The war against P2P file-sharing

This article first appeared in the Summer 2003 issue of the OUT-LAW magazine. As such, this article does not necessarily represent and up to date commentary on the law in this area.

Introduction

In April, Madonna fans tried downloading songs from her then-unreleased album American Life, but unwittingly downloaded a recording of the singer asking: "What the f*** do you think you're doing?"

Her record company had flooded popular file-sharing services with decoy tracks, the latest tactic of a desperate industry's fight against piracy. However, it backfired when someone hacked Madonna.com and posted the genuine tracks from American Life on her site for anyone to download.

The spat highlights a central problem for the music industry: like the law, it has always been a step behind technology. Since the late-1990s we've heard the noise of ongoing legal battles between the American music industry and internet pirates. All this time, the British industry has suffered in near silence. But this is about to change. With Westminster about to unleash sweeping new powers, the head of the British Phonographic Industry ( BPI ) says the time is coming for action.

History of P2P

Unauthorised services that make songs available to users as free downloads from other users' computers – known as peer-to-peer or P2P services – have been blamed for falling sales. In the UK, sales fell three per cent in value last year after a five-year growth run.

The problems began with Napster, the brainchild of teenager Shawn Fanning. In 1999, it became the first internet music service to exploit P2P computing. Songs were no longer hosted on web sites. Instead, they were stored only on the computers of those who used Napster's service. Each user had a personal library of songs on his or her computer. The beauty of it was that by connecting to Napster's central computers, a user could access the personal libraries of any other user. It became so popular that, at any given time, it was possible to log on to Napster and access just about any song you could think of.

Response from the music industry

The music industry panicked: why would anyone buy a CD if they could download the songs for free? The Recording Industry Association of America ( RIAA ) sued Napster and eventually the company collapsed. Users needed Napster's central computers so they could find each other and swap songs; but when the central computers were switched off, so was its network.

The RIAA could not celebrate the victory because other services were gaining popularity with more resilient networks that took centralised computers out of the loop. Today's P2P software lets a computer user propagate a search request across a network of millions until the desired song is found and a download connection is established. This search process takes only a few seconds.

Using this approach, KaZaA has become the current champion of P2P . Its free P2P software has been downloaded a staggering 200 million times. At any one time, a user can expect to find 4.5 million KaZaA users on-line, making available around one billion files for downloading, from music and movies to software and pornography.

The RIAA is suing the company behind it, Sharman Networks, registered in the tiny South Pacific tax haven of Vanuatu. Many expected a crushing defeat by the RIAA because of a US law against those who "contribute" to copyright infringement carried out by others. But the RIAA lost its most recent P2P case in April this year, against two companies that run rival services Grokster and Morpheus. The judge in a Los Angeles federal court accepted that the users break the law but reasoned that the companies "are not significantly different from companies that sell home video recorders or copy machines, both of which can be and are used to infringe copyrights".

The RIAA has vowed to take its case to a higher court and, as the KaZaA lawsuit demonstrates, it will sue P2P businesses no matter where they are based. But a problem exists with this strategy.

The fact is that pure P2P networks cannot be shut down because they do not need companies to own or run them. All an internet user needs is freely available networking software of which there are 130 unique varieties at 89,000 filesharing web pages, according to software firm Websense. Put another way, if there is no company promoting a network, there is nobody to sue except those who use it.

Going after the file-sharers

The US music industry isn't waiting until it runs out of commercial targets. Perhaps pre-empting a day when there are no businesses left to sue for promoting P2P services, the RIAA has begun targeting those who use the services, accusing them of copyright infringement.

The RIAA can see that people are making songs available on these networks but cannot easily identify them without the co-operation of a user's ISP . It has demanded and won this co-operation in a test case in the US. At the time of writing, Verizon has just been ordered to reveal the identity of two customers who were making available a collection of songs from their computers. The RIAA plans to sue the unfortunate pair. It is not economically or logistically viable to sue every infringing user of a P2P network; but suing a few could deter others.

Critics see this as a heavy-handed lawsuit. However, the same may happen in Britain with the passing of a new law. Leading British ISPs told OUT-LAW that they are watching the Verizon case with interest, because they expect similar moves over here.

The position in Europe and the UK

The European Copyright Directive should have been implemented into UK law by December 22, 2002. But after several delays, it now looks likely that the necessary regulations will be laid before Parliament in late-May.

Buried in the draft for Britain's new copyright regime is a provision which says that a person who infringes copyright in a song by "communicating" it to the public becomes guilty of a criminal offence if he does this either in the course of a business, or privately to such an extent as to "affect prejudicially" the owner of the copyright.

Despite this provision getting little or no media attention to date, it could be interpreted as a draconian transformation of our law. Where not-for-profit copyright infringements have traditionally been matters for civil lawsuits, mainly based on the damage caused to the copyright owner, the new regime raises the spectre of prison sentences.

