Cloudflare is not liable for the copyright infringement of websites that use its content-delivery and security services, a federal judge ruled yesterday.
Cloudflare was sued in November 2018 by Mon Cheri Bridals and Maggie Sottero Designs, two wedding dress manufacturers and sellers that alleged Cloudflare was guilty of contributory copyright infringement because it didn't terminate services for websites that infringed on the dressmakers' copyrighted designs. The companies sought a jury trial, but Judge Vince Chhabria yesterday granted Cloudflare's motion for summary judgment in a ruling in US District Court for the Northern District of California.
Chhabria noted that the dressmakers have been harmed "by the proliferation of counterfeit retailers that sell knock-off dresses using the plaintiffs' copyrighted images" and that they have "gone after the infringers in a range of actions, but to no avail—every time a website is successfully shut down, a new one takes its place." Chhabria continued, “In an effort to more effectively stamp out infringement, the plaintiffs now go after a service common to many of the infringers: Cloudflare. The plaintiffs claim that Cloudflare contributes to the underlying copyright infringement by providing infringers with caching, content delivery, and security services. Because a reasonable jury could not—at least on this record—conclude that Cloudflare materially contributes to the underlying copyright infringement, the plaintiffs' motion for summary judgment is denied and Cloudflare's motion for summary judgment is granted.”
While the ruling resolves the lawsuit's central question in Cloudflare's favor, the judge scheduled a case management conference for October 27 "to discuss what's left of the case."
Hundreds of Counterfeiting Websites
The companies' lawsuit said they "are two of the largest manufacturers and wholesalers of wedding dresses and social occasion wear in the United States" and "have developed many of the world's most unique and original wedding and social occasion dress patterns." They own the copyrights for those designs and for photographic images of the designs.
Most of the websites selling counterfeit versions of the dresses operate from China, the lawsuit said. In addition to Cloudflare, an amended complaint listed 500 "Doe" defendants whose real names were unknown. The lawsuit said the Cloudflare terms say that any violation of law justifies termination of service and that "CloudFlare's policy is to investigate violations of these terms of service and terminate repeat infringers."
The plaintiffs said they used a vendor called Counterfeit Technology to find over 365 infringing websites that are users of Cloudflare, including cabridals.com, bidbel.com, stydress.com, angelemall.co.nz, jollyfeel.com, russjoan.com, missydress.com.au, and livedressy.com. The plaintiffs said they sent Cloudflare thousands of takedown notices, and often up to four notices about the same infringing sites, but "Cloudflare has ignored these notices and takes no action after being notified of infringing content on its clients' websites.
"Specifically, even after learning of specific, identified acts of copyright infringement by the infringing websites through plaintiffs' takedown notices, Cloudflare continues to cache, mirror, and store a copy of the infringing websites and the infringing content on its data center servers, and to transmit upon request copies of the infringing content to visitors of the infringing websites," the amended complaint said. "Cloudflare's contributions allow the Internet browsers of visitors to the infringing websites to access and load the infringing websites and content much faster than if the user was forced to access the infringing websites and content from the primary host absent Cloudflare's services."
The plaintiffs argued that Cloudflare should have terminated caching services to these websites, blocked traffic traveling through Cloudflare's network to the websites, "and reconfigur[ed] its firewall settings so that users trying to access the infringing domain would be redirected to a blank page."
Cloudflare: ‘Lawsuit Based on a Fundamental Misunderstanding’
Cloudflare argued that the plaintiffs "brought this lawsuit based on a fundamental misunderstanding of Cloudflare's services, the contributory copyright infringement doctrine, and the Digital Millennium Copyright Act, all in pursuit of a statutory damages windfall that has nothing to do with the harm they claim to have suffered." A victory for the plaintiffs would amount to "an expansion of the contributory infringement doctrine far beyond its established limits," Cloudflare told the court.
Cloudflare continued: "Cloudflare is nothing like the search engines and peer-to-peer networks that the [US Court of Appeals for the] Ninth Circuit has found ‘significantly magnify otherwise immaterial infringements.’ Whereas Cloudflare's services protect against malicious attacks and at most confer a split-second advantage to the loading time of a website someone is already visiting, the services previously considered by the Ninth Circuit actually helped visitors find infringing material they otherwise never would have found. There also is no 'simple measure' that Cloudflare failed to take to prevent further infringements in this case. Unlike hosting providers, Cloudflare could not remove allegedly infringing material from the Internet, and there is no question that those images would have remained available and equally accessible on the accused websites without Cloudflare's services."
Cloudflare offers a mix of free and paid services.
Judge Explains Why Cloudflare Isn’t Liable
A defendant is liable for contributory copyright infringement if it has knowledge of another's infringement and materially contributes to or induces that infringement, the judge noted in his ruling against the dressmakers. "Simply providing services to a copyright infringer does not qualify as a 'material contribution,'" he wrote. "Rather, liability in the Internet context follows where a party 'facilitate[s] access' to infringing websites in such a way that 'significantly magnif[ies]' the underlying infringement."
Although a defendant can be found to materially contribute to copyright infringement if it acts as "an essential step in the infringement process," this should not be interpreted too broadly, the judge wrote.
"As the Ninth Circuit has recognized, the language used in these tests is 'quite broad' and could encompass much innocuous activity if considered out of context. An analysis of contributory copyright infringement must therefore be cognizant of the facts in the key cases in which liability has been found," Chhabria wrote.
Mon Cheri Bridals and Maggie Sottero Designs alleged that Cloudflare contributes to copyright infringement by providing performance-improvement services, including its content-distribution network and caching capabilities that improve the quality of webpages and make them load faster, Chhabria wrote. But the "plaintiffs have not presented evidence from which a jury could conclude that Cloudflare's performance-improvement services materially contribute to copyright infringement. The plaintiffs' only evidence of the effects of these services is promotional material from Cloudflare's website touting the benefits of its services. These general statements do not speak to the effects of Cloudflare on the direct infringement at issue here."
The plaintiffs did not prove that the faster website-load times enabled by Cloudflare "would be likely to lead to significantly more infringement." Additionally, Cloudflare removing infringing material from its cache would not prevent users from seeing the copyrighted images. "[R]emoving material from a cache without removing it from the hosting server would not prevent the direct infringement from occurring," Chhabria wrote.
Security Services ‘Make No Difference’ to Users
The plaintiffs also tried to prove contributory infringement by pointing to Cloudflare security services that detect suspicious traffic and prevent attacks on a website's host. The judge dismissed this argument, writing: “Cloudflare's security services also do not materially contribute to infringement. From the perspective of a user accessing the infringing websites, these services make no difference. Cloudflare's security services do impact the ability of third parties to identify a website's hosting provider and the IP address of the server on which it resides. If Cloudflare's provision of these services made it more difficult for a third party to report incidents of infringement to the web host as part of an effort to get the underlying content taken down, perhaps it could be liable for contributory infringement. But here, the parties agree that Cloudflare informs complainants of the identity of the host in response to receiving a copyright complaint, in addition to forwarding the complaint along to the host provider.”
The plaintiffs had also sought a summary judgment against the Doe defendants "but abandoned this motion in their reply brief," the judge wrote.
This story originally appeared on Ars Technica.