Last month, I wrote an article entitled, “Whether internet porn viewers ‘should expect viewing histories to be made public.”  The fear that prompted that article was that someone could hack into the logs of a porn-streaming website, and with that information, expose the porn viewing habits of millions of Americans.  The conclusion of that article was that it would be difficult for a hacker to hack into a website which streams adult content, steal the website’s logs containing the IP addresses of those who have viewed the web pages which stream the videos, and then somehow correlate that IP address list with the actual identities of the internet users.  Thus, I do not expect to see any Ashley Madison hacks for websites streaming copyrighted content anytime soon.

The next question people asked was, “can I be sued for viewing copyrighted content on a YouTube-like site?”  In short, the answer is yes, you can be sued, but it will likely never happen.  Here’s why:


While a hacker would likely be able to obtain the IP address records from a pornography website’s analytics through theft, a copyright enforcement company such as CEG-TEK or RightsCorp would be unable to get this information without 1) a court order, or 2) the cooperation of the adult website itself.  The reason for this is that 1) porn website owners are notoriously outside the U.S., and thus, they are outside the jurisdiction of the U.S. federal courts.  The copyright holders could try suing the website owners, but this is often a difficult task (finding an elusive website owner outside the U.S. is a much more difficult task than suing internet users who participate in a bittorrent swarm to obtain files using BitTorrent).

While the analytics companies could be sued and forced to disclose the list of IP addresses for a particular website, this is also an unlikely scenario because complying with such a court order directing them to turn over records for one of their clients’ websites could be 1) illegal, and 2) it could put them in jeopardy of being sued by their customer.  So this is not a likely outcome.

Secondly, the copyright holders could “join forces” with the website owners to participate in the financial earnings of going after the downloaders (alternatively, they could be outright paid to disclose this information), but again, doing so would put the websites own visitors (their own customers) in financial jeopardy, and thus they would likely not participate in such a scheme.

In short, it is unlikely that a copyright holder would be able to obtain this needed list of IP addresses of those who viewed certain copyrighted content, and thus, with a streaming site, the copyright holders would likely not be able to learn who you are.

NOTE: It is still advisable to use a VPN when accessing a site streaming content, because your own ISP could be monitoring your web viewing habits, and they ARE in the U.S., and they could be sued and/or pressured to hand over “evidence” that your account visited a particular web page at a certain date and time.  It is unlikely this would ever happen, but it is best to err on the side of caution.


To date [and as far as I am aware], all of the copyright infringement lawsuits filed in the U.S. District Courts (the federal courts) across the U.S. have been for BITTORRENT ACTIVITY.

With very few exceptions where the copyright holder identified and sued the UPLOADER (the one who POSTED the video onto the website) based on a watermark or secret code embedded into the copyrighted video that identified the accused infringer as being the one who disseminated the copyrighted materials, there has never been a “John Doe” bittorrent lawsuit against a downloader who got caught by viewing content streamed on a YouTube-like website.  This is not to say that there will not be one in the future based on future internet fingerprint IDs forced upon internet users by government entities, or the like.

Thus, copyright holders have not yet and likely will never go through the initial step of 1) suing the website owner to obtain the list of IP addresses, and for this reason, I have not seen and do not foresee seeing lawsuits filed against internet users who view copyrighted content using a YouTube-like streaming service.

This is not to suggest or encourage that someone use this medium of viewing copyrighted films as technology can change, laws can change, and as the courts loosen their long-arm jurisdiction against foreign corporations and entities (weakening the Asahi case), the United States might start asserting its jurisdictions over foreign countries or foreign entities or corporations, and they might start forcing an internet fingerprint ID on the citizenry to track each citizen’s internet usage.  The takeaway, however, is that it is a lot harder to sue someone for viewing streamed content rather than suing someone for downloading content via bittorrent.

NOTE: An obvious exception to this article are those who have created accounts using their real identity or contact information, either 1) to participate or comment on forums or in the comment sections of the websites, or 2) those who pay a monthly or annual membership to access the premium content (e.g., faster speeds, unlimited content, etc.).  If you have an account on a website which streams content, then YES, your identity is at risk, and your viewing habits could be exposed for the world to see.  Otherwise, likely not.

Copyright Enforcement Group (CEG-TEK) has sent possibly hundreds of thousands of letters to internet users accused of downloading copyrighted content via bittorrent. In their letters, they invoke the Digital Millenium Copyright Act (DMCA) as the justification for their “intellectual property (IP) enforcement” activities. They claim to be the good guys, but are they?  Are they “naughty or nice”?

CEG-TEK claims to be the good guys — they stop piracy, and as a result of their efforts, fewer people download on the ISPs’s networks (a social “good” and a “win” for the copyright holders). They have stopped the copyright troll lawsuits, for the moment. And, although they are charging $300 per title for each downloaded movie (sometimes higher) for what is often an accidental “click of the mouse,” they claim that they are not “bad” or “vindictive” like their Rightscorp competitor, which charges only $20 per title, but then sues the accused downloaders in federal courts, and then even go so far as contacting the ISPs in order to attempt to shut down the internet accounts of those accused of downloading their clients’ copyrighted titles via bittorrent.

But then again, CEG-TEK is a business. While I have had success negotiating away cases against veterans, the elderly, and in many cases, college kids, CEG-TEK has taken a number of steps which at best would be questionable.

