Technical Analysis by Peter Eckersley
Recently, there was a minor scandal when TechCrunch accused Last.fm of turning over information — the identities of people listening to copies of a leaked U2 album — to the RIAA. Last.fm issued a scathing denial of these allegations, and it’s good to hear that the site hasn’t turned into a worldwide music surveillance system. Not on purpose, that is.
Last.fm’s avowed innocence isn’t quite the end of the story. The whole kerfuffle should remind us that websites that collect and republish seemingly innocuous facts about their users are often vulnerable to data mining. It doesn’t matter whether you keep the users’ names and addresses secret — the facts you publish about them may be sufficient to ensure that there is only one person on the whole wide web to whom those facts pertain.1
This isn’t a problem that’s unique to Last.fm in any way. Networked computer systems often leak secrets in unexpected ways, but Last.fm serves as a particularly clear example of why anonymity is hard to achieve.
More on this risk, and what to do about it, after the jump.
RIAA’s New Policy Isn’t About Deterrence, It’s About Sidestepping Due Process: “On Friday, the RIAA announced its plan to end their campaign of suing thousands of alleged downloaders; instead, it has negotiated with ISPs to disconnect subscribers who the RIAA identify as repeat infringers. From what little is known about the system, ISPs would pass along warning emails to the customers the RIAA claims are downloading copyrighted material. Following 2-3 warnings, subscribers would have their connection terminated.
Speaking to CNET on Friday, RIAA President Cary Sherman said that the tactical change was an attempt to deter would-be infringers. ‘The idea is to create deterrents. This deters people from engaging in illegal behavior.’ This is either misleading or mistaken, if the claim is that warning emails and the threat of having to switch ISPs is more of a deterrent than an incredibly expensive lawsuit. Unless the RIAA can convince ISPs to flood their subscribers with warning emails early and often, more people are likely to hear about the end of lawsuits and stop fearing potentially costly litigation or settlement.
The more likely reason for the change in approach is that the RIAA recognizes that the lawsuit approach has been an abject failure. Not only does it alienate fans, it is costly and rests on shoddy legal theories. As courts have begun to realize that IP addresses aren’t solid evidence and that ‘making available’ doesn’t constitute infringement, the RIAA has been forced to realize that their goals don’t align with thoughtful justice. So, what’s a dying industry to do? Obviously, cut out those pesky judges and their principles of due process. Although Cary Sherman insists the wrongly accused will ‘have a place to go and make their complaint,’ the lack of specificity is as worrying as the RIAA’s previous mistakes concerning their lawsuits.
Ironically, the decision by the RIAA to stop their mass lawsuits is followed by a proposal to target an even larger group of Internet users. The music industry lobbyists state that they are in the process of cutting deals with ISPs to target Internet subscribers that repeatedly infringe on the copyright of the major record labels – the so called three-strikes approach.
This means that millions of people will receive warning emails from their Internet service provider, based on ‘evidence‘ gathered by a third party with a vested interest in the outcome. This will also mean, however, that thousands of individuals will receive emails in error, as the evidence gathering techniques are not as solid as the anti-piracy outfits say. There have been a lot of false accusations already, and this was recently confirmed in mainstream media by the BBC show Watchdog.
The move from individual lawsuits to controlling piracy at the ISP level seems to be the new trend this year. Many countries have looked into the possibility of disconnecting file-sharers from the Internet, often gently pushed by anti-piracy lobbyists. France was the first to present their ‘three-strikes’ law earlier this year, which would allow anti-piracy outfits to police the Internet. The IFPI now plans to implement this worldwide, with or without legislation.
It wont stop there though, if the RIAA gets its way ISPs will also have to pro-actively check for copyrighted content on their network. In their list of suggestions for the controversial ACTA proposal, the RIAA wants ISPs to spy on the files that are transferred by their customers, and check them against a reference database of ‘copyrighted files’.
ISPs worldwide are not looking forward to policing their networks, but they might find themselves with no other option. Adding further pressure, the RIAA wants ISPs to be held liable for the copyright infringement that takes place on their network, as their proposal suggests ‘…in the absence of proof to the contrary, an Internet service provider shall be considered as knowing that the content it stores is infringing or illegal, and thus subject to liability for copyright infringement…’
So, while dropping the mass-lawsuits might be considered to be a step forward by some, the change in tactics might very well result in a virtual police state where consumers (and ISPs) are guilty until proven innocent. The RIAA has lost some major battles in court, but if they gain control over ISPs, the future might be even darker than the past.
The Recording Industry Association of America has signaled a major strategy shift in its war against the downloading of copyrighted music, saying it would largely abandon its practice of suing violators. Instead, the RIAA will work with internet service providers to sever abusers’ net connections.…
(Via The Register – Public Sector.)
