Tag Archives: anticircumvention

Employee’s unauthorized conduct was not a DMCA prohibited circumvention

Plaintiff sued its former employee and alleged, among other things, that defendant violated the anticircumvention provisions of the Digital Millennium Copyright Act  (17 USC 1201). While defendant was still an employee, she used her username and password to access and download copyrighted material stored on plaintiff’s server after she had already accepted an employment offer from a competitor.

Defendant moved to dismiss the anticircumvention claim. The court granted the motion to dismiss.

The court’s holding centered on what the DMCA means by “circumvent a technological measure”. The statute requires that for there to be circumvention, one must “descramble a scrambled work . . . decrypt an encrypted work, or otherwise . . . avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner.”

In this case, the court followed the line of reasoning in prior cases, including Egilman v. Keller & Heckman LLP  to hold that defendant did not circumvent any measures because she validly accessed the system using her username and password.

The court found that even if the use that defendant made of that access was not something that plaintiff would have authorized her to do, i.e. copy the materials at issue, defendant’s alleged abuse of her logon privileges did not rise to the level of descrambling, decrypting, or otherwise avoiding, bypassing, removing, deactivating, or impairing anything.

R. Christopher Goodwin & Assoc., Inc. v. Search, Inc., 2019 WL 5576834 (E.D. Louisiana October 29, 2019)

About the Author: Evan Brown is a Chicago technology and intellectual property attorney. Call Evan at (630) 362-7237, send email to ebrown [at] internetcases.com, or follow him on Twitter @internetcases. Read Evan’s other blog, UDRP Tracker, for information about domain name disputes.

DMCA injunction against company accused of importing Iranian cracking tools and Chinese password generator to unlock software

Defendant entered into a software license agreement with plaintiff that allowed defendant to use plaintiff’s software in China. Plaintiff filed suit, accusing defendant of violating the anticircumvention provisions of the Digital Millennium Copyright Act (DMCA), which enabled defendant to use the software in California. It sought a preliminary injunction and the court granted the motion. 

The DMCA at 17 U.S.C. § 1201(a)(1) prohibits “circumvention of technological measures that effectively control access to a copyrighted work.” The court found that plaintiff was likely to succeed on this claim: defendant’s computers contained evidence of crack files used to gain unauthorized access to plaintiff’s software, and these cracking tools were used to circumvent anti-piracy measures by unlocking the software. Also, defendant manually changed the MAC addresses of 11 computers in the United States, which also allowed defendant to circumvent plaintiff’s anti-piracy measures.

The court also found that plaintiff could prove violation of § 1201(a)(2), which prohibits importing and manufacturing “technology that circumvents a technological measure that ‘effectively controls access’ to a copyrighted work.” The forensic evidence collected from defendant’s computers showed that defendant imported a crack file from an Iranian software piracy website and obtained license key generator software from a Chinese website known to host pirated software.

Synopsys v. Innogrit, 2019 WL 2617091 (N.D. Cal. June 26, 2019)

Installing earlier software version that lacked license check feature triggered DMCA anticircumvention liability

EGS and DDS were in a dispute over the use of DDS’s software. [You can read about the copyright infringement claims here.] DDS claimed EGS had failed to pay license fees for its software. So DDS installed an update that would confirm the current license, and if the license was not up to date, would lock the program. In response, EGS elected to use a previously-licensed and older version of the software that did not contain the license check feature. Because of this, DDS claimed that EGS violated the anticircumvention provisions of the Digital Millennium Copyright Act

EGS moved to dismiss the DMCA anticircumvention claim. The court denied the motion. 

The DMCA provides, in relevant part, that “[n]o person shall circumvent a technological measure that effectively controls access to a work protected under this title.” It goes on to state that “to ‘circumvent a technological measure’ means to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner.” It also explains that “a technological measure ‘effectively controls access to a work’ if the measure, in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work.” 

