Privacy Law and Policy Reporter
Anonymity of internet users overcomes monopoly of intellectual property owners
James Lawrence and Henry El Hage MALLESONS STEPHEN JAQUES
The recent decision by the US Court of Appeals for the District of Columbia Circuit in Recording Industry Association of America v Verizon provides a major setback for the record industry’s efforts to thwart the illegal distribution of copyrighted music online. The Court concluded that the subpoena provisions of the Digital Millennium Copyright Act 1998 (US) (DMCA) have no application to peer-to-peer (P2P) communication. Reversing the District Court’s decision, it also held that the terms and structure of the DMCA precluded the issue of subpoenas to internet service providers (ISPs) for the identification of individuals using P2P software. The effect of the decision will be to compel the Recording Industry Association of America (RIAA) to pursue ‘John Doe’ actions against alleged infringers, a process fraught with difficulties and ultimately more expensive. It will also allay some of the privacy concerns of ISPs and users, such as subscriber confidentiality and user anonymity, respectively. Nevertheless, the decision exemplifies the way in which the persistent growth in technology can impede the efforts of lawmakers seeking to legislate for the protection of intellectual property rights.
P2P communication was brought to the fore following a series of high profile suits involving Napster, where recording companies and music publishers obtained injunctions against Napster’s facilitating the sharing of MP3 files through the use of its stand-alone program. Prior to the advent of P2P technology, most music and software copyright infringement occurred generally when users downloaded infringing material directly from websites or file transfer protocol (FTP) sites. In terms of prevention, it was relatively simple for the music industry to ensure that these sites were disabled. Current P2P system structure is manifestly different, most obviously in the decentralised spread of content and users.
While Australian courts have not considered the issue of copyright infringement through the use of P2P technology, it has been notoriously difficult for copyright owners in the US to stop the use of these decentralised programs. This trend has forced the RIAA to direct its anti-infringement efforts against individual users of P2P file sharing programs. The process of identifying an individual for the purposes of filing copyright infringement proceedings involves two major steps. First, the user’s IP address must be obtained through the P2P software, a relatively simple procedure. Second, armed with an IP address, the RIAA then approaches the relevant ISP with the aim of compelling the ISP to release the name and subscription details of the alleged infringer. In the present case, this information was sought under subpoena from Verizon Internet Services (Verizon), an ISP, under § 512(h) of the DMCA.
§ 512(h) of the DMCA
The RIAA has relied on the subpoena provisions of § 512(h) to compel a number of ISPs to supply the relevant user details sought and thus enable proceedings to be filed. This section creates a mechanism whereby a copyright owner may seek to identify an alleged infringer who would ordinarily remain anonymous. The terms of § 512(h) require a clerk of any US District Court in receipt of notification from a copyright owner to issue a subpoena to a service provider ‘[i]f the notification filed satisfies the provisions of subs (c)(3)(A), the proposed subpoena is in proper form, and the accompanying declaration is properly executed’. Thus, a precondition to the issue of a subpoena is the inclusion of a notification that satisfies the provisions of § 512(c)(3)(A). Once issued, the subpoena functions to compel the ISP to disclose to the copyright owner ‘information sufficient to identify the alleged infringer of the material described in the notification to the extent such information is available to the service provider’.
Subsection (c) is one of four provisions under § 512 of the DMCA, which create safe harbours for ISPs, ‘each of which immunizes ISPs from liability for copyright infringement under certain highly specified conditions’: Verizon at 7. Under § 512(c), an ISP can escape liability for infringement of copyright occasioned by a user’s storage of material that resides on a system or network controlled or operated by or for the service provider. However, in order to avail itself of such protection the ISP must meet the conditions specified under § 512(c)(1)(A), (B) and (C), including lack of knowledge in respect of the infringing material and the expeditious removal of any such material following notification of claimed infringement in accordance with para (3). For a valid notification under § 512(c)(3), it must be communicated in writing to the service provider or its agent and must include:
• identification of the copyrighted works claimed to have been infringed, or, if multiple copyrighted works at a single online site are covered by a single notification, a representative list of such works at that site; and
• identification of the material that is claimed to be infringing or be the subject of infringing activity and that is to be removed or access to which is to be disabled, and information reasonably sufficient to permit that service provider to locate the material.