RIAA adopts new antipiracy strategy: “The record industry has dropped its longtime legal strategy of targeting individuals suspected of sharing music files online and is working instead with Internet service providers to send warnings before considering a lawsuit.The new strategy, disclosed Friday, doesn’t mean the Recording Industry Association of America will stop filing lawsuits. However, legal action will be directed only at people who ignore repeated notices. The new tactic would have not affect on pending lawsuits. The RIAA told The Wall Street Journal that the industry was changing to a tactic that it believed would be more effective in reducing the amount of illegal file sharing that takes place on peer-to-peer Web sites.
The RIAA’s lack of effectiveness so far is reflected in the latest numbers from consulting firm the NPD Group. In the third quarter of this year, the number of people sharing music on P2P sites held steady at 14%, but the number of tracks shared rose by 23%. In the meantime, CD sales continue to plummet. Under the new strategy, the RIAA is working with New York Attorney General Andrew Cuomo and ISPs on a number of voluntary online anti-piracy initiatives that would include service providers passing along RIAA copyright infringement notices to subscribers. Those people who ignore repeated notices would face the possibility of having their service reduced and possibly suspended before a lawsuit is considered. In return for ISP cooperation, the RIAA would no longer file lawsuits to force the service providers to turn over identifying information of suspected illegal file sharers.
(Via Releaselog | RLSLOG.net.)
Post from: TorrentFreak
An amendment designed to protect Internet users from the anti-piracy lobby has been rejected by President Sarkozy of the European Council. The rejection goes against the will of the European Parliament, where 88% of the members already voted in favor of the amendment, which was originally destined to protect file-sharers from Internet disconnection under the ‘3 strikes’ framework.
When the European Parliament accepted the amendment this September, it did so to protect the rights and freedoms of Internet users. This was much needed, as in recent years, anti-piracy lobby groups have called for tougher monitoring of Internet users and are actively working to erode their rights further.
The amendment, drafted by Guy Bono and other members of the European Parliament, was supposed to put a halt to the march of the anti-piracy lobby. However, despite the fact that is was adopted by an overwhelming majority, with 573 parliament members voting in favor with just 74 rejections, the European Council went against this democratic vote.
In September, Bono stated in a response to the vote: ‘You do not play with individual freedoms like that,’ going on to say that the French government should review its three-strikes law. Sarkozy had other plans though, and in his position of President of the European Council, he convinced his friends this Thursday to reject the proposal.
The rejection also goes against conclusions from the EU culture ministers last week, who sided with the more balanced view of the European Commission, by encouraging copyright holders to work on offering ‘high quality, accessible, easy to use and consumer friendly’ content online – instead of chasing pirates.
Guy Bono was appalled by the recent decision of the Council, which he referred to as ‘an arrangement between friends.’ Not all is lost though, the amendment might pass in January or February 2009, when it will be proposed again. However, as Bono noted, this initial rejection is likely to result in a negative image of European democracy.
It seems that the lobbying efforts of the MPAA, RIAA and others have paid off, and for France and other European member states the road to a ‘three-strikes law’ for alleged pirates is now wide open again.
In France, Sarkozy will now go forward with implementing his controversial three-strikes law. We can only hope that other European countries wont follow this example. What a great demokarzy Europe has.
Big Guns Come Out In Effort To Show RIAA’s Lawsuits Are Unconstitutional: “People have been submitting this story nonstop, but I wanted to take some time to read the details before commenting on it. It’s not the first time that folks have argued that the damages sought by the RIAA in various lawsuits against file sharers are unconstitutional. However, the few times it’s been brought up in court, the arguments haven’t been persuasive. However, this time around, it looks like the big legal guns are getting involved, and the argument seems a lot more comprehensive and compelling.
In the past, it’s been noted that the RIAA has curiously avoided suing any Harvard students, with one of the theories being that Harvard had made it quite clear to the RIAA that it would fight back hard. And, with Harvard law school at its disposal, and various professors there indicating that they had serious legal problems with the RIAA’s strategy, the RIAA simply decided to ignore any file sharing going on at that prestigious university.
However, for RIAA critic and well known law professor, Charles Nesson, waiting around for the RIAA to sue someone at Harvard was getting boring, so he went out and found a case to participate in. Along with two third year law students, Nesson has hit back hard on the RIAA’s efforts in a court filing, where it’s noted that the very basis for many of the RIAA’s lawsuits is very likely unconstitutional.
He makes the argument that the Digital Theft Deterrence and Copyright Damages Improvement Act of 1999 is very much unconstitutional, in that its hefty fines for copyright infringement (misleadingly called ‘theft’ in the title of the bill) show that the bill is effectively a criminal statute, yet for a civil crime. That’s because it really focuses on punitive damages, rather than making private parties whole again. Even worse, it puts the act of enforcing the criminal statute in the hands of a private body (the RIAA) who uses it for profit motive in being able to get hefty fines:
Imagine a statute which, in the name of
deterrence, provides for a $750 fine for each mile-per-hour that
a driver exceeds the speed limit, with the fine escalating to
$150,000 per mile over the limit if the driver knew he or she
was speeding. Imagine that the fines are not publicized, and
most drivers do not know they exist. Imagine that enforcement of
the fines is put in the hands of a private, self-interested
police force, that has no political accountability, that can
pursue any defendant it chooses at its own whim, that can accept
or reject payoffs in exchange for not prosecuting the tickets,
and that pockets for itself all payoffs and fines. Imagine that
a significant percentage of these fines were never contested,
regardless of whether they had merit, because the individuals being fined have limited financial resources and little idea of
whether they can prevail in front of an objective judicial body.