Most relevant is the “admission of guilt” clause in their settlement agreements, which at the time of writing this article has flipped back to the version which does not include this clause. Months ago, when CEG-TEK expanded into Canada and then Australia, the settlement agreements which released those who have settled from liability included the following clause:

111715 Admission of Guilt in CEG-TEK Settlement Agreement

[For those of you who cannot see the image, it says, “…in the event of a (i) failure to clear, (ii) chargeback, (iii) cancellation, (iv) failure to complete…this Release shall be considered admissible and conclusive evidence of RELEASEE’s infringement of the copyright in the Work and that RELEASEE will be liable to CONTENT COPYRIGHT OWNER for all damages, statutory and/or otherwise, for such infringement plus attorney fees plus costs as of the Settlement Date…” (emphasis added)]

[Now as a side note, for those who are particular about formatting and details, note that CEG-TEK placed that inflammatory clause at the bottom of Page 2, and they split it up where half of it is at the bottom of the page, and the other half is at the top of the next page, where even a careful individual might not read the clause in its entirety because the inflammatory clause is separated by being on different pages.]

The problem with such a clause admitting guilt is that it is binding on an unsuspecting individual who tries to settle the claims against him by paying with a credit card. How?  These contracts are available to the individual paying the settlement fee on the CopyrightSettlements.com website to review, and upon processing the credit card payment, they agree to the terms contained within the contract.

Then, when their credit card transaction fails (either because their card is not accepted by CEG-TEK’s website, or because the transaction is declined, or, if through no fault of their own, because of the website itself the bank flags the transaction as suspicious (fraud alert for a large online charge) and fails to approve the transaction), at that point, the individual has admitted guilt to copyright infringement, which carries a $150,000 statutory fine for each title downloaded. Assume for the moment that the individual has five (5) cases.  Multiply this $150,000 amount by five separate copyright holders, and the individual could be looking at 5 x $150,000 lawsuits (= $750,000 in statutory damages separated into multiple lawsuits filed by different copyright holders all of whom hired CEG-TEK as their agent to enforce their copyrights) where the internet user has already admitted guilt.

Then, when the confused internet user who tried to settle calls CEG-TEK on the phone already having admitted guilt, what sort of leverage does the individual have if they are asked for more than $300 per title? Legally, they likely have no defense because according to the terms of the agreement, they already admitted guilt — even if the credit card transaction failing was not their fault.

So… Copyright Enforcement Group may be the “good guys” because they let attorneys negotiate away cases for vets, old ladies, and elderly gentlemen who don’t realize that they should be using a VPN when they download adult content, and CEG-TEK may serve the public good by demonstrating that piracy has gone down because of their efforts. While this is all true, remember: watch their contract, because caveat emptor still applies.

I don’t want to make this into a “you should have hired an attorney for your $300 matter” blog entry, but really, this is but one example of how even the “good guys” need to be approached with caution, and better yet, through a proxy by using an attorney. [I won’t even go into the conspiracy theories about CEG-TEK trying to get more than the $300 per title that is listed on the website.] Let’s stick to the facts and look at their contract to judge them on whether they are truly “naughty or nice.”

Now is the moment that bittorrent attorneys joke to themselves, “now is probably a good time to brush up on divorce law.” In short, there have been bloggers and members of the news media who [once again] have written fear-based articles that there is about to be a “hack of all hacks” which will disclose the porn viewing habits of millions of Americans.  The threat of such a hack was originally circulated in 2013, then in February 2014, then in April, then again in June, and now again in October 2015. It has become a popular story to circulate because of the fear such a story invokes, and since it has reared its ugly head yet again, here are my thoughts on the proposed hack:

In the most recent version of the story, anyone who this past year (2015) has visited websites such as “XVIDEOS.COM,” or other YouTube-like websites which stream pornographic (and likely copyrighted) content (even using the browser’s “incognito” mode [which does nothing except NOT SAVE what you visit on your computer, but all other records are kept regarding that website visit by both your ISP, the website itself, and all trackers and cookies hooked in to your connection]) has been threatened that there will be a major hack which will correlate the IP addresses of those who have visited the website with the real names of the internet users.

Now without attracting the ire of hackers, this would have to be a pretty complicated hack in order for it to succeed. They would not only have to hack the logs of the porn tube websites (not so hard to do, as website analytics logs are not that well guarded), but in order to link the IP addresses they would retrieve from a hack of the porn websites’ logs, they would still need to obtain the identity of the internet user.  In order to do this, the hackers might either have to hack one or more ISPs (Comcast, Verizon, Time Warner, Charter, Centurylink, etc.) to obtain account information and/or IP address histories (a list of IP addresses that have been leased to the account holder over the past year in accordance with that ISP’s “IP retention policy,”), or the hacker would have to hack some popular website (e.g., Facebook, Instagram, etc.) which houses the real identities of the suspected internet users AND employs sufficient tracking methods (internet trackers or cookies) to follow those users when they are browsing “away” from the website (e.g., such trackers would note that a particular internet user visiting Amazon.com is the same user who just viewed their buddy’s updates on Facebook).  In short, the hackers would need to obtain the identities of the internet users through either their ISPs or some popular website, and then they would need to correlate those identities with the stolen internet logs (of IP addresses of the internet users who have visited the pornography website).

Now if that was a mouthful for you and you are confused, let me simplify the matter by going over this again in detail:

From the porn website side of the hack, every time you visit a web site, the website sees the IP address you have come from (or, if you are coming from a VPN, it sees the IP address of that Virtual Private Network which is shared by other internet users as well). The website can see which pages you viewed through the trackers associated with the site (e.g., Google Analytics helps website owners track what website each visitor came from, what search term(s) you used to arrive at the website, what you clicked on when you accessed the website, how much time you spent on each page, and where you clicked to when you left the site, etc.) What it cannot tell you is WHO YOU ARE.

