CIPPIC posts 2 damning affidavits in Voltage “piracy” fight


We used to call it “Voltage vs TekSavvy.”  As of now, let’s make that Voltage vs CIPPIC, in what’s shaping up to be the “piracy” battle of the year. (For the backstory, see my previous posts, here, here and here.)


This case has racked up more than its fair share of ironies.

First, the plaintiff is a small US film studio that has brought its lawsuit in the guise of copyright infringement, against as many as 1,000 John and Jane Doe’s. For everyone else, the case has raised far more important questions about the right to online privacy and anonymity; the role of ISPs in defending these rights; and the appropriate disposition of mass lawsuits carried out by copyright trolls. In other words, if you’re going to call this stuff “piracy”… please use scare quotes.

Second, much of the discourse till now has focussed on TekSavvy’s role as pig in the middle. The very legal provisions that have spared TekSavvy any liability for infringement have also put the company into a very awkward position: be a hero or be excoriated for not “standing up” to Voltage. TSI has spent $200,000 in legal and other costs trying to help the court and its customers, despite having done nothing wrong – and without any guarantee that Voltage won’t come along in a few weeks with another list of thousands of alleged pirates (see affidavit discussion below as to why).

Third, by not objecting to Voltage’s original motion, TSI failed in the eyes of some critics to offer the court the other side of the story. Well, that issue became moot when the court allowed the second adjournment (January 14), followed by its invitation to CIPPIC to participate with full intervenor status (February 13). Whatever risk TSI’s strategy may have involved, this outcome is a far better one for the public interest. What we get is an extremely experienced advocacy law clinic – CIPPIC – whose affidavits show they’re ready to blow Voltage out of the water.

Two affidavits: one on issues of technology, one on the prior legal record

As I noted in my February 14 post, CIPPIC intends to assist the court by analyzing three broad issues: the protection of anonymous speakers on the Internet; Voltage’s track record in the United States as a copyright troll; and the veracity of the evidence gathered by Canipre about filesharing traffic.

In the two affidavits made public last Thursday, CIPPIC has focussed on the latter two of these issues. Given both the unprecendented nature of this lawsuit and the untested provisions of our new copyright law, the court made it eminently clear it needs all the good information it can get.


CIPPIC needs to nail Voltage on two contentions:

  • The first is that it is technically impossible to use the data collected by Canipre to identify with any confidence TSI customers who may have infringed Voltage’s IP via BitTorrent networks.
  • The second is that Voltage is acting in bad faith and has no intention of using the court’s resources to go to trial, but is only using these resources to prop up its well-established extortion racket.

The first contention rests on the highly complex nature of transfers of data from one point to another on the public Internet. Trolls like Voltage would like you to think this stuff is straightforward; their extortion racket depends on it. Thus, in their original Statement of Claim (pdf uploaded here), Voltage writes as follows (para 9):

Through a forensic investigation, the Plaintiff has identified the Defendants (identified by their Internet Protocol (“IP”) addresses), as having participated through P2P networks in the unauthorised copying and distribution of Voltage’s Works. An IP address is a unique numerical identifier assigned to an internet user by that user’s internet service provider (“ISP”). Once the Plaintiff obtains the Defendants’ contact information from their ISPs, it will be able to name those Defendants as parties to this claim (my emphasis).

lethbridgeWhoever wrote this nonsense should be fired for alleging that a numeric IP is a unique identifier “assigned to an internet user.” Enter Timothy Lethbridge, professor of software engineering and computer science at the University of Ottawa. Lethbridge has provided CIPPIC with an extremely clear, well written affidavit which spells out the many disconnects between the kind of traffic data collected by Canipre and actual human culprits. Lethbridge is nothing if not well qualified: full professorship, PEng designation, over 25 years teaching experience, over 100 peer-reviewed papers (the affidavits are available here; Lethbridge’s academic homepage is here).

