Usage of VPNs is increasing rapidly. Even just a few years back, they were most commonly associated with hackers, political dissidents, and others who had good reason to hide their identity online. Today, however, the average computer user is taking security more seriously than ever, and previously niche technologies like cryptography are becoming popular: More than a million students signed up for a cryptography course offered by Stanford this month, much to the surprise of college administrators.

However, it is the rise of online streaming services, and the low cost of VPNs, that has been the major driving force behind VPNs going mainstream. Perhaps their most common use today is to get around country-specific limitations on content. Netflix, for instance, offers far more content in the US than it does in other regions, despite the fact that it is now available in more than 130 countries.

Virtual Private Networks (VPNs) allow users to hide their location, or make it appear as though they are in a different country to the one they are actually in. Using this capability to get around geographic limitations is known as geoblocking.

The legality of geoblocking is still a grey area, and different legislation applies in each country. While some have suggested that deliberately circumventing geographical blocks constitutes copyright infringement, the picture is far from clear.

Today, I’ll take you through the legal situation in a few key territories. Before I start, though, it is worth noting two points.

The first is that the use of a VPN, in itself, is not illegal: it is only when they are used to circumvent other legal restrictions that such issue arise. The second is that geoblocking, while not fully illegal in many territories, is certainly an infringement of streaming services’ terms of use. While you may not end up in court if you stream US Netflix from India (though your ISP may ban you according to India’s latest privacy laws), if the company finds out they will likely block your account.

In The US

The legal situation around circumventing geoblocks in the US is complex. There is an argument that merely watching a stream, where no data is stored on a user’s computer, does not violate the right to reproduce, since technically no data is being copied. However, whether copyrighted material is copied to a computer, and how long it is stored for, depends on the technical setup of the streaming service and software in use.

This has led to some seemingly contradictory rulings. In MAI Systems Corp. v. Peak Computer Inc., the US Court of Appeals for the Ninth Circuit ruled that code loaded into RAM is a copy, because it is possible to re-play it, or share it. This would suggest that, no matter how long data is stored for, streaming still constitutes unauthorized copying.

On the other hand, in Cartoon Network LP, LLLP v. CSC Holdings, Inc., the Second Circuit court found that since such data is stored only temporarily, sharing it was not against the law. The court said that a copy must be an “embodiment” (ie, the way the data is used), which this data is, but also that it “must exist for more than a transitory duration”, which it doesn’t. In plain English: because the copy existed for a short period of time, it was not a violation of copyright law.

The lack of clarity in this area is mirrored by others, such as whether geoblocks constitute an “effective” security measure that it is therefore illegal to circumvent. The problem is partly caused by the lack of cases in this area, and it is expected that as more cases are brought the picture will become clearer.

In Other Countries

In Canada, the situation is a little clearer. Courts there have generally held that caching files on a local computer is not a violation of the right to reproduce. However, using a VPN to circumvent geoblocks might violate the law on getting around technical limitations.

This situation, though slightly clearer than in the US, could also lead to some strange outcomes in the coming years. Because overtly illegal streaming sites do not put in place any “technical limitations”, they would be completely legal to use via a VPN. However, Netflix and other “legitimate” sites have limitations in place, and so using a VPN to access these may be illegal.

In Australia, the situation is somewhat similar to that in Canada. It has been generally found that streaming content through a VPN does not infringe copyright. However, this might be complicated if the content is watched in a public space, because Section 22(6) of the Australian Copyright Act states that a communication is deemed to have been made “by the person responsible for determining the content of the communication” (Copyright Act 1968 (Cth) s 22 ss 6 (Austl.). A person clicking on a streaming link would therefore be in violation of the public display statutes.

In contrast, in the UK using a VPN to get around geoblocks is likely illegal, whether data is stored or not. This is because, under UK law, the fact that content is displayed on a screen constitutes a copyright infringement, no matter how much data is stored or how long it is stored for. Further, because using a VPN breaks the terms of service of many streaming services, some feel that this strips the user of legal rights to view this content, and therefore violates copyright.

The Future

In truth, it is unlikely that this confusing situation is going to be cleared up anytime soon. In part, this is because of the relatively low numbers of cases that come up in this area. It is simply not worth going after individual users who stream content through a VPN, even if they can be identified.

For the foreseeable future, then, it is likely that conflicts over the use of VPNs to stream copyrighted content will be dealt with in reference to individual companies’ terms of use, rather than by recourse to the criminal law.

Sam Bocetta
Sam Bocetta is a freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyberwarfare, cyberdefense, and cryptography. He is a retired defense analyst for the Navy, former consultant at Baird Capital's U.S. Private Equities division, and currently an independent journalist for Privacy Australia.