June 29, 2017

Grokster Case Lumbers On; Judge To Issue Permanent Injunction

Remember the Grokster case? In which the Supreme Court found the filesharing companies Grokster and StreamCast liable for indirect copyright infringement, for “inducing” infringement by their users? You might have thought that case ended back in 2005. But it’s still going on, and the original judge just issued an interesting ruling. (Jason Schultz has a two part summary of the ruling.)

The issue now before the judge is what relief to grant the copyright-owner plaintiffs against StreamCast, which is the only defendant still standing. It’s apparently a given that the judge will eventually assess monetary damages against StreamCast. And you’d think these damages would be enough to kill StreamCast, so it’s not clear why StreamCast hasn’t just thrown in the towel, shut its doors, and handed over all its assets to the plaintiffs. Instead, StreamCast fought on, so the judge had to decide what kind of injunction, if any, to impose on StreamCast – that is, what rules would govern StreamCast’s future behavior.

The judge first considered the question of whether he could impose on StreamCast obligations (beyond payment of damages) that go beyond what the law requires of ordinary companies. Would he just award money damages and sternly command StreamCast not to break the law again; or would he go further and impose a permanent injunction? After a detailed legal analysis, he concluded that a permanent injunction was appropriate. StreamCast had actively promoted itself as a haven for infringement and “that bell cannot be unrung”.

The copyright-owner plaintiffs had asked for an injunction requiring StreamCast to apply all feasible anti-infringement technologies and to stop all infringment. StreamCast had built its own filtering technology which it said was effective enough, and much cheaper and more practical than commercially available alternatives.

The judge first rejected the plaintiff’s proposal that StreamCast be required to stop all infringement using its software. He recognized, correctly, that that would be impossible, so that such an injunction would be a death sentence for StreamCast.

Instead, the judge will require StreamCast to set up a filtering system that reasonably balances effectiveness and cost, with the strong emphasis on effectiveness. The precise details will be worked out with the help of a special master: an independent technical expert to be appointed by the judge. Which means yet more legal process to choose the special master, wait for the special master’s advice, and then order specific action from StreamCast.

All of this may be proper from a legal standpoint, but it seems unlikely to matter in practice. It’s hard to see how StreamCast can sustain a business given the legal and financial strain they must be under, and the likely ruinous monetary damages they’re still facing. I can understand why the plaintiffs might want to keep StreamCast on life support, in the hope of getting legal rulings that prove helpful elsewhere. But why does StreamCast keep fighting?

Entertainment Industry Pretending to Have Won Grokster Case

Most independent analysts agree that the entertainment industry didn’t get what it wanted from the Supreme Court’s Grokster ruling. Things look grim for the Grokster defendants themselves; but what the industry really wanted from the Court was a ruling that a communication technologies that are widely used to infringe should not be allowed to exist, regardless of the behavior and intentions of the technologies’ creators. The Court rejected this theory.

Last week the Senate Commerce Committee held a hearing (a video stream is available) on the Grokster aftermath. This was a chance for witnesses representing various interests to put their official spin on the Grokster ruling. All of the witnesses praised the ruling and asked Congress to wait and see what develops, rather than legislating right away. But different witnesses put different spins on the ruling.

The entertainment industry line was presented by Mitch Bainwol of the RIAA, Fritz Attaway of the MPAA, and Gregory Kerber of Wurld Media (a music distribution service). Their strategy was essentially to pretend that the Court did give the industry what it wanted, and that P2P technologies were now presumptively illegal unless they had cut licensing deals with the industry. They didn’t argue this directly, but the message was clear. For example, they tried to draw a line between “legitimate” P2P technologies and others, where legitimacy was apparently achieved by signing a licensing deal with major recording or movie companies.

For example, in response to concerns from Mark Heesen of the National Venture Capital Association about venture capitalists’ fears of financial ruin from investing in even well-intentioned communication technology companies, Mr. Kerber said this:

It’s very clear how you get investment. The rules are there. We’re a P2P – we’re a real peer-to-peer – it’s centrally controlled, we can control that … we can respect the copyright holder’s wants during – through a contractual process.

And the way that investors realize that is when we go out and get deals with the record labels, movie studios; and … the venture capitalists do their due diligence, they call and they find out that … the content owner of these assets [says] yes, we will allow this to be transferred and distributed and sold … within – on the network.

So … it’s very, very clear. If you have a contract with a major label, indy label, movie studio, publisher, what they have said is, we will allow the content to be sold in this manner across our network. So I’m a little confused by – there’s an absolute clear path for an investor to understand what’s right and wrong in the process.

It’s a simple message. Investing in technologies that have been blessed by the entertainment industry: right; investing in other technologies: wrong.

But it’s not what the Court said. The Court rejected the proposition that P2P or other communication technologies can exist only at the pleasure of the entertainment industry.

Despite this, we can expect to hear more of this rhetoric of “legitimacy”. And when P2P technologies continue to exist and be popular, we can expect calls for legislation to control the scourge of “illegitimacy”.

Controlling Software Updates

Randy Picker questions part of the computer science professors’ Grokster brief (of which I was a co-signer), in which we wrote:

Even assuming that Respondents have the right and ability to deliver such software to end users, there can be no way to ensure that software updates are installed, and stay installed. End users ultimately have control over which software is on their computers. If an end user does not want a software update, there is no way to make her take it.

This point mattered because Hollywood had suggested that Grokster should have used its software-update facility to deploy filtering software. (Apparently there is some dispute over whether Grokster had such a facility. I don’t know who is right on that factual question.)

Picker wonders whether ordinary users can really exercise this control in practice. As he notes, the user can disconnect from the net, but that’s too high a price for most people to pay. So how can users prevent updates?

The easiest method is simply to write-protect the program’s files or directories, so that they can’t be changed. Alternatively, the user can make a backup copy of the software (perhaps by copying it to another directory) and restore the backup when an update is installed.

Standard system security tools are also useful for controlling automatic updates. Autonomously self-updating programs look a lot like malicious code – the program code changes on its own (like a virus infection); the program makes network connections to odd places at odd times (like spyware); the program downloads and installs code without asking the user (like a malicious bot). Security tools specialize in identifying and blocking such behaviors, and the tools are reasonably configurable. Personal firewalls, for example, can block a program from making unapproved network connections. Some firewalls even do this by default.

Finally, a skilled person can figure out how to patch the program to disable the auto-update feature. He can then encapsulate this knowledge in a simple tool, so that other users can disable their auto-update by downloading the tool and double-clicking it. (This tool may violate copyright by modifying the program; but if we trusted users to obey copyright law we wouldn’t be having this conversation.)

The bottom line is that in computer security, possession is nine-tenths of control. Whoever has physical access to a device can control what it does. Whoever has physical control of a computer can control what software is installed on it. And users have physical control of their PCs.

A followup question is whether you can program the software to shut itself off if the user blocks updates for too long. As far as I know, nobody is claiming that Grokster had such a capability, but in principle a P2P system could be designed to (try to) work that way. This raises interesting issues too, but I’m approaching my word count limit so I’ll have to address them another day.