September 2008

On September 8, 2003, the recording industry sued 261 American music fans for sharing songs on peer-to-peer (P2P) file sharing networks, kicking off an unprecedented legal campaign against the people that should be the recording industry’s best customers: music fans.1 Five years later, the recording industry has filed, settled, or threatened legal actions against at least 30,000 individuals.2 These individuals have included children, grandparents, unemployed single mothers, college professors—a random selection from the millions of Americans who have used P2P networks. And there’s no end in sight; new lawsuits are filed monthly, and now they are supplemented by a flood of "pre-litigation" settlement letters designed to extract settlements without any need to enter a courtroom.3

But suing music fans has proven to be an ineffective response to unauthorized P2P file-sharing. Downloading from P2P networks is more popular than ever, despite the widespread public awareness of lawsuits.4 And the lawsuit campaign has not resulted in any royalties to artists. One thing has become clear: suing music fans is no answer to the P2P dilemma.

I. Prelude: Sue the Technology

The music industry initially responded to P2P file sharing as it has often responded to disruptive innovations in the past: it sent its lawyers after the innovators, hoping to smother the technology in its infancy. Beginning with the December 1999 lawsuit against Napster, the recording industry has sued major P2P technology companies one after the other: Scour, Aimster, AudioGalaxy, Morpheus, Grokster, Kazaa, iMesh, and LimeWire.5

Although these same technologies were also being used for non-infringing purposes, including sharing of authorized songs, live concert recordings, public domain works, movie trailers, and video games, the record industry has won most of these lawsuits—but it is still losing the war.6 After Napster was shut down, new networks quickly appeared. Napster was replaced by Aimster and AudioGalaxy, which were supplanted in turn by LimeWire, Morpheus and Kazaa, which were then partially supplanted by eDonkey and BitTorrent.7

Meanwhile, the number of filesharers, as well as the number of P2P software applications, has continued to grow. Today, P2P networks that rely on open protocols and open source software flourish independently of any particular software vendor.8 P2P comprises 45% of Internet traffic, in part since technologies like BitTorrent have been adopted for a variety of mainstream legitimate uses.9 In addition, music fans have turned to new, so-called "darknet" solutions, such as swapping iPods, burning DVD-Rs, modifying Apple’s iTunes software to permit downloading of other users’ libraries, and using private online storage networks to send large files to friends.10

Nonetheless, the recording industry, bolstered by the June 2005 Supreme Court decision in MGM v. Grokster, continues to use legal threats to intimidate P2P technology companies.11 Some of those companies, such as iMesh, BearShare and Kazaa have bowed to the legal pressure and agreed to "filter" infringing material from their networks. To little avail: filtered P2P applications have been quickly eclipsed by new, unfiltered alternatives. Indeed, developing unfiltered P2P software is well within the capabilities of small offshore companies, or even individual hobbyist programmers. After all, a college student was able to create Napster in mere months,12 and BitTorrent was largely the handiwork of one unemployed software developer working in his spare time.13 Today, most computer science undergraduates could assemble a new P2P file sharing application in a few weeks time.14

In the meantime, other P2P technology sites have made themselves less vulnerable to legal assault by expanding and drawing attention to legitimate uses of P2P technology. BitTorrent indexing site, for example, has promoted public domain material, and has formed an alliance with Jamendo, an archive of Creative Commons-licensed music from a variety of independent musicians.15

In short, suing the technology hasn’t worked.

II. Phase One: DMCA Subpoenas by the Thousands

Warming Up on College Students

In what would later seem like a prelude to the lawsuit campaign against individual file-sharers, the recording industry sued four college students in April 2003 for developing and maintaining search engines that allowed students to search for and download files from other students on their local campus networks.

The lawsuits named Joseph Nievelt, a student at Michigan Technological University; Daniel Peng, a student at Princeton University; and Aaron Sherman and Jesse Jordan, both students at Rensselaer Polytechnic Institute. The complaint principally alleged that the students were running an on-campus search engine for music, using software such as Phynd, FlatLan, and DirectConnect to search campus local area networks and index files being shared by students using the file sharing protocols included in Microsoft Windows. The complaints also alleged that the students had, themselves, downloaded infringing music.

The students ultimately settled the cases for between $12,000 and $17,500 each. In Jesse Jordan’s case, the settlement amount “happens to be the same amount of money that is the total of his bank account. That is money he has saved up over the course of working three years ... to save money for college.” He later stated that he did not believe he had done anything wrong and had settled to avoid the legal expenses of fighting the lawsuit.

The lawsuits, the first filed against individuals for file sharing, caused an uproar, with both students and university officials expressing dismay at the heavy-handed tactics of the recording industry. At the time, it seemed hard to believe that suing individual college students would soon be standard operating procedure for the recording industry.