Beyond just questioning the constitutionality of the law, Nesson argues that the court ought to punish the RIAA for its abuses of the law.
This Court should exercise its inherent power to allow
background image redress to Joel Tenenbaum for Plaintiffs’ abuse of law and
federal civil court process. As detailed throughout this brief,
Plaintiffs are using any and all available avenues of federal
process to pursue grossly disproportionate — and
unconstitutional — punitive damages in the name of making an
example of him to an entire generation of students.
The case at hand warrants the use of inherent federal power
not just because of what Plaintiffs are doing to Joel Tenenbaum
in this Court, but because of the manner in which Plaintiffs are
abusing the federal courts all across the country. Plaintiffs
have pursued over 30,000 individuals in the same way they have
For these 30,000
individuals, Plaintiffs have wielded federal process as a
bludgeon, threatening legal action to such an extent that
settlement remains the only viable option. Joel Tenenbaum is
unique in his insistence, in the face of it all, on having his
day in court. The federal courts have an inherent interest in
deciding whether they will continue being used as the bludgeon
in RIAA’s campaign of sacrificing individuals in this way.
The filing goes on to describe in rather great detail just how this is an abuse of the law and the courts, noting that it is a ‘perversion of lawfully initiated process to illegitimate ends,’ and citing the case law that suggests such behavior should be punished by the courts: ‘One who uses a
legal process … against another primarily to accomplish a
purpose for which it is not designed, is subject to liability to
the other for harm caused by the abuse of process.’
And this is where it gets good.
To prove the abuse of the process, the filing uses the RIAA’s own words against it. First, the writers note (and cite the relevant cases) that even if there is a ‘proper purpose’ behind the filing, it’s an abuse of process if the primary purpose in filing the lawsuit is different than the ‘proper purpose’ behind the lawsuit. And, then the authors point to multiple sources where the RIAA noted that the reason it was filing these lawsuits was not to punish these particular individuals for file sharing, but as part of its ‘deterrence’ educational program. From deterrence, Nesson shows how it’s actually used as more of a bludgeon to get students to settle, which is clearly not the ‘proper purpose’ of the law:
In essence, Plaintiffs are using the prosecution of Joel
Tenenbaum to extort other accused infringers: the accused are
told to either pay the settlement, or else be exposed to the
protracted litigation and potentially astronomical damages that
Joel now faces. See Milford Power Ltd. Partnership by Milford
Power Associates Inc. v. New England, 918 F.Supp. 471 (D. Mass.
1996) (holding that ‘the essence of the tort of abuse of process
is the use of process as a threat to coerce or extort some
collateral advantage not properly involved in the proceeding’).
The intimidation tactics are working: of the 30,000 accusations
the RIAA has leveled against individuals, only a single
defendant has made her case in front of a judge and jury… (that sole defendant is now awaiting a
The RIAA intimidates and steamrolls accused infringers into
settling before they have their day in court and before the
courts can weigh the merits of their defenses. The inherent
dangers in allowing a single interest group, desperate in the
face of technological change, led by a voracious, cohesive,
extraordinarily well-funded and deeply experienced legal team
doing battle with pro se defendants, armed with a statute
written by them and lobbied and quietly passed through a
compliant congress, to march defendants through the federal
courts to make examples out of them should lead this Court to
This case is going to be worth watching closely. It looks like the RIAA failed in its efforts to tiptoe around the legal bees’ nest of Harvard Law.
Filed under: Misc. Gadgets
We always thought that the RIAA’s first-ever filesharing trial victory against Jammie Thomas was a little suspect since the labels weren’t required to prove that Thomas even had Kazaa installed on her machine or was the person using the account in question, and it looks like the court agrees — it’s just declared a mistrial and set aside the $222,000 judgment on the grounds that simply making copyrighted works available for download does not constitute copyright infringement. That’s a huge decision — the ‘making available’ theory is the basis for most of the RIAA’s legal arguments — and it means that the RIAA will now have to prove the unauthorized transfer of each song it wants to collect damages on at the new trial. We’ll see what effect this has in the broader sense — we’ve got a feeling we’re in for a slew of appellate decisions on both sides of the ‘making available’ debate — but for now it looks like the good guys are finally starting to score some points.
[Via ZDNet, thanks JagsLive]
File Sharing Lawsuits at Crossroads, After 5 Years of Litigation: “Five years ago, the Recording Industry Association of America began a massive litigation campaign against file sharers. More than 30,000 lawsuits later, many are questioning the campaign’s effectiveness. All the while, basic legal questions, like what proof is necessary to prove copyright infringement, remain unanswered.
(Via Wired News.)