Felix Oberholzer and Koleman Strumpf, of Harvard and the University of North Carolina, respectively, have published an interesting study on the effect of file sharing on record sales. They looked at album sales, actual download traffic for individual songs, and several other variables. Their main conclusion that file sharing had little or no effect on sales, and they could not reject the statistical hypothesis that filesharing had no effect at all on sales. Though these effects are not statistically significant, the data suggests that file sharing may boost the sale of the most popular albums, and may depress the sales of less popular albums, with a near-zero net effect on sales.

How much should we trust these results? I don’t know. The authors look like respectable academics, but their methodology is complex enough that I am not qualified to evaluate it. Perhaps a more qualified reader will have something to say about the study’s methodology.

Senators Orrin Hatch and Patrick Leahy have introduced a new bill, the PIRATE Act, that would authorize the U.S. government to bring civil lawsuits against copyright infringers, and would create a $2 million fund to pay for such suits. (Copyfight has the details.) Rather than doing this, it would be more efficient simply to give copyright owners the $2 million in cash, and let them decide whom to sue, or not to file suits at all.

If spending $2 million on lawsuits will deter enough infringement to increase (the present value of) future copyright revenues by more than $2 million, then copyright owners will find it in their interest to file the suits themselves. If not, then the government has no business filing the suits, since doing so would burn $2 million of government money to create a benefit of less than $2 million. So let’s save ourselves the trouble, and just give the cash to the RIAA and MPAA.

Criminal enforcement by the government might make sense, since private parties can’t bring criminal actions. But civil suits brought by the government, on the same terms those suits could be brought by copyright owners, can only be inefficient.

Worst of all, asking the Department of Justice to spend its valuable time and attention on small-fry copyright suits carries a high opportunity cost. The DoJ has much more important things to do. Copyright infringement is bad, but it’s hardly the greatest threat we face.

Recently, the EFF issued a white paper suggesting an approach to the problems of music distribution. The proposal would let people buy a blanket license allowing unlimited access to music from any source, in exchange for a payment of about $5 per month into a fund that would be distributed among copyright owners in proportion to the usage of each copyrighted work. The plan is voluntary, with neither consumers nor copyright owners compelled to participate. Commentary on the plan has been generally positive, though the RIAA said it wasn’t interested.

Ernest Miller pointed out a problem that would need to be resolved. Consumers who bought a license would be free to use P2P networks to download music; but it wouldn’t do to let them upload freely, as those uploads would be an unstoppable source of unpurchased music for non-participants. Peter Eckersley suggests that this problem could be solved by publishing an (unforgeable because digitally signed) list of the IP addresses of licence participants, and allowing anybody to transfer files to the people at those IP addresses.

It seems to me that if the EFF plan is going to happen, it will start with a deal between the RIAA and a university, in which the university creates a fund to pay out to copyright holders, in exchange for (a) free rein to do anything at all with copyrighted music within the campus (but not to distribute it outside the campus), and (b) permission for anyone, either on the campus or off, to transmit music to people on campus.

The university could help ensure compliance by blocking P2P traffic that would otherwise lead to outgoing transfers of music. (As always, the blocking would be easily circumvented by those who wanted to do so. Its only purpose would be to let well-intentioned people share music within the campus without accidentally making it available to outsiders.)

This is a much better deal for universities than a Penn State-style transaction, in which a university buys its students subscriptions to a limited music service. An EFF-style license allows unlimited use of music in courses, and it allows students and faculty to experiment with new uses of music. It also allows cross-university sharing and collaboration on music projects, if multiple universities join.

This might be a good deal for some university, if the price is right.

Today many websites have turned themselves grey, to protest EMI Records’ decision to try to block the Grey Album, DJ Danger Mouse’s clever and widely acclaimed musical work, in which he mixed a capella vocals from Jay-Z’s Black Album with backing sounds sampled from the Beatles’ White Album. EMI, which claims copyright in the Beatles album, has sent cease and desist letters to sites that post the Grey Album.

I don’t know whether the Grey Album’s use of Beatles samples meets the legal definition of fair use; so I don’t know whether EMI is within its rights to do what it is doing. What I do know is that EMI was not compelled to suppress the Grey Album, but instead it chose to try to suppress a popular work that is doing nothing to harm the sales of the Beatles’ music. Worse yet, EMI tries to put a “creators’ rights” spin on its actions, even as it works to suppress a new creative work. Let’s hope that public opinion shames EMI into reversing course and freeing the Grey Album.

Neowin is reporting that the source code for Windows 2000 and Windows NT4 has been leaked to the Internet. I haven’t looked at the code, and I won’t, so I can’t tell you whether the report is accurate. But based on the fragmentary information available, it appears more likely than not that the leak is real. If there was a leak, what are the consequences?

First, whoever leaked the code is obviously in big trouble. And Microsoft might respond by reducing the number of people who get to see the code, a number that had been increasing lately. In fact, a leak is not too surprising given how widely Microsoft distributed the source code.

Second, the leak will do some damage to the security of Windows machines, but it’s not clear how much. There’s a longstanding debate about the security implications of open source development. Source code access makes it easier to find security bugs. With open source, you make it easier for honest outsiders to find bugs, which is good, but you also make it easier for malicious outsiders to find bugs, which is bad. This kind of leak give us the worst of both worlds: honest outsiders will avoid looking at the stolen code, while malicious outsiders use the code; so you get the security drawbacks of open source without the security benefits. This will only matter, though, if the bad guys would otherwise have trouble finding bugs, which may not be the case.

UPDATE (February 13): The Associated Press is reporting that the source code leak did occur.