What Will It Take to Stop File Sharing?

by on December 4, 2008 · 33 comments

It’s becoming increasingly clear to me that vigorous prosecution of the war on file sharing will lead to some deeply illiberal results. And our good friends at the Progress and Freedom Foundation’s Center for Digital Property periodically write things that confirm the point. Former PFFer Patrick Ross, for example, has compared the war on file sharing to America’s “lax” approach to drug law enforcement. And last year Jim DeLong made the argument that stopping file sharing will require copyright laws so draconian that they will make today’s laws, including the DMCA and lawsuits against 12-year-olds, look “ridiculously permissive.”

PFF’s new copyright guru, Tom Sydnor, seems to be equally enthusiastic about using ever-more-draconian legal penalties and restrictions on civil liberties in order to back up his vision of copyright. His latest target is online anonymity, as he argues that Boston University is guilty of “incompetence” for allowing anonymous communications on its network:

For those seeking to enforce federal laws or rights other than copyrights, this order is all bad news. London-Sire suggests that BU has made its campus network into a de-facto safe harbor for anyone using the Internet to commit any crime. It would seem that terrorists, pedophiles, phishing-scheme operators, hackers, identity thieves, and copyright pirates who can access the Internet through BU’s network now have a get-out-of-jail-free card–a judicial decision holding that any identifying data provided by BU is too hopelessly unreliable to support so much as the filing of a civil lawsuit.

What’s amazing about this argument is that it proves way, way too much: it applies to any network provider that allows customers to communicate without identifying themselves first. So, for example, the Panera down the street from me offers anonymous, free WiFi access. Terrorists, pedophiles, phishing-scheme operators, hackers, identity thieves, and copyright pirates can walk into Panera, commit a variety of crimes, and walk out, and in all likelihood Panera won’t be able to provide the police with any useful information about the culprit. (Panera might have logs showing the user’s MAC address, but these are not easy to match to an individual, and they can be spoofed anyway)

The same argument can be made about thousands of coffee shops, hotels, public libraries, and the millions of people with open WiFi networks. If we’re going to hold ISPs liable for the actions of their anonymous users, the practical result will be dramatically fewer ISPs willing to take that risk. Say goodbye to anonymous wireless access in all of those places, because businesses just can’t take the risk of being held liable for child pornography.

There are two problems with this. First, anonymous speech is an important right protected by the First Amendment, and we should be concerned about laws that make it dramatically more difficult for people to exercise this right. Second, this kind of crack-down won’t actually work. The Internet is just too big to pro-actively keep criminals off of it. People with a strong interest in avoiding getting caught will still find untraceable ways to access the Internet (such as tunneling through an offshore proxy server), while law-abiding users will find it a much bigger hassle to check their email.

What I find most striking about Tom’s post is that advocates of copyright maximalism are becoming increasingly candid about the tensions between their vision of copyright law and traditional civil liberties like privacy and due process of law. Patrick is right that the war on file sharing is like the war on drugs: there’s just no way to stop it without shredding our civil liberties in the process. Personally, I think our civil liberties are more important, and I’ve suggested changes to copyright law that would return it to its traditional focus on commercial activity. Tom seems to be on the other side of the divide, and while I don’t agree with him, I have to give him credit for being candid about the costs of his preferred policy.

  • http://cabalamat.wordpress.com/ Cabalamat

    The PFF are paid shills for the RIAA — just look at where their money comes from.

  • http://blurringborders.com Kevin D

    Great post, Tim.

  • http://www.rentecdirect.com Martin

    I'm not entirely sure the types of file sharing this article is referencing; however, if software developers cannot make their software share-proof, then shame on them. If movie publishers don't want their movie shared online, then they shouldn't release it in the first place. All the effort going into stopping it for the tiny fraction of people who share files, is probably far more cost than it ever provides in results.

    It's been proven various times that by having movies and tv shows available online actually IMPROVES their performance when they air. Battlestar is a prime example. It aired overseas first, but US viewers watched it online. The resulting ratings it got when it did air in the US were far above expected because of this.

  • http://srynas.blogspot.com/ Steve R.

    “If we’re going to hold ISPs liable for the actions of their anonymous users, the practical result will be dramatically fewer ISPs willing to take that risk.”

    Holding ISPs liable points to an extremely serious concern. By what right does person (corporation) A have to force another person (corporation) B to protect A's personal/corporate property. NONE.

