US Court of Appeals: An IP address isn't enough to identify a pirate

By William Gayde · 27 replies
Aug 29, 2018
Post New Reply
  1. In a win for privacy advocates and pirates, the Ninth Circuit Court of Appeals ruled that an IP address alone is not enough to go after someone for alleged copyright infringement. They ruled that being the registered subscriber of an infringing IP address does not create a reasonable inference that the subscriber is also the infringer.

    The case began back to 2016 and has been playing out in the legal system ever since. The creators of the film 'The Cobbler' alleged that Thomas Gonzales had illegally downloaded their movie and sued him for it.

    Gonzales was a Comcast subscriber and had set up his network with an open Wi-Fi access point. At some point, someone had used his network to download the movie and the film creators captured Gonzales's IP address.

    The judge stated that in order for a proper case, the copyright owners would need more than just an IP address. This is often difficult to provide since it is challenging to prove who was connected to what and when. This case is made even more challenging since Gonzales's network was open and anyone could have downloaded the movie.

    The new ruling upholds a previous ruling by a lower district court on the same case. The Appeals Court issued the following statements:

    In this copyright action, we consider whether a bare allegation that a defendant is the registered subscriber of an Internet Protocol (‘IP’) address associated with infringing activity is sufficient to state a claim for direct or contributory infringement. We conclude that it is not.

    The direct infringement claim fails because Gonzales’s status as the registered subscriber of an infringing IP address, standing alone, does not create a reasonable inference that he is also the infringer. Because multiple devices and individuals may be able to connect via an IP address, simply identifying the IP subscriber solves only part of the puzzle. A plaintiff must allege something more to create a reasonable inference that a subscriber is also an infringer.

    In addition to direct infringement, the copyright owner also attempted an indirect infringement claim. They alleged that Gonzales had encouraged users of his network to download the movie but this failed as well since they were unable to provide any proof. Finally, the judge ordered Cobbler Nevada LLC, the copyright holder, to pay more than $17,000 in legal fees for Gonzales.

    Permalink to story.

     
  2. fps4ever

    fps4ever TS Addict Posts: 169   +151

    So now all you have to do is set up a guest wifi hotspot on your router and then pirate away on your private lan. Plausible deniability. I get it but yikes...
     
    Last edited: Aug 29, 2018
    veLa, dms96960 and Reehahs like this.
  3. Badvok

    Badvok TS Maniac Posts: 238   +104

    Nope, you don't need to open yourself up, just ensure that two or more people have access via your IP address. It can even be a friend who only visits occasionally. The onus is on the complainant to prove who did it - as it should be.
     
    CybaGirl and Rick From Texas like this.
  4. BSim500

    BSim500 TS Evangelist Posts: 480   +852

    It's actually a win for everyone who understand the law. If someone stole say a DVD from a store then fled and there were no CCTV footage or eyewitnesses but on their way out accidentally dropped a paper note with their home address on (but no name or anything else on it), what would happen is further investigation as to who lived at that address, who dropped the note, who was in the store, etc, then finally prosecuting based on evidence of that person at that address committing the crime. What would be rejected is either collective punishment against everyone at that address (eg, 4x blind prosecutions for shoplifting vs 1x guilty + 3x innocents in a family of 4) or simply automatically prosecuting the main householder who pays the bills on blind assumption even though he / she may not have even been within 1,000 miles of the store on that day.

    IP addresses are no different. Tracing a torrent to one might narrow down which house in involved, but isn't proof of a person itself. It could be a member of the household, a visiting guest, workman or even a "war-driver" sitting outside in a van or neighbor riding off an open connection / hacked router. It's a hugely positive thing this has gotten shot down as just because copyright theft is a widespread problem in today's modern online world doesn't mean standards for the prosecution's evidence should be lowered in the gutter. This isn't a "win for pirates", it's a loss for junk lawsuits.
     
    Last edited: Aug 29, 2018
  5. davislane1

    davislane1 TS Grand Inquisitor Posts: 5,201   +4,309

    Not even remotely. With any significant amount of illegal traffic they could just ask the judge for your storage drives.
     
  6. mbrowne5061

    mbrowne5061 TS Evangelist Posts: 962   +492

    They would still need to prove which computer it was - you couldn't get the drives of every computer in a house, as that would be a fish expedition, and most judges won't grant those unless it is an extreme case (say, prosecuting organized crime with the chance to take down the entire family). So, they would have to target your computers specifically, and then you would have to be dumb enough to not encrypt your local storage. This is just a best practice anyway.
     
  7. cuerdc

    cuerdc TS Booster Posts: 144   +35

    So all these previous cases going to get reversed and refunded with damages...
     
    Rayzor likes this.
  8. gamerk2

    gamerk2 TS Booster Posts: 117   +76

    Correct ruling is correct.

    An IP Address match would certainly be enough for a judge to issue a search warrant on an individual/business, but by itself is not enough to establish guilt.

    Basically: You have the IP Address of someone downloading illegal content in a household. You can't just arrest the landowner, as you can't match the IP with a specific individual. But you can get a warrant to go through every electronic device to try and find the illegal content, which you could then tie to a specific individual.

    I see no problems here.
     