In the summer of 2003, the RIAA announced that it was gathering evidence in preparation for lawsuits against individuals who were sharing music on P2P networks.16 As they have for the entirety of the litigation campaign, the RIAA investigators targeted "uploaders"—individuals who were allowing others to copy music files from their "shared" folders. The investigators ran the same software as the other P2P users, searched for recordings owned by their record label masters, and then collected the IP addresses of those who were offering those recordings.17

However, RIAA investigators could not tie an IP address to a name and street address without help from the uploader’s Internet Service Provider (ISP). In order to force ISPs to hand over this information, the RIAA resorted to a special subpoena power that its lobbyists had slipped into the Digital Millennium Copyright Act (DMCA) in 1998.18 Under this provision, a copyright owner is entitled to issue a subpoena to an ISP seeking the identity of a subscriber accused of copyright infringement. In the view of the recording industry’s lawyers, this entitled them to get names and addresses from an ISP with a mere allegation of infringement—no need to file a lawsuit, no requirement of proof, and no oversight by a judge.

Thanks to the efforts of EFF, ISPs and numerous public interest groups, the courts ultimately rejected this unprecedented breach of privacy. The RIAA had begun testing the DMCA subpoena power in 2003, when it delivered a few subpoenas to a variety of ISPs in what was widely viewed as a "test run." Verizon (as well as Charter Communications and Pacific Bell Internet Services) fought back in court to defend the privacy of its customers.19 EFF, alongside a host of public interest and privacy organizations, joined with Verizon to argue that every Internet user’s privacy was at risk if anyone claiming to be a copyright owner could, without ever appearing before a judge, force an ISP to hand over the names and addresses of its customers.20

Unfortunately, Verizon and the privacy advocates lost the first rounds in court. That gave the RIAA the green light to start delivering thousands of subpoenas in order to build a list of potential lawsuit targets. Between August and September 2003, the RIAA issued more than 1,500 subpoenas to ISPs around the country.21

On September 8, 2003, the RIAA announced the first 261 lawsuits against individuals that it had identified using the DMCA subpoenas.22 Among those sued was Brianna Lahara, a twelve-year-old girl living with her single mother in public housing in New York City.23 In order to settle the case, Brianna was forced to apologize publicly and pay $2,000.24

Just as privacy advocates had feared, however, the lack of judicial oversight in the subpoena process resulted in abuses. For example, Sarah Ward, a Macintosh-using Massachusetts grandmother, was accused of using Windows-only Kazaa to download hard-core rap music.25 Although the RIAA ultimately withdrew the lawsuit against her, it remained unapologetic: in the words of an RIAA spokesperson, "When you go fishing with a driftnet, sometimes you catch a dolphin."26

The subpoena power also attracted other, less scrupulous copyright owners. A vendor of hard-core gay pornographic videos, Titan Media, began using the DMCA subpoena process to identify and contact individuals allegedly sharing Titan videos on P2P networks. These targets were contacted by Titan and given the choice of either being named in a (potentially embarrassing) lawsuit, or purchasing the Titan videos in exchange for "amnesty."27 Several observers felt that this tactic bordered on extortion.28

After enduring stinging criticism on Capitol Hill from Senator Norm Coleman, the RIAA changed gears.29 Rather than suing people directly after obtaining their names with DMCA subpoenas, the RIAA began sending threat letters first, giving the accused an opportunity to settle the matter before a lawsuit was filed. In October 2003, the RIAA sent 204 letters to alleged filesharers.30 Most of the targets settled for amounts averaging $3,000.31 The 80 who did not accept the RIAA offer were sued a few weeks later.32

Then the legal landscape changed. On December 19, 2003, a federal appeals court agreed with Verizon that the DMCA subpoena provision did not authorize the RIAA’s "driftnet fishing" tactics.33 The court overturned the lower court ruling and found that the DMCA subpoenas were available only where the allegedly infringing material was stored on the ISPs’ own computers, not for situations involving P2P file-sharing where the material was stored on a subscriber’s individual computer.

The decision brought the RIAA’s mass-subpoena campaign to a halt. If the RIAA wanted to use the federal subpoena power to identify Internet users, it would have to file a lawsuit and conduct its efforts under the supervision of a judge. In other words, the RIAA would have to play by the same rules as every other litigant in federal court.

Nonetheless, by the time the court of appeals decided RIAA v. Verizon, more than 3,000 subpoenas had already been issued.34 More than 400 lawsuits had been brought on the basis of the names obtained with those subpoenas, and hundreds more had settled in response to an intimidating RIAA demand letter.17 Even though the RIAA had used illegal tactics to pursue these lawsuits, none of the defendants who settled received any money back.

III. Phase Two: Mass John Doe Lawsuits

Amnesty or "Sham-nesty"?

Alongside the first 261 lawsuits filed in September 2003, the RIAA also unveiled an “amnesty” program dubbed “Clean Slate.” Filesharers were invited to come forward, identify themselves, delete all their downloaded music, and sign an affidavit promising to stop any unauthorized music sharing. In exchange, the RIAA promised not to sue the repentant filesharer.

On further examination of the fine print, however, it became clear that the RIAA “amnesty” program delivered considerably less than it promised. First, because the RIAA does not itself own any copyrights (those are held by the record labels and music publishing companies), the RIAA was unable to deliver any meaningful protection from civil copyright lawsuits. The RIAA’s member companies, as well as songwriters and music publishers, would remain free to sue the filesharers who stepped forward. In addition, the RIAA reserved the right to turn over the information it gathered in response to any valid subpoena from a copyright owner.

