Tag Archives: p2p

ISP’s alleged throttling of BitTorrent and Skype violates Computer Fraud and Abuse Act

Fink v. Time Warner Cable, 2011 WL 3962607 (S.D.N.Y. September 7, 2011)

Plaintiffs sued Time Warner (the provider of Road Runner High Speed Online internet access), alleging, among other things, that Time Warner’s alleged “throttling” of plaintiffs’ internet communications violated the Computer Fraud and Abuse Act, 18 USC 1030 (“CFAA”). Specifically, plaintiffs alleged that without their authorization, Time Warner sent forged reset packets which frustrated plaintiffs’ peer-to-peer communications (e.g., BitTorrent and other P2P mechanisms) as well as their use of Skype.

Time Warner moved to dismiss the CFAA claims. The court granted the motion as to claims that required plaintiffs to  plead “loss” as defined by the statute. As for those claims that required only allegations of “access” and “damage,” the court denied the motion to dismiss and let the case move forward.

Plaintiffs brought three claims under the CFAA, one under each of subparts (A), (B) and (C) of 18 USC 1030(a)(5). This part of the statute provides liability for anyone who:

(A) knowingly causes the transmission of a program, information, code, or command, and as a result of such conduct, intentionally causes damage without authorization, to a protected computer;

(B) intentionally accesses a protected computer without authorization, and as a result of such conduct, recklessly causes damage; or

(C) intentionally accesses a protected computer without authorization, and as a result of such conduct, causes damage and loss.

No CFAA loss

The CFAA defines “loss” as “any reasonable cost to any victim, including the
cost of responding to an offense, conducting a damage assessment, and restoring the data, program, system, or information to its condition prior to the offense, and any revenue lost, cost incurred, or other consequential damages incurred because of interruption of service.”

In this case, plaintiffs alleged that the loss they suffered arose from their payments for high-speed internet services allegedly not received, costs to prevent Time Warner’s throttling practice and the costs of obtaining information elsewhere when they were unable to use their computers for file transfers and VoIP communications. Plaintiffs also pled losses relating to time and effort in assessing “damage” to each computer for which transmissions were interrupted. 

The court found these alleged losses to be outside the scope of those contemplated by the CFAA. Plaintiffs did not allege that they needed to restore data,a program, a system, or information to its condition prior to Time Warner’s conduct. The court held that Plaintiffs had failed to adequately plead this element of a CFAA claim. So it dismissed the claim plaintiffs had brought under 18 USC 1030(a)(5)(C).

“Damage” and “access” adequately pled

Plaintiffs’ failure to adequately plead loss was not the end of the case. Since subparts (A) and (B) of  18 USC 1030(a)(5) do not require one to plead “loss,” but do require pleading ”damage” and “access,” the court turned its attention to see if those elements were adequately pled. It found that they were.

The CFAA defines “damage” as “any impairment to the integrity or availability of data, a system, or information.” Plaintiffs alleged that Time Warner impaired their ability to obtain data and utilize their computer systems by knowingly transmitting “reset packets to [their] computers with the intention of impeding or preventing [their] peer-to-peer transmissions” and that damage was caused because the reset packets “compromis[ed] the internal software of [their]computers and impair[ed] their ability to receive and transmit data.” The plaintiffs also alleged that the throttling process prevented data exchange and inhibited certain use of their computers. In addition, plaintiffs identified the specific types of information that had its availability “impeded” and identified a particular program, Skype, that was rendered unusable by the alleged throttling. 

As for “access,” the court looked to the plain meaning, dictionary definition of the word for guidance (since the term is not defined in the CFAA). Plaintiffs had alleged that Time Warner accessed their computers in violation of the statute by knowingly transmitting reset packets to plaintiff’s computers and otherwise accessed their computers to impede data receipt and transmission.” Giving the term “access” a broad meaning, the court found these allegations to satisfy the CFAA requirement.

