Digital Music and Online Intermediaries

May 26, 2010

In April 2010 the Digital Economy Act received the Royal Assent. One of the primary purposes of the Act is to tackle the problem of online copyright infringement, which has reached substantial levels in recent years. Implementation of the Act requires agreement between online intermediaries and content owners, and in default of that agreement OFCOM is empowered to resolve the implementation issues.

This policy paper sets out the solution which it believes OFCOM should adopt in default of such agreement, and hopes that its suggestions will help shape any agreement which is reached.

1 The Nature of the Problem

Peer-to-peer (‘p2p’) file-sharing over the Internet has grown exponentially since the late 1990s. The launch of online file-sharing services such as Napster in 1999 and BitTorrent in 2002 fuelled file-sharing’s popularity. Web sites that provide these services have become meeting points for indexing and peer discovery of content, which is available to and from users worldwide. In the process, file-sharing has become ever easier, faster and more efficient.

A significant amount of the shared content via these services is disseminated in breach of copyright, and the collective harm inflicted by these individual infringers threatens the content owners’ businesses.  Among these formerly profitable and strong industries, the music industry has suffered the most, mainly because the smaller size of music files makes them easier to share. The BPI estimates that the music industry lost £200 million pounds in 2009, in the UK alone, as a result of file-sharing.

High enforcement costs, low risk of prosecution and the difficulty in gathering evidence have all allowed illegal p2p file-sharing to flourish, in spite of court decisions that have led to closure of the most popular web sites one after another, such as Napster, Kazaa and Pirate Bay.[1] The extensive media coverage of these cases did not have the expected adverse effect on either the attitudes of individuals or the growth of industrial-scale services. Currently, the BitTorrent network is the most popular file-sharing service, and is offered via a number of web sites including Pirate Bay.

According to a survey by the IFPI, from 2003 to 2009 the overall music market shrank by around 30%, despite a 940% rise in digital market sales.[2] People in the music industry hold all participants in online piracy responsible for this overall decline.[3] The industry’s fight against online piracy continues in and out of the courtroom via lobbying efforts for adoption of new measures and campaigns to raise awareness among the public, and lately via a push to offer a wider range of legitimate music services online.

P2p indexing and tracker services are not the only technology for sharing unauthorised music files. YouTube has a substantial amount of infringing content, although it has processes to assist rights owners to identify it and issue take-down notices. The sheer volume of the material posted on such sites makes the task of policing copyright infringement quite difficult.  There has been a sharp rise in other forms of digital copyright piracy as well, including mobile piracy, stream ripping, instant message sharing and downloading from forums and blogs. Nevertheless, online piracy via p2p file-sharing services remains the biggest avenue of copyright infringement and has thus been the primary target of anti-piracy groups.

Music industry representatives have argued that the solution lies in the existence of an effective, proportionate and dissuasive enforcement infrastructure and in the continued development of legal online music services. Additionally, restoration of respect for online copyrights, provision of a level playing field that fairly rewards and encourages creativity, and establishment of more commercial partnerships with the ISPs are amongst their primary concerns.

2 Enforcement Solutions

A variety of solutions have been offered and/or implemented to tackle online piracy. The majority of these solutions target the individuals who are the actual infringers. The other solutions target the intermediaries that provide the services which enable p2p file-sharing. All solutions require cooperation of ISPs with content owners. What follows is a brief discussion of the most prominent recent solutions and an analysis of the likely consequences of their implementation.

2.1 Volume litigation[4]

One solution available to the music industry under the existing law is to seek to enforce its copyrights via volume litigation, whereby the industry comes together to sue individuals, hence offsetting costs by pooling resources and moving against a number of defendants. At its inception the method seemed to be plausible because it made litigation and enforcement economically more viable, targeted the primary infringer rather than the intermediary and seemed likely to have a strong deterrent effect. The aim was not to obtain a large number of court judgments, but rather to achieve and publicise early settlement of claims. 