The RIAA’s offer, moreover, only applied to individuals who had not been sued and were not “under investigation.” Because it was impossible to know in advance who the RIAA was already investigating, those who came forward to sign the affidavit took the risk that they would incriminate themselves and yet be ineligible for the amnesty.
These disparities between the RIAA’s public characterizations of its Clean Slate program and what the program actually delivered led Eric Parke to file a false advertising lawsuit against the RIAA. In the words of the complaint, Clean Slate was “designed to induce members of the general public . . . to incriminate themselves and provide the RIAA and others with actionable admissions of wrongdoing under penalty of perjury while (receiving) . . . no legally binding release of claims . . . in return.”

In April 2004, the RIAA voluntarily eliminated the Clean Slate program, concentrating their efforts on filing lawsuits against individual file-sharers. In the end, only 1,108 people signed the Clean Slate affidavit.

On January 21, 2004, the lawsuit campaign entered a new phase when the RIAA announced 532 new "John Doe" lawsuits.35 In these lawsuits, the record label lawyers sued unidentified "John Doe" uploaders that investigators had traced to an IP address. After filing the lawsuit, the record labels would ask the court to authorize subpoenas against the ISPs. After delivering these subpoenas and obtaining the real name of the subscriber behind the IP address, the record label lawyers would then either deliver a letter demanding a settlement or amend their lawsuit to name the identified individual.

This procedure was a distinct improvement over the DMCA subpoenas because it required the RIAA investigators and lawyers to follow the same rules that apply to all civil litigants. It injected judicial oversight into the process and afforded innocent individuals the opportunity to challenge the subpoenas. It did not, however, stop the lawsuits.

The RIAA filed 5,460 lawsuits during 2004, ringing in the new school year with a wave of suits against university students and bringing the total number of lawsuits to 7,437.36 By the end of 2005, the total number of suits had swelled to 16,087.37 In February 2006, at which point 17,587 had been sued, the RIAA stopped making monthly announcements regarding the precise number of suits being filed. As a result, it is now impossible to get an exact count of the total number of lawsuits that have been filed. The lawsuits, however, have continued, with the RIAA admitting in April 2007 that more than 18,000 individuals had been sued by its member companies,38 and news reports showing the number as of October 2007 to be at least 30,000.39

Most lawsuit targets settle their cases for amounts ranging between $3,000 and $11,000. They have little choice—even if an individual has a defense, it is generally more expensive to hire a lawyer to fight than it would be simply to settle. Ignoring the lawsuit can also be more expensive than settling; at least one court has entered a default judgment of $6,200 against a defendant who failed to contest the lawsuit.40

Moreover, even the best defense involves some risk of loss, and a loss could result in a major financial penalty. One court awarded a $22,500 judgment against a Chicago woman who attempted to fight the lawsuit against her.41 Another awarded a $40,850 judgment against an Arizona man who tried to defend himself without a lawyer.42 And in the first filesharing case to go to trial, Jammie Thomas, a single mother of two, was found liable for $222,000 in damages for sharing 24 songs on Kazaa.43 In a ruling granting Thomas’ request for a new trial one year later (on other grounds), the judge in the case implored Congress to revise the Copyright Act to lower statutory penalties for individual, noncommercial infringers.44

IV. Personal Effects = Devastating

There is no question that the RIAA’s lawsuit campaign is unfairly singling out a few people for a disproportionate amount of punishment. Tens of millions of Americans continue to use P2P file sharing software and other new technologies to share music, yet the RIAA has randomly singled out only a few for retribution through lawsuits. Unfortunately, many of the people in this group cannot afford either to settle or to defend themselves.

Take, for example, the case of the Tammy Lafky, a 41-year-old sugar mill worker and single mother in Minnesota. Because her teenage daughter downloaded some music—an activity both mother and daughter believed to be legal—Lafky faced over $500,000 in penalties. The RIAA offered to settle for $4,000, but even that sum was well beyond Lafky’s means—she earned just $21,000 per year and received no child support.45

Or consider the case of the defendant who faced the $22,500 judgment discussed above, Cecilia Gonzalez. Gonzalez, a mother of five, was hit with the judgment just two weeks after she was laid off from her job as a secretary—a job where she made not much more than that amount in an entire year. Ironically, Gonzalez primarily downloaded songs she already owned on CD—the downloads were meant to help her avoid the labor of manually loading the 250 CDs she owns onto her computer. In fact, the record companies were going after a steady customer—Gonzalez and her husband spent about $30 per month on CDs.41

Gonzalez is not the only good customer the RIAA has chosen to alienate. The organization also targeted a fully disabled widow and veteran for downloading over 500 songs she already owned. The veteran’s mobility was limited; by downloading the songs onto her computer, she was able to access the music in the room in which she primarily resides. The RIAA offered to settle for $2,000—but only if the veteran provided a wealth of private information regarding her disability and her finances.46

Prof. Gerardo Valecillos, a Spanish teacher and recent immigrant from Venezuela, faced another kind of blackmail. After his ISP advised him that his daughter had illegally downloaded music, Valecillos contacted a lawyer. The lawyer negotiated a $3,000 settlement figure, but that was still far more than Valecillos was able to pay. The sole support for his family of four, Valecillos had recently undergone surgery and been forced to pay legal fees for both a copyright and immigration attorney. Failing to settle could have jeopardized his immigration status.47

