TRO – UA LAW IP

San Francisco-based CloudFlare has earned a somewhat dubious reputation in the online world. Website owners can set up CloudFlare in just a few minutes, gaining the performance, security, and privacy benefits the service provides. Traffic routed through CloudFlare’s global content delivery network is cached for faster delivery times and protected from numerous online threats. Pirate sites have flocked to the service because it hides their true identities from copyright owners by default. And it probably doesn’t hurt that CloudFlare CEO Matthew Prince thinks that “censoring the Internet” is “creepy,” even “under a court order.”

Prince practices what he preaches, and CloudFlare has been all-too-ready to lend a helping hand to even the most notorious pirates. When The Pirate Bay rose from the ashes in early 2015, CloudFlare provided the site with services that helped manage its massive server loads. CloudFlare’s encryption technology even made it easy for users in the UK to circumvent the High Court’s ban ordering ISPs to block the pirate site. Amazingly, The Pirate Bay is now back in the United States, using its original thepiratebay.org Virginia-based domain and benefiting from CloudFlare’s robust services to make its criminal enterprise run smoothly worldwide.

Of course, the only reason CloudFlare can get away with supporting the world’s most-visited torrent site is because the DMCA is such a mess. Courts have set the bar so high that CloudFlare wouldn’t likely be found to have red flag knowledge of the massive amounts of infringement it certainly knows its service enables for globally-infamous criminal infringers like The Pirate Bay. Rather than taking the high road and refusing to work with obvious pirate sites, CloudFlare lawyers up when pushed and denies the supportive role that its service provides.

We saw this last year in the Grooveshark case. After the original Grooveshark site was found liable for willful infringement and agreed to shut down, copycat sites sprung up at different top-level domains such as grooveshark.io and grooveshark.pw. The plaintiffs obtained a temporary restraining order against the copycats, which registrars Namecheap and Dynadot promptly complied with by disabling some of the domains. But when the plaintiffs asked CloudFlare to stop providing services to some of the other copycats, they were met with firm resistance. The plaintiffs had to turn to the court for an order clarifying that the injunction against the copycat sites prevented CloudFlare from providing them services.

With the backing of the Electronic Frontier Foundation, CloudFlare put up a big fight. It denied that it was in “active concert or participation” with the copycats, which under Rule 65 would have made it bound by their existing injunction. CloudFlare argued that its services were merely passive and that the domains would still remain accessible even if its services were cut off. The district court rejected CloudFlare’s self-serving arguments, noting that it was in fact aiding and abetting the copycat sites by operating their authoritative domain name servers and optimizing their traffic worldwide. Since CloudFlare had actual notice of the injunction and was in “active concert or participation” with the enjoined copycats, it was also bound by their injunction under Rule 65.

Hit with what must have been the eye-opening reality that, under penalty of contempt, it couldn’t knowingly help its enjoined customer engage in the very wrong the court had ordered it to stop committing, one might think that CloudFlare would have become more respectful of court orders involving its customers. However, as recent developments in the MP3Skull case show, CloudFlare has decided to again take the low road in shirking its responsibility to the court. And its argument here as to why it’s beyond the court’s reach is even more desperate than before.

In April of 2015, several record label plaintiffs sued MP3Skull for copyright infringement, easily obtaining a default judgment when the defendants failed to respond to the suit. Earlier this year, the plaintiffs were granted a permanent injunction, which the defendants quickly flouted by setting up shop under several different top-level domains. Naturally, the common denominator of these multiple MP3Skull sites was that they used CloudFlare. The plaintiffs’ lawyers sent a copy of the injunction against the pirate sites to CloudFlare, asking it to honor the injunction and stop supplying services to the enjoined domains. But, as with Grooveshark, CloudFlare again refused to comply.

The record label plaintiffs have now gone back to the district court, filing a motion requesting clarification that CloudFlare is bound by the injunction against the MP3Skull sites. They argue that the “law is clear that CloudFlare’s continued provision of services to Defendants, with full knowledge of this Court’s Order, renders CloudFlare ‘in active concert or participation’ with Defendants,” and they point to the opinion in the Grooveshark case in support. According to the plaintiffs, the only issue is whether CloudFlare is aiding and abetting the enjoined defendants by providing them services.

CloudFlare opposes the motion, though it noticeably doesn’t deny that it’s in “active concert or participation” with the enjoined defendants. Instead, CloudFlare argues that, since this is a copyright case, any injunction against it must comply with the DMCA:

Section 512(j) prescribes specific standards and procedures for injunctions against service providers like CloudFlare in copyright cases. It places strict limits on injunctions against eligible service providers. 17 U.S.C. § 512(j)(1). It specifies criteria that courts “shall consider” when evaluating a request for injunctive relief against a service provider. 17 U.S.C. § 512(j)(2). And it requires that a service provider have notice and an opportunity to appear, before a party may bind it with an injunction. 17 U.S.C. § 512(j)(3). Plaintiffs ignored those requirements entirely.

