A Cybercrime Flashback: The Morris Worm Case

Going back on a trip down memory lane… back when cyber criminals did short jail sentences followed by lucrative consulting gigs.  Times have changed and now hackers that are caught generally get longer sentences and are banned from working with computers.  In any event, Mr. Morris was convicted under the Computer Fraud and Abuse Act of 1986, 18 U.S.C.S. § 1030(a)(5)(A), for releasing a worm which crashed computers at various educational and military sites. A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers.

Morris appealed his conviction and argued the government had to prove not only that he intended the unauthorized access of a federal interest computer, but that he also intended to prevent others from using it. The court found that the mental state requirement of the statute was enacted to proscribe intentional acts of unauthorized access. The court rules that the “intentionally” standard only applied to the access and not to the damages phrase of the statute.

Morris also argued his conduct constituted at most “exceeding authorized access” rather than “unauthorized access,” because he was authorized to communicate with other computers and to send electronic mail. The court found the evidence was sufficient to determine that Morris’ access was unauthorized use. Since the Morris work was designed to invade computers that he was not authorized to access, this was a no brainer.

If this case was heard today, Mr. Morris would probably be banned from working with computers… he should be glad that when his worm was released, there were profits to be made from these acts.  You may find the Morris case opinion here.

The CFAA And Employee Computer Access

Can an employee appropriate his employer’s files for personal benefit while employed?  The Court of Appeals for the 5th Circuit thinks so… Well at least in the context of the Computer Fraud and Abuse Act.  This act is about exceeding authorized access.  If the employee has authorized access but chooses to use that access to benefit himself, it may not be a CFAA issue (there are probably better causes of actions that a competent lawyer may assert… Taking information from an employer shouldn’t be that “consequence free”!).  Aside from the obvious criticism of Plaintiff’s counsel strategy, here is the relevant part of the opinion:

Hunn contends that Lack violated the Computer Fraud and Abuse Act, 18 U.S.C. § 1030, by using his work computer to transfer the AutoCAD files to his home computer with the intent of using those files for his personal benefit. The district court granted summary judgment to Lack on this claim, and we find no error. As an initial matter, Hunn never explains which subsection of § 1030 he alleges Lack violated. Compare, e.g., § 1030(a)(2)(C) (HN8 “Whoever intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information from any protected computer . . . .”), with § 1030(a)(4) (HN9 “Whoever[,] knowingly and with intent to defraud, accesses a protected computer without authorization, or exceeds authorized access, and by means of such conduct furthers the intended fraud and obtains anything of value . . . .”). In any event, Hunn’s claim necessarily fails because Lack did not “exceed[] authorized access” to Hunn’s computers. Hunn concedes that Lack, while employed by Hunn, had permission to send AutoCAD files to his home computer and to work on plans while at home. When Lack sent the AutoCAD files to his friend for conversion to the 2006 version [23] of AutoCAD, Lack was still employed by Hunn and, according to the district court, was “still under the impression that he would be allowed to continue working at Hunn Designs on the projects he had been assigned.” In addition, the district court found that Lack’s “intentions in converting the files on October 9 were not for the purpose of leaving his employment with Hunn.” These findings were not clearly erroneous. See Orduna, 913 F.2d at 1154 (“The credibility determination of witnesses . . . is peculiarly within the province of the district court.”). Thus, because Lack did not exceed authorized access, he did not violate the Computer Fraud and Abuse Act.

This is one of the cases that begs the question… Who is your lawyer? So, get a lawyer who understands CFAA and read the rest of the opinion here.

Automattic’s Victory – Will it Deter DMCA Abuse?

Automattic is the owner of WordPress.com, the popular blogging and website development software.  Some time ago, Automattic sued two parties for using the notice-and-takedown provision of the Digital Millennium Copyright Act (“DMCA”) to silence criticism. According to the Automattic Complaint, the parties abused the provision and were liable for damages under 17 U.S.C. § 512(f) for misrepresentation in connection with a takedown notice.

For background purposes, the DMCA requires web hosts to take down content in response to a notice of copyright infringement.  It is not uncommon for hosts to take down content even if the claim is not valid.  In this case, Oliver Hotham published a press statement from a straight pride group. The straight pride group filed a takedown notice to remove the statement from Hotham’s website.

Automattic obtained a default judgment for $25K.  The Court Order stated “It is Ordered and Adjudged that defendant Nick Steiner pay damages in the amount of $960.00 for Hotham’s work and time, $1,860.00 for time spent by Automattic’s employees, and $22,264.00 for Automattic’s attorney’s fees, for a total award of $25,084.00.”  Whether the Plaintiffs will be able to collect is a completely different story.

Unfortunately, it appears that this decision begs more questions than it answers.  It is now known that Automattic will sue DMCA abusers.  What is not known is who will really win a contested case.  This case was decided by default, meaning that the defendant did not bother to appropriately respond to the allegations.  What would have happened if the case had been fully litigated?  In the meantime, the abusive DMCA take down notices are likely to continue.

Attorney Domingo Rivera Chosen as one of the “Top 100 Trial Lawyers”

Domingo J. Rivera was selected as one of the Top 100 Trial Lawyers by the National Trial Lawyers Association. Membership into The National Trial Lawyers Association is by invitation only and is limited to the Top 100 Trial Lawyers from each state.

Selection for The National Trial Lawyers Association is extended to civil plaintiff and criminal defense attorneys by special invitation. Candidates are considered for membership in The National Trial Lawyers Association based on superior qualifications, leadership, reputation, influence, stature, and profile in the Trial Lawyer community.

The National Trial Lawyers

It is considered a great professional achievement to be selected for The National Trial Lawyers: Top 100. Mr. Rivera was first attorney in the United States to obtain a major victory after a jury trial against the FBI and the DOJ in an case involving criminal copyright infringement allegations. The client was accused of being the leader of the world’s most prolific music piracy group. The case began in the United States District Court for the Eastern District of Virginia and was decided in the USDC for the Southern District of Texas.

Mr. Rivera has obtained Summary Judgment in Federal cases involving computer trespass including the first civil case based on the Computer Fraud and Abuse Act and the Stored Communications Act decided by the Arkansas Federal Court.

Attorney Domingo Rivera has also obtained Summary Judgment in Federal cases involving online defamation, trademark infringement, invasion of privacy. Also obtained Summary Judgment involving online defamation and trademark infringement in the USDC for the Middle District of Florida.
Has won cases involving Internet defamation in several State and Federal Court cases after hotly contested trials.

Mr Rivera regularly teaches CLEs to other attorneys on Internet law matters and has published scholarly articles in widely published legal publications regarding issues related to Internet law and Internet defamation. Mr. Rivera is also one of the few attorneys holding Information Security Certifications, including the prestigious CISSP, GPEN, GCIH, GSLC, CEH. Of those, is also one of the select few with vast experience defending highly sensitive computer networks.

Cybersecurity: Stuck Between Advanced Hackers, Government Regulators, and Liability

Cyber attacks occur every second of every day. The frequency and sophistication of the attacks
continues to rise. With the increased sophistication and the proliferation of corporate espionage and nation-state actors, the days of curious teen hackers trying to prove their worth are behind us.  Now the threat is bigger and better financed, the stakes are higher, and government intervention changes the landscape. Cybersecurity is now a top priority for businesses and government.

