The Happy Birthday Song Fight Continues

A month and a half ago, the “Happy Birthday Song” fight looked over.  A federal judge ruled that Warner/Chappell did not hold a valid copyright in the Happy Birthday Song’s lyrics, and could no longer collect royalties.  The judge held this because of issues with the original registration, and whether this registration included the lyrics to the song.  The court held that the original registration did not include the lyrics, and only applied to the melody (which is indisputably in the public domain).  This appeared to place Happy Birthday in the public domain.  In truth, Happy Birthday became an orphan work and that’s causing a new (if sadly predictable) twist in the case.

Orphan works are one of the oddest legal issues in copyright law.  Basically, an orphan work is a piece of art still covered under copyright with no clear owner.  It is not in the public domain, but no one has claimed it.  How does this happen?  Usually there’s a break in the chain of title.  Copyright terms are currently very long, running for 70 years after the death of the author.  After all, a lot could happen in 70 years.  The original artist could fail to be unclear as to who gets the copyrighted item in their will or the recipient could die without any clear heirs.  As Happy Birthday illustrates, there could also be a lack of clarity regarding who sold what.  When this happens, it’s usually a smart idea to simply avoid using the orphan work.  You can’t easily ask for permission, and may run into infringement issues later.  This has some effects on library digitization efforts, causing them to not digitize works with no clear owner.

In Happy Birthday’s case, that’s precisely what happened.  The Association for Childhood Education (ACE), a charity  co-founded by Happy Birthday’s original co-writer Patty Hill, and the Hill Foundation stepped forward recently to claim ownership of Happy Birthday.  The basis of the Hill children’s claim?  If Warner/Chappell’s ownership of Happy Birthday isn’t valid, then they must own the song instead.

ACE’s argument isn’t entirely laughable either.  According to Glenn Fleishman at Fast Company, ACE received about a third of the royalties from the song (Fleishman provides an excellent account of Happy Birthday’s tangled legal history, by the way).  That at least indicates some claim, or belief that ACE has a claim, to the original copyright.  This would be a difficult argument though.  First of all, the Hill sisters said that they transferred the rights in 1935 to what would become Warner/Chappell , which is the transfer ruled invalid in the original case.  Fleishman also points out the possibility that Patty Hill wrote down the lyrics, and never published them (which would put the expiration of rights in 2017).  ACE could potentially have a valid claim if they found an unpublished manuscript, since that would restore something resembling a chain of title (no easy task there).  There is an obvious problem with this argument: ACE would need to find some manuscript that proves Patty Hill wrote down the lyrics.  Without that, their only other real option is to argue that the court got their ruling on the 1935 registration wrong.

There are two lessons to take away from this case.  First, the Happy Birthday Song’s copyright will seemingly never, ever die (or at least, the case will never end).  Second, always tread very carefully with orphan works.  There is always the possibility that someone will claim it.  When the work is as valuable as Happy Birthday, then someone will almost certainly emerge to claim it.  Unless you have a good argument for Fair Use, it might be best to hold off until the court system makes its decision.

Have any questions about your own work? Make sure to shoot me at email on Nicotera Legal’s contacts page.


Washington’s Trademark Hail Mary

Hello everyone,

Before I get to the task at hand, I would like to make an announcement.  I’m going to start my own law firm, Nicotera Legal, LLC.  My firm will provide a variety of different intellectual property and contracting services to clients in the DC Metro area, so please check out my site.

Now that my shameless plug is out of the way, let’s turn to the major trademark news of the day.  My hometown football team, the Washington Redskins (referred to here on out as Washington, due to the offensive nature of the mascot name) continues its long lawsuit against the United States Patent and Trademark Office (USPTO) to preserve its ownership of the trademark in the team’s name.   Yesterday, Washington’s legal team submitted its opening brief for the appeal of the USPTO’s earlier decision to invalidate the team’s trademark.  This complaint contained a new legal strategy: argue that Washington’s team name is hardly the only potentially offensive trademark currently registered by the USPTO.  What followed was a litany of hilarious tasteless marks (mostly, as the Post points out, registered by porn, beer, and clothing companies) cited in an attempt to argue that the USPTO unfairly singled out Washington’s mascot name.  Furthermore, Washington argued that having refusing to register “disparaging or offensive” marks infringes on a company’s First Amendment Free Speech rights.

