Progress on Point
Release 10.19 October 2003 Periodic Commentaries on the Policy Debate
SUBPOENA WARS: RIAA v. VERIZON
James V. DeLong*
As part of its response to the current deluge of Peer-to-Peer (P2P) sharing of
copyrighted music, the Recording Industry Association of America (RIAA) is using a
provision of the Digital Millennium Copyright Act (DMCA) that allows a copyright owner
to obtain the identity of an alleged infringer from an Internet Service Provider (ISP)
simply by serving a subpoena, without filing a law suit. Some ISPs, led by Verizon, are
resisting this procedure, arguing that it is not actually authorized by the DMCA, and that
it is in any event unconstitutional under the First Amendment.
Verizon lost both these arguments in the trial court, and has appealed to the
United States Court of Appeals for the District of Columbia Circuit.
This paper examines the arguments and concludes that the content companies’
victory will probably stand on appeal. Nonetheless, the ISPs raise some points of
• ISPs should not be forced to bear the burden of enforcement costs, in this or
other contexts, and systems of cost-reimbursement need to be developed.
• Claims to privacy and anonymity asserted by illicit downloaders of music are
weak, but ISP subscribers in general can claim a legitimate need to be protected
against abuse (such as cyberstalking) or mistake. As the trial court noted, these
problems are at present only hypothetical, and the DMCA and the Federal Rules
of Civil Procedure provide for sanctions in such cases, so, hopefully, they will
remain so. If they were to become real, then further steps would be necessary.
• The inclusive nature of the material covered by copyright could become a
problem, since it creates a possibility that people will seek subpoenas on
grounds such as “he forwarded my email.” This possibility bears watching in
James V. DeLong is Senior Fellow and Director, Center for the Study of Digital Property, at the Progress
and Freedom Foundation. The views expressed here are his own and do not necessarily reflect those of
PFF, its officers, or its Board of Directors.
Page 2 Progress on Point 10.19
case it requires response in the future, since it might not be covered by the
sanctions provided for in the DMCA. At present, however, this difficulty also
The existence of these concerns does not militate for legislative reopening of the
DMCA, an action that would trigger a deluge of proposed changes and throw the area
into a state of uncertainty. The interested parties need each other, and should be able
to negotiate reasonable compromises on the outstanding issues.
In addition, many concerns expressed by the ISPs can be addressed by the ISPs
themselves. For example, possible abuses could be parried by an ISP policy of
notifying a subscriber when a subpoena requesting his or her identity is received so that
the subscriber can protest it. The DMCA does not require such notification, but it
certainly allows it. The expense of such a procedure could be a part of any negotiations
over cost recovery.
Unauthorized P2P downloads of copyrighted files, mostly of music, are estimated
as approaching 2.6 billion per month. Only the comatose do not know that the RIAA
has launched a counter-blitz; in September of 2003 it filed 261 lawsuits against P2P file
swappers of all ages and genders and localities. The exact principle by which particular
defendants were selected is unclear, but one common factor was volume. Each of
them was making at least 1,000 songs available to any and all possessors of the
necessary file-sharing program, such as KaZaA or Grokster.1
Before suing people the RIAA must find them, and this search process has
triggered a rancorous debate in Washington. The immediate vehicle for conflict is a law
suit called RIAA v. Verizon, but the fighting is not limited to the Federal courthouse; it
has spilled out into the halls of Congress and, most emphatically, the public press.
A music company that wants to protect its copyrights can access one of the file-
sharing software programs, such as KaZaA, then use it to log onto the Internet and
search for particular songs, just like any file swapper. When the copyright owner finds
covered music available, however, it cannot know the identity of the person making the
offer. Information available over the Internet encompasses only the identity of the
Internet Service Provider (ISP) through which the connection is made and the portal that
is being used. Information about the specific user can be obtained only from the ISP,
which keeps tabs on use and can backtrack to find out who was using the particular
portal at the time in question.
Nick Wingfield & Ethan Smith, The High Cost of Sharing,” Wall Street Journal, Sept. 9, 2003.
Progress on Point 10.19 Page 3
Subpoena Power Under the DMCA
To obtain the identity of an individual swapper, a copyright owner uses
subsection 512(h) of 17 U.S.C., which was added to copyright law by the DMCA in
1998. This provision allows the owner to file a request with the clerk of the U.S. District
Court and to obtain, automatically, a subpoena directed to the ISP requiring it to
“disclose... information sufficient to identify the alleged infringer...to the extent that such
information is available to the service provider.”
The contents of the request for a subpoena are spelled out by the law. It must
• A “copy of a notification described in subsection (c)(3)(a).” This subsection refers
to an earlier provision of section 512 governing requests that an ISP remove
infringing material that it is hosting. To trigger this obligation, the copyright owner
must provide the ISP with a written notification containing:
o A physical or electronic signature of an authorized requester;
o Identification of the material “that is claimed to be infringing . . . and that is to
be removed or access to which to be disabled” and sufficient information to
enable the ISP to locate the material;
o Contact information for the complainant;
o An attestation of the complainant’s good faith belief that use of the material is
o A statement that “the information in the notification is accurate, and under
penalty of perjury, that the complaining party is authorized to act on behalf of
• The request for a subsection 512(h) subpoena must also contain:
o A proposed subpoena;
o A sworn declaration that the purpose of the subpoena is to obtain the identity
of an alleged infringer and that it will only be used to protect copyrights.