We start with a brief summary of some of the recent major cyber attacks. This list is purposely kept short as to show only the more “elite” type of attacks that are shaping the new cyber landscape.  Given their level of sophistication, these attacks frequently require in-depth analysis by computer forensics experts.  Here, we are focusing on the legal aspects only.

Timeline of Advanced Cyber Attacks

Advanced Cyber Attacks of 2010: One Word: STUXNET

Stuxnet makes clear that cyber attacks have escalated to new heights. The Stuxnet worm damaged Iranian uranium enrichment centrifuges. Stuxnet temporarily knocked out some of the
centrifuges at Iran’s Natanz nuclear facility. This caused a delay to Iran’s uranium enrichment program.  This attack was very effective and stealthy, giving birth to the new cyber warfare.

Advanced Attacks of 2011

China: Its “Comment Group” penetrated the Diablo Canyon nuclear plant operated by Pacific Gas & Electric Co. The breach was reportedly facilitated through a breach of a senior nuclear planner’s computer. There is no indication of intent to damage the target.  Reconnaissance is the name of the game, no need to break it if you can own it.

Canada: The Canadian government reported a major cyber attack against its agencies, including Defence Research and Development Canada, a research agency for Canada’s Department of National Defence.  This particular attack forced the Finance Department and Treasury Board, Canada’s main economic agencies, to disconnect from the Internet.

US Department of Defense, July 2011: in a speech unveiling the Department of Defense’s cyber strategy, the US Deputy Secretary of Defense mentioned that a defense contractor was hacked and 24,000 files from the Department of Defense were stolen.

The Nitro Attacks: Through trickery and social engineering, attackers tricked users into downloading Poison Ivy, an off the shelf Trojan. This was a targeted attack directed at at companies involved in the research, development and manufacture of chemicals and advanced materials. After the compromise, the attackers issued instructions to the compromised computers, looking for passwords and data exfiltration.

Duqu Trojan: Industrial Control Systems (ICS) are compromised by the Duqu remote access Trojan (RAT).  Its purpose was to steal data. However, RATs can also be used to control the systems. If you don’t believe that this is a serious threat, think of nuclear power plants and imagine what could happen.

Advanced Attacks of 2012

Saudi Aramco: A destructive Trojan horse (the kind that steals data and then wipes files), Shamoon, is allegedly used in an attack that disabled thousands of computers at Saudi Aramco, the national oil company of Saudi Arabia. The attack wiped the hard drives of 55,000 computers or 75% of Aramco’s corporate computers.

Flame: Another Iran related malware and a very sophisticated one. Flame is believed to have caused data loss incidents at Iran’s oil ministry. The alleged use of the malware was to collect intelligence about Iran’s computer networks that would facilitate future cyberattacks on computers used in Iran’s nuclear fuel enrichment program.

U.S. Natural Gas Pipelines: The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), U.S. Department of Homeland Security, issued an alert warning of ongoing cyber attacks against networks of U.S. natural gas pipeline companies. The alert stated that the campaign involved narrowly focused spear-phishing scams targeting employees of the pipeline companies. The alert urged utilities to monitor Internet-facing control systems for activity by hackers attempting to gain remote access through brute force authentication attacks.

U.S. Banks: Distributed Denial of Service (DDOS) attacks were launched against U.S. Banks, including Citigroup, Wells Fargo, Bank of America, and U.S. Bank. The U.S. accused Iran of staging these attacks and Defense Secretary Leon Panetta warns of potential for a “cyber Pearl Harbor” against critical infrastructure. Panetta also called for new protection standards.

Red October Returns: Kaspersky discovered a worldwide Red October attack. Red October had been around since at least 2007. Attackers gathered information through vulnerabilities in Microsoft’s Word and Excel. The malware collected information from government embassies, research firms, military installations, energy providers, nuclear and other critical infrastructures.

Early 2013 Cyber Attacks: 2013 Is The Year The Government Gets Serious

South Korea: South Korean financial institutions as well as the Korean broadcaster YTN had their networks infected in an incident said to resemble past cyber efforts by North Korea.

The list goes on and on. As it should be obvious by now, cyber attacks, particularly those by sophisticated attackers and nation-states can be very dangerous to business and society. While money is a motivator, the exfiltration of valuable data has become a major issue. There is also the potential threat to life and business. With that in mind, the government is in the process of drafting and enacting sweeping cybersecurity laws and regulations.

Congress failed to reach a consensus on cybersecurity legislation. Following that, in early 2013,
President Obama issued a cybersecurity Executive Order 13636 to enhance the security of the critical infrastructure of the United States.

A very raw outline of Executive Order 13636 is as follows:

What? (Purpose): Help owners and operators “identify, assess and manage cyber risks”
Who? : NIST will coordinate development of “Cybersecurity Framework”
End Result: “Voluntary consensus-based standards and industry best practices”
But? (Caveats): Participation is voluntary but the Framework will most likely be used to judge a company’s cybersecurity practices. For example, Sec. 7(b) states that it “shall include guidance for measuring the performance of an entity in implementing” the Framework.

The Executive Order requires federal agencies to share information about cyber threats and to work with the private sector to develop a cybersecurity framework to protect the critical infrastructure. For now, participation is voluntary and the Executive Order requires federal agencies to develop incentives for private sector adoption of the framework. Our guess is that some of the recommendations included in the develop framework would eventually be seen as the exercise of due care by the courts when determining liability for cybersecurity breaches.

Cyber Intel Notices: The Executive Order provides for the issuance of Catastrophic Target Notices. These notices identify “where a cybersecurity incident could reasonably result in catastrophic regional or national effects.” It is unclear how the notices may affect a business in the determination of due diligence. You can foresee a case where a Court would decide that DHS put the company on notice of a cybersecurity vulnerability and that the company had the o
bligation to act in accordance with this notice. A party may have a difficult time challenging the validity of the notice, given that the information may have been derived from classified sources.  Whether the Cyber Intel notices will became a source of notice for due care determination remains to be seen. However, we are getting guidance on how the Courts are leaning regarding cybersecurity due care issues. ”

An example is the case of Patco Construction Co. v. People’s United Bank, 684 F.3d 197 (1st
Cir. 2012). The events occurred in 2009. During a one week period, a bank in Maine authorized fraudulent electronic withdrawals from Patco Construction’s account. The bank’s cybersecurity system had flagged the transactions as high-risk. However, the attackers were able to answer the account security questions and the transactions were allowed. Patco Construction filed suit against the bank alleging that the bank’s cybersecurity practices were not “commercially reasonable” under Article 4A of the UCC.

The bank was successful in obtaining Summary Judgment. In December 2012, the United States Court of Appeals for the First Circuit reversed, holding that by the authentication scheme utilizing the security questions for every transaction exposed the bank’s customers to increased risk. The Court recognized that malware often logs keystrokes. The bank had a duty to monitor the suspicious transactions that had been flagged by its cybersecurity engine or provide notice to Patco Construction. In other words, the Court of Appeals decided that the bank’s cyber security practices were not “commercially reasonable.”

