What's at Stake?

The Internet, combined with widespread broadband access, will revolutionize the distribution of recorded entertainment and other media. Online delivery of music (and other creative products) will be a boon to consumers and record companies alike by reducing production costs, eliminating the danger of unsold inventory, streamlining the purchasing process, and reducing the role of CD manufacturers and music retailers. To the extent that online digital music accomplishes those goals, (including distributing non-copyrighted material through services like Napster) we are strongly in favor of it. Despite the threat of copyright violations, online digital music and other technologies can improve productivity and reduce costs to the consumer, which is clearly in the public interest.

The public debate over Napster, however, shows that the danger to artists and record companies comes not from technological innovation, but from companies and individuals using the technology in illegal ways (One could rightfully say, "MP3 players don't steal music, people do.") Indeed, while we believe that new technologies should not only be allowed to flourish but should even be encouraged, even if they increase the risk of piracy, we also believe that companies or individuals who use the technology for illegal purposes should be subject to the restraint of the law.

While the technology makes it easier to steal, changing attitudes make it more likely that people will steal. There appears to be a growing belief that consumers should not have to pay for music at all, that the very concept of intellectual property should go the way of the horse and buggy.⁶ Metallica fans reacted angrily when the band sought to have Napster users booted from the system for trading Metallica songs. The Napster chat rooms and message boards routinely seethe with angry denunciations of record companies as greedy and behind the times, and demanding that the industry change its business model to profit from concert tickets, T-shirts, and related paraphernalia rather than songs.

We are in favor of changing business models in the New Economy. (Though what Napster users are suggesting sounds a little like telling Barnes and Noble stores to give away books for free and make up the difference by selling overpriced latte at their in-store cafes.) But if an industry changes the way it does business, it should be a response to legitimate innovations, not a reaction to a technologically-driven increase in crime. Napster may have changed the way we listen to music, but it cannot change one simple truth: markets only operate in the context of rules designed to protect the players.

Without effective laws to protect intellectual property in cyberspace, artists will have less incentive to create, and record companies will have little incentive to embrace online distribution. Indeed, the recording industry has been notorious in its past resistance to new technology that made illegal copying easier--audio cassettes, recordable CDs, and portable digital music players were all steadfastly opposed by RIAA. The Napster service, and its copycats,⁷ represent the biggest threat yet to the property rights of songwriters, recording artists, and record companies.

As high-bandwidth connections proliferate, that mentality will spread to other forms of digital entertainment. The software industry is already being threatened by the underground "Warez" pirates that crack the copy protection on popular computer games, which typically sell for $50 or more, and make them available for free.⁸ A Norwegian teenager has already cracked the encryption code for Digital Video Discs (DVDs); though the average movie file is too large for widespread trading, increases in storage capacity and bandwidth will make movie piracy (using Napster-like services) feasible in the near future.⁹ The publication of a Stephen King novella on the Internet heralds the arrival of yet another category of easily pirated intellectual property, which could lead to big losses for publishers. If Napster continues to operate and facilitate music piracy, Napster clones dedicated to software, movies and old television shows, and electronic books will not be far behind.¹⁰

Such widespread piracy is not only illegal and unfair, it threatens the future of online distribution and all the efficiencies that come with this new technology. If the software industry, the publishing industry, and the powerful motion picture industry join the recording industry in the battle against legal and legitimate online distribution, a slowing of the growth of the Internet will be unavoidable.

What Is Napster?

Napster is a relatively new software application, available to be downloaded for free at the corporate Web site,¹¹ that allows users to trade sound files in the MP3 format. MP3 is a form of digital compression that creates perfect quality copies of songs and other audio material in relatively small files that can be quickly transmitted over the Internet and easily stored on hard drives, from which they can be played over the computer's speakers. (MP3 files can also be loaded into portable digital audio players such as the Diamond Rio.)¹²

When the Napster software is installed and launched, the user is connected to a network consisting of all users who also are currently using the Napster program. At the time the connection is established, the software searches the user's hard drive for all MP3 audio files and logs the user's hard drive as a "library" consisting of all audio files available for sharing. The Napster servers combine listings of each individual "library" into a single searchable database. The contents of the database change every time a user signs on or off of the Napster service. Depending on the time of day, the number of songs available ranges from 100,000 to over one million.

When a user initiates a search for a particular song, Napster returns a list of all libraries--user hard drives--that contain the song. The results are sorted by the sound quality of the file and the connection speed of the target library (higher bandwidth results in shorter download times). The user then selects a song for retrieval, and the Napster software automatically establishes a connection between the two computers and copies the file from one machine to the other. The Napster software also allows users to conduct live chats while trading songs.

