Urban guerrilla & piracy surveillance: accidental casualties in fighting piracy in P2P networks in Europe.

• Author: Frosio, Giancarlo F.

Copyright law is facing its biggest challenge yet it copes with technological development and an increasingly global information market. The advent of peer-to-peer networks has multiplied the threat to the peaceful enjoyment of copyrights and has made any user a potential infringer. Nonetheless, copyright holders, in targeting those users, have greatly impinged on the users' fundamental rights, in particular the right to privacy.

This Article examines the tension between copyright and privacy in Europe. In particular, this Article will review the legal framework of the debate, as well as the relevant case law, both at the community and national levels. The analysis will specifically focus on the lawfulness of the collection of personal data of peer-to-peer network users as a tool to fight piracy.

In order to strike a fair balance between copyright and privacy, many different subject matters, such as data protection law, copyright law and e-commerce law, must be carefully weighted. In addition, relevant opinions on the issue of fair balance of copyright and privacy have been expressed by the European Data Protection Working Party and the European Court of Justice (ECJ). Finally, since the EU law, when applied to file exchange in peer-to-peer systems is inconclusive, we must turn to national courts and authorities to verify the practical implementation of the ECJ guidelines.

1. INTRODUCTION II. PIRACY SURVEILLANCE: DICHOTOMY BETWEEN PRIVACY AND COPYRIGHT ENFORCEMENT III. COPYRIGHT AND PRIVACY CONFLICT IN EUROPE 1. The European Legal Framework 2. The EU Data Protection Working Party 3. The European Court of Justice: The Promusicae Case AND THE LSG Case IV. JUDICIAL AND REGULATORY TRENDS IN EU JURISDICTIONS 1. Germany 2. Austria 3. Switzerland 4. The Peppermint Record Case in Italy 5. The Scarlet Case in Belgium 6. France 7. The BREIN Case in the Netherlands 8. Sweden 9. The Norwich Pharmacal Doctrine in Common Law Systems V. CONCLUSIONS I. INTRODUCTION

   Copyright law faces an unprecedented challenge of regulating technological development in an increasingly global economy. According to John V. Pavlik, "[e]arlier generations of technology ... have presented challenges to existing copyright law, but none have posed the same threat as the digital age." (1)

   Digitalisation, with its capacity of making perfect copies indistinguishable from the original, digital compression technologies, which permit large media files to be compressed with little loss of quality, and the global and instantaneous Internet powers of propagation, now multiplied by the high bandwidth speed connections, offer a synergy that is almost invincible.

   All of these elements are aggregated by the "darknet," the mechanisms and infrastructure for sharing digital content. (2) The darknet constitutes one of the greatest threats to copyright law in the information society. (3) Copying and distributing a large number of high quality digital files with only a home computer and Internet access has become considerably easier with the advent of peer-to-peer file sharing programs that allow users to search for and download files from each others' computers.

   Copyright holders are fighting a fierce battle against peer-to-peer systems. The first casualty of this battle was the file sharing software, developed around a centralized architecture. (4) More recently, the distributors of the decentralized peer-to-peer systems have been declared liable for inducing copyright infringement. (5) Nonetheless, the fundamental principle, upheld in 1984 by the U.S. Supreme Court's Betamax decision, that technological devices, capable of substantial non-infringing uses, are lawful, (6) is still valid. (7) In fact, the Grokster decision only rules out software distribution modalities inducing the infringement of copyright. (8) Again, the Dutch Supreme Court reaffirmed the applicability of the Betamax case principle to peer-to-peer software and platform. (9) Inevitably, new and judicially unobjectionable peer-to-peer models and architectures, such as BitTorrent, (10) are ready to substitute the old technology outlawed by the courts.