Subsection 512(h) also subjects the subpoena to the Rules of Civil Procedure
governing subpoenas in federal litigation, insofar as practicable. This invokes Rule 45,
which has safeguards against excessive burdens and provides mechanisms by which a
subpoena can be challenged.
Upon receipt of the subpoena, the ISP is to “expeditiously” provide the
information necessary to identify the swapper.
From 1998 through 2002, copyright owners used subsection 512(h) hundreds of
times, usually in connection with File Transfer Protocol systems, but occasionally in the
This is a peculiar formulation. As a matter of grammar, the attestation of authority is made under penalty
of perjury, but the certification of the quality of the information is not so made. However, it should not
affect the sanctions available under subsection 512(h), for the reasons noted infra.
Page 4 Progress on Point 10.19
context of P2P networks.3 ISPs complied. In 2002 it became clear that the music
industry was going to escalate substantially its efforts to attack P2P swapping, and at
some point some ISPs decided to resist. The first subpoena with which Verizon
declined to comply was issued in late July 2002, and this litigation commenced.
The challenge to the July 2002 subpoena was based on statutory arguments.
Verizon lost this case in the trial court in January 2003.4 In February, Verizon
challenged another subpoena, making constitutional arguments, so the matter was
subject to a second decision in the district court, this one on constitutional issues.5
Verizon lost this challenge as well, and appealed both decisions. The consolidated
appeals were argued before the U. S. Court of Appeals for the D.C. Circuit on
September 16, 2003.
Overview: The Online Copyright Infringement Liability Limitation Act (17 U.S.C.
As Internet use exploded in the mid-1990s, a serious issue became obvious to
all. Tons of material was being circulated, and Internet users were paying little attention
to the requirements of copyright law. The attitude, even in this pre-Napster period, was
that material available in digital form was fair game for distribution.
This, obviously, presented a problem not only to content owners, but to Internet
Service Providers. Under existing copyright law, they might well be held legally liable
for materials posted on websites maintained by them, or -- even more threatening -- for
materials posted on websites that were maintained on an ISP’s computers even if it
exercised no control over the content. To go even further, there were suggestions that
ISPs could be responsible for copyrighted material that they transmitted without hosting.
It was generally recognized that holding ISPs liable for policing all content would
shut down the Internet because the costs would be inordinate. Equally, it was
recognized that copyright owners needed to be able to defend their interests against the
unauthorized copying of material. Finally, consumers needed to be assured that they
would be able to receive material over the Internet.6
Brief of RIAA, In Re Verizon Internet Services, Inc., U.S. Court of Appeals for the D.C. Circuit, Nos. 03-
7015 & 03-7053 (Filed June 13, 2003).
In Re: Verizon Internet Services, Inc., 240 F. Supp. 2d 24 (D.D.C. 2003) (Verizon I).
In Re: Verizon Internet Services, Inc., 257 F. Supp. 2d 24 (D.D.C. 2003) (Verizon II).
This consumer interest, often ignored, is extremely important. To illustrate, imagine an industry daily
newsletter of the type so prevalent in Washington. In pre-Internet days, the news was gathered the day
before, the publication printed overnight, and distribution performed in the dawn hours of the next day. If
the newsletter can be distributed over the Internet with access limited by password, it can be much more
timely. Furthermore, the costs of printing and delivery are avoided, so it can be made much cheaper. Now
suppose that some “consumer representative” decides that the purveyor is charging too much. So he
subscribes, then cuts and pastes the publication onto a free website, or blasts it out like spam. The injury
to the proprietor is obvious, but the subscribers will be equally injured. If the newsletter cannot stop this
action, then it will have to return to the old ways of doing business, and the subscribers will get their news
in less timely fashion at a higher price.
Progress on Point 10.19 Page 5
Thus all sides desired a resolution, and the outcome was a section of the DMCA called
the Online Copyright Infringement Liability Limitation Act, which added section 512 to
the Copyright Act.