Napster represents a quantum leap in song trading, legal or illegal, over the Internet. The software has taken all of the inconvenience out of finding, accessing, and downloading MP3 files. Prior to Napster, searching for songs residing on the hard drives of individual users was a cumbersome process. Several search engines needed to be consulted, and the search results were generally unreliable as users disappeared and reappeared to avoid detection. It was difficult to tell which computers had high-bandwidth connections for faster downloads. Song libraries had to be accessed using the unwieldy File Transfer Protocol (FTP). Some users turned their MP3 libraries into money-making opportunities by requiring visitors to click on Web site banner ads before being given passwords to access the song files. (The banner ads were generally for pornography and gambling sites.) Often users were required to upload MP3 files from their own computers before they were allowed to download new songs from other users.

The "required trading" aspect of the FTP days of online music piracy formed the basis of Napster's popularity. To gain access to songs in other libraries, a new user needed to create a collection of MP3 files for trade. This was done by using software "rippers," available for free on the Internet, that copied songs from the user's CD collection and converted them into MP3 format. Once a song was "ripped" it could be copied repeatedly from user to user with no decrease in audio quality. As a result, virtually every popular song from Frank Sinatra to Britney Spears has been ripped and traded over the Internet. And now, virtually every back catalog song that has any potential to make money for its copyright holder is available for free on Napster.

Napster claims that its software is intended only for swapping of MP3 files that have been legally authorized for free exchange, usually self-recorded songs by unsigned bands looking to build a fan base through the Internet. The terms of service that all users must agree to before using the Napster software specifically forbid song piracy:

"As a condition to your account with Napster, you agree that you will not use the Napster service to infringe the intellectual property rights of others in any way. Napster will terminate the accounts of users who are repeat infringers of the copyrights, or other intellectual property rights, of others. In addition, Napster reserves the right to terminate the account of a user upon any single infringement of the rights of others in conjunction with use of the Napster service . . .¹³

In reality, however, enforcement is virtually nonexistent, as evident by the fact that the vast majority of songs on Napster user hard drives are illegally pirated. Indeed, the very nature of the Napster software makes the termination of infringing users futile. Unlike a traditional ISP, which gathers personally identifiable information on its users for billing purposes, Napster users can log on for free, anonymously, with nothing more than a username and a password.¹⁴ Banning a particular user would be effective only for as long as it takes the user to think of and type a new username.

The Battle to Block Napster

Napster faced its first significant opposition when nearly 200 colleges and universities banned the use of Napster software on computers connected to campus networks. The vast majority of the schools instituted their bans not because of alleged copyright infringement but because heavy use of Napster by students was consuming massive amounts of network bandwidth, causing intolerable delays for students and faculty trying to use the Internet for academic purposes. After Napster released a new software version that largely alleviated the bandwidth problem, most campuses lifted the ban.¹⁵

The lawsuits filed against Napster, by the record labels and artists Metallica and Dr. Dre, represent a more serious challenge to the company. If found guilty of contributory copyright infringement, Napster will either be pushed into bankruptcy or forced to make major changes to its system. For this reason, Napster is relying heavily on the protection of the Digital Millennium Copyright Act.¹⁶

The DMCA sets forth four safe harbors for copyright infringement. Section 512(a) limits liability if the service provider acts as a conduit for network communications. Section 512(b) protects "caching," storing temporary copies on a provider's server to improve network performance. Section 512(c) protects service providers from liability for hosting information on their servers that was placed there by users, such as user-maintained Web sites. Section 512(d) protects service providers that act as information location tools.

If a service provider meets the requirements for each of the safe harbors that applies to its operations, and implements a reasonable policy for blocking access to infringing material, it is protected by strict liability limits. The law protects service providers from monetary relief, defined as "damages, costs, attorneys' fees, and any other form of monetary payment," as well as banning most forms of injunctive relief against the service provider itself, including temporary or preliminary injunctions. If, as has happened on the Napster service, an album is made available for free in MP3 format in advance of its official release date, the record company is virtually powerless to stop it. In short, as long as a service such as Napster qualifies for liability limitations, the courts cannot shut it down.¹⁷

Of the safe harbor provisions, only subsections 512(a) and 512(d) could possibly apply to Napster, as the system performs neither caching nor hosting functions. The Federal District Court judge in the RIAA lawsuit, Marilyn Hall Patel, has issued an opinion stating that Napster does not qualify under subsection 512(a) because the system does not act as a mere conduit.¹⁸ Whether Napster qualifies under subsection 512(d) is an issue that will be resolved at trial and will revolve around the questions of Napster's knowledge of infringing activity and its efforts to stop infringing activity once it was known to them. Judge Patel suggested in her opinion that a service provider that meets the criteria for the DMCA safe harbor provisions might still be liable if its users are anonymous, because anonymous access makes it impossible to implement a "reasonable" termination policy as required under subsection 512(i)(A). In Napster's case, that determination of fact will have to be made at trial.¹⁹

