SUBSCRIBE NOW!

Vol. 11 No. 5 — May 2003

While I agree with PC Magazine, that the battle is on, the author implied that the battlefield lies in the Congress. On the contrary, it is everywhere — at least everywhere the entertainment industry can think of. Specifically, the leading entertainment organizations have now begun targeting colleges and universities, as well as corporate America.

The RIAA Letters

The Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), the National Music Publisher's Association (NMPA), and the Songwriters Guild of America (SGA) have joined forces. On October 3, 2002, letters from these organizations went out to Fortune 1000 corporations and 2,300 letters to college and university presidents. Language in the letters asks that the recipients "...forward copies of this letter to your General Counsel/Chief Legal Officer, as well as your Director of Information Technology/Information Systems, your Chief Financial Officer, and your Dean of Student Affairs" on October 3, 2002³.

The letters to corporate America⁴ asked the companies to prevent their employees from taking copyrighted material off the Web while at work. The creative content organizations pointed out that it "appears that many corporate network users are taking advantage of fast Internet connections at work by publicly uploading and downloading infringing files on P2P services and also distributing and storing such files on corporate intranets. ... The use of your digital network to pirate music, movies and other copyrighted works both interferes with the business purposes your network was built to serve and subjects your employees and your company to significant legal liability under the federal copyright law." Now that's subtle. The creative content organizations' letter encourages companies to implement "employee policies and technical measures to prevent copyright infringements on ... corporate networks."

The RIAA has already "obtained a $1 million settlement in an action it brought against Integrated Information Systems, Inc. of Tempe, Arizona, in order to make an example of a corporate infringer. The complaint alleged that the defendant had provided a computer on its corporate network for infringing peer-to-peer file-sharing."⁵ New products are being rushed to market to help corporations detect MP3 files on corporate networks⁶. Look over your shoulder.

So RIAA is going after corporations. But why write to college and university presidents? Because "[w]e are writing to you as representatives of America's creative community on an urgent matter regarding copyright infringement by some university students. We are concerned that an increasing and significant number of students are using university networks to engage in online piracy of copyrighted creative works."⁷

In fact, RIAA has several problems with student "piracy of copyrighted creative works" on campuses across the nation. The primary reason, according to the letter, is the fact that "students and other users of your school's network who upload and download infringing copyrighted works without permission of the owners are violating federal copyright law." The RIAA apparently also worries that piracy "can take up a significant percentage of a university's costly bandwidth. ...When students run P2P applications and offer files from upload, much of the bandwidth drain is likely to be users outside of the university downloading files from students. ... The non-university users downloading these illegal files take bandwidth away from students and members of the university community intending to use the network for educational purposes. Many universities use bandwidth management tools to reduce bandwidth demands from illegal and improper use of the university networks. These tools can be used to take such steps as monitoring for inappropriate use, metering the bandwidth available to each student, setting caps on upload speeds, and blocking access to infringing P2P services. ... There are a number of companies that offer these bandwidth management tools, and we have attached a list of some of these companies for your information."

How thoughtful.

Aside from copyright infringement and wasted bandwidth, the RIAA, et al., also fear that "P2P also poses serious network security and student privacy risks. ... P2P software is also susceptible to worms and viruses." Interesting that the RIAA should care about P2P software threats to student privacy, but not about privacy issues raised by the proposed "monitoring for inappropriate use" of network resources.

So what does the RIAA really want college and university presidents to do? "We ask for your leadership in addressing student piracy on your network. Specifically, we urge you to adopt and implement policies that do the following:

• Inform students of their moral and legal responsibilities to respect the rights of copyright owners.

• Specify what practices are, and are not, acceptable on your school's network.

• Monitor compliance.

• Impose effective remedies against violators."

To help, the RIAA has "attached a list of Internet links to selected university Codes of Conduct to demonstrate some of the positive steps already being taken in the university community to address the issues implicated by misuse of university networks." The university acceptable use policies selected by the RIAA included Drake University, the University of North Carolina at Chapel Hill, and the University of Michigan. The RIAA also listed companies that offer bandwidth management resources.