    Not only do you not have a personal right to force a third person to protect your property, but we have the whole issue of due process. If someone goes to an ISP and demands that the ISP filter XXXX, how is the ISP to know if the assertion is even valid? Suppose it is not valid, how would the wronged party obtain redress?

    Finally, this is the slippery slope. If we establish that ISP's have a responsibility to protect corporation X then why not corporation Z, then why not “Save the Children, INC”. There will be no end. As you note: “there’s just no way to stop it without shredding our civil liberties in the process”

  • http://zgp.org/~dmarti/ Don Marti

    Why is nobody on the anti-file-sharing side willing to pay a respectable salary? I've seen job postings for anti-piracy positions at ??AA, and they're at the “must know PowerPoint” level, and mid five figures. That's going to get you nowhere.

    A four-person team of developer, ops person, lawyer, and _licensed_ PI could be self-sustaining on budget, maybe even operate in the black, if you paid more than chump change.

    Scale-free networks are disruptable, if you hit the right nodes instead of blindly flailing away at whatever your C-list anti-piracy guy comes up with.

  • http://www.techliberation.com Adam Thierer

    So you're saying that ISPs should never be required to divulge IP information about individual users when those users have potentially committed a crime? What's wrong with requiring them to do so after going through the appropriate legal / subpoena process? This seems like a fairly extreme position you are adopting here.

    No one has spent more time on this site defending anonymous speech and Section 230 immunities, but I have also noted that there are cases when laws have been broken and the veil of anonymity might have to be pierced to address it. So, to use your example, I would completely support Panera's right to offer anonymous web access to its users, and lawmakers should not demand identity authentication before users can access that site. If, however, someone discovered that a pedophile at that site was repeatedly engaging in attempts to prey on kids, there are procedures in place today that would allow law enforcement to take legal steps to discover who that person actually is and potentially prosecute them.

    So, when you say that “The Internet is just too big to pro-actively keep criminals off of it” and that bad guys “will still find untraceable ways to access the Internet,” this is no doubt true. But Tim, are you saying that there should NEVER be an attempt to root them out?

    Now, whether or not you want to take this approach for copyright is another matter, of course. But in your piece, you are sweeping everything together and saying that any effort to find bad guys of any sort is futile because it the Net makes it more difficult. And, therefore, we shouldn’t even bother trying.

    Again, that strikes me as fairly extreme position. Perhaps you wish to clarify it.

  • Ryan Radia

    My understanding is that the data logs which Boston University retained were by themselves incapable of conclusively tying a particular IP address to a particular user. Obtaining BU's IP logs through a subpoena, therefore, would not lead to the revelation of the identity of an accused John Doe copyright infringer. Therefore, if a copyright holder wanted to sue an infringing user on the BU network, I don't see how the suit could be filed unless the subpoena was granted while the infringing was still ongoing (rather than after the fact).

    Should BU retain its DMCA immunity from copyright infringement liability if it knowingly refuses to log data capable of connecting IP addresses to users?

  • http://zgp.org/~dmarti/ Don Marti

    Imagine if this was a spam problem, not infringement. Anti-spammers wouldn't take “we don't know which user did it” for an answer.

  • http://www.tc.umn.edu/~leex1008 Tim Lee

    Ryan is exactly right. If the ISP has information that allows it to definitely identify the person in question, it should be required to divulge the information after the proper legal process. I took Tom to be making the stronger claim that ISPs have a legal obligation to architect their networks so that they would always have the ability to identify the user responsible for particular network traffic. And he seemed to be saying that if the network owner doesn't do that, then the network owner itself should be liable for the crime. So if someone goes into a coffee shop and downloads kiddie porn, the FBI would hold the coffee shop owner responsible if they couldn't catch the downloader. That seems crazy to me. If Tom is not saying that then maybe you can straighten me out on exactly what he is saying.

  • Timon

    Adam,

    In the case of the paedophile you would conduct an investigation: find when it happened, look at local cc or ATM footage of people going in to panera with a laptop bag, interview staff, leave a number to call if the guy shows up again, conduct a serious investigation. Ie, do what you do when a serious crime is committed. Those kinds of measures do not make sense for file sharing. This is because people recognize child abuse as criminal, but not sharing music. There is a strange emergence of what might be called “libertarian royalism” on the (ever smaller) pro-IP side, whereby all decrees from DC have a deep moral significance even when they are drafted in flamboyantly corrupt circumstances and ignored by everyone. Our law should (and does, where it works) emerge from social norms, rather than try to impose new ones. If the age of consent was raised to 30, that would not retroactively make you a paedophile throughout college.