2. PIRACY SURVEILLANCE: DICHOTOMY BETWEEN PRIVACY AND COPYRIGHT ENFORCEMENT

   Unable to illegalize file-sharing technologies both in Europe and in the U.S., the music and record industry adopted the strategy to fight unauthorized digital content distribution on the Internet by targeting the users who violate copyright laws through peer-to-peer systems. (11)

   The end-user anti-piracy strategy was initiated in the United States. The Recording Industry Association of America brought more than 9,000 people to court and reached out-of-court settlements with hundreds of these alleged copyright infringers. (12) The average settlement was approximately $3000, but the association claimed up to $150,000 for every pirated song. (13) Such harsh action curbed the propensity of six million Americans from downloading copyrighted music from the Internet. (14)

   The copyright owners have been determined to conduct this sort of urban guerrilla warfare also in Europe. (15) In the recent past, the music industry has started hundreds of lawsuits in Europe, including in the United Kingdom, France, Austria, Denmark, Germany, Italy, Finland, Iceland, Ireland, and the Netherlands. (16) The "nicest litigators in the world" have been working endlessly. (17) Many people have faced sanctions or paid fines in Europe, and IFPI has been dealing with several thousand lawsuits worldwide. (18)

   Much debate surrounded the copyright owners' action plan. Doubts have been raised on the adequacy of such an aggressive approach. (19) Commenters have questioned its efficiency for the judicial system. (20) Internet users' and digital content consumers' privacy, "the right to be le[f]t alone--the most comprehensive of rights and the right most valued by civilized men[,]" (21) has been a particular concern. The debate revolves around the collection of peer-to-peer system users' data through various technological devices (22) and the disclosure of users' identities by Internet Service Providers (ISPs). The dispute has its origins in the U.S. and has only most recently surfaced in Europe. (23)

   This phenomenon, renamed "piracy surveillance," (24) is a consistent threat to users' privacy. (25) The discovery of spyware-like hiding techniques, Trojan horses and various pieces of malware in Digital Rights Management (DRM) systems are a corroboration in practice of the perceived privacy risks. (26) The installation of malicious software, without any mention in the End-User License Agreement (EULA), (27) indicates how far copyright owners may go in creating "extrajudicial systems of monitoring and enforcement" (28) that prevents infringement by using the code as a tool to influence, modify and regulate behavior. (29) Whether "the answer to the machine is in the machine" (30) is a very disputable conclusion, and the implementation of such a model can lead to abuses and to the impairment of individual rights.

   In addition, any software in search of infringing internet activities is only capable of identifying machines, but not a person performing the unlawful activities. (31) This creates extreme uncertainties in the allocation of liability, particularly because of the diffusion of open wireless networks. (32) In fact, technological enforcement of copyright necessarily presupposes coincidence between machine and infringer. This could be the harbinger of substantial violations of individual rights, particularly in the pre-judicial phase in which the alleged infringer must be singled out. If criminal penalties are attached to copyright infringement, at least in civil law systems, further concerns exist because technological protection is unresponsive to any principle of personal liability of the criminal conduct. Under most international legal frameworks, criminal liability is strictly personal and nobody can be charged and prosecuted for an offence committed by others. Hence, any mechanisms that allocates criminal liability upon a principle of objective liability, regardless of the fact that the criminal act may have been committed by a different person, would also pose serious problems of consistency with the fundamental safeguards that govern criminal liability.

3. COPYRIGHT AND PRIVACY CONFLICT IN EUROPE

   At the European level, the legal framework in which the debate is inserted is extremely complex. Many different subject matters such as data protection law, copyright law and e-commerce law are involved. On top of that, relevant opinions on the issue of fairly balancing copyright and privacy have been expressed by the European Data Protection Working Party and the European Court of Justice. (33)

   1. The European Legal Framework

      Under the 1950 European Convention for the Protection of Human Rights and Fundamental Freedoms, the right to privacy is legally enforceable. The Convention on Human Rights provides "everyone has the right to respect for his private and family life, his home and his correspondence." (34) In addition, the Convention provides that "there shall be no interference by public authority with the exercise of this right except such as in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country." (35) Similarly, the Charter of Fundamental Rights of the European Union includes the right of everyone "to the protection of personal data concerning him or her." (36) The Charter also provides that "Intellectual Property shall be protected." (37) Directive 95/46/EC, (38) Directive 97/66/EC (39) and Directive 02/58/EC (40) have established a detailed framework for the collection and processing of personal data. In addition, to allow the transfer of data to the U.S., where no specific regulation meeting the same strict European standard exists, the European Union and the U.S. Department of...