Copyright trolls and online identification

My previous post dealt with copyright surveillance and algorithmic judgement, and here I want to focus on a particular kind of copyright surveillance and enforcement that has achieved a special sort of notoriety in recent years: copyright trolling.

Some of this is based on my most recent article, The Copyright Surveillance Industry, which appears in the open-access journal Media and Communication. I’m  also working on a future piece that deals with copyright enforcement, privacy, and how IP addresses and persons become linked.

Why this matters

First, copyright trolling is having an enormous impact, with hundreds of thousands of defendants named in US and German lawsuits in just a few years. Precedent-setting cases in other countries (such as Australia and Canada) have been determining whether this practice (sometimes called “speculative invoicing”) can spread into new jurisdictions. Some legal scholars have described copyright trolling as a “blight“, an abuse of the legal system, or a kind of “legal ransom“. Defendants must choose whether to pay what the troll demands, or face the prospect of an expensive (and sometimes embarrassing) legal fight. Balganesh makes a strong argument that this exploitative, profit-based use of the legal system disrupts the traditional “equilibrium” of copyright’s underenforcement.

Studying copyright trolling cases can also help us come to terms with the question of personal identification and attribution on the internet – what it means to connect traces of online activity to human bodies and the devices with which they interact. The thorny question of how to link persons to digital flows has been a topic of intense interest for a variety of surveillance institutions, including advertisers and intelligence agencies. Legal institutions around the world have been struggling with related questions in trying to assign responsibility for data communicated over the internet. Copyright trolling is just one example of this problem, but it’s one that is currently playing out in a number of countries on a massive scale.

What is a copyright troll?

Copyright trolls are the products of contemporary copyright regimes, internet technologies, and creative legal entrepreneurs. No one self-identifies as a troll, so the label is pejorative, and used to criticise certain kinds of copyright plaintiffs.

The term is derived from “patent trolls”: patent-owning entities that demand payments from companies allegedly infringing their patents. Like patent trolls, copyright trolls demand payments following alleged infringement of copyright. The difference is that a typical patent troll does not produce anything of value, and simply generates income through settlements and lawsuits. While the term “copyright troll” is usually reserved for law firms engaging in “trollish” practices, these firms represent copyright owners that do produce creative work for sale. It is typically the law firms that drive trolling practices. Some reserve the term “troll” strictly to describe those legal firms that acquire the ability to sue from copyright owners under certain terms (namely, to pass along a percentage of any settlements received to the copyright owner). The law firms can then exercise their copyright enforcement power autonomously.

The line between what is and is not a troll is more difficult to draw in copyright than patent law, since the law firms involved can point to a legitimate business that they are protecting and particular works being “pirated”. This has not stopped a number of authors from trying to come up with a workable way of delineating trolls from other plaintiffs, but these definitions end up encompassing only a particular slice of trolling operations (given their variability and opportunistic adaptability). There are varying degrees of autonomy that trolling law firms exercise: while some have a free hand in pursuing their legal strategies, others take direction from copyright owners. Because of this, I avoid labelling any specific companies as copyright trolls. Instead (and largely in agreement with Sag, 2014), I refer to copyright trolling as a practice – one that threatens large numbers of individuals with copyright infringement claims, with the primary goal of profiting from settlements rather than proceeding to trial on the merits of a case (see Curran, 2013, p. 172).

How copyright trolling works

In theory, copyright trolling can develop wherever a copyright owner stands to profit from initiating lawsuits against alleged infringers. The now-infamous Righthaven attempted to build its business model around suing people who were sharing news articles. Currently, Canadian government lawyers are accusing Blacklock’s Reporter of being a copyright troll, after the site filed suit against several departments and agencies for unauthorized sharing of the site’s articles. My focus here will be on the most common form of copyright trolling — suing people accused of file-sharing copyrighted works. Because the defendants in these cases are listed as “Does” until identified, and plaintiffs typically file suit against multiple (sometimes hundreds or thousands) of defendants at once, these cases can be called Multi-defendant John/Jane Doe Lawsuits. They begin with the collection of IP addresses tied to alleged infringement, proceed to the identification of internet subscribers assigned those IP addresses (discovery), and conclude with claims made against these subscribers in the hope of reaching settlements or (if defendants do not respond) default judgements.

