Federal Internet Law & Policy
An Educational Project

Internet Access Liability for Third Party Actions

Dont be a FOOL; The Law is Not DIY
- Good Samaritan Defense
- 3rd Party Content
- Internet Access Liability
- Foreign Judgments
- Consumer Review Fairness Act
- References

- 1st Amend
- Crime
- Child Porn
- Child Porn, Reporting
- Protect Act
- Filters
- - Notification
- V Chip
- Taxes
- Reports
- Obscenity
- Annoy
- Good Samaritan Defense

Can you be liable for having an Internet access account where third parties use (and perhaps misuse) that Internet access? If a plaintiff has an IP address, do they know who the culpable party is? Do you have a duty to lock down your Internet Access (like your WiFi access point).

See also IP Address as Personal Identifier


Copyright owners have attempted to argue that having an open WiFi access point is negligent. The argument is that if some third party walks up to an open access point and downloads a whole bunch of pirated copyrighted material, it is the fault of the access point owner who allowed this.

The elements of a negligenceNavigate Away from CT cause of action are: (1) Duty, (2) Breach, (3) Causation, and (4) Harm. In the case of an open WiFi access point, the argument of the copyright owner is that the WiFi Access Point owner failed to act - the access point owner failed to take steps necessary to secure the access point. In a case where a defendant has "failed to act," this is nonfeasance; in cases of nonfeasance, for a failure to act to give rise to a cause of action, there must be a special relationship between the plaintiff and the defendant. To say it a different way, there is not legal (tort) obligation to be a good samaritan to just anybody; for there to be an obligation to act, there must be something special about that relationship between the two parties that would so require it.

In AF HOLDINGS, LLC v. Doe, NDCA 2012, a California court found that no special relationship exists between the owner of a WiFi access point and copyright owners. In other words, it isnt the job of a WiFi access point owner to protect the assets of a copyright owner - and no cause of action lies in negligence. According to the Court,

Plaintiff has not articulated any basis for imposing on Defendant a legal duty to prevent the infringement of Plaintiff's copyrighted works, and the court is aware of none. Defendant is not alleged to have any special relationship with Plaintiff that would give rise to a duty to protect Plaintiff's copyrights, and is also not alleged to have engaged in any misfeasance by which he created a risk of peril.

The allegations in the complaint are general assertions that in failing to take action to "secure" access to his Internet connection, Defendant failed to protect Plaintiffs from harm. Thus, the complaint plainly alleges that Defendant's supposed liability is based on his failure to take particular actions, and not on the taking of any affirmative actions. This allegation of non-feasance cannot support a claim of negligence in the absence of facts showing the existence of a special relationship.


According to the courts, attempting to impose liability on a WiFi access point owner based on the theft of copyrighted material over that access point is an attempt to rebrand a copyright cause of action. Such attempts to rebrand a copyright cause of action in order to reach further than the copyright law permits is specifically preempted by the copyright law. 17 U.S.C. § 301(a).

Plaintiff is seeking to protect its "exclusive rights" from "copying and sharing." Simply recharacterizing the claim as one of "negligence" does not add a legally cognizable additional element. See, e.g., Dielsi v. Falk, 916 F.Supp. 985, 992-93 (C.D. Cal. 1996). Thus, because Plaintiff alleges that Defendant's action or inaction constituted interference with its "exclusive rights in the copyrighted work," the negligence claim is preempted by § 301 of the Copyright Act.

AF HOLDINGS, LLC v. Doe, NDCA 2012. The court concludes that either the defendant is liable under copyright law, or not - but the cause of action cannot be recloaked as negligence. LIBERTY MEDIA HOLDINGS, LLC v. Tabora, Dist. Court, SD New York 2012.

Communications Decency Act, Good Samaritan Provision, 47 USC s 230

An open of an open WiFi access point is arguably a provider of an interactive computer service to third parties using that access point, and would be immune from liability under the Good Samaritan provisions of the Communications Decency Act, 47 USC 230.

See also 47 USC 230's impact on copyright prior to 1972.