There are five stages of volume litigation, which entail that the content owner: 1) establishes evidence of infringement via direct investigation; 2) identifies IP addresses of infringers; 3) obtains a court order requiring ISPs to disclose personal details of the user of that IP address[5] (with the process whereby IP addresses are linked to a name being a key stage of this step); and 4) sends settlement letters to the physical addresses thus obtained and, if this fails, sends follow-up letters offering a final and higher settlement offer. In the event that the dispute continues past this stage, the content owner then 5) raises a full claim in court. This final stage is rarely undertaken in practice.[6]

Volume litigation raises significant questions about the means of gathering evidence. In March 2008, the German Constitutional Court held that personal data should not be harvested for the purpose of investigating civil wrongs.[7] In the UK the question has not yet been addressed by the courts, and the Data Protection Act 1998 is unclear on whether this practice is legitimate. The DPA provides that data can be processed without the data subject’s consent only if certain excepted circumstances apply. The ‘wider legitimate interest’ of the data controller exception may be relevant in the case of volume litigation, although the appropriate balance under data protection law between the interests of right holders and the rights and freedoms of data subjects remains an open question. 

The practice of volume litigation has not been well received in the UK. The method has come under harsh criticism from the public, the media and politicians. As a result of such bad publicity, only one UK law firm continues the practice of volume litigation, others having withdrawn. The outcomes of volume litigation from the point of view of the industry have certainly not been pleasing either. In addition to the negative publicity it generated, the strategy did not recover significant sums and has made no noticeable impact on the activities of file sharers.  

2.2 Securing judgment against individual infringers

The aim of volume litigation is to achieve settlements of claims, rather than secure judgments.  An enforcement strategy which seeks to secure a substantial volume of court judgments against individual infringers is likely to run into severe difficulties.  

With regard to the prospect of tackling copyright infringement on a case-by-case basis, the sheer magnitude of online copyright infringement raises questions about the capacity of the existing judiciary system to handle a sufficient caseload to make any meaningful impact. According to Jupiter Research, in 2009 approximately 21% of internet users across Europe’s main markets engage in frequent unauthorised music-sharing. Even if a fraction of these incidents were to end up in the courts, the resulting caseload would clog the judicial system. Litigation is an expensive process, and even if costs are awarded against an individual infringer there may be little prospect of actually recovering those costs.[8] Much of the expense is likely to end up being passed on to those consumers who are not in the habit of infringing.

When criminal law is used to prosecute copyright infringement, the expenses of copyright protection enforcement are incurred by state actors, such as the police and public prosecutors, and are thus incurred by tax-payers. However, it seems unlikely that state authorities could be persuaded to act against individual infringers on a regular basis.

In any scenario of enforcement via the courts, the innocent bear the lion’s share of the burden of paying for the costs of litigation, an outcome which seems unfair. Finally, it seems likely that an individual litigation policy would be likely to generate as much negative publicity as volume litigation and thus not be attractive for the music industry.

2.3  Enforcement against intermediaries

The obstacles associated with identifying and suing primary infringers are so great that it would clearly be more effective if rights owners were able to enforce their rights against file-sharing service providers. This would produce a manageable number of defendants, and would be more effective than suing the millions of individuals who use those services. 

The main difficulty with this approach is the immunities granted to service providers by, for example, the Electronic Commerce Directive and the Copyright in the Information Society Directive in the EU, or the Digital Millennium Copyright Act in the US. These immunities are lost only if the intermediary has actual knowledge of the infringement.  

A recent case which has received extensive attention from the global media was the Pirate Bay case in Sweden, a good representation of the Nordic jurisdictions’ approach to intermediary liability.[9] Pirate Bay, a web site that offers BitTorrent p2p file-sharing services, became very popular, accumulating an impressive 22 million users. In 2008 its four administrators, including the financier, were charged with aiding and abetting a copyright offence and preparation of a copyright offence. The defendants were charged with criminal copyright infringement, despite the fact that the main offence was committed by unknown users. The court found that the defendants had general knowledge of the infringement, did nothing to prevent it, and deliberately ignored the copyright owners’ interests. The safe harbour provisions were held not to apply, as the accused did not act on copyright infringement notices and takedown requests. The defendants were found guilty of contributory copyright infringement and sentenced to one year’s imprisonment and were required to pay a total of 2.7 million euros in damages. The defendants have appealed the ruling. 

