. Failover and Scalability - Because all systems are the same, any of these systems can be spun up to serve customer data. As a result, the infrastructure can scale and fall over based on dynamiC needs. Data Obfuscation - All user data is stored in a homogeneous Google-proprietary filesystem that does not follow traditional file system storage and access methods (such as NFS or CIFS). As a result, the data is obfuscated and not easily readable by anyone even if they were to breach the system. · · · Infrastructure for Video 10 Upload Servers Customers will utilize an SFTP dropbox on specific servers attached to the internet. The login requires a static IP, a public key (sent to YouTube) and a private key (staying at the customer site), and a user acccout. This login is restricted to SFTP only and uses well tested security methods (SSH2, RSA, or OSA). Once logged onto the server, all customers will be separated with a chroot into their sub-directories (and only their SUbdirectories). The customer can upload multiple video and XML data files into that subdirectory or a child. After uploads have completed, all files are moved into a processing directory and are no longer accessible to the customer. Files will remain on the server for a period of up to 21 days an~ then are purged. These servers are separate machines from the streaming servers at YouTube and cannot stream the uploaded files. The machines can only be accessed internally by a limited number of admin account owners. Database Servers The database servers receive the files from the upload server (via a private Google network). The videos are transcoded and 10 files are created to be used by the Video 10 service. Videos are stored indefinitely (320x240 resolution) in the event a new 10 file is required in a Video 10 upgrade. The videos and 10 files are stored under GFS on Google Highly Confidential Expert - L i e s G00001-02244052 A-130 machines that not accessible via the Internet. Like the upload serVers, these servers can only be accessed internally by a limited number of admin account owners. Google's Own Data on Same InfrasttUCture One of the strongest endorsements of Google's security infrastructure is that Google stores our own data on the same infrastructure as our customers. Any security hole would expose critical Google intellectual property and business information, so extreme care and examination was taken to ensure safety and security of the infrastructure. Internal Security and Change Management Processes Security is a process that must be a part of the overall culture and operation of the organization. Google takes many measures to ensure that security is central to the process. Internal Data Access Processes and Policies Access Policy LOAP, Kerberos and a Google proprietary system utilizing RSA keys provides Google with secure and flexible access mechanisms. These account mechanisms grant only approved access rights to site hosts, logs, customer information and configuration information. We require the use of unique user IDs, strong passwords, and carefully monitored access lists to ensure appropriate usage of accounts. The granting or modification of access rights af8 is based on a user's job responsibilities on a need to know basis and must be approved by data owners. Approvals are managed by workflow tools that maintain audit records of all changes. Furthermore, it is Google's policy to provided system access to individuals who have been trained and require this level of access to perform authorized tasks. Access to systems is logged to create an audit trail for accountability. Where passwords or are employed for authentication at Google (e.g., login to workstations), password policies that follow best-practices are implemented. These standards include password expiry, restrictions on password reuse and sufficient password strength. For access to extremely sensitive information (e.g., Credit Card data), Google uses hardware tokens. Code Development Review Process Design Major parts of the system and application architecture are documented in a design document before any development has begun. The lead developer will detail the architecture, impact, and security considerations, and circulate amongst the engineering , team for open review and approval. Security-focused engineers are involved in the product development process during all phases of the development cycle. Highly Confidential Expert - L i e s G00001-02244053 A-131 D e v e l o p m e n t and Test Code change requests as well as system and hardware maintenance are standardized, categorized, and prioritized according to need. To the extent possible, the process and corresponding procedures are documented and designed to drive a controlled framework as well as the proper segregation of duties for the initiation, design, test, approval and migration of changes. The process outlines the change classification and corresponding activities to be performed during each of the phases, which are dependent on the impact the change will have to the system. The change management process starts with a developer checking out a source code file to make a change. Once development is completed, the developer performs unit tests, if applicable, and a review is performed before the code is checked back into the repository. Google requires that a review independent of the developer be assigned. Once a file has been properly approved, the release process begins. Code is compiled into a binary, and the binary is transferred to the QA environment where integration testing is performed. Depending on the type of change, dedicated QA resources may exist. If QA resources are unavailable, the lead engineers will take responsibility for performing load and regression testing within the QA environment. Once QA is complete, the binary is moved for migration to production. Launch A change is scheduled to be "pushed" to the production environment by the automated change management tool. The push process determines which production files will be migrated by checking the production configuration files which are also managed through the change management process. Software developers are required to go through a security review when launching any new service on Google infrastructure. During this review, a security engineer from the Google security team will look at the following: · Review the design document, and review the notes from any previous design review Build and run the application or use a test instance of the application to familiarize themselves with the application functionality Test against the running application for common known security vulnerabflities Review the code for security-sensitive areas such as input validation, file and network 110, database access, cross-site scripting, and others · · · The security review is part of the launch checklist process which every application must pass before going into production. Incident Reporting and Reaction Process Google employs multiple proactive efforts to monitor for security incidents, including but not limited to inbound security reports, open source alerts, automated perimeter systems, and community alerts. When an Information Security incident occurs, Google security Highly Confidential Expert - L i e s G00001-02244054 A-132 responds immediately based on the level of threat. Notification of an incident may be generated automatically by