File-Sharing Friction

The call came last summer. Lawyers for two Boston University students charged with online music piracy by the Recording Industry Association of America (RIAA) needed an expert witness, and they asked Azer Bestavros, a College of Arts and Sciences computer science professor, who provided sworn testimony against a technical underpinning of the case against the students. Bestavros and other computer scientists contend that the RIAA’s enforcement methods are inexact and counterproductive and that copyright laws themselves are out of sync with the realities of computer technology.

The case, which remains before the court, is just one battle in a war over music-sharing that contrary to what many believe, did not end in 2001 when a court order brought down Napster. In fact, the fight over downloads grows only fiercer as more decentralized peer-to-peer P2P services sprout up, broadband connections make file-swapping faster and easier, and the era when music had to be bought on CDs (or dubbed onto cassettes) fades from memory.

The RIAA, which represents most major record labels, says music piracy threatens the heart of a creative industry. Critics argue that the recording industry needs to develop a new business model for the digital age. Bestavros believes that the RIAA has the right to prosecute copyright infringers, but he and Leo Reyzin, a CAS associate professor of computer science, have spoken out publicly against the association’s increasingly aggressive copyright enforcement tactics. Those efforts have tagged thousands of college students as lawbreakers and spawned legislation that could force universities to crack down on their students’ computer network use or risk losing federal financial aid funding.

The case that brought the professors into the digital copyright debate involves RIAA charges that the BU students were distributing copyrighted material by joining a P2P service and putting songs into shared folders on their computers, thereby making the music available to everyone on the network.

According to Crystal Talley, an associate general counsel at BU, the RIAA has sued about 100 BU students since fall 2004. But before it can sue for damages (the minimum penalty being $750 per song), the industry group must subpoena universities for the names of students registered to the IP addresses identified in sweeps of P2P sites it commissions.

And well before things reach the level of a lawsuit, RIAA security contractors e-mail notifications of infringement to BU’s Office of Information Technology, which forwards them to network users. BU is number 15 on RIAA’s list of universities receiving the most cease-and-desist notices.

BU students have also received about 125 prelitigation letters, the next step up on the enforcement ladder from notices; the RIAA began sending these letters in February 2007 at a rate of about 400 per month. The letters warn alleged infringers that the industry intends to subpoena the University for their names and sue for copyright infringement unless those accused agree to an out-of-court settlement of between $3,000 and $6,000.

Although the RIAA maintains that its litigation campaign is an effective deterrent, Bestavros and Reyzin say it’s capricious and counterproductive. They argue that the RIAA’s practice of identifying computer users by the IP address is too unreliable to use as a basis for prosecution because these addresses are linked to computers or routers, not people. Wireless connections, for instance, can put multiple users online through a single IP address. And while BU forbids wireless routers in its residential network and University network guidelines state that registered users are responsible for any use of their account, Bestavros says a tech-savvy student could relatively easily “spoof an innocent student’s computer address” in order to file-share.

“I would be very concerned about accusing somebody with a one in 1,000 probability that I’m wrong,” he says. “This is not like DNA evidence.”

Plus, Bestavros says, RIAA enforcement is simply accelerating the adoption by file-sharers of technologies such as layered Tor networks that are more difficult to put under surveillance.

Justin Kaufman (CAS’09), a member of the Student Union technology committee, says that among the students he knows the P2P crackdown also increases the use of more private file-sharing methods, such as e-mail or instant messaging. “It’s become more of a social phenomenon,” says Kaufman. “It’s not just sharing with the world anymore.”

Then there’s the question of why the RIAA focuses so much on college students. RIAA spokesperson Cara Duckworth says that research indicates “that a disproportionate amount of music-sharing is being done on college campuses.” She cites a 2006 survey by the college market research firm Student Monitor, in which more than half of student respondents said they download illegally.

At least one BU student who has been pursued by the RIAA believes the industry targets college students because they are easy to scare. In February, Paul Sawaya (CAS’10) received a 200-page demand from the RIAA that he shut down the “Jukebox” application he’d created for Facebook, which allowed people to post a playlist of links to music hosted on another site. After seeking legal advice and finally tracking down an RIAA representative, Sawaya learned that he could keep the application active if he deleted links to songs the RIAA listed as protected by copyright.

“The RIAA played on my ignorance of the law, hoping that I would just shut down my site,” he says.

Of course, exactly what digital copyright law allows is still being hashed out in the courts. The RIAA initially claimed that it was able to determine that the music files hosted by the BU students were illegal copies. Bestavros disagreed, writing in a sworn statement last July, “It is not possible to distinguish between a music file obtained from a licensed, legal source (e.g., original CD) and the same music file obtained illegally (e.g., through file sharing).”

The RIAA’s main charge, that the BU students were distributing copyrighted music simply by making the files available online, has met different responses in different courts. However, Bestavros and Reyzin worry about the implications of prosecuting people for “making available” copyrighted material. After all, Reyzin noted at one of two April panel discussions on digital copyright sponsored by BU’s Dean of Students Office, “the main purpose of a computer is to copy and move information from place to place.”

Reyzin and Bestavros are also critical of federal legislation supported by the RIAA that would require universities to institute either subscription-based music services or more aggressive filtering of P2P traffic on their networks or risk losing federal financial aid funding. That legislation has passed the House and is being considered by a Senate committee.

Not only do such mandates require a huge investment in technology and personnel, Bestavros says, but deputizing school administrators as copyright enforcers puts the University in “a weird position” — policing rather than educating its students.

Bestavros emphasizes that he doesn’t believe BU itself should take a position in this debate. After all, he says, “we’re a diverse institution with many opinions.” Still, he would like to see the University get “ahead of the curve” in terms of discussing the implications of digital copyright laws and new business models that could duly compensate copyright holders while allowing online consumers the information access and freedom they cherish.

Several alternatives have already been proposed by places such as the Electronic Frontier Foundation, a San Francisco–based digital rights advocacy group, and Harvard University’s Berkman Center for Internet and Society, loosely based on some form of collective licensing akin to what radio broadcasters use.

The RIAA’s Duckworth notes that the industry already advocates that universities offer flat-fee music subscription services such as Ruckus. However, Dean of Students Kenneth Elmore says, University administrators had considered Ruckus, but noted several shortcomings, such as the service’s incompatibility with Macs and iPods, its relatively small music catalogue, and the fact that music files can be played only for as long as one subscribes to the service.

The bottom line, Bestavros argues, is that the industry can’t enforce its way out of its piracy predicament. Continued attempts to do so will spur the development of new file-sharing networks and new means to encrypt and cloak network user identity, leading to an Internet “arms race” with plenty of collateral damage — falsely accused students, improperly filtered online communication, wasted resources, and stifled innovation — but no solution to illegal downloads. “At the end of all this effort,” he predicts, to truly stop music file-sharing, “you’re going to have to cut the wire.”

Chris Berdik can be reached at cberdik@bu.edu.