Two Years Later, Judge Finally Realizes That A CDN Provider Is Not Liable For Copyright Infringement On Websites
from the this-is-why-procedural-outs-are-important dept
More than two years ago we wrote about a truly bizarre ruling in a truly bizarre copyright lawsuit against Cloudflare. As you (perhaps?) know, Cloudflare is a popular CDN provider, helping websites (including Techdirt) provide better access to users while helping to mitigate things like denial of service attacks. In this case, the plaintiffs, Mon Cheri Bridals — a maker of bridal dresses — sued Cloudflare because websites out there were selling counterfeit dresses. If you know anything about copyright (and counterfeiting) law, you should be scratching your head. Counterfeiting is not about copyright. It’s about trademark. But the dress company (for reasons I still don’t understand), made the stretchiest of stretchy arguments to say that (1) the counterfeit sellers were posting images of the dresses, and (2) those images were protected by a copyright held by the dress maker, and (3) because the counterfeiting sites posting the allegedly copyright infringing photos used Cloudflare for CDN (not hosting) services, that somehow makes them contributory liable for the copyright infringement.
Even worse, the complaint itself was extremely confused about the DMCA and how it works with regards to the DMCA 512 safe harbors. Different companies are treated differently under 512, and Section (b) companies for “system caching” (which is what CDNs do) are treated differently under the law than Section (c) hosting companies. However, the whole “notice and takedown” aspect of the law only applies to Section (c) type companies. But the lawsuit simply ignored that and assumed that Cloudflare should be a (c) company, rather than a (b).
And, astoundingly, as we wrote about two years ago, the judge refused to dismiss the case, but let it move forward past the motion to dismiss stage — meaning that it went through some very expensive discovery and other efforts before finally getting to the summary judgment stage, and now more than two years later, the judge granted dismissal on summary judgment. And, kinda like his refusal to dismiss, the opinion is kinda short and doesn’t get into much in the way of detail. But at least this time it gets it right.
The plaintiffs have not presented evidence from which a jury could conclude that Cloudflare?s performance-improvement services materially contribute to copyright infringement. The plaintiffs? only evidence of the effects of these services is promotional material from Cloudflare?s website touting the benefits of its services. These general statements do not speak to the effects of Cloudflare on the direct infringement at issue here. For example, the plaintiffs have not offered any evidence that faster load times (assuming they were faster) would be likely to lead to significantly more infringement than would occur without Cloudflare. Without such evidence, no reasonable jury could find that Cloudflare ?significantly magnif[ies]? the underlying infringement. Amazon.com, Inc., 508 F.3d at 1172. Nor are Cloudflare?s services an ?essential step in the infringement process.? Louis Vuitton Malletier, 658 F.3d at 944. If Cloudflare were to remove the infringing material from its cache, the copyrighted image would still be visible to the user; removing material from a cache without removing it from the hosting server would not prevent the direct infringement from occurring.
Cloudflare?s security services also do not materially contribute to infringement. From the perspective of a user accessing the infringing websites, these services make no difference. Cloudflare?s security services do impact the ability of third parties to identify a website?s hosting provider and the IP address of the server on which it resides. If Cloudflare?s provision of these services made it more difficult for a third party to report incidents of infringement to the web host as part of an effort to get the underlying content taken down, perhaps it could be liable for contributory infringement. But here, the parties agree that Cloudflare informs complainants of the identity of the host in response to receiving a copyright complaint, in addition to forwarding the complaint along to the host provider.
This is the correct ruling, but it should have come two years ago at the motion to dismiss stage.
Indeed, despite not being a Section 230 case, this is yet another example of why Section 230’s procedural benefits are so important. Perhaps one reason why people don’t get this is that they don’t understand just how much more expensive a lawsuit gets after a motion to dismiss, but it’s a massive shift. A motion to dismiss may run in the 100s of thousands dollars range (depending on a variety of factors). But if you get past that and have to go to discovery, you’re now talking in the millions before you get a ruling on summary judgment. It’s a big difference and a massive cost for companies (especially smaller ones). A cost that can completely destroy smaller companies — for a lawsuit that had no chance at all from the beginning.
Filed Under: cdn, copyright, counterfeiting, dmca, dmca 512, safe harbors, summary judgment
Companies: cloudflare, mon cheri bridals
Comments on “Two Years Later, Judge Finally Realizes That A CDN Provider Is Not Liable For Copyright Infringement On Websites”
so who pays the legal fee,s in this case cloudflare or the fashion company, which should have simply sued the companys who actually sell the
dress,s which may be illegal copys of an original design.
Re: Re:
Yup, but shoot the messenger is the easiest mechanism these lazy entities can use
Re: Re:
In most cases dresses can’t be copyrighted (or trademarked) in the US so the dresses likely weren’t illegal copiees.