monitoring systems or manually by a Google employee. Google works very closely with. the security community to track reported issues in Google services and open source tools. More information can be found at http://www.qooqle.comlintlJen/coroorate/security.html When notified of a problem, a Google security engineer makes a fisk assessment and begins following prescribed response plans for the issue. Google has documented escalation procedures and communication protocols to address when and how incidents should be escalated as well as who should be notified. Google continually monitors the production system in a variety of ways such as automated systems that look for predefined events (e.g., router crashes) and the use of statistical dashboards to diagnose and analyze issues (e.g., bandwidth utilization). Thresholds are configured on these monitoring systems so that the system health of network components, servers and other devices can be monitored closely. System reliability teams and customer support technicians respond to alerts generated when the monitoring system detects thresholds have been reached. Personnel Hiring, Background Check, and Security Training Process Google has formalized global hiring practices deSigned to ensure new, rehired, or transferred employees are qualified for their functional responsibility. At a minimum, these practices include verification of the individual's education and previous employment as well as a referral check. Where local labor law or statutory regulations permit, Google may conduct criminal, credit, and/or security checks on all potential employees. The specifics or extent of background checks performed is dependent on the position for which the individual is applying. Training of personnel is accomplished through the employee's development plan as well as supervised on-the-job training. The development plan is intended to help employees determine which learning activities should be completed to obtain or retain the skills and competencies for their job. This includes any special. training necessary for the individual's technical position. Upon acceptance of employment, all employees are required to execute a confidentiality agreement as well as acknowledge receipt and compliance with Google's Employee Handbook. The confidentiality and privacy of customer information and data is emphasized in the handbook as well as during new employee orientation. All employees are required to attend security training as part of new hire orientation. At this training, they are instructed about the security policy of the company and escalation procedures. Every employee has a written job description, and every job description includes the responsibility to communicate timely significant issues and exceptions to an appropriate higher level of authority within the Company. Highly Confidential Expert - L i e s G00001-02244055 A-133 D a t a Replication and Data Disposal Data Replication Data redundancy is built into the GFS file system, and all data that is written in GFS is replicated at least three times to separate systems. Such protections make sure that a customer's data is protected in the event of a disaster. Distributed Data Center Architecture Google does not rely on just one datacenter to run our applications. We operate a geographically distributed set of datacenters to keep services running in the event of incidents and disasters at a single datacenter. Google runs datacenters in over a dozen locations worldwide, and has plans to build several more Google-owned datacenters in the near future. These datacenters are connected via high-speed private links to ensure secure and fast data transfer between datacenters. Datacenter locations are undisclosed to the public, and data centers are unmarked to ensure optimal data security. Google's data center management staff is also distributed in multiple geographies to ensure around the clock coverage and system administration that is not location dependent. Video and ID File Data "Reference Only" videos are used exclusively for Video ID; the video and ID files for Video ID are in database servers, separate from YouTube video servers. These videos and ID files can be disabled via XML actions. (Note that it is possible to disable the video and still keep the existing ID file active). When either the video or the video-and-ID files are disabled, they become immediately inactivated from the Video ID services. Within 48 hours, disabled ID files are purged and a new Video 10 database is fully written across datacenters; this removes all remnants of the ID files. Video files are not deleted from the Video ID servers or backup files. Data Destruction Production disks go through a series of data destruction processes when they are removed from our systems. Disks are first logically wiped before they are physically accessed by our production staff. They are then removed from the system and confirmed to be wiped. Highly Confidential Expert - L i e s G00001-02244056 A-134 Google Privacy Policy Compliance with Safe Harbor Google adheres to the US safe harbor privacy principles of Notice, Choice, Onward Transfer, Security, Data Integrity, Access and Enforcement, and is registered with the U.S. Department of Commerce's safe harbor program. This is detailed in the Google privacy policy. http://www.gooqle.com/privacypolicy.html version 1.0-01/2008 Highly Confidential Expert - L i e s G00001-02244057 A-135 Schapiro Exhibit 173 A-136 From: Date: To: "Cahan, Adam" Sun, 9 Jul 2006 14:14:47 -0400 "Wolf, Michael" , "McGrath, Judy" Subject: Update. just finished a call: nick, blair, stef, nada, denmark, wade, bob Key takeaways: - we all believe this is a transformative acquisition that we should pursue. In its early stages of developing a business model but that is clearly at an inflection point in traffic growth. We view youtube moving beyond social sharing of video into a utility for video search more broadly. - youtube has now reached 20m uniques US as of may. The number we believe is at the inflection point with closest competitor at 50 percent - non-us traffic may be as big as 3x - one source - alexa that tracks non-us but not ideal source. Means we will need to come up with a perspective on how easily we can monetize those audience (ie ad networks, uk v. Other) as they play into cost. - business model. 3 pieces. 1 premium branded display like advertising on the home page where we see film/enter as the key category. Already disney, weinstein are there. Mtvn has exposure at 17 percent of our total dollars to this category. 2. Targeted advertising related to search and video consumption - think of this as advertisers bidding to be played and the link of relevance to the video. So someone search for scary and along side the "natural" results are paid performance videos for trailers etc. 3 ros inventory for non targeted pageviews - nada's specialty and where they are today - on the cost side: mostly bandwidth cost that blair is developing based on his model. Next steps: -adam/blair/stef/nick - building out strategic rationale presentation with inputs from our call this morning. - adam/blair/stef/nada/nick pulling together business model based on key drivers and inputs from call Think it would make sense for us to have a check-in late today/early tomorrow. We can do with a quick subset of the group just to get everyone on same page. CONFIDENTIAL VIA006