![[Ad box removed; this image serves to flag pages that need to be updated in my log file.]](/i/boxremoved.png)
This is the actual decision (PDF format) in the case that's making international news today. As always, you should read this decision in preference to the media reports. The media reports are saying that file sharing is now 100% A-okay in Canada; the decision is much less broad than that. The case at this point is only about revealing identities of ISP subscribers, not really the larger question of file sharing; a lot of the basis for the decision against BMG et al. came from procedural issues rather than the file sharing question that interests everybody; and it's subject to appeal and I fear will not stand anyway. Don't rejoice too much yet!
I'm going to go through and flag a few points that seem important. First of all, there's an extensive discussion of technical problems with the CRIA's evidence. They submitted an affadavit from the president of MediaSentry, the contractors who they'd hired to track down the IP addresses. The Court found a bunch of technical problems with that affadavit: for instance, it was submitted by the president of the company, but he didn't do the actual investigation, so it was all information he had heard from his employees, and that might have been okay but he didn't say which of his employees he'd heard it from, nor give as much technical detail as the Court would have liked about the investigation procedures used. Interesting point: the investigation procedures used are probably trade secrets that MediaSentry doesn't want to reveal (to competitors or file sharers). There may be a lot of tension between their desire to investigate and the need for them to be able to publish the results as evidence. I wonder if we'll see an attempt at some time in the future to seal or gag-order this kind of evidence.
There's another, much more amusing way in which the CRIA's contractors may be sabotaging themselves: as described in paragraph 19, one of their attempts to shut down file sharers involves a service called MediaDecoy, in which they upload fake music files to the networks. How do they know, the Court asks, that the people they're suing were not in fact sharing those bogus files? More generally, how do they know that the people they're suing were sharing copyrighted material at all? MediaSentry's president testified that his firm did not listen to the files shared by its victims. It appears that CRIA is suing based just on the fact that these people were sharing large numbers of files, and possibly based on the names of those files. It's trivial that that isn't good enough evidence for a lawsuit, but unfortunately, because that means this lawsuit has to fail, it also means that the failure of this lawsuit doesn't trivially make file sharing legal. It could be (based on the decision up through paragraph 19) that if they actually got the proper evidence, the suits could go ahead.
On pseudonyms: paragraphs 20, 31, and 45 talk about the status of pseudonyms. The entities CRIA really wants to sue are not IP addresses like 24.84.179.98; they are P2P network identities like "Geekboy@KaZaA". The Court correctly understands that those are not the same thing. (Yay for the Court!) That distinction has several consequences.
As mentioned in paragraph 20, before attacking an IP address the plaintiffs must prove that they have a good reason to think the IP address is linked to the pseudonym; and apparently they haven't done that, but just as with the business of not listening to the files, there's no reason they couldn't do it in future - this point helps dispose of this case but not all future cases.
Then as discussed in paragraph 31, one of the criteria CRIA must satisfy in order to demand "discovery" from the ISPs, is that they must show the ISPs are really the best people to provide the information demanded. That's not trivially true, and more importantly, CRIA hasn't proved it. Maybe the P2P companies like KaZaA could provide the pseudonym-IP address-identity linking information better than the ISPs could. I don't know whether that's true, but the point is that CRIA must prove it one way or the other and they haven't.
Finally on pseudonyms, there's an interesting note at paragraph 41. The thing is, even if identities are revealed, they must be only revealed to the point that's absolutely necessary. The Court notes that that means the pseudonyms would have to be used wherever possible, with the real names only listed in an appendix. The case couldn't change from "BMG v. Doe" to "BMG v. Smith", if you see what I mean; it would have to become "BMG v. Geekboy". That's going to make for some amusing sound bites. (Remember "The longer that Flyingbuttmonkeys continues its illegal activities..."?)
Two other small procedural points: the Court notes in paragraph 32 that CRIA would have to pay the ISPs for their (potentially significant) expenses in locating the data. That's not a big deal, it just means one rich corporation writes a cheque to another; they could and would do that if they decided that hanging some file sharers high pour encourager les autres was a priority. The other procedural point is mentioned in paragraph 42: since this "evidence" was collected in Fall of 2003, why did CRIA wait until February 2004 to make its demands? Of course, the community thinks CRIA was waiting to file its suits until after the Copyright Board BML decision - but we can't prove that, and whatever the cause, the delay means that it'll now be a lot more expensive, and quite likely impossible, for the ISPs to grant the IP-to-name mapping request. Especially in this litigation-happy era, no sane commercial ISP keeps logs any longer than they think they can get away with.
Now, the interesting part. It looks to me like there are plenty of reasons to throw this case out for lack of evidence. Those will dispose of this particular case, but they don't dispose of future cases. CRIA was slipshod about presenting its evidence this time, but now that it knows the courts won't tolerate that, next time CRIA will do it properly. And when CRIA does do it right, most of the reasons this case failed, will disappear. What about the reasons that could apply even with done-right evidence?
Well, those start around paragraph 25. The Court states, straight out, that "[D]ownloading a song for personal use does not amount to infringement." It cites the Copyright Board BML decision on that. I've written before that that decision was a little iffy, and didn't have the force of law; but now that the Federal Court has endorsed it, it's a lot stronger. It really looks like absent future decisions overturning this one, downloading really is legal in Canada now, as personal use under the private copying regime. Please note, though, that this applies only to music (my friends who copy Japanese television over the Net are still in legal peril) and it's for personal use only, whatever that means.