District Court proceedings
On 24 July 2002, the RIAA served Verizon with a subpoena issued pursuant to § 512(h) seeking to identity a Verizon subscriber whom the RIAA believed was engaged in illegal file sharing. The subpoena was for ‘information sufficient to identify the alleged infringer of sound recordings described in the attached notification’. The notification identified the IP address of the Verizon subscriber and the 800 MP3 songs that he had offered to other P2P users, and specifically requested from Verizon ‘that you remove or disable access to the infringing sound files via your system’. Verizon refused to comply with the terms of the subpoena and the RIAA filed a motion to compel production.
Verizon opposed the motion in the District Court on the grounds that § 512(h) does not apply to a service provider acting merely as a conduit in the process of P2P users engaging in file swapping. It argued that the alleged infringing material was not located on Verizon’s servers, but rather on the individual user’s personal computer. The District Court rejected Verizon’s arguments based on ‘the language and structure of the statute, as confirmed by the purpose and history of the legislation’.
Following this decision, the RIAA obtained a second § 512(h) subpoena requiring production from Verizon. Verizon then moved to quash the subpoena on the basis that the District Court lacked jurisdiction under Art III of the US Constitution to issue the subpoena or in the alternative that § 512(h) violates the First Amendment. These constitutional arguments were also rejected by the District Court. Verizon was ordered to disclose the identity of the subscriber whose details were sought. Verizon subsequently appealed the two orders of the District Court to the US Court of Appeals, where both appeals were consolidated.
US Court of Appeals — District of Columbia Circuit
The primary issue on appeal was whether the provisions of § 512(h) apply to an ISP acting merely as a conduit for data transferred between internet users. The Court was unanimous in concluding that the question should be answered in the negative. It found that the terms and structure of § 512 led to the conclusion that a subpoena may be ‘issued only to an ISP engaged in storing on its servers material that is infringing or the subject of infringing activity’. Thus, an ISP acting merely as a conduit is not caught by the terms of § 512(h) of the DMCA because the copyright owner cannot satisfy the elements of prerequisite notification under § 512(c)(3)(A).
The Court commenced its analysis by examining the provisions of § 512 of the DMCA. In identifying the four safe harbours created by § 512(a)-(d), the Court alluded to the variation in the legislative terms and structure of each subsection. Of particular importance was the absence from § 512(a) of the stipulation that the ISP respond ‘expeditiously to remove, or disable access to, the material that is claimed to be infringing’ as a condition of the ISP’s protection from liability. The absence of such a provision served to reinforce Verizon’s argument that the variation in terms and structure of § 512(a)-(h) exemplified the disparity between the operation and application of each subsection. Moreover, because subs (a) deals with the protection from liability in respect of transitory digital network communications, the legislature’s failure to include a condition stipulating removal of material or the disabling of access provides support for the view that Congress did not intend for § 512(h) to apply to a service provider operating in circumstances where it is transmitting, routing, or providing connections for infringing material.
The discrepancy between the terms of § 512(a)-(d) was germane to the argument advanced by Verizon. Clearly, Congress’ recognition of the different activities undertaken by an ISP was exhibited in the specificity with which protection from liability is conditioned under each subsection. Thus, according to Verizon’s submission, the requirement that a request for the granting of a subpoena under § 512(h) contain a notification in accordance with § 512(c)(3)(A) exhibits a manifest intention on the part of the legislature to allow such a grant only in circumstances where the ISP has control over the material said to be infringing. Clearly, no such control exists in the case of P2P communications.