BitTorrent site liable for Grokster style inducement of copyright infringement

Columbia Pictures v. Fung, No. 06-5578 (C.D. Cal. December 21, 2009).

This case came out three weeks ago, but it’s pretty significant and hasn’t gotten the coverage and analysis it deserves. Of course Professor Goldman covered it in a timely manner. But his blogging agility surpasses that of us mere mortals.

Fung and his company Isohunt Web Technolgies ran a number of popular BitTorrent sites where users could find and share torrent files that permitted the downloading of video files. [Here's how BitTorrent works.] Several Hollywood studios sued Fung and his company for copyright infringement over the operation of the sites and the activites of the sites’ users.

Ostriches don't actually put their head in the sand

The plaintiffs moved for summary judgment on the copyright claims. The court granted the motion.

The court based its ruling on a theory of “secondary liability” — that is, Fung and his company were liable for the copyright infringement (i.e., the distribution of copyrighted movies and TV shows) committed by users of the sites. More specifically, the court held that the defendants induced copyright infringement, citing to the 2005 U.S. Supreme Court decision in MGM v. Grokster.

The defendants’ inducement of copyright infringement

Under Grokster, “one who distributes a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement, is liable for the resulting acts of infringement by third parties.”

In this case, the court found numerous ways that the defendants had induced copyright infringement. Among the defendants’ activities that gave rise to secondary liability were:

  • Providing categories on the sites to assist users in locating and downloading currently-popular movies, and making express statements to third parties to encourage copyright infringement
  • Providing technical support to users who desired to download and view copyrighted materials.
  • Implementing technical features (such as crawling The Pirate Bay) to locate copyrighted material
  • Relying on an advertising based business model that benefitted from high volume traffic drawn by the availability of infringing material

Rejection of the defendants’ DMCA affirmative defense

The court rejected the defendants’ argument that the safe harbors of the Digital Millennium Copyright Act (DMCA) should shield the torrent sites form liability.

A service provider can sail its ship into a DMCA safe harbor if, among other things, it does not have actual knowledge of, or is not willfully blind to, infringing activities being undertaken through its system. Said another way, the limitation of liability afforded by the DMCA is lost if the provider becomes aware of a “red flag” from which infringing activity is apparent.

The court found that the defendants did not qualify for safe harbor protection because of the “overwhelming” evidence that the defendants knew of the infringing activity. The court borrowed from the Aimster case to state that the defendants would not have known of the infringement only if they engaged in an “ostrich-like refusal” to observe what was happening. That willful blindess would not serve as an excuse.

Ostrich photo courtesy of Flickr user Pedronet under this Creative Commons license.

Subpoena to university in P2P case must give time to notify parents

UMG Recordings, Inc. v. Doe, No. 08-3999, 2008 WL 4104207 (N.D.Cal. September 4, 2008)

Plaintiff record companies, using Media Sentry, found the IP address of a John Doe file-sharing defendant, and filed suit against Doe in federal court for copyright infringement. As in any case where a defendant is known only by his or her IP address, the record companies needed some discovery to ascertain the name and physical address matching that IP address. But the federal rules of procedure say that without a court order, a party cannot seek discovery until the parties have conferred pursuant to Fed. R. Civ. P. 26(f).

So the record companies sought the court order allowing them to issue a subpoena to Doe’s Internet service provider prior to the 26(f) conference. The court granted the order, but with a caveat.

The evidence showed that Doe was a student at the University of California, Santa Cruz. Under the Family Educational Rights and Privacy Act at 20 U.S.C. § 1232g, a college generally cannot disclose “any personally identifiable information in education records other than directory information.” There’s an exception to that rule when the college is answering a lawfully issued subpoena, provided that “parents and the students are notified of all such … subpoenas in advance of the compliance therewith by the educational institution or agency.”

The court granted the record companies’ motion for leave to serve the subpoena prior to the Rule 26(f) conference, but required that the subpoena’s return date “be reasonably calculated to permit the University to notify John Doe and John Doe’s parents if it chooses prior to responding to the subpoena.”