Can Websites Hide User Data From the MPAA?
Federal copyright laws protect artists, studios and other creators of intellectual property. These laws grant to copyright holders the exclusive right to control the reproduction, modification and distribution of their copyrighted works.
The Internet and copyright laws collided when Shawn Fanning released Napster, a "killer app" that allowed people to share music over the Internet. While many young people embraced Napster, the entertainment industry was not as enamored because Napster allowed people to share and download copyrighted music in violation of copyright laws.
To protect their intellectual property, the entertainment industry targeted both peer-to-peer networks, such as Napster, as well as individual users. To identify the persons who had uploaded or downloaded pirated songs or movies, the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA) have subpoenaed educational institutions and Internet Service Providers (ISPs). Based on the internet protocol (IP) address of the suspected file sharer, the RIAA and MPAA have asked for the name and address of the person associated with that IP address.
People who share copyright files through peer-to-peer networks should be aware that if the web sites, networks or software they use log IP addresses or other personal information, the entertainment industry can obtain that information to file a lawsuit.
Penalties for Copyright Infringment
The criminal penalties for copyright infringement are severe. Copyright infringement can be punished by three years in prison and $250,000 in fines. Repeat offenders can be imprisoned for up to six years. If a defendant infringed a copyright for commercial gain, the prison terms extend to five years for first offenders and 10 years for repeat offenders.
In a civil action, the copyright holder can sue for actual lost profits or a statutory amount of $150,000 per infringement - that means per song. In reality, the parties settle most civil actions for much less than that: $3,000 and $17,000, according to the University of Illinois.
Some peer-to-peer networks have tried to protect their users by refusing to store user data, including IP addresses. The rationale is that if they do not electronically record that data, then they will have nothing to turn over if subpoenaed.
However, in a case between the MPAA and TorrentSpy, Judge Jacqueline Chooljian, a federal magistrate judge in Los Angeles, ruled that even if a website does not log user activity, such a record is held in RAM and a site can be compelled to retain that data. Judge Chooljian then ordered TorrentSpy to begin logging IP addresses.
TorrentSpy is appealing, so the legal question that will be decided is whether this logging can be required. TorrentSpy has asserted that the judge is asking them to create new records in response to the lawsuit, but the judge ruled that the records had already been created.
While the judge's order may appear to require all websites to record their data stored in RAM into a non-volatile format, the judge noted, "The court emphasizes that its ruling should not be read to require litigants in all cases to preserve and produce electronically stored information that is temporarily stored only in RAM."