Napster's termination policy was put to the test in the Metallica lawsuit. At Napster's request, Metallica submitted a list of Napster users who have illegally made the band's songs available for trading on the Napster system. The list, which was personally delivered by the band's drummer, contained over 300,000 user names. Napster blocked the allegedly infringing users, but the action had little impact: scores of illegal Metallica songs were available only hours after the users were blocked.²⁰

Though the Napster lawsuits represent the first real test of the DMCA's safe harbor provisions, the ultimate resolution of the suits may turn on facts unique to the company: the belated posting of a copyright policy, promotional statements that seemed to encourage piracy, and so on. For this reason, even if Napster is closed down, the precedent may not be enough to stop Napster-like clones in the future. In fact, a decision against Napster could provide a road map to similar services, warning against the mistakes that caused Napster's demise. The most effective way to prevent Napster and its inevitable progeny from being havens for trading illegally pirated materials is to amend the DMCA.

Of course, an amendment will not guarantee an end to online piracy. Cyberlibertarians are hard at work creating new software protocols for completely decentralized file swapping networks, such as Gnutella and Freenet, that connect computer users to each other directly and anonymously without going through a Napster-like searchable database. These protocols would render the DMCA moot because there is no company to sue and no central server to shut down. Because Gnutella and Freenet have no profit potential and no incentive to create user-friendly software, this new technology will probably be limited to a relatively small community of highly-skilled computer operators. If these decentralized software protocols do ever gain widespread popularity, Congress will have to revisit this issue. However, the mere threat of a future problem does not justify forestalling action to stop Napster-like services today.

What Should Be Done

It is possible that the courts will succeed in keeping Napster from being used to steal pirated material, but they may not. Moreover, other similar services may emerge that do qualify under the DMCA. For these reasons, PPI believes that we should amend the DMCA. Retaining protections for legitimate service providers is critical. At the same time, we need a law that can force users and companies that commit or encourage copyright violations to accept responsibility for their crimes. To meet these goals, the amendment should:

Require service providers, as a condition to qualifying for the liability limitation under the DMCA, to collect personally identifiable and verifiable information from their users. With the cloak of anonymity removed, copyright holders can identify the real culprits: infringing users.²¹ Under a model used by sites such as eBay, users who wish to connect to the service with an anonymous username or email address could be required to give a credit card number and home address to make them traceable if they break the law. Faced with the threat of a lawsuit and liability to the tune of millions of dollars, casual MP3 traders will give up their hobby, and hardcore online pirates will crawl back into the holes from which they operated before Napster brought them out into the open.

Privacy advocates may initially balk at such an amendment, but we are in no way suggesting that anonymous Internet services should be outlawed. The identification requirement would apply only to those service providers that wish to qualify for safe harbor under the DMCA. Somebody must accept responsibility for online piracy; if a service provider wants to keep that responsibility with the actual criminals the users then it should not shield criminals from enforcement.²²

Set a concrete time frame for the "notice and take down" process. Requiring service providers to eliminate online pirates from their networks is appropriate, but the law as currently written has no teeth. Service providers are not compelled to remove infringing material within any specific time frame. Service providers with a vested interest in the infringing activity of their subscribers, like Napster, have no incentive to interpret "expeditiously" to mean anything other than "eventually."

Congress originally declined to specify a time limit for the removal of infringing material to allow flexibility for "technical parameters," and that was the proper decision at the time. But the technical parameters of the Napster service, with its simple and speedy file-trading interface, mean that losses to copyright holders pile up hour by hour. A set time limit, perhaps one week, will provide many more benefits than harms.²³ If a user is blocked or banned from a service provider based on a formal notification of infringement, the DMCA allows the user to provide a "counter notification." Upon receipt of the counter notification, the service provider is required to cease disabling access unless a suit is filed. This protection should be sufficient to protect legitimate users from improper copyright notices.²⁴

Allow the courts the flexibility to grant injunctions against service providers that are primarily used for online piracy. The vast majority of traffic on traditional ISPs is email and Web surfing; any copyright infringement is done by a tiny percentage of rogue users. Congress was right to prevent copyright holders from shutting down an entire ISP, with thousands or millions of legitimate users, just to get at a handful of bad actors. The Napster service, on the other hand, is used overwhelmingly for infringing activity. When the vast majority of a service provider's users are engaging in illegal activity, it may be appropriate to temporarily shut down the entire service, and judges should be given the leeway to make that decision. It may be impossible to write a law that accounts for all future technological innovations, but a judge will know a pirates' den when he or she sees it.

