7.11.1 RIAA v individual P2P music file sharers

When Napster came along it took the music industry by surprise. Napster very quickly developed a massive subscriber base, with some estimates suggesting that it had 60 million users at its height. Then the music industry sued and Napster was shut down. In some ways the case was easy because Napster relied on a central database that facilitated the copyright-infringing file sharing. Meanwhile, however, a number of other P2P file-sharing services with more distributed architectures than Napster have established themselves, and music swapping continues on a massive scale.

The RIAA are keen to control the amount of file sharing going on, as they believe it is having a direct impact on the market for music CDs. And although the internet provides the facility for the file sharing, it also provides the RIAA with the technology to track those file sharers using the very software that is facilitating the copying, as well as other established digital forensic techniques.

However, although the RIAA can track the IP addresses of the computers that contain the apparent infringing copies of music files, the individual users are still difficult to identify given the current architecture of the internet. So the RIAA need to get the ISPs, which provide the P2P users with their internet access, to identify these people. With this in mind the RIAA, in August 2002, took out a test case against a large ISP called Verizon. The RIAA requested that the court issue an order compelling the company to identify a Verizon customer who had allegedly swapped songs illegally using Kazaa. Verizon fought, because they were concerned about:

  1. the privacy of their customers;

  2. the possibility that they, and other ISPs, might become legally liable, in practice, for the online conduct of their customers, and by default be required to undertake the responsibility and costs of policing the Net;

  3. the operational costs associated with the potential need to respond to large numbers of requests from the music industry to identify alleged copyright infringers, which would be substantial;

  4. their customers holding them responsible and suing for any damaging consequences arising out of the disclosure of personal details.

Verizon lost its appeal in June 2003 and was obliged to hand over the customer details. This meant that Section 512(h) of the DMCA gave copyright holders the power to get subpoenas issued by court clerks, without judicial oversight, in order to identify alleged copyright infringers through ISPs. Verizon appealed again and this appeal came to court in mid September 2003. In December 2003 the Appeal Court sided with Verizon. The Appeal Court judges said that if Verizon was not actually storing copyright infringing material on their servers (but only acting ‘as a mere conduit for the transmission of information sent by others’), they did not have to hand over customer identities in response to Section 512(h) subpoenas. The RIAA are contesting the decision.

There is some evidence to suggest that the RIAA's campaign of pursuing individuals through their ISPs has led to a reduction in the overall volume of music swapping on P2P networks. The Appeal Court ruling, however, meant that they had further hurdles to overcome before being able to identify specific legal targets. Two other ISPs – SBC Communications (Pacific Bell) and Charter Communications – and the American Civil Liberties Union (ACLU) had, by this time, also decided to fight the RIAA subpoenas in court. The ACLU, under the auspices of protecting personal privacy, took up the case of an individual student accused of copyright infringement, and numerous other civil liberties groups, like the EFF, had been actively involved in supporting Verizon and Charter on similar grounds. The US Department of Justice and the Copyright Office, on the other hand, are supporting the RIAA, and in January 2004 they filed an amicus brief in the Charter Communications case, effectively saying that the appeal court judges got the Verizon decision wrong. Charter prevailed in the Appeal Court in January 2005.

By August 2004 the RIAA had sued thousands of individuals who, on average, allegedly had more than 1000 songs on their computer hard drives, and they settled with about 600 of those, out of court, for an average of about $3,000. They also had thousands of subpoenas issued, requiring ISPs to hand over customer details.

There has been a flurry of complex legal activity surrounding the RIAA P2P cases, and the situation continues to evolve. Neither is it limited to the US. Music industry trade associations in Australia and Canada have also been suing ISPs. File-sharing sites have been shut down in Spain and Taiwan, for example. The Canadian Copyright Board declared the downloading of copyright-protected music legal under Canadian law in December 2003, although they said that uploading copyrighted songs to file-sharing networks was illegal.

The situation in the EU is fluid, with the gradual implementation throughout the member states of the 2001 copyright directive (2001/29/EC) and the approval of a new intellectual property rights enforcement directive in March 2004. Arguably, the implementation of the 2001 directive into UK law in the autumn of 2003 could be interpreted as meaning that P2P song swappers could be liable to a maximum of two years in jail. However, a government minister from the Department for Trade and Industry, Stephen Timms, said in Parliament in February 2004 that:

In the UK, the British Phonographic Industry (BPI) launched a campaign in March 2004 against music sharing on the Net, and are also threatening court action. Also in March, recording industry associations in Denmark, Canada, Germany and Italy affiliated to the International Federation of the Phonographic Industry (IFPI) brought legal actions against 247 individuals. We are likely to see more of these cases.

Most of the people being sued by the music industry are alleged to be swapping music on a large scale and can be presented as blatant violators. But a 12-year-old New York girl was one of the defendants, and that did not go down too well from a public relations perspective. The girl's mother settled out of court within 24 hours of the case being widely reported, by apologising and paying $2,000. Another case against a pensioner who didn't own a computer was one of a number of cases, which the RIAA later dropped, where individuals have been wrongly accused.

By the end of 2008 the RIAA had sued, threatened or settled with more than 30,000 individuals. There have also been a variety of attempts to get the law changed to tackle copyright infringement via peer to peer networks. The music industry worldwide was also lobbying for “3 strikes” legal regimes whereby ISPs would be asked to send warning letters to suspected file sharers and then cut off their internet connection if the apparent file sharing continued.

Further reading: There is a huge amount of material available on the Web on this story. Just a few sites worth checking out are:

  • EFF

  • RIAA

  • BBC

  • IFPI

Update: In the autumn of 2007 the music industry won damages of $222,000 from a woman proven to have shared 24 songs via P2P network. That's $9,250 per song, and she will also be obliged to pay the industry's legal costs. She appealed the decision, technically on constitutional ‘due process’ grounds but essentially claiming the award is disproportionate to the damage caused by her (now) admitted infringing activity. In September 2008 the judge declared a mistrial in the case on the grounds that he had inadvertently misdirected the jury. The RIAA lost its appeal of that decision in December 2008. In June 2009 the jury in the retrial increased the damages to $1.92 million ($80,000 per song).

The OLGA story referred to in Chapter 11 of The Future of Ideas alludes to the power of the ‘cease and desist’ letter. The next subsection contains a bit more information on this common form of legal threat.

7.11 Copyright Bots, OLGA and the power to monitor and police content on the Net

7.12 The cease and desist game