ISPs ordered to reveal software file-sharers
UK court rules on hunt for uploaders
The English High Court has ordered 10 ISPs, including BT, Tiscali and Telewest, to reveal the identities of 150 file-swappers accused by the Federation Against Software Theft (FAST) of illegally uploading software to networks such as Kazaa.
The ISPs have 14 days to comply. Once FAST receives the data (customer names and addresses) it will decide whether to sue for damages or bring private prosecutions that could result in prison sentences of up to two years and/or unlimited fines.
A 12 month investigation by FAST into the covert sharing of software by PC users highlighted 150 suspected "uploaders" – people who put copyrighted software on to internet file-sharing networks, including Kazaa, and offered them to others without permission from the copyright owners.
To catch the uploaders, the investigator conducted searches in the peer-to-peer networks for popular software products. When product name matches were found, downloads of the infringing software were completed to check it matched the descriptions. FAST recorded the providers' IP addresses ready for the application for Disclosure at the High Court.
FAST does not know how many people downloaded the software. The copies might have been downloaded by one person (there was at least FAST's investigator) or a million people. Legally, it does not matter: the Copyright, Designs and Patents Act of 1988 was amended by a Directive from Brussels to suggest that uploading such material to Kazaa is a criminal offence:
"A person who infringes copyright in a work by communicating the work to the public … otherwise than in the course of a business to such an extent as to affect prejudicially the owner of the copyright … commits an offence if he knows or has reason to believe that, by doing so, he is infringing copyright in that work."
Certainly there are millions of users of Kazaa, although only those searching for particular products are invited to download the infringing works.
This law has not been tested and an argument might be made over the interpretation of the word "communicating". Is it enough that the software was offered to millions? Does it also need to be shown that it was downloaded by several people, not just one individual? Forensic evidence from the uploading PC, if it can be recovered, could be used to measure the volume of downloads.
The Orders of Disclosure were granted on Friday by Judge Raynor who described FAST's case for granting the orders as "overwhelming". The orders require the ISPs to disclose the full personal details of their users.
Judge Raynor's ruling follows similar Orders of Disclosure granted in actions filed by the British music industry over the file-sharing of music. By coincidence, the BPI also made progress last Friday: it won its first awards of damages against identified file-sharers.
FAST has not yet decided how many cases to bring or of what type. It says it will see what comes from the ISPs – and some ISPs will likely find it easier than others to provide the information requested.
Some ISPs provide users with a different IP address every time they connect, known as a 'dynamic' IP address (as opposed to a 'static' IP address). Both types of IP address can be traced to an ISP (since even dynamic addresses allocated will be within a certain range), but to ensure that suspects are caught, FAST time-stamped every IP address at the point of identification. Accordingly, ISPs need to match the customer with the IP address at a specific date and time.
Julian Heathcote Hobbins, Senior Legal Counsel at FAST, told OUT-LAW today that the ISPs have been very supportive of FAST's action. "We see the ISP as innocent in all this," he said. But he explained that the ISPs need to receive a court order to allow them to disclose customer details – otherwise they breach the Data Protection Act.
But he acknowledged that some suspects may escape capture if their ISP no longer holds the data that matches a customer to an IP address at a particular time. ISPs hold such data no longer than necessary. In some cases, that will be a year. In other cases, it will be a much shorter period, perhaps 90 days. The investigation captured data over a 12 month period.
This investigative problem should largely disappear: ISPs will be forced to keep such data for a minimum period when a controversial European Directive, approved by MEPs in December, is implemented in UK law. The UK Government will have discretion to implement the Directive with a period of anything from six months up to two years.
Heathcote Hobbins felt there was no alternative to stronger action against software pirates.
"Traditionally most software owners have relied on notice and take-down procedures and have failed to bring civil or criminal proceedings against the infringers," he said. "We expect to be bringing these actions anytime and anywhere we see software being misused."
FAST director general John Lovelock said: "We can easily take down links, but this does not tackle the root causes of software piracy, because the links will reappear elsewhere in a matter of hours. Instead, we plan to take action a lot further, making an example of the perpetrators to stop them from stealing and passing on the intellectual property of our members for good."
FAST says it will consider working with the Police and Crown Prosecution Service once the individuals have been identified.
Copyright © 2006, OUT-LAW.com 
OUT-LAW.COM is part of international law firm Pinsent Masons.