Opinion As the war over P2P downloading heats up, and the record companies launch the novel marketing technique of suing their customers, I think it is an appropriate time to settle some of the pervasive myths about U.S. copyright law which fuel both sides of the debate, writes Mark Rasch, SecurityFocus columnist and former head of the Justice Department's computer crime unit.
The current state of the battleground is that the RIAA, having lost a lawsuit against Kazaa, Morpheus and others for copyright infringement, and having won a lawsuit against Verizon, is actively pursuing subpoenas against various ISPs to force them to pony up the names and addresses of the uploaders and downloaders themselves.
Several universities have invoked a federal law aimed at preventing the release of student academic records (and significantly narrowed by both the USA-PATRIOT Act and the U.S. Supreme Court last year) to refuse to provide information on their students' downloading activities to the RIAA. Meanwhile, the P2P providers, large and small, in an effort to provide "customer service," are utilizing a variety of anonymizing techniques -- including proxy servers, encryption, and various UDP ports -- to help prevent the RIAA from successfully subpoenaing these records. Undaunted, the RIAA has vowed a full-scale assault -- even against those who share a single copyrighted song.
All of these battles are against the backdrop of U.S. copyright law, which provides some protection to the "author" of an original work that is fixed in any tangible medium of expression. But there seems to be a great deal of confusion about the scope of protection under this law.
The U.S. Constitution permits Congress "to promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries." Under intensive lobbying by the movie, publishing and recording industries, Congress has nudged that "limited" time from the original 17 years in 1789, to the publisher's life plus 75 years today -- a time limit that the U.S. Supreme Court recently approved.
For this "limited" time, Copyright law essentially grants the author the exclusive rights to copy or reproduce the work, make derivative works, distribute copies of the work (sell, give away, lease or license), and to perform the work, and, of course, to keep others from doing the same.
Simple enough? Not hardly.
Theft vs. Copying
The RIAA, MPAA and copyright holders describe P2P users as "pirates" - invoking images of swashbuckling pre-teens hauling up the Jolly Roger and stealing intellectual property in the dead of night. New ads announced by MPAA President Jack Valente impress the idea that "copying is stealing" and that someone who burns MP3s is no different from those who slip a CD under their shirt at the local Tower Records.
But technically, file sharing is not theft.
A number of years ago, the U.S. Supreme Court dealt with a man named Dowling, who sold "pirated" Elvis Presley recordings, and was prosecuted for the Interstate Transportation of Stolen Property. The Supremes did not condone his actions, but did make it clear that it was not "theft" -- but technically "infringement" of the copyright of the Presley estate, and therefore copyright law, and not anti-theft statutes, had to be invoked.
So "copying" is not "stealing" but can be "infringing." That doesn't have the same sound bite quality as Valente's position.
Complicated matters further, copying is not always infringing. If the work is not copyrighted, if you have a license to make the copy, or if the work is in the public domain, you can copy at will. Also, not all "copies" are the same. Say you buy a CD and play it on your computer -- technically, you have already made a "copy" onto the PC in the process of playing it, but that's not an infringement.
Making an archive copy is okay too, as long as your retain the original. What about a transformative copy -- say, making an MP3 out of a CD? You can do that, so long as you retain the original work. If the original CD get scratched, damaged or lost, you can probably burn the MP3 back to a CD (sans the really "sucky" titles), but this is not entirely clear.
So the RIAA and MPAA's claims that all "copying" is "stealing" are much overhyped.
But so too are the claims some swappers make that, simply because I bought a particular CD at some time in the past (or really, really thought about buying it), I now have the inherent right to share it with all my friends (even the ones I have never met in Singapore, Malaysia and Eastern Europe).
Fair and Unfair Use
The RIAA and MPAA also claim that if I download a song that I don't own, it's an infringement. This too is not always the case. The law recognizes that many uses of copyrighted works -- even without the permission of the copyright holder -- are not an infringement. While there is no "right" as such to make a fair use, the making of such a use is not an infringement.
