Are Lawyers Hackers?

Did a law firm infringe copyright and hack a website? Those were among the charges brought against the US law firm Harding, Earley, Follmer & Frailey, which specializes in intellectual property law, by a patient advocacy organization, Healthcare Advocates, Inc.

The Harding firm had successfully defended a competitor against charges of trademark infringement and misappropriating trade secrets brought by Healthcare. As part of its investigation for its client, the Harding firm searched the Internet for information about Healthcare. They used a website called Internet Archive (www.archive.org) and a tool called the Wayback Machine as part of their search.

Internet Archive is a nonprofit organization that compiles historical records of public websites. Its software crawls the Internet and takes copies that are compiled in its database. Using the Wayback Machine, a user can retrieve the way a website looked on a specific date in the past. A website owner who does not want its website archived and made publicly available can opt out by adding an entry in a standard protective file (robots.txt) on its website. This entry is intended to do two things. It will cause the crawler to deny access to all documents from the website that have been saved in the Wayback Machine and to cease archiving of the site in future.

Healthcare inserted such a protective entry on its website about the time it filed the lawsuit against Harding’s client.

When the Harding firm was hired, it used the Wayback Machine to retrieve and print older versions of Healthcare’s website. Due to a server error, Internet Archive’s servers did not block the archived pages even though the protective entry had been inserted. This gave the Harding firm access to Healthcare’s old webpages. This information was useful in helping the Harding client win the case.

After losing, Healthcare filed a new lawsuit. This time, it was against the Harding firm claiming copyright infringement and violation of the US digital Millennium Copyright Act prohibiting circumvention of protective measures restricting access to copyrighted works. They claimed that the Harding firm infringed copyright by viewing and printing copies of the archived webpages during the earlier lawsuit. They argued that the protective entry was like a digital padlock and the Harding firm did not have the key to the lock. By obtaining and printing the archived pages from Healthcare’s website, they broke the lock and hacked Internet Archive’s servers.

To establish infringement, a copyright holder must show that he owns a valid copyright which a defendant copied without authorization. Healthcare had registered the contents of its website with the US Copyright Office, so the court found that this was evidence of its ownership. The Harding firm acknowledged that it had displayed the copyrighted material on the firm’s computers and printed the archived pages without obtaining Healthcare’s consent. Thus, Healthcare was able to show both elements of the test. But the case does not stop here; showing ownership and unauthorized use is only a threshold requirement.

The Harding firm argued that its action was ‘fair use’ of the material and correctly noted that under US law, if the firm can show fair use, the case must be dismissed.

The Harding firm’s purpose in viewing the archived pages was to determine the merits of the claims made against its client. To do so properly required examination of the pages. Printing the pages was also necessary to provide supporting documentation for the defence they planned to raise for their client. No lawyer can defend a client if such action is not ‘fair use’.

The court agreed. It concluded that it “would be an absurd result if an attorney defending a client against charges of trademark and copyright infringement was not allowed to view and copy publicly available material, especially material that his client was alleged to have infringed”. To emphasize the ludicrousness, in a footnote to its decision, the court noted that the Harding firm had also submitted copies of the archived pages to the court and wondered if such action also constituted infringement of the copyrighted works. But it noted that Healthcare did not make this claim and was relieved that “no court has found that presentation of copyrighted works to a court on which the infringement action is brought constitutes an instance of infringement”.

On the hacking charge, the court observed that the Harding firm used no tool other than a standard web browser to request and gain access to the pages. That they gained access was due to a malfunction in Internet Archive’s servers and not because of some malicious intent to avoid or bypass protective measures taken by Internet Archive. The court found that the Harding firm “did not ‘pick the lock’ and avoid or bypass the protective measure, because there was no lock to pick.” It concluded: “The Harding firm got lucky, because the servers were malfunctioning, but getting lucky is not equivalent to exceeding authorized access.” That claim was also dismissed.

Healthcare’s lawyers indicated they plan to appeal the decision to the Third US Circuit Court of Appeals. Healthcare Advocates, Inc. v. Harding, Earley, Follmer & Frailey, No. 05-3524, United States District Court for the Eastern District of Pennsylvania.