This decision demonstrates that the current law can provide rights owners with an effective remedy against file-sharing service providers. However, the response of service providers to a sustained litigation campaign would be likely to be to move their file-sharing servers to other jurisdictions on a regular basis, and thus thwart or hinder the litigation.

A further possibility for rights owners is to seek injunctions against search engines and other service providers which, while not hosting files sharing servers themselves, enable users to locate those servers. In the field of trade mark law the courts of France and Germany have been quite aggressive in granting injunctions against eBay in the so-called ‘auction cases’. These were a number of lawsuits concerning companies in the business of selling luxury goods, including LVMH in France and Rolex in Germany. Each company successfully argued that eBay should be enjoined from allowing its users to display the claimants’ trade marks in relation to sales of counterfeit goods. However, the recent ruling of the ECJ in Google v Louis Vuitton et al[10] appears to have limited substantially the scope for such injunctions.

In the UK, under the Copyright in the Information Society Directive, Article 83, and its implementation into UK law via the Copyright Designs and Patents Act 1988, s 97A, rights holders are able to seek injunctions against intermediaries. However, no such injunction has yet been issued because the scope of intermediary immunity requires clarification by the ECJ.[11]  

The interpretation of these rulings is important, not only to p2p file-sharing business models but to all other businesses which may have interests that conflict with those of copyright owners and which have an interest in avoiding any civil and/or criminal liability. For that reason, such court decisions have not been happily received by the other industries which could potentially be affected. Among these are hard drive manufacturers, mobile phone makers, and photocopier makers, all of which are considered legitimate, beneficial and economically and socially useful businesses. 

2.4 Technical enforcement against individuals

The Digital Economy Act 2010 introduces technical enforcement mechanisms designed to tackle online piracy. This framework, also referred to as the graduated response system, was based on a proposal by the BPI and relies on the participation of both the ISPs and OFCOM, as well as on self-regulation.  

Under this scheme content owners will identify, via their tracking devices, the IP addresses used for infringing their copyrights. The content owner will send a copyright infringement report to the relevant ISPs, to inform them of the account that was used for the infringement. The ISPs will then send notification letters to repeat offenders informing them of the infringement and of ways to prevent it in the future. ISPs will also be required to keep records of copyright infringement reports received in relation to each user and transfer this data to content owners. Content owners can then demand a ‘copyright infringement list’ which will contain the names and addresses of users suspected of repeat infringement, and will then be able to use that information to commence civil proceedings against infringers. 

It is recognised that this approach may not reduce online copyright infringement to a sufficiently low level. The Act therefore requires OFCOM to prepare periodic progress reports reflecting the levels of continuing infringement. Based on these reports, the government will decide whether to introduce second tier enforcement mechanisms, which will consist of technical measures ranging through bandwidth shaping, redirection/rerouting, protocol blocking, port blocking, and deep packet inspection, to the final sanction of account suspension for varying periods of time. 

However, no obligations are to be imposed on ISPs until a code of practice (the ‘initial obligations code’) has been approved by OFCOM. The code will deal with all the important elements of the scheme, and in particular how often a content owner is able to submit infringement reports, which suspected infringers can be included on copyright infringement lists, and how the ISPs’ costs are to be shared with content owners. 

The intention, as set out in the Act, is that this code will be negotiated voluntarily between the content industry and ISPs, although OFCOM has power to devise the code itself if an agreement is not forthcoming. There must, however, be real doubt whether voluntary agreement will be reached. The only incentive which the parties have to negotiate is the threat that OFCOM will impose its own code, but without some indication of what an imposed code might look like it is unlikely that either side will volunteer concessions. 

The next section of this paper therefore sets out suggestions as to how the initial obligations code might be structured so as to achieve not only the aim of reducing online copyright infringement, but also the wider aim of the Act that content should be freely available online.

 3.   Initial Obligations Code

It has been plausibly argued that content owners, especially the music industry, should assume some responsibility for the current predicament. The music industry’s defensive, non-digital mindset is certainly part of the reason behind the high level of infringement. The industry has been lamentably slow in providing consumers with legitimate ways to obtain and consume content. Only after the problem of online copyright infringement reached substantial volumes did new business models, such as Spotify and Apple’s iTunes, begin to emerge. 