Even though the meat of Washington’s arguments lie with the First Amendment, let’s focus on the “arbitrary and capricious” aspect of the brief.  While reading the marks cited makes for solid entertainment during lunch (there aren’t many circumstances where a legal blog can cite marks such as “Slutseeker Dating Service” or “Yid Dish” after all), there is a larger question regarding whether Washington’s central legal argument, claiming that the Trademark Trial and Appeals Board’s (TTAB) was arbitrary, has any merit.  In truth, Washington has a leg to stand on in this regard.  Administrative agencies such as the USPTO have the authority to conduct their own hearings and trials on matters related to their congressional mandate (such as trademark law in the case of the USPTO).  While the court system generally defers to these decisions, a party can appeal these administrative law decisions based on a couple of grounds (as laid out in the Administrative Procedure Act, or APA).  One of the most common grounds for seeking an appeal of an administrative law decision to a federal court is claiming that the agency’s decision was arbitrary and capricious, where the party claims that the agency provided no reason for a decision or failed undergo a serious inquiry when approving a regulation.

The court will have to evaluate whether they agree with this argument.  One issue Washington has is that the TTAB does not consider their rulings on individual trademarks to represent precedent.  In other words, the USPTO considers trademarks individually and does not cite to other trademarks as a way of justifying a decision.  This complicates Washington’s legal argument, since the USPTO’s attorneys can easily state that their decisions are not arbitrary in that they only take each mark in its individualized context.  This will make it much harder for Washington to prevail with their argument that their rejection was arbitrary and capricious.

The First Amendment argument is an interesting one.  Washington’s argument, in short, is that a trademark does not represent a government enforcement and that rejecting a trademark for offensiveness reasons restricts otherwise valid speech.  In my opinion, the court’s decision here will depend on how they view the purpose of a trademark.  Will the court see a trademark as a form of expression or a specialized monopoly granted only to promote business interests?  Trademarks represent a kind of government created monopoly, allowing a particular party to restrict the use of particular words in commerce.  This analysis is complicated by the fact that Washington could continue using the name to promote the team even without a valid trademark but they could not stop other parties from doing the same.  Indeed, as Eugene Volokh points out, the government generally cannot deny a broadly available benefit to private actors based on their viewpoints.  Whether the use of a potentially offensive mascot name is really a “viewpoint” is debatable, but there is a potentially valid argument that the government cannot deny a trademark based on perceived offensiveness under this First Amendment requirement to remain content neutral in the allocation of government provided benefits like trademarks.  Whether the court chooses to go down this path remains to be seen.

Have a great day everyone and, again, check out Nicotera Legal, LLC.

US-EU Data Transfer Deal Gets Struck Down

Happy Thursday everyone.  On Tuesday, there was a significant development out of the European Union that significantly complicates how international companies operate.  In 2000, the US and EU put a data sharing agreement into place to govern how companies transferred data between the two regions (known as the Safe Harbor Agreement, not to be confused with the DMCA’s Safe Harbor provisions).  The Safe Harbor Agreement required tech companies to follow European standards for digital privacy in exchange for the ability to move that information back to servers located in the US.  The European Court of Justice (ECJ) ruled that the Safe Harbor Agreement was invalid under the EU’s right to privacy, specifically under Article 8 of the European Convention for the Protection of Human Rights).  The text of the ruling can be found here.

