GOING AFTER INDIVIDUALS FOR COPYRIGHT VIOLATIONS:
The New Bill That Would Grant Copyright Owners A "License To Hack" Peer-To-Peer Networks

By JULIE HILDEN
julhil@aol.com
----
Tuesday, Aug. 20, 2002

Peer-to-peer file trading networks continue to thrive even after the demise of Napster - though they have not received anything close to the level of publicity Napster enjoyed. Like Napster, these networks allow users to access copies of other users' MP3 files, thus hearing their favorite songs without charge. Unlike Napster, however, the networks do not use centralized servers that they own. Rather, they take advantage of many different, decentralized servers' space.

Their decentralization makes it all the harder for copyright owners to target the new networks via lawsuits, the way they targeted Napster. Indeed, an injunction against the new networks probably would be useless unless it named every single individual user. And while our society has effective mechanisms to help large classes of plaintiffs sue, there is no good counterpart for suing large classes of defendants, and that is exactly what the industries would have to do.

For a while, therefore, it looked like there was nothing the copyright industries could do against the new peer-to-peer file trading networks. But then a new tactic was devised: If lawsuits cannot effectively stop the networks, what about hacking directly into them?

Hacking is illegal under numerous federal and state laws and precedents. It not only can trigger civil liability, it can also result in heavy jail time. But California Representative Howard Berman recently proposed a bill that would change all that.

Berman's bill, if enacted, would render copyright owners immune from liability for hacking into peer-to-peer file trading networks - as long as they do so in order to stop the dissemination of their copyrighted material. In short, it would give copyright owners a "license to hack" similar to James Bond's "license to kill": The hacking could occur, yet go entirely unpunished. What used to be a crime, or at least a violation of law, would now be authorized activity immune from liability.

What the "License to Hack" Bill Would Accomplish

Currently, various state and federal statutes and precedents prevent record companies from hacking into peer-to-peer networks such as Gnutella. Almost any act of hacking could prompt a civil suit alleging numerous claims, as well as a prosecutorial inquiry as to whether an indictment should be issued.

But Berman's bill, if enacted, would probably succeed in neutralizing every one of those laws where peer-to-peer file trading networks are involved. That is because federal law can override state law in an area where there is a strong federal interest - and the Internet, accessible in every state, is just such an area. In addition, federal laws can, of course, alter or partially repeal earlier federal laws - and can, indeed, alter or even neutralize a whole slew of such laws at the same time, as Berman's legislation purports to do.

In short, Berman's bill would effect a dramatic change to a whole fabric of laws, creating numerous holes where once-applicable criminal and civil penalties would then be impossible to impose. Creative prosecutorial theories to go after industry hackers who targeted peer-to-peer networks would all fail if the bill were passed, for the immunity is extremely broad.

Why Berman's Bill Provides Little, If Any, Comfort To Users

Berman's law does contain a number of limitations and exceptions - situations in which the earlier civil and criminal statutes and case law would still apply to forbid hacking of peer-to-peer networks. But they are not anywhere near enough to cabin the bill's formidable breadth.

For instance, the bill does not authorize the destruction of data or files - it only authorizes blocking and impeding their distribution, copying, display, and so on. Thus, the bill would not - contrary to some misleading descriptions in the media - authorize any copyright owner to simply and directly wipe out whole segments of a peer-to-peer network's files and data, or such files and data on a file trader's PC.

Furthermore, the bill has exceptions that are designed to minimize collateral harm from hacking - harm that could affect innocent people, or "innocent" files and data as to which copyright is not being violated. The authorized hacking cannot inflict economic harm on anyone except the file traders who are claimed to be violating copyrights. And it can never affect distribution of "innocent" files or data - unless that is "reasonably necessary" to get at the "guilty" files. (Thus, some file and data destruction could occur, but only as an indirect, collateral consequence of hacking designed to block copying, distribution, or display.)

In addition, copyright owners are not protected unless they tell the Department of Justice in advance what they are going to do. However, the bill's provisions regarding the owners' giving notice to the traders themselves are much more unclear and hard to interpret - and notice to the traders, not DOJ, is the more important issue.

Finally, traders - that is, the individuals who use the peer-to-peer networks - do have a few rights under the bill if they can show they have been wrongfully hacked. But these rights are relatively paltry.

After filing a claim with the Attorney General, they can sue in federal court or the AG can take action on their behalf. In court, however, they can prevail only if they can show that the copyright owner had "no reasonable basis" for believing his copyrights were being infringed. In short, the hacker's reasonable mistake will get him off scot free, and only the entirely unreasonable hacker will have to pay damages.

