The RIAA Subpoenas and Amnesty Program: What’s Real And What’s Make Believe

I’ve written my first article in almost two years! I’ve got the bug again and there will be plenty more where that came from, promise.
This ones about — you guessed it, the RIAA’s latest bait and switch mechanism for fighting file sharing. Hope you like it.


Commentary: What’s Real and Make-Believe with the RIAA Subpoenas?

By Lisa Rein for OpenP2P.com.

A key issue remains that the RIAA does not even have the right to grant full amnesty in the first place. The songwriters and music publishers that aren’t represented by the RIAA (such as Metallica) could opt to sue infringers on their own. “The RIAA doesn’t have the right to give full amnesty for file sharing. True, they represent 90% of all sound recording copyright owners. But there are still 10 percent out there who could sue you even if you take amnesty program,” said Jason Schultz, a staff attorney at the Electronic Frontier Foundation. “It’s still unclear if amnesty saves you from being sued by the songwriters/music publishers.”
Clean Slate’s Privacy Policy raises other questions. It states that “information provided on the Clean Slate Program Affidavit will be used solely in connection with conducting and enforcing the Clean Slate Program” and not used for “marketing, promotional, or public relations purposes” and will “not be made public or given to third parties, including individual copyright owners,” but then there’s a big exception: “except if necessary to enforce a participant’s violation of the pledges set forth in the Affidavit or otherwise required by law.” This language, translated, means that the affidavit records would in fact be made available to other infringement lawsuits.
“We’re calling it a ‘Shamnesty.’ It’s more like a Trojan Horse than a ‘clean slate.’ It fools you into thinking you’re safe, when the reality is that, if anything, you’re more at risk for participating,” explains Jason Schultz, Staff Attorney for the EFF. “It’s not ‘Full Amnesty’ at all. The agreement doesn’t give file sharers any real peace of mind, because it only covers being sued by the RIAA itself — not any of its member companies. This means that, under the Clean Slate agreement, recording companies, copyright owners, and music publishers can all still sue you. It only means that the RIAA won’t ‘assist’ them in the lawsuit. They are basically getting you to admit to the conduct so your own statement can be used against you later.”


