US Court of Appeals: An IP address isn't enough to identify a pirate

William Gayde

William Gayde

Posts: 382   +5
Staff
Why it matters: Judge rules that copyright trolls need more than just an IP address if they want to go after copyright infringement. An IP is not enough proof to tie a person to a crime.

In a win for privacy advocates and pirates, the Ninth Circuit Court of Appeals ruled that an IP address alone is not enough to go after someone for alleged copyright infringement. They ruled that being the registered subscriber of an infringing IP address does not create a reasonable inference that the subscriber is also the infringer.

The case began back to 2016 and has been playing out in the legal system ever since. The creators of the film 'The Cobbler' alleged that Thomas Gonzales had illegally downloaded their movie and sued him for it.

Gonzales was a Comcast subscriber and had set up his network with an open Wi-Fi access point. At some point, someone had used his network to download the movie and the film creators captured Gonzales's IP address.

The judge stated that in order for a proper case, the copyright owners would need more than just an IP address. This is often difficult to provide since it is challenging to prove who was connected to what and when. This case is made even more challenging since Gonzales's network was open and anyone could have downloaded the movie.

The new ruling upholds a previous ruling by a lower district court on the same case. The Appeals Court issued the following statements:

In this copyright action, we consider whether a bare allegation that a defendant is the registered subscriber of an Internet Protocol (‘IP’) address associated with infringing activity is sufficient to state a claim for direct or contributory infringement. We conclude that it is not.

The direct infringement claim fails because Gonzales’s status as the registered subscriber of an infringing IP address, standing alone, does not create a reasonable inference that he is also the infringer. Because multiple devices and individuals may be able to connect via an IP address, simply identifying the IP subscriber solves only part of the puzzle. A plaintiff must allege something more to create a reasonable inference that a subscriber is also an infringer.

In addition to direct infringement, the copyright owner also attempted an indirect infringement claim. They alleged that Gonzales had encouraged users of his network to download the movie but this failed as well since they were unable to provide any proof. Finally, the judge ordered Cobbler Nevada LLC, the copyright holder, to pay more than $17,000 in legal fees for Gonzales.

Permalink to story.

https://www.techspot.com/news/76190-us-court-appeals-ip-address-isnt-enough-identify.html

 
So now all you have to do is set up a guest wifi hotspot on your router and then pirate away on your private lan. Plausible deniability. I get it but yikes...
 
Last edited:
  • Like
Reactions: veLa, sdms96825 and Reehahs
fps4ever said:
So now all you have to do is set up a guest wifi hotspot on your router and then pirate away on your private lan. Plausible deniability. I get it but yikes...
Click to expand...
Nope, you don't need to open yourself up, just ensure that two or more people have access via your IP address. It can even be a friend who only visits occasionally. The onus is on the complainant to prove who did it - as it should be.
 
  • Like
Reactions: CybaGirl and Rick From Texas
"In a win for privacy advocates and pirates..."
Click to expand...

It's actually a win for everyone who understand the law. If someone stole say a DVD from a store then fled and there were no CCTV footage or eyewitnesses but on their way out accidentally dropped a paper note with their home address on (but no name or anything else on it), what would happen is further investigation as to who lived at that address, who dropped the note, who was in the store, etc, then finally prosecuting based on evidence of that person at that address committing the crime. What would be rejected is either collective punishment against everyone at that address (eg, 4x blind prosecutions for shoplifting vs 1x guilty + 3x innocents in a family of 4) or simply automatically prosecuting the main householder who pays the bills on blind assumption even though he / she may not have even been within 1,000 miles of the store on that day.

IP addresses are no different. Tracing a torrent to one might narrow down which house in involved, but isn't proof of a person itself. It could be a member of the household, a visiting guest, workman or even a "war-driver" sitting outside in a van or neighbor riding off an open connection / hacked router. It's a hugely positive thing this has gotten shot down as just because copyright theft is a widespread problem in today's modern online world doesn't mean standards for the prosecution's evidence should be lowered in the gutter. This isn't a "win for pirates", it's a loss for junk lawsuits.
 
Last edited:
  • Like
Reactions: mrtraver, Rayzor, Theinsanegamer and 7 others
fps4ever said:
So now all you have to do is set up a guest wifi hotspot on your router and then pirate away on your private lan. Plausible deniability. I get it but yikes...
Click to expand...

Not even remotely. With any significant amount of illegal traffic they could just ask the judge for your storage drives.
 
davislane1 said:
fps4ever said:
So now all you have to do is set up a guest wifi hotspot on your router and then pirate away on your private lan. Plausible deniability. I get it but yikes...
Click to expand...