As the New York Times points out, the root of this ruling lies in differences in how the US and EU view digital privacy.  The US “mostly [views data privacy] as a consumer rights issue” whereas the EU views data privacy as a fundamental right (think of how the US views free speech or freedom of religion).  This difference of views is fundamental, and bound to result in issues (as evidenced by the attempts to renegotiate the Safe Harbor Agreement prior to this ruling).  This disagreement reared its ugly head last year with the ECJ ruling that European citizens had a “right to be forgotten“, where individuals could request that search engine companies like Google remove them from search results.

However, Snowden’s revelations on the scope of US data surveillance proved instrumental in the ECJ’s decision.  The ECJ directly cited the access of US intelligence agencies as evidence for the US not holding European data to the levels required by the Safe Harbor Agreement.  The ECJ noted that many of the companies involved in the suit possessed Safe Harbor certification from the Department of Commerce (the certifying authority on the US side). The ECJ rejected the US counsel’s assertion that these programs represented targeted intelligence gathering efforts.  The ECJ tasked individual country’s national security authorities with reviewing complaints and making rulings on matters previously covered by the Safe Harbor Agreement.  If so, this represents significant fallout from Snowden’s revelations about the breadth of US intelligence gathering in the digital realm.

The judgment also covers the use of the data by US companies.  The parties bringing the suit at the ECJ primarily brought suit against American tech companies for failing to adhere to EU standards of privacy protection, meaning that these companies represented the focus of the lawsuit (more so than the NSA or US government).  This makes sense, given that the Safe Harbor Agreement’s execution lies primarily with American tech companies that traffic in astounding amounts of information (such as Facebook and Google).

This ruling has a significant impact on these companies.  The Safe Harbor Agreement played a significant role in simplifying data sharing by international companies between their American and European branches.  In addition, companies like Google and Facebook rely heavily on access to data for their business models.  Both companies profit heavily on the ability to mine substantial amounts of data, and anything that jeopardizes that flow of data will have a significant effect on their bottom line.  In addition, many international companies may have trouble sharing information related to routine business between their European and American branches.  For example, an American company with European subsidiaries may not be able to share payroll for HR information between branches (at least not until a new agreement gets put into place).  At any rate, dealing with individual countries’ national security authorities presents a significant extra step for American companies operating in Europe.

This ruling also gives the EU substantial leverage with the US negotiators going forward.  The impact on US firms (an estimated 4700 companies utilized the Safe Harbor Agreement) will likely place significant pressure on the Department of Commerce.

What will be interesting to observe going forward is how this affects US policies on data privacy.  This ruling places a lot of pressure on the US to abandon the self-certification that the Safe Harbor Agreement previously put into place.  There is also a significant question how the EU will synthesize the data protection standards of their various member countries.  If nothing else, the US may have to strengthen our own data privacy rules and regulations in order to get a new agreement put into place.  All that’s really known at this point is that sharing data between the US and EU just became a headache.  How that headache is resolved is a matter worth following.  Stay tuned for continuing developments on this front.

Are Hashtags Trademarks?

Happy Wednesday everyone.  Today, I figured I’d tackle a topic of growing legal importance: whether hashtags qualify as trademarks.  For those who don’t frequent Twitter (or various other social networking sites), hashtags are word groupings used to tie a post into a larger topic usually delineated by the use of the pound sign (#).  For example, if I was tweeting an item related to my blog, I’d write the tag as #GeekLaw.  Since both Twitter and Facebook monitor these hashtags to determine trending topics (and, in turn, what they feature in their feeds discussing such trends), many companies use these hashtags for self-promotion purposes on social media.

In the Eksouzian v. Albanese case in California’s Central District, the judge held that hashtags are not trademarks.  The case involved two vaporizer pen sellers, who settled an earlier dispute in 2014.  One of the terms of that settlement was for the Defendants to only use the term “cloud” as part of a unitary mark (a mark where multiple words paired together result in a single trademark). while Plaintiffs could not use “cloud” next to a specified set of words.  The parties returned to court two months later, with the Defendants claiming that certain hashtags employed by Plaintiffs violated the terms of the settlement.  The District Court held that Plaintiffs did not violate the settlement, as they felt that hashtags did not constitute a trademark (and thus there was no infringement).