Here is the full text of the article in case the link goes bad:
http://www.openp2p.com/pub/a/p2p/2003/09/11/riaa_supoenas.html
Commentary: What’s Real and Make-Believe with the RIAA Subpoenas?
by Lisa Rein
09/11/2003
What’s real and what’s make-believe about the RIAA’s recent subpoena campaign and it’s newly announced “Amnesty” program?
A recent decision by the 9th Circuit Court of Appeals finds that a party using “patently unlawful” subpoenas to obtain access to another party’s stored electronic communications could be liable for violations of electronic privacy and computer fraud statutes. This could have serious implications for the RIAA’s mass subpoena campaign in that, if such subpoenas were also determined to be “patently unlawful,” for whatever reason, the organization could be held liable under electronic privacy and computer fraud statutes for accessing user data under false pretenses. (Read a summary of the decision.)
Does this mean, if the RIAA’s subpoenas are determined “invalid,” that they are illegally snooping? It’s extremely possible. However, the DMCA subpoena law is new and there aren’t many decisions on it, so the RIAA could try to hide behind the “newness” of the law to avoid liability for misusing it.
If the RIAA’s subpoenas were determined to be “patently unlawful,” file sharers could potentially retaliate with lawsuits for alleged electronic privacy and computer fraud violations if the RIAA’s counsel knowingly misuses the subpoena process in order to gain access to file sharers’ private information.
Any lawyer has the authority as an Officer of the Court to serve anyone they wish with a subpoena, but such authority must not be abused. According to the decision, the subpoena was a clear violation of the Federal Rules. Although Kozinski implies that NetGate should have known that, he also says that even if they didn’t, the lawyers who issued the subpoena should have and therefore knew or should have known they were deceiving NetGate:
“The subpoena power is a substantial delegation of authority to private parties, and those who invoke it have a grave responsibility to ensure it is not abused. Informing the person served of his right to object is a good start, see Fed.R.Civ.P. 45(a)(1)(D), but it is no substitute for the exercise of independent judgement about the subpoena’s reasonableness.”
Most larger ISPs have legal departments, but smaller ones often can’t afford to hire a lawyer, especially for every subpoena they get. In the decision, Kozinski points out that recipients are often being cowed into compliance:
“Fighting a subpoena in court is not cheap, and many may be cowed into compliance with even over broad subpoenas, especially if they are not represented by counsel or have no personal stake.”
Since June 2003, the RIAA’s mass subpoena campaign has been serving ISPs in an attempt to find out the identities of file sharers. So far, 1300 subpoenas are in the EFF database system, and more are being added all the time. “ISPs” ranging from large-scale service providers (such as Comcast, SBC, Time Warner, Verizon, Earthlink, and America Online) to educational institutions (such as New York University, Boston College, MIT, and Columbia) have been served. (View the complete list as compiled by the EFF database.)
Difficult for ISPs, Especially Smaller Ones
The reactions from the ISPs have been varied, depending on the size and caliber of the institution. MIT and Boston College were able to have their subpoenas quashed after it was discovered that they had been incorrectly filed out of jurisdiction. (The RIAA was trying to cut costs by filing all of their subpoenas from a single court in Washington, D.C., when in fact such filings must be done within 100 miles of the offending party.) Some of the larger ISPs, such as Pac Bell and Verizon, have challenged the validity of the subpoenas in any court, asserting that they violate constitutional Due Process and various federal rules and statutes.
Theoretically, subpoenas are filed with discretion, often during “discovery” after a lawsuit has already been filed. However, the DMCA specifically departs from this common practice by allowing the RIAA to issue subpoenas before having to file even a single lawsuit; in fact, all that the RIAA needs to subpoena someone’s personal data is a “good faith belief” that the person is infringing their copyrights, which, when it comes to file sharing, is pretty much every one of the 60 million users, in the eyes of the RIAA. This “pre-emptive” subpoena power is exactly what privacy advocates and defenders of Due Process feel is unconstitutional and inappropriate about the DMCA subpoena provision. This gives the RIAA the right to spy on 60 million Americans, even if it never ends up suing a single one of them.
Because subpoenas are ordinarily filed after a lawsuit has begun, valid subpoenas typically are limited to requesting information related to the subject matter of the lawsuit and the parties to the lawsuit. (This was part of the basis for Judge Brazil’s finding in the Kozinski case — that the subpoenas requested information beyond the scope of the lawsuit.) Parties to the lawsuit are also required to give copies of any subpoena they issue to the other parties. Because of the relevance limitation and the requirement to send copies to others, all affected parties in a litigation get notice if their information is being requested from a third party; this allows them to move to quash any subpoena that might invade their privacy. (As was the case in the Kozinski case.)
However, when it comes to the DMCA’s pre-emptive subpoenas, there is no lawsuit; therefore, there are no opposing parties that the RIAA is required to send copies of the subpoena to. Thus, the users never find out that their information is being sought and never have a chance to oppose, unless the ISP voluntarily notifies them.
Under current law, it’s up to the ISP to notify the customer if they want to. When an ISP is served with one of these RIAA subpoenas, the larger ISPs who have legal counsel, such as Verizon and Pac Bell, would know if the subpoena itself is lawful or not. However, for smaller, “mom and pop” types of ISPs, the subpoenas are often handled by administrative personnel. Often, such ISP won’t even consult legal counsel, for doing so every time could result in large legal bills.
With the RIAA issuing DMCA subpoenas at it’s current rapid rate (over 1500 in the last two months), and taking into account that such subpoenas require a response within seven days, even a well-staffed legal department could not adequately respond to such a barrage of subpoenas. This is another reason that many feel the RIAA should be forced to file lawsuits that would cost them several hundred dollars a person, rather than be allowed to send out mass subpoena mailings that only cost them less than $50 a piece.
How would a file sharer know that their privacy had been violated in this way? The first thing one would have to do is look up their user name or IP address using The EFF’s Subpoena Database Query Tool to see if it shows up in the EFF’s subpoena database. Even if it doesn’t come up in the database, you could ask your ISP directly if they have been served and whether or not they have complied with it. You could ask them what information they’ve made available. The ISP is not under any obligation to tell the user if and what they did, but it’s a good business practice to do so. It could depend on the ISP’s user agreement as well.