The first four subsections of section 512 immunize common activities of ISPs
from liability for copyright violations by their Internet subscribers. The activities are (by
(a) acting as a passive transmitter of material;
(b) storing material temporarily in the course of acting as a conduit;
(c) acting as a host for material; and
Each of these protections is hedged by conditions, mostly designed to close
possible loopholes. The most important of these conditions are the notice and
takedown provisions of 512(c) & (d), which require the ISP to remove infringing material
or links thereto upon notice from the copyright holder if it is to get the benefit of the
The remaining subsections of 512 deal with special concerns and add more
caveats to the basic immunities of sections (a) to (d):
(e) adds extra protections for institutions of higher education;
(f) provides for damages, including attorneys fees, to be levied against anyone
who “knowingly materially misrepresents” that material was infringing or that
material was removed by mistake. Beneficiaries can be copyright owners, service
providers, or alleged infringers;
(g) immunizes ISPs from liability to alleged infringers for removing material, and
establishes conditions for the alleged infringer to contest the charge;
(h) creates the subpoena provision at issue in RIAA v. Verizon, and described in
the preceding section;
(i) places two general conditions on all the limits on liability contained in section
512: to get their benefit, the ISP must have adopted and implemented a policy
for the termination of the accounts of subscribers who are repeat copyright
offenders, and the ISP must accommodate standard technical measures of
digital rights management used by copyright owners, as long as these are
“voluntary” and “developed pursuant to a broad consensus of copyright owners
and service providers;”
Page 6 Progress on Point 10.19
(j) contains provisions protecting ISPs against overly broad injunctions;
(k) provides definitions;
(m) says that service providers need not affirmatively monitor or seek facts,
except to the extent consistent with a standard technical measure, and are not
required to violate any law in removing content; and
(n) provides that the functions described in subsection (a) to (d) are distinct, and
qualification under each is to be determined separately.
Statutory Arguments (Verizon I)
Verizon’s statutory arguments in Verizon I focused on the language of 512(h):
As noted above, in prescribing the form of notice to be filed with the clerk when a
subpoena is sought, 512(h) incorporates by reference some language in subsection (c).
Verizon argues that this means that the subpoena provision applies only to ISPs
covered by subsection (c) – those actually hosting material – not to those that, because
they are mere conduits, are covered by subsection (a).
As a matter of technical statutory interpretation, each side makes some good
The most powerful argument for Verizon’s contention is that the notification
required under section 512(h) specifically refers to the notification that must be given to
a service provider under subsection 512(c) in connection with a request that offending
material be removed from a website hosted by the ISP. Included in the notification is
identification of material “that is to be removed.” Why, asks Verizon, would that
requirement be incorporated into a notice that applies when the ISP is a mere conduit,
and there is no material to take down? Furthermore, 512(h) requires “a copy of a
notification described in subsection (c)(3)(a),” not an alternative such as “the information
described in subsection (c)(3)(a).” This language can be read as assuming that a take-
down notification is being filed, something that would be true under (c) but not under (a).
Furthermore, to Verizon this interpretation would make sense because ISPs did
not need any additional immunity in the situation where they are mere conduits—it says
that case law already excludes them from responsibility if copyrighted content is
Also relevant to Verizon is the fact that file swapping was not a major issue in
1998, when the DMCA was drafted. Napster was not invented until 1999. Given the
ambiguity in the statute, they argue that Congress cannot be assumed to have meant to
address a problem that did not then exist.
The RIAA has a series of rejoinders. The first, and found most powerful by the
trial judge, is that 512(h) says that it is applicable to any “service provider.” The
definition of this term resides in subsection 512(k). There, “service provider” is given a
Progress on Point 10.19 Page 7
restricted meaning for subsection (a); then it is given broader meaning for all other
subsections, including (h), with a special proviso that this broader meaning
encompasses any ISP that is covered by (a). So, on plain language grounds, it is
difficult to argue that a “service provider” as included by subsection (a) is not covered by
There is also parallel language in subsection 512(i), which says the immunities
contained in any of the subsections are available only if a service provider has adopted
and implemented a policy of terminating the accounts of subscribers who are repeat
offenders. No basis exists for arguing that this provision does not apply to service
providers covered by subsection 512(a), and it is difficult to argue that “service provider”
in (i) means something different than the same term when used in (h), especially when
both sections are covered by the definition of (k).
The content industry does not think the 512(c) “take down” language to which
Verizon points can bear the weight Verizon wants to put on it. A notice to a court
seeking a subpoena and a notice to an ISP seeking a takedown should logically contain
many elements in common, such as specifications of the copyrighted work and of the
offending material; the identity, contact information, and authority of the party filing the
notice; and an attestation of good faith made under penalty of perjury. From a drafting
standpoint, why repeat all these requirements in 512(h) when they have already been
set forth in 512(c), and can be incorporated? Indeed, incorporation can add clarity
because it avoids the need for readers to juxtapose the provisions to determine if
Taken as a whole, say the content companies, the incorporation of the “take
down” language contained in a single clause must be regarded as a minor drafting burp
that is entitled to little weight. If Congress had intended the subpoena provision to apply
only to ISPs covered by subsection (c), it could easily, and would logically, have made
the provision a part of that subsection, not a separate subsection.
Verizon counters that statutes are not to be presumed to contain excess words,
and to dismiss this phrase as a mere glitch offends conventional rules of interpretation.
The content industries also dispute Verizon’s description of the state of
knowledge in 1998, and of the legal status of conduit ISPs. Napster and its successors
may have been as-yet-uninvented in 1998, but it was already clear that a deluge of
copyrighted material was bouncing around the Internet. Furthermore, the responsibility
