By Jane Black On July 24, the Recording Industry Association of America (RIAA) made an unprecedented request of Verizon Communications (VZ). The music industry's trade association served the telecom with a subpoena, seeking the identity of a Verizon subscriber who had allegedly illegally traded digital songs by artists including Britney Spears, Jennifer Lopez, and "boy band" N'Sync. The RIAA didn't specify why it wanted to know who the user was or what it would do with the information.
Perhaps Verizon's "John Doe" should be charged with bad taste in music -- but not with anything else. Verizon refused to comply with the subpoena, asking instead that the RIAA let a judge decide if there was enough proof of illicit activity to warrant handing over the subscriber's personal information.
The RIAA, in turn, claimed that under the Digital Millennium Copyright Act (DMCA), the very fact that it had suspicion of illegal activity should be enough to have the subscriber's identity unmasked. In August, it filed a motion to compel Verizon to comply with its subpoena. This week, legal wrangling moved into high gear as both sides filed court briefs. The oral arguments could be heard later this month.
SHARP LAWYERS. What does this have to do with your privacy? After all, you're a law-abiding citizen, right? The answer is everything. At the heart of the battle between the RIAA and Verizon is the right to be anonymous online. If the RIAA wins this legal skirmish, as it has so many others over the last three years, the Net will fundamentally change. It will be less free, less innovative, and less private.
The good news is that, unlike past legal battles, the RIAA is picking on someone its own size. The defendant isn't some underfunded, inexperienced dot-com but a telecommunications giant. And the outcome will affect all ISPs, from AOL (AOL) and EarthLink (ELNK) to SBC (SBC) and AT&T (T). That means sharp lawyers will be fighting hard to ensure that copyright holders -- or anyone else -- aren't given access to identifying information without a judge's approval.
Technically, the ISPs appear to have a strong case. Most copyrighted songs are traded over peer-to-peer (P2P) networks, which means that files are swapped directly from one user's hard drive to another's. This is important because the infringing material is not located on the ISP's network but on the user's PC. The ISPs claim that it's not their job -- or their place -- to police what files customers have on their private hard drives.
WHERE'S THE PROOF? In a Sept. 10 "friend of the court" brief filed by the U.S. Internet Industry Assn., the ISPs argue that "what the RIAA is really seeking, at the end of the day, is to shift the burden of copyright enforcement from its own members -- who apparently would prefer not to alienate potential customers by suing them outright -- to an ISP that does nothing more than provide an Internet connection to the customer."
The case also has a constitutional dimension. The RIAA claims that federal law requires ISPs to answer subpoenas based on its allegations of copyright infringement. But why should an Internet user's anonymity be unmasked without any proof of misconduct? In defamation and trademark-infringement cases, a judge is asked to weigh the evidence of illegal activity against the constitutionally protected right to anonymous speech.
"The RIAA alleging copyright infringement and evidence of copyright infringement are two different things," says Megan Gray, a Washington (D.C.) privacy attorney who filed a "friend of the court" brief on behalf of an alliance of privacy advocate groups. "We just want to make sure that somebody other than the RIAA makes decisions about a constitutional right to anonymous speech."
BOT SQUAD. Moreover, the ease with which the RIAA can generate subpoenas worries privacy advocates. Under the DMCA's provision that allows copyright holders to require ISPs to remove allegedly infringing material from their networks, the RIAA and sister organization, the Motion Picture Association of America (MPAA), have automated the process.
The two organizations use software called "bots" that speed across the information superhighway, reviewing all available file names. If the bot finds a suspicious title, like "Beatles" or even "Beetles," they mark the location and automatically generate form notices that are sent to ISPs. According to the Electronic Frontier Foundation, the MPAA sent 54,000 bot-generated letters last year. That number is expected to grow to between 80,000 and 100,000 in 2002.
The bots' efficiency puts individual privacy at stake. After all, the invasion of privacy is supposed to be overseen by the judicial system, not by a bot. Moreover, like humans, bots make mistakes. Typos often exist in IP addresses, the string of numbers that identify a computer hooked up to the Internet. And the bot can't identify who was using a computer, only where the computer is located.
So, if a 13-year-old uses his parent's computer for illegal music-sharing, the family could face losing its Net access. "Based on what may be a computer-generated whim, the RIAA wants us to violate subscriber agreements and terminate access," says David McClure, president of the U.S. Internet Industry Assn.
CRUSHING P2P. To be fair, the RIAA's goal isn't simply to unmask little people, like you and me, for downloading a song or two from friends. Rather, music insiders say the RIAA's strategy is the same as it was in the Napster case: to crack down on the nexus of illegal file-trading services, weakening them to such a degree that they're rendered useless. In a peer-to-peer network, the nexus are the "supernodes," computers with fast bandwidth that act as a dynamic index of who has what songs, much the way Napster's central servers did.
The RIAA and the music labels believe that if they can fry the big fish -- or at least scare them into not supporting the P2P networks -- resilient services such as KaZaA and Morpheus will share Napster's fate. More important, it hopes that crushing P2P file-trading will stem declining music CD sales. On Aug. 26, the RIAA reported a 7% drop in music shipments for the first six months of 2002. That's on top of a 5.3% falloff in 2001.
Copyright violators shouldn't be protected. Nor should music thieves hide behind the right to anonymous speech to protect their illegal activity. But the RIAA and all other copyright holders cannot be allowed to make an end run around the constitutionally protected right to free and open speech. If the recording industry has a valid claim, it should have no fear of going before a judge to make its case. That would protect everyone's privacy. Black covers privacy issues for BusinessWeek Online in her twice-monthly Privacy Matters column