Freedom to Tinker

Seth Finkelstein suggests a follow-the-money approach to thinking about the RIAA’s strategy in enforcing against file sharers. He reaches the same conclusion as I do (though for a slightly different reason), that ISPs are the leverage point for enforcing against file sharers.

The reason for this, Seth says, is that ISPs have money and average file sharers don’t. He has a point here, but he also makes a bit of a simplification. Though the common image of file sharers is of kids, my guess is that the demographics of file sharers are pretty close to those of music buyers. Data on this point are pretty hard to come by, but Napster’s statistics showed more middle-aged users than expected, and I assume that hasn’t changed with the new systems. In my view, people are drawn to these systems as much because of their ease of use (at least compared to the record-company alternatives) as because they are free. So there will be at least some individual file sharers who have a lot to lose.

Another reason the RIAA might want ISPs to take care of enforcement is that whoever does the dirty work will end up looking, well, dirty. There are basically two enforcement strategies. The first is to make examples of a few file sharers. This means imposing large penalties on a few people – if the penalties aren’t disproportionate to the individual offense, then they won’t have the desired deterrent effect. Whoever initiates this kind of make-an-example enforcement will end up looking like a bully.

The alternative is to impose small penalties on many people. For example, ISPs might cut off the accounts of file sharers, either permanently or temporarily. The problem with this kind of enforcement is that the economics dictate that only a small amount of money can be spent on identifying each target, otherwise the cost of enforcement outweighs the benefit. In practice, this means that bots will be used to identify targets, with little human involvement. Mistakes will be made – outrageous, hilarious mistakes – and the enforcers will look like idiots. Either way, whoever is doing the enforcement will end up with egg on their face. If you’re the RIAA, you’d much rather have ISPs handle enforcement.

Declan McCullagh, at CNet news.com, predicts that we will soon see criminal prosecutions of a few people who make extensive use of file sharing software. He cites RIAA rhetoric and congressional rhetoric supporting prosecution, and he reiterates the relevant laws, which dictate surprisingly stiff sentences for violations.

Orin Kerr, at the Volokh Conspiracy blog, disagrees. He points to his experience as a DOJ official, and says that decisions about whom to prosecute are typically made by Assistant U.S. Attorneys (and not centrally in Washington), and that most of the decisionmakers would rather spend their limited resources going after drug dealers, kidnappers, and the like.

The elephant in the closet here is the lack of civil lawsuits against file sharers by the recording industry. If I were a Federal prosecutor, I would be asking myself why I should spend tax dollars on prosecuting someone for file sharing, when none of the victims of that file sharing are willing to bring any civil suits against file sharers.

Why would the RIAA support criminal prosecutions but not civil suits? The obvious explanation is that they fear a backlash from their customers if they file aggressive lawsuits. But won’t the backlash be even larger if the FBI hauls somebody away in handcuffs at their behest? I’m sure they saw what happened to Adobe when it engineered the arrest of Dmitry Sklyarov.

My bet is on the theory expounded by Jonathan Zittrain, as quoted by Hiawatha Bray in yesterday’s Boston Globe. The RIAA will try to put pressure on ISPs to become enforcement agents, by putting on a DMCA squeeze. The DMCA gives ISPs a limited safe harbor from liability for their customers’ actions, but it also allows various legal strategems that the RIAA could use to pressure ISPs into compliance.

The RIAA still appears to be afraid to sue file sharers. This can’t bode well for their future. If your business model depends on people complying with a law, and you yourself have the power to enforce that law but are not willing to do so, you have a problem.