In yet another instance, Cassi Hunt, a student at M.I.T. sued for illegally sharing music, attempted to negotiate the RIAA’s proposed settlement price of $3,750. Hunt pointed out that she was already in debt to cover tuition. The RIAA’s response? Its representative suggested that she drop out of school in order to pay off the settlement.48

The RIAA has also failed to verify that its targets are actually current file-sharers. John Paladuk was an employee of C&N railroad for 36 years and suffered a stroke in 2006 which left his entire left side paralyzed, and severely impaired his speech, leaving him disabled with his disability check as his only source of income. Despite this, the RIAA has filed suit in Michigan against Mr. Paladuk, even though he lived in Florida at the time of the alleged infringement and has no knowledge of file sharing.49 One Florida college senior was named in a civil case based on downloads that had occurred two to three years before, from a computer she then shared with her three roommates. The computer was long gone, making any investigation into the circumstances difficult at best. Fearful of leaving college with a damaged credit record, the student believed that she had no choice but to meet the RIAA’s demand.50

Indeed, we many never know how many entirely innocent people have been caught in the net of the recording industry lawsuits and forced to settle in order to avoid the legal fees involved with defending themselves. In addition to Sarah Ward, the grandmother wrongly accused in the very first round of lawsuits, the RIAA in early 2005 sued Gertrude Walton of Mount Hope, West Virginia, who had passed away months before.51 In yet another case, Lee Thao of Wisconsin was sued for sharing files when both the RIAA and the ISP overlooked the fact that Mr. Thao was not actually a customer of the ISP at the time of the alleged infringement, though his old cable modem remained registered to his name.52 Although these suits were ultimately dismissed, it raises troubling questions about how many others have been misidentified in the lawsuit campaign.

V. Fighting Back

While the majority of lawsuit victims continue to settle or default rather than face the expense of litigation, some accused filesharers are fighting back. In particular, parents have succeeded in dismissing suits where their children were the ones responsible for the file sharing. Indeed, one such parent was able to recover attorney’s fees for the initial suit.53

In May 2005, accused file-sharer Candy Chan moved to dismiss the record companies’ lawsuit against her on the ground that the RIAA had sued the wrong person. The RIAA was forced to withdraw the case, though it later filed a new lawsuit against Ms. Chan’s 14-year-old daughter.54 This suit was also eventually dismissed in April of 2006 after the RIAA requested that a legal guardian be appointed for Ms. Chan’s daughter, but then refused to pay for such a guardian as ordered by the court.55

In August 2005, Patricia Santangelo, a single mother of five, moved to dismiss the lawsuit filed against her by several record companies.56 Santangelo says that she was not aware that there was a file sharing program on her computer, and that the file sharing account named in the lawsuit belongs to a friend of her children. The case was dismissed in April of 2007, with the opportunity for Ms. Santangelo to pursue her claim for attorney’s fees.57 The RIAA responded by suing her son and daughter, based on alleged evidence from the first case.58 When Michelle, the daughter, refused to respond, a default judgment was entered against her for $31,000. However, the judge vacated the judgment, saying he preferred cases be decided on their merits.59

A federal judge recently ruled that an RIAA boilerplate complaint could not support a default judgment, which is a court order for money damages against a defendant who doesn't show up, essentially forfeiting his chance to defend himself.60 This may make it more difficult for the recording industry to collect large judgments against individuals who are unable to afford lawyers to appear in court on their behalf.

Even RIAA "victories" are sometimes short lived. In October 2007, in the first case to reach a jury trial, a Minnesota jury found that Jammie Thomas had infringed copyright by sharing 24 songs and awarded the record company plaintiffs $222,000 in damages. In September 2008, however, the judge threw out the verdict, citing an erroneous jury instruction that stated that Ms. Thomas could be liable for distribution based on the presence of music files in a shared folder, whether or not anyone ever downloaded any of the 24 songs from her computer.44 The ruling joins two others that have rejected the RIAA’s "making available" theory.61

The RIAA’s pre-lawsuit investigations have also come under fire. After having his case dismissed, Rolando Amurao countersued for a declaration of non-infringement and a finding of copyright misuse.62 In the process, he challenged MediaSentry, the company the RIAA often hires to monitor and catch suspected filesharers. He claimed that they acted as a private investigator without the proper license.63 The judge rejected these claims, but Amurao is appealing.64

Amurao was not alone in his concerns. Academics have raised serious questions about the accuracy of RIAA investigators’ results, which is especially important given that their information often forms the bulk of evidence in RIAA lawsuits.65 A 2008 study by researchers at the University of Washington revealed that DMCA takedown notices are sent based on inconclusive evidence—and sometimes even to printers and other devices that do not download music or movies at all.66 And the RIAA has admitted that it bases its DMCA notices to universities and colleges solely on identifying files as "available" for sharing—even though, as discussed above, three courts have found that the presence of a file in a shared folder is not itself proof of infringing distribution.

