After two movie companies demanded that VPN provider OVPN preserve data relating to an IP address used by The Pirate Bay, the parties have been arguing the case in court. In an early victory for OVPN, the court has now ruled that the financial penalties demanded by the movie outfits are inappropriate because the VPN asserts it has no useful information to hand over.
Movie companies Svensk Filmindustri and Nordisk Film are on a mission to find out more about the operators and location of The Pirate Bay.
After obtaining an injunction against Swedish ISP Obenetwork, it later transpired that an IP address used by The Pirate Bay was actually owned by VPN provider OVPN. After the first injunction was thrown out, the companies and anti-piracy partner Rights Alliance filed for another, this time targeting OVPN.
As promised, OVPN is putting up a fight in court on several fronts, arguing that as a no-logs provider it has no information to hand over and since it isn’t an ISP, it doesn’t have to log anyway.
Despite all of this, the application for injunction requested “security measures”, demanding that OVPN should face financial penalties if it deleted information showing who was using the IP address in question at a specified time, their name and address, how long they had used the service, and how much money was paid.
Earlier this month, both parties made submissions to the court arguing their positions.
Arguments Made by the Movie Companies and Rights Alliance
“By providing the relevant service, OVPN are part of the group of actors that are obliged to disclose information in accordance with Section 53c of the Copyright Act, regardless of whether it is defined as an electronic communications service or other service used in the intrusion or infringement,” their submission reads.
The applicants also noted comments made by Obenetwork in the failed injunction, where the ISP stated that the requirement to log data lies not with them, but with the service provider closest to the end customer. According to the movie companies, Obnetwork pointed the finger towards OVPN.
“It is of particular importance that the security measure be approved, as it is unclear how long the defendant will save the data and there is a risk that the data will be lost, which would mean that the applicants would suffer irreparable damage and lose the opportunity to investigate the current intrusion,” they continued.
OVPN’s Arguments in Response
“The basic and absolutely crucial objection to the request for security measures (and the information injunction) is still that OVPN does not have the current information,” the company informed the court.
“The applicants now appear to admit that OVPN’s provision of VPN services do not in themselves constitute an electronic communications service, with a storage obligation according to law. The applicants argue, however, that OVPN’s services would be covered by ‘other service’ within the meaning of the law in question.”
OVPN contests this definition by the applicants, noting that just because Obenetwork identified itself as the wrong party to approach for information in the first instance, that doesn’t constitute evidence of OVPN being the right party. Furthermore, even though OVPN is an LIR (local internet registry) with IP addresses assigned to it, that doesn’t automatically make it an ‘Internet operator’.
“The European organization RIPE allocates IP addresses to its members. Among the Swedish members of RIPE are the National Agency for Education, Special Pedagogical School Unit, the e-health authority, several Swedish municipalities and municipal companies, universities, etc, which are obviously not Internet operators either,” the provider explained.
Finally, OVPN comes back to perhaps the main point undermining the application for “security measures” safeguarding the storage of information related to the IP address in question, allegedly used by The Pirate Bay. This data cannot be deleted since it does not exist, so any “security measure” to preserve it would be ineffective.
Judgment of the Court on the Application For Security Measures
The court begins by referencing Section 53c of the Copyright Act which states that if an applicant has shown that a copyright infringement has been committed, a court can order a person who, on a commercial scale, has provided a service that has been used infringe, to provide information related to that infringement.
In cases of particular importance, a court can weigh the interests of the parties and if required, order proportionate security/precautionary measures to be put in place until the case has been decided. In this matter, however, the court notes that OVPN says it has no data to preserve and the applicants have provided no evidence to the contrary.
“The precautionary measure demanded by the applicants is that the court should prohibit OVPN from destroying the information referred to in the information injunction. The applicants’ request is thus an achievement which, according to what the investigation preliminarily shows, is impossible for OVPN perform, ie. to refrain from destroying information that the company does not have access to,” the court notes.
“In the light of the foregoing, the court considers that overall it does not appear there are circumstances of particular importance which give rise to a decision on a security measure. The application for security measures must therefore be rejected.”
The decision against imposing security measures and associated penalties was welcomed by OVPN’s David Wibergh.
“Rights Alliance has three weeks to appeal if they desire. If not, we’ll move on to the information request,” he told TorrentFreak.
Whether Rights Alliance will appeal the decision is unclear but the notion of imposing penalties on a company for deleting data that it doesn’t have seems counterintuitive at the very least. With that in mind, the pending demand for disclosing that data under an information injunction might also prove less than straightforward.