Copyright-law guru Bill Patry makes an intriguing point in his post today on the recent ruling in Atlantic v. Howell, which held that making songs available on a file-sharing network did not, in and of itself, constitute infringement. Although Patry welcomed that portion of the ruling, he took issue with a second key finding by Judge Neil V. Wake. If the courts ultimately side with Patry, it could be much harder for the RIAA to prove its claims.
The RIAA has built its lawsuits against file-sharers (which number in the thousands) around the work of MediaSentry, a company that tracks piracy on p2p networks. MediaSentry identifies computers on those networks that are making a large number of songs available for copying, catalogs the songs in their shared folders, then downloads a number of the songs to verify that they are what the file names suggest they are. It also records the computers' Internet addresses. Through the courts and ISPs, the RIAA matches each IP address to a particular Internet access account, then sues the account holders.
Echoing a handful of other judges, Wake held that the RIAA couldn't win its lawsuit against Jeffrey Howell unless it proved that someone actually downloaded a song from his shared folder. But Wake also decided that MediaSentry's downloads could be considered infringements, and that Howell could conceivably be held liable for contributing to those infringements. Patry acknowledged that a couple of other courts felt the same way, but argued that such opinions were "clearly erroneous."
Copyright owners are certainly entitled to use investigators to discover infringement (assuming the investigators use lawful techniques), but having authorized the investigators' conduct they cannot then rely on that authorized conduct to prove a cause of action whose principle requirement is that the conduct be unauthorized.
If courts across the country adopt Wake's view that the RIAA has to provide evidence of unauthorized downloading, along with Patry's reasoning that an RIAA investigator's downloads don't count, the RIAA would be left trying to gather evidence of downloads done by third parties. I don't think that's impossible, but it certainly isn't as easy as having MediaSentry do the downloading itself. The architecture of p2p networks such as BitTorrent and Gnutella is so open, companies such as BigChampagne can identify the songs, movies and other files most popular to file-sharers. Take the monitoring one step further, and an anti-piracy contractor can find out which folders those songs and movies are being downloaded from. That kind of scrutiny is unsettling, but before you cry "Privacy foul," remember that people who connect to p2p networks invite the public to rummage through their shared folders.
UPDATE -- The folks at BayTSP, another anti-piracy firm that specializes in p2p, told me that I underestimated the difficulty in monitoring individual p2p exchanges. In fact, they said, it's not possible for a vendor to catch user X in the act of downloading from user Y. They suggested an alterative: on at least one p2p network, they can detect when the first copy of a particular song or movie appears, record the file's hash, then find copies with the same hash later on other computers. That way, copyright owners could build a circumstantial case for infringement against the person who initially supplied the file and those who wound up with it. One wrinkle: hashes aren't like fingerprints or snowflakes. They are not truly unique identifiers. Still, it's highly unlikely that people ripping the same song from different CDs on different computers will create files with identical hashes.