Nintendo play ISP blocking to win

Nintendo is a well-known Japanese company that designs, manufactures and sells video games consoles, accessories and software. One of its most successful products is the Nintendo Switch, having sold millions of consoles in the UK. Nintendo brought a claim, in the UK High Court (Chancery Division), for an injunction seeking that five UK ISP’s block access to four target website that advertised, distributed and offered for sale devices that allowed technical protection measures on the Nintendo Switch games console to be circumvented.

The Nintendo Switch

Two of the target websites were operated by the parties responsible for developing the circumvention devices. The third and fourth websites were operated by UK re-sellers of the circumvention devices. All four websites used Nintendo’s trade marks. The case was heard by Justice Arnold on the 10th September 2019.

Basis for the Injunction

Justice Arnold, who we know is the expert on these types of injunctions, noted that following the Cartier case, relying on the protection of trade mark rights as a basis for an application for an injunction of this nature is straightforward. However, the novelty of this application was that Nintendo relied not only on its trade mark rights but also on the statutory protection given by sections 296ZD and 296 of the Copyright, Designs and Patents Act 1988 against the circumvention of copyright protection measures.

Nintendo accepted that these rights were not themselves intellectual property rights and therefore fell outside the ambit of European Parliament and Council Directive 2004/48/EC of 29 April 2004 on the enforcement of intellectual property rights. Nevertheless, Nintendo contended that the reasoning of the Supreme Court in Cartier demonstrated that this is no obstacle to the present application.

Nintendo's TPMs

Nintendo employ symmetric and asymmetric encryption to protect their copyright works in Nintendo Switch games. A purchaser is supplied with the encrypted game and a unique title key which is itself encrypted using a common key, and further encrypted using a device key unique to the individual console. The title key may then be decrypted by the authorised user first using the device key then the common key, the decrypted title key is then deployed to decrypt the game itself. Encryption is also used to create a digital signature that ensures that the source of the software being supplied is authorised. 

So many technical protection measures
alas no technical protection
Image: minxlj

Nevertheless, third parties discovered that they can circumvent all of these TPMs by installing custom firmware on the Nintendo Switch. NCL implemented a change to the Nintendo Switch to prevent this in June 2018, but there remains a substantial number of the earlier consoles in circulation and there is evidence of active attempts being made to circumvent the TPMs even on the post-June 2018 Nintendo Switches. The circumvention devices consist of the SX Pro, which comprises a USB dongle and a jig tool, together with software called SX OS. Having purchased an SX Pro a user can download SX OS from the first of the Target Websites onto a blank microSD card which they then insert into their Nintendo Switch together with the SX Pro. The user then goes to the second of the Target Websites and, using a licence key stored in the SX Pro, obtains a licence for SX OS, which is then operable on the user's Nintendo Switch.

Trade Mark Infringement

Nintento submitted that the operators of the Target Websites were infringing their Trade Marks under Article 9(2)(a) of Regulation 2017/1001/EU. Arnold agreed that this was beyond dispute that each of the Target Websites were using signs identical to the Trade Marks in the course of trade in relation to goods identical to those for which the Trade Marks are registered without consent. Further, that the use was liable to affect one of the functions of the Trade Marks, and that the Target Websites target the relevant consumers in the UK. It was noted that the majority of consumers would appreciate from all the references to "hacking" that the Target Websites were offering unauthorised products designed to enable circumvention of TPMs, but that the presentation of the websites were likely to deceive a significant number of consumers. In particular the About Us section of the websites gave the impression of legitimacy with the following statement: 

Team Xecuter have developed hardware and software for the Xbox Scene since 2001. The initial roots of the group were based on the Xbox homebrew hacking scene, however where we started as a small group of hardcore enthusiasts dealing with extremely gray area market products, we have now grown into a large electrical manufacturer that develops products for many companies around the world. Our heart still lies within the games console community and we are always active in developing new and innovative products that we ourselves use in our gaming lives. Whereas we have long digressed from trading in areas that have now been made illegal in most countries over the years, our ambition is to continue to product quality items at an affordable price.

It was also accepted by the court that Nintendo’s trade marks were infringed pursuant to Article 9(2)(c), since their marks benefit from a very substantial reputation as a result of the use made of them and that the use by the Target Websites took unfair advantage of that reputation by intentionally exploiting it in order to sell the circumvention devices.