Now there is a website put out by the Electronic Frontier Foundation called “Panopticlick” (https://panopticlick.eff.org) which in my opinion freaks out everyone who clicks on it (especially security-minded users such as myself who have freakishly identifiable browsers based on the privacy plug-ins and custom privacy settings built into our browsers), but the point of the website is to teach you that your browser itself can “expose” who you are based on the fingerprints your browser leaves every time you visit a website. Also, pay attention to IPLeak.net (https://ipleak.net/) which tries to see past your known IP address to discover if you are leaking your true IP address (which can lead a hacker to your identity through your ISP). Lastly, pay close attention to the “IP Check” test on the JonDoNym website (http://ip-check.info/?lang=en) because each of these items checked can compromise your identity.

The missing link to make such a hack happen is that the hacker would need to access the data mining logs that are stored on each user (e.g., in browser cookies) or through tracking websites such as DoubleClick, etc. (essentially, the hacker would have to also access the advertising-based websites which unknown-to-you latch on to the the website you visit so that when you shop on one website for a particular product, and then you switch to another website, the product you are shopping for appears as a creepy recommendation from the other site). [For those of you who understand me how this works, I always got a laugh when I used to sign onto a public VPN at Starbucks using software such as Hotspot Shield {WARNING: DO NOT USE PUBLIC VPNS}, and in my browser’s search results, I would always see porn-related ads and suggestions.  This was an indication as to what everyone else who was signed on to that free VPN was doing with that VPN connection.]

Back on point as to trackers, you do not see the trackers*.  However, they latch on to you when you visit popular websites (e.g., Facebook, LinkedIn, Netflix, Hulu, Amazon.com, Walmart, etc.).  To protect yourself from trackers, you should know that there are ad blockers and tracker blocker browser plug-ins, most notoriously Ghostery (https://www.ghostery.com/) or Disconnect (https://disconnect.me/) which do a good job blocking these trackers.  *NOTE: You can actually see the trackers when using one of these tracker blockers.  Alternatively, for a visual representation of which trackers you are connecting to, get the Lightbeam extension for Firefox (https://www.mozilla.org/en-US/lightbeam/), and get ready to be surprised.

In sum, the hacker would not only need to obtain the IP address logs from the streaming pornography website (which would indicate which IP addresses visited which pages at what times), the hacker would also need to hack into a website or company (e.g., Facebook) that has access to your real name.  Further, just in case your IP address history is not available for the hacker to correlate with the the porn websites’ IP address logs, the claim is that the hacker might be able to use your browser’s fingerprint (e.g., as described in EFF’s Panopticlick website), or they might hack into a data mining company’s website which tracks you as your browse from one website to another to properly identify you as the individual who viewed that web page at that date and time.  In my opinion, I cannot imagine that the technology is this advanced to allow a hacker to track users using their browser fingerprints nor do I think they would be able to breach and access a data mining company’s records.  For these reasons, I don’t think this browser-based fingerprint hack or the data-mining based hack are valid threats, at least not yet.  (NOTE: If there ever comes a universal internet ID, then yes, this would easily identify users across websites, and such a database would probably be easily hackable too if you take the current record of IRS and federal employee data hacks and you project that lack of security forward into a universal internet ID system.)

So here is my opinion.  Really, unless I am missing something, I can’t imagine that technology is that advanced to allow a hacker to hack the YouTube-based streaming porn site, identify the users who accessed that website through their IP addresses and the browser fingerprints (I don’t think browser fingerprint data is even available through generic website analytics likely employed by the pornography websites, even the paid websites), cross-link those browser fingerprints with other websites you have visited (even with the hacking of data mining services) to identify the real identity of the person using that browser, and then post a list of the real user names and associated identities (to “expose” those users) of those who have visited the targeted pornography websites just as they did in the Ashley Madison hack.  It is just too complex of a hack to do!

To the relief of those users who have visited these pornography websites and are concerned about being exposed, there are a few things to note. Firstly, the Ashley Madison hack exposed the USER ACCOUNT INFORMATION AND REAL NAMES (OFTEN OF THOSE WHO PAID MEMBERSHIP FEES TO THE WEBSITE for access). Here, a viewer of online content likely has no account, and if there is an account, you probably didn’t give your real information because the sites merely require that you register in order to comment.   There is usually no paid content (premium content, yes, and perhaps these are the people at risk if there were such an imminent threat).

Secondly, remember that websites that house real contact information and track their users using trackers and advanced cookies probably have really really good security.  I can’t imagine that a website such as Google, Facebook or LinkedIn would allow a hacker to break into their system and steal their user lists and data mining / tracking data.  [Yes, I know just a few days ago Experian was hacked (which is funny because they provide credit monitoring services just in case another website is hacked and identities are stolen), but] My best guess is that any website that houses user information and employs such deep trackers and data mining technology would be like Fort Knox as far as security is concerned.  So it’s likely a no go for such a hack to happen.

However, here is where I would be concerned.  If I am wrong and such a large company WAS hacked (and perhaps they haven’t figured it out yet, just as the IRS took months before realizing that they were hacked), or if a zero-day security vulnerability was discovered (allowing a hacker to gain access to mining data and/or real identity records) and the employees at the company’s IT department haven’t caught it yet, then such a hack MAY be possible.  Perhaps the hackers have already infiltrated Google, Microsoft, Yahoo, or some giant free mail provider [which tracks their users in return for the free e-mail services] and the hackers already have obtained the real name contact information and, if they’re lucky, the IP address history (web history) from those mail providers. Then, the web history and account data would allow the hacker to go back in time and match the history of IP addresses obtained from the ISP or mail provider that it has hacked, and they would be able to correlate those past IP address logs to those IP address logs of the visitors to a particular website gleaned from an imminent or past hack of that website’s analytics logs. [If this wasn’t an old story, I would say that with the honor code of hackers, no hacker would say they CAN do something unless the hack had already happened and they are waiting to publish the results of that hack, or they have already identified the security vulnerability and are timing the imminent attack to gain access to the information they seek.]

