Tuesday, August 06, 2013

IP Address =/= Individual Culpability. Breaking Glass Pictures v Does, DAZ 2013 #230 #CDA #copyright

Oh, I really like this decision.  Here is a court that understands that vagaries of the Internet.

Pop Quiz:  Something bad happens online.  I can tie that something-bad back to an IP address.  Do I know who did the bad thing??

Answer: N'ah!  According to the court, an IP address may identify an account owner; it does not identify who was using the Internet at that particular time and who may be responsible for the actions in question.

Ouch! But its right.  Imagine.... (oh I hate analogies).... imagine a TV set is on in a house... and for some reason that is bad.  Do I know who was watching the TV?  Of course not.  And in certain houses (group houses, duplexes, apartment buildings, dormitories, office buildings) that could be a lot of people.  And even if only one person lives at that house, it could be a guest or it could be the guy outside walking his dog who happens to look in the window.  There is a plethora of people who could watching that TV at any given moment in any given living arrangement.

In  Breaking Glass Pictures v Does, DAZ 2013, Plaintiff brought a claim for copyright infringement, wants early discovery, but the court is refusing.  Plaintiff wants an ISP to identify the subscribers that are matched to certain IP addresses so that Plaintiff can then sue those defendants in place of the "Does."

In a previous order, the court concluded that this effort 'was not "very likely" to uncover the identities of individuals who could legitimately be named as Defendants.'  Connecting an IP address to a subscriber gets you only the name of the subscriber, not the name of the person who was engaged in the conduct at issue.  To put it simply, Plaintiff cannot merely guess at who engaged in the conduct - Plaintiff must allege some basis that the defendant in question is the person engaged in the conduct.  Lacking that, Plaintiff does not get to just keep suing until he gets it right.
But the complication that Plaintiff fails to discuss is that it is not enough to simply identify the subscribers behind particular IP addresses to state a plausible claim for copyright infringement against those individuals. Instead, a plausible claim must be supported by factual allegations establishing that the particular person identified as a defendant was, in fact, the individual who engaged in wrongful conduct. In other words, discovery to identify the ISP subscribers is only the starting point. Plaintiff will also need to conduct discovery to determine who was using the Internet connection at the time the alleged infringement occurred. Plaintiff will then have to amend its complaint to allege the facts supporting its claim against each individual. The fact that Plaintiff needs discovery to unearth the factual basis for its claims is precisely the conundrum referenced in the Court's prior order regarding recent Supreme Court authority.
According to the Supreme Court, "a complaint must contain sufficient factual matter, accepted as true, to state a claim to relief that is plausible on its face." Ashcroft v. Iqbal, 556 U.S. 662, 679 (2009) (quotations omitted). It is not enough for a complaint to plead facts "that are merely consistent with a defendant's liability." Id. at 678 (quotation omitted). Instead, the complaint must go further and "nudge[] [the] claims . . . across the line from conceivable to plausible." Id. at 680 (quotation omitted). And "where the well-pleaded facts do not permit the court to infer more than the mere possibility of misconduct, the complaint has alleged — but it has not shown — that the pleader is entitled to relief." Id. at 679.
Plaintiff's current complaint alleges the subscribers, identified as John and Jane Does, engaged in direct copyright infringement. (Doc. 1 at 14). But the complaint contains no factual allegations setting forth that the subscribers were, in fact, the individuals using the Internet connections at the relevant time. Thus, it is conceivable that the subscribers were using the connection but it is equally plausible that someone other than the subscribers were using the connection. In fact, the motion for reconsideration concedes this point. (Doc. 10 at 7). Thus, the complaint does nothing more than make vague allegations that are consistent with the subscribers' liability for copyright infringement. Because those allegations are also consistent with the subscribers not being liable, Plaintiff has not stated plausible claims against the subscribers.
It is not enough that the subscriber associated with an IP address might have been the person engaged in the questionable conduct - the Plaintiff must have sufficient evidence that the person named as defendant actually was the person that engaged in the questionable conduct.  Suing until you get it right dont work.

Defendant then trots out an old argument that the subscriber of an Internet access service is responsible for everything that happens on that service.  In other words, the subscriber would be negligent for letting bad things happen; the subscriber would be negligent for improperly securing their Internet access.
The courts that have addressed this issue, however, have concluded there is no duty to secure your Internet connection. See, e.g., New Sensations, Inc. v. Does 1-426, 2012 WL 4675281 at *6 (N.D. Cal. Oct. 1, 2012) (rejecting negligence claim based on failure to secure Internet connection by stating "common sense dictates most people in the United States would be astounded to learn that they had such a legal duty"). And absent a recognized duty, the negligence claim is fatally flawed.
Even if the Court were to assume the subscribers had a duty to secure their Internet connections, Plaintiff's negligence claim likely would be preempted by the Copyright Act or barred by the Communications Decency Act. See, e.g., AF Holdings, LLC v. Doe, 2012 WL 4747170 at * (N.D. Cal. Oct. 3, 2012).
Okay, let's see how the umpires score this:  
Early discovery is denied because
  • IP addresses reveal account subscribers; not the individual using the Internet and engaged in the conduct at issue;
  • Subscribers have no duty to secure their Internet connection; and 
  • Subscribers are not liable for what other people do over their Internet connections.
The subscriber to an Internet account is an intermediary.  It is the person who negotiates with the ISP and pays the bill.  But who uses that account can range in the multitude.  And as we have seen time and again over history, it can be extremely difficult if not impossible for that intermediary to monitor and control everything that transpires over that connection.  That is why Congress prudently passed 47 USC 230 which makes clear that online services (including subscribers) are not responsible for what other people do and say online. To hold otherwise would be to so encumber Internet access that there could be no public WiFi points, no sharing your Internet with your guests, and ridiculous indemnity forms for checking your email. It's just a bad idea.