Thank you for sharing!

Your article was successfully shared with the contacts you provided.
The end of last year was relatively quiet for technology cases in New York’s courts. Elsewhere, however, courts were at work on some fundamental issues, including file sharing, password stealing and security circumvention. Following are a few interesting intellectual property cases from around the country that closed out 2005. In MGM Studios, Inc. v. Grokster, Ltd., [FOOTNOTE 1] the U.S. Supreme Court held in June that a file-sharing network had engaged in contributory copyright infringement because it actively encouraged its users to exchange files containing copyrighted material. Fundamental to this holding (and unchallenged by either party) is the notion that people who post or download such files are primary infringers. Last month, in BMG Music v. Gonzales, [FOOTNOTE 2] the 7th U.S. Circuit Court of Appeals addressed that question directly and held that downloading copyrighted music files without authorization constitutes infringement rather than fair use, regardless of the downloader’s reasons or intentions. The holding is not surprising, but the decision will no doubt be extremely important as it is the first time this fundamental issue has been addressed directly by a federal circuit court. In BMG, defendant Gonzales admitted to having used the KaZaA file-sharing service to download more than 1,370 songs. She claimed she downloaded the songs to preview them before deciding whether to buy them on CD, but she did not delete the songs after listening to them; instead, she kept them on her computer. Both sides agreed that Gonzales owned some of the songs on CD before downloading them and had bought CDs containing other songs after downloading them, but Gonzales admitted that there were at least 30 songs for which she did not own authorized, non-downloaded copies. Those 30 songs formed the basis for a successful summary judgment motion by BMG, a finding of infringement and an award of $22,500 in damages, calculated at the minimum statutory rate of $750 per work. Gonzales’ offered a fair-use defense. A fair use of copyrighted material is not infringement and, under 17 U.S.C. �107, a court examining a fair-use defense must consider: “(1) the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes; (2) the nature of the copyrighted work; (3) the amount and substantiality of the portion used in relation to the copyrighted work as a whole; and (4) the effect of the use upon the potential market for or value of the copyrighted work.” The 7th Circuit dealt with the first three of these in summary fashion, noting that Gonzales copied entire songs (some of which were available singly as well on CDs) and that her use was not non-profit (by which the court presumably meant it was not for purposes of education or commentary or some similar, traditional fair use). The opinion focused on the fourth prong: the economic effect of file sharing on the music market. In arguing fair use, Gonzales took the position — common among file-sharers — that downloading for “preview” purposes actually expands the market for music rather than harming it by exposing people to songs they would not otherwise buy. Having heard the music for free, the argument goes, the downloader may decide to buy it or other music by the same artist. The file-sharing service thus becomes a sort of advertising vehicle for the record company or the artist. The court was unconvinced. It noted (as did the Supreme Court in Grokster) that music sales have declined sharply over the last four years and that — whether or not that decline is attributable to the rise in file sharing — unauthorized, free music downloads are too good a substitute for music purchases to ignore as an economic matter. It also noted that there are other ways to “discover” new music, including rentals, “licensed streams” (such as radio and internet radio), authorized previews and expiring “samples” from online retailers such as Apple’s iTunes Music Store. All of these, the court noted, share the quality of “evanescence”: if the user decides not to buy the music, no copy remains. MP3 downloads, on the other hand, do not expire; they simply stay on the computer removing any incentive for purchase. In the final analysis, the court simply found the “preview” argument unpersuasive. Whether file-sharing is good or bad for the industry, whether it expands or harms the market for copyrighted material, Congress has given copyright owners the ability to prevent it and they have chosen to do so. Even if that decision is not in their best economically interest, the circuit wrote, it is not for courts or juries to second guess it. In Egilman v. Keller & Heckman, LLP, [FOOTNOTE 3] the U.S. District Court for the District of Columbia jumped on the bandwagon of a bad 2004 decision from the Southern District of New York and found that the use of a stolen username and password to access copyrighted material does not violate the anti-circumvention provisions of the Digital Millennium Copyright Act. Both the New York decision (NYLJ, March 23, 2004) and the Washington, D.C., decision fundamentally misconstrue the current jurisprudence surrounding these complex provisions and it is worth taking a look at just why they are so flawed. Egilman is a medical doctor, professor and frequent expert witness in toxic tort cases. In one such case in Colorado an order had been entered prohibiting any discussion of the case by the participants, including on their Web sites, but Egilman nonetheless posted “scurrilous and inflammatory statements” relating to the case on a subscription-only portion of his site. Lawyers from two firms (Keller & Heckman and Jones Day) discovered these materials and used them as a basis for a successful motion to sanction Egilman. At the close of the case, Egilman commenced an action in Washington against the law firms for bypassing his security and gaining unauthorized access to the subscription portions of his site. The suit included claims under the Computer Fraud and Abuse Act, and the anti-circumvention provisions of the DMCA. [FOOTNOTE 4] The law firms admitted that they had acquired a password from one of Egilman’s students without Egilman’s knowledge or authorization, and used it to access his copyrighted Web site. The court, however, found that this conduct was not a violation of the DMCA’s anti-circumvention provisions and also dismissed Egilman’s CFAA claim on statute of limitations grounds. In its DMCA analysis, the court relied extensively on the New York case I.M.S. Inquiry Management Systems v. Berkshire Information Systems [FOOTNOTE 5], which found no DMCA violation on similar facts. The D.C. Court does not appear to have done much independent analysis of the issue; if it had, it might have decided not to follow the lead of I.M.S. The anti-circumvention provisions of the DMCA prohibit “circumventing a technological measure that effectively controls access” to a protected