  • Tom Sydnor

    Tim, your characterizations of my beliefs and those of others at PFF are too obviously wrong to require any response. I do think it worth clarifying a few points, however.

    I did not argue that ISPs are or should be required by law to maintain IP-address records. But the law does state that those internet access providers who wish to avail themselves of the sweeping limitations on copyrights provided by 512(a) must take a few simple measures–like having and reasonably implementing a policy of terminating repeat infringers–that cannot be taken by an access provider who cannot reliably identify anyone. The law imposes no penalty upon ISPs who fail to qualify for 512(a); it simply declines to grant them a privileged status superior to that accorded to any other class of entities or persons.

    As to my claim that the London-Sire order has unfortunate implications for those seeking to enforce federal laws or rights other than copyrights, there is a difference between “making a scary argument” and “acknowledging reality.”

    Reality is simple: File-sharing networks are used by identity thieves, pedophiles, and terrorists. If failures to keep reliable IP-address records begin seriously compromising the investigation and prosecution of these types of users–(and, at least in the case of identity thieves and pedophiles, significant law-enforcement efforts are underway right now)–legal obligations will be imposed. ISPs have avoided that result so far, and BU could be compromising those efforts. And for what? Campus copyright piracy?

    Online privacy is a tremendously important issue, and I am very glad that people like Jim Harper and Adam are thinking seriously about it. But nothing will compromise the future of privacy on the Internet more effectively than dogmatic opposition to the legitimate needs of private or governmental law enforcement. For example, in 2006, a World Bank study calculated that intangible assets accounted for about 80% of the wealth of the developed world,and that “rule of law” accounted for about 57% of that intangible capital. I think it unlikely that anyone will be convinced that “rule of law” is an asset worth surrendering.

    Finally, Tim, I know that you have argued that we might not need copyrights because the costs and risks inherent in the private production of all major expression could be cross-subsidized in ways that would make them seem “free” to Internet users. Such claims are just too speculative and extreme too require much comment.

    Not even Professor Lessig goes so far. To the contrary, in his books Free Culture and Remix, he speculated that if the Internet does preclude copyright enforcement, then we must resume use of the means of subsidizing the production of expression that prevailed before effectively enforceable private rights became available–taxes levied by government officials who make “unavoidably vague” judgements about the value of private expression.

    So who is right, Lee or Lessig? To me, the great thing about the flexibility provided by an enforceable system of private property rights in expressive works is that it can let the producers who actually bear the relevant risks and cost sexperiment with a vast range of production methods–from profit-driven to open source. That way, the future of expression need not rest on anyone's guess about which set of speculations seem more credible at the moment.

    Thanks again for the comments. –Tom Sydnor

    By the way, I also agree with Don Marti: More attention needs to be paid to the vulnerability of these networks to disruption. Some of my own work focuses on this issue.

  • Timon

    Tom,

    Lawyers are trained to view complex questions and come up with balanced approaches to them — ie “balancing” privacy with police prerogatives and subpoenas. The technical world is rather the opposite; no matter how complex, an encryption algorithm, for example, either is or is not secure, and as soon as it isn't it really isn't. In a legal class it makes for good discussion to say, on the one hand, IP addresses should be private, except when they are used to commit a crime. In direct technical terms what this amounts to is a full surveillance state that is then ruled by court procedure: the law requires someone keep records of all mail or other communications, and then provide them to the authorities when told to. While under law there could be a protection of privacy, in technical terms there is absolutely no privacy, except that which the state decides to concede, the information it declines to look at but which is permanently stored on its orders and available for its inspection. It may seem to you that some people are just unwilling to split the difference and be reasonable, but it really is the case that where lawyers see gray others see black and white, with good technical reasons. There is no way to enforce copyright, for example, and allow anonymous speech online, as you seem to be picking up on. That is not because we are unwilling to be fair, it is a characteristic of information. There is a good discussion of that problem here. You can read Jaron Lanier's fascinating take on the same basic scientific fact here.

  • MikeRT

    Tim,

    I actually thought that Tom's post was a lot more moderate than you give him credit for. He is speaking from a lawyer's perspective, but certainly not from a totalitarian perspective here. The one area where he can be faulted for is that there is a wide chasm between what the law things can/should be done and what a given profession says can/should be done.

    Going back to the War on Drugs analogy, this is like the DEA's campaign against doctors who prescribe pain killers in large quantities. The DEA is certainly not professionally qualified to determine what is acceptable here, since it does not have the medical expertise to override the consensus of the medical field, but that hasn't stopped it from doing so even in cases where the professional consensus was that a very high level of pain killers was, in fact, medically justified.