Not even remotely. With any significant amount of illegal traffic they could just ask the judge for your storage drives.
Click to expand...

They would still need to prove which computer it was - you couldn't get the drives of every computer in a house, as that would be a fish expedition, and most judges won't grant those unless it is an extreme case (say, prosecuting organized crime with the chance to take down the entire family). So, they would have to target your computers specifically, and then you would have to be dumb enough to not encrypt your local storage. This is just a best practice anyway.
 
Correct ruling is correct.

An IP Address match would certainly be enough for a judge to issue a search warrant on an individual/business, but by itself is not enough to establish guilt.

Basically: You have the IP Address of someone downloading illegal content in a household. You can't just arrest the landowner, as you can't match the IP with a specific individual. But you can get a warrant to go through every electronic device to try and find the illegal content, which you could then tie to a specific individual.

I see no problems here.
 
gamerk2 said:
Correct ruling is correct.

An IP Address match would certainly be enough for a judge to issue a search warrant on an individual/business, but by itself is not enough to establish guilt.

Basically: You have the IP Address of someone downloading illegal content in a household. You can't just arrest the landowner, as you can't match the IP with a specific individual. But you can get a warrant to go through every electronic device to try and find the illegal content, which you could then tie to a specific individual.

I see no problems here.
Click to expand...

Please do tell how you can tie it to an individual. I guess if you can prove the device, over months of use, is 100% positive it's the only person who has ever used it. That's not to say there was ever a visitor or a kid let their friend use it. I'm sorry, but this won't stick. That's like saying everyone in the household is guilty because they "could" have watched it... Or that a stolen movie was watched by everyone. I'm betting these hollywood companies are inflating their "lost profits" by this assumption.
 
ShagnWagn said:
Please do tell how you can tie it to an individual. I guess if you can prove the device, over months of use, is 100% positive it's the only person who has ever used it. That's not to say there was ever a visitor or a kid let their friend use it. I'm sorry, but this won't stick. That's like saying everyone in the household is guilty because they "could" have watched it... Or that a stolen movie was watched by everyone. I'm betting these hollywood companies are inflating their "lost profits" by this assumption.
Click to expand...

Are they even doing that anymore? Seems like that got legally "pricey" fishing IP's like that trying to find the exact offender(s)?
 
Silly companies always trying to prevent piracy. They waste so much time and money on it. That time and money would be much better spent on making your content easily available and competitively priced. Make people want to BUY your content. If it is difficult to obtain and/or is too expensive, they don't want to buy it.
 
  • Like
Reactions: CybaGirl
BSim500 said:
"In a win for privacy advocates and pirates..."
Click to expand...

It's actually a win for everyone who understand the law. If someone stole say a DVD from a store then fled and there were no CCTV footage or eyewitnesses but on their way out accidentally dropped a paper note with their home address on (but no name or anything else on it), what would happen is further investigation as to who lived at that address, who dropped the note, who was in the store, etc, then finally prosecuting based on evidence of that person at that address committing the crime. What would be rejected is either collective punishment against everyone at that address (eg, 4x blind prosecutions for shoplifting vs 1x guilty + 3x innocents in a family of 4) or simply automatically prosecuting the main householder who pays the bills on blind assumption even though he / she may not have even been within 1,000 miles of the store on that day.

IP addresses are no different. Tracing a torrent to one might narrow down which house in involved, but isn't proof of a person itself. It could be a member of the household, a visiting guest, workman or even a "war-driver" sitting outside in a van or neighbor riding off an open connection / hacked router. It's a hugely positive thing this has gotten shot down as just because copyright theft is a widespread problem in today's modern online world doesn't mean standards for the prosecution's evidence should be lowered in the gutter. This isn't a "win for pirates", it's a loss for junk lawsuits.
Click to expand...
There was a case a few years back where someone was accused of downloading kiddie porn on the same kind of evidence. The ruling was essentially the same as it was in this case. I am almost surprised that this case went this far.
 
Yeah it's laziness which led this guy not to set up his wireless properly, but it's also laziness by the lawyers who are trying to tie copyright infringement to an IP address alone, and not to the actual person who did the infringing.
Seems similar to the guy who leaves his keys in the car, which gets stolen and then used to smash and rob a jewelry store. Does the store sue the car owner for the smash n grab or the actual person who committed the crime?
Lazy-*** lawyers now need to do some actual work to tie the crime to the actual person who committed it. At the very least the effect will be that the originator of lawsuit will need to pay more for more lawyer time. Keeps pumping more money into the world economy, good stuff!
 
