A group of over two dozen film studios has repeatedly taken popular VPN providers to court, sometimes extracting judgements worth millions of dollars in damages. While piracy remains the central issue, recent legal arguments employed by Hollywood studios have surpassed accusations of copyright infringement and delved into dirtier waters.
Filmmakers attempting to recoup revenue lost to piracy have long alleged that VPN companies both encourage online piracy and have clear-cut evidence that their customers are abusing the privacy and security provided by virtual private networks. But court records show that studios’ legal teams have also accused VPN providers of enabling illegal activity far beyond copyright infringement and, legal experts say, are challenging the notion that VPNs should exist at all.
In March, 26 film companies brought allegations against ExpressVPN and Private Internet Access (PIA), popular “no-log” VPN companies owned by Kape Technologies. The plaintiffs include production companies like Millennium, Voltage, and others behind a slate of popular films. The lawsuit centers on allegations of user piracy. However, court documents reviewed by WIRED reveal plaintiffs arguing that these VPN providers refuse to prevent users from using their services to commit serious illegal acts and run marketing campaigns that openly “boast” that law enforcement is unable to extract any information about their users.
Generally speaking, VPNs give users greater privacy protections by encrypting their online activity and rerouting it through the company’s servers, concealing their IP addresses. Many VPN providers, including ExpressVPN and PIA, claim to maintain “no logs” of their users’ internet activities. This means VPN providers can’t access data to turn over to police or comply with copyright infringement claims. Similar to arguments against comprehensive encryption, the film companies paint VPN providers as culpable in any crimes committed while using their services.
“Emboldened by Defendants’ promises that their identities cannot be disclosed, Defendants’ end users use their VPN services not only to engage in widespread movie piracy, but other outrageous criminal conduct such as harassment, illegal hacking and murder,” reads the lawsuit, filed in US District Court in Colorado. “When these crimes become public, Defendants use these tragic incidents as opportunities to boast about their VPN services.”
The VPN companies responded in court filings that the “inflammatory topics” plaintiffs evoked are irrelevant to copyright infringement. Allegations as far afield as “hacking, stalking, bomb threats, political assassinations, child pornography, and anonymous online message board posts full of hate speech and appearing to encourage violence and murder” are a ploy to portray the VPNs in “a cruelly derogatory light," argue the VPNs’ legal teams.
Beyond vague examples of heinous crimes, the court filing mentions an Express VPN subscriber admitting to downloading child sexual abuse material (CSAM). The film companies also call out the personal political views or activities of those employed by the VPN companies. Specifically, they focus on Rick Falkvinge, who’s known for his political views and arguments that CSAM should be legal. Falkvinge previously served as PIA's “head of privacy” and created the political Pirate Party. He has repeatedly advocated for reforms to copyright laws, calling “copying and sharing” a “natural right.”
“Any opinions expressed by Rick Falkvinge are his own and not a reflection of PIA or its beliefs as a company. In particular, PIA in no way condones child sexual abuse or exploitation of any form,” a PIA spokesperson said in a statement to WIRED. An ExpressVPN spokesperson added that its policies strictly forbid anyone using its service to traffic in CSAM.
PIA’s attorney argues that the allegations that it aids serious illegal activity must be stricken from the case because they are completely irrelevant and “serve only to inflame emotions in a misguided attempt to prejudice the Court and the public against the defendants by false association with the non-parties whose conduct is described in these paragraphs.”
ExpressVPN and PIA further denied the production companies' broad allegations. An ExpressVPN spokesperson said the court had dismissed the claims in the filmmakers' suit but was not able to disclose the terms of the settlement. The spokesperson also emphasized that the “operation of ExpressVPN’s service has not been changed or otherwise impacted in any way relevant to the parties’ dispute.”
PIA maintained that this litigation jeopardizes user privacy and that it will therefore keep fighting in court. “We assert that the use of VPNs is a legitimate way to protect one’s online privacy—a fundamental human right, which is increasingly in jeopardy of infringement,” the company said.
Legal counsel representing the movie studios did not respond to WIRED’s request for comment.
While Hollywood has waged legal battles around the globe for years, its fights against the VPN industry in the US ramped up last year. VPN company TorGuard, for example, landed in legal hot water with the same group of plaintiffs who successfully forced the VPN provider into blocking BitTorrent traffic for its US users. And in October 2021, VPN.ht also “settled” with these filmmakers, agreeing to not only block BitTorrent but also to log traffic on its US servers. Hollywood studios have also taken providers like Surfshark, VPN Unlimited, and Zenmate to court.
Film company Voltage, which is among the group of companies regularly suing VPN providers, goes a step further, mailing letters to internet customers demanding fines for alleged piracy and threatening them with legal action.
In March 2021, some of the same production companies suing ExpressVPN and PIA also sued no-log VPN provider LiquidVPN for “encouraging and facilitating” piracy. Later, the film companies demanded $10 million in damages from the company. A judge issued a default judgment against LiquidVPN this March, ordering it to pay the studios $14 million.
That lawsuit largely centered around LiquidVPN’s fiery marketing practices and claimed that the VPN is “optimized for torrenting” and lets you “unblock ISP banned streams.” These tactics, the studios argued, encouraged illicit use of the service by those willing to bypass legal restrictions around accessing online content. They might be right.
According to the Electronic Frontier Foundation (EFF), an internet civil liberties group, some of Hollywood’s demands are “extreme and not supported by law.” Indeed, in December, a federal court in Florida dismissed a lawsuit against Quadranet, which provided hosting to LiquidVPN, that was brought by many of the same film companies that sued ExpressVPN and PIA. But VPNs are also treading into dangerous territory through their marketing tactics.
“The studios argued that a VPN provider and its hosting company should have had a legal responsibility to monitor what their customers were doing with the service, to see if copyright infringement was going on,” says Mitch Stoltz, a senior staff attorney at EFF. “Not only is that not the law, it would undermine the whole purpose of a VPN service, which is to protect people’s internet communications against eavesdropping.”
Stoltz warns, however, that bold marketing language used by VPNs, such as LiquidVPN’s “optimized for torrenting” claim, can very well be considered “inducement” in a legal context and incur liability for copyright infringement. Fearing the possibility of heavy monetary damages, VPN providers may instead choose to shut down some of their services or settle out of court.
“In contrast, a VPN that doesn’t advertise or encourage infringing uses generally won’t be liable in court even if some users do infringe,” says Stoltz. “That’s an important legal protection for VPN providers, who provide an important service that would be undermined if they were faced with broad monitoring and blocking requirements.”
Correction 3:20pm, April 29: A previous version of this article incorrectly stated Rick Falkvinge's work status with PIA. PIA says Falkvinge has “not been engaged by the company since 2018.” We regret the error.
- 📩 The latest on tech, science, and more: Get our newsletters!
- Sober influencers and the end of alcohol
- For mRNA, Covid vaccines are just the beginning
- The future of the web is AI-generated marketing copy
- Keep your home connected with the best wi-fi routers
- How to limit who can contact you on Instagram
- 👁️ Explore AI like never before with our new database
- 🏃🏽♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers, running gear (including shoes and socks), and best headphones
