Luvdarts's principal argument is that the Carriers are liable for the infringement committed by third parties over their networks under either vicarious or contributory copyright liability. As the Supreme Court has observed, the Copyright Act does not explicitly render a third person liable for another person's infringement.

In this case, Luvdarts concedes that the Carriers presently have no way of supervising the use of their networks for copyright infringement. Instead, Luvdarts's complaint alleges only that the Carriers could “establish[]. . .a system” that would give them the right and ability to supervise the infringing activity. Luvdarts argues that this allegation is sufficient to survive a motion to dismiss. Luvdarts fails to cite any authority to support this proposition, which runs contrary to our precedent. In Napster, this court held that “right and ability to supervise” should be evaluated in the context of a system’s “current architecture.” Napster Inc., 239 F.3d at 1024. Moreover, as we noted in Perfect 10, Inc. v. Amazon.com, Inc., resting vicarious liability on the Carriers’ failure to change their behavior would tend to blur the distinction between contributory liability and vicarious liability. 508 F.3d 1146, 1175 (9th Cir. 2007) (“[I]n general, contributory liability is based on the defendant’s failure to stop its own actions which facilitate third-party infringement, while vicarious liability is based on the defendant’s failure to cause a third party to stop its directly infringing activities.”). For example, under contributory liability the Carriers’ failure to implement a digital rights management system may be used as circumstantial evidence of “the object of promoting” infringement. See Grokster, 545 U.S. at 936–37. But under vicarious liability, it cannot substitute for an allegation of a capacity to supervise. Luvdarts's failure to allege that the Carriers have at least something like a capacity to supervise is fatal to a claim of vicarious liability.

Luvdarts fails to allege that the Carriers had the requisite specific knowledge of infringement. Luvdarts's conclusory allegations that the Carriers had the required knowledge of infringement are plainly insufficient. See Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (“Threadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice.”).

In the alternative, Luvdarts argues that the “notices” it sent to the Carriers, referenced in the complaint, sufficed to establish actual knowledge of infringement. However, these notices failed to notify the Carriers of any meaningful fact. The notices were 150-page-long lists of titles, apparently just a transcription of every title copyrighted by Luvdarts, which indicated that they wanted “accountability” for the unauthorized distribution of those titles for the period from May 2008 to November 2009. These notices do not identify which of these titles were infringed, who infringed them, or when the infringement occurred. The Digital Millennium Copyright Act of 1998 (“DMCA”), by which the notices purport to be governed, clearly precludes notices as vague as the notices here. 17 U.S.C. § 512 (DCMA takedown notice requires the producer to provide “[i]dentification of the material that is claimed to be infringing or to be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient

While T‐Mobile does not disclose the number of requests we receive from law enforcement annually, the number of requests has risen dramatically in the last decade...

Over the past five years, Sprint has received approximately 52,029 court orders for wiretaps; 77,519 court orders for the installation of a pen register/trap and trace device; and 196,434 court orders for location information. [...] Over the same time frame Sprint received subpoenas from law enforcement agencies requesting basic subscriber information. Each subpoena typically requested subscriber information on multiple subscribers and last year alone we estimate that Sprint received approximately 500,000 subpoenas from law enforcement.

Certainly a report of 52,029 wiretaps over five years--and that just from the third largest carrier in the country--is remarkable in and of itself. But it’s also more than double the number of all wiretaps counted in annual reports required by federal law.  The Administrative Office of the U.S. Courts keeps track of the number of wiretaps authorized each year for criminal investigations. The Justice Department files an annual report to Congress on individual warrants issued by the Foreign Intelligence Surveillance Court for intelligence investigations. (If you don’t feel like wading through, The Electronic Privacy Information Center has charts and graphs that should make it clear.) The total number of all wiretaps counted in the official reports over the five year period 2007–2011 comes to 24,270. I’ve made a table breaking it down year by year:

 

YEAR	TITLE III (Criminal) Wiretap Orders	FISA (Intelligence) Wiretap Orders
2011	2,732	1,745
2010	3,795	1,579
2009	3,043	1,320
2008	2,631	2,083
2007	2,927	2,370
TOTAL	15,173	9,097

 

The obvious question: How is one cell phone carrier—and not the largest by a longshot—reporting 27,759 more wiretap orders than the official numbers acknowledge for all carriers?

AT&T alone now responds to an average of more than 700 requests a day, with about 230 of them regarded as emergencies that do not require the normal court orders and subpoena.... Sprint, which did not break down its figures in as much detail as other carriers, led all companies last year in reporting what amounted to at least 1,500 data requests on average a day.

AT&T, for one, said it collected $8.3 million last year compared with $2.8 million in 2007, and other carriers reported similar increases in billings.