The District Court employed some fairly straightforward, if flawed, logic in coming to this decision.  The court held that, since hashtags are merely descriptive (even going so far as to call them tools), they cannot represent a valid trademark.  The problem with this ruling, as pointed out in the article above, is that it fails to recognize how companies utilize hashtags for promotional purposes (even beyond potential fair use arguments).  Companies frequently use preexisting trademarks with their hashtags in order to get their company to trend on social media.  The USPTO also opened the door to registered hashtag trademarks in 2013 with their revised examiner’s manual.  Professor Roberts, in the article above, states that the USPTO chose to register 70 hashtag marks this year, with many more pending).

What are the requirements for a hashtag trademark?  According to the USPTO, they are similar to a normal trademark.  Trademarks are words, names, or symbols used to distinguish a product or business from others.  They have to have a certain degree of distinctiveness to them as well.  There are, generally speaking, four levels of distinctiveness ranging from “arbitrary and fanciful” to “generic”.  The more arbitrary and fanciful, the more likely the USPTO is to approve the mark.  Generic marks do not receive protection.  The USPTO does make one important distinction in regard to hashtags in particular, which is that the hashtag cannot be used to simply organize information or as a point of reference.  For example: a number of companies use these hashtags on Twitter to promote contests or encourage followers to post pictures of their product (usually in some kind of fun context).  The company in question could not register that hashtag as a trademark.

The USPTO’s stance makes more sense than the Central California District Court’s.  The purpose of trademark law is to promote and protect distinctiveness, and prevent other entities from taking advantage of that distinctiveness.  A hashtag potentially promotes a company’s name, reputation, or product.  This is why the USPTO does not register generic terms for trademark protection and, in this particular case, the District Court was right to not grant #cloudpens any special protection.  However, there’s no reason why the USPTO cannot extend trademark protection to already existing marks (with the additional pound sign).  In addition, companies often use hashtags to promote new slogans and advertising campaigns unique to the social media realm.  Applying the same rules, while accounting for social media’s technological quirks, represents a much stronger path forward than what the District Court proposes.

Have a great day everyone.  I’ll see you next week.

FTC v. Wyndham Produces Cybersecurity Important Ruling

Hello Internet people,

It’s been awhile since I’ve had a chance to update this blog.  Back in March, I had a new job and a couple of significant life events (which I won’t go into) that interfered with my ability to regularly update a blog.  I’ve decided that I’ve left this blog hanging around, devoid of new content, for long enough.  It’s time to dive back into the world of technology law.

Fortunately, the US Third Circuit Court of Appeals gave the technology law world a juicy case to start the week.  Since 2012, the Federal Trade Commission (FTC) has been conducting ongoing litigation against the Wyndham Worldwide Corporation (Wyndham) due to breaches of Wyndham’s internal network that resulted in many customers’ credit card numbers and personal information getting leaked to the wider internet.  In prosecuting Wyndham, the FTC claimed the legal authority to prosecute companies for poor cybersecurity practices that “unreasonably and unnecessarily exposed consumers’ personal data to unauthorized access and theft.” (Fed. Trade Comm. v. Wyndham Worldwide Corp., No. 14-3514, 3rd Cir., 2015 at pg 8). Wyndham claimed otherwise, and sued.

First, let’s discuss Wyndham’s data protection practices.  The Third Circuit almost certainly made their ruling with the scope of Wyndham’s digital negligence in mind, so the level of shoddiness is worth noting.  Wyndham’s employees stored guest payment information in plain text (as opposed to encrypting the credit card numbers), allowed employees to use easy passwords (the court cites a case where both the user ID and password were both “micros”), and didn’t use a firewall between their franchises and their corporate network.  In addition, Wyndham did not restrict third parties’ access to their network (or make such access temporary when such access was necessary), did not have any measures in place to detect intrusions, and did not have proper incident response procedures.  On that last point, hackers were able to get into Wyndham’s systems repeatedly using the same methods.  The FTC also added in a deception claim, noting that Wyndham’s published security policy vastly overstated the cybersecurity policies protecting information shared with Wyndham.