MediaSentry, the investigators relied upon most frequently in these cases, is also facing investigation by various governmental entities. In North Carolina, it is being investigated by the North Carolina Private Protective Services Board, which controls private investigator licenses.67 In Massachusetts, it has been ordered by the state to cease and desist unlicensed private investigations.68 And Michigan has passed a law requiring computer forensics groups like MediaSentry to obtain a license.69 Finally, defendants in Oregon, Florida, Texas, New York have challenged RIAA investigators for operating without a license.70 Also, the Oregon Attorney General has launched an investigation on their practices without a license, expressing concerns about the extensive use of evidence obtained by MediaSentry to force quick settlements, without court scrutiny.71

VI. Phase Three: Targeting Higher Education

On February 28, 2007, the RIAA announced a new "deterrence and education initiative" targeting college students nationwide.72 Under this new initiative, instead of initiating lawsuits, the RIAA sends out hundreds of "pre-litigation" letters each month to a variety of universities with the request that they forward these letters to unidentified students.73 These letters identify the IP address of the accused infringer, threaten future legal action with damages upwards of $750 per song, and offer a deal in the form of a "reduced" settlement if the student comes forward and pays the non-negotiable amount (around $3,000) within 20 days of receiving the letter.74 If the students does not respond to the pre-litigation settlement offer, then the labels file a traditional "John Doe" suit.75 In the first six months of this new initiative, the RIAA targeted 2,926 college students at nearly 100 different campuses across the United States.76 Within a year, the RIAA had sent over 5,400 letters to 160 different schools.77 The RIAA has allegedly collected millions in this pre-litigation settlement campaign.78

The campaign has been supplemented with the creation of a new website, At the website, those receiving pre-litigation letters can simply settle their cases by paying the settlement with a credit card, without any aspect of the case ever entering the legal system. This in turn saves the recording industry the substantial costs of actually having to file and pursue a "John Doe" suit. The "reduced" settlement amount, in other words, represents the record companies’ savings from cutting out the middleman—our justice system. At the same time, the costs saved by the RIAA in not filing an actual suit can then be applied towards targeting more students with pre-litigation letters.

The RIAA has put special effort into getting universities to deliver these pre-litigation letters. However, university responses to this effort have been varied, ranging from complete refusal to forward pre-litigation letters to students, to fining students upon receipt. Since the letters are sent under threat of legal action, but before any lawsuit commences, the colleges themselves are under no legal obligation to forward these letters to students who have been targeted. The University of Wisconsin, the University of Maine and the University of Kansas, for example, have refused to forward the pre-litigation letters, citing a refusal to be the RIAA's "legal agent."79

Stanford University in California has taken the opposite tack. Not only do they forward on such letters, but starting in September 2007, the university began charging students for complaints they receive from the RIAA. The first offense comes with a $100 reconnection fee unless the student responds within 48 hours, the second a $500 fee, and $1,000 for the third.80 Other schools are taking similar steps.81 Most universities, however, appear to be forwarding RIAA pre-litigation letters on to their students, apparently on the assumption that a student will be better off settling sooner, at the "discounted" rate, rather than later.

Some students targeted by the RIAA have gone to court, with mixed success.82 University of Maine law students are fighting not only to stop a particular set of subpoenas, but to bar the RIAA from bringing such suits in the future without good faith evidentiary support.83 Other students are getting support from their universities.84 The University of Oregon has been fighting subpoenas with help from Oregon's Attorney General (who also argues that RIAA tactics may be illegal under state law.)85 The University of San Francisco's legal clinic has sought to advise members of the public in addition to students targeted by RIAA lawsuits.86 The University of Central Arkansas defies the RIAA in another way, by designing their network so that IP addresses change constantly and are not recorded; as a result, even with a subpoena there is no way to find out who did what on their network, so no act can be tied to a specific person.87

Meanwhile, not content with using the judicial process, the RIAA has used its lobbying power to put intense pressure on universities to use filtering and other technologies to stop P2P file-sharing. In May 2007, members of Congress from both parties on the House Judiciary and the Education and Labor Committees sent a letter to 20 universities requesting that they respond to an extensive survey asking about their policies regarding network file sharing.88 These were universities previously targeted by the RIAA and the MPAA in their Top-25 list of "worst offenders." The letter threatened "unspecified repercussions" if the universities did not provide "acceptable answers" to the survey, which included questions such as: "Does your institution expel violating students?"

One year later, after months of intensive wrangling, Congress passed the Higher Education Act (HEA), which included a provision requiring campuses to develop "plans to effectively combat the unauthorized distribution of copyrighted material, including through the use of a variety of technology-based deterrents." However, the Common Solutions Group, a consortium of 25 educational institutions, looked at the leading "infringement suppression" technologies and concluded that they were expensive, not very effective, and could suppress legitimate as well as infringing traffic.89 And, the Association for Computing Machinery found that the mandatory use of these technological deterrents would "add to the costs of education and university research, introduce new security and privacy issues, degrade existing rights under copyright, and have little or no lasting impact on infringement of copyrighted works."90

VII. Is it Working?

Are the lawsuits working? Has the arbitrary singling out of nearly 30,000 random American families helped promote public respect for copyright law? Have the lawsuits put the P2P genie back in the bottle or restored the record industry to its 1997 revenues?

After five years of threats and litigation, the answer is a resounding no.

By the Numbers: U.S. File-sharers Undeterred

How many Americans continue to use P2P file sharing software to download music? Because of the decentralized nature of P2P networks, it is extremely difficult to answer this question definitively. However, virtually all surveys and studies agree that P2P usage has grown steadily since the RIAA’s litigation campaign began in 2003.

