Implied Copyright Infringement and File Sharing Protocols

Wired.com's Threat Level blog is reporting that the judge in the only file sharing case to actually go to court is holding a hearing today on the issue of "Implied" copyright infringment, or the act of making copyrighted files available, where the copyright holder has no actual evidence that they were actually downloaded.

According to the article "The RIAA and the Motion Picture Association of America have told the judge that it's impossible to know whether others had downloaded copyrighted music from Thomas' Kazaa share folder."

Supposing the judge rules that the RIAA needs to have actual proof that the files were downloaded, what would that mean for current file sharing protocols?

I'm NOT a low level network programmer, nor am I a lawyer, so these are just informed conjecture. Anyone with more intimate knowledge of the protocols or legal statues involved is invited to leave a comment correcting any mistakes/misinterpretations.

Also, if it isn't obvious, this is solely a discussion of the laws as they apply in the U.S.

Protocols:

Sharing via the Web (Personal Pages, Rapidshare, MegaUpload, etc):

This would be the most cut & dry of cases if the world of the web were standardized, and every ISP/Server kept traffic logs. The RIAA could just find a site that is sharing copyrighted files (and that is hosted in the United States), and subpoena the ISP for download logs.

Unfortunately for the recording industry, standards on log file retention vary widely, and are easily configurable by the site owner themselves in most cases. The chances of any site still having log files proving infringement by the time the legal system gets around to them are slim (even if it's just a notice from the RIAA telling the site owner to retain all logs for possible coming legal action).

Currently under provisions of the DMCA the industry just sends a 'takedown notice' requesting the material be removed, and things will likely continue to operate this way in the future, regardless of how the judge rules in the current case.

Peer-to-Peer: (Kazaa/Limewire/Gnutella):

All of these protocols involve one user sharing a file, central servers indexing that file, and users contacting the sharer and negotiating the download. If there are logs of each individual download, they would reside on the sharer's computer (and possibly the sharee's) and be trivial to erase.

Critically, there is no way for a third party to detect how many times a file has been shared, or prove that it has ever been shared short of downloading a copy themselves (Which is worthless, because the judge in the case specifically noted that "You can't infringe your own copyright").

In theory if there is a local log file of all transfers, the RIAA would need to be able to subpoena the ISP to get the IP address of the sharer (as they already do), and then get access to the alleged sharer's hard drive.  This adds another (major) step to the process, seriously complicating things. In fact, it would likely make the current style of scatter shot lawsuits prohibitive to continue since any subpoena based seizure that didn't pan out leave the RIAA potentially liable for the time and effort expended by the defendant.

Bittorrent:

Under the current implementation, every bittorrent peer in the 'swarm' can see what pieces of the material being shared each other peer has.

It would, however, be difficult to determine beyond doubt that a user downloaded a complete copy of a file, since anyone else with the exact same file could in theory join the swarm and begin seeding without downloading a copy from the original source.

Presumably the only 'proof' of a complete share would come from watching a peer join the swarm, start with zero chunks, then gain each chunk from one seeder and eventually begin to seed the entire file.  This would be not only possible to monitor for, but reasonably trivial to write a third-party monitoring program to log.

A large part of the bittorrent protocol revolves around grabbing multiple pieces from different sources (seeders), and the legal question of sharing only part of a copyrighted file is still unresolved.  This means that either the industry would have to attempt to argue for a new legal precedent, or only work with the (substantially smaller) number of cases that are distributed solely from one peer.

Protocol encryption has no bearing on this discussion, since, although it masks the traffic, by nature the swarm must be aware of the other members' IP addresses. Encryption merely masks the data in transit.

The requirement of publicising IP addresses withing the swarm is widely known as one of the primary weaknesses in the bittorrent protocol, and a few groups are working on replacements, but none are widely distributed (yet).

Can't the RIAA Just download the files?

The judge in this case has ruled that any downloads that the RIAA makes can *not *be considered unauthorized downloads because the RIAA authorized them by the very act of downloading them.  This means that they have to 'catch' a third party download in progress.

Those of a conspiracy bent might suggest that over a more open protocol like bittorrent the RIAA would just have a third party such as mediadefender download the files while the RIAA monitors the transactions. This would be against the law, (since the RIAA authorized it and failed to reveal that in court) not to mention a gross violation of legal ethics, but both groups have been known to engage in shady tactics in the past.

So how does this effect sharers?

If the judge does rule against implied infringement, this will raise the bar substantially for future lawsuits, and (more critically) endanger any current cases that may go to trial (the perhaps make a number of the accused re-think settling).

On a user level, it's doubtful we'll see a return to Kazaa style sharing considering the massive benefits of bittorrent for (at the moment only slightly increased) risk.

Much of the legal precendent in this area is yet to be set, since the congressional legislation is in turns both sweepingly broad and not particularly technical, by the time the law catches up with the current technology, the market (both legal and illegal) will have moved on to the next big thing.