Ramblings on The Idea of RIAA v. John and Jane Filesharer

Edward Felten (here and here) and Seth Finkelstein (here and here) have been musing over the efficiency of different enforcement approaches the mass media copyright-holder associations might use to target peer-to-peer file sharers who share copyrighted material. The Recording Industry Association of America (RIAA) has already sued the companies that create, distribute, and operate filesharing software, but recent activities suggest that it intends to expand its attack to target directly file sharers who infringe.

Ed Felten started the conversation here, wondering whether criminal prosecution of infringing file sharers will increase.

In this January 28th post, Seth Finkelstein anticipates that civil copyright enforcement against individual end-users would cost more money than could be obtained in lawsuits against those users, and that suits against users would probably deter few peer-to-peer file sharers. He writes that those users' Internet Service Providers would be the best enforcement mechanisms available to the RIAA. He also doubts that the government would want to allocate much money to criminal copyright infringement prosecution.

The conversation continued here (Ed) and here (Seth).

A Little DMCA Background

Some readers here are less familiar with this part of the Digital Millenium Copyright Act, so I've included this bit to explain the background law a little.

The DMCA governs the relationship between ISPs and copyright holders. RIAA/MPAA generally can't simply sue ISPs for money damages based on users' activities, but they can obtain the help of ISPs to shut down infringers. 17 U.S.C. sect. 512 protects ISPs who do not directly participate in copyright infringement and who follow certain steps to help identify infringers and to prevent their servers from being used to store infringing material for users.

The recently decided RIAA v. Verizon Internet Services (D.D.C., Jan. 21, 2003) [PDF] case provides a good example of one of those section 512 provisions. 17 U.S.C. sect. 512(h) allows copyright holders to obtain subpoenas requiring ISPs to identify alleged infringers. The subpoena must contain enough information to allow the ISP to identify the infringer. So, if a copyright holder has a record indicating that a user at a particular IP address transmitted or received a copyrighted song at 11:33 p.m. on January 29th, the ISP must search its logs to determine what account used that IP address at that time, and it must reveal that customer information to the copyright holder. Judge John D. Bates of the District Court for the District of Columbia decided in the Verizon case that the subpoena provision applies both when the user stores data on ISP servers and when the user only uses the ISP to transmit data directly to or from the user's computer. Verizon, not anxious to respond to a slew of subpoenas for customer information, had argued that 512(h) applied only when the user stored infringing material on ISP servers.

This provision doesn't give copyright holders majestic new powers; instead, it changes the order of events to make it less expensive and burdensome for copyright holders to identify alleged infringers. Without this provision, the copyright holder could still file a civil complaint against a "John Doe" defendant and obtain the very same sort of subpoena. Now, the copyright holder can identify its would-be defendant before filing its complaint instead of afterward.

Other provisions in section 512 require an ISP to remove infringing material when it receives notice from a copyright holder that a user has placed infringing material on the ISP's servers. As long as the ISP didn't already know or have reasons to know that the material was infringing, and the ISP takes down the infringing material quickly, the copyright holder can't sue the ISP claiming infringement.

Back on Topic

Now, back to the topic of Ed Felten's and Seth Finkelstein's discussion. What is the most efficient way for RIAA members to try to clamp down on peer-to-peer file sharers? Legally, they can sue file sharers, but they cannot sue cooperative ISPs for money damages. They can, however, use cooperative ISPs to identify infringing peer-to-peer file sharers, and they can get injunctions forcing ISPs to disconnect users who copy infringing material.

As Seth notes, suing individual file sharers for money damages would probably not be a financial winner of a plan. Although U.S. copyright law allows for many thousands of dollars in statutory damages (see 17 U.S.C. sect. 504(c)) against almost anyone who illegally shares music, it would probably be difficult to obtain that kind of money from most of the potential defendants. Might it still be worthwhile to engage in a flurry of lawsuits against heavy-duty infringers, in order to deter others? I can't pretend to be able to make that economic judgment, but Seth voices some fairly convincing skepticism about how well that would serve RIAA.

I suspect that we will see some RIAA v. John and Jane Filesharer lawsuits, but it would probably take many in order to have any appreciable deterrent effect. We know from the Verizon case that the RIAA is actively seeking the identities of peer-to-peer file sharers. I also read an article several months ago -- I think in Newsweek -- that described massive online tracking projects funded by MPAA and RIAA designed to track down file sharers enough for ISPs to identify the infringing users. Some sort of civil action against the users seems likely, if only in trial cases.

If RIAA and MPAA do attempt direct suits against file sharers, it will probably be only one prong of a multi-pronged strategy. The other prong would probably be to sue ISPs seeking injunctions containing long lists of customers to ban. Those long lists of names would come from the results of identification subpoenas. In that sort of scheme, I wonder if the customer would ever have any opportunity to refute the allegation of infringement. The DMCA expressly gives an ISP's customer the opportunity to refute a section 512(c) 'take-down notification,' see sects. 512(g) and 512(c), but it's not clear that the customer would have an opportunity to contest the facts underlying a request for a 512(j)(1)(A)(ii) or (B)(i) order to cancel the user's account. Could a customer intervene in a lawsuit against the ISP seeking that kind of injunction? Would it ever be economically worthwhile for the customer to intervene, if he or she could?

Meanwhile, for the reasons Seth Finkelstein discussed, I doubt we'll see many criminal prosecutions for infringement. We could be wrong, but I'd be surprised if the Department of Justice suddenly gave high priority to copyright infringement prosecutions. Still, those file sharers whom the RIAA chooses for its civil cases are in for a rather unpleasant time.

Ed Felten suggests that "the RIAA might want ISPs to take care of enforcement [because] whoever does the dirty work will end up looking, well, dirty." I really don't think the RIAA or its members care whether they end up looking dirty. I also suspect that when people's ISPs cooperate with the RIAA, users will know -- or will quickly find out -- who controlled what happened.