Record Industry starts action against individuals

The Recording Industry Association of America has started legal action against 261 alleged file swappers, beginning its controversial campaign against individual internet users. But are you at risk?

If you or a family member have used Kazaa or any other file-swapping application recently then the answer is yes - although the odds are still very much in your favour. You would have to be incredibly unlucky to be singled out from among the estimated 60 million people using peer-to-peer software - but it's happening, so far only in the US, but it is likely to spread to other territories.

If you've kept thousands of songs in the folder you're sharing with other file swappers, then the odds are a little shorter, though still slim.

So how is the RIAA conducting its investigations?

Finding file-traders isn't hard. Anybody who opens a shared folder on Kazaa, Morpheus or any other file-swapping network is susceptible to potentially prying eyes.

In the most recent wave of investigations, the RIAA has used automated tools that look for a relatively short list of files. When it finds a person sharing one or more of those files, it downloads all or many of them for verification purposes. A complete list of these target files is not available, but a sampling of files cited in the early lawsuits includes mainstream artists such as Avril Lavigne, The Eagles, George Michael and UB40. If you've downloaded songs by these artists the odds on you being caught shorten even further.

The RIAA uses features within Kazaa, Grokster and some other software programs to list all the files available within a person's shared folder and takes screenshots of that information. As filed in court, that provides a record of what in some cases has been thousands of songs shared at once.

The RIAA's software records the internet address associated with a computer that is sharing one of the copyrighted songs the organisation is investigating. Some file-swapping programs try to hide this by using mechanisms such as proxy servers, but most downloads still expose this information.

According to information filed as part of a related lawsuit, the RIAA also has the ability to do a more sophisticated analysis of the files that have been downloaded. The group checks the artist's name, title, and any "metadata" information attached to the files, looking for information that may indicate what piece of software has been used to create the file or any other. Some files swapped widely on the net include messages from the original person who created the MP3 file, such as "Created by Grip" or "Finally the Real Full CD delivered fresh for everyone on Grokster and Kazaa to Enjoy!"

The RIAA has also analysed in detail some files' contents. The trade group has databases of digital fingerprints, or 'hashes', that identify songs that were swapped online in Napster's heyday. Investigators check these fingerprints against those found in a new suspected file swapper's folder, looking for matches. A match means the file has almost certainly been downloaded from the net, likely from a stream of copies dating back to the original Napster file.

The RIAA files a subpoena request with a federal court. The subpoena allows the group to go to an ISP and request the name and address of the subscriber who's associated with the net address that was used to swap files. A few ISPs have fought back against these requests, but most have been forced to comply with the RIAA's request.

Many ISPs notify their subscribers when a subpoena comes in that targets their information. The Electronic Frontier Foundation has set up a database that allows people to see whether their online screen name has been the target of one of these subpoenas.

The RIAA said it has filed more than 1,500 of these subpoenas to date.

Once the identity of the ISP subscriber has been exposed, the RIAA puts together all the information gleaned through the earlier technical investigation and files a lawsuit. In earlier cases, it has accepted settlement agreements that range between $12,000 and $17,000. In this case, it has accepted some settlement agreements for as little as $3,000.

John Borland writes for News.com