Thus, if you make copies for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, it is not an infringement of the copyright, even if the copyright holder does not want you to do so.
This isn't black and white, of course. In deciding whether a use is fair or not, courts will consider a number of factors: Did you make the copies for commercial purposes? Does the copy deprive the copyright holder of revenues? Did you copy all, or substantially all, of the work, or just a small portion? The less of the work copied, the less commercial and the less impact on the copyrighted work, the more likely it is to be considered "fair."
So when you sing "Happy Birthday" to your mom, you don't owe a royalty to Mildred and Patty Smith Hill (they own the copyright), but when it is performed in a movie, you do see a credit roll.
The problem for the RIAA and MPAA is that all they can see is that someone is copying a work -- they cannot tell the purposes for which the work is being copied. Therefore, when they sign an affidavit to get a subpoena alleging a copyright "infringement," all they really know is that a copy has been made, not that an infringement has occurred.
So your geeky brother uses your Mac Powerbook to download his songs. Are you liable? Maybe.
The law imposes four kinds of liability for infringement. The simplest is direct infringement -- meaning you or somebody under your direct control (your agent) actually infringes. A second type of infringement is contributory infringement or vicarious infringement -- you aid someone else's infringing activities, or you profit from their infringement and have the ability to control them. It is this theory that makes owners of P2P networks potentially liable.
A third category of infringement is implicated if you provide the technology to aid the infringement (e.g., the Sony Betamax case.) In that case, you are liable for the infringement others do with your technology, unless there is a "substantial non-infringing use" for your technology (e.g., time shifting TV shows.) Finally and most recently, the DMCA creates a new "circumvention" liability" -- creating or disseminating technologies that are designed to circumvent a technological measure protecting a copyrighted work.
The last type does not even require that there be an infringement -- just the dissemination of technology that could permit access to the work, even if the access is for a non-infringing purpose.
For P2P networks themselves, the law is not clear whether their activities are infringing. A Federal Circuit Court in Illinois held Aimster liable as contributing to the infringing uses of their subscribers or users, while a Federal Court in California came to the contrary conclusion with respect to Kazaa and others.
For users of P2P networks, the actual liability is likewise turbid. If you download a single copy of a copyrighted work, for your personal listening, you probably have committed an infringement (unless you fit within the fair use exception, e.g., you are copying it for criticism, or literary purposes). If you What if you download the file and it sits unplayed on your computer while others download it from you? Who is the infringer: you, them, or all of the above? Under current caselaw, probably all of you.
What if you upload a song from your CD collection to the P2P network (assuming the initial transformative copy is permitted). While you have not made an infringing copy, you have aided other uses of the P2P network in making infringing copies, and may be held liable. If you tell others how to find copyrighted works, that too could result in contributory liability. And your dumb brother using your computer? If you knew the works were there, and had the ability to prevent the copying, you run a risk that you have liability.
The law gives copyright holders a lot of power. Then can seize your computer. They can get an injunction ordering you to stop. They can get statutory damages in excess of $150,000 per copy or actual damages based upon the total number of copies that can be attributed to the P2P posting (so you can be held liable for all the subsequent downloads). You can be forced to pay their attorney's fees and costs.
They can subpoena your name, address, telephone number, and subscriber information from your ISP even without filing a lawsuit, and find out all of the music you have been downloading, and possibly the websites you have been visiting.
And, yes, you can go to jail for infringement, even if you just downloaded a single song, so long as the "value" of the copies made of the work over a six month period exceeds $1,000. So, if you assume that the individual "song" has a value of $2 (one-tenth the cost of the $20 CD), a mere 500 downloads are enough to make you liable. And these downloads don't necessarily have to come from your machine. If another person downloads the song from you, you may be responsible for the downloads that person permits.
I say, "may," because the law is not yet clear on this. Look for that to change as the war over digital music continues.
SecurityFocus columnist Mark D. Rasch, J.D., is a former head of the Justice Department's computer crime unit, and now serves as Senior Vice President and Chief Security Counsel at Solutionary Inc.
Sponsored: Webcast: Ransomware has gone nuclear