At 6:56 a.m. on Jan. 25, 2007, a private investigator, employed by the Recording Industry Association of America, downloaded the Coldplay song “Clocks” from Doe No. 21, an anonymous peer-to-peer user connected to a filesharing program through Boston University’s Internet service, according to court documents. Later, the music industry giant approached the school for access to Doe’s personal information, ready to nail him with a copyright infringement suit.
Doe No. 21, along with another BU student and a student at the University of Massachusetts, were recently granted some relief from litigation brought against them by the RIAA, as the U.S. District Court in Boston filed a ruling on Internet music piracy last week. In a March 31 ruling by Judge Nancy Gretner, the court quashed RIAA attempts to obtain the identities of these students who the group said had committed copyright infringement through online filesharing programs.
The court ruled that individuals who make music available through peer-to-peer networks may not necessarily be found guilty of copyright infringement, citing the difference between making music available online and actually copying it. Attempts to obtain the names of people using a particular Internet protocol address — a unique number assigned by a network to its users — may be overbroad and violate privacy expectations, the court ruled.
“Plainly, ‘publication’ and ‘distribution’ are not identical,” the ruling states.
“Defendants cannot be liable for violating the plaintiffs’ distribution right unless a ‘distribution’ actually occurred,” Gretner said in the ruling.
“Because they are no longer going to be able to put forward against students based on the theory of making available, they’re going to have to show an actual copying act,” which is “almost impossible,” said Raymond Sayeg, a lawyer representing one of the BU Does.
Individuals who share files on a network are “entitled to some First Amendment protection of their anonymity — albeit limited,” the court ruled. Subpoenas that seek the identity of someone suspected of violating copyright laws must be “more than a mere fishing expedition” that asks universities to disclose lists of potential infringers, the court ruled.
A dynamic network, such as that at BU, which assigns IP addresses on a changing basis, “makes the plaintiffs’ task of discovering the identity of a particular infringer more difficult,” according to the ruling. Requests from the music industry for a specific identity may be too broad and could violate the privacy expectations of innocent network users, the court determined.
“The record is unfortunately silent as to Boston University’s terms of service agreement, if one exists,” the court ruled, mentioning BU’s network use policy, which had not been presented to the court.
“The judge wants to know, has the university ever advised the students that . . . the university could hand over their personal information to a third party,” Sayeg said.
“The defendants may have expectations of privacy with regard to their identity, but that depends on the terms of the Internet service agreement they have with Boston University, which has not been provided to the court,” he said.
Any renewed subpoena the RIAA seeks against BU must ask the school to “submit to the Court its terms of service agreement with its users, or, if it does not have a terms of service agreement, a statement to that effect.” The court will also review the requested information privately to determine whether the court-ordered data unnecessarily pulls other network users into the case.
The court ruled the RIAA may renew its attempts to obtain personal information from BU for individuals suspected of infringing copyright laws. BU must not destroy information revealing the identities of Internet users sought by the RIAA before April 16, unless the quashed subpoenas are renewed. In the future, subpoenas issued to BU must also request the terms of the service agreement BU extends to students and explanation of students’ privacy expectations before using the university network, according to the 52-page ruling.
“The ISPs, particularly colleges and universities, appropriately declined to reveal the identities of their users without a court order,” the court ruled, noting that for individuals who chose to settle cases brought against them “the approximate settlement range appears to be $3,000 to $6,000 per defendant, a considerable amount of money, particularly to the college students who have been caught in the plaintiffs’ nets.”
BU plans to comply with court orders, said spokesman Colin Riley.
In the proceedings leading to the ruling, the RIAA explained its discovery process to the court.
The RIAA employed MediaSentry, Inc. to determine whether individuals were violating copyright laws through online music sharing.
“MediaSentry assigns an identification number to each individual . . . that demonstrates that the user is engaged in copyright infringement,” Carlos Linares, vice president for anti-piracy legal affairs at the RIAA, testified, according to documents.
The RIAA reviewed “a listing of the music files that the user has offered for download by others from his or her computer to determine whether they appear to be copyrighted sounds . . . [and] also listens to the downloaded music files from these users in order to confirm they are, indeed, illegal copies of sound recordings.”
BU computer science department Chairman Azer Bestavros testified that it was impossible for the RIAA’s third-party investigator to “distinguish between a music file obtained from a licensed, legal source (e.g., original CD) and the same music file obtained illegally . . . by downloading such files from a remote user’s computer over a network and only listening to the downloaded files,” according to court documents.
MediaSentry is not properly licensed to operate in Massachusetts, Sayeg said yesterday. He will be working to gather evidence to prove the company is not legally able to operate in the commonwealth and to strike evidence it gathered from the case, he said.