D2.2: Set of use cases and scenarios

Title: CASE N° 2: R.I.A.A. (RECORDING INDUSTRY ASSOCIATION OF AMERICA) VS. VERIZON & OTHERS.

Case n° 2: R.I.A.A. (Recording Industry Association of America) vs. Verizon & others.

The facts in the Verizon case are simple: the R.I.A.A., an organisation representing the music recording industry of America, tries to find and locate people that illegally upload copyrighted music files by using peer-to-peer networks. They access the per-to-peer networks and look for IP numbers from which copyrighted works are uploaded in the form of mp3 files. They do this in fact  to obtain civil damages and compensation.

So, the R.I.A.A. can only do this by identifying the IP-numbers of the computers from which the music is illegally uploaded. The R.I.A.A. then contacts the ISP’s and requests for the names and addresses of the physical persons that are behind those IP-numbers (the customers of the ISP’s). This gives rise to discussion about privacy, data protection and anonymity on the internet, especially in the case of peer-2-peer networks.  

A landmark case in this “war against copy” was R.I.A.A. vs. Verizon. In a first judgment in January 2003, the judge decided that Verizon was obliged to give to the R.I.A.A. the names of some subscribers who were accused of having infringed copyright law by uploading music through peer-2-peer networks. This created a storm of protest. This decision was however overruled by the Court of Appeal of Washington in December 2003, deciding that providers could only be obliged to give the identity of the alleged subscribers to the R.I.A.A. in the case of hosting, not in the case of mere conduit (peer-2-peer).

There are many cases like the above mentioned: Judges sometimes decided that the names of customers must be handed over, while in other cases they ruled that the identities of their subscribers should not be given. Since December 2003, R.I.A.A. filed more than 7000 lawsuits against anonymous persons for infringement of copyright law through online file sharing. An important consequence of these differences is that it leads to legal uncertainty.

These cases, however, raise some other interesting questions, such as: does the R.I.A.A. have the right to search on my PC for illegal content and illegal activities (whereas the Ouvaton case was about (illegal) information on a public website ; are software programs and websites which reveal IP-numbers legal, even if they don’t reveal the physical persons which are behind those IP’s (whereas the Ouvaton case was based on know Ip-numbers, you need some special software to find the IP-numbers behind peer-2-peer databases; and, do the ISP providers have the right to provide my identity (this is the same question as in the Ouvaton case)?  

We can have an intermediate conclusion after these two cases: Firstly, ISP’s can provide personal data like IP numbers of their customers only upon a court order in a criminal matter. Secondly, there is legal uncertainty whether yes or no your personal data can be provided to a third party because the judgements can differ from each other.  

Now one could tackle the problems of providing (parts of) identities to third parties (by ISP’s) without the consent of the person-to-identify by putting in the general terms and conditions of the ISP’s that the names and addresses of the customers can be handed over to third parties if there is to the opinion of the ISP a reasonable indication of illegal activity. According to the law: Yes. But should this be reasonable? Should there be no data protection law or consumer protection law that prohibits these terms and conditions?