IP Addresses and Personal Culpability

The court in Breaking Glass points out another problem. If you are able to identify the IP address that allegedly engaged in misconduct, that IP address could be converted into the account holder's name of the Internet access subscription - but NOT the person who was actually online and doing the activity in question. IP addresses do not equal personal culpability. IP addresses equal the name of the person who set up the contract with the ISP and pays the bills. Refusing to allow plaintiff to just keep suing people until plaintiff finally got to the right person, the court in Breaking Glass stated

But the complication that Plaintiff fails to discuss is that it is not enough to simply identify the subscribers behind particular IP addresses to state a plausible claim for copyright infringement against those individuals. Instead, a plausible claim must be supported by factual allegations establishing that the particular person identified as a defendant was, in fact, the individual who engaged in wrongful conduct. In other words, discovery to identify the ISP subscribers is only the starting point. Plaintiff will also need to conduct discovery to determine who was using the Internet connection at the time the alleged infringement occurred. Plaintiff will then have to amend its complaint to allege the facts supporting its claim against each individual. The fact that Plaintiff needs discovery to unearth the factual basis for its claims is precisely the conundrum referenced in the Court's prior order regarding recent Supreme Court authority.

According to the Supreme Court, "a complaint must contain sufficient factual matter, accepted as true, to state a claim to relief that is plausible on its face." Ashcroft v. Iqbal, 556 U.S. 662, 679 (2009) (quotations omitted). It is not enough for a complaint to plead facts "that are merely consistent with a defendant's liability." Id. at 678 (quotation omitted). Instead, the complaint must go further and "nudge[] [the] claims . . . across the line from conceivable to plausible." Id. at 680 (quotation omitted). And "where the well-pleaded facts do not permit the court to infer more than the mere possibility of misconduct, the complaint has alleged — but it has not shown — that the pleader is entitled to relief." Id. at 679.

Plaintiff's current complaint alleges the subscribers, identified as John and Jane Does, engaged in direct copyright infringement. (Doc. 1 at 14). But the complaint contains no factual allegations setting forth that the subscribers were, in fact, the individuals using the Internet connections at the relevant time. Thus, it is conceivable that the subscribers were using the connection but it is equally plausible that someone other than the subscribers were using the connection. In fact, the motion for reconsideration concedes this point. (Doc. 10 at 7). Thus, the complaint does nothing more than make vague allegations that are consistent with the subscribers' liability for copyright infringement. Because those allegations are also consistent with the subscribers not being liable, Plaintiff has not stated plausible claims against the subscribers.[1]

According to the court: you cant just guess, and you cant just sue till you get it right. IP addresses do not identify culpable parties. BREAKING GLASS PICTURES, LLC v. DOES 118-162, Dist. Court, D. Arizona 2013 (emphasis added)

BitTorrent Adult Film Copyright Infringement Cases

IN RE: BITTORRENT ADULT FILM COPYRIGHT INFRINGEMENT CASES. United States District Court, E.D. New York. May 1, 2012. 

Facts: Plaintiffs are owners of pornographic films. Plaintiffs allege "copyright infringement by individuals utilizing a computer protocol known as BitTorrent. The putative defendants are indentified only by Internet Protocol ("IP") addresses. These four civil actions involve more than 80 John Doe defendants; these same plaintiffs have filed another nineteen cases in the district involving more than thrice that number of defendants. One media outlet reports that more than 220,000 individuals have been sued since mid-2010 in mass BitTorrent lawsuits, many of them based upon alleged downloading of pornographic works."

Plaintiffs moved to file Rule 45 Subpoenas on non-parties in order to uncover the names and indentities of the subscribers associated with the IP addresses. Several John Does moved to quash plaintiffs motion. Concluding that an IP address is not evidence of culpability on the part of a subscriber, the court granted the motions to quash.

The complaints assert that the defendants — identified only by IP address — were the individuals who downloaded the subject "work" and participated in the BitTorrent swarm. However, the assumption that the person who pays for Internet access at a given location is the same individual who allegedly downloaded a single sexually explicit film is tenuous, and one that has grown more so over time. An IP address provides only the location at which one of any number of computer devices may be deployed, much like a telephone number can be used for any number of telephones. As one introductory guide states:

If you only connect one computer to the Internet, that computer can use the address from your ISP. Many homes today, though, use routers to share a single Internet connection between multiple computers. Wireless routers have become especially popular in recent years, avoiding the need to run network cables between rooms. If you use a router to share an Internet connection, the router gets the IP address issued directly from the ISP. Then, it creates and manages a subnet for all the computers connected to that router.4

Thus, it is no more likely that the subscriber to an IP address carried out a particular computer function — here the purported illegal downloading of a single pornographic film — than to say an individual who pays the telephone bill made a specific telephone call.