Not unexpectedly, the FTC already filed a case against HTC, a manufacturer of smartphones and other devices.  The case is In the Matter of HTC America Inc., FTC File No. 122 3049. The case stems from multiple flaws and vulnerabilities in mobile devices that HTC created or failed to remediate.

Some of the faults identified include:

1. Permission re-delegation vulnerabilities in its preinstalled applications. According to the FTC, HTC’s custom voice recorder could be exploited to allow third-party access to the device’s microphone without the user’s consent. This flaw could allow an attacker to record conversations, track a user’s location, or perpetrate other fraud.

2. Carrier IQ implementation: According to the FTC, In order to assist carriers in their implementation of the Carrier IQ diagnostic software, HTC developed a “CIQ Interface” that would pass the necessary information to the Carrier IQ software. HTC used an insecure communications mechanism which allowed third-party applications on the user’s device to communicate with the CIQ Interface.

The FTC and HTC entered into a settlement. Under the terms of the settlement, HTC must patch the vulnerabilities and establish a comprehensive security program. HTC must also undergo independent security assessments every other year for the next 20 years and is prohibited from making false or misleading statements about the security and privacy of consumers’ data on its devices.

We will continue to keep you informed of the latest issues arising from cyber security, cyber threats, government regulation of cyberspace as well as what it all means to your business.

Domain Names With Geographic Designations – Trademark Law

Domain name disputes and domain name litigation are important areas of Internet law.  Sometimes an individual registers a domain name containing a a geographic designation, such as the name of a city.  Whether the domain name owner enjoys trademark protection depends on certain elements.  What if the domain name registered includes the name of a foreign city and the foreign city prevails in a UDRP proceeding?  Can the domain name owner sue in court in the U.S.?

Under United States trademark law, a geographic designation can obtain trademark protection if that designation acquires secondary meaning. Lanham Trade-Mark Act, § 2(e)(2), as amended, 15 U.S.C.A. § 1052(e)(2).  Registration and use of a name with a geographic designation is not unlawful, even if the public did not associate the name with anything other than city itself, and the city council could not obtain trademark interest in purely descriptive geographical designation. Lanham Trade-Mark Act, §§ 2(e)(2), 32, 45, as amended, 15 U.S.C.A. §§ 1052(e)(2), 1114, 1127.

Domain names are issued pursuant to contractual arrangements under which the registrant agrees to a dispute resolution process, known as the Uniform Domain Name Dispute Resolution Policy ( UDRP), which is designed to resolve a large number of disputes involving domain names, but this process is not intended to interfere with or modify any independent resolution by a court of competent jurisdiction. Lanham Trade-Mark Act, §§ 32, 45, as amended, 15 U.S.C.A. §§ 1114, 1127. The Uniform Domain Name Dispute Resolution Policy ( UDRP) does not unify the law of trademarks among the nations served by the Internet; rather, it forms part of a contractual policy developed by Internet Corporation for Assigned Names and Numbers (ICANN) for use by registrars in administering the issuance and transfer of domain names; indeed, it explicitly anticipates that judicial proceedings will continue under various nations’ laws applicable to the parties. Lanham Trade-Mark Act, §§ 32, 45, as amended, 15 U.S.C.A. §§ 1114, 1127.

The Anticybersquatting Consumer Protection Act (ACPA) authorizes a suit by a domain name registrant whose domain name has been suspended, disabled or transferred under that reasonable policy, including the Uniform Domain Name Dispute Resolution Policy ( UDRP), to seek a declaration that the registrant’s registration and use of the domain name involves no violation of the Lanham Act as well as an injunction returning the domain name. Lanham Trade-Mark Act, §§ 32, 45, as amended, 15 U.S.C.A. §§ 1114, 1127.  A World Intellectual Property Organization (WIPO) proceeding is relevant to an Internet domain name registration claim, but it is not jurisdictional; indeed, a WIPO panelist’s decision is not even entitled to deference on the merits. Lanham Trade-Mark Act, § 32(2)(D)(v), as amended, 15 U.S.C.A. § 1114(2)(D)(v).

Any decision made by a panel under the Uniform Domain Name Dispute Resolution Policy (UDRP) is no more than an agreed-upon administration that is not given any deference under the Anticybersquatting Consumer Protection Act (ACPA); to the contrary, because a UDRP decision is susceptible of being grounded on principles foreign or hostile to American law, the ACPA authorizes reversing a panel decision if such a result is called for by application of the Lanham Act. Lanham Trade-Mark Act, §§ 32, 45, as amended, 15 U.S.C.A. §§ 1114, 1127.

Therefore, an action brought in a United States court by a United States corporation involving a domain name administered by a United States registrar to determine whether registration or use of a domain name violated the Anticybersquatting Consumer Protection Act (ACPA) was required to be adjudicated according to United States trademark law under the Lanham Act, not foreign law; such resolution also was consistent with fundamental doctrine of territoriality upon which trademark law was based, since both United States and Spain had long adhered to Paris Convention for Protection of Industrial Property. Lanham Trade-Mark Act, § 32(2)(D)(v), as amended, 15 U.S.C.A. § 1114(2)(D)(v).

United States courts do not entertain actions seeking to enforce trademark rights that exist only under foreign law.  To establish a right to relief against an “overreaching trademark owner” under the reverse hijacking provision of the Anticybersquatting Consumer Protection Act (ACPA), a plaintiff must establish that: (1) it is a domain name registrant; (2) its domain name was suspended, disabled, or transferred under a policy implemented by a registrar; (3) the owner of the mark that prompted the domain name to be suspended, disabled, or transferred has notice of the action by service or otherwise; and (4) the plaintiff’s registration or use of the domain name is not unlawful under the Lanham Act, as amended. Lanham Trade-Mark Act, § 32, as amended, 15 U.S.C.A. § 1114.

Copyright Law: Pornographers Following RIAA’s Shakedown Tactics

At this Internet law firm, we are no strangers to copyright litigation.  From whether website reviews are copyrightable to defending individuals caught in the RIAA’s use of the Department of Justice to do RIAA’s litigation in the form of criminal copyright infringement prosecutions.   Now the pornographers are here and they are taking a page out of the RIAA’s playbook.  It appears that the pornographers’ strategy is to file lawsuits against unidentified parties, issue subpoenas and follow up with threatening letters to the identified individuals demanding payment of a few thousand dollars.  These individuals are accused of utilizing bit torrent software to infringe on the copyrights.  Multiply the $2k to $3k requested from each identified “John Doe” times a few hundred defendants in several jurisdictions and the pornographers can feasibly make more money through lawsuits than through selling their product.

