P2P Redux: New Twists and Turns
Since my February column about the ongoing battle between the Recording Industry Association of America (RIAA) and the folks they believe are pirating their intellectual property, there have been a number of important new developments.
RIAA Notices on UpswingThis spring higher education campuses across the country were inundated with a
20-fold increase in the number of file sharing takedown notices from the recording industry. For example, at the University of Indiana, which typically sees 100 notices a month, the number jumped to 80 per day at the end of July. But they found that many of the notices didn't correspond to entries in traffic logs or show any overall increase in file sharing. Smaller institutions saw an increase as well. St. Cloud State University, where I had my first teaching job,
reported that they went from around a dozen notices per year to four to six notices per week. Numerous campuses reported false positives (i.e. RIAA notices did not match up with any activity on the IP address in question) on the
Educause Security Constituency Group listserv. So what's going on?
Mark Luker, an Educause vice president, learned that most of the notices were triggered by the presence of a file, whose distribution would be prohibited under copyright laws, in a shared folder on a person's computer (a "folder-based" notice) rather than evidence that such a file was actually distributed (a "transmission-based" notice). For a more complete discussion of this distinction and its implications for campuses see Luker's e-mail to the Security Constituent Group. Mark Bruhn, University of Indiana associate vice president of Information Technology,
pointed out, "They in fact can't know if the files being offered are actually the protected works of their clients--how would they know if they didn't download and open them?"
Given that RIAA is backing legislation in states as Illinois and Tennessee to require that institutions that get more than a certain number of notices be required to purchase and use equipment to do deep packet monitoring, one has to wonder if the recent upswing in notices is nothing more than a last gasp effort on the part of the recording industry to preserve a failed business model.
Another question that is being asked is whether or not, as the RIAA claims, it is a violation of the copyright law just having a copyrighted item on your computer where the file might be accessed by someone else.
Legal Challenges to RIAAThe RIAA suffered a
major setback last month when a federal judge said he made a mistake last year in a case that ordered Jammie Thomas to pay RIAA $220,000 for making a handful of copyrighted songs available online.
The RIAA has been prosecuting, and threatening to prosecute, people based on two legal arguments: 1) downloading copyrighted content from unauthorized sources is illegal, and 2) so is placing that content online. The "manifest error" acknowledged by the federal judge may have skewered the second argument.
In the case last year, one of the first to go to a trial jury, a Minnesota woman was found liable for swapping two-dozen songs. Now, the judge in the case, Michael Davis, said he made a "manifest error of law" in giving instructions to the jury. He told them "the act of making copyrighted sound recordings available for electronic distribution on a peer-to-peer network, without license from the copyright owners, violates the copyright owners' exclusive right of distribution, regardless of whether actual distribution has been shown."
What had not been cited in the Thomas trial was an earlier case in the Eighth Circuit court that found in
National Car Rental v. Computer Associates, that copyright infringement "requires an actual dissemination."
According to Charles Baker, partner with Porter & Hedges, the judge's admission of an error in the Thomas case is a setback for the RIAA. "It makes its burden of proof that much more difficult. Now they have to undertake the extra step of actually proving that content was downloaded."
That comes on the heels of a
federal judge's ruling in April of this year in the similar case of Atlantic v. Howell. In that case the RIAA had asked for a summary judgment based on the presence of copyrighted content in a shared folder. Howell had argued that he had not placed the music into the shared folder and that the KaZaA software had automatically placed it there. Judge Neil Wake denied the RIAA request on the grounds that it was unclear whether Howell had placed the content in the folder and further left open the question of whether its presence there constituted copyright infringement. "Merely making an unauthorized copy of a copyrighted work available to the public
does not violate a copyright holder's exclusive right of distribution."
Federal Wiretapping LawsIf the specter of having one of the underpinnings of their lawsuits invalidated isn't enough of a blow to RIAA, it has been suggested that deep packet inspection may violate federal wiretapping laws.
At the May
Computers, Freedom, and Privacy 2008 conference Paul Ohm argued that ISPs that monitor their networks for excessive bandwidth use or copyright infringement might be violating federal wiretapping laws and be subject to felony prosecution.
Ohm is an associate professor Law at the University of Colorado, where he specializes in the emerging field of computer crime law, as well as criminal procedure, intellectual property, and information privacy.
Ohm argued that Comcast, AT&T, and Charter Communications may place themselves in criminal and civil jeopardy if they implement packet inspection schemes to throttle bandwidth, police for copyright violations, and serve targeted ads. Despite all the wrangling over these issues, Ohm said he thinks the legal issues are simpler: Packet inspection schemes all seem to violate the federal
Wiretap Act of 1968 and the Electronic Communications Privacy Act of 1986. The acts prohibit the intentional interception, use, or disclosure of wire and electronic communications except for limited exceptions. What's more, Ohm said he thinks network system administrators and their bosses could be in trouble for installing monitoring devices. In other words, if campuses do what the RIAA wants them to do, they may be in violation of the law!
Another panelist at the conference, Michael McKeehan, Director of Internet and Technology Policy at Verizon,
shared Ohm's concerns. "As far as copyright filtering at the net level goes, Verizon is not doing it.... We see significant legal and policy issues that need study." His concerns included monitoring customers, liability if the filtering misses something, the possibility of false positives, and the possibility that filters will lead to an encryption war to hide packets from filters.
RIAA ReduxI'm not a lawyer, but it sure seems like higher education is in a stronger position now than it was last February when I penned my column
P2P File Sharing on Campus: The Battle Isn't Over. It's ironic is that the higher education community, more than perhaps any other sector, has moved aggressively to educate its users about the importance of respecting intellectual property rights.