However, Wyndham’s awful cybersecurity practices were not the crux of the ruling.  The issue at hand, instead, was the FTC’s ability to regulate a company’s cybersecurity practices.  The Third Circuit ruled that the FTC does possess the authority to regulate a company’s cybersecurity practices, derived from the FTC’s regulatory authority under the Federal Trade Commission Act of 1914 (1914 Act).  The 1914 Act prohibits “unfair standards of commerce”.  While the opinion provides a nice summary, the current definition for unfair standards of commerce is codified in 15 U.S.C. § 45(n).  In this statute, the FTC cannot regulate unless the practice on the grounds of it being unfair unless “the act or practice causes or is likely to cause substantial injury to consumers which is not reasonably avoidable by consumers themselves and not outweighed by countervailing benefits to consumers or to competition.”  In other words, Wyndham’s actions had to engage in practices that caused or likely caused harm to consumers that consumers could not reasonably avoid themselves (and were on the balance negatively affecting the consumers).  The FTC’s argument was that Wyndham’s privacy policy rendered the harm caused to consumers by the hack to not be reasonably avoidable.  Wyndham’s arguments primarily revolve around the scope of the FTC’s authority as granted by Congress, while claiming that scope does not include cybersecurity regulation.  Wyndham tried to claim that the FTC was claiming too broad an authority, that Congress had provided the FTC with specially tailored cybersecurity regulatory authority in the past (thus denying it broader authority), and that the FTC’s claim to cybersecurity regulatory authority resulted in a lack of sufficient notice.  The Third Circuit ultimately rejected all of these claims.

So what are the implications of this case?  The most basic effect is that the FTC’s case against Wyndham for their poor data security practices can go forward.  Wyndham will have to defend themselves on the merits of the case rather than seeking to dismiss the matter entirely.  The other short-term result is that fewer companies are likely going to fight the FTC’s consent orders regarding data breaches the way Wyndham has.  The longer term implications are a little more interesting.  The FTC having regulatory authority to police cybersecurity practices when companies get hacked will result in some companies taking sterner security measures, with the FTC’s Protecting Personal Information: A Guide for Businesses serving as a guideline.  In addition, the case will open up new case law regarding cybersecurity law and consumer rights.  Previous legislation mostly focused on the “security” aspect of cybersecurity (the Cybersecurity Act of 2012, for example, focused on sharing information between government and the private sector as well as critical infrastructure security requirements).  The case will also likely provide some guidance as to what security practices are “unreasonable” for purposes of liability.  The FTC’s attorneys can now cite plain text information storage and the lack of any firewall as unreasonable practices, for example.  In the still young realm of cybersecurity law (especially as it relates to consumer data), that is a major step forward.

That’s it for this week.  I’ll try to nail down a schedule going forward.  In the meantime, enjoy the rest of the day.

Aereo Oral Arguments

Yesterday, the Supreme Court heard oral arguments for American Broadcasting Companies, Inc. v. Aereo Inc. (or the Aereo case).  I’ve covered the specifics of the Aereo case a few times at this point, so instead I’ll focus on what the justices said and what that potentially means for the case.  

Not surprisingly, a good deal of the justices’ questioning fell on Aereo’s technical aspects.  A lot of how the Supreme Court rules hinges on whether Aereo’s system infringes on the public performance rights in copyright law, which allow for the rights holder to control public performances of their work.  In the Aereo’s case, this means that the television companies (and the various other companies that own the rights to various television programs) can claim infringement if the Court feels that Aereo’s retransmission and storage of recorded programs is not private.  Chief Justice Roberts, for example, expressed his notion that Aereo was simply attempting to engineer around Cablevision’s holding and (according to SCOTUSBlog) the rest of the bench appeared to share this sentiment.  Ginsberg, in particular, seemed rather put off by the fact that Aereo is avoiding retransmission fees through their business model.  Sotomayor explicitly compared Aereo’s services to Netflix and Hulu, adding that those services have to pay rights holders for their content.   