To further the strategy, pornographer Patrick Collins filed an action in the U.S. District Court for the Eastern District of Virginia against 58 different unidentified (John Doe) defendants.  The case is
Civil Action No: 3:11CV531.  We were retained by one of the “John Doe” Defendants.  We identified a number of problems with Plaintiff’s case, not the least of which is the joinder of totally unrelated parties on the same litigation.  After seeing this situation, we filed a Motion to Quash on behalf of our client.  Some excerpts of the filing follow below:

Over the past several years, copyright owners across the nation, even those such as Plaintiff, who is yet to receive a copyright registration for its hardcore pornography, have attempted to take advantage of federal joinder rules in order to sue numerous John Doe defendants within a single complaint. These complaints are for copyright infringement via the Internet, and the complaints generally allege the use of peer-to-peer programs such as BitTorrent to download and/or upload copyrighted works. Some of these cases attempt to join defendants by the dozens, but many extend to hundreds and even thousands of unnamed defendants. See infra. Some courts have opined that the rationale for the joinder of multiple defendants in these copyright cases is an attempt by plaintiffs to “identify hundreds of Doe defendants through pre- service discovery and facilitate mass settlement.” See, for example, On the Cheap, LLC v. Does 1-5011, Case No. C10-4472, *11 (Zimmerman, M.J.) (N.D. Cal. Sept 6, 2011) (quoting IO Group, Inc. v. Does 1-435, 2011 U.S. Dist. LEXIS 14123, *9 (N.D. Cal. Feb. 3, 2011)).

Doe Defendant notes that this is not Plaintiff’s first mass-defendant copyright infringement lawsuit. For example, a similar copyright infringement suit regarding a different pornographic video was filed by Plaintiff in the Northern District of West Virginia against 281 John Doe defendants. In that case, all John Doe defendants except for John Doe 1 were severed on the basis of misjoinder, and subpoenas for the identities of the severed defendants were quashed. See Patrick Collins, Inc. v. Does 1-281, Case No. 3:10-cv-00091, *3-4 (Bailey, J.) (N.D. W.V. Dec 16, 2010). It appears that after failing in West Virginia, Plaintiff now asserts similar claims before this Court.

Under the Federal Rules of Civil Procedure, joinder of defendants is appropriate where two factors are met: 1) “any right to relief is asserted against them jointly, severally, or in the alternative with respect to or arising out of the same transaction, occurrence, or series of transactions or occurrences” and 2) “any question of law or fact common to all defendants will arise in the action.” Fed. R. Civ. P. 20(a)(2). If it is clear that misjoinder has occurred, then Fed. R. Civ. P. 21 permits a court, by a party’s motion or
sua sponte, to drop parties or to sever claims. “On motion or on its own, the court may at any time, on just terms, add or drop a party. The court may also sever any claim against a party.” Fed. R. Civ. P. 21.

The gravamen of Plaintiff’s Complaint is that John Doe Defendants all used a peer-to-peer client called BitTorrent to download and simultaneously upload the pornographic video. Essentially, Plaintiff alleges that all the John Doe Defendants “downloaded” the adult film and then “distributed” parts of that film to IPP, Limited, a company retained by Plaintiff to identify copyright infringement. Comp. ¶¶ 36-40. Yet other than some conclusory language regarding contributory copyright infringement and mischaracterizations of the application of BitTorrent “swarms,” discussed infra, there are no allegations that the John Doe Defendants acted in concert to infringe Plaintiff’s alleged copyright or that they were part of the same “transaction, occurrence, or series of transactions or occurrences” as required under Fed. R. Civ. P. 20(a)(2).

Plaintiff’s entire Complaint rests upon the premise that merely using BitTorrent to download the same file is sufficient to join different parties together as defendants in a single lawsuit.

However, numerous courts across the country have held that allegations that John Doe defendants “used the same peer-to-peer network to infringe a plaintiff’s copyrighted works are insufficient for joinder of multiple defendants under [Fed. R. Civ. P.] 20.” Boy Racer, Inc. v. Does 1-60, Case No. 3:11-cv-01738, *2 (Illston, J.) (N.D. Cal. Aug 19, 2011). The Northern District of California summarized some of these holdings:

Laface Records, LLC v. Does 1-38, 2008 U.S. Dist. LEXIS 14544 (E.D.N.C. Feb. 27, 2008) (ordering the severance of claims against thirty-eight defendants where plaintiff alleged each defendant used the same ISP as well as the same peer-to-peer network to commit the alleged copyright infringement, but there was no assertion that the multiple defendants acted in concert); Interscope Records v. Does 1-25, 2004 U.S. Dist. LEXIS 27782 (M.D. Fla. Apr. 1, 2004) (magistrate recommended sua sponte severance of multiple defendants in action where only connection between defendants was allegation that they used same ISP and peer-to-peer network to conduct copyright infringement); see also BMG Music v. Does, 2006 U.S. Dist. LEXIS 53237, No. 06-01579 (Patel, J.) (N.D. Cal. July 31, 2006) (finding improper joinder of four Doe defendants where the complaint alleged that each defendant used the same ISP to engage in distinct acts of infringement on separate dates at separate times, and there was no allegation that defendants acted in concert); Twentieth Century
Fox Film Corp. v. Does 1-12,
No. C 04- 04862 WHA (N.D. Cal. Nov. 16, 2004) (Alsup, J.) (severing twelve Doe defendants in a copyright infringement case where although defendants used the same ISP to allegedly infringe motion picture recordings, there was no allegation that the individuals acted in concert); cf. In the Matter of DIRECTV, INC. 2004 U.S. Dist. LEXIS 24263, No. 02-5912 (Ware, J.) (N.D. Cal. Jul. 26, 2004) (severing and dismissing hundreds of defendants in a case alleging that defendants purchased and used modified access cards and other pirate access devices to permit view of plaintiff’s programming without authorization).

Boy Racer, Case No. 3:11-cv-01738 at *2-3. Other cases holding similarly include multiple West Virginia cases (see, for example, Patrick Collins, Case No. 3:10-cv-00091, *3; Third World Media, LLC v. Does 1-1,243, Case No. 3:10-cv-00090, *3 (Bailey, J.) (N.D.W.V. Dec. 16, 2010); Combat Zone, Inc. v. Does 1-245, Case No. 3:10-cv-00096, *3 (Bailey, J.) (N.D.W.V. Dec. 16, 2010); and Axel Braun Production v. Does 1-7,098, Case No. 3:10-cv-00112, *3 (Bailey, J.) (N.D.W.V. Dec. 23, 2010), all holding that “defendants’ alleged use of some of the same ISPs and P2P networks to commit copyright infringement is, without more, insufficient for permissive joinder under Rule 20”); Lightspeed v. Does 1-1,000, 2011 U.S. Dist LEXIS 35392 (N.D. Ill. March 31, 2011) (finding misjoinder in a multiple-defendant copyright case involving BitTorrent); multiple cases from Texas (see, for example, Funimation Entertainment v. Does 1- 1337, Case No. 3:11-cv-00147-F, *3 (Furgeson, J.) (N.D. Tx. Feb. 10, 2011), holding that the plaintiff failed to allege any relationship among the defendants or any allegations that defendants acted in concert: “Plaintiff makes no allegation in this case that the claims against the joined defendants ‘arise out of the same transaction, occurrence, or series of transactions or occurrences.’ Instead, it seems that the copyright infringement claim against each Defendant is based on the individual acts of each Defendant”); and multiple California cases (see infra). In summation, courts from multiple jurisdictions have repeatedly concluded that “merely committing the same type of violation in the same way does not link defendants together for purposes of joinder.” Laface Records, 2008 WL 544992 at *2.