For example, at the end of 2004, a group of independent computer scientists at UC San Diego and UC Riverside published a study aimed at measuring P2P usage from 2002 through 2004. Drawing on empirical data collected from two Tier 1 ISPs, the researchers concluded:

In general we observe that P2P activity has not diminished. On the contrary, P2P traffic represents a significant amount of Internet traffic and is likely to continue to grow in the future, RIAA behavior notwithstanding.91

The methodology employed by the researchers had several advantages over the survey-based approaches that had been used in earlier studies. The empirical data eliminated the self-reporting bias that is an inevitable part of surveys, a bias that was almost certainly exacerbated by the high-profile lawsuit campaign. In addition, by measuring traffic at the link level, the study was able to track file sharing that may not show up otherwise due to the use of alternate ports.17

Other empirical data has continued to support the UC researchers’ findings. Big Champagne, for example, monitors the peak number of U.S. users of several P2P networks. Its numbers are accurate enough to be used by major record labels, Billboard, Entertainment Weekly, and Clear Channel to monitor the popularity of various artists on those networks.92 Big Champagne’s network monitoring indicates that the amount of traffic on P2P networks doubled between September 2003 (when the lawsuits began) and June 2005.93 The average number of simultaneous users in June 2005 reached 8.9 million, a 20% increase over the previous year. In May 2006 Big Champagne logged a whopping 10 million, 12% more than the previous year.94 American users accounted for 75% of those on P2P networks.17 The NPD Group, a marketing research firm, announced that 15 million U.S. households downloaded from P2P networks in 2006, with total P2P file sharing volume up 50% from 2005.95

Data from BayTSP, which monitors P2P file sharing networks in order to provide copyright enforcement services to major motion picture studios and record labels, also indicate that P2P file sharing continued to grow despite the RIAA lawsuit campaign.96 In particular, BayTSP’s statistics highlighted the growth of newer P2P networks, such as eDonkey, at the expense of incumbent networks, like Kazaa.97

The growth in P2P popularity continued in 2007 and 2008. Big Champagne reports that the average number of simultaneous users on P2P networks swelled to 9.35 million in 2007.98 The NPD’s 2007 Digital Music Study found that while the percentage of the population engaged in P2P file sharing stayed constant, the number of files each user downloaded increased throughout 2007—and that P2P music sharing continued to grow aggressively among teens.99 These numbers likely understate the frequency of P2P downloading, given that NPD's numbers are based on data from users who know they are being monitored. Other data suggests that consumers now consider P2P file-sharing applications to be a necessity on their PCs.100 According to a February 2007 report by the Digital News Research Group, 18.3% of all computer desktops worldwide had LimeWire installed.101

A few early surveys of Internet users contradicted these numbers. For example, in November and December 2003, researchers at the Pew Internet and American Life Project called 1,358 Internet users across the nation to ask them whether they continued to download music.102 In March 2003, prior to the RIAA lawsuits, 29 percent of those responding admitted downloading songs from the Internet. This number fell by half, to only 14 percent, in the November/December survey. Many pointed out, however, that this dramatic shift might have been caused by an increased reluctance to admit downloading in light of the widely publicized RIAA lawsuits. In other words, the widespread publicity attending the RIAA lawsuits may have encouraged the respondents to be more willing to lie about their downloading activities. Pew’s own investigators admitted that the publicity may have influenced their results.103 Indeed, a survey conducted by the NPD Group showed that, overall, P2P file sharing was on the rise in November of 2003, gaining 14% over September’s numbers.104

At any rate, the decrease shown by Pew’s early surveys soon reversed itself. By February 2004, Pew’s survey showed an increase in downloading, partially due to the rise of authorized download services and partly due to increased P2P file sharing.105 By Pew’s own conservative estimates, six months after the RIAA lawsuits began, more than 20 million Americans continued to use P2P file sharing software—a number amounting to 1 in 6 Americans with Internet access.106

While it is hard to precisely measure the use of P2P and the amount of illegal file sharing in the U.S., one thing is clear: after more than 30,000 RIAA lawsuits, tens of millions of U.S. music fans continue to use P2P networks and other new technologies to share music. The lawsuit campaign has not succeeded in driving P2P out of the mainstream, much less to the fringes, of the digital music marketplace. Moreover, by most accounts P2P usage is growing rapidly in the rest of the world, where the RIAA has not been able to replicate the scale of its lawsuits against Americans of all ages and backgrounds.

In fact, there are signs that even the record companies that have contributed millions to anti-piracy trade groups are growing disenchanted with the ineffectiveness and bad press their efforts have brought.107 A Sony executive called the anti-P2P litigation a "money pit."108 One of the "big four," EMI, has threatened to cut its funding to the record industry’s international trade group almost entirely.109 Others are considering legal action to collect on P2P settlement money the RIAA collected but never distributed to artists.110

While the RIAA's assault on P2P goes on, a substantial amount of illegal music copying occurs beyond the realm of P2P networks altogether, leaving the recording industry with little recourse. A 2006 poll by the Los Angeles Times revealed that 69% of 12-17 year-olds felt that it was legal to copy a CD or DVD they owned and give it to a friend.111 A May 2007 NPD Group survey found that "the social ripping and burning of CDs among friends—which takes place offline and almost entirely out of reach of industry policing efforts—accounted for 37 percent of all music consumption, more than file sharing."112 RIAA head Mitch Bainwol has publicly acknowledged that CD ripping is becoming a more serious problem than P2P file sharing.113 At the same time, more and more users are turning to new Internet technologies like instant messaging, modified versions of iTunes, or private or semi-private networks to exchange files, leaving this traffic unaccounted for by most empirical metrics.