If you are concerned that your e-mail address has been compromised or stolen in a past hack (such as the one I am proposing could maybe take place here), there is a website called “Have I Been Pwned” (https://haveibeenpwned.com/) where you can look up your e-mail address to see if your account and/or password has been compromised.

Realistically, though, I would be most concerned for users who have registered with accounts on the targeted websites (e.g., to post comments, join discussions, etc.). Anyone else — as soon as you can, lock down your browser, start learning about how to browse privately (I suggest learning how to use the Firefox plugins on the JonDoFox overlay and why each one is so important), and get and lock down your paid VPN if you are worried about inadvertently disclosing your IP address. Other than wiping your web and location history (e.g., with your Google or Yahoo account settings) [just in case the hack has not yet happened], this could hopefully protect you should such a hack take place in the future.

Now, for those of you who want to see what the hackers actually have in store, buckle down, grab your popcorn, and wait to be impressed. If this is a real story with an imminent threat AND IT ACTUALLY HAPPENS, then this could be an Edward Snowden kind of hack which could forever change the way we think of internet security. If it is a false alarm (my suspicion), or if the hacker cannot produce what he claimed he can or has been able to do, then that hacker who has been leaking this story over and over again might consider leaving town for his own safety — or else he might find himself at the bottom of a river for diluting the reputation of hackers who would no doubt be angry at him for promising something none of them can deliver.

Independent.co.uk, “Internet porn viewers ‘should expect viewing histories to be made public’
Brett Thomas, “Online Porn Could Be The Next Big Privacy Scandal
Independent.co.uk (April), “Could your online porn habits be publically released?

FURTHER THOUGHTS ON WHETHER LAWSUITS FOR ACCESSING STREAMING CONTENT WILL EVER HAPPEN: Where this article is relevant to copyright infringement / bittorrent / copyright troll lawsuits and DMCA requests for settlement amounts:  There are two observations that someone accused of downloading copyrighted pornography should take away from this article (and as usual, none of this is to be considered legal advice):

1) Just as a hacker would be able to obtain the IP address records from a pornography website’s analytics through theft, a copyright enforcement company such as CEG-TEK or RightsCorp can use bittorrent software to track the IP addresses of all of the downloaders participating in the bittorrent swarm (no theft; this information would be freely available to them).  No lawsuit is needed, and no subpoena is required from a judge to obtain the IP addresses of the accused downloaders.  The bittorrent software alone provides this information to them.

Also, neither CEG-TEK, RightsCorp, nor the copyright holders need to sue an accused downloader in federal court to obtain their identity.  Rather, under the DMCA laws, the copyright holder (or their agent) can send a DMCA violation notice to the accused infringer’s ISP, and the ISP forwards that violation notice (often containing a hyperlink forwarding that suspected infringer to their http://www.copyrightsettlements.com website (run by CEG-TEK), where the link they click on would prefill-in the case number and password of the accused downloader’s “case.”  It is in accessing this website that the accused downloader is faced with a demand for payment to settle all known claims of copyright infringement against them.  How all known claims?? Before CEG-TEK sends the DMCA violations notice, their computer system already pre-fills in all other accused downloads or past infringing activity based either on the accused downloaders’ past IP addresses, or based on the geolocation data provided to CEG-TEK.

2) Just as it would be difficult for a hacker to pull off such a hack as described here, also take away that all of the copyright infringement lawsuits filed in the U.S. District Courts (the federal courts) across the U.S. have been for BITTORRENT ACTIVITY.  As far as I know, with very few exceptions where the copyright holder identified and sued the uploader based on a watermark (or secret code) embedded into the copyrighted video that identified the accused infringer as being the one who disseminated the copyrighted materials, there has never been a “John Doe” bittorrent lawsuit against a downloader who got caught by viewing content streamed on a YouTube-like website.  This is not to say that there will not be one in the future.

In order for a copyright holder to sue an accused downloader for viewing content that is streamed to that user via a website (this is how they would need to do it), that copyright holder would need to first obtain from the pornography website’s owner the list of IP addresses of the individual or individuals who visited a particular web page of the pornography website (noting that each video would have its own unique website address), and this endeavor would require cooperation or compliance of the pornography website’s webmaster (which will almost certainly NOT happen, as most websites are now hosted OUTSIDE of the United States).

Second, after the copyright holders obtain the IP address(es) of the accused downloaders, they would need to follow the same procedure as Copyright Enforcement Group (CEG-TEK) by sending DMCA letters to the ISPs instructing them to forward those notices of copyright infringement to the account holder who was assigned that IP address.  Or, the copyright holder or their agent would need to file a lawsuit in the appropriate federal district court on behalf of the copyright holder, and the copyright holder would then need to persuade a judge to issue a subpoena to force the ISP to hand over the identities of the accused downloaders based on the list of IP addresses obtained from the website owner.

In the likely scenario that the website owner did not provide the list of IP addresses of the accused downloaders, the lawsuit could still proceed against the John Doe Defendants.  However, the copyright holder would first need to sue the website owner (who might reside outside the U.S., and outside the jurisdiction of the U.S. federal courts) to turn over the list of IP address logs of those users who visited a particular web page hosting or embedding the copyrighted video owned by the copyright holder.