The Northern District of California has severed defendants and quashed subpoenas in multiple copyright infringement cases involving BitTorrent, including Boy Racer, Case No. 3:11- cv-01738; IO Group, Inc. v. Does 1-19, 2010 U.S. Dist. LEXIS 133717 (N.D. Cal. Dec. 7, 2010); and IO Group, Inc. v. Does 1-435, 2011 U.S. Dist. LEXIS 14123 (N.D. Cal. Feb. 3, 2011). In IO Group v. Does 1-19, the plaintiff claimed that nineteen different defendants reproduced eighteen different copyrighted films on fifteen different days. “The Court found that the plaintiff’s allegations that the defendants conspired with each other to provide the infringing reproductions of the works were ‘wholly conclusory and lack[ed] any facts to support an allegation that defendants worked in concert to violate plaintiff’s copyrights’.” Boy Racer, Case No. 3:11-cv- 01738 at *3 (quoting IO Group v. Does 1-19, 2010 U.S. Dist. LEXIS 133717 at *8-9). “The Court held that the ‘only factual allegation connecting the defendants’ – the allegation that they all used the same peer-to-peer network to reproduce and distribute the plaintiff’s copyrighted work – was insufficient for joinder of multiple defendants under Rule 20.” Id. “Similarly, in IO Group v. Does 1-435, the Court severed the Doe defendants, holding that use of the same ISP and peer-to-peer network was not sufficient for joinder, and that any ‘potential conspirator liability, based solely on use of a P2P network,’ does not stretch ‘so far as to make joinder of all users of a P2P network in one action proper.’” Id. at *4 (quoting IO Group v. Does 1-435, 2011 U.S. Dist. LEXIS 14123 at *15-16).

As the Northern District of California noted, “Courts have held specifically that the nature of the BitTorrent protocol does not make joinder appropriate where defendants allegedly used BitTorrent to infringe copyrighted works.” Boy Racer, Case No. 3:11-cv-01738 at *4. “In Diabolic Video Productions, the plaintiff alleged that 2,099 different defendants ‘acted in cooperation’ with one another ‘by agreeing to provide, and actually providing on a P2P network,an infringing reproduction’ of the plaintiff’s work.” Id. (quoting Diabolic Video Productions v. Does 1-2,099, 2011 U.S. Dist. LEXIS 58351, *10 (Grewal, M.J.) (N.D. Cal. May 31, 2011)). The plaintiff in Diabolic Video claimed that the “[d]efendants joined in a common ‘swarm,’ . . . that qualifies as the single transaction or series of closely-related transactions recognized under Rule 20.” Id. (quoting Diabolic Video, 2011 U.S. Dist. LEXIS 58351 at *10). “However, the court found that, apart from the alle
gation that the defendants all used the same peer-to-peer network to reproduce and distribute the plaintiff’s copyrighted work, the plaintiff offered ‘no allegations whatsoever to support its theory of a single or closely-related transactional theory.’”
Id. (quoting Diabolic Video, 2011 U.S. Dist. LEXIS 58351 at *10).

Boy Racer is on point. In that case, the Northern District of California concluded that the plaintiff failed to “plead facts showing that any particular defendant illegally shared plaintiff’s work with any other particular defendant.” Boy Racer, Case No. 3:11-cv-01738 at *5. Similarly, in this case, Plaintiff has not alleged that the John Doe Defendants shared the pornographic video with other John Doe Defendants; the Complaint merely alleges that all John Doe Defendants apparently connected with IPP, Limited’s computer on different dates and times. Comp. Exhibit A. The Northern District of California court also noted, “The Exhibit attached to plaintiff’s complaint indicates that defendants were allegedly present in BitTorrent swarms on approximately 18 different dates, and that defendants used approximately nine different ISPs.” Id. at *5-6. In the present case, Plaintiff, apparently realizing that it must allege some common transaction or occurrence in order to survive a motion to quash, attempts to portray all the John Doe Defendants are being a part of a single swarm. Comp. ¶¶ 31-33, 55-58. However, this claim is contradicted by Exhibit A of Plaintiff’s Complaint, which shows that John Doe Defendants allegedly communicated with IPP, Limited’s computer on multiple dates spanning a period of two months. Notably, the date and time that Doe Defendant allegedly communicated with IPP, Limited’s computer, July 15, 2011 at 15:23, fails to coincide with the dates and times of any of the other John Doe Defendants. Comp. Exhibit A. Thus, the logical conclusion is that the John Doe Defendants were part of multiple transactions, which is what the courts in Boy Racer and On the Cheap Order also concluded. The court in On the Cheap Order stated: “In Boy Racer, the Court was not persuaded by the copyright holder’s argument, which plaintiff sets forth here, that all of the defendants were involved in the same transaction because each one of them joined the same ‘swarm’ to download or distribute the copyrighted movie and were therefore acting in concert. Boy Racer found that the large gap of time – six weeks – between the alleged infringing act of the first Doe and the last Doe showed that the defendants may not have been cooperating with each other. The same is true for this case since Doe 1’s infringing act allegedly happened on June 19, 2010 while Doe 5011’s infringing act took place almost seven weeks later on August 6.” On the Cheap, Case No. 3:10-cv-04472 at FN4 (internal citations omitted).