Lethbridge outlines eight technical reasons as to why “an IP address can not be relied on to identify an individual Internet user” (see paras 7-15 inclusive):

  1. ISPs may change their customers’ IP addresses over time.
  2. End-users can release an IP and get a different one.
  3. Users running an unprotected WiFi network may be sharing their connection with neighbors.
  4. Friends and visitors may share a home WiFi network, protected or not.
  5. One home account may have several regular users.
  6. End-users may employ VPNs or anonymizers to cloak their activities, often for purely licit motives (like protecting dissidents).
  7. Tethered connections that use a cellular network may change the IP address on every re-connect.
  8. Bad actors can make home PCs into platforms for malicious use, as in the deployment of botnets.

Lethbridge concludes: “If something wrongful is alleged to have happened through an IP address it would be impossible to conclude that any one individual was responsible without additional evidence obtained by examining the actual computers involved.”

BitTorrent. The second half of the Lethbridge affidavit covers the BitTorrent file-sharing protocol. I’ve long argued that one of the most harmful effects of the hysteria provoked by big content owners is the demonization of otherwise highly valuable technologies, like BitTorrent. And Lethbridge indeed points out (para 25) that BitTorrent is “used legitimately to help distribute content you have created (or have a license to), and others want to access.”

More to the point, however, is Lethbridge’s assertion that identifying individuals participating in a BitTorrent swarm “is not possible merely from the data one might extract from an examination of the Internet connection data of the participants” (para 28). This basic barrier to the easy mapping Voltage would have you believe in is exacerbated by several routine networking techniques, including store-and-forward, caching and load balancing.

Good luck to Voltage cross-examining this guy.

2nd affidavit: Voltage filed 22 US lawsuits against more than 28,000 defendants

As I mentioned above, one of CIPPIC’s major goals in court will be to demonstrate that the plaintiff has mounted its action in bad faith, i.e. it intends to use the court’s resources not to try the issues but merely to gain access to the contact information of those TekSavvy customers it alleges have violated its copyrights. What would be a good way to convince the presiding judge she is dealing with a party out to waste the court’s time, not to mention burdening it with hundreds of individual claims in one fell swoop? A good start would be the record of Voltage’s established modus operandi in numerous American jurisdictions.

The burden of the second affidavit is thus to lay out a history of Voltage’s prior behavior as a plaintiff and what that portends for the present case. The affiant here, Alexander Cooke, is an articling student working at CIPPIC who has already earned three degrees, including an LLM from the London School of Economics. His job was to comb through online legal sources to gather a record of Voltage’s prior filings in US courts.

What Cooke has gathered is the opening page of 22 prior filesharing suits launched by Voltage, most of which name John Doe’s as defendants, which together add up to at least 28,271 individuals. Even more astonishing, those lawsuits go back less than three years (34 months), the first one being dated May 24, 2010.

Most of the exhibits in the affidavit do not specify the movie or movies that were alleged to have been shared illegally. The Hurt Locker is mentioned twice; something called Puncture is mentioned once. The Hurt Locker was a big hit in critical terms, having won six Oscars. But its lifetime gross worldwide was a mere $$49,230,772, and to get into the top-grossing top 100 a movie needs to pull in at least $100 million worldwide. As for Puncture, well, its gross was a cool $68,945.

Here’s another perspective that emerges from the exhibits. As I count them, these 22 cases were spread over 12 different jurisdictions, as follows: District of Columbia; Virginia (Eastern, Western, Northern and Southern Districts); Florida; Georgia; New Jersey; Ohio (Northern and Southern Districts); Tennessee; and Oregon.

What are we to make of all these machinations? First of all, there’s a lot of context CIPPIC will need to fill in when court resumes. For example, it appears that the thousands of US suits against alleged pirates of The Hurt Locker were dropped. Many of the suits were to be settled out of court for a fee of $1,500. Is that what Voltage plans for Canada?

Even if some or all of the Canadian defendants do get identified and a trial goes forward, the presiding judge can levy a statutory fine of as little as $100. Voltage (I understand) would have to pay $150 a head just to register each case; possibly pay six figures in TekSavvy’s costs; and presumably keep something aside to pay their lawyers. My guess is Voltage would be much happier convincing the court to order TekSavvy to disclose its customer contact information, then try to extract a “settlement” from individuals who don’t know what their real liability might turn out to be – if anything.

Looks like we’ve got a rousing fight in store. See you in court.