I was very concerned to read recent reports suggesting that state and local law enforcement agencies may be working around the protections of Jones by requesting the location records of individuals directly from their wireless carriers instead of tracking the individuals through stand-alone GPS devices installed on their vehicles. I was further concerned to learn that in many cases, these agencies appear to be obtaining precise records of individuals' past and current movements from carriers without first obtaining a warrant for this information. I think that these actions may violate the spirit if not the letter of the Jones decision.

I am writing to ask you about the Department of Justice's own practices in requesting location information from wireless carriers. I am eager to learn about how frequently the Department requests location information and what legal standard the Department believes it must meet to obtain it. I would also like to know how the Department may have changed these practices since the Jones decision.

Our systems found nearly 500 AT&T patents, with similar claims, that predate the fifteen asserted patents. Sprint Nextel also owns 12 patents that predate the asserted portfolio.

Is IV’s patent litigation helping inventors or investors? Considering that the bulk of the patents in suit were each “acquired” from what the USPTO characterizes as a “merger” with a different relatively unknown LLC, we’ll let you decide. Seems to us that it simply represents an attempt to use opacity and “hidden weapons” for a tactical assault having ABSOLUTELY NOTHING to do with innovation. In fact, these kinds of structures are also typically employed for tax “optimization” which is to say, to avoid paying taxes for any economic gains resulting from a successful assault, ahem sorry again, we mean “settlement”.

Eckhart followed up by posting part two of his research, demonstrating some of his findings on video. Considerable discussion of that demonstration ensued, for example here and here and here. Some critics of Eckhart's research have opined that it's overblown or not rigorous enough. But further analysis and commentary suggests that the problem could well be worse than we currently know. Stephen Wicker of Cornell University has explored some of the implications, and his comments seem especially apropos given that Carrier IQ has publicly admitted holding a treasure trove of data. Dan Rosenberg has done further in-depth research on the detailed workings of Carrier IQ, leading to rather a lot of discussion about Carrier IQ's capabilities -- there's some disagreement among researchers over what Carrier IQ is doing versus what it could be doing, e.g.: Is Carrier IQ's Data-Logging Phone Software Helpful or a Hacker's Goldmine?

Meanwhile, the scandal grew, questions were raised about whether it violated federal wiretap laws, a least one US Senator noticed, and Carrier IQ issued an inept press release. Phone vendors and carriers have been begun backing away from Carrier IQ as quickly as possible; there were denials from Verizon and Apple . T-Mobile has posted internal and external quick guides about Carrier IQ. Some of the denials were more credible than others. There has been some skepticism about Carrier IQ's statements, given their own marketing claims and the non-answers to some questions. There's also been discussion about the claims made in Carrier IQ's patent.

Then the lawsuits started, see Hagens Berman and Sianna & Straite and 8 companies hit with lawsuit for some details on three of them.

Attempts to figure out which phones are infected with Carrier IQ are ongoing. For example, the Google Nexus Android phones and original Xoom tablet seem to not be infected, nor do phones used on UK-based mobile networks, but traces of are present in some versions of iOS, although their function isn't entirely clear. A preliminary/beta application that tries to detect it is now available. Methods for removing it have been discussed.

Meanhile, A Freedom of Information Act request's response has indicated (per the FBI) that Carrier IQ files have been used for "law enforcement purposes", but Carrier IQ has denied this. And there seems to be a growing realization that all of this has somehow become standard practice; as Dennis Fisher astutely observes, With Mobile Devices, Users Are the Product, Not the Buyer.

Those are the details; now what about the implications?

Debate continues about whether Carrier's IQ is a rootkit and/or spyware. Some have observed that if it's a rootkit, it's a rather poorly-concealed one. But it's been made unkillable, and it harvests keystrokes -- two properties most often associated with malicious software. And there's no question that Carrier IQ really did attempt to suppress Eckhart's publication of his findings.

But even if we grant, for the purpose of argument, that it's not a rootkit and not spyware, it still has an impact on the aggregate system security of the phone: it provides a good deal of pre-existing functionality that any attacker can leverage. In other words, intruding malware doesn't need to implement the vast array of functions that Carrier IQ already has; it just has to activate and tap into them.