University Reactions

What followed the initial RIAA volley? On October 8, less than a week later, the heads of the American Council on Education (ACE), Association of American Universities (AAU), National Association of Independent Colleges and Universities (NAICU), the American Association of Community Colleges (AACC), the American Association of State Colleges and Universities (AASCU), and the National Association of State Universities and Land-Grant Colleges wrote⁸:

to follow up a letter you recently received from several associations representing the music and motion picture industries. These groups are deeply concerned about copyright infringement that is occurring through the use of peer-to-peer file sharing software on many computer networks, including those on college and university campuses. ... We share their concern about the use of campus computer networks for inappropriate file sharing and are writing to encourage you to give serious attention to this issue. ... We urge you to discuss this issue with all appropriate campus officials, including provosts, general counsels, chief information officers, business officers, librarians, and student affairs officers. These discussions may well result in a reassessment of your institutional computer usage policies and bandwidth management practices. In addition, given our responsibility as educators to help students make ethical and lawful choices, we encourage you to make efforts to educate students, faculty and staff about appropriate and inappropriate uses of copywritten materials.

The higher-education associations noted, "Some institutions of higher education have already addressed this issue and the recording and movie industries' letter provided several examples. While these illustrations merit your consideration, we do not believe that there is a single solution that will work equally well for all schools. This is a challenge that must be addressed on a campus-by-campus basis."

Attacking in a different direction, the Association of American Universities wrote on behalf of the American Council on Education and the National Association of State Universities and Land-Grant Colleges, to ask the U.S. Copyright Office to allow scholars to avoid the anti-circumvention provisions of the Digital Millennium Copyright Act and permit fair use of copyrighted material for research and teaching⁹.

The Circle Widens

On November 6, 2002, the Electronic Privacy Information Center joined the fray in a letter¹⁰ to college and university presidents:

We are writing in regard to a series of letters you recently received on issues of copyright infringement and peer-to-peer (P2P) file trading networks. The Electronic Privacy Information Center (EPIC) is a not-for-profit research center that focuses on the right to privacy and emerging civil liberties issues. We believe these issues require a circumspect analysis of the impact of network monitoring on privacy and academic freedom. While network monitoring is appropriate for certain purposes such as security and bandwidth management, the surveillance of individuals' Internet communications implicates important rights, and raises questions about the appropriate role of higher-education institutions in policing private behavior. We recommend that your institution carefully consider the issues recently detailed in a report by the National Science Foundation Logging and Monitoring Project (LAMP). The LAMP report¹¹ examines the intersection of network logging, privacy issues, and security risks. It also recognizes the unique environment of higher-education institutions and recommends caution when engaging in monitoring. While the Recording Industry Association of America (RIAA) has legitimate interests in protecting against infringement, it is worth noting that copyright law sets limits on the exclusive rights of content owners, making some uses of protected material legal.

EPIC acknowledges that "the Recording Industry Association of America (RIAA) has legitimate interests in protecting against infringement, ... copyright law sets limits on the exclusive rights of content owners, making some uses of the protected material legal. ... Now the RIAA wishes to involve colleges and universities in the process of policing the communicative activities of students, staff, and faculty in a way that is significantly outside the institutional missions. ... [W]e urge caution in adopting network monitoring and other similar methods to address concerns about infringement."

EPIC is concerned about the "chilling effect" that monitoring can have on the marketplace of ideas. "Such a level of monitoring is not only impracticable; it is incompatible with intellectual freedom." In addition, the group notes that monitoring "of individuals' network usage habits generates records subject to a system of protections under the Federal Educational Rights and Privacy Act (FERPA)." And it worries that "monitoring appliances can be systems of general surveillance. ... Once installed on an institution's network, they could be used for copyright control today, and the control of ideas tomorrow. ... Institutions of higher education should not practice content monitoring, an approach that the controlled environments of corporate workplaces and kindergartens have adopted." EPIC also debunks the RIAA concerns about "purported privacy and security risks of P2P. ... The copyright industry alleges that P2P programs jeopardize network security and privacy. While all network-enabled applications raise security concerns, P2P systems are not uniquely vulnerable and do not warrant special treatment on these grounds."

