Shortly before Christmas it was reported that RIAA will greatly reduce its filing of lawsuits against unlawful file sharers. Instead, under a deal brokered by NY A.G. Andrew Cuomo, RIAA will work with ISPs to send notices to suspected file sharers, with the ISPs eventually taking action to limit or even terminate subscribers who don't change their behavior. It sounds a bit like an effort to create a process analogous to the DMCA's notice-and-takedown regime for Internet-hosted content, but this time targeting P2P file sharing. At this point, many details remain unclear.
It's not known which ISPs plan to participate, or just how firm or specific the reported "agreement in principle" really is. So it's hard to say at this point just what this all means. But here are some initial thoughts, questions, and concerns. Few would mourn an RIAA decision to scale back on lawsuits. CDT has always taken the view that lawsuits against individual infringers may be necessary to send the public message that unrestrained file sharing of copyrighted music is illegal and can have real consequences. But CDT has also said that such lawsuits should target only the worst offenders and should not seek disproportionate damages. And there is no question that lawsuits targeting run-of-the-mill infringers like single moms and college students have been tremendously unpopular and made RIAA a whipping boy in much of the blogosphere. Refocusing enforcement efforts on truly egregious offenders may be a sensible response at this point.
Meanwhile, there are some potential benefits to an arrangement under which ISPs cooperate to forward notices of suspected infringement to end users. It puts users on notice that their computers might be being used for unlawful file sharing — which may be sufficient, in many cases, to convince the users to stop. Receiving a warning notice may dispel any notion users may have that their P2P activity is safely anonymous, and may prompt parents to rein in infringement traceable to their teenage children. Forwarding notices does not require ISPs to reveal subscriber identities to the RIAA, so it dodges a possible privacy concern. And it doesn't subject users to large settlement demands backed by the threat of lawsuits with potentially huge statutory damages. In short, the scenario of a copyright holder identifying an infringing act and notifying the ISP about it, the ISP warning the subscriber, and the chastened subscriber then ceasing any unlawful behavior looks pretty appealing — especially compared to lawsuits, subpoenas, and settlement demands.
Plenty of Questions
But there are many questions. Start with the mechanics. Many ISPs may not currently have any obvious or regular online way of communicating this kind of information to subscribers; in an age of web-based email, ISPs may not even know their subscribers' principal email addresses. It will be interesting to see how different ISPs choose to notify, or if they turn to snail mail using billing addresses. I'm also curious whether participating ISPs (whichever those turn out to be) are really prepared to shoulder the costs of implementing a notification system, or whether the reported deal will address the cost question somehow. Another question is whether any deal would be limited to RIAA, whether it would extend to other major copyright holders, or whether it would enable even small and independent copyright holders to ask ISPs to forward infringement notices. The hardest questions, however, concern how ISPs will respond in those cases when the subscriber doesn't cease the alleged illegal behavior. This could include cases of unrepentant infringers, but also cases of mistaken allegations. What steps would an ISP take to escalate the matter, beyond mere warnings? When disputes arise, how would ISPs verify RIAA's claims before taking more drastic action? How would subscribers be able to contest allegations? And ultimately, who would be the final arbiter? It's hard for me to imagine that ISPs really want to assume that tricky and potentially burdensome function. These due process concerns are particularly serious if the response can include account termination. People increasingly rely on Internet connections for communications that are essential to their daily lives. Cutting off that connection is no small deal. Of course, it would seem that ISPs would have every incentive to avoid inappropriate disconnections. But we'll have to await further details to see how this kind of "graduated response" system could address these concerns.
The ISP Police?
A final big-picture question is what a deal of this kind would mean for ISPs that don't initially choose to participate. It's one thing for certain ISPs to decide to implement some kind of graduated response system. It would be quite another to create an expectation or even a legal requirement for all ISPs take on such a role. (And the apparent role of the New York A.G. in brokering the reported deal raises the possibility that even for those ISPs who participate, the choice could be more coerced than voluntary.) Forcing ISPs to serve as copyright enforcers would mark a major departure from the important legal principle that ISPs provide a general-purpose communications tool and hence are not generally responsible for their subscribers' online behavior. This principle has been a cornerstone of the Internet's open and innovative nature, and it would be a serious mistake to cast it aside. If ISPs start down the path of serving as copyright police, what other laws and policies will they be called upon to enforce?