Ironically, the DMCA allows the RIAA to subpoena user info pre-suit, but if an ISP refused to tell a user whether or not it had given up their info to the RIAA, the user would have to sue his ISP in order to get that information via discovery.
Computer users are at a significant disadvantage under the DMCA subpoena provision process. If they don’t know they’ve been served, and the ISP just hands over the info and doesn’t tell the user, the user can’t complain about the subpoena being invalid in time to stop the information transfer, and the damage has been done. And if the ISP doesn’t even consult its attorney, it’s not going to complain or challenge the validity of the subpoena.
Legislation has been proposed to require ISPs to notify their customers when a third party has subpoenaed their information. The legislation is mostly meant for state defamation suits where someone has anonymously posted something on a message board or in a chat room. Companies will often subpoena the hosting service to discover the identity of the person. The hosting service is not currently under any obligation to notify the person that their identity is being subpoenaed.
The new law proposed by the Electronic Frontier Foundation (with assistance from the Samuelson Clinic for Law, Technology, and Public Policy at Boalt Hall), would force ISPs to notify their customers and give 30 days to challenge the requests in court. However, such legislation would not have any affect on the DMCA subpoenas, which take place at the Federal level. However, if the law passes, many would like to see this same requirement in the DMCA subpoena provision. Arguably, something of this nature is constitutionally required on Due Process grounds.
Senator Norm Coleman (R-MN) is investigating the techniques and methods used to issue subpoenas and collect information from ISPs, noting that numerous clerks in the U.S. District Court in the District of Columbia have already had to be reassigned just to deal with the paperwork. He requested copies of all of the subpoenas filed by the RIAA and “a description of the methodology the RIAA is using to secure evidence of potentially illegal file sharing by computer users.” According to an interview with Senator Coleman in Future Tense Now Magazine, Coleman’s worried about the disproportionate penalties being proposed by the RIAA (at $100,000 per song) for the kinds of copyright infringement that file sharing sometimes involves. “My concern is to make sure that the penalty fits the crime,” Coleman said, “And that in the end, we’re not wiping out some families’ savings because some kid downloaded, for his own use, some songs over the Internet.”
The “Clean Slate” Amnesty Program
On Monday, September 8, 2003, the RIAA announced that it has filed lawsuits against 261 people. It also announced its “Clean Slate” Amnesty program on MusicUnited.org.
To participate, sharers would fill out the Clean Slate Affidavit stating that all infringing files have been deleted from their computer and all CDs burned from those files have been destroyed. In addition, confessors would pledge to never do it again with the understanding that the penalties would be even more severe if they were caught, because they could then be charged with “willful infringement.”
The affidavits must be notarized, and there must be a separate affidavit for everyone in your household. Sharers under 18 must have the affidavit signed by their parent or guardian. Applicants are also expected to “not allow others to illegally download copyrighted sound recordings to your computer(s).” Only individuals are eligible for the Clean Slate program; businesses, groups, organizations or “entities,” or individuals who traded for payment or commercial purposes may not participate.
In the program description, in exchange for filling out and sending in an affidavit, the RIAA will agree “not to support or assist in copyright infringement suits based on past conduct” for users who meet certain conditions. One of these conditions is the RIAA “has not begun to investigate you by requesting from an Internet Service Provider (ISP), by subpoena or otherwise, identifying information about you.” If users whose information has already been subpoenaed are not eligible for amnesty, this presents a problem for any users wishing to receive amnesty. Under the DMCA, neither the RIAA or the ISP who has been subpoenaed is required to notify the user upon being served, they could unknowingly admit to conduct the RIAA might already be in the process of suing them for.
A key issue remains that the RIAA does not even have the right to grant full amnesty in the first place. The songwriters and music publishers that aren’t represented by the RIAA (such as Metallica) could opt to sue infringers on their own. “The RIAA doesn’t have the right to give full amnesty for file sharing. True, they represent 90% of all sound recording copyright owners. But there are still 10 percent out there who could sue you even if you take amnesty program,” said Jason Schultz, a staff attorney at the Electronic Frontier Foundation. “It’s still unclear if amnesty saves you from being sued by the songwriters/music publishers.”
Clean Slate’s Privacy Policy raises other questions. It states that “information provided on the Clean Slate Program Affidavit will be used solely in connection with conducting and enforcing the Clean Slate Program” and not used for “marketing, promotional, or public relations purposes” and will “not be made public or given to third parties, including individual copyright owners,” but then there’s a big exception: “except if necessary to enforce a participant’s violation of the pledges set forth in the Affidavit or otherwise required by law.” This language, translated, means that the affidavit records would in fact be made available to other infringement lawsuits.
“We’re calling it a ‘Shamnesty.’ It’s more like a Trojan Horse than a ‘clean slate.’ It fools you into thinking you’re safe, when the reality is that, if anything, you’re more at risk for participating,” explains Jason Schultz, Staff Attorney for the EFF. “It’s not ‘Full Amnesty’ at all. The agreement doesn’t give file sharers any real peace of mind, because it only covers being sued by the RIAA itself — not any of its member companies. This means that, under the Clean Slate agreement, recording companies, copyright owners, and music publishers can all still sue you. It only means that the RIAA won’t ‘assist’ them in the lawsuit. They are basically getting you to admit to the conduct so your own statement can be used against you later.”

One thought on “The RIAA Subpoenas and Amnesty Program: What’s Real And What’s Make Believe

  1. nyc99

    On Lisa Rein’s Radar: The RIAA Subpoenas and Amnesty Program: What’s Real And What’s Make Believe

    On Lisa Rein’s Radar: The RIAA Subpoenas and Amnesty Program: What’s Real And What’s Make Believe I’ve written my first article in almost two years! I’ve got the bug again and there will be plenty more where that came from,…

Leave a Reply

Your email address will not be published. Required fields are marked *