Finally, EPIC notes:

[that under] current law, educational institutions are required to take down infringing content hosted on a university Web server. These provisions provide an adequate remedy to address online infringement. But this new proposal would shift the burden to colleges and universities to devote scarce resources to monitoring online communications and to identifying and "prosecuting" individuals suspected of using P2P networks to commit copyright violations. This is neither a reasonable nor an appropriate burden to place on institutions of higher education. ... If a copyright owner suspects such infringement, it can initiate a lawsuit against the suspected wrongdoer. We recommend that institutions take a careful approach to addressing the legitimate concerns of the copyright industry. We also recommend that institutions not adopt privacy-invasive technologies or policies that impinge upon academic freedom and privacy in order to address those concerns. Network monitoring for bandwidth management is appropriate, but monitoring of individuals' activities does not comport with higher education values.

Library Organizations Begin to Weigh In

On December 16, I received a "Dear Library Director" e-mail from the President of the Association of College and Research Libraries (ACRL), Helen Spalding:

You may be aware of some correspondence regarding copyright law that was recently sent to university and college presidents by the leaders of several higher-education associations. ACRL encourages you to engage your president and other academic officers in discussion about this matter and offers support and assistance to allow you to provide them with accurate information.

ACRL leaders agree that peer-to-peer networking file sharing is a campus problem that, along with facilitating the distribution of unauthorized copies of copyrighted work, uses valuable bandwidth and affects overall campus network operations. We disagree, however, with the implication that all file-sharing activities are infringements of copyright that constitute piracy. ... Moreover, universities and libraries are using peer-to-peer networks for research, teaching, and document transfer that are all within the bounds of the copyright law.

So what is a librarian to do according to ACRL? "Now more than ever, it is important for librarians to help advise college and university administrators on copyright policy. Librarians understand the importance of a balanced approach to copyright law and are often the copyright focal points on campus. We must be at the table when university policies are established to respond to content industry concerns. While piracy is wrong and infringers should be held accountable, we must ensure that decisions made today do not adversely affect education and research for years to come." The letter goes on to name contacts and note that ACRL will "make available information or links on its Web site to help librarians with these important issues."

What Is There to Worry About?

In the December 2, 2002, Business Week Online¹² Daily Briefing, Jane Black noted, "On Nov. 21, the U.S. Naval Academy seized almost 100 computers from students suspected of downloading unauthorized copies of songs from the Internet. ... The confiscation comes on the heels of a letter the Recording Industry of America (RIAA) sent to the Naval Academy and ... to nearly 2,300 colleges in October."

Is the Naval Academy the first of many to confiscate student computers and/or threaten expulsion? Well, it is the first. "Most universities have neither the right, nor the inclination, to seize student computers. Fears are rampant that the ubiquitous monitoring required to eliminate file sharing would chill free speech and squelch the creativity that's an integral part of university life. The result: Though many colleges would love to rid their networks of the plague of file-sharing, most take a rather benign approach to the problem." Several examples of university action at other schools are provided. When students have a suspicious file stored on the university's network, the university may remove it, unless the student can establish that coursework requires the file. Other campuses may revoke bandwidth privileges if infringement is a problem with a particular student.

New orientation programs focus on copyright infringement. According to a report in the November 26, 2002, Washington Internet Daily on the Naval Academy, "Midshipmen are given PCs when joining the Academy and pay them off over a 4-year stint through deductions from their monthly paychecks." Articles discuss the actions that network managers at Stanford, Yale, Penn State, and other universities are taking.

This is not the first time that content owners have sent letters to universities. According to the October 23, 2002, University Wire from the University of Wisconsin, "Robert Dreschsel, a professor of journalism and mass communication at UW, said music labels once threatened UW to block access to Napster. 'I can remember when Napster was really becoming popular; the lawyers representing the music industry sent some threatening letters to the university trying to get the university to block the use of Napster, and the university didn't do that,' Dreschsel said. While UW did not take action against students using peer-to-peer networks, a number of universities did. In 1999, 71 students at Carnegie Mellon University lost in-room Internet access for the rest of the semester after they were found in a surprise inspection to be posting audio files containing copyrighted music. CMU said this action was in response to the music industry's effort to discourage music piracy."