Indeed, due to the increasingly popularity of wireless routers, it much less likely. While a decade ago, home wireless networks were nearly non-existent, 61% of US homes now have wireless access.5 Several of the ISPs at issue in this case provide a complimentary wireless router as part of Internet service. As a result, a single IP address usually supports multiple computer devices — which unlike traditional telephones can be operated simultaneously by different individuals. See U.S. v. Latham, 2007 WL 4563459, at *4 (D.Nev. Dec. 18, 2007). Different family members, or even visitors, could have performed the alleged downloads. Unless the wireless router has been appropriately secured (and in some cases, even if it has been secured), neighbors or passersby could access the Internet using the IP address assigned to a particular subscriber and download the plaintiff's film. As one court noted:

In order to allow multiple computers to access the internet under the same IP address, the cable modem may be connected to a router, or may itself function as a router, which serves as a gateway through which multiple computers could access the internet at the same time under the same IP address. The router could be a wireless device in which case, computers located within 300 feet of the wireless router signal could access the internet through the router and modem under the same IP address. The wireless router signal strength could be increased beyond 600 feet if additional devices are added. The only way to prevent sharing of the wireless router is to encrypt the signal and even then an individual can bypass this security using publicly available software.

Id. at *4. Some of these IP addresses could belong to businesses or entities which provide access to its employees, customers and sometimes (such as is common in libraries or coffee shops) members of the public.

These developments cast doubt on plaintiffs' assertions that "[t]he ISP to which each Defendant subscribes can correlate the Defendant's IP address to the Defendant's true identity." see, e.g., Malibu 26, Compl. at ¶ 9, or that the subscribers to the IP addresses listed were actually the individuals who carried out the complained of acts. As one judge observed:

The Court is concerned about the possibility that many of the names and addresses produced in response to Plaintiff's discovery request will not in fact be those of the individuals who downloaded My Little Panties # 2. The risk is not purely speculative; Plaintiff's counsel estimated that 30% of the names turned over by ISPs are not those of individuals who actually downloaded or shared copyrighted material. Counsel stated that the true offender is often the teenaged son . . . or the boyfriend if it's a lady. Alternatively, the perpetrator might turn out to be a neighbor in an apartment building that uses shared IP addresses or a dormitory that uses shared wireless networks. This risk of false positives gives rise to the potential for coercing unjust settlements from innocent defendants such as individuals who want to avoid the embarrassment of having their names publicly associated with allegations of illegally downloading My Little Panties # 2.

Digital Sin, Inc. v. Does 1-176, ___ F.R.D. ___, 2012 WL 263491, at *3 (S.D.N.Y. Jan. 30, 2012) (citations omitted and emphasis added). Another court noted:

the ISP subscriber to whom a certain IP address was assigned may not be the same person who used the Internet connection for illicit purposes . . . By defining Doe Defendants as ISP subscribers who were assigned certain IP addresses, instead of the actual Internet users who allegedly engaged in infringing activity, Plaintiff's sought-after discovery has the potential to draw numerous innocent internet users into the litigation, placing a burden upon them that weighs against allowing the discovery as designed.

SBO Pictures, Inc. v. Does 1-3036, 2011 WL 6002620, at *3 (N.D.Cal. Nov. 30, 2011) (citations omitted).

In sum, although the complaints state that IP addresses are assigned to "devices" and thus by discovering the individual associated with that IP address will reveal "defendants' true identity," this is unlikely to be the case. Most, if not all, of the IP addresses will actually reflect a wireless router or other networking device, meaning that while the ISPs will provide the name of its subscriber, the alleged infringer could be the subscriber, a member of his or her family, an employee, invitee, neighbor or interloper.



See also


© Cybertelecom ::