Circumvention of the TPMs

Nintendo relied on sections 296ZD and 296 CDPA88, which implement Article 6 of the Information Society Directive 2001/29/EC and Article 7(1)(c) of the Software Directive 2009/24/EC. In Case Nintendo v PC Box C-355/12 [Kat Posts here], the CJEU explained that Art 6 is to be interpreted broadly and "includes application of an access control or protection process, such as encryption, scrambling or other transformation of the work". Arnold accepted Nintendo's submission that this included the TPMs in this case, which encrypt the video games including their artwork, text, and soundtracks to prevent unauthorised copies being created or played on the Nintendo Switch console.

Cat and Mouse, the gaming edition
Image: Lisa Zins

Since the circumvention devices were expressly stated to be for hacking the Nintendo Switch, the target websites clearly fell within Section 296ZD (1)(b) CDPA 1988 which requires that "a person knowing or having reason to believe that it will be used to make infringing copies- (i) manufactures for sale or hire, imports, distributes, sells or lets for hire, offers or exposes for sale or hire, advertises for sale or hire or has in his possession for commercial purposes any means the sole intended purpose of which is to facilitate the unauthorised removal or circumvention of the technical device; or (ii) publishes information intended to enable or assist persons to remove or circumvent the technical device."

Further, the court considered that Nintendo had standing to sue on all three of the sub-sections 2(a), (b) and (c) - "(a) a person-- (i) issuing to the public copies of, or (ii) communicating to the public, the computer program to which the technical device has been applied; (b) the copyright owner or his exclusive licensee, if he is not the person specified in paragraph (a); (c) the owner or exclusive licensee of any intellectual property right in the technical device applied to the computer program."

Therefore, Arnold held that Nintendo had good claims against the operators of the Target Websites under sections 296ZD and 296 CDPA88 as well as for infringement of the Trade Marks.

Granting the Injunction

There are four threshold conditions which need to be satisfied in order for a website-blocking injunction to be granted: 1) the defendants are intermediaries within the meaning of Art 11 of the Enforcement Directive, 2) the users and/or operators of the website are infringing the claimants' IP rights, 3) those users and/or operators are using the defendants' services to infringe; and 4) the defendants have actual knowledge of this (which may be as a result of notification by the rights holder)

It was accepted that 1) the Defendants were intermediaries; 2) the operators of the target websites were infringing Nintendo's rights in the UK; 3) the operators were using the Defendants' services to do this; and 4) the Defendants had actual knowledge of this, because they had been notified by Nintendo.

In deciding whether to grant a website-blocking injunction the court must consider eight criteria over and above the threshold conditions. The injunction must be (1) necessary, (2) effective, (3) dissuasive, (4) not unduly costly or complicated, (5) avoid barriers to legitimate trade, (6) a fair balance between the fundamental rights engaged, (7) proportionate and (8) safeguarded against abuse. Of these factors, proportionality is the key one, since consideration of the other factors feeds into the proportionality analysis.

The court agreed with the counsel for Nintendo submitted that the same factors should be considered in a case based on other kinds of rights. Although the criteria are largely drawn from the Enforcement Directive, it can be seen from the jurisprudence of the CJEU that they largely reflect general principles of EU law, and to some extent principles of European human rights law. Moreover, there is no reason of principle why an application based on other kinds of rights should be subject to either more or less stringent criteria. Arnold accepted Nintendo’s submission that the criteria were satisfied because, in summary:

1. The injunction sought was necessary to prevent, or at least reduce, substantial damage to Nintendo. Nintendo has sustained significant loss due to substantial sales of the circumvention devices and pirated games. No alternative measures were realistically available since; the operators of the websites are not identified, cease and desist letters had been ignored, except that two of the websites changed their URLs, take-down requests to the relevant hosting providers had been ignored and take-down requests sent to platforms such as YouTube, Amazon and ebay were actioned, but the relevant listings were replaced with new ones.
2. As set out in Cartier, although quite easily circumvented, blocking injunctions are effective in reducing traffic to the target websites.
3. Similarly, blocking injunctions are dissuasive and the Defendants are required to display information about the block, which helps to dissuade users.
4. Blocking injunctions are not difficult for the Defendants to implement. They already have the necessary technology and, as a result of the Supreme Court decision in Cartier, Nintendo must bear the Defendants' incremental costs of implementing the injunction.
5. The injunction has no impact on legitimate trade, because none of the target websites carry on any legitimate trade.
6. The injunction strikes a fair balance between protecting Nintendo's rights and the rights engaged, because the Defendants' right to carry on business is unaffected and the public has no legitimate interest in being informed about or purchasing circumvention devices whose sole purpose is to circumvent Nintendo's TPMs and infringe its rights to Nintendo's detriment.
7. As such, the injunction is proportionate.
8. The order proposed by Nintendo contained the usual safeguards adopted in previous cases.

Therefore, Nintendo’s order was granted.