If the Court were to accept Plaintiff’s rationale, then from the instant that a BitTorrent seed begins sharing a file with another peer, a single “swarm” would be created and would exist until the very last instant when a peer was sharing a file with another peer. Thus, a single swarm could conceivably last until perpetuity – or, more realistically, weeks, months, or even years. Someone who started a download six months after a BitTorrent torrent descriptor file was initially made available would thus, per Plaintiff’s characterization, be considered a participant in the same swarm as someone who had already completed the download, and was perhaps no longer even sharing the file, five months and twenty-nine days earlier. Under Plaintiff’s theory, the two individuals – whose computers may never have even communicated with each other – could be joined together as co-defendants in a single lawsuit, as a plaintiff could argue that they were both part of a single swarm and thus were both a part of the same transaction or series of transactions. Such a scenario is obviously overly broad in terms of joinder and was therefore rightfully rejected by other courts. Rejecting this scenario is further bolstered by other facts. For example, as many Americans presently have access to high-speed Internet and even multi- gigabyte files can be downloaded within a matter of hours, since Plaintiff’s alleged logs span two months, it is not clear how Plaintiff can seriously claim that each and every John Doe Defendant participated in the same transaction or same series of transactions. In order to transfer a file, the BitTorrent client must be open and the BitTorrent torrent descriptor file must be loaded into the client. Once a download is complete, an individual may exit out of the BitTorrent client, delete the BitTorrent torrent descriptor file, and/or eventually delete the downloaded file; in any of those situations, the file that was downloaded would no longer be shared with other peers. Additionally, to track the IP addresses used to download the pornographic video, IPP, Limited initiated a download of the film using a BitTorrent client. Comp. 40. Its own download of the adult video would hardly have taken two months to complete, and thus it would have had to initiate a new download each time the previous download completed. This is presumably what happened based upon Plaintiff’s allegation that “each of the Defendant’s computers used their identified IP addresses to connect to the investigative server from a computer … in order to transmit a full copy, or a portion thereof, of a digital media file.” Comp. 40 (emphasis added). Therefore, by Plaintiff’s own admission, IPP, Limited was involved in multiple file transfers, i.e., multiple transactions. Doe Defendant also notes that the “hash number” that Plaintiff mentions in its Complaint does not identify a particular transaction or occurrence, but rather, it is used to identify the particular file that is being transmitted. All individuals who downloaded the file via BitTorrent would – or should – have the same hash number for the file, regardless of when they downloaded it or from which computers they received pieces of the file. Therefore
, Plaintiff’s contention that the John Doe Defendants were all part of the same transaction, occurrence, or series of transactions or occurrences is without merit. The Complaint does not otherwise allege that John Doe Defendants were related in any way; the Complaint also does not allege any facts to support the conclusory claim that John Doe Defendants knew about each other. Thus, it is clear that Plaintiff’s Complaint is no different from other peer-to-peer complaints made and rejected by courts across the country. As the Northern District of California stated: “The nature of the BitTorrent protocol does not justify joinder of these otherwise unrelated Doe defendants. The BitTorrent protocol is of the same peer-to-peer architecture of other peer-to-peer protocols where this Court and other courts have found joinder improper. Allegations that defendants used a single peer-to-peer network to download plaintiff’s works – on different days, at different times, and through different ISPs – is insufficient to allow plaintiff to litigate against sixty different defendants in one action.”
Boy Racer, Case No. 3:11- cv-01738 at *6.
Furthermore, courts have found improper joinder in multiple-defendant copyright cases because each defendant is likely to have a different defense:
Comcast subscriber John Doe 1 could be an innocent parent whose internet access was abused by her minor child, while John Doe 2 might share a computer with a roommate who infringed Plaintiffs’ works. John Does 3 through 203 could be thieves, just as Plaintiffs believe, inexcusably pilfering Plaintiffs’ property and depriving them, and their artists, of the royalties they are rightly owed. . . . Wholesale litigation of these claims is inappropriate, at least with respect to a vast majority (if not all) of Defendants.

BMG Music v. Does 1-203, Case No. 04-650, 2004 WL 953888, *1 (E.D. Pa. Apr. 2,

2004); see also Third World Media, Case No. 3:10-CV-90 at *3 and On the Cheap, Case No. 3:10-cv-04472 at *6 (“one factor weighing in favor of severance is that since the claims against the different Defendants most likely will involve separate issues of fact and separate witnesses, different evidence, and different legal theories and defenses, which could lead to jury confusion, separate trials will be required for each Defendant” (internal citations and quotation marks omitted)).

You may find our memorandum in support of the Motion to Quash here.  After we filed the Motion, the Plaintiff filed a notice of voluntary dismissal, which is permitted under the Federal Rules of Civil Procedure.  Although we are glad that our client was dismissed from the litigation, the entire scenario surrounding this litigation and the ensuing shakedown of the individuals identified (RIAA style), is still troublesome.

Unfortunately for the Plaintiff, this questionable litigation strategy did not escape the Court’s attention.  The Court entered an Order severing all but one of the defendants from the litigation, quashed all the subpoenas, and may impose sanctions against Plaintiff and against Plaintiff’s attorney.

Some interesting portions of the Court’s Order follow:

In short, the plaintiff has failed to demonstrate any right to relief against the defendants arising out of the same transaction,occurrence,or series of transactions or occurrences. “Merely committing the same type of violation in the same way does not link defendants together for purposes of joinder.” Laface Records, LLC v. Does 1-38, No. 5:07-CV-298, 2008 U.S. Dist. LEXIS 14544, at *7 (E.D.N.C. Feb. 27, 2008). The Court agrees with Judge Spero’s analysis in a recent decision from the United States District Court for the Northern District of California 

The mere allegation that the defendants have used the same peer-to-peer network to copy and reproduce the Work—which occurred on different days and times over a span of two months—is insufficient to meet the standards o f joinder set forth in Rule 20. See Diabolic Video Productions, Inc. v. Does 1-2099, No. 10-CV-5865, 2011 U.S. Dist. LEXIS 58351, at *10-11 (N.D. Cal. May 31,2011); see also Millennium TGA, Inc. v. Does 1-21, No. 11-2258,2011 U.S. Dist. LEXIS 53465, at *6-7 (N.D. Cal. May 12, 2011). Accordingly, the Court concludes that joinder of the Doe defendants in this action does not satisfy Rule 20(a). In the interest of fairness, the Court finds it appropriate to exercise its discretion under Rule 21 to sever all o f the defendants but one.

The Court also finds that the plaintiff shou
ld be required to show cause why certain conduct does not violate Rule 11
of the Federal Rules of Civil Procedure. The Court currently has three similar cases before it, all brought by the same attorney.2 The suits are virtually identical in their terms, but filed on behalf of different film production companies. In all three, the plaintiffs sought, and the Court granted, expedited discovery allowing the plaintiffs to subpoena information from ISPs to identify the Doe defendants. According to some of the defendants, the plaintiffs then contacted the John Does, alerting them to this lawsuit and their potential liability. Some defendants have indicated that the plaintiff has contacted them directly with harassing telephone calls, demanding $2,900 in compensation to end the litigation. When any of the defendants have filed a motion to dismiss or sever themselves from the litigation, however, the plaintiffs have immediately voluntarily dismissed them as parties to prevent the defendants from bringing their motions before the Court for resolution.

This course of conduct indicates that the plaintiffs have used the offices of the Court as an inexpensive means to gain the Doe defendants’ personal information and coerce payment from them. The plaintiffs seemingly have no interest in actually litigating the cases, but rather simply have used the Court and its subpoena powers to obtain sufficient information to shake down the John Does. Whenever the suggestion of a ruling on the merits of the claims appears on the horizon, the plaintiffs drop the John Doe threatening to litigate the matter in order to avoid the actual cost of litigation and an actual decision on the merits.

The plaintiffs’ conduct in these cases indicates an improper purpose for the suits. In addition, the joinder of unrelated defendants does not seem to be warranted by existing law or a non-frivolous extension of existing law.

A complete copy of the Court’s Order can be read here.  It will be interesting to see where this litigation goes next.

 

Attorney Domingo J. Rivera wins Summary Judgment in Computer Trespass Case

In another pioneer decision, attorney Domingo J. Rivera obtained summary judgment in a case involving an ex-husband accessing his wife’s email and social network accounts without authorization.

There has been some discussion in the news about a Michigan man that criminally charged with with accessing his wife’s computer accounts.   Some commentators have argued that utilizing the computer hacking statutes to prosecute these acts is overreaching, but so far, the courts have provided little guidance on this issue.

Many Federal and State computer crime statutes provide not only criminal, but also civil remedies for the victims.  Recently, attorney Domingo Rivera handled one of these civil cases.   As is the case for many pioneering cases handled by attorney Domingo Rivera, this was a case that other attorneys expressed doubt about and that opposing counsel openly minimized.

In this case, the opposing party claimed that the divorce property settlement agreement barred our client’s claims and filed a counterclaim against our client for breach of the agreement.  We also obtained summary judgment dismissing this claim against our client.