A copyright surveillance company is used to monitor file-sharing networks (principally BitTorrent), where IP addresses of those engaged in file-sharing can be recorded. Just as the activities and IP addresses of downloaders and uploaders are largely visible on BitTorrent, so are the activities of copyright surveillance companies. This is because collecting information on file-sharing cannot be achieved without some level of interaction: connections need to be established with file-sharers so that their IP addresses can be recorded. Once a copyright surveillance company has collected the IP addresses involved in sharing a particular file, it hands them over to a law firm. While there are allegations that a particular German-based copyright surveillance company has been the driving force behind many US copyright trolling cases, typically the surveillance company exits the picture once IP addresses have been collected.

The next step is to identify the persons “behind” these IP addresses, and the only way to make this link is through the cooperation or forced compliance of an ISP. Since blocks of IP addresses are assigned to particular ISPs, a law firm can determine which ISPs’ customers to pursue by checking their list of recorded IP addresses. Copyright trolls have to be selective, targeting particular ISPs on the basis of geography (jurisdiction) or other factors. ISPs vary in their levels of cooperation with copyright owners that seek to identify allegedly infringing subscribers. In some cases it has been possible to get an ISP to forward a settlement letter without disclosing the identity of the subscriber (for instance, by abusing Canada’s notice-and-notice system), but in general the troll must obtain a court order for the ISP to identify its subscribers. In the UK and Canada, a court order used in a lawsuit to compel information from a third party like an ISP is known as a Norwich order. In the US, courts can issue subpoenas for ISP records.

It is this “discovery phase” of a lawsuit that has generated the most public information about how copyright trolling operates, since as previously mentioned, the plaintiffs in these cases generally avoid proceeding to trial. Instead, they use the legal system to identify individuals who can credibly be threatened by a large penalty if they do not settle an infringement claim. ISPs are effectively caught between the plaintiff and the alleged infringers during the discovery phase, and can behave in a number of different ways. In the US, Verizon has recently opposed a particularly burdensome subpoena from Malibu Media. In Australia, a group of ISPs have jointly opposed efforts to identify thousands of their subscribers in a precedent-setting case that continues to unfold. In Canada, Bell, Videotron and Cogeco complied with a court order to identify subscribers in 2012, but TekSavvy took a different approach in a subsequent case involving the same copyright owner — Voltage Pictures. TekSavvy claimed it could not oppose the motion to identify its subscribers (an argument disputed by Knopf), but it did go further than the Canadian incumbents in the previous case, and CIPPIC was granted intervenor status to argue against disclosure and for the privacy interests of subscribers.

Once IP addresses have been linked to subscriber names and addresses, the trolling operation can begin collecting settlements from defendants. Subscribers who ignore the copyright owner’s demands may end up subject to a default judgement, and those who protest their innocence may end up in a lengthy back-and-forth with lawyers, which in the US has included forensic examination of computers and polygraph tests.

IP addresses

In copyright trolling, the main challenge is linking IP addresses to corresponding subscriber information, which often requires a court order. But once this link is made, what does it mean? Is it evidence that the subscriber infringed copyright?

In criminal internet investigations (such as child pornography), IP addresses are only ever used as supporting evidence. IP addresses do not identify people, but they do become a crucial piece of information in tying people to digital flows and fragments. In a criminal case, the knowledge provided by this association can open the door to a further search of a property and computer hardware, ultimately leading to a conviction. It a copyright trolling lawsuit, an IP address leads to the disclosure of subscriber information, which leads to the subscriber receiving a settlement offer/demand (unless the copyright owner chooses not to send one, after discovering the subscriber’s identity). It is all well and good to argue that an IP address does not identify a person, until you are a person at the receiving end of one of these letters. At that point, you, as an identified person, have some decisions to make.

I will spend more time talking about IP addresses specifically in a subsequent post, as these digital identifiers are important in a variety of contexts besides copyright trolling. In the meantime, I’ll be paying attention to the drawn-out saga of the Teksavvy – Voltage case and how courts around the world learn from each other in dealing with copyright trolling.