National Public Radio has addressed the issue. On November 29, 2002, the Morning Edition discussed the Naval Academy's seizure of student computers. Reporter Neda Ulaby interviewed several representatives of the entertainment organizations, and "Siva Vaidhyanathan, professor at New York University ... says members of the Creative Content Community are reluctant to go after individual file sharers, because those people are still potential customers. So, he says, the industry is leaning on the places that provide Internet service to those individuals. ... By going after the universities, by going after the Internet service providers, they're one step away from going after us in our homes. And I'm afraid that that's really where the battle's going to have to be fought." According to Ulaby, "Vaidhyanathan believes that to really make a dent in peer-to-peer file sharing, the industry will have to make an example out of individual consumers. And that, Vaidhyanathan says, is what the Naval Academy action was all about."

Déjà Vu All Over Again

In July 1997, I wrote about acceptable use policies¹³ in Searcher in response to an incident we called "blue movie night in the computer lab." In that article I stated, "If the policies haven't worked, the university should know, so they can launch an educational campaign to explain 'netiquette,' electronic mail caveats, acceptable and unacceptable use rules, and the consequences of violating them. Note that I do not advocate software that looks over each individual's shoulder, but something that can inform the organization of the total use, say the top 200 Web sites among its users. One business installed this type of software to discover that only 66 percent of its Internet use was business-related." And I concluded, "[e]ncouraging people to use the Internet is easy. Reminding them to use the service responsibly is important, too. ... An acceptable use policy is a first step. When coupled with an educational program on 'netiquette' in e-mail, listservs, and chat rooms, a policy defining organizational expectations on Internet use and conduct will eliminate most problems before they start. Make building the policy a team effort among MIS, the Human Resources Department, a representative group of end users, and, of course, the library. The library should be seen as a proactive unit of the organization, and, in such a leadership position, should still protect user rights. It should assure that the Library Bill of Rights and other professional, free speech, and Internet priorities are taken into account in the development of a policy."

Alternative Approaches for Entertainment Organizations

According to one student, "I think the music companies haven't gone far enough to provide a legal alternative to file-sharing networks — one that is inexpensive and easy to use, has all the music you want, and lets you keep it."

In a December 2002 article entitled "Piracy Is Progressive Taxation, and Other Thoughts on the Evolution of Online Distribution" [http://www.openp2p.com/lpt/a/3015], Tim O'Reilly commented on the lessons of his experience as an author and publisher:

Lesson 6: "Free" is eventually replaced by a higher-quality paid service. A question for my readers: How many of you still get your e-mail via peer-to-peer UUCP dialups or the old "free" Internet, and how many of you pay $19.95 a month or more to an ISP? How many of you watch "free" television over the airwaves, and how many of you pay $20-$60 a month for cable or satellite television? (Not to mention continue to rent movies on videotape and DVD, and purchasing physical copies of your favorites.)

Services like Kazaa flourish in the absence of competitive alternatives. I confidently predict that once the music industry provides a service that provides access to all the same songs, freedom from onerous copy-restriction, more accurate metadata and other added value, there will be hundreds of millions of paying subscribers. That is, unless they wait too long, in which case, Kazaa itself will start to offer (and charge for) these advantages. (Or would, in the absence of legal challenges.) Much as AOL, MSN, Yahoo!, Cnet, and many others have collectively built a multi-billion dollar media business on the "free" Web, "publishers" will evolve on file sharing networks.

Why would you pay for a song that you could get for free? For the same reason that you will buy a book that you could borrow from the public library or buy a DVD of a movie that you could watch on television or rent for the weekend. Convenience, ease-of-use, selection, ability to find what you want, and for enthusiasts, the sheer pleasure of owning something you treasure.

The current experience of online file-sharing services is mediocre at best. Students and others with time on their hands may find them adequate. But they leave much to be desired, with redundant copies of uneven quality, intermittent availability of some works, incorrect identification of artist or song, and many other quality problems. ...In looking at online content subscription services, analogies with television are instructive. Free, advertiser-supported television has largely been supplanted — or should I say supplemented (because the advertising remains) — by paid subscriptions to cable TV. What's more, revenue from "basic cable" has been supplemented by various aggregated premium channels. HBO, one of those channels, is now television's most profitable network. Meanwhile, over on the Internet, people pay their ISP $19.95/month for the equivalent of "basic cable," and an ideal opportunity for a premium channel, a music download service, has gone begging for lack of vision on the part of existing music publishers.