The Court's general theory seems to be that the "uploader" isn't really uploading the song. The uploader is just putting a personal-use copy of their own (which they have legally) in a special folder on their hard drive. Then it's not their responsibility if someone else comes along and makes a copy. Just like the public photocopiers in CCH Canadian. Downloading is legal, nobody really did any uploading, and so nothing illegal happened. I'm sorry, but I just don't think that theory holds water, and I don't think it will stand. I want file sharing to be legal, but I don't think this theory works as a way of making it legal. I want file sharing to be legal as a result of balancing creator, middleman, and audience interests - and changing the legislation if necessary - not just because someone misinterpreted the technical issues, which is what I think is going on in this decision.
The problem I see is that when you put a file in a shared folder on your hard drive, you aren't just innocuously re-arranging bits on a piece of magnetic media. You are deliberately making the file available to others to copy. When they do make the copy, your computer participates in a non-trivial way. Unlike a photocopier which will copy anything, your computer in a file sharing network copies the specific files you told it to share. That looks to me like "communicating to the public by telecommunication", which is the exact language from Paragraph 80.(2)(c) of the Copyright Act - by definition an action not authorized by the private copying regime/BML. In paragraph 28 of the decision the Court says that CRIA presented no evidence that P2P uploaders were "advertising" the availability of copyable files. I'm sure the Court is correct that CRIA presented no such evidence - but I think they easily could present such evidence. Most of the protocol issues in most P2P networks concern ways to advertise the availability of files for download. I think it would generally be easy to show that a given user was "advertising" the availability of his or her shared files, and that seems like it could be part of creating liability. So this becomes another of these "You didn't prove they were doing it, but it still might be illegal if you did prove they were doing it" issues.
Similarly, in section 29 the Court says that CRIA hasn't shown that the uploaders knew that people would make copies of the files. That sounds terribly hokey to me. Maybe CRIA in fact did not present evidence about that point, so this particular case can be discarded - but again, they easily could, so future cases don't go away. There is a reason that shared folders are called shared folders. The only reason you put a file in a shared folder is to make it a shared file and allow people to download it. It's hard to claim, having done that, that you didn't know people actually would download it. That would be like saying "Yes, I put poison in the cup of tea and handed it to my husband, but I didn't know he would drink it, so I didn't kill him." ("Madam, if I were your husband...") Now, it really is true that many users of file sharing programs are relatively clueless and actually do not understand that the folder labelled "shared folder" is exactly a shared folder - but especially in the case of someone sharing thousands of files, I'd hate to rely on cluelessness as a defense.
Freenet raises some interesting technical issues that could keep the lawyers entertained. For one thing, there's significant use of Freenet for purposes other than communication to others. I've sometimes stashed private files in Freenet for myself to retrieve in another time and place. As long as I don't give out the CHK (content hash key) for the file, nobody else can access it. But if two people happen to insert identical files (like, say, copies of a published CD), the network will automatically merge the two. I might be in some sense retrieving "your" copy of the file, because we both uploaded identical copies. More correctly, the copy cannot be meaningfully said to be mine or yours because all copies of an identical file are functionally identical. Numbers do not have different colors - if I add 37 and 5 and get 42, it can't be meaningfully said whether I used "my" 37 or "your" 37. Furthermore, knowledge in Freenet becomes a very real issue because a big part of the point is that network participants do not have access to the files they themselves are sharing. If I download a song from you, you probably don't know what song it was, so it can be said that you don't know if it was infringing. Freenet raises issues for this decision, but matters will only get worse - because as soon as the courts state a technical reason for why a given network could be illegal, programmers will create a new network designed such that that objection cannot apply to it, but such that CRIA will still be annoyed. That's the nature of programmers.Where will the line be drawn? Am I allowed to post music on my Web server? I have a legitimate reason to want to do that other than letting people copy it - namely, so I can listen to my own music from anywhere on the Net (a solidly established right) and benefit from my hosting provider's backup procedures. I don't know for sure that anyone else will transfer the files. If the answer is that posting MP3s in my Web space is legal, then CRIA will be very unhappy indeed; if the answer is that it's illegal, then I don't know how to separate it from the activities declared legal in the present decision, and that's a legal problem.
In summary, this case really does seem to say, as the media have reported, "Yeah, file sharing, of music only, not video nor other copyrighted material, is A-okay - go ahead, kids!" But it's open to appeal, much of it actually comes down to procedural issues that CRIA could correct in future cases, and so I'm really dubious about how well it will stand as far as putting a stop to future lawsuits. I never expected to see a ruling like this one. We all should expect more surprises in the future. I hope they'll be nice surprises.
[BMG v. Doe: File sharing legal??]
This form is for posting public comments to be read by other people who visit this Web site. If you have a software support question, or other material directed to the page author instead of to the general public, please send email instead.
All the data you enter, and your IP address, will be saved and displayed. Don't enter secret information. HTML is not accepted; it will be displayed as plain text. Your comment will only be added if you enter valid data in all required fields; if it isn't, use the back button and try again.
I, and I alone, reserve the right to remove postings for any reason.
![[RSS syndication file]](/i/rss.png){kind=small}
No comments yet.