The Court not only agreed with the legal argument advance by attorney Domingo Rivera, but also granted summary judgment.   Obtaining summary judgment means that we prevailed as a matter of law and that a trial to establish liability was not necessary.   The Court expertly discussed the standard for summary judgment:

In determining whether summary judgment is appropriate, the burden is placed on the moving party to establish both the absence of a genuine issue of material fact and that it is entitled to judgment as a matter of law. See Fed. R. Civ. P. 56(c); Matsushita Elec. Indus. Co. v. Zenith Radio Corp., 475 U.S. 574, 586-87 (1986); Nat’l. Bank of Commerce of El Dorado, Ark. v. Dow Chem. Co., 165 F.3d 602 (8th Cir. 1999). The Court must review the facts in a light most favorable to the party opposing a motion for summary judgment and give that party the benefit of any inferences that logically can be drawn from those facts. Canada v. Union Elec. Co., 135 F.3d 1211, 1212-13 (8th Cir. 1998) (citing Buller v. Buechler, 706 F.2d 844, 846 (8th Cir. 1983)).
Once the moving party demonstrates that the record does not disclose a genuine dispute on a material fact, the non-moving party may not rest upon the mere allegations or denials of his pleadings, but his response, by affidavits or as otherwise provided in Rule 56, must set forth specific facts showing that there is a genuine issue for trial. Ghane v. West, 148 F.3d 979, 981 (8th Cir. 1998)(citing Burst v. Adolph Coors Co., 650 F.2d 930, 932 (8th Cir. 1981)). In order for there to be a genuine issue of material fact, the non-moving party must produce evidence “such that a reasonable jury could return a verdict for the nonmoving party.” Allison v. Flexway Trucking, Inc., 28 F.3d 64, 66 (8th Cir. 1994) (quoting Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248 (1986)). Furthermore, “[w]here the unresolved issues are primarily legal rather than factual, summary judgment is particularly appropriate.” Aucutt v. Six Flags Over Mid-America, Inc., 85 F.3d 1311, 1315 (8th Cir. 1996)(quoting Crain v. Bd. of Police Comm’rs, 920 F.2d 1402, 1405-06 (8th Cir. 1990)).

The Court then moved on to the respective arguments of the parties, attorney Domingo Rivera represented the Plaintiff.  The Court explained:

III. Plaintiff’s Claims

As a threshold matter, Defendant claims that Plaintiff is barred from bringing her claims by the terms of the Property Settlement Agreement (the “Agreement”) signed by both parties as a part of the parties’ divorce proceeding. Defendant’s counterclaim alleges that Plaintiff is in breach of contract for bringing the present claims. In signing the Agreement, both parties acknowledged that they had been represented by counsel prior to executing the Agreement. “Settlement agreements are contracts subject to the general rules of contract construction.” Hill v. Southside Public Schools, 688 F.Supp. 493, 497 (E.D. Ark. 1988) (quoting N.L.R.B. v. Superior Forwarding, Inc., 762 F.2d 695, 697 (8th Cir. 1985)). The Court is to construe any agreement to give effect to the intent of the parties. Id. The intent of the parties is determined by reviewing the language of the contract itself, as well as by considering “the circumstances surrounding the making of the contract, its subject, and the situation and relation of the parties at the time of its making.” Id. (quoting Louisiana-Nevada Transit Co. V. Woods, 393 F. Supp. 177, 184 (W.D. Ark. 1975)).

The Agreement was meant to settle any and all claims related to the divorce proceeding. It strains logic to infer that the parties’ intended to waive the ability to bring any and all claims, including federal claims that could not have been litigated in a state divorce proceeding, that could ever potentially arise between the parties. Taking into consideration the fact that the parties were forming and signing the agreement in the context of a divorce proceeding; the subject and purpose of the agreement was to settle issues “arising out of this [divorce] litigation”. (Doc. 8, p. 11, ex. A). The fact that the divorce proceeding took place in state court that would not have jurisdiction over many of the claims Plaintiff now raises, can only lead the Court to conclude that Plaintiff did not waive her ability to bring the instant claims. While the alleged conduct may have taken place prior to and during the pendency of the divorce proceedings, the Court does not find Plaintiff’s claims to be intertwined with the Agreement such that she would now be precluded from bringing her claims in federal court.

Defendant also argues that Plaintiff is precluded from bringing her claims because the court presiding over the custody proceeding admitted the materials that he accessed into evidence. A court’s admission of materials into evidence is not relevant to the issues currently before the court. The judge in that proceeding made no determination as to the merits of the present claims. As Defendant points out, Plaintiff may have been able to appeal the decision to admit the evidence, but she also has the independent ability to pursue separate claims in this Court. For these reasons, the Court finds that Plaintiff is entitled to Summary Judgment on Defendant’s Counterclaim, and her motion as to the counterclaim (doc. 22) is GRANTED.

Finally, the Court explored the applicability of the Stored Communications Act and the State Computer Trespass statutes:

ii. Federal Stored Communications Act (SCA)

The relevant section of the SCA provides that whoever “intentionally accesses without authorization a facility through which an electronic communication service is provided; or intentionally exceeds an authorization to access that facility; and thereby obtains . . . access to a wire or electronic communication while it is in electronic storage in such system shall be punished . . .” 18 U.S.C. § 2701(a). The statute allows for private causes of action where “any person” injured by a violation of the SCA can show that the person violating the Act acted with a

U.S. v. Cassim: Domingo Rivera obtains first Federal “music piracy” jury trial defense victory

Today, a federal jury acquitted Adil Cassim who was represented by Domingo J. Rivera.  The United States Department of Justice had alleged that Adil Cassim was the leader of Rabid Neurosis (“RNS”).  On the DOJ website, the press release alleged that “according to the indictment, the defendants, led by Cassim for a
period of time, allegedly conspired to illegally upload to RNS
thousands of copyright protected music files, which were often
subsequently reproduced and distributed hundreds of thousands of times. According to the indictment, RNS was a “first-provider” or “release
group” for pirated music and other content to the Internet. Once a
group obtains and prepares infringing digital copies of copyrighted
works, the copies can then be distributed in a matter of hours to
secure computer servers throughout the world. According to the
indictment, RNS members were granted access to massive libraries of
pirated music, video games, software and movies by gaining a reputation
for providing previously unavailable pirated materials. The indictment
alleges that
t
he supply of pre-release music was often provided by music industry
insiders, such as employees of compact disc (CD) manufacturing plants,
radio stations and retailers, who typically receive advance copies of
music prior to its commercial release.Read the USDOJ press release here.

Various alleged members of RNS have been convicted.  The jury’s verdict was released a few hours ago, more details will be available soon.

Internet Copyright Infringement – Courts Weigh-In

We frequently handle Internet copyright infringement issues.  These issues present themselves in many forms.  Some examples include: Internet copyright infringement resulting from copied website contents, Internet copyright infringement claims against ISP resulting from copied website photographs, Internet copyright infringement claims against Internet search engine from displaying copyright images as thumbnails with the indexed results, and Internet copyright infringement claim against search engine and online retailer resulting from the use of copyrighted images as thumbnails.