Another lesson from television is that people prefer subscriptions to pay-per-view, except for very special events. What's more, they prefer subscriptions to larger collections of content, rather than single channels. So, people subscribe to "the movie package," "the sports package," and so on. The recording industry's "per song" trial balloons may work, but I predict that in the long term, an "all-you-can-eat" monthly subscription service (perhaps segmented by musical genre) will prevail in the marketplace.

Are letter-writing, veiled threat-making, and court action the best use of the entertainment industry's time? Other fee services have found ways to survive with competition from free services — and here, the industry has the option of creating the easy-to-use fee service itself. What market share, what opportunity — lost if it doesn't begin to re-direct its resources.

Summary¹⁴

I hope the RIAA letters and their progeny re-spark the debate on individual freedom, personal responsibility, privacy, security, and acceptable use. The readers of Searcher magazine — information professionals in libraries, corporations, law firms, schools and universities — should initiate discussions in our own environments. Hold a brown-bag lunch event — and see how many show up. Raise the issue at a faculty meeting or with management. If we fail to lead, we may never be asked to participate — and there will be no one to represent the library, information user or patron, and no one who conscientiously follows the overarching issues in the professional and information industry press.

Footnotes

---

¹ Michael J. Miller, "The Great Debates of 2003," PC Magazine, vol. 22, January 2003, p. 7.

² Washington Internet Daily, October 1, 2002.

³ See the text of the letter at http://www.riaa.com/pdf/Univeristyletter.pdf.

⁴ The text of the letters is available at http://www.riaa.com/pdf/Corporate%20Outreach.pdf. See also Brooks Boliek, "War on Piracy Goes Corporate; Hollywood Asks Companies to End Workplace Downloads," The Hollywood Reporter, October 28, 2002.

⁵ Jim Halpert and Ron Plesser, "Limiting Risk of Liability for Peer-to-Peer Infringement," E-Commerce Law Report, vol. 5, October 2002, p. 2. The authors describe grounds for corporate liability, specific legal cases, and specific steps to take to prevent legal problems.

⁶ For example, see "Apreo Announces First QuickStart Detection Program for MP3s and Desktop, Online File-Sharing Software," Business Wire, November 13, 2000, which leads with "Lets Fortune 1000 Immediately Comply with RIAA Anti-Piracy Campaign and Minimize Legal Liability."

⁷ RIAA letter of October 3, 2002, located at http://www.riaa.com/pdf/Universityletter.pdf.

⁸ See the October 8, 2002, letter at http://www.riaa.com/pdf/Copyrightletter.pdf.

⁹ Andrea L. Foster, "College Groups Challenge Copyright Office on Exceptions to Digital-Copyright Law," Chronicle of Higher Education (December 20, 2002) and http://chronicle.com/free/2002/12/2002122001t.htm.

¹⁰ The letter can be found at http://www.epic.org/privacy/student/p2pletter.html with links to other documents on the issue from CAUSE, EDUCOM, and the National Science Foundation.

¹¹ Virginia E. Rezmierski and Nathaniel St. Clair, II, "Identifying Where Technology Logging and Monitoring for Increased Security Ends and Violations of Personal Privacy and Student Records Begin," Final Report of the National Science Foundation Logging and Monitoring Project (2001), at http://www.aacrao.org/publications/catalog/NSF-LAMP.pdf.

¹² http://www.businessweek.com/technology/
content/nov2002/tc200211272314.htm.

¹³ Carol Ebbinghouse, "Taming the Wicked, Wicked Net: Acceptable Use and the Internet; How to Prevent Improper Usage of Online Access at Libraries, Colleges, Companies," Searcher: The Magazine for Database Professionals, vol. 7, July 1997, pp. 12+.

¹⁴ Michael J. Miller, "The Great Debates of 2003," PC Magazine, vol. 22, January 2003, p. 7+.