Conclusion

The service provider provisions of the Digital Millennium Copyright Act were an important step in the growth of the Internet. By freeing ISPs from the responsibility of policing their customers, individual users were able to continue adding content to the Internet without facing undue burdens imposed by their access providers. But new technology has created the need for tighter legal controls to defend the property rights of artists and entertainers, and to continue the longstanding legal principle that those artists, entertainers, and other producers of digital content deserve to be compensated for their creative efforts. If amended properly, the DMCA can continue to protect legitimate ISPs and encourage the growth of the Internet without providing a haven to online pirates.

Endnotes

1. No exact numbers exist for the damage related on online music piracy. See RIAA's Web site www.riaa.com for more information.

2. RIAA estimates that over 90% of songs available on Napster are pirated. An informal survey of songs on Napster conducted by PPI confirms that estimate.

3. Current law provides for damages of $100,000 per infringed song; Napster makes hundreds of thousands of infringed songs available at any given moment.

4. P. L. 105-304

5. That very situation occurred in Germany, where they do not have the equivalent to the safe harbor provisions of the DMCA; recently, a German company successfully sued AOL for copyright violations because AOL users were stealing digital music.

6. See John Markoff, "The Concept of Copyright Fights for Internet Survival," New York Times, May 10, 2000.

7.iMesh.com, and Spinfrenzy.com are but two examples.

8. For one example, see Warezarchive.com. This site, and others like it, are funded by advertisements for pornography sites that appear in pop-up browser windows.

9. The defeat of the DVD security code bodes poorly for the music industry's effort to protect digital songs, the Secure Digital Music Initiative (SDMI). Though the SDMI encryption will be much stronger than the encryption used on DVDs, it is always a mistake to underestimate the abilities of the international hacker community.

10. A widely available software "hack" called Wrapster circumvents the MP3-only nature of the current Napster service by disguising movies, video games, and other files as song files, thus allowing them to be traded over the Napster system.

11.Napster.com

12. Though illegal copies of recorded music have been commonplace since the advent of audio cassettes, digital technology makes it far easier. Copies on magnetic audio tape degrade in quality with each successive copy, and trading the tapes requires physical movement. To have a decent quality audio tape, the listener did not have to buy the original music himself, but at least had to know somebody who did. With MP3, anybody can get perfect quality copies from complete strangers around the world within minutes.

13. The date this policy was posted and/or effective is at issue in the RIAA lawsuit.

14. The provision of personally identifiable is optional. Most users opt not to include the information.

15. Yale, the University of Indiana, and the University of Southern California all reinstated their bans in exchange for being dropped as co-defendants in the Metallica suit.

16. Napster's attorneys suggest that they will also rely on the U.S. Supreme Court decision in the 1984 Betamax case, which ruled that a technology cannot be banned if it has legitimate, non-infringing uses.

17. A judge could, in theory, issue an injunction against a service provider that does not qualify for the liability limits, if the judge ruled that "such relief is the least burdensome to the service provider among the forms of relief comparably effective for that purpose."

18. The judge ruled that the infringing material travels "between" points on the Napster system rather than "through" the Napster system, a description that Napster disputes. For the complete text of the judges decision, see Judges Decision

19. There is some dispute over whether Napster can effectively block the IP addresses of infringing users, especially since they block IP addresses of users running "bots." IP blocking would probably not work because most users get a different IP address each time they log on, and those who have "static" IP addresses could circumvent blocking by signing up for a new ISP account.

20. It is impossible to tell which songs were being traded by users who were not banned and which were being traded by users who were banned and regained access to the Napster system using a different name.

21. The DMCA allows copyright holders to subpoena service providers for information on users who are infringing, but because Napster users are anonymous, there is no information to subpoena.

22. So far, the artists and the record companies have resisted suing consumers directly for copyright violations, fearing a public relations disaster. That will almost certainly change, however, if digital piracy continues to grow and suits against Napster-like companies prove ineffective.

23. A tight time frame might be difficult to meet when the notification represents an overwhelming number of infringing users, as was the case in Metallica's notification to Napster. Even with a list of over 300,000 names, however, Napster was able to act within a week. We believe that removal of the cloak of anonymity from users will make overwhelming numbers of infringers unlikely in the future.

24. Over 17,000 Napster users banned at the request of Metallica took advantage of this provision.

Shane Ham is technology policy analyst at the Progressive Policy Institute, and Robert D. Atkinson is director of PPI's Technology & New Economy Project.