circumvention.^1160 The plaintiff was the owner of data processing software for credit unions
called RCO-1 that it licensed to the defendant. The defendant CUI hired some developers to
develop a replacement program for RCO-1 and, to aid development, allowed the developers to
gain access to RCO-1 using valid usernames and passwords issued to CUI. The plaintiff claimed
that such unauthorized access violated the DMCA. The court rejected this claim, finding the
case indistinguishable from I.M.S. and the reasoning of I.M.S. persuasive. The court also noted
that the license agreement between the plaintiff and CUI did not set any restrictions regarding
issuance of usernames and passwords, so that the plaintiff could not even show that CUI’s use of
its usernames and passwords was unauthorized.^1161 “Simply put, CUI did not circumvent or
bypass any technological measures of the RCO software – it merely used a username and
password – the approved methodology – to access the software.”^1162
(xix) Avaya v. Telecom LabsIn this case, the court refused to decide on a motion for summary judgment the issue
addressed in the I.M.S. case of whether unauthorized use of a valid password to gain access to
software constitutes a violation of the DMCA.^1163 The plaintiff Avaya sold PBX systems with
maintenance software embedded in them. When selling a new system, Avaya supplied the
customer with a set of default passwords that the customer used to first log in to the system.
Avaya alleged that the passwords were used without authorization by the defendants to log in
and gain access to Avaya’s maintenance software. Defendants moved for summary judgment
that use of valid logins to gain access to software does not violate the DMCA. The court ruled
that summary judgment was not appropriate because granting the motion would not result in
dismissal of any portion of Avaya’s DMCA claims from the case. All that would be resolved
would be the abstract issue of whether use of valid logins does not violate the DMCA. Because
Avaya had not identified a single, specific PBX to which the alleged illegal conduct was applied,
ruling on the motion would have no effect until such time as the defendants could prove which of
the PBXs at issue were accessed with the known, valid logins that they alleged were immune
from DMCA liability.^1164 “Avaya’s DMCA claims may or may not have merit, but a summary
judgment rendered on a discrete set of facts that have yet to be proven is not the proper vehicle
for that determination.”^1165
(xx) Actuate v. IBMIn Actuate Corp. v. International Business Machines Corp.,^1166 Actuate alleged that
IBM’s unauthorized posting on an IBM web site of Actuate’s copyrighted software for
(^1160) R.C. Olmstead, Inc. v. CU Interface, LLC, 2009 U.S. Dist. LEXIS 87705 (N.D. Ohio Mar. 27, 2009).
(^1161) Id. at 21-24.
(^1162) Id. at 24.
(^1163) Avaya, Inc. v. Telecom Labs, Inc., 2009 U.S. Dist. LEXIS 82609 (D.N.J. Sept. 9, 2009).
(^1164) Id. at 2 & 10-13.
(^1165) Id. at *13.
(^1166) 2010 U.S. Dist. LEXIS 33095 (N.D. Cal. Apr. 5, 2010).