work. “Circumvent” is defined in the act as “to descramble a scrambled work, to decrypt an encrypted work, or otherwise to avoid, bypass, remove, deactivate, or impair a technological measure, without the authority of the copyright owner.” The Egilman court agreed with Egilman that the password system used to protect his site was a technological measure that effectively controlled access to a protected work under the DMCA, but it found that using a valid password to gain unauthorized access to that work did not constitute “circumvention” as defined in the statute. Quoting I.M.S., the court noted that what defendants had bypassed was “permission to engage and move through the technological measure,” not the measure itself. This reading of the DMCA may be valid — if somewhat strained — on the face of the statute, but it cannot be squared with either policy or existing case law. Probably the most thorough treatment of anti-circumvention under the DMCA is the 2nd Circuit’s decision in Universal City Studios, Inc. v. Corley. [FOOTNOTE 6] In that case, the court determined that a program called “DeCSS” violated DMCA anti-circumvention provisions by decrypting DVDs and allowing them to be copied or played on unauthorized equipment. All DVDs are encrypted and must be decrypted with a password (or “key”) to be played. Keys are available only to authorized manufacturers of hardware or software DVD players. As the 2nd Circuit noted in Universal, the programmers of DeCSS were only able to decrypt DVDs because an authorized DVD player manufacturer, a company called Xing, mistakenly shipped its product with a readable decryption key. The programmers “reverse engineered” the Xing player and were able to extract Xing’s valid, authorized key. Thus, the programmers of DeCSS essentially stole an authorized password to the DVD encryption scheme and distributed it in their program. This was found to violate the DMCA, despite the fact that the key used in DeCSS was validly issued — the fact that it was issued to someone else and used without authorization to gain access to protected content was enough to trigger the statute. As a policy matter, this makes perfect sense: The statute is designed to give legal protection to technological measures that protect access to content. But the I.M.S. and Egilman courts (both actually citing Universal) have now found that it is not a violation of the DMCA to use a valid password to bypass a security measure and gain unauthorized access to content. This raises serious questions about the efficacy of the statute. Where is the line between Egilman and Universal supposed to be? What if defendants had guessed at common passwords until they found one that worked? What if they had employed a system that tried every possible combination of letters and numbers until a valid password was discovered (a so-called “brute force” attack)? What if they had called one of Eligman’s customers, pretending to be him, and asked for the password and user ID for “security reasons” (a process called “social engineering” by analogy with reverse engineering)? As a practical matter, there is no difference between the methods described above and the reverse engineering employed in Universal. All give the unauthorized user access to a system using a valid, authorized password; the only difference is the source. If the DMCA is to have any teeth, it must protect against all forms of unauthorized access. DMCA VIOLATIONS The DMCA anti-circumvention provisions described above also prohibit the sale or distribution of devices designed to circumvent security measures. Late last month, the District Court for the Northern District of California decided Sony Computer Entertainment America, Inc v. Filipiak, [FOOTNOTE 7] which appears to be the first case actually awarding damages for the sale or distribution of circumvention devices. The court was not shy: It awarded more than $6 million in damages to Sony against an online retailer of “mod chips” and software for the PlayStation and PlayStation 2 game consoles. Mod chips are chips that, when installed into game consoles, permit the consoles to play copied games (some also strip out “region encoding” permitting the use of imported games on U.S. systems). Filipiak had an online business that sold and installed mod chips and related software, and he was about the best defendant Sony could possibly have hoped for in a test case on damages: He sold thousands of chips and made hundreds of thousands of dollars at it; he repeatedly admitted that he knew his conduct was illegal and was trying to hide it from Sony; he agreed to stop selling the chips in a consent judgment entered by the court, but did not do so; he destroyed evidence in defiance of a court order and all along he kept e-mailing his customers that he intended to continue his activities as long as he could keep them hidden from Sony and the court. To top it off, he stipulated that all of his conduct was a violation of the DMCA, leaving only the issue of damages for a (no doubt extremely angry) court to decide. The damages provision applicable to this part of the DMCA provides that: “a complaining party may elect to recover an award of statutory damages for each violation of section 1201 in the sum of not less than $200 or more than $2,500 per act of circumvention, device, product, component, offer, or performance of service, as the court considers just.” Sony asked for $800 per chip sold prior to the first time Filipiak had agreed to stop selling, and the maximum of $2,500 for each chip sold after that. The court agreed that this calculation was “just” and awarded damages of over $6 million based on Filipiak’s sales records reflecting over 7,100 sales. The court’s decision appears to be the first interpreting this section. Standard copyright statutory damages are calculated “per infringement” not “per copy,” but the court in this case decided that the calculation should be based on the number of devices sold (not, for example, the number of products sold, which was two — the chip and the associated software). The statutory language leaves this issue to the court, and the question of what is “just” for this particular defendant may or may not be applicable to other defendants whose culpability and willfulness are less manifest. However, the case is important: The court’s finding is that damages should be calculated for each device sold, not for each product line, and that greatly ups the ante for defendants facing this provision in the future. Stephen M. Kramarsky is a member of Dewey Pegno & Kramarsky specializing in complex intellectual property litigation. ::::FOOTNOTES:::: FN1 125 S.Ct. 2764 (2005). FN2 430 F.3d 888 (7th Cir. 2005). FN3 No. CIV. A. 04-00876 (HHK), 2005 WL 3077260 (D.D.C. Nov. 10, 2005) FN4 17 U.S.C. �1201. FN5 307 F.Supp.2d 521 (S.D.N.Y. 2004). FN6 273 F.3d 429 (2d Cir. 2001). FN7 No. C-04-2318 JCS, 2005 WL 3556676 (N.D. Cal., Dec. 27, 2005).

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.