The Court was prepared to accept this aspect of Verizon’s argument. Delivering the opinion of the Court, Ginsburg CJ observed that the submission was supported not only by the terms of § 512, but also by the structure of the section. The three judges on appeal agreed unanimously that ‘the presence in § 512(h) of three separate references to § 512(c) and the absence of any reference to § 512(a) suggests the subpoena power of § 512(h) applies only to ISPs engaged in storing copyrighted material and not to those engaged solely in transmitting it on behalf of others’: Verizon at 12. The susceptibility of ISPs to the notice and take down regime in § 512(b)-(d) is contingent on the service provider’s storage functions, as described in § 512(c). The Court was of the view that there existed a disparity between the transmission and storage functions of an ISP. This, in conjunction with the cross-referred subsection § 512(c)(3) in § 512(b)-(d), ‘demonstrate that § 512(h) applies to an ISP storing infringing material on its servers in any capacity — whether as a temporary cache of a web page created by the ISP per § 512(c), or as an information locating tool hosted by the ISP per § 512(d) — and does not apply to an ISP routing infringing material to or from a personal computer owned and used by a subscriber’: Verizon at 13.
A more pungent submission advanced by Verizon concerned the satisfaction of the elements under § 512(c)(3)(A). It argued that the two subpoenas obtained by the appellees fail to satisfy the requirements specified under § 512(c)(3)(A), particularly the stipulation under subs (c)(3)(A)(iii) that the copyright owner identify the material to be removed or access to which is to be disabled by Verizon. The cogency of Verizon’s submission depended on the Court accepting the contention that the expression ‘material to be removed’ is to be construed as material to be removed by the ISP. Verizon argued that this particular construction is derived inexorably from the terms of subs (c) which deals with material in storage on Verizon’s servers. The failure by the RIAA to identify material that could be removed by Verizon was in breach of the requirement under § 512(h)(4) that notification in accordance with § 512(c)(3)(A) be provided as a pre-condition to the issue of the subpoena.
In its response, the RIAA focused on the disjunctive expression used in the phrase ‘material to be removed or access to which is to be disabled’. It argued that an ISP can in fact ‘disable access’ to infringing material by terminating the subscriber’s account. In contrast to Verizon, the RIAA’s argument rested on the Court construing the expression ‘material to which access is to be disabled’ as reference to material per se, rather than that which is stored on the ISP’s network or system.
The argument was rejected by the Court. After noting the legislature’s distinction between the prevention of access to the infringing material and the termination of access to a subscriber, the Court concluded that the terms of the DCMA pointed to a construal of the expression ‘material to which access is to be disabled’ as material residing on networks controlled by Verizon. The discrepancy between the two forms of remedy reinforced the view that the reference to ‘material’ in § 512(c)(3)(A)(iii) was not to be construed in the abstract. Clearly the ISP cannot disable access to material over which it has no control. Nor, for that matter, can the ISP ‘remove’ material not stored on its systems or network. The terms of the statute were fatal to the RIAA’s submission.
An alternative argument put forward by the appellee focused on the terms of § 512(c)(3)(A)(iii) which stipulated that notification under subs (c)(3)(A) is effective if it ‘includes substantially’ the required information. Thus, even if the requirement under subs (c)(3)(A)(iii) isn’t completely satisfied, the standard can be satisfied nevertheless, if the other elements in § (c)(3)(A)(i)-(ii) and (iv)-(vi) are notified. According to the RIAA, because the fundamental purpose is the identification of alleged infringers, notification should be deemed sufficient so long as the ISP can identify the infringer from the IP address provided in the subpoena.
The Court again dismissed the RIAA’s contention. In the absence of any definition in the DMCA, the Court relied on Congress debates in considering the RIAA’s argument in respect of the expression ‘includes substantially’. The Senate and House reports stated that the expression ‘includes substantially’ should be construed to mean only ‘technical errors ... such as misspelling a name’: Verizon at 11. The defect in the RIAA’s notification was more than mere technical error. It failed to comply with the requirements of notification as set out under subs (c)(3)(A). More to the point, the RIAA’s notification identified ‘absolutely no material Verizon could remove or access to which it could disable, which indicates to us that § 512(c)(3)(A) concerns means of infringement other than P2P file sharing’.
