part of their actual damages, the reasonable licensing fee Tri-State avoided in implementing the
crack.^1420
The magistrate then turned to the plaintiffs’ claim for statutory damages under Section
1203(c)(3)(A) for the circumventions accomplished by the crack. The plaintiffs argued that a
separate, distinct act of circumvention took place each time a user logged into the modified
system, because the crack functioned by launching a script when a user logged in that bypassed
the Passport security system. The plaintiff therefore claimed that it was entitled to statutory
damages based on 17,394 logins, carrying statutory damages ranging from a minimum of
$3,478,800 to a maximum of $43,485,000. The defendants argued that, regardless of how the
crack operated, the modification of the software was the only legally cognizable act of
circumvention. The court reviewed the applicable precedent, and particularly the Stockwire case
discussed above, and concluded that the plaintiffs’ suggested approach was the correct one.^1421
“Here, after the Crack was implemented, it was Tri-State’s employees, not third-party end-users,
who then circumvented plaintiffs’ software. Under these circumstances, the broad language of
the statutory damages provision and the sparse precedent construing that provision support the
conclusion that, assuming plaintiffs’ version of the facts to be true, each user login gave rise to a
separate ‘act of circumvention.’”^1422 Accordingly, the magistrate recommended denial of Tri-
State’s motion for partial summary judgment limiting statutory damages under the DMCA to a
single act of circumvention.^1423
The district court adopted the magistrate’s recommendations in full.^1424 The district court
noted in its opinion that it agreed with the magistrate’s conclusion “that profits generated by use
of a protected work subsequent to an act of circumvention are generally not disgorgeable under
the DMCA. ... [I]t would seem counterintuitive to hold that where the defendant accessed a
protected work through an act of circumvention, a DMCA plaintiff may recover all the profits
attributable to the defendant’s use of that work, without bringing any claim for copyright
infringement, even though the acts of use are not DMCA violations.””^1425 The court expressed
no opinion whether, on similar facts, disgorgement might be appropriate if the plaintiffs could
show that Tri-State used the crack to in fact exceed its prior user limit, and that new capability
caused a demonstrable increase in Tri-State’s sales and revenue. No such showing had been
made here. The court also expressed the belief that, even if the DMCA could be interpreted to
allow for disgorgement of profits generated through subsequent use of the protected material, the
plaintiffs had not drawn an adequate connection between Tri-State’s gross profits and the
Genesys/UniBasic software or the crack – merely showing that the software was an important
tool in the internal operations of Tri-State’s business did not establish a sufficient causal
(^1420) Id. at 31-34.
(^1421) Id. at 35-42.
(^1422) Id. at 42-43.
(^1423) Id. at 50.
(^1424) Point 4 Data Corp. v. Tri-State Surgical Supply & Equipment, Ltd., 2012 U.S. Dist. LEXIS 113997 (E.D.N.Y.
Aug. 13, 2012).
(^1425) Id. at *4.