Re: Re:
For the most part, the US does not allow for fee shifting, so it’s likely that everyone pays their own. There are some provisions for free shifting for objectively unreasonable copyright claims, so perhaps Cloudflare will move to have its fees covered, but who knows if the judge will go for it.
Re: Re: Re:
You missed one Mike and it’s a doozy..
PROHIBITED ACTIVITIES
Section 23
"disparage, tarnish, or otherwise harm, in our opinion, us and/or the Site."
Re: Re: Re: Re:
Section 23 of which site’s ToS, exactly?
If it’s Cloudflare, it wouldn’t be binding on the dress company because they are not a Cloudflare customer. If it’s the dress company, Cloudflare isn’t their customer either.
A contract only applies to those who sign it.
Re: Re: Re:2 Re:
Sorry, I got my tabs mixed up. I was referring to https://www.techdirt.com/articles/20211020/17513847788/trump-announces-his-own-social-network-truth-social-which-says-it-can-kick-off-users-any-reason-already-is.shtml
Re: Re: Re: Re:
Think you took a left turn at the wrong story and posted an off topic comment…
If only there was something in the DMCA that allowed for a defendant to counter sue for a factually false allegations by a plaintiff to recover the costs they had to incur due to said lawsuit. Like a nice Anti-SLAPP for the DMCA abusers.
Oh, wait a minute… if only 512(f) was enforced and had fangs. They knowingly chose to ignore what one part said and intentionally interpreted another to mean it.
All of this has happened before, and all of it will happen again (btw, thats fair use, for you copyright ghould out there)
Cloudflare are the Boogie Woogie Bugle Boys
assumed that Cloudflare should be a (c) company, rather than a (b).
Re: Cloudflare are the Boogie Woogie Bugle Boys
The Andrews Sisters you are not, Bobvious.
… but I admit that I was thinking about that.
CDN?
I read the title, which includes "…A CDN Provider…" and immediately wonder what Canadian is providing what? Perhaps the editors could provide a page full of acronyms so new readers can follow the stories.
Re: CDN?
As you can now be an example of, the user solved it themself. It was sufficiently traumatic that the AI would determine no additional effort is required.
Welcome to Acronym Tech Hell.
Re: Re: CDN?
Paul Boutin (reputedly) when asked what he thought the biggest problem in computing in the 1990s would be, answered straight-faced "There are only 17,000 three-letter acronyms."[
Re: CDN?
"Perhaps the editors could provide a page full of acronyms so new readers can follow the stories."
I appreciate the issue, but it’s called Google (or Wikipedia, or many others). It would have taken less time to google "Cloudflare CDN" than it would have done to write the above, and over time any glossary of acronyms is going to itself become ambiguous as the same acronym turns up on articles on different subjects.
In context to anyone aware of what Cloudflare is and what it does, which should include the vast majority of Techdirt readers, the acronym’s use is clear in context.
Re: Re: TDM TLAs (Too "Darn" Many Three-Letter Acronyms)
It would be a courtesy to the reader to spell an acronym out, once, in the article, or otherwise briefly explain what it means in the context of that article. I wish Mike did that more often than he does, please.
For another example, I’ve recently googled (or duckduckgone, I forget which) "NFT" (on two different occasions, I think) to be able to make any sense of a couple of articles here. And then wished I had not needed to do that. I’m still not entirely sure what a Non-Fungible Token is, some blockchain thing maybe, but at least I think I now know that in these articles NFT does not stand for a Non-deterministic Finite-state Transducer. Or does it? There’s so much to learn.
Re: Re: Re: TDM TLAs (Too "Darn" Many Three-Letter Acronyms)
"It would be a courtesy to the reader to spell an acronym out, once, in the article, or otherwise briefly explain what it means in the context of that article"
Personally, I prefer articles to deal with the subject of the article, not pointlessly repeat basic concepts over and over again.
It says in the article "Cloudflare is a popular CDN provider". If you don’t know what CDN is in that context, it’s trivial to google "cloudflare CDN" and you get the idiots’ guide page directly from Cloudflare. It also mentions DMCA, which is similarly trivial to look for if you’re unsure.
I understand the annoyance of acronyms, but there’s no getting around them in discussions of technology and law, and there shouldn’t be the same need to explain everything as if the reader has never heard of them before on a blog targeted toward people with a deeper knowledge of the subject, compared to if it were a mainstream news source targeted at the general public.
"I’ve recently googled (or duckduckgone, I forget which) "NFT" (on two different occasions, I think) to be able to make any sense of a couple of articles here. And then wished I had not needed to do that."