However, the Court appeared to be very cautious about any unintended consequences in various burgeoning technological fields.  Aereo’s technology involves cloud storage and streaming technology, and the justices seemed to worry that their ruling could negatively impact a number of other services that utilize similar technology to different ends (iCloud and Dropbox got specific mentions in that regard, by Justice Sotomayor).  This represents a legitimate concern in the case, given how some of these services (particularly Google Music or any cloud storage service) rely heavily on the Cablevision case for their legal underpinnings.  The legality of services like Google Music and Dropbox becomes much more tenuous without Cablevision (and its holding that an item stored remotely on a company’s servers can still be protected from copyright liability as long as it only has an intended audience of one).  The Justices quite wisely recognized that aspect of the case, and appeared to spend quite a bit of time hashing out these issues with both parties’ attorneys.

As predicted, the Supreme Court’s ruling will likely hinge on how they choose to interpret Cablevision.  There was a rather interesting exchange between the two sides attorneys, where both attorneys pointed out that the Court would likely have to rule in Aereo’s favor if they viewed the end user as being the one who “performed” by selecting the particular program to view (this was obviously something of a concession on the broadcasters’ part).  Basically, the attorneys both said that if the Court views the end user as being the one performing the copyrighted work through their decision to play back a certain show or file as what constitutes a “performance” under Cablevision, then that performance must be private.  Such a ruling would provide greater clarity without altering the current precedent substantially, which appears to be a goal of the justices given their questioning.   

 Now, predicting Supreme Court rulings based on oral arguments is foolish.  The oral arguments only provide insight into what the justices think about the particular issues surrounding the case, as well as give them a chance to poke and prod the attorneys to see if the legal arguments in the briefs hold up under scrutiny.  However, there appear to be two takeaways from these oral arguments.  First, the justices appear to possess a degree of skepticism that Aereo’s service does not infringe on copyright law.  Second, they appear to want to avoid harming other services that might utilize cloud computing or streaming technology.  This might mean that the justices will try to construct a narrow holding that states that Aereo violated copyright law while otherwise leaving the Cablevision precedent untouched.  The justices may also decide that such a narrow ruling is impossible, and hold in Aereo’s favor as a result.  There may also be no solid holding, particularly since Justice Alito opted to recuse himself.  It should be interesting to see what the justices decide upon.

Some Updates on Aereo

First, I’m going to need to adjust my posting schedule.  My current responsibilities take up more of my time, so I’m going to cut back to one post a week.  From now on, I’m going to post on Fridays.

Now, on to the news.  The first big development is that the Aereo case will begin oral arguments in the Supreme Court on April 22.  In addition, Justice Alito opted to recuse himself from the case.  How the Supreme Court rules on this case has some interesting implications for the Copyright Act, due to Aereo’s rather interesting use of individual antennas to allow users to stream live television on mobile devices.  This use of individual antennas prevents the transmission from being public and keeping Aereo within the reach of the Cablevision case.  I’ve provided more information about the legal issues surrounding Aereo here.  

Anyway, enjoy the weekend everyone.

Implications of FTC v. Wyndham

I apologize for not posting anything the last week or so.  I’ve been inordinately busy, between some family issues and work.  I should be back on schedule for the foreseeable future.