The gist of CloudFlare’s argument is that Section 512(j) controls injunctions against service providers like itself, notwithstanding the fact that Rule 65 binds those in “active concert or participation” with an enjoined party. In other words, CloudFlare says that the DMCA gives service providers unique immunity from having to obey court-issued injunctions under the Federal Rules—a remarkable claim requiring remarkable proof. And the case law cited to back up this claim? None. Zip. Nada. CloudFlare fails to produce one single cite showing that any injunctive-relief statute, whether copyright or otherwise, has ever been deemed to preempt the longstanding rule that it’s contempt of court to aid and abet an enjoined defendant. The desperation is palpable.

The reason the DMCA doesn’t apply to CloudFlare is obvious. Section 512(j) states that it “shall apply in the case of any application for an injunction under section 502 against a service provider” that qualifies for the safe harbors. CloudFlare goes on for pages about how it’s a service provider that would qualify for the safe harbor defense if given the chance, but all of this misses the point: CloudFlare is not being enjoined. The only service provider being enjoined is MP3Skull—and that injunction was issued under Section 502 without the limitations set forth in Section 512(j) because MP3Skull didn’t even bother to show up and attempt to claim the safe harbors. But the plaintiffs have not sought an injunction against CloudFlare, which they could only do by naming CloudFlare as a party to the suit.

Since CloudFlare itself isn’t being enjoined under Section 502, Section 512(j) provides it no limitations. The issue is simply whether, under the Federal Rules, CloudFlare is bound by the injunction that has already been issued against the MP3Skull sites. Perhaps not wanting to get bench-slapped again on the aiding and abetting question under Rule 65, CloudFlare is taking an even lower road with this desperate new argument that it’s magically immune to court orders against its customers under the Federal Rules. The district court has yet to rule on the plaintiffs’ motion, but my guess is that it will make short work in reminding CloudFlare of the court’s true power to hold aiders and abettors in contempt.

Just how far does a court’s power to enjoin reach into cyberspace? It’s clear enough that those directly posting or hosting infringing content are subject to an injunction. But what about a company such as CloudFlare that provides content delivery network and domain name server services? Does an injunction under Rule 65 against anyone acting in “active concert or participation” with an online infringer apply to an internet infrastructure company such as CloudFlare? CloudFlare recently argued that its service is “passive” and untouchable, but a district court vehemently—and rightly—disagreed.

The controversy started with the shutdown of the Grooveshark music streaming service pursuant to a settlement agreement with the major record label plaintiffs this past April. Back in September of 2014, Grooveshark and its two founders were found directly and indirectly liable for copyright infringement. After the district court held that their infringement was “willful,” thus subjecting them to potential statutory damages exceeding $736 million for the 4,907 works-in-suit, they consented to paying $50 million in damages and shutting down the grooveshark.com site rather than risk it with a jury.

But the demise of Grooveshark was short-lived, and just days after publicly apologizing for failing “to secure licenses from right holders,” two copycat sites popped up at different top-level domains: grooveshark.io and grooveshark.pw. The record label plaintiffs filed a new complaint and obtained ex parte relief, including a temporary restraining order (TRO), against the new sites. Upon receipt of the TRO, Namecheap, the registrar for both sites, disabled the .io and .pw domain names. When another copycat site was established at grooveshark.vc, the domain name was quickly disabled by Dynadot, the registrar, after it received the TRO.

Undeterred, the defendants publicly taunted the plaintiffs and registered yet another copycat site at grooveshark.li. Rather than continuing this global game of domain name Whac-A-Mole, the plaintiffs served the TRO on CloudFlare, the service utilized by the defendants for each of the infringing domains. And this is where things got interesting. Rather than swiftly complying with the TRO, as the domain name registrars had done, CloudFlare lawyered up and contended that it was beyond the court’s reach.

In its briefing to the court, CloudFlare argued that it played merely a passive role for its customers—including the defendants and their copycat site—by resolving their domain names and making their websites faster and more secure. CloudFlare disavowed the ability to control any content on the copycat site, and it denied that it was in active concert or participation with the defendants:

Active concert requires action, and CloudFlare has taken none. Participation means assisting a defendant in evading an injunction. CloudFlare has not so assisted defendants and, in fact, has no ability to stop the alleged infringement. Even if CloudFlare—and every company in the world that provides similar services—took proactive steps to identify and block the Defendants, the website would remain up and running at its current domain name.