If the code only produces a structure which encourages content owners to attempt to maintain the market structure of pre-internet days, the Act will be a failure. The expectations of consumers have clearly changed. Content owners will have to adapt to the new market conditions and offer consumers legitimate alternative ways to consume content.

As a starting point, therefore, we propose that the code should recognise this reality and make a distinction between content which is made legitimately available online and content where the rights owner has chosen not to make it available. Additionally, the code should distinguish between those cases where the content owner is prepared to license the ISP to make the content available, and thus share in the revenue stream derived from that content, and those where the content is only made available from the proprietor or a third party such as Apple or Spotify. 

This would lead to the classification of content into three streams:

 1.      Content where the rights owner makes a licence available to the ISP on fair and reasonable terms. In these circumstances all the infringement control mechanisms explained in section 2.4 above should be available to the content owner, and the ISP should be obliged to bear the cost of providing those mechanisms.  

The justification for placing the financial burden on the ISP is that it is offered the chance to share in the revenue stream derived from supplying that content to its customers. If the ISP takes this opportunity, charging its users for access to the content, then it benefits from any action taken by the rights owner to sanction infringement by those users. The rights owner bears the cost of detecting infringement and bringing actions, and it is thus fair to place the burden of receiving infringement reports and producing infringement lists on the ISP. 

To make this workable, the code would also need to establish a mechanism for resolving disputes about whether the licence terms offered to the ISP were fair and reasonable. 

2.      Content where the rights owner has licensed a third party to make the content available via a third party, such as Apple or Spotify. In this case the content is available online, and so the rights owner should have access to the same set of infringement control mechanisms. However, because there is no sharing of revenue stream with the ISP, the ISP’s full reasonable costs of providing those mechanisms should be borne by the content owner.

3.      If the rights owner declines to make the content available online at all, this frustrates the policy behind the Act. For this reason, the code should not grant such a rights owner any access to the infringement control mechanisms. This would not reduce the rights of the content owner below those which the law currently grants, as it would still be able to seek court orders disclosing the identity of suspected infringers if sufficient evidence could be obtained. However, the additional benefits granted to rights owners by the Act should only be available in respect of content which can be obtained legitimately online. 

The second element which the code should encompass is to build in protections for the rights of users. The rights which are most closely affected are the right to freedom of expression and the right of privacy. The system of infringement control mechanisms has the potential to impinge on both.

Freedom of expression may be impaired if the automated mechanisms which will be used to monitor content produce false positives. An example might be the downloading of a video which purely incidentally contains the content in question, as occurred in the US case of Lenz v Universal Music[12] where a video of a young child dancing to the radio included, by necessity, the song being broadcast. Similar issues arise where the inclusion of the protected content is fair dealing, and thus not an infringement.

To resolve these issues the code needs to provide users with a mechanism through which they can appeal against infringement reports. It is important that this appeal mechanism should be free of charge, even if the user loses the appeal. The risk of paying costs is as chilling to free speech as is the threat of potential legal action. If appeals are limited to those cases where the user asserts that the content did not infringe copyright, the number of appeals will necessarily be small. The interests of free speech require that rights owners and/or ISPs, as appropriate, should bear those costs.

Monitoring of content by rights owners is undertaken on an anonymous basis, because it only reveals the user’s IP address and this cannot be connected with the user without the cooperation of the ISP. However, the production of infringement lists, containing names and addresses, has a clear impact on the privacy of users. The code needs to control the production of those lists and the use of the information in them, balancing the user’s privacy interests against the interests of content owners. The Information Commissioner’s Office has clear expertise in this area, and is appropriately placed to ensure that user interests are not overridden if it is involved. OFCOM should therefore decline to approve the code unless the ICO has been consulted and has approved this part of the code.

The remaining parts of the code raise no questions of principle. Questions such as the frequency with which an infringement report can be made and infringement lists demanded are a matter of practicality and cost, which can safely be left to agreement between rights owners, ISPs and OFCOM if the fundamental points identified in this section are incorporated in the code.