The Court of Appeal was also not willing to entertain the RIAA’s third argument which postulated that the definition of the expression ‘internet service provider’ in § 512(k)(1)(B) renders § 512(h) applicable to an ISP irrespective of what function it performs in respect of material said to be infringing. This submission mirrored the approach taken by the judge at first instance. However, on appeal, the Court opined that this argument ‘borders upon the silly’. The Court’s recognition of the disparity in functions of an ISP rendered the rejection of the RIAA’s submissions ineludible. Regardless of the definition of ISP, ‘the validity of a § 512(h) subpoena still depends upon the copyright holder having given the ISP, however defined, a notification under § 512(c)(3)(A)’: Verizon at 11.
In reaching its conclusion, the Appeals Court was aware fully of the ramifications of its decision. The appellee’s concerns regarding the infringing activities of some online users were not overlooked in the Court’s judgment. However, the Court was conscious of its task to give effect to the statutory language. It was the terms of the Act from which the purpose of the legislation was to be derived. Thus in the absence of any ambiguity, it was unnecessary to resort to legislative history. In keeping with well established rules of statutory construction, the intent of parliament is to be derived from the terms of the statute.
Notwithstanding this conclusion, the Court of Appeal noted that an examination of Congress debates revealed that P2P communication was never considered by the legislature when the DMCA was passed. The legislative history disclosed that there was ‘no awareness whatsoever that internet users might be able directly to exchange files containing copyrighted works’: Verizon at 14. The legislature’s unawareness of P2P technology at the time of enactment served to undermine the RIAA’s argument. Quite simply, ‘nothing in the legislative history supports the issuance of a § 512(h) subpoena to an ISP acting as a conduit for P2P file sharing’: Verizon at 15.
ISP subscriber information
The music industry will view the Court of Appeals’ decision as a major set back in its incessant crusade to identify and prosecute alleged infringers of copyright. Given the difficulty of pursuing ‘John Doe’ proceedings, there is little doubt that the industry will lobby Congress to amend the DMCA. Certainly, on the view taken by the Court of Appeal, P2P software users will continue to avail themselves of the relative privacy afforded by such program as Kazaa or Grokster, sharing material with other users in relative anonymity. Service providers have also been relieved from the seemingly burdensome duty and potentially precarious situation of having to reveal subscriber information to third parties, at least in respect P2P users.
The DMCA, perhaps seeking to strike a balance between ISPs and copyright owners, and in exchange for ISP safe harbour, provides copyright owners with a statutorily enshrined procedure to identify alleged online infringers. However, the availability of subpoenas under § 512(h) of the DMCA exemplifies the legislature’s apparent disregard for any individual user’s privacy concerns in favour of the interests of copyright owners. While the Court’s analysis revealed that Congress did not directly consider the issue of P2P communication, the insertion of § 512(h) demonstrates that online privacy was simply not a factor pervading the thoughts of the drafters.
Nevertheless, Congress’ venial failure to consider P2P software serves to demonstrate the impediment often faced by legislatures seeking to prevent the abuse of intellectual property rights. The proliferation of previously unfathomed online technology has helped users in their bid to escape the fetters of § 512(h) of the DMCA. More importantly, by evading the terms of the DMCA, it has brought to the fore the vexed issue of user online privacy. Debate will long persist as to the anonymity with which internet users should operate vis a vis the right of intellectual property owners to exploit their monopoly. In the interim, Verizon has clearly breathed life into the crusade of user anonymity. l
James Lawrence, Solicitor, Mallesons Stephen Jaques and Henry El Hage, Solicitor of the Supreme Court of NSW.
. Record Industry Association of America Inc v Verizon Internet Services Inc 2003 US App LEXIS 25735.
. See A&M Records Inc v Napster Inc  USCA9 232; 284 F 3d 1091 (9th Cir 2002) and A&M Records Inc v Napster Inc  USCA9 92; 239 F 3d 1004 (9th Cir 2001).
. See Metro-Goldwyn-Mayer Studios Inc v Grokster Ltd  USCA9 554; 259 F Supp 2d 1029 (CD Cal 2003).
. Re Verizon Internet Services Inc 240 F Supp 2d 24 at 45 (DDC 2003).
. The other two judges on the panel were Robert Circuit Judge and Williams Senior Circuit Judge.
. See Columbia Insurance Company v Seescandy.com 185 FRD 573 (8 March 1999).