EGS had argued in part that it did not violate the anticircumvention provisions because its conduct was like the defendant in the case of I.M.S. Inquiry Management Systems, Ltd. v. Berkshire Info. Systems, Inc., 307 F. Supp. 2d 521 (S.D.N.Y. 2004). In that case, the defendant used a legitimate username and password to gain access to the protected work. 

The court acknowledged that like the situation in I.M.S., EGS did not do anything to change or manipulate the DDS software. However, as the court noted, the fact remained that EGS allegedly removed the software and reinstalled a prior version. For that reason, I.M.S. and the similar case of Navistar, Inc. v. New Baltimore Garage, Inc., 2012 WL 4338816 (N.D. Ill. Sept. 20, 2012), were not to the contrary.

First, those cases acknowledged that removing a technological measure suffices to state a claim under the DMCA. Second, EGS had leaned heavily on the fact that DDS analogized its license check to a password protection system, and that the district courts in I.M.S. and Navistar reasoned that “using a password to access a copyrighted work, even without authorization, does not constitute circumvention under the DMCA …” But implicit in those courts’ reasoning was a recognition that the licensee already knew the password and thus had the key to the castle.

In this case, to the contrary, EGS had no way to go through the license check and access the current software except by removing it entirely. Accordingly, the court found that a more apt analogy was that EGS circumvented “the deployed technological measure in the measure’s gatekeeping capacity” by uprooting the locked gate.

Eclipse Gaming Systems, LLC v. Antonucci, 2019 WL 3988687 (N.D. Ill. Jan. 31, 2019)

See also:

The vexing linkage between access and protection in DMCA anticircumvention analysis

A couple of days ago David Donoghue wrote about the recent case of Nordstrom Consulting, Inc. v. M&S Technologies, Inc., No. 06-3234, 2008 WL 623660 (N.D. Ill. March 4, 2008). Dave’s post gives a very thorough treatment of all aspects of the case, which involve primarily allegations of infringement of the copyright in software.

The case also involved a claim of circumvention under the Digital Millennium Copyright Act, at 17 U.S.C. 1201(a). The court granted the defendants’ summary judgment motion on this claim.

The dispute arose from a rather typical set of facts. The parties had collaborated on the development of some software. Along the way the principal author of the software became dissatisfied and parted ways. Litigation ensued over the parties’ ownership and use of the source code.

Before plaintiff Nordstrom officially severed ties, he went on vacation. While he was gone, one of the defendant’s employees (Butler) sent Nordstrom an email saying that Butler needed access to the source code which was stored on a computer there in the office, in order to help out a customer. Nordstrom didn’t respond for several days, and in the meantime, Butler disabled the BIOS password for the computer.

Nordstrom sued under Section 1201 over this disabling of the password. The court relied heavily on the Federal Circuit’s decision in Chamberlain Group, Inc. v. Skylink Technologies, Inc., 381 F.3d 1178 (Fed. Cir. 2004) to conclude that there was no violation of Section 1201’s anticircumvention provisions.

The Chamberlain case draws a necessary connection between circumvention and infringement. And the presence of this connection is the vexing part of the analysis. A quick reading of Section 1201 does not reveal the link.

But the Chamberlain court held that Section 1201’s prohibition on circumvention does not give rise to a new property interest, only a new cause of action, one that goes after circumvention of methods controlling access to protected works. One can’t pursue a defendant just for circumvention in a vacuum, so to speak. The circumvention has to bear some “reasonable relationship to the protections that the Copyright Act otherwise affords copyright owners.” Chamberlain, 381 F.3d at 1202. In other words, without infringement or the facilitation of infringement arising from the cirumvention, a cause of action under 1201 does not arise. The linkage is one between access and protection.

The holding of the Nordstrom case as to the DMCA claim picks up on this link between access and protection. Summary judgment on the circumvention claim was proper because the plaintiff could not show that Butler’s disabling of the BIOS password protection on the computer storing the source code enabled any infringement. The evidence before the court was that Butler accessed the code to fix a problem on behalf of an authorized licensee of the software. Because of the license, there could be no infringement. Without any connection to infringement, under the teaching of Chamberlain, a cause of action for circumvention could not be sustained.