CloudFlare did not deny that the defendants utilized its services; it instead argued that the TRO would not remove the infringing site from the internet. Thus, CloudFlare’s position hinged on its own passivity and on the futility of enjoining it from providing services to the defendants.

A moment’s reflection reveals the superficiality of this position. The fact that CloudFlare had no control over the content of the copycat site was not dispositive. The question was whether CloudFlare aided the defendants, and there was no doubt that it did. It was not only the defendants’ authoritative domain name server, it also optimized and secured their copycat site. That the defendants could have used other services did not erase the fact that they were using CloudFlare’s services. And once CloudFlare was served with the TRO and made aware of the copycat site, its continued provision of services to the defendants constituted active concert or participation.

CloudFlare’s policy arguments were similarly unpersuasive. It suggested that the TRO “would transform a dispute between specific parties into a mandate to third parties to enforce” the plaintiffs’ rights “against the world in perpetuity.” Of course, that is not what happened here. The question was not who else in the world the TRO reached; the question was whether the TRO reached CloudFlare because it aided the defendants.

CloudFlare further argued that it could not be enjoined because “Congress explicitly considered and rejected granting such authority to the courts with respect to Internet infrastructure providers and other intermediaries for the purpose of making a website disappear from the Internet.” To enjoin it, CloudFlare proposed, would be to pretend that the Stop Online Piracy Act (SOPA) “had in fact become law.” This argument, however, completely ignored the fact that courts have long been empowered to enjoin those in active concert or participation with infringers.

In reply, the record label plaintiffs rebuffed CloudFlare’s claim that it was not aiding the defendants: “CloudFlare’s steadfast refusal to discontinue providing its services to Defendants – who even CloudFlare acknowledges are openly in contempt of this Court’s TRO – is nothing short of breathtaking.” They pointed to how CloudFlare continued to aid the defendants, even after being on notice of the TRO: “[T]he failure of an Internet service provider to stop connecting users to an enjoined website, once on notice of the injunction, readily can constitute aiding and abetting for purposes of Rule 65.”

In the real world, CloudFlare markets the benefits of its services to its customers. It touts its content delivery network as delivering “the fastest page load times and best performance” through its “34 data centers around the world.” It boasts having “web content optimization features that take performance to the next level.” It offers robust “security protection” and “visitor analytics” to its customers. And its authoritative domain name server proudly serves “43 billion DNS queries per day.” But when it came to the defendants’ copycat site, it claimed to be a “passive conduit” that in no way helped them accomplish their illicit goals. This disingenuousness is, to borrow the plaintiffs’ term, “breathtaking.”

District Judge Alison J. Nathan (S.D.N.Y.) made short work in rejecting CloudFlare’s shallow denials. She noted that there was no factual question that CloudFlare operated the defendants’ authoritative domain name server and optimized the performance and security of their copycat site. The question was whether these acts were passive such that CloudFlare was not in “active concert or participation” with the defendants. Judge Nathan held that the services CloudFlare provided to the defendants were anything but passive:

CloudFlare’s authoritative domain name server translates grooveshark.li as entered in a search browser into the correct IP address associated with that site, thus allowing the user to connect to the site. Connecting internet users to grooveshark.li in this manner benefits Defendants and quite fundamentally assists them in violating the injunction because, without it, users would not be able to connect to Defendants’ site unless they knew the specific IP address for the site. Beyond the authoritative domain name server, CloudFlare also provides additional services that it describes as improving the performance of the grooveshark.li site.

Furthermore, Judge Nathan dismissed CloudFlare’s argument that it was not helping the defendants since they could simply use other services: “[J]ust because another third party could aid and abet the Defendants in violating the injunction does not mean that CloudFlare is not doing so.” And to CloudFlare’s concern that the TRO was overly broad, Judge Nathan reasoned that the issue before her was CloudFlare’s own actions, not those of other, possibly more attenuated, third parties: “[T]he Court is addressing the facts before it, which involve a service that is directly engaged in facilitating access to Defendants’ sites with knowledge of the specific infringing names of those sites.”

This TRO wasn’t about the “world at large,” and it wasn’t about turning the companies that provide internet infrastructure into the “trademark and copyright police.” It was about CloudFlare knowingly helping the enjoined defendants to continue violating the plaintiffs’ intellectual property rights. Thankfully, Judge Nathan was able to see past CloudFlare’s empty and hyperbolic position. Protecting intellectual property in the digital age is difficult enough, but it’s even more challenging when services such as CloudFlare shirk their responsibilities. In the end, reason trumped rhetoric, and, best of all, the internet remains unbroken. In fact, it’s now even better than before.

Further reading: Leo Lichtman, Copyright Alliance, Bringing Accountability to the Internet: Web Services Aiding and Abetting Rogue Sites Must Comply With Injunctions

Recent Posts

Recent Comments

Archives

Categories