Thus, the second takeaway from this article is that copyright holders have not yet and likely will never go through the initial step of 1) suing the porn website webmaster to obtain the list of IP addresses, and for this reason, I have not seen and do not foresee seeing lawsuits filed against defendants who viewed copyrighted content using a YouTube-like streaming service.  This is not to suggest or encourage that someone use this medium of viewing copyrighted films as technology can change, laws can change, and as the courts loosen their long-arm jurisdiction against foreign corporations and entities (weakening the Asahi case), the United States might start asserting its jurisdictions over foreign countries or foreign entities or corporations.  (As an attorney, it is also important to note that regardless of the means of obtaining access to view a copyrighted video, downloading copyrighted content — even a temporary copy to your computer could still be held to be copyright infringement).  That being said, it is a lot harder to sue someone for viewing streamed content rather than suing someone for downloading content via bittorrent.

Judge Alvin Hellerstein of the Southern District of New York just did the right thing in denying “expedited discovery” which would allow Malibu Media, LLC to send a subpoena to the Time Warner Cable ISP, thus preventing Malibu Media from learning the identity of the John Doe Defendant.

The copyright troll blogosphere is no doubt about to erupt with this story — in fact, the Twitter feed is already bustling with comments from Sophisticated Jane Doe (@FightCopytrolls), Raul (@Raul15340965), and other bloggers. Bottom line, a United States District Court Judge just said “no” to allowing Malibu Media’s extortion scheme to proceed.*

Judges are the gatekeepers of the law, and the reason these cases have been allowed to fester and infest our legal system is because judges [until now] have been asleep. They have blindly allowed the plaintiff copyright trolls the ability to wreak havoc on the accused downloaders by allowing the copyright trolls access to them so that they can intimidate, harass, embarrass, and threaten to deplete all of the funds of the accused defendant’s [sometimes life] savings in order to avoid the costly alternative of litigating a copyright infringement lawsuit.

For the purposes of this article, I am focusing on two points which I found to be interesting in today’s Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04369; NYSD) ruling (see Judge’s order here).


This ruling (based on Judge Marrero’s Next Phase Distribution, Inc. v. John Does 1-27 (Case No. 284 F.R.D. 165, 171 (S.D.N.Y. 2012)) case is the “third rail” issue in copyright troll litigation. Do copyright rights extend to pornographic materials? What if they are considered “scenes a fair,” or scenes which contain the same “roles” and “characters” as in other films — are these considered copyrightable (keep the same story, scene, genre, and roles, but switch the actors)? Are these works considered art? And, what happens if the copyrighted film violates one or more obscenity laws — does that film still have copyright protection?

These are just questions, and to date, they are unresolved. However, the fact that Judge Hellerstein brought it up means that he is seriously considering whether this should be a basis to deny copyright infringement claims against John Doe Defendants.

Reference: See my 8/14/2012 article entitled, “How to make bittorrent cases go away once and for all…” (Reason 3)


This has always been a blatantly simple, and yet tough argument to describe. But when you think of it, the simplicity — once it jumps out at you with the “aha!” moment — is charming and unforgettable.

In short, Malibu Media can prove that SOMEONE downloaded one or more of their titles. However, they do no prove (or even assert any evidence) to indicate that it was the account holder who downloaded the copyrighted film… so what legal basis does Malibu Media have to sue the account holder?? Judge’s answer: None.  In order to make a “prima facie” case that would convince a judge to rubber-stamp a subpoena permitting the copyright holders to force an ISP to turn over the identity of the account holder (whether or not he is the actual downloader), the copyright holder needs to provide some “link” identifying the actual downloader as being the account holder. No link is ever provided in Malibu Media’s pleadings, and thus in legal terms, the pleading “fails” and the copyright holder’s request for expedited discovery should be denied.

That’s it.  My two cents, for what it is worth.

Congratulations to District Judge Hellerstein for a brave and correct ruling on the law. Now if all of the other judges in the Eastern District of New York would fall in line with this ruling and abandon the “my court, my world, my rules” mentality, we can put an end to these cases once and for all.

Additional Reference:
Fight Copyright Trolls (SJD): Citing previous Malibu Media’s sheer abuse of court process, New York judge denies early discovery

*UPDATE (7/7, 6:30am): I am surprised that there are not more articles on this topic.  This should be all over the news for other NY judges (and judges in other federal district courts) to see.  Unfortunately, if other judges do not see [and act on] this ruling, then it gathers dust and it has little-to-no effect on future Malibu Media, LLC lawsuits. …and the scheme continues unhindered.

Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04713)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04717)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04720)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04725)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04728)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04729)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04730)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04731)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04735)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04736)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04738)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04732)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04733)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04734)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04741)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04742)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04743)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04739)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04740)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04744)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04745)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04367)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04374)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04370)
Malibu Media, LLC v. John Doe (Case No. 7:15-cv-04377)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04368)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04369)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04371)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04373)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04378)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04380)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04381)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-04382)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-03130)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-03135)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-03137)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-03138)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-03143)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-03144)
Malibu Media, LLC v. John Doe (Case No. 1:15-cv-03134)

Copyright Enforcement Group (a.k.a. CEG-TEK) and RightsCorp at first glance look alike, but they are different animals. While they both use the DMCA laws (or with CEG-TEK, their foreign-country’s equivalent) to send letters to internet users accusing them of copyright infringement, and while they both attempt to force account holders to pay a “settlement fee” to settle all claims claimed against them, the mechanisms of how they operate are quite different.

