The Sound and the Fury
BU professors say suing students won’t cure record industry’s blues| From Perspectives | By Chris Berdik
Illustration by Christoph Niemann
Last summer, lawyers for two Boston University students charged with online music piracy needed an expert witness. The students were being sued by the Recording Industry Association of America (RIAA), which represents most major record labels and believes that music piracy threatens the heart of a creative industry. Its copyright enforcement efforts have tagged thousands of college students as lawbreakers and spawned legislation that could force universities to crack down on their students’ computer network use or risk losing federal financial aid funding.
The lawyers for the BU students turned to Azer Bestavros, a College of Arts and Sciences computer science professor, who along with Leo Reyzin, a CAS associate professor of computer science, has spoken out publicly against the association’s increasingly aggressive tactics. Bestavros believes that the RIAA has the right to prosecute copyright infringers. But he and Reyzin contend that the group’s enforcement methods are inexact and counterproductive and that copyright laws themselves are out of sync with the realities of computer technology.
Bestavros provided sworn testimony in the case against the students, which remains before the court as of this writing. It is just one battle in a war over music sharing that — contrary to what many believe — did not end in 2001 when a court order brought down Napster. In fact, the fight over downloads grows only fiercer as more decentralized peer-to-peer (P2P) services sprout up, broadband connections make file swapping faster and easier, and the era when music had to be bought on CDs (or dubbed onto cassettes) fades from memory.
A Litigation Campaign
The RIAA has sued about 100 BU students since fall 2004, according to the University’s Office of the General Counsel. In the case that brought the computer scientists into the digital copyright debate, the RIAA charged that the BU students were distributing copyrighted material by joining a P2P service and putting songs into shared folders on their computers, thereby making the music available to every member of that P2P network.
The RIAA compiles such charges by hiring an Internet security firm to stake out P2P sites, such as LimeWire, and to pose as just another user looking for some free tunes. When the security firm finds a shared folder containing copyrighted music, it downloads copies and logs the day, time, and the IP address (an identifier for computers or routers in a network) of the machine that serves up the goods, thereby sealing the distribution charge.
When BU’s Information Technology receives notifications of infringement from RIAA security contractors, it forwards them to the network users in question. BU is fifteenth on the list of the twenty-five universities receiving the most cease-and-desist notices from the RIAA.
The next step up on the RIAA’s enforcement ladder is the prelitigation letter. The association began sending these letters in February 2007 at a rate of about 400 a month; BU students have received about 125 of them, warning alleged copyright infringers of the possibility of a lawsuit unless those accused agree to an out-of-court settlement of between $3,000 and $6,000.
Then comes the lawsuit itself. Before it can sue for damages — the minimum penalty is $750 per song — the industry group must subpoena universities for the names of students registered to the IP addresses identified in its sweeps of P2P sites.
While the RIAA maintains that its litigation campaign is an effective deterrent, Bestavros and Reyzin say it’s capricious. They argue that the practice of identifying computer users by IP address is too unreliable to use as a basis for prosecution, because these addresses are linked to computers or routers, not to people. Wireless connections, for instance, can put multiple users online through a single IP address. And while BU forbids wireless routers in its residential network, and University network guidelines state that registered users are responsible for any use of their account, Bestavros says a tech-savvy student could relatively easily “spoof an innocent student’s computer address” in order to file share.
“I would be very concerned about accusing somebody with a one in a thousand probability that I’m wrong,” he says. “This is not like DNA evidence.”
Plus, Bestavros says, rather than stopping file sharing, RIAA enforcement is simply accelerating the adoption of technologies that are more difficult to track and increasing the use of more private networks, such as e-mail or instant messaging, to share music.
Then there’s the question of why the RIAA focuses so much on college students. RIAA spokesperson Cara Duckworth says that research indicates that a disproportionate amount of music sharing is being done on college campuses. She cites a 2006 survey by the college market research firm Student Monitor in which more than half of student respondents said they download illegally.
At least one BU student who has been pursued by the RIAA believes the industry targets college students because they are easy to scare. In February, Paul Sawaya (CAS’10) received a 200-page demand from the RIAA that he shut down the “Jukebox” application he’d created for Facebook, which allowed people to post a playlist of links to music hosted on another site. After seeking legal advice and finally tracking down an RIAA representative, Sawaya learned that he could keep the application active if he deleted links to songs that the RIAA listed as protected by copyright.
“The RIAA played on my ignorance of the law, hoping that I would just shut down my site,” he says.
A Piracy Predicament
Of course, exactly what digital copyright law allows is still being hashed out in the courts. The RIAA initially claimed that it could prove that the music files hosted by the BU students were themselves illegal copies. Bestavros disagreed, writing in a sworn statement last July, “It is not possible to distinguish between a music file obtained from a licensed, legal source (e.g., original CD) and the same music file obtained illegally (e.g., through file sharing).”
The RIAA’s other charge, that the BU students were distributing copyrighted music simply by making the files available online, has met with different responses in different courts. But Bestavros and Reyzin worry about the implications of prosecuting people for “making available” copyrighted material. After all, Reyzin noted at a recent BU panel discussion on digital copyright, “the main purpose of a computer is to copy and move information from place to place.”
Reyzin and Bestavros are also critical of federal legislation supported by the RIAA that would push universities to institute either subscription-based music services or more aggressive filtering of P2P traffic on their networks or risk losing federal financial aid funding. As of this writing, that legislation has passed the House and is being considered by a Senate committee.
Not only do such mandates require a huge investment in technology and personnel, Bestavros says, but deputizing school administrators as copyright enforcers puts a university in “a weird position” — policing rather than educating its students.
The bottom line, Bestavros argues, is that the industry can’t enforce its way out of its piracy predicament. Continued attempts to do so will spur the development of new file-sharing networks and new means to encrypt and cloak network user identity, leading to an Internet “arms race” with plenty of collateral damage — falsely accused students, improperly filtered online communication, wasted resources, and stifled innovation — but no solution to illegal downloads. To truly end music file sharing that way, Bestavros says, “you’re going to have to cut the wire.”