  9. TadMSTR

    TadMSTR TS Booster Posts: 52   +20

    You're better off just using a VPN instead of opening up your network to outside attackers.
     
    i3kingwizardop likes this.
  10. ShagnWagn

    ShagnWagn TS Maniac Posts: 324   +198

    Please do tell how you can tie it to an individual. I guess if you can prove the device, over months of use, is 100% positive it's the only person who has ever used it. That's not to say there was ever a visitor or a kid let their friend use it. I'm sorry, but this won't stick. That's like saying everyone in the household is guilty because they "could" have watched it... Or that a stolen movie was watched by everyone. I'm betting these hollywood companies are inflating their "lost profits" by this assumption.
     
  11. fps4ever

    fps4ever TS Addict Posts: 169   +151

    Are they even doing that anymore? Seems like that got legally "pricey" fishing IP's like that trying to find the exact offender(s)?
     
  12. IAMTHESTIG

    IAMTHESTIG TS Evangelist Posts: 1,487   +609

    Silly companies always trying to prevent piracy. They waste so much time and money on it. That time and money would be much better spent on making your content easily available and competitively priced. Make people want to BUY your content. If it is difficult to obtain and/or is too expensive, they don't want to buy it.
     
    CybaGirl likes this.
  13. bexwhitt

    bexwhitt TS Guru Posts: 379   +84

    you would have to have a really tame judge to get a warrant to do that.
     
  14. wiyosaya

    wiyosaya TS Evangelist Posts: 2,847   +1,392

    There was a case a few years back where someone was accused of downloading kiddie porn on the same kind of evidence. The ruling was essentially the same as it was in this case. I am almost surprised that this case went this far.
     
  15. Lew Zealand

    Lew Zealand TS Enthusiast Posts: 64   +47

    Yeah it's laziness which led this guy not to set up his wireless properly, but it's also laziness by the lawyers who are trying to tie copyright infringement to an IP address alone, and not to the actual person who did the infringing.
    Seems similar to the guy who leaves his keys in the car, which gets stolen and then used to smash and rob a jewelry store. Does the store sue the car owner for the smash n grab or the actual person who committed the crime?
    Lazy-*** lawyers now need to do some actual work to tie the crime to the actual person who committed it. At the very least the effect will be that the originator of lawsuit will need to pay more for more lawyer time. Keeps pumping more money into the world economy, good stuff!
     
  16. treetops

    treetops TS Evangelist Posts: 2,217   +333

    Eventually proxies and vpn's will be banned by ISP's. Just like in China. Unless you have a business account.

    Yeah at the very very least change your modems default firmware UN\PW... If you leave it open.
     
  17. fktech

    fktech TS Addict Posts: 271   +79

    If there is money to be made or in this case taken from you then RIAA and others will sniff you out. Just ask Cox how they feel about safe harbor!
     
  18. gamerk2

    gamerk2 TS Booster Posts: 117   +76

    Poor wording on my part. What I mean is that if you have an IP at a location that is provably infringing content, then that itself is enough to warrant a search of all devices at that location. But it is NOT enough to establish guilt in a court of law.
     
  19. dms96960

    dms96960 TS Guru Posts: 308   +71

    Not saying it will happen in this specific case, but:

    The Supreme Court reversed about 70 percent of cases it took between 2010-15. Among cases it reviewed from the 9th Circuit Court of Appeals, it reversed about 79 percent.
     
  20. Rick From Texas

    Rick From Texas TS Rookie

    Well said and I couldn't agree more.
     
  21. jobeard

    jobeard TS Ambassador Posts: 12,068   +1,340

    Unless you're accessing from an account with it's own Domain Name (in which case your IP address is constant),
    your ISP access uses a concept called the "Lease Period" when assigning your router's external address (which is always associated within the ISP block addresses). When the lease period lapses, one of two things will occur:

    1. you may get a different IP assignment, OR
    2. just reuse the existing address
    and either way, you get a new Lease Period where the process will iterate.

    (1) occurs usually because the ISP gateway is heavily loaded with users and someone else got their refresh before you did.

    The ISP will always track the Mac address of your router and the IP assignment it gave to it. It is much harder to map a Lan device Mac (to any Lan address).

    A competent lawyer with such information could summons these logs to concretely prove/disprove which router was involved.
     
  22. i3kingwizardop

    i3kingwizardop TS Enthusiast Posts: 27   +10

    Indeed.
     
  23. Evernessince

    Evernessince TS Evangelist Posts: 2,907   +2,070

    Actually no. If you are using BitTorrent, they can get a machine fingerprint, time you added the torrent, and much much more. That's just what they can do legally. Not to mention your router still logs MAC address to the computers connected to it. It doesn't matter if you log onto regular wifi or guest. The only thing logging onto the guest wifi with your regular computer does it make it apparent they you were intentionally trying to conceal your activity, rather poorly at that.

    As others have said, a VPN is 1000x times better.
     
  24. mrtraver

    mrtraver TS Evangelist Posts: 393   +92


    It's a win for anyone who has been falsely accused of downloading something they did not download. It's a win for anyone who has received an extortion letter from a copyright troll and paid to settle, because that was cheaper than actually hiring an attorney yo fight it. It's a win for anyone who wants to be presumed innocent until proven guilty, as guaranteed by the Constitution. It's a win for America.
     
  25. jobeard

    jobeard TS Ambassador Posts: 12,068   +1,340

    The design intent for a GUEST login is to forceably inhibit file sharing with any/all other LAN devices. Has ZERO to do with privacy.
     

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...