Eventually proxies and vpn's will be banned by ISP's. Just like in China. Unless you have a business account.

TadMSTR said:
fps4ever said:
So now all you have to do is set up a guest wifi hotspot on your router and then pirate away on your private lan. Plausible deniability. I get it but yikes...
Click to expand...
You're better off just using a VPN instead of opening up your network to outside attackers.
Click to expand...
Yeah at the very very least change your modems default firmware UN\PW... If you leave it open.
 
If there is money to be made or in this case taken from you then RIAA and others will sniff you out. Just ask Cox how they feel about safe harbor!
 
ShagnWagn said:
Please do tell how you can tie it to an individual. I guess if you can prove the device, over months of use, is 100% positive it's the only person who has ever used it. That's not to say there was ever a visitor or a kid let their friend use it. I'm sorry, but this won't stick. That's like saying everyone in the household is guilty because they "could" have watched it... Or that a stolen movie was watched by everyone. I'm betting these hollywood companies are inflating their "lost profits" by this assumption.
Click to expand...

Poor wording on my part. What I mean is that if you have an IP at a location that is provably infringing content, then that itself is enough to warrant a search of all devices at that location. But it is NOT enough to establish guilt in a court of law.
 
cuerdc said:
So all these previous cases going to get reversed and refunded with damages...
Click to expand...

Not saying it will happen in this specific case, but:

The Supreme Court reversed about 70 percent of cases it took between 2010-15. Among cases it reviewed from the 9th Circuit Court of Appeals, it reversed about 79 percent.
 
Badvok said:
fps4ever said:
So now all you have to do is set up a guest wifi hotspot on your router and then pirate away on your private lan. Plausible deniability. I get it but yikes...
Click to expand...
Nope, you don't need to open yourself up, just ensure that two or more people have access via your IP address. It can even be a friend who only visits occasionally. The onus is on the complainant to prove who did it - as it should be.
Click to expand...

Well said and I couldn't agree more.
 
Unless you're accessing from an account with it's own Domain Name (in which case your IP address is constant),
your ISP access uses a concept called the "Lease Period" when assigning your router's external address (which is always associated within the ISP block addresses). When the lease period lapses, one of two things will occur:

  1. you may get a different IP assignment, OR
  2. just reuse the existing address
and either way, you get a new Lease Period where the process will iterate.

(1) occurs usually because the ISP gateway is heavily loaded with users and someone else got their refresh before you did.

The ISP will always track the Mac address of your router and the IP assignment it gave to it. It is much harder to map a Lan device Mac (to any Lan address).

A competent lawyer with such information could summons these logs to concretely prove/disprove which router was involved.
 
fps4ever said:
So now all you have to do is set up a guest wifi hotspot on your router and then pirate away on your private lan. Plausible deniability. I get it but yikes...
Click to expand...

Actually no. If you are using BitTorrent, they can get a machine fingerprint, time you added the torrent, and much much more. That's just what they can do legally. Not to mention your router still logs MAC address to the computers connected to it. It doesn't matter if you log onto regular wifi or guest. The only thing logging onto the guest wifi with your regular computer does it make it apparent they you were intentionally trying to conceal your activity, rather poorly at that.

As others have said, a VPN is 1000x times better.
 
"In a win for privacy advocates and pirates..."
Click to expand...


It's a win for anyone who has been falsely accused of downloading something they did not download. It's a win for anyone who has received an extortion letter from a copyright troll and paid to settle, because that was cheaper than actually hiring an attorney yo fight it. It's a win for anyone who wants to be presumed innocent until proven guilty, as guaranteed by the Constitution. It's a win for America.
 
Evernessince said:
The only thing logging onto the guest wifi with your regular computer does it make it apparent they you were intentionally trying to conceal your activity, rather poorly at that.
Click to expand...
The design intent for a GUEST login is to forceably inhibit file sharing with any/all other LAN devices. Has ZERO to do with privacy.
 
You must log in or register to reply here.

Similar threads

D
EFF urges the Supreme Court to act against copyright trolls
Replies
1
Views
220
m4a4
m4a4
midian182
Google to delete billions of Incognito mode browsing records as part of lawsuit settlement
Replies
6
Views
135
ZedRM
ZedRM
midian182
OpenAI accuses New York Times of paying someone to "hack" ChatGPT
2
Replies
28
Views
461
Endymio
Endymio

Latest posts

Back