To fully understand this provision, it is important first to dispel a copyright myth. There's a popular misconception that it is legal in Britain to copy your own CD to cassette for playing in your car. It's not. In the same way, if you buy a CD and convert its songs to MP3 format, you are infringing copyright. But the infringement is minor and, in these circumstances, legal action is unheard of. Likewise, if you email an MP3 to a friend, this act of "communicating" the song without permission from the record company is unlikely to excite anyone. However, if you use KaZaA, millions of others can access that MP3 whenever you're connected to the internet. And it is this act that can be said to be communicating the song to the public in such a way as to "affect prejudicially" the record company. The offence is punishable with up to two years in prison and a fine.

When asked if the new law is likely to be used in this way, the Copyright Directorate told us: "It seems clear that [the provision] could cover certain actions by individuals where they have the necessary knowledge"—meaning they can be locked up if they knew that what they were making available on-line was infringing copyright.

Savvy P2P users will continue to download but hide the files on their hard drives where other users cannot reach them, or they can use free software to mask their identities on-line.

As for those running KaZaA and its ilk, they can argue that they do not communicate a work to the public—they only provide a platform and, as successfully argued by Grokster and Morpheus, that platform can be used for legitimate purposes as well as the exchange of infringing files. It would be open to prosecutors to argue that they are guilty because they know what the majority of users are doing – and that they are aiding and abetting these practices.

Andrew Yeates, Director General of the BPI , told OUT-LAW that the BPI would only expect the law to deliver severe criminal penalties for the heaviest unauthorised users of copyright works within P2P networks. These users will be determined by the extent of the music collections they share on-line. However, the law should continue to provide for criminal remedies against unauthorised copyright use.

Yeates is as concerned by the P2P explosion as his American counterparts. "You only have to look at the level of file transfers to know it's causing problems," he said. The BPI has just released the results of a survey of 1,440 internet users from which it estimates that around five million people in the UK download music every month, most of which is illegal. Chairman Peter Jamieson estimates that "in the UK there are 2.5 million users of illegal peer-to-peer sites."

Authorised sites

The BPI also realises the need to get authorised music services in place that music fans will like. Most legitimate on-line music services that do exist, where users can download individual tracks, are relatively unpopular, not just because they cost money, but also because the selections are limited, the record labels are not united in offering their wares from one location, and conditions are attached to downloads which can prevent them being copied to MP3 players. Also, due to licensing issues, the biggest services – including Apple's new iTunes service – are US-based and presently closed to anyone based in Europe.

The UK is trying to catch up. OD2, co-founded by Peter Gabriel, provides the only subscription service in Europe that lets users download, burn to CD or "stream" music.

Yeates summarises the BPI position thus: "We must get the law clear. We need the new regulations in place to make it clear where people stand. Then get the legitimate services right. Then take action."

To take action against individuals, the BPI needs to know who is using the file-sharing services. To identify them, it needs the assistance of ISP s. Yeates said that the BPI is working with most ISP s in Britain regarding P2P activity. He would not comment on whether this involved monitoring individuals.

When we put this to leading ISP s, they said they do co-operate with the BPI – but not, it seems, on P2P . Both BT Openworld and Freeserve said they will act on notice from the BPI to take down web sites that are found to be offering infringing works for download. However, BT Openworld said that as far as P2P use is concerned, they do not monitor or control their users' activities.

Both BT Openworld and Freeserve agreed that legal music services are the way forward, rather than court action. BT has launched its own licensed music service, dotmusic, and Freeserve has launched Freeserve Music Club, both with OD2, but neither will comment on usage.

Freeserve openly acknowledged that P2P services are one of the main drivers for people to buy broadband services – which is great for the ISP s. Freeserve's view is that it has no way of telling whether its users are exchanging files legally or otherwise, so it won't get involved.

David Melville, Freeserve's General Counsel said it is about to warn its customers that using a site like KaZaA to download infringing material risks legal action. But Melville was clear that they are not telling users not to use these services; rather, they are just making them aware of the risks.

Freeserve does not support KaZaA and its ilk, but pointed out that BT and Tiscali advertise on both KaZaA and Grokster. "If they say they're against these services, they're doing so tongue in cheek," said a spokeswoman.

BT Openworld admitted that some ads had "crept up" on such sites, but added that its internet advertising agency has been instructed to avoid these sites in future.

"They're walking a fine line," said Freeserve's David Melville. "If, as an ISP , you establish links with file-sharing services, you risk your own defences falling away."

While Melville expects Verizontype activity in the UK, he confirmed that the ISP has never been asked to identify one of its subscribers for reasons of alleged copyright infringement. "If we're presented with a proper legal demand for details of one of our account holders, we'll comply, provided that doing so would not breach the Data Protection Act. We will not, however, respond to fishing expeditions."

Conclusion

Melville says the music industry may be taking the wrong approach to P2P . "It's always labelling P2P users as pirates. But maybe they're more like little scouts who just need to be brought into the fold. The music industry should perhaps try to accept that P2P is here to stay, so try working with KaZaA instead of against it."

Which reflects the view of others who criticise the RIAA . Napster held the potential to track what fans wanted to hear in a way that KaZaA and others do not. It also offered a channel to market the accompanying CDs, T-shirts and concert tickets. Perhaps shutting down Napster was the worst mistake the music industry ever made.

Contact: Struan Robertson / 0141 249 5422