Internet copyright infringement decisions are far from uniform.  Quuite to the contrary, Internet law is one of the least predictable areas of law. However, the decisions of some courts follow:

Internet copyright infringement from copied Internet website contents

The owner of a website that sold goods and services over the Internet discovered that a competitor had copied the contents of its website and had created a rival Internet site that was a virtual mirror image if its website. The website was copied by posting identical source code at other Internet websites. The replication of the site diverted traffic and sales from the original website.

A New York federal court held that the Internet copyright infringement resulting from the copying of the website was willful and awarded statutory damages for Internet copyright infringement as well as costs and attorneys’ fees.

The Court found that the infringement was willful and awarded statutory damages with the objectives of compensating copyright owners for past infringement and deterring future infringement. The Factors considered relevant to determining an appropriate statutory damages award include the “expenses saved and profits reaped by the infringers,” the revenues lost by the plaintiff, the infringers’ state of mind (wilful, knowing or merely innocent), the value of the copyright and the deterrent effect on both the defendant and others. The court also awarded attorney’s fees and costs

Internet copyright infringement claims against ISP resulting from copied website photographs

The owner of an Internet website containing commercial real estate information sues an ISP for Internet copyright infringement, contributory copyright infringement, vicarious Internet copyright infringement, and challenging the applicability of the DMCA safe harbor provision to the ISP.

A Virginia federal court dismissed the claims of Internet copyright infringement, contributory copyright infringement, and vicarious copyright infringement. The DMCA safe harbor provision protected the ISP.

A provider of commercial real estate information on the Internet collected a comprehensive a comprehensive database of information on commercial real estate markets and commercial properties in the United States and the United Kingdom. The database, including photographs was available to customers through the Internet.

An Internet service provider’s (“ISP”) website allowed subscribers, generally real estate brokers, to post listings of commercial real estate on the Internet. The ISPs terms of service included a promise not to post copies of photographs without authorization. When informed of the violations, the ISP removed the photographs.

The commercial real estate provider commenced action against the ISP for copyright infringement, violation of the Lanham Act, and several state-law causes of action. A federal court in Maryland held that the ISP had not engaged in direct infringement under the Copyright Act. It left open, however, CoStar’s claims that LoopNet might have contributorily infringed CoStar’s copyrights and that LoopNet was not entitled to the “safe harbor” immunity provided by the Digital Millennium Copyright Act, 17 U.S.C. § 512.

The U.S. Court of Appeals held that an Internet service provider (ISP) could not be held liable as a direct copyright infringer when its facility was used by subscriber to violate copyright without intervening conduct of ISP; ISP, which provided system that automatically received subscriber’s infringing material and transmitted it to Internet at instigation of subscriber, had not itself fixed copy in its system of more than transitory duration.

Internet service providers (ISPs), when passively storing material at direction of users in order to make that material available to other users upon their request, do not “copy” material in direct violation of Copyright Act. 17 U.S.C.A. § 106.

Automatic copying, storage, and transmission of copyrighted materials, when instigated by others, does not render Internet service provider (ISP) directly liable for copyright infringement; ISP can become liable indirectly upon showing of additional involvement sufficient to establish contributory or vicarious infringement, but even then may still look to Digital Millennium Copyright Act (DMCA) for safe harbor if it fulfilled conditions therein. 17 U.S.C.A. §§ 106, 501, 512.

Internet copyright infringement claim against Internet search engine from displaying copyright images as thumbnails with the indexed results

A professional photographer and owner of copyrighted images displayed on his Internet web site sued a leading Internet search engine, which displayed search results as “thumbnail” pictures, for copyright infringement.

A California federal court dismissed the claim of Internet copyright infringement. The use of copyrighted images that were displayed on Internet web sites by the search engine, which displayed search results as “thumbnail” pictures, was “fair use” of copyrighted images.

The plaintiff was a professional photographer who has copyrighted many of his images. Some of these images are located on plaintiff’s web site or other web sites with which plaintiff had a license agreement. The defendant operated an internet search engine that displayed its results in the form of small pictures rather than the more usual form of text. The defendant obtained its database of pictures by copying images from other web sites. By clicking on one of these small pictures, called “thumbnails,” the user can then view a large version of that same picture within the context of the web page.

When plaintiff discovered that his photographs were part of defendant’s search engine database, he brought a claim against defendant for copyright infringement. The court found that plaintiff had established a prima facie case of copyright infringement based on defendant’s unauthorized reproduction and display of plaintiff’s works, but that this reproduction and display constituted a non-infringing “fair use” under Section 107 of the Copyright Act.

The use of copyrighted images that were displayed on Internet web sites by operator of visual search engine, which displayed search results as “thumbnail” pictures, was “fair use” of copyrighted images; although creative nature of the copyrighted works weighed in favor of image owner, purpose and character of operator’s use of works and effect of that use on potential market for or value of works weighed in favor of search engine operator. 17 U.S.C.A. § 107.

Internet copyright infringement claim against search engine and online retailer resulting from the use of copyrighted images as thumbnails

A copyright owner brought legal action major Internet search engine and Internet retailer for Internet copyright infringement resulting from the copying of copyrighted images. The copyright owner sought a preliminary injunction based on its claim of Internet copyright infringement to prevent the retailer and the search engine from copying, reproducing, distributing, displaying, or otherwise
infringing, or contributing to the Internet copyright infringement of its photographs.

A California court dismissed the claim of Internet copyright infringement, held that the Internet search engine operator’s display of thumbnail images of copyright owner’s photographs, in response to user searches, was fair use of copyrighted photographs; operator put images to a use fundamentally different than use intended by owner, thereby providing significant benefit to the public.

A copyright owner brought legal action major Internet search engine and Internet retailer for Internet copyright infringement resulting from the copying of copyrighted images. The copyright owner sought a preliminary injunction based on its claim of Internet copyright infringement to prevent the retailer and the search engine from copying, reproducing, distributing, displaying, or otherwise infringing, or contributing to the Internet copyright infringement of its photographs.

Internet search engine operator’s display of thumbnail images of copyright owner’s photographs, in response to user searches, was fair use of copyrighted photographs; operator put images to a use fundamentally different than use intended by owner, thereby providing significant benefit to the public. 17 U.S.C.A. § 107.

Even if search engine users who linked to websites showing owner’s copyrighted photographs automatically made “cache” copies of full size images of the works, and such action amounted to direct infringement of owner’s right of reproduction, such automatic copying was fair use of copyrighted images; such copying was a transformative use, the cache copied no more than was necessary to assist the user in Internet use, and the copying had no more than a minimal effect on owner’s rights, while having a considerable public benefit. 17 U.S.C.A. § 107.

Owner of copyrighted photographs was not likely to succeed on its claim of vicarious copyright infringement by Internet search engine operator that provided, to its users, links to third-party websites that reproduced, displayed, and distributed unauthorized copies of owner’s images, as required for preliminary injunction prohibiting such linking; owner did not demonstrate likelihood of showing that operator had legal right to stop or limit direct infringement of third-party websites, notwithstanding agreements, through an advertising program, permitting it to terminate an entity’s participation in that program, operator could not terminate third-party websites or block their ability to host and serve infringing full-size images on the Internet, and operator lacked practical ability to police the infringing activities of third-party websites.