Education by Lawsuit: Lesson Learned and Ignored

The RIAA has frequently justified the lawsuit campaign as the most effective way to get music fans to understand that downloading is illegal and can have serious consequences.114 In the words of top RIAA lawyer, Cary Sherman, "Enforcement is a tough love form of education."115 There is some evidence to support this view. After all, in light of the early headlines in most major media outlets, it would be remarkable if the lawsuits had failed to increase awareness of the record industry’s view that file sharing constitutes copyright infringement. An April 2004 survey revealed that 88% of children between 8 and 18 years of age believed that P2P downloading was illegal.116 At the same time, the survey also discovered that 56% of the children polled continue to download music. In fact, the children surveyed were more concerned about computer viruses than about being sued by the record industry. Another April 2004 survey, this one focusing on college-bound high school students, found that 89% of high school students continued to download music despite believing that it was against the law.117 This number decreased slightly in a 2006 survey by Piper Jaffrey that found that of 79% of high school students who obtain their music online, 72% use P2P networks to do so.118 In short, the RIAA’s "tough love" message has been delivered, and largely ignored.

The "educational" value of the litigation campaign is also diminishing because it has become "business as usual." Media coverage of the continuing lawsuit campaign has largely dissipated, with stories about the lawsuits migrating from the front to the back pages to not being covered at all.119 Indeed, in early 2006 the RIAA gave up its monthly press releases announcing how many individuals were being sued.

If the goal of the RIAA was to increase awareness of the copyright laws, that mission has been accomplished, albeit at the expense of financial hardship to nearly 30,000 arbitrarily chosen individuals. But as press attention fades, the "bang for the buck" provided by suing randomly-chosen filesharers has diminished as well.120 In other words, if the lawsuits are to continue indefinitely, they cannot be justified as an "educational" measure.

Going After the Fans = Unnecessary Roughness

According to the RIAA’s public statements, its lawsuits against individuals were necessitated, in part, by court rulings that blocked record labels from going after P2P technology vendors. That justification has disappeared as well. In June 2005, the Supreme Court announced a new "inducement" doctrine that permits the imposition of liability against anyone "who distributes a device with the object of promoting its use to infringe copyright, as shown by clear expression or other affirmative steps taken to foster infringement."

The RIAA characterized the MGM v. Grokster decision as "the dawn of a new day—an opportunity that will bring the entertainment and technology communities even closer together, with music fans reaping the rewards."121 Presumably, one of those "rewards" could have been the end of the lawsuit campaign. Instead, just two days after the Supreme Court’s ruling, the RIAA announced a new wave of lawsuits against 784 music fans.17

What About iTunes? A Drop in the Bucket

Some have justified the lawsuit campaign as a necessary "stick" designed to complement the "carrot" of authorized music services. The notion is that the fear of lawsuits will drive music fans to services like Apple’s iTunes Music Store, where they will be hooked on 99 cent downloads and abandon the P2P networks.

Certainly, some music fans are finding what they want at the authorized music services and download stores. Digital sales account for 30% of revenues in the U.S. music market.122 Apple’s iTunes Music Store, with 5 billion sales since its inception, is now the largest music retailer in the U.S.123

But the volume of downloads sold to date continues to pale when compared to the number of files swapped over P2P networks.99 The recording industry’s own international industry group, the IFPI, estimated in 2008 that there were 20 unauthorized downloads for every legitimate download purchased—in other words, as of January 2008, 95% of all digital music downloads were from unauthorized sources.124 In short, all of the authorized music services together do not yet amount to a drop in the digital music downloading bucket.

Developments in 2007 and 2008 suggest that the record industry is finally beginning to focus more on the "carrot" by making authorized music services more attractive, rather than relying solely on the "stick" of lawsuits. For example, all the major labels have finally released part or all of their catalogs in DRM-free format.125 However, DRM is still present on much of the iTunes library, and has not been relaxed on subscription services like Rhapsody.126 The major labels have also licensed on-demand streaming services like iMeem, LaLa, and Myspace Music, which allow music fans to listen on-demand to a broad inventory of music. These initiatives hold more promise for luring music fans away from P2P filesharing than the lawsuit campaign.

Incubating New "Darknet" Technologies

The RIAA lawsuit campaign may also be encouraging music fans to migrate to file sharing technologies that will be more efficient for users and harder for the RIAA to infiltrate. To the extent filesharers are worried about the RIAA lawsuits, many are simply opting to continue downloading while refraining from uploading (this is known as "leeching" in the lexicon of the P2P world).127 Because the RIAA lawsuit campaign has, thus far, only targeted uploaders, "leechers" can continue downloading without apparent risk. Given the global popularity of P2P, there is no shortage of offshore uploaders.

