How the RIAA looks for pirates

If you've followed the RIAA's antipiracy efforts, perhaps you've wondered how they find suspected pirates. Yesterday, the The Chronicle for Higher Education published an article in which an RIAA spokesperson--anonymous for fear of hate mail--outlined the organization's surprisingly low-tech methods.

Do you use LimeWire? So does the RIAA.

The RIAA hires an organization called MediaSentry, which has developed an automated program that scans LimeWire for song titles that match titles of copyrighted material in an RIAA database, collects the IP addresses of the computers where these songs have been made available, then reports this information back to the RIAA. The article doesn't reveal how the RIAA picks among these IP addresses to decide where to focus but I'm guessing that volume of pirated material plays a large part.

If the RIAA sees a lot of piracy happening on a university's network, it might issue a takedown letter to the university asking it to remove copyrighted songs. In this case, MediaSentry will gather more specific information about the songs being offered, including checking them against a digital fingerprint to make sure they actually represent a real copyrighted song, or having real people listen to them if the digital fingerprints don't quite match. There's more detail in the piece.

Notably, the RIAA only checks to see which songs are being offered. It doesn't check--and it appears like it has no way to check--if anybody's downloading them. This is why the RIAA has to argue that making a file available is copyright infringement. And the so-called "making available" argument is very much in a legal gray area--some judges have allowed it to stand, but an Apr. 29 judgment in Atlantic v. Howell rejected that argument.

If "making available" is rejected once and for all, the RIAA will have to come up with some new methods to prove users are actually downloading pirated files. I'm not sure how they can do that, short of subpoenaing ISPs (an expensive legal tussle) or putting tracking software on users' PCs (a public relations nightmare waiting to happen).

[TennisPlaza]

Many years ago I was stupid to post the original SpiderMan movie on a file sharing server and had the movie company contact me. I'm sure they've improved quite a bit since then, like you have described.

[aikibro]

Four years ago I worked as a low-level plebe at the RIAA headquarters in Washington DC...my job was to check for pirates. I'm essentially opposed to piracy, but I'm also torn on the issue sufficient to share some secrets. Yes volume plays a big part, back then the threshold was 500+ songs available for sharing, that would trigger scrutiny. Secondly, and the biggest kept secret, is that the material protected by the RIAA (as of summer 2004) was only the material of the big five record companies, BMG, Universal, Sony, EMI (I believe) and one other which escapes me. Even then, not all artists songs were targeted in the search, but only certain big name artists (Madonna then being one, but don't ask me to name the rest).

The long and short of this is to say that the parameters are relatively narrow...only the most egregious of cases of file-sharing, only the music belonging to certain record companies, and then only certain artistes in each stable.

For this reason I tend to have little sympathy for those actually prosecuted, in addition to being a really blatant violator of the file-sharing prohibition, there also is usually a cease and desist warning before litigation (which is always expensive) commences.