Which brings me to a set of questions that probably should have been publicly debated and answered before software like this was installed on an estimated 150 million phones. I'm not talking about the questions that involve the details of Carrier IQ -- because I think we'll get answers to those from researchers and from legal proceedings. I'm talking about larger questions that apply to all phones -- indeed, to all mobile devices -- such as:

• What kind of debugging or performance-monitoring software should be included?
• Who should be responsible for that software's installation? Its maintenance?
• Should the source code for that software be published so that we can all see exactly what it does?
• Should device owners be allowed to turn it off/deinstall it -- or, should they be asked for permission to install it/turn it on?
• Will carriers or manufacturers pay the bandwidth charges for users whose devices transmit this data?
• Should carriers or manufacturers pay phone owners for access to the device owners' data?
• Where's the dividing line between performance-measuring data that can be used to assess and improve services, and personal data? Is there such a dividing line?
• Will data transmission be encrypted? How?
• Will data be anonymized or stripped or otherwise made less personally-identifiable? Will this be done before or after transmission or both? Will this process be full-documented and available for public review?
• What data will be sent -- and will device owners be able to exert some fine-grained control over what and when?
• Who is is responsible for the security of the data gathered?
• Who will have access to that data?
• When will that data be destroyed?
• Who will be accountable if/when security on the data repository is breached?
• What are the privacy implications of such a large collection of diverse data?
• Will it be available to law enforcement agencies? (Actually, I think I can answer that one: "yes". I think it's a given that any such collection of data will be targeted for acquisition by every law enforcement agency in every country. Some of them are bound to get it. See "FBI", above, for a case in point.)

Lots of questions, I know. Perhaps I could summarize that list by asking these three instead: (1) Who owns your mobile device? (2) Who owns the software installed on your mobile device? and (3) Who owns your data?

By the way, it cannot be turned off without rooting the phone and replacing the operating system. And even if you stop paying for wireless service from your carrier and decide to just use Wi-Fi, your device still reports to Carrier IQ.

It’s not even clear what privacy policy covers this. Is it Carrier IQ’s, your carrier’s or your phone manufacturer’s? And, perhaps, most important, is sending your communications to Carrier IQ a violation of the federal government’s ban on wiretapping?

And even more obvious, Eckhart wonders why aren’t mobile-phone customers informed of this rootkit and given a way to opt out?

Carrier IQ is used to understand what problems customers are having with our network or devices so we can take action to improve service quality.

It collects enough information to understand the customer experience with devices on our network and how to devise solutions to use and connection problems. We do not and cannot look at the contents of messages, photos, videos, etc., using this tool

AT&T noted it “plays no role” in what kind of information smartphone apps collect, while T-Mobile pointed out the ways in which that data can be used.

Sprint lamented “consumers no longer can look to their trusted carrier with whom they have a trusted relationship to answer all of their questions,” particularly on privacy.

And Verizon Wireless called out smartphone app makers directly on the issue, stressing “location-based applications and services (whether provided by us or third parties such as Google) should give customers clear and transparent notice” and control.

Defendants purposely conspired via collusion to install themselves as the new primary gate keepers and sole beneficiaries of multimedia content sharing through their new MMS technologies.

The decision in Maynard is just one of several rulings in recent years reflecting a growing recognition, at least in some courts, that technology has progressed to the point where a person who wishes to partake in the social, cultural, and political affairs of our society has no realistic choice but to expose to others, if not to the public as a whole, a broad range of conduct and communications that would previously have been deemed unquestionably private....

As a result of such decisions, I believe that magistrate judges presented with ex parte requests for authority to deploy various forms of warrantless location-tracking must carefully re- examine the constitutionality of such investigative techniques, and that it is no longer enough to dismiss the need for such analysis by relying on cases such as Knotts or, as discussed below, Smith v. Maryland.... For the reasons discussed below, I now conclude that the Fourth Amendment prohibits as an unreasonable search and seizure the order the government now seeks in the absence of a showing of "probable cause, supported by Oath or affirmation[.]"

Defendants, and each of them, enabled the transfer/transmission and publication of this copyright protected content via mobile devices by building and implementing a peer to peer file sharing network with the dedicated purpose of enabling end users to share multimedia files via this MMS network. Defendants, and each of them, profited from these activities by charging the transmitter and receivers of this content a fee or flat rate for the transfer/transmission that resulted in the publication of said content. Despite charging the transmitter and receiver a fee for the delivery of this copyrighted content, Defendants, and each of them, failed to compensate the holder of the copyrights for this content that was necessary in generating the MMS data revenue. Furthermore, Defendants, and each of them failed or refused to provide a system where an adequate accounting of the transfer/transmission and publication of this copyrighted content could be made.

The transmission of this MMS data is not covered by the exemption for Internet Service Providers as set forth in 17 U.S.C. §512 because the wireless carriers are not Internet Service Providers as defined by §512 while providing a dedicated MMS network for multimedia file sharing.

Definitions.--
(1) Service provider--
(A) As used in subsection (a), the term "service provider" means an entity offering the transmission, routing, or providing of connections for digital online communications, between or among points specified by a user, of material of the user's choosing, without modification to the content of the material as sent or received.
(B) As used in this section, other than subsection (a), the term "service provider" means a provider of online services or network access, or the operator of facilities therefor, and includes an entity described in subparagraph (A).