True, both CEG-TEK and RightsCorp send DMCA notices to ISP subscribers (internet users). CEG-TEK (currently) asks for a settlement of $300 per title (C$225 for account holders in Canada), and RightsCorp asks for $20 per title.

The big difference between CEG-TEK and RightsCorp is that CEG-TEK releases the accused downloader from liability when the settlement is paid; in CEG-TEK’s contract, there is NO ADMISSION OF GUILT (UPDATE: CEG-TEK recently updated their settlement agreements and now they have an inflammatory “admission of guilt” provision, speak to your attorney about this), whereas RightsCorp contracts explicitly have the settling party admit guilt in an “I did it, I’m sorry, I’ll never do it again” fashion. This ‘admission of guilt’ issue was the initial reason I wouldn’t work with RightsCorp.

There are obviously other issues with CEG-TEK settlements that we’ve discussed before, just as there are obvious issues with RightsCorp settlements (namely, with RightsCorp, many have reported that after paying one $20 settlement, they received 10-40 additional infringement notices, whether or not the downloads actually happened).

Lastly, there are customer service differences between CEG-TEK and RightsCorp. CEG-TEK retains multiple individuals who respond to inquiries and convince those who call in [with inquiries, objections, and website troubles in processing payment] to pay the requested settlement amount or face a lawsuit. They have been known to claim that they record the conversations (watch out for this, as an admission of guilt here can be used against you, as can a lie later be used against you later in a perjury claim).

The important thing to note about CEG-TEK is that CEG-TEK DOES NOT SUE PEOPLE. Rather, they are a SERVICE PROVIDER providing COPYRIGHT INFRINGEMENT SERVICES TO THEIR CLIENTS (namely, the copyright holders). CEG-TEK has also been known to scrape the list of callers to ascertain their identities (although this used to happen before we learned that they are now able to obtain [from select ISPs] the geolocation data identifying where the download took place). Thus, if a settlement is not reached, they forward the file over to the copyright holders to allow them to follow-up with the accused downloader using their own attorneys.  At this point, CEG-TEK is out of the picture.

Well, to be accurate, first CEG-TEK has their own attorney Marvin Cable send out settlement demand letters asking for $1,750 per title, and only after he is unable to obtain a settlement from the accused downloader, only then do they forward the file over to the copyright holder(s) for their own attorneys to do what they will with it. This is where in my opinion the “ignore” route can result in an accused downloader being contacted by an attorney requesting a settlement, this time asking for a significantly higher amount. Again, depending on the COPYRIGHT HOLDER [namely, whether they have sued in the past (you can look this up on http://www.rfcexpress.com), and whether they intend to sue again in the future], this is how to best determine whether to ignore or settle the claims listed on the CEG-TEK website.

In my opinion, this CEG-TEK policy of “we forward your file over to the copyright holders” is where the misuse of that information *can* originate. Not all copyright holders are upstanding citizens (note to self to write about how a particular action might be illegal or unethical, but we see lawyers doing it anyway, unpunished — “LEGAL, BUT NOT LAWFUL”), especially considering that most of Ira Siegel’s clients are adult entertainment companies (pornography), and their lawyers do not think twice before reminding the accused downloaders that they could be involved in a lawsuit for the download of pornography.

RightsCorp has its own set of problems. First of all, aside from the settlements having accused downloaders admit guilt to one or more downloads, there is a difference in the validity of the claims between RightsCorp and CEG-TEK.  RightsCorp’s initial claim may be valid, but the many follow-up claims have been said to be fabricated.  Contrast this to CEG-TEK — CEG-TEK sends an infringement notice within days of a download taking place, but when the internet user logs in to CEG-TEK’s site, CEG-TEK’s computers have already searched and found any older downloads somehow linked to that internet user (based on the geolocation provided to CEG-TEK, presumably by the ISPs themselves, and also based on the list of IP addresses leased to the subscriber over how long the ISP keeps these lists of past IP addresses based on their “IP retention policy”).

NOTE: There is more to say here, but the jist is that CEG-TEK uses fuzzy science (same geolocation, same bittorrent software, same port number) to link cases together.  This causes problems when CEG-TEK’s system links together multiple tenants’ downloads in an apartment complex or dorm, or when an unlucky VPN subscriber receives an infringement notice containing all of the downloads from the hundreds of other users connecting through that same VPN IP address.

And, while CEG-TEK provides what they call “Customer Service” (a.k.a., “tell me about what a bad boy you were so that I can thank you for admitting guilt and force you to settle or face a lawsuit”), last I checked (and admittedly, it has been some time) there is ABSOLUTELY NO CUSTOMER SERVICE from RightsCorp. Yet, RightsCorp won’t hesitate calling you with their Robocalls all day and night.

Lastly, the biggest difference between CEG-TEK and RightsCorp is that whereas RightsCorp is financially a “sinking ship,” and last I checked, their stock price dropped to $0.06 per share on the stock exchanges, CEG-TEK has only been *expanding* their operations, growing in size, expanding into other counties (most recently, sending copyright infringement notices in Canada), openly speaking about hiring foreign attorneys to enforce their clients copyrights, and they even have been going into other areas of intellectual property (e.g., going after those who sell counterfeited goods over the internet).

In sum, Copyright Enforcement Group in my opinion is the “big bad wolf” of copyright infringement, yet they do everything they can to keep their “paws” clean. What has always bothered me about them (other than that former plaintiff attorney Ira Siegel‘s name appears on each of their settlement demand letters), is that with their growth comes the ability to push around attorneys and internet users with boilerplate settlement agreements, (recently) new terms on their settlement agreements which are less friendly than the former friendly terms, and the ability to continually raise the settlement amount (which was initially $200, then $250, then $300), and nobody can do anything about it.