I prefer you have to do that, than have half of every article describing NFTs to people, in articles whose intended audience is at least aware that non-fungible tokens are one of the most hotly debated issues in cryptocurrency and digital copyright today. Similarly, if someone’s writing an article on cryptocurrency overall, there shouldn’t be a need for them to describe what ETH and BTC are, even if it’s confusing to people who have never looked into crypto before – those people aren’t the intended audience.
"I’m still not entirely sure what a Non-Fungible Token is, some blockchain thing maybe"
Honestly? If you’ve found the Wikipedia article and it still confuses you, then I’m guessing that whatever article you’ve come across discussing their implications and impact through the quickly changing landscape and contexts in which they’re being used are not for you.
That’s fine, there’s no shame in not understanding what can be a tricky subject if you’ve not looked into crypto and its development over the last few years. But, the place to explain it is not within articles aimed at people who have.
Re: CDN?
CDN = Content Delivery Network.
i.e. any distributed network which will deliver content for hire. Cloudflare is a typical example though push comes to shove, so is the Bittorrent P2P Protocol.
I admit to some bias here; I firmly believe any use of an acronym needs to have the full wording spelled out the first time it’s used in any given work, against a three strike principle of, at a third offense, taking a hammer to the authors fingers in a kindly and educational fashion.
Re: Re: CDN?
I’ll maintain that the first consideration is the intended audience. If the audience can be expected to understand the acronyms (which, in this case, would include anyone interested in reading about Cloudflare), they can be omitted.
One example I used recently outside of tech discussions was to consider if I were to write an article about HMRC announcing changes to VAT. If the article was likely to be read mainly by a general international audience, I might feel the need to explain the role of Her Majesty’s Revenue and Customs, what their role is related to the collection of Value Added Tax in the UK, and how that differs from sales tax used in the US, such as the fact that it’s usually included in sticker prices whereas in the US it’s applied afterwards at the point of sale.
But, if I’m writing an article with the intended audience of people working in the UK’s accounting sector, providing that information in every article would not only be pointless, it would be downright condescending and even make me appear to be much less of a credible source than if I appear to be talking to people on my level.
Same here. If a term is related to a new concept or has only been coined recently, articles should perhaps explain it. Once it’s in the same realm as DNS and RAM in terms of familiarity with a given audience, it’s optional and the onus is then on the reader. Especially in cases like this where merely googling the name of the company the article is about will give you all the required information.
"Bittorrent P2P Protocol."
Ah, you didn’t explain what P2P stands for, so apparently your comment isn’t good enough for some people…
I don’t think there’s any copyright on fashion designs in America I think anyone can copy a design as long as they don’t use the same company name or us trademark or company logo on the dress still this case sets a good precedent
To protect cdn networks or general network caching services from being sued in the future
Several reasons come to mind:
Techdirt has reported on enough occasions where screaming "copyright infringement" is enough to get anything done on behalf of plaintiffs, including the removal of negative critique of videogames. "Copyright law as an engine to get a finger in every pie" has become a hallmark strategy.
Re: Re:
The way Copyright is written and executed now is far from the constitutional intent, making it downright unconstitutional. It’s just a giant government-backed gag order on the public. Freedom of speech be damned.
Re: Re: Re:
"The way Copyright is written and executed now is far from the constitutional intent, making it downright unconstitutional."
Something of which at least Jeffersson was aware is that Copyright can not be properly added to a constitution valuing freedoms without causing conflict.
Copyright in itself means a third party gets to tell you what you can and can not do with physical property in your possession based on whether the shape of that property can be interpreted to carry information someone else came up with.
Or in another way of putting it, copyright is what we normally call information control, just that the censorship is in the hands of private rather than governmental entities. A prohibition on anyone to pass on the interesting stories they’ve heard.
I don’t think it’s possible at all to add copyright into any national charter which also values freedom of speech and I think the founding fathers all knew this which is why the constitution specifies that congress may protect intellectual property. It’s the only optional clause i remember from that document.
And we’ve already seen plenty of examples where copyright has lent itself amicably to abuse.
Erdogan of Turkey doesn’t want his bloopers to go the rounds on Facebook and his supreme court won’t let him use heavy-handed censorship? Copyright was the answer and no western nation could so much as squeak when he used a US DMCA law to pull the plug on social media.
A West German government agency doesn’t want to comply with an information request from a civil rights NGO? Copyright was the answer which let them ignore every demand on government transparency.
Copyright is a fucking abomination which does not fulfill any of the proposed advantages promised back in the 17th century but which does set us back centuries when it comes to the transparency and accountability we expect from the body politic. In addition to wasting massive public resources on wrecking the functionality of every mass communications medium and information storage invention.
Perfect 10 started selling wedding dresses when?
Perhaps lifetime appointments for positions is a bad idea…
I mean if they remember how bad things were in the Depression first hand, maybe just maybe they aren’t prepared to understand how the interwebs works.