In response to the RIAA lawsuits, many filesharers are also beginning to opt for new file sharing technologies that protect their anonymity. Software such as DirectConnect, WASTE, AllPeers, and Wuala offer secure, encrypted file sharing capabilities to groups of friends.128 Infiltrating these private P2P circles is much more difficult than simply trolling public P2P networks. Other technologies, such as MUTE, Freenet, the I2P Network, and JAP provide file sharing capabilities in a context that protects the anonymity of the uploader.129 In these networks, the content is encrypted and copied through a number of intermediate points in a manner that obfuscates its source. Surveys also suggest that as many as 25% of downloaders are opting to share using the "buddy list" and file sharing capabilities in popular instant messaging clients, or by email.130

Internet-based file sharing, moreover, may soon be supplanted by hand-to-hand file sharing. As noted, burning and exchanging CDs among friends is commonplace. In fact, 20% of downloaders have copied files directly off another's MP3 player.17 In Britain, the average teenager has over 800 illegally copied songs on their digital music player, mostly copied from friends.131 Furthermore, the cost of digital storage media is falling rapidly, while capacity has risen substantially in the past few years. Blu-Ray's recordable formats, BD-R and BD-RE, are capable of storing between 25 and 50 GB per disc, for which PC-based burners have been available since July 2006.132 TDK has even showcased a BD-R disc capable of storing 100 GB.133 Hard drives also continue to fall in price and expand in capacity. As of September 2008, a 1 terabyte drive can be had for about $120, offering music fans the ability to collect and share extremely large music collections from and among their extended circle of friends and acquaintances. USB flashdrives, which now offer for a few dollars as much capacity as the first-generation iPod did in 2001, have also become popular, providing another convenient means for quickly sharing files.

What to Do Instead

The RIAA’s lawsuit campaign against individual American music fans has failed. It has failed to curtail P2P downloading. It has not persuaded music fans that sharing is equivalent to shoplifting. It has not put a penny into the pockets of artists. It has done little to drive most filesharers into the arms of authorized music services. In fact, the RIAA lawsuits may well be driving filesharers to new technologies that will be much harder for the RIAA’s investigators to infiltrate and monitor.

This failure should not come as a surprise. The conflict between copyright owners and new ways of distributing music is not new, but is rather the historical norm. Every new innovation from the past century – moving pictures, player pianos, radio, and television, to name a few – has sparked a new conflict between those in a better position under the old scheme and those who stand to benefit by updating copyright law in light of new technologies. However, these compromises take a long time to form and build into legislation, and even then the negotiations often omit the most important interests: those of the fans.

There is a better way. EFF advocates a voluntary collective licensing regime as a mechanism that would fairly compensate artists and rightsholders for P2P file sharing.134 The demand is there: for example, a recent survey showed 80% of teens are interested in a good legal P2P solution.135 The concept is simple: the music industry forms one or more collecting societies, which then offers file sharing music fans the opportunity to "get legit" in exchange for a reasonable regular payment, say $5 per month. So long as they pay, the fans are free to keep doing what they are going to do anyway—share the music they love using whatever software they like on whatever computer platform they prefer—without fear of lawsuits. The money collected gets divided among rightsholders based on the popularity of their music. In exchange, file sharing music fans who pay (or have their ISP or software provider or other intermediary pay on their behalf) will be free to download whatever they like, using whatever software works best for them. Universities, for example, could obtain blanket licenses for their campus, solving problems with copyright holders and ensuring freedom of access in our nation's centers of innovation.136 The more people share, the more money goes to rights-holders. The more competition in P2P software, the more rapid the innovation and improvement. The more freedom for fans to upload what they care about, the deeper the catalog. This model is currently being explored by some of the major labels.137

This has been successfully done before. For decades, "collecting societies" like ASCAP, BMI and SESAC have been collecting fees from radio stations, performance venues, bars and restaurants. Once the fee is paid, these establishments are entitled to play whatever music they like, from whatever source, as often as they like. Music fans today deserve the same opportunity to pay a fee for the freedom to download the music they love.

Some lawsuits would still be necessary, the same way that spot checks on the subway are necessary in cities that rely on an "honor system" for mass transit. But the lawsuits will no longer be aimed at singling out music fans for multi-thousand dollar punishments in order to "make an example" of them. They will no longer be intended to drive fans into the arms of inferior alternatives.

Instead, the system would reinforce the rule of law—by giving fans the chance to pay a small monthly fee for P2P file sharing, a voluntary collection system creates a way for fans to "do the right thing" along with a realistic chance that the majority will actually be able to live up to the letter of the law.

To be clear, the system should be voluntary. Making it a tax on all broadband connections, for example, would not only be unfair to fans, but reduce much-needed industry transparency by denying artists the chance to choose which society to join.136 Further, the artificial constraints on technological innovation that have slowed new ways to interact with content will be gone. As a result, new or improved products will arrive in consumers' hands sooner. This increased demand for content is as beneficial for copyright holders as for fans, provided they are creative enough to adapt their business models to take advantage of this freer environment.

Five years into the RIAA’s campaign, it has become all too clear (if there were ever any doubt) that suing music fans is not a viable business model for the recording industry. With courts, state watchdogs and the RIAA’s own members questioning the tactics of the campaign, it is time for the industry to embrace a new model that can help artists get paid and help fans access and share the music they love.