Oregon is fast becoming Ground Zero in the contentious battle between the Recording Industry Association of America (RIAA) and the tens of thousands of consumers it accuses of illegal music sharing.
The state Attorney General's office this week filed an appeal in U.S. District Court in Oregon calling for an immediate investigation of the evidence presented by the RIAA when it subpoenaed the identities of 17 students at the University of Oregon who allegedly infringed music copyrights. It is the second time in a month that Oregon Attorney General Hardy Myers has resisted attempts by the RIAA to force the university to turn over the names of individuals it says shared music illegally.
Officials at the RIAA could not immediately be reached for comment.
"It is a really huge step when the head law enforcement officer of a state wants to investigate the RIAA's evidence-gathering techniques," said Ray Beckerman, a New York-based lawyer who has been defending individuals in RIAA lawsuits.
Myers' move raises fundamental -- and overdue -- questions about the tactics used by the RIAA in its campaign against alleged music pirates, Beckerman said. "The RIAA has been bringing fake copyright infringement lawsuits, the sole purpose of which is to get the names and addresses of John Does," he said. They then drop the case and try to pressure these individuals into settling based on dubious evidence at best, he said.
In a 15-page brief filed Wednesday, Oregon's assistant attorney general, Katherine Von Ter Stegge, said that while it is appropriate for victims of copyright infringement to pursue statutory remedies, that pursuit had to "tempered by basic notions of privacy and due process.
"The record in this case suggests that the larger issue may not be whether students are sharing copyrighted music," the state's brief noted. Rather it is about whether the litigation strategies adopted by the RIAA are appropriate or capable of supporting their claims.
For example, the individual in whose name the subpoena was issued had no first-hand information about the alleged misconduct of the students or the subsequent investigations by the RIAA, the appeal filed by Myers' office noted.
The data mining techniques that the RIAA used also only show that certain copyrighted music files existed along with software that could be used to share these files. But it does not show how the music files were originally obtained or whether the files were actually illegally shared thereafter. As a result, all that was shown was a potential for misuse not actual misuse, the AG noted in court papers.
The brief also questioned whether the RIAA's investigators themselves might have illegally accessed and uploaded private confidential information not related to copyright infringement, that might have been stored on the computers of people being investigated. "Without reciprocal discovery, there is no process to assess precisely how invasive the plaintiffs' investigation was with regard to the John Does named in this suit," the brief said.
The state also questioned whether previous cases suggest that the RIAA may have abused the judicial process by obtaining the identities of suspected copyright infringers and then choosing not to purse litigation. Rather, it used collection firms to leverage payment of "arbitrary sums of money, based on threats and evidence from the data mining." There is no way for the university to find out whether this is true unless the RIAA can be asked about it specifically, the state argued.
Myers' latest salvo comes just a few weeks after an earlier motion was filed asking the court to quash the RIAA subpoena. In that motion, filed October 31 on behalf of the University of Oregon, Myers said that the university was unable to identify 16 of the 17 alleged music pirates based on IP address information provided by the RIAA.
The RIAA has subpoenaed universities and Internet service providers for the identities of individuals it suspects of illegal file sharing. The modus operandi is to send the university -- or service provider -- a list of IP addresses on their networks that the RIAA is targeting. It then demands the identities of the individuals to whom the IP addresses were assigned.