“Settle or ignore,” it does not matter to CEG-TEK.

As for RightsCorp, I still hold by what I said almost 24 months ago. I see no reason to get involved with them, as they have always been a sinking ship. It is only a matter of time before they are bought out by someone else.

Rightscorp’s Red Bottom Line Gets Larger and so Does its List of Copyrights to Protect (8/19/2014)
Rightscorp Scores More Copyrights to Protect from The Royalty Network (7/11/2014)
Rightscorp, ‘We Aim to Protect Millions of Copyrights as we Continue to Lose Money’ (5/14/2014)
Rightscorp Sets its Sights on the Pay-Up or Else Program for UK Pirates (5/7/2014)
Rightscorp Scores Again, Gets 600 Copyrights from Rotten Records to Protect (4/16/2014)
Rightscorp Adds 13,000 More Copyrights From Blue Pie Records to Protect (3/31/2014)
Rightscorp Publishes its Full-Year & Fourth-Quarter 2013 Financial Report (3/26/2014)
Downloaders Beware; Rightscorp Now Monitoring Billboard Hot 100 Songs (2/28/2014)

Canada begins receiving CEG-TEK DMCA settlement letters. (3/12/2015)
How time limits / purged records stop a copyright holder from learning a downloader’s identity. (12/18/2014)
CEG-TEK’s growing list of participating ISPs, and their NEW alliance with COX Communications. (11/12/2014)
The Giganews VPN Problem (11/12/2014)
CEG-TEK is now your friendly “photo” copyright troll. (6/13/2013)
CEG-TEK’s new “you didn’t settle” letters sent from Marvin Cable. (3/22/2013)
CEG-TEK’s DMCA Settlement Letters – What are my chances of being sued if I ignore? (2/22/2013)
Why CEG-TEK’s DMCA settlement system will FAIL. (2/22/2013)

It has been almost a full day since yesterday’s historic Prenda flop where the attorney for Prenda Law Inc. (formerly, Steele|Hansmeier, PLLC and before that, Steele Law Firm PLLC) appeared to be woefully unprepared to overturn the sanctions that were ordered against Prenda Law and their team. (Flashback: “The 12 minute hearing and the end of Prenda Law Inc.” on 4/3/2013)

For those of you who missed it, you can watch the entertaining video here (fast forward to the tall guy).

As a quick recap, two years ago, Prenda Law was caught forging the name “Alan Cooper” on the copyright assignment documents which gave them the apparent authority to sue on behalf of their clients. The “real” Alan Cooper (John Steele’s gardener) who was the victim of identity theft hired an attorney, showed up at one of Prenda’s hearings, and served John Steele with his own lawsuit.

I don’t know how to explain what happened in a recap other than that the whole “house of cards” that was Prenda Law Inc. was unraveled — not because of the Alan Cooper forgery issue, but because John Steele couldn’t stay away from the cases when he successfully made the courts believe that he sold his Steele Hansmeier PLLC law firm to Paul Duffy. Shortly afterwards, he resumed making phone calls and openly running things himself, and he started showing up at hearings and speaking to the judges. This is what tipped off Judge Otis Wright to ask who the real parties in interest were in these lawsuits.

Personally, it jaded me a bit to see that after being caught (having their grand scheme exposed by good lawyers), the lawyers for Prenda continued their stories of misinformation by lying under oath in their depositions and in court proceedings. Further, I was annoyed when I learned about the scheme unfold in its entirety, including the creation of various offshore entities created to funnel settlement payments, and where Prenda peddled the blatant lie that Mark Lutz (the paralegal) was the mastermind behind the lawsuits.

Being behind the scenes when all this was happening, I was also hearing about issues of Prenda Law lying to, not paying, and in one notorious case, turning against their own local counsel who put their law licenses in jeopardy to file the lawsuits on Prenda’s clients’ behalf. Lastly, there were even more issues that I was privy to that never even made it into the courtroom, namely what appeared to be a credible accusation that Prenda Law Inc. was uploading and seeding their own clients’ content on the bittorrent networks — the same bittorrent swarms in which they sued the internet users for downloading the content they uploaded.

My own thought process was that the proper judicial response was 1) for the federal judges to serve as the “guardians of the gates” of the federal courts [e.g., to kill the copyright infringement cases as they are filed based on principles of improper joinder, etc.], and 2) to prevent the attorney(s) at this point from practicing law through the remedies of suspension and disbarment through their local bar associations. If the attorney persists, the attorney(s) should be charged with the unauthorized practice of law. Yet none of this happened. A lawyer (who for the purposes of this article will remain private) filed ethical charges against John Steele to have him disbarred, and in return, Steele filed ethical charges against him [a story for him to tell, not my secrets to tell].  Then, Steele at some point appeared to have voluntarily disbarred himself and retired from the practice of law, and his organization went inactive in the Illinois state registry. Yet his involvement in the cases persisted.

Thus, I was not surprised when Judge Wright wrote his order sanctioning John Steele, the Hansmeier brothers, and all those involved in the conspiracy. What surprised me was their hubris in that they continued fighting after they already lost. This is why I call the Prenda Law fiasco a “circus.” Everybody continues to argue in circles, but nobody goes to jail.

So, getting back to yesterday’s hearing (YouTube Link), there were THREE ITEMS that I took note of in what was perhaps the most entertaining 3-panel judge hearing I have ever seen.