4 Long-term Solutions

The solutions set out in the Digital Economy Act are recognised to be only temporary fixes. They do no more than provide a brief breathing space for the music industry in which to stem its drop in income while it restructures itself. 

According to the World Intellectual Property Organisation the purpose of copyright and related rights is twofold: (i) to encourage a dynamic creative culture while returning value to creators so they can lead a dignified economic existence, and (ii) to provide widespread, affordable access to content for the public. The debate so far, and the solutions in the Act, have been so concerned with the first purpose that the second has been largely forgotten. A long-term solution must seek alternatives that will eventually lead to a balance being struck between the interests of the wider community and those of content owners, and not merely seek to secure the position of the latter.

That solution needs to recognise that holding the account holder responsible for all uses of the internet connection is an unusual approach which cannot be justified in the long term. Responsibility for the actions of others should only be imposed where there is knowledge or control, or where the person held responsible benefits from those actions. A car owner is not held responsible for the actions of someone who takes his or her car and causes injury to someone else with it. Household accounts are used by all the family members who live in the house, and by occasional visitors.[13] Universities, public libraries and small cafes provide internet access to numerous users via a limited number of IP addresses. Imposing responsibility on these users could reduce the benefit to the public by forcing them to abandon provision of internet access.  

The long-term solution should be based on two assumptions, which are widely held (at least outside the music industry). Firstly, the model under which consumers once paid for each copy of music they consumed is now dead. The model was based on the purchase of physical products, and now that music is primarily consumed in the form of digital information that model cannot survive. There are already signs that the music industry is beginning to migrate from a sale-of-products model to a sale-of-services model.

Secondly, consumers expect to be able to share information (especially music) freely and without restriction. They will resist constraints on their ability to do so, and we know from the history of copy-protection technologies that the means to evade controls on sharing will rapidly develop.

If these assumptions are correct, long-term solutions need to work within those constraints while at the same time ensuring an income for the music industry which is sufficient to encourage the development of new music. This suggests that the law should provide preferential protection for the service of providing access to music for consumption, as opposed to a pay-per-product system. The proposals for the initial obligations code in section 3 above are intended as a first step in that direction.

The solution also needs to recognise that individual licensing for consumers would be too cumbersome to work. There would be a high level of evasion as it would run counter to consumer expectations of unfettered use. For example, under such a system it would be an infringement for a licensed individual consumer to pass on a copy of a song to a friend who does not have a licence. Rather than solving the problem, this would add its own set of complications.

This analysis suggests that the most plausible system is one where access providers pay licence fees to content owners, and users of such access providers receive the music free of restriction. However, there are two kinds of access provider: those whose business lies in providing internet access, and those who use the internet to provide content. So the policy question becomes, which of these categories should pay?

It would be easy to set up and police a system in which pure internet access providers, such as ISPs, are required to pay. These providers have a direct relationship with consumers, and can build the licence fees into their charges. The disadvantage of this approach is all consumers would pay, even those who don’t consume music. The advantage is that a system of this kind might conceivably evolve through bilateral and collective negotiations, and thus require little or no change to the law.

If only music content providers, such as YouTube, Spotify and PirateBay, are required to pay, there is the question of how to fund the fees. Advertising revenues may not be sufficient to cover the whole cost. It seems that consumers might be willing to pay if providers offer a service which appears to have value. Spotify has been attempting to migrate its customers from a free service, paid for by advertising which interrupts the music stream periodically, to a service paid for by monthly subscription which is advertising-free. The number of paying customers is growing steadily, though it remains to be seen whether this business model will prove commercially successful. The success of the Apple iTunes store suggests that consumers are willing to pay for music if the price is right and they obtain appropriate use rights. It is worth noting that in May 2010 Apple announced a streaming add-on for iTunes customers, its first move from music-as-a-product to music-as-a-service.

YouTube is positioned as a free service, and so has been trying new business models that would be more content-industry friendly. For example, they have launched a UK TV section with more than 60 partners and have entered into deals with content owners whereby they share advertising revenues and provide services free of charge to consumers.