FTC v. Wyndham represents one of the more important recent cases, at least in the realm of cybersecurity.  The case arises from an FTC lawsuit against Wyndham, claiming that the hotel chain failed to properly implement its own security policies.  As a result of these poor security practicies, hackers managed to break into Wyndham’s network and steal customers’ credit card information on three separate occasions (in 2008 and 2009).  The FTC seeks the ability to regulate cybersecurity, mostly by holding companies to their their own data security policies and procedures.  FTC v. Wyndham recently experienced a major movement forward, as the US District Court in New Jersey recently rejected Wyndham’s motion to dismiss.

In some ways, this case has the greatest implications on cybersecurity regulation of any active US government effort.  By seeking to hold Wyndham responsible for the data breach, the FTC is claiming a rather broad regulatory authority under its consumer protection mandate.  Specifically, the FTC claims that their authority to establish or enforce existing data security policies derives from a rule prohibiting “unfair or deceptive acts in or affecting commerce” in Section 5 of the FTC Act.  The FTC argues that failing to adhere to data security policies results in considerable consumer harm, rendering the lack of effective data security policies “unfair.”  For those interested, this Lexology article contains a rather detailed run down of both the FTC an Wyndham’s arguments.  If the FTC possessed this authority, they could become the major entity for cybersecurity regulation in the US government.  The current Cybersecurity Framework is mostly advisory, and only really applies to entities engaged in a great deal of government contracting (since the agencies can use the Framework when making contracting decisions).  That leaves a significant gap in the government’s regulatory authority, since the Framework possesses no power over private sector entities not engaged in government contracting.  

The final result of this case remains to be seen.  However, the FTC has survived an important hurdle in the form of a motion to dismiss.  It should be interesting to see how the court rules in this case.

Are IP Addresses Sufficient for Identification?

TorrentFreak recently noticed an interesting Florida case dealing with electronic copyright infringement.  The case involves Malibu Media, which mostly makes porn, sued a number of BitTorrent users for illegally downloading their movies.  Florida District Court Judge Ursula Ungaro ruled that simply producing an IP address did not constitute a sufficient evidence for a subpoena (where Malibu would ask the ISP to produce records regarding the user in question) because she felt the IP address did not sufficiently identify the user as the actual infringer.

Judge Ungaro’s reasoning is one espoused by technology experts for awhile: IP addresses do not necessarily identify that the accused as the infringer.  Geo-location, in general, is an enormous problem when it comes to internet law.  There are a few specific issues with IP addresses as a form of geo-location.  First, the IP address may not originate from a residential address.  Users potentially share the IP address from, say, a commercial network provided by a retailer.  There are also other potential wrinkles with IP addresses, such as when the user utilizes a VPN or proxy to change their IP address.  Second, a single IP address can encompass multiple users.  If a household has a single network, it will possess one IP address in all likelihood.  That IP address would just potentially indicate that the infringement originated from that household.  It would not help determine the actual infringer.  Finally, IP addresses can be altered, spoofed (where the user forges an IP address), or otherwise falsified.  It is not unheard of, for example, for someone to log on to another user’s network and download files from there.  If that user did so, then they would share an IP address with the network’s normal users.

To their credit, Malibu Media did go further than simply presenting an IP address.  They claimed to use geo-location software to determine that the IP originated from a residential address.  Judge Ungaro stated that, while welcome, these additional measures did nothing to indicate that the account holder with the listed IP address actually downloaded the file in question.

The question now becomes what happens when and if the case gets appealed.  Malibu is infamous for suing lots of IP addresses connected to BitTorrent.  This may be a sign that they wish to extract settlements rather than pursue serious cases, which would discourage them from appealing this case.  Upholding a standard requiring more evidence than merely an IP address may also require courts to espouse a more definite standard for geo-location.  Plaintiffs have long used IP addresses as the method of identifying defendants in file sharing cases.  A higher standard for identifying defendants could serve as a very hard limit on the number of cases plaintiffs can file.  There is also a very real possibility that, without some form of self-reporting (for example, listing a home town on Facebook), geo-location in file sharing cases is effectively impossible (or at least very difficult).  It should be interesting to follow this case, should Malibu appeal.