The contribution of the Internet to our everyday lives is beyond dispute. I am sure few would prefer to return to a work environment without the ready availability of Westlaw, the Statute Law Database or BAILII. My students are rarely to be found in the library these days unless they are accessing online journals via one of the PC terminals. We have become used to the always-on instantaneous delivery society that the Internet offers: travel tickets are ordered and delivered online; travellers check-in for flights online; movies and TV are streamed from servers; newspapers are delivered to mobile devices; and music is more often bought online than in the shop, leading to the retreat from the high-street of traditional music retailers Woolworths, Tower, Our Price and Virgin/Zavvi. Today HMV remains the sole nationwide specialist high street music retailer as Amazon, Play and iTunes take over. Behind this story of course is a hidden truth. While there is little doubt that online retailers for both physical CDs and MP3s can undercut high street retailers on price, a quick review of the figures show this is often not the case. iTunes usually charges on average between £7.99 and £9.99 for an album: this is comparable with the price of a physical CD on Amazon or Play: high street retailers can often offer similar prices on popular CDs with supermarkets such as Asda and Tesco offering prices which match or even beat the online prices. Why then did so many high street music retail chains fail between 2003 and 2009? The answer is that they were caught in a perfect storm: on one side, the move of the supermarkets to gain a higher percentage of this profitable market; on the other, the combined impact of all online services including the legal online retailers and download sites but also including illegal file-sharing sites such as Napster and later KaZaa, eMule, eDonkey and eventually BitTorrent sites. These sites and services remain a threat to the copyright industries and are currently the focus of both government action and direct action from copyright holders.
Government activity is to be seen in the Digital Economy Bill. In unveiling the proposals for the Bill, Lord Mandelson noted that ‘a legislate and enforce strategy was the only way to protect the intellectual property rights of content producers’, and added that ‘the days of consequence-free widespread online infringement are over.’[1] This highly controversial Bill will see the introduction of a HADOPI-style ‘three-strikes’ procedure but I do not believe that it is right for Lord Mandelson to suggest either that a legislate and enforce strategy is the only way to protect intellectual property rights in the online environment or to call online file-sharing ‘consequence free’. There is already strong protection for copyright holders provided by the Copyright, Designs and Patents Act 1988. A number of file-sharers have in the past received notification letters from copyright holders communicating an intention to litigate if they do not cease and desist their actions. Actual litigation though was extremely rare due to a number of contributing factors, including the high cost of identifying infringers (which usually requires a Norwich Pharmacal order), the low likelihood of recovery of costs and damages given the limited resources of most infringers and the difficulty of proving that the alleged infringer was indeed the person sharing or downloading the file. This changed in 2007 when Davenport Lyons began to use the volume litigation action.
Volume Litigation Practice
In March 2007 Davenport Lyons sent letters to 500 individuals who, they claimed, had shared a computer game called Pinball Dreams 3D. The letters offered to settle the claim in return for a payment of in the region of £600; failure to settle would lead to Davenport Lyons taking further action.[2] This practice may be seen as a twist on the class action lawsuit where a collection of individuals bands together to pursue a corporation: here the corporation is ameliorating the costs of pursuing hundreds of actions by packaging them together and launching a ‘volume’ case. In essence the action is a six-stage process with the emphasis on stages one to four.
Stage one is to establish infringement. This requires the copyright holder to establish that the copyright work is being made available in breach of licence conditions. This is achieved via direct investigation where investigators visit popular file-sharing sites and search for the work in question.
Once infringement is established, stage two begins. This is to identify the infringer. For Davenport Lyons, that meant working with Swedish firm Logistep. They monitor peer-to-peer networks such as Gnutella and LimeWire for incidents of illegal file-sharing using software called File Sharing Monitor. This connects to a peer-to-peer server and requests a copyrighted file. It then records all the IP addresses that offer the file, and begins a download. If the download is accepted, FSM logs the filename, file size, uploader username and date stamp. It then completes an automatic WHOIS search, identifying the ISP that the IP address belongs to, and delivers this information to the lawyers.
This triggers stage three, the obtaining of personal details. Armed with the information obtained at stage two, applications for Norwich Pharmacal orders are made in blocks of anything from 500 to 25,000 IP addresses against a variety of ISPs.
Stage four then begins – the key stage of the volume litigation process. A number of settlement offer letters (usually at least 500) are then sent, making a Part 36 offer to settle for a figure of between £400 and £1000. This is usually the first knowledge the infringer has of the action and the letters usually emphasise that, should the claimant go to court and be awarded damages in excess of the offer figure, the claimant can claim interest on the damages, plus costs from the end of the relevant period and interest on those costs. If the alleged infringer settles, this ends the process. If he ignores the offer or refuses to settle, stage five is triggered: the revised offer stage. This sees a subsequent and final Part 36 offer. This is usually between £250 and £500 higher than the original offer, to cover additional expenses. Again this offer refers to the enhanced costs that may be awarded should the claimant successfully obtain higher damages at a subsequent hearing.