Each of these business models legitimates consumer use of the content provided, but neither provides a legal basis for consumer sharing of content. Our view is that at least some cases of sharing need to be made lawful, and it may even be necessary to recognise reality and provide that consumer sharing is no longer an infringement. Further consideration of this matter will be needed once the new business models for the music industry have become clearer.

A second policy question is whether such a system could be left to develop via commercial negotiations. Rights ownership is widely distributed among composers, lyricists, publishers and recording companies. ISPs are numerous, vary dramatically in size, and are distributed across the world. Given the diversity of interests involved, a negotiated system may fail to be achieved. There is real uncertainty whether sufficient incentive exists for concerned parties to negotiate such a licensing system while content owners retain the option to sue individuals and intermediaries.

If this happens, the only identifiable solution at present is a compulsory licensing system, similar to the statutory schemes which were established to allow recordings to be made during the early development of the phonograph. The advantage of a statutory scheme is that the law can establish both pillars (free private use and licence fees) simultaneously. Although neither the music industry nor ISPs are presently in favour of such a scheme, it may turn out to be the only way in which a legitimate framework for online music consumption can be established.

Chris Reed is Professor of Electronic Commerce Law, Queen Mary University of London School of Law, Centre for Commercial Law Studies.

Berna Akcali Gur is a PhD candidate at King’s College London School of Law.


Acknowledgment and gratitude is due to the participants in the Society for Computers and Law Policy Forum, held at Herbert Smith’s offices in London in September 2009. The panellists for the session on this topic were Mikko Manner (Roschier Attorneys, Helsinki), Andrew Murray (London School of Economics), David Naylor (Field Fisher Waterhouse) and Kiaron Whitehead (General Counsel, BPI). The views expressed in this paper were enlightened by their presentations and discussion, but do not represent the individual views of any panellist or the collective view of the panel.

[1] This site is still operating because ISPs have thus far refused to block access to it. The defendants have appealed the decision.

[2] The UK market figures for 2009 published by BPI in 2010 show a 1.4% increase, with growth in digital compensating for decrease in analogue revenues, so the decline may have stabilised.

[3] However, studies have established that the connection between the decrease in music sales and the volume of illegal downloads is more complicated than the claim that all illegal downloads constitute lost revenue for the industry suggests. Although most establish some sort of linkage there have even been studies claiming that no direct connection could be established.Oberholzer, F. and K. Strumpf (February 2007). “The Effect of File Sharing on Record Sales An Empirical Analysis.” Journal of Political Economy 115(1): 1-42.


[4] See Andrew Murray, ‘Volume Litigation: More Harmful Than Helpful?’ (2010) 20(6) Computers & Law, 43. 

[5] Obtaining such information from ISPs requires a court order, usually achieved with an application to the court for a Norwich Pharmacal order or under Article 8 of the Directive on the Enforcement of Intellectual Property Rights (though not that the European Court of Justice has implied that such use was not the primary aim of Article 8 – Case C-275/06 Promusicae v Telefonica [2008] ECR I-271).

[6] The first non-default judgment in the UK appears to have been in an action by Topware Interactive against Isabella Barwinska in 2008,

[7] German Federal Constitutional Court, 11 March 2008, 1 BvR 256/08.

[8] The judgment in the Barwinska case (note 5 above) awarded damages of just over £6,000 plus costs of £10,000 – it is not known whether any serious attempt was made to recover these sums from her.

[9] See Mikko Manner, ‘The Pirate Bay Ruling – When Fun And Games End’ (2009) Ent LR 197. The Finnish Courts ruled similarly in the ‘Finreactor’ case in 2008. Finreactor was another web site that provided a BitTorrent p2p service. The Pirate Bay case in Sweden received more media attention due to its much larger user base.

[10] Joined Cases C-236/08 to C-238/08, 23 March 2010.

[11] L’Oreal v eBay [2009] EWHC 1094 (Ch).

[12] 572 F Supp 2d 1150 (ND Cal 2008).

[13] They may also be used by others who hack in to the account without the account holders’ permission and knowledge, though it is arguable that householders should be liable to an extent for those actions if they have not taken reasonable steps to secure access to the connection.