    In the past, I've called out the PFF on how to actually implement their “free market, will be interchangeable, safe and cool DRM” hypothetical scenarios for DRM. Solveig at least tried to address it and had the intellectual honesty (which is commendable) to admit that she actually didn't have the slightest idea how you could have a modular, comprehensive, interchangeable, non-intrusive and secure DRM system. I suspect that a similar pie-in-the-sky thinking is at work here, since technically section 502, if strictly read, would probably make offering free wi-fi services that aren't rigorously monitored illegal and thus quash a whole host of features that many stores and restaurants provide to their customers, not to mention quashing anonymous speech.

  • MikeRT

    Tim,

    I actually thought that Tom's post was a lot more moderate than you give him credit for. He is speaking from a lawyer's perspective, but certainly not from a totalitarian perspective here. The one area where he can be faulted for is that there is a wide chasm between what the law things can/should be done and what a given profession says can/should be done.

    Going back to the War on Drugs analogy, this is like the DEA's campaign against doctors who prescribe pain killers in large quantities. The DEA is certainly not professionally qualified to determine what is acceptable here, since it does not have the medical expertise to override the consensus of the medical field, but that hasn't stopped it from doing so even in cases where the professional consensus was that a very high level of pain killers was, in fact, medically justified.

    This issue reminds of me of a similar incident. In the past, I've called out the PFF on how to actually implement their “free market, will be interchangeable, safe and cool DRM” hypothetical scenarios for DRM. Solveig at least tried to address it and had the intellectual honesty (which is commendable) to admit that she actually didn't have the slightest idea how you could have a modular, comprehensive, interchangeable, non-intrusive and secure DRM system. I suspect that a similar pie-in-the-sky thinking is at work here, since technically section 502, if strictly read, would probably make offering free wi-fi services that aren't rigorously monitored illegal and thus quash a whole host of features that many stores and restaurants provide to their customers, not to mention quashing anonymous speech.

  • MikeRT

    Tim,

    I actually thought that Tom's post was a lot more moderate than you give him credit for. He is speaking from a lawyer's perspective, but certainly not from a totalitarian perspective here. The one area where he can be faulted for is that there is a wide chasm between what the law things can/should be done and what a given profession says can/should be done.

    Going back to the War on Drugs analogy, this is like the DEA's campaign against doctors who prescribe pain killers in large quantities. The DEA is certainly not professionally qualified to determine what is acceptable here, since it does not have the medical expertise to override the consensus of the medical field, but that hasn't stopped it from doing so even in cases where the professional consensus was that a very high level of pain killers was, in fact, medically justified.

    This issue reminds of me of a similar incident. In the past, I've called out the PFF on how to actually implement their “free market, will be interchangeable, safe and cool DRM” hypothetical scenarios for DRM. Solveig at least tried to address it and had the intellectual honesty (which is commendable) to admit that she actually didn't have the slightest idea how you could have a modular, comprehensive, interchangeable, non-intrusive and secure DRM system. I suspect that a similar pie-in-the-sky thinking is at work here, since technically section 502, if strictly read, would probably make offering free wi-fi services that aren't rigorously monitored illegal and thus quash a whole host of features that many stores and restaurants provide to their customers, not to mention quashing anonymous speech.

  • Pingback: PFF Says BU Helps Terrorists By Not Handing Over Students To RIAA | The-Informer

  • Pingback: How to Astral Project Easily

  • Pingback: Psychic Readings

  • Pingback: Carol Christian

  • Pingback: wakeupnow

  • Pingback: Camfrog Hosting

  • Pingback: learn how to lose weight in two weeks youtube

  • Pingback: Total Hair Regrowth

  • Pingback: english premier league

  • Pingback: Exhibit,Exhibit Design,Exhibit Displays,Exhibit Booth,Exhibit Display,Trade Show Exhibit,Exhibit Booths,Exhibit Designer,Exhibit Rentals,Exhibit Rental,Exhibit Resources

  • Pingback: play candy crush saga

  • Pingback: Twitter Home

  • Pingback: check my video to discover how to win at roulette immediately

  • Pingback: http://www.youtube.com/watch?v=GytZwZBMO6k

  • Pingback: Volkswagen Edmonton

  • Pingback: Doctor Nurse Test

  • Pingback: nyc cleaning services

  • Pingback: on front page

Previous post:

Next post: