Two Years Later, Judge Finally Realizes That A CDN Provider Is Not Liable For Copyright Infringement On Websites
from the this is why procedural outs are important dept
More than two years ago we wrote about a truly bizarre ruling in a truly bizarre copyright lawsuit against Cloudflare. As you (perhaps?) know, Cloudflare is a popular CDN provider, helping websites (including Techdirt) provide better access to users while helping to mitigate things like denial of service attacks. In this case, the plaintiffs, Mon Cheri Bridals — a maker of bridal dresses — sued Cloudflare because websites out there were selling counterfeit dresses. If you know anything about copyright (and counterfeiting) law, you should be scratching your head. Counterfeiting is not about copyright. It’s about trademark. But the dress company (for reasons I still don’t understand), made the stretchiest of stretchy arguments to say that (1) the counterfeit sellers were posting images of the dresses, and (2) those images were protected by a copyright held by the dress maker, and (3) because the counterfeiting sites posting the allegedly copyright infringing photos used Cloudflare for CDN (not hosting) services, that somehow makes them contributory liable for the copyright infringement.
Even worse, the complaint itself was extremely confused about the DMCA and how it works with regards to the DMCA 512 safe harbors. Different companies are treated differently under 512, and Section (b) companies for “system caching” (which is what CDNs do) are treated differently under the law than Section (c) hosting companies. However, the whole “notice and takedown” aspect of the law only applies to Section (c) type companies. But the lawsuit simply ignored that and assumed that Cloudflare should be a (c) company, rather than a (b).
And, astoundingly, as we wrote about two years ago, the judge refused to dismiss the case, but let it move forward past the motion to dismiss stage — meaning that it went through some very expensive discovery and other efforts before finally getting to the summary judgment stage, and now more than two years later, the judge granted dismissal on summary judgment. And, kinda like his refusal to dismiss, the opinion is kinda short and doesn’t get into much in the way of detail. But at least this time it gets it right.
The plaintiffs have not presented evidence from which a jury could conclude that
Cloudflareâ€™s performance-improvement services materially contribute to copyright infringement.
The plaintiffsâ€™ only evidence of the effects of these services is promotional material from
Cloudflareâ€™s website touting the benefits of its services. These general statements do not speak to
the effects of Cloudflare on the direct infringement at issue here. For example, the plaintiffs have
not offered any evidence that faster load times (assuming they were faster) would be likely to
lead to significantly more infringement than would occur without Cloudflare. Without such
evidence, no reasonable jury could find that Cloudflare â€œsignificantly magnif[ies]â€ the
underlying infringement. Amazon.com, Inc., 508 F.3d at 1172. Nor are Cloudflareâ€™s services an
â€œessential step in the infringement process.â€ Louis Vuitton Malletier, 658 F.3d at 944. If
Cloudflare were to remove the infringing material from its cache, the copyrighted image would
still be visible to the user; removing material from a cache without removing it from the hosting
server would not prevent the direct infringement from occurring.
Cloudflareâ€™s security services also do not materially contribute to infringement. From
the perspective of a user accessing the infringing websites, these services make no difference.
Cloudflareâ€™s security services do impact the ability of third parties to identify a websiteâ€™s hosting
provider and the IP address of the server on which it resides. If Cloudflareâ€™s provision of these
services made it more difficult for a third party to report incidents of infringement to the web
host as part of an effort to get the underlying content taken down, perhaps it could be liable for
contributory infringement. But here, the parties agree that Cloudflare informs complainants of
the identity of the host in response to receiving a copyright complaint, in addition to forwarding
the complaint along to the host provider.
This is the correct ruling, but it should have come two years ago at the motion to dismiss stage.
Indeed, despite not being a Section 230 case, this is yet another example of why Section 230’s procedural benefits are so important. Perhaps one reason why people don’t get this is that they don’t understand just how much more expensive a lawsuit gets after a motion to dismiss, but it’s a massive shift. A motion to dismiss may run in the 100s of thousands dollars range (depending on a variety of factors). But if you get past that and have to go to discovery, you’re now talking in the millions before you get a ruling on summary judgment. It’s a big difference and a massive cost for companies (especially smaller ones). A cost that can completely destroy smaller companies — for a lawsuit that had no chance at all from the beginning.