As licenses to hack go, from the hacker's perspective, it's a pretty good one. Accordingly, this license might inspire fishing expeditions into peer-to-peer networks by anyone who owns widely distributed music

What if a copyright owner's song is popular? Or, what if it is rare or amateur, but was previously traded on Napster? Do these facts alone provide a "reasonable basis" to hack a given network, on the assumption that the song will inevitably appear there?

It seems as if they might. But if so, the "reasonable basis" required is emptied of almost any significance at all. Any garage band can invoke it. Thus, not only is the license to hack a broad one, but the class of people who could claim the license is broad, too.

In sum, the bill remains insolubly problematic, despite its limitations.

Why the Bill Seems Unlikely to Pass

Fortunately, the bill is unlikely to pass. But that is not because of peer-to-peer user outrage. On the contrary, it is because some within the copyright industries reportedly fear its enactment - for it would give any copyright owner, not just big companies, a "license to hack."

For this reason, some commentators who cover hacking have expressed glee in response to the bill. For instance, Thomas C. Greene of The Register remarked, in an article on the bill, "How cool is that? . . . I've long nurtured the secret fantasy-desire of becoming a hacker myself. Only the criminal-penalties aspect of it has kept me from indulging myself."

Going After Individuals: The Strategy of the Future?

Beyond the P2P bill's own limitations, it raises a very troubling question about the future: Will we see more copyright owners going after individuals?

In the end, it is individuals' trading that will be impeded if Berman's bill or something like it is enacted. And it is individuals who will have to sue if they are wrongfully hacked; under the bill, if they don't have the resources to do so, too bad for them, except in the unlikely event that DOJ chooses to take up their case for them.

Whether or not the bill passes, it could be just a matter of time before copyright owners start going after individual end users. After all, a California district court found that Napster was a vicarious and contributory copyright infringer. And that meant, putting the jargon aside, that Napster was responsible for, and was helping with, users' copyright infringement.

. Thus, the debates that occurred among friends as to whether using Napster was theft, or just sharing, have been resolved - at least from a legal, if not a moral perspective.

According to the court, trading is copyright infringement. Users are liable and can be sued or otherwise penalized. They are engaging, the court held, in illegal activities.

Can Enforcement Against Individuals Work? The Answer May Be Yes.

Now that users' liability has been established, the only question remaining is enforcement.

In the real world, the copyright and trademark laws often go unenforced. That is because enforcement means tracking sidewalk operations that can pack up in a flash and leave no trace, setting up shop somewhere else in the city the next day. Another reason for nonenforcement in the past has been privacy: Your home is your castle, and no matter how harsh the warnings on your videos, no one but you can know what you do with your VCR there.

There are still obstacles, of course, to enforcing copyright law against individual users, through lawsuits, hacking, or another method. There are the costs of suing numerous defendants, as noted above. And there is Internet anonymity, which could make those numerous defendants hard to locate. But that anonymity is increasingly disappearing, as I discussed in a previous column.

There are also enforcement costs. But a computer program (like a "bot") that could track files automatically and at low cost, and prevent their copying, might be able to obviate them

Certainly, there are potentially severe public relations harms. But those could be spread and neutralized through an industry-wide initiative that prevented end-users from blaming any particular company.

A Possible "Carrot and Stick" Solution for the Copyright Industries

If these obstacles can all be overcome, someday industry may decide that it is worth its while to go after users after all - with bills that, if they don't actually resemble Berman's bill, will at least be its ideological heirs.

Indeed, industry may someday decide it has no alternative, since supply side methods tend to fail. Once an unauthorized copy has been made, it is very hard to stop or trace the chain of copying. Encryption can be used, but it can also often be hacked and then fast becomes useless. Stopping copying on the demand side, therefore, may begin to seem more and more attractive.

A "carrot and stick" approach may end up being the only solution: The record industry may dramatically drop their products' prices to reflect the Internet's elimination of huge distribution costs, and of the costs of using middlemen like record stores. At the same time, they may threaten users who still trade without paying, even despite lowered prices, with prosecutions and civil suits.

Is this a good solution? It depends how it occurs. Lawsuits against individuals who do not have resources to defend against them would be an injustice; so would allow these individuals to be hacked. But on the other hand, lower prices need to happen, sooner rather than later.

The record companies' reluctance to move to Internet distribution likely reflects not only fear of peer-to-peer trading, but also fear of a deadweight loss - from closing established distribution networks down; having to cut off existing contracts with chain stores; needing to drop prices to compete on the Net; and so on. But it is in users' interest to have low, efficient prices. Seen in this light, the "carrot and stick" method may not be so bad, for the carrot will be very tasty indeed.


Julie Hilden, a FindLaw columnist, practiced First Amendment law at the D.C. law firm of Williams & Connolly from 1996-99. Currently a freelance writer, she published a memoir, The Bad Daughter, in 1998. Her first novel will be published in Summer 2003 by Plume Books, and in French translation by Actes Sud.

Ads by FindLaw