Discussion group for IP practitioners
This is such a key issue that comes up in the P2P debate, especially in the context of large companies going after individual users. Proving that individual user in fact was the one who downloaded files illegally can be guess work at best. To what extent can activity like password entry be used to link users to activity in a certain time frame?
For example, most of us browse with tabs today. We'll have 10 sites open at a time. So if I'm trying to prove that Bob downloaded something illegally, and Bob's defense is that it must have been someone else on his computer, is it possible to prove Bob was the one who downloaded the file by showing a unique password entry to a site on the same computer by Bob at the time of the download? Can we get this granular in investigating?
Of course there is always the problem of password storage. I know that many people, both for home and work, have most of their passwords stored for convenience so they can click into sites easily. What does this do to our theory above?
Mike, I think most of that is a moot point. When the copyright holders sue, they sue the person paying the bill, because when you sign up with your ISP, the T&Cs make you assume liability for what is done with your connection. As such, the"it was someone else on my PC", or "I have an open wireless network" arguments are usually bunk.
So passwords, or even the physical PC has little to do with it, I believe.
How does that work with institutions like Universities, hospitals, and even corporations? Does the organization become liable for any suit?
I'm not sure. For most Universities, the school IS the ISP, though.
This discussion highlights the common misconception at the centre of the debate.
Copyright holders cannot sue the account holder as they do not know the identity of the account holder, only an IP address. It is only the ISP who can match an IP address with an individual. A rights holder can attempt to gather the individual's details by obtaining a court order obliging the ISP to do so. Without a court order, ISP?s will not hand over such details for reasons including privacy issues. Without the individual's details, rights holders allegedly have ?evidence? of illegal downloading but no one to actually sue - first problem.
Second problem for rights holders is an evidentiary issue. For copyright infringement purposes, the rights holders can only sue an individual who has committed the copyright infringement. There are numerous technical reasons (already specified) which throw doubt on this evidentiary threshold.
The traditional principles of copyright laws are struggling to meet the changing needs of the digital age.
This is related to the issue in the P2P debate as well: "[s]ome courts have construed the term 'distribution' as synonymous with 'publication,' whereas others have disagreed and required proof of an actual act of distribution." If you can't prove who was on the other end of the IP address, how can you hope to prove "actual" distribution. Do you think the issues raised in this article will ultimately help us decide the P2P debate?
Jeremy, while you are correct regarding the intermediate identification step between the ISP and the user, not all ISPs are fighting like Time Warner to protect their customer's information. AT&T and Verizon have both voluntarily complied, no court order required, with IP ID requests by copyright holders.
ISPs should be fighting hard and should buckle under pressure from rights holders (court order or no court order).
The TalkTalk model in the UK is the most appropriate approach (as I have seen first hand) as it is consistent with the law and preserves the fundamental rights of its customers (including privacy rights, human rights and consumer laws).
The rights holders? campaign is based on the misguided notion that ISPs are the ?gatekeepers? or ?police? of the internet and, in turn, of user content and user communications. If the rights holders approach is adopted, this could potentially open up the floodgates of liability for ISPs and carriers and could lead to them being asked, or required, to adopt a policing role for other types of internet content eg: terrorist content, religious content, animal rights content, environmental content and political content. The spiral effect is very worrying and could ultimately impact all portal providers, web 2.0 hosts, online auction sites and anyone who serves as an intermediary between end users and almost any form of online activity. Will the Internet survive if this path is followed?
Gentlemen, I think we are seeing the essence of geographical perspectives. Data privacy in the EU (and I think Australia?) are much stricter than the US and heavily favor individual users. In fact, you can't even email someone in the UK for marketing purposes unless they've given you the address for that purpose. In the US, the rules are much more lax and tend to give more power to rights holders to enforce their rights and profit from their works (go Capitalism!).
It stands to reason then, Jeremy, a lawyer in Australia, takes the position that ISPs should fight harder to protect data privacy. Fred, a US lawyer, takes the position that ISPs should be more compliant with requests.
What do others think? Should ISPs in the US follow the EUs lead and fight harder to protect the data privacy of users or does commerce and copyright trump concerns of data privacy?