The final stage is stage six. This is to raise a full claim. Stage six is extremely rare and to date has only been used in undefended actions. It appears the few actions which have been brought are designed to encourage early settlement. Many stage five letters refer to Topware v Barwinska,[3] in which an order for damages in excess of £6,000 and costs of over £10,000 was made.[4]
Details about the success, or otherwise, of volume litigation are sketchy. Firms involved in volume litigation do not reveal how many cases settle for payment or how many are abandoned. The Davenport Lyons web site merely refers to an award of £16,000 damages awarded to Topware Interactive in the Barwinska case.[5] To date no law firm has prosecuted a defended action before the UK courts. The few cases which have gone to court have been undefended, leading to the award of default judgments: what is not clear is whether there has been any attempt to enforce any of these judgments.
Public Reaction
The practice of volume litigation was initially attractive to copyright holders. As well as Topware Interactive, Davenport Lyons were retained by Codemasters, Reality Pump, Techland, and Atari to pursue claims relating to games titles such as The Lord of the Rings, the Colin McRae Rally series, and Operation Flashpoint.[6] Later, a stream of bad publicity dogged the practice. It became clear that the basis of the claims was solely the IP address data gathered at stage two: due to the need to keep costs down no external investigations were entered into. This meant individuals who may not have adequately secured their wireless servers could find themselves receiving demands for the actions of individuals who had illegally piggy backed on their server.[7] The bad publicity surrounding what many saw as strong-arm tactics reached a head in late 2008 with two separate episodes. First, in October 2008 Davenport Lyons sent a letter on behalf of Atari to Ken and Gill Murdoch of Inverness accusing them of sharing Atari’s Race 07 game. Ken (66) and Gill (54) said that they had never played a computer game before and contacted Which? The story quickly became a minor cause célèbre with Davenport Lyons dropping the claim but not before their tale was reported by The Daily Express, the BBC, and The Daily Mail. This was followed by worse publicity, triggered when Davenport Lyons decided to represent the copyright holders of several hardcore pornographic titles. A substantial number of claim letters were issued in late 2008 relating to a number of film titles, all of which appear to be material which it would be illegal to trade in, or potentially even possess, in the UK. Quite apart from the question as to whether a Court of Equity would entertain an application from a copyright holder who is seeking to enforce their copyright in obscene material, Davenport Lyons had unfortunately sent several of their claims letters to respectable elder citizens leading to a further round of bad publicity. This bad publicity led to Atari severing relations with the firm, while the tactics caused Which? to report the firm to the Solicitors’ Regulatory Authority.
As I write this, Davenport Lyons have suspended indefinitely their practice of volume litigation. The bad publicity surrounding these two events seems to have discouraged them from the practice. The practice now appears to be solely employed in the UK by niche firm ACS:Law. ACS:Law recently made a Norwich Pharmacal application in respect of 25,000 IP addresses supplied by Logistep. Perhaps fearful that an application of this volume represents a fishing expedition, it has been reported that this application was rejected, but this refusal (if true) remains an exception rather than the norm.[8]
The continued practice of volume litigation in the UK places us out-of-step with many of our continental neighbours. In March 2008, the Federal German Constitutional Court ordered that data should only be harvested in the prosecution of a serious crimes and then only with a judicial warrant. In January 2008, the Swiss Data Protection Office ordered Logistep to cease harvesting data as this was in breach of the Data Protection Act, although this was overturned in June 2009 by the Federal Administrative Court as ‘the ends justified the means’ in cases of copyright infringement. Most startlingly, a Paris-based lawyer, Elizabeth Martin, was ordered by the disciplinary board of the Conseil de l’Ordre du Barreau de Paris to suspend her activities as a lawyer for six months after sending out hundreds of thousands of volume claims on behalf of software company Techland in respect of their popular game ‘Call of Juarez’. It appears from the limited reports of the case that Ms. Martin was found to have over-aggressively prosecuted her client’s claim by stating that, if her client went to court, damages would amount to ‘hundreds of thousands of Euros’ and that ‘if you are not able to pay the damages ordered by the court, our client will seek to gain the amount by the sale of your goods’. The disciplinary board is reported to have stated that: ‘By choosing to reproduce aggressive foreign methods, intended to force payments, the interested party also violated [the code] which specifies that the lawyer cannot unfairly represent a situation or seriousness of threat.’[9]
Legality
While there is little risk of a UK-based lawyer being similarly suspended, the fact that Which? have already referred one UK firm to the SRA reflects a strong view among some sections of the public that this form of litigation amounts to legalised bullying. There appears though to be no legal impediment to the practice in the UK. The main legal bone of contention surrounds stage two: the data gathering stage. As already discussed, in Germany this practice has been found to conflict with German data protection law. Unfortunately the question of data harvesting has not been addressed yet in the UK (despite several complaints to the ICO by targeted individuals). The Data Protection Act 1998 is unclear as to the legality of harvesting IP addresses without consent or pre-existing order. An IP address would appear to be personal data as it is ‘data which relates to a living individual who can be identified from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller.’[10] This view is confirmed by Peter Scharr, Germany’s data-protection commissioner and head of the European Union’s group of data privacy regulators. In January 2008, he said that when someone is identified by an IP address, it has to be regarded as personal data.[11] This means the Data Protection Principles therefore apply, which suggests data should not be processed without the consent of the data subject unless one of the excepted processes is found to apply. The only applicable exceptions found in Sch. 2 would appear to be either processing necessary for the administration of justice or processing necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.