ITEM 1) John Steele and the Hansmeiers were quite upset that Judge Wright implicated them as having broken criminal laws, and even though they were never charged for the violation of those laws (which I could only guess include identity theft [forgery], extortion, perjury, fraud, and perhaps even money laundering and/or racketeering). [NOTE: There were other acts allegedly committed, including the unauthorized practice of law, violation of countless ethical rules including compensating a non-attorney as a partner of the law firm, alleged tax evasion, and misuse of corporate structures after they were dissolved, etc.] Many of these acts if looked into could make the principles of the law firm personally liable for any charges without the protection of a corporate entity.

They appear to have hired attorney Daniel Voelker for the sole purpose of disputing the $200K+ in sanctions awarded against them because Judge Wright implicated them in a lawsuit which they tried their darnedest to keep at an arms length through the use of legal structures, funneling money into offshore entities, using the paralegal as the “fall guy,” and through the use of local attorneys. But rather than arguing against the sanctions award on the merits of whether it was proper to award the sanctions, they appear to have been offended by the implication of having broken criminal law in what Judge Pregerson called “an ingenious extortion fraud [scheme].” Thus, they instructed attorney Voelker to request that the court REMAND (meaning, return to the lower courts as a “do over”) the case to the U.S. District Court so that they can properly defend the insinuation that they committed one or more crimes while running what was — at the time — the most successful copyright trolling extortion scheme in existence.

ITEM 2) Attorney Daniel Voelker appeared to be woefully unprepared for the hearing. When asked about the details of the various copyright troll lawsuits filed by Prenda Law Inc. / Steele Hansmeier PLLC / Steele Law Firm, PLLC, he was unaware of anything other than what was the subject of the appealed case. This was surprising to the judges, it was surprising to me, and I am sure it was surprising to the hundreds of “fans” who were watching the hearing live and streamed over the internet. How could this attorney not be aware of the hundreds of other filings that his client took part in?!?


ITEM 3) Simplifying the discussions of damage multipliers and other damages issues that were discussed, the jist of what the judges needed to decide were 1) whether to uphold the sanctions award against Prenda Law and company, and 2) whether to remand the case so that the questions of criminal conduct could be hashed out.

IN MY OPINION, again, this whole Prenda Law fiasco is a circus. John Steele and his buddies have been “gaming” the system since they began, and even when their whole scheme came tumbling down around them, they turned to lying, cheating, and misdirection in order to get around the rules.

Nothing will right the wrongs that were inflicted on tens of thousands of internet users except seeing each of these attorneys disbarred and jailed for criminal conduct. Yet I cannot see this happening because notorious criminals today too often go uncharged. Judges too often find the “lazy” alternative of slapping an attorney with sanctions, and then not following up on their order when the attorney weasels their way out of paying those sanctions. This is a sign of a corrupt system, and as much as I have faith in the law, I do not have faith that the judges will inflict stern judgement (“fire and brimstone”) against a bunch of lawyers who look more like a**clowns in the courtroom.

Thus, it is my best guess that the sanctions will not only be upheld, but they will be strengthened and perhaps multiplied. However, as for the criminal prosecution of the clowns who perpetrated this grand heist of an extortion scheme, their activities will go unpunished. Maybe they’ll lose their law licenses (noting that in part, this has partially happened to some of them). Maybe they’ll be held personally liable without the shielding of the corporate entities they tried to use to hide their involvement in these cases. Maybe one or more of them will need to continue to hide their money indefinitely and file for bankruptcy. Maybe one or more of them will need to move out of the country and live out their days on a beach somewhere.

I don’t see orange jumpsuits in anyone’s future here. Not in today’s lawless society.



3/17 UPDATE: Judge Matthewman filed the identical “order to show cause” as described in yesterday’s “Florida ‘Manny Film LLC v. John Doe’ cases suffer a black eye (FLSD)” article. (Thanks to SJD @fightcopytrolls’ Twitter post [and link] for tipping me off to this trend.)

What this means is that as of this afternoon, the judge has begun to scrutinize the other Manny Film, LLC cases filed in the Florida Southern District Court (this time, Case No. 9:15-cv-80298). This one is due April 1st, 2015. I would not be surprised if the judge continues to go down the list of “Manny Film” cases filed in the Florida Southern District Court and kills each one, one “order to show cause” at a time.

It is also important to note that in my estimation, the Manny Film LLC lawsuits are “cut-and-paste” lawsuits copied from the Malibu Media, LLC lawsuits filed across the United States.  Unfortunately for Keith Lipscomb (the mastermind behind each of the Malibu Media, LLC lawsuits, and now, the mastermind behind each and every Manny Film LLC lawsuit soon-to-be-filed across the U.S. District Courts), these ‘orders to show cause’ pose an existential threat to not only the Florida-based federal cases, but also to the other Manny Film LLC cases filed in the other federal district courts (upon which these Florida federal cases [when considered by the other federal judges] will be PERSUASIVE).

EDUCATIONAL NOTE: Even if all of the Manny Film LLC cases go away, the “Florida ‘Manny Film LLC v. John Doe’ cases suffer a black eye (FLSD)” article is still helpful to discuss the concept that “an IP address (even one tracked to a particular defendant’s address using “solid” geolocation software) is INSUFFICIENT to identify and sue the account holder as the defendant in a bittorrent copyright infringement lawsuit.” Using the geolocation data alone as their source of “evidence” to support their claim of copyright infringement, a plaintiff cannot properly state that the defendant 1) lives in the district for venue purposes, and 2) the plaintiff arguably even “fails to state a claim” against the accused defendant (FRCP Rule 12(b)(6) language) because such geolocation software “evidence” does not prove (or sufficiently state) that the accused defendant is the downloader.


Get every new post delivered to your Inbox.