[ NNSquad ] RIAA's "new" methods (move along, nothing to see here)

["nick hatch" <nicholas.hatch@gmail.com>]

I'm finding a lot of this discussion of late about the RIAA working to track and disconnect repeat offenders boring. Stopping the lawsuits is news, but when the RIAA says that they're going to work with ISPs to terminate repeat offenders, you need to know the DMCA and read between the lines to understand what they mean. 

In the context of home broadband subscribers, DMCA subsection 512(a) which deals with conduit communications applies. For an ISP operating under 512(a), the requirements to qualify for safe harbor are really easy to satisfy. You must establish a copyright abuse contact, publish this contact information through a variety of methods, and receive DMCA notices on behalf of your subscribers. 

So, what are you required to do when you receive a notice? You're not required to notify the subscriber, disconnect them, or much of anything else. Your only requirement is to *establish a policy to terminate repeat offenders*, and notify your subscribers of this policy. Sound familiar? It should. Note that the law is vague: It never defines what a repeat offender is. (2 times? 10? 20?) This probably annoys the RIAA to no end.

When I read that the RIAA is going to "work with ISPs" I read that as "attempt to strong-arm ISPs into setting strict limits voluntarily." But ISPs have never been eager to cooperate with the RIAA in the past, I don't see why this would be any different. 

Even the new letter the RIAA is going to send out isn't that new -- it legally satisfies the DMCA notification requirements, but with different verbage. In my opinion (I used to work an abuse desk), it's quite a bit softer.

I don't think it's a good idea for an ISP to hop into bed with the RIAA on this one: it is ripe for abuse. 

I have data (unpublished, dating to 2005-2007) on DMCA notices to various US universities. Sequence-number analysis of the notices strongly suggests that the RIAA only sends out DMCA notices corresponding to a small fraction of observed violations. This puts them in a positon of power: they can strategicly surge the notices at any time to any entity. Remember when some universities suddenly had 500-2000% increases in DMCA notices and the RIAA published a top-25 list which happened to coincide with a congressional investigation? [1]  Pretty useful power to have, eh?

An incident I observed convinced me beyond a doubt that they strategicly target organizations: A public university in the US went from 600+ RIAA-sourced DMCA notifications one year to 0 the next. How? They switched ISPs, and therefore netblocks. The RIAA didn't follow.

If Comcast were to sign on with the RIAA, the RIAA could turn on the notification spigot and destroy their customer base.

Are the DMCA notices faulty? Yes, sometimes. Do they turn the ISP into a "copyright cop"? I guess. Are they anything new? Nope.

-Nick

[1] http://www.engadget.com/2007/02/22/riaa-lists-top-25-universities-handing-out-piracy-notices/