Does the administration of justice provision cover pre-trial evidence gathering by covert techniques as used by Logistep? Possibly not: s 35 (which deals with the exemption for disclosures in the course of legal proceedings) only exempts disclosures of data not processing or gathering of data. The wider ‘legitimate interest’ exception may though allow processing of the data. This though is a grey area: it is clearly in the interest of the data controller but, given the clandestine nature of the data gathering technique, does it infringe the ‘rights and freedoms of the data subject’? The Information Commissioner, despite many individual complaints, has declined to intervene in what it sees as a judicial process, despite the decision of the ECJ in Promusicae v Telefonica.[12]
Conclusion: Is Volume Litigation Good for Clients?
If one assumes the practice is compliant with the Data Protection Act, there remains an argument that the process is flawed. The data provided by the ISP relates to the ‘registered keeper’ of the IP address at that time. This is different to the user. I am the keeper of my broadband account: it is though used by others in my household. This has been recognised recently by the Tribunale di Roma which ruled that an IP address is insufficient evidence to identify an individual. During preliminary investigations of a file-sharing copyright infringement complaint, the investigatory magistrate and the judge considered that the mere ownership of the connection from which the offence was committed was not sufficient to establish the liability of defendants, especially since the alleged infringement may have been committed by other people. It is widely accepted that the industry standard WEP encryption protocol used for wireless routers is not sufficiently secure to prevent illegal access to even a secured router. The risk of identifying innocent parties as ‘infringers’ is therefore great. This has been evidenced in the hundreds of individual testimonies which may be read at http://beingthreatened.yolasite.com/your-stories.php as well as in high-profile cases such as that of Ken and Gill Murdoch.
Ultimately it is questionable whether volume litigation is actually good for clients. To date, it has caused no perceptible difference in the actions of file sharers. It has raised relatively small sums for copyright holders and has caused massive negative publicity with the practice seemingly now restricted to a few niche clients and firms across Europe. Volume litigation may seem an easy option which allows copyright holders to target hardcore individual file sharers, but options which seem easy on the surface often hide their true cost and complexity. Volume litigation switches the cost from the client to the individual accused of file sharing. This is right if the accused is guilty but unacceptable if he or she is innocent. The technology to accurately identify only those guilty with an acceptable margin of error is not yet ready. It is therefore respectfully suggested that volume litigation must be held in suspension until the technology is sufficiently mature to ensure that in the overwhelming majority of cases only those guilty of copyright infringement receive Part 36 letters.
Andrew Murray is a Reader in Law at the London School of Economics.
[1] Mark Sweeny, ‘Lord Mandelson sets date for blocking filesharers’ Internet connections’, The Guardian 28 October 2009.
[2] M. Ballard, ‘Games firm pursues 500 pinball ‘pirates’ through UK courts’, The Register, 28 March 2007: http://www.reghardware.co.uk/2007/03/28/uk_share_hunt/.
[3] PAT.08023 Unrpt. Patents County Court, 18 August 2008. A partial copy of the order is at: http://beingthreatened.yolasite.com/resources/Beschluss%20Topware%20Interactive%20INC.pdf
[4] Most subsequent orders have seen damages awards of a lower order being usually around £2000 with costs of around £1500.
[5] Davenport Lyons, Illegal File-Sharer Ordered to Pay £16,000 By Judge: http://www.davenportlyons.com/news/news-stories/481/.
[6] Alexi Mostrous and Jonathan Richards, ‘Computer games industry threat to downloaders: ‘pay up or we’ll sue’’, The Times, 20 August 2008: http://technology.timesonline.co.uk/tol/news/tech_and_web/gadgets_and_gaming/article4569180.ece.
[7] It is of course illegal under s.125 of the Communications Act 2003 to ‘dishonestly obtain an electronic communications service’, this includes making use of another’s wireless Internet connection without permission. This does not prevent neighbour sharing and war driving.
[8] Stuart Turton, ‘File Sharing: The Facts’, PC Pro, January 2010: http://www.pcpro.co.uk/features/354346/file-sharing-the-facts
[9] Lawyer Who Threatened File-Sharers is Banned For 6 months, TorrentFreak, 5 April 2008: http://torrentfreak.com/lawyer-who-threatened-file-sharers-banned-6-months-080405/.
[10] Data Protection Act 1998, s.1.
[11] Aoife White, ‘IP Addresses Are Personal Data, E.U. Regulator Says’, Washington Post, 22 January 2008: http://www.washingtonpost.com/wp-dyn/content/article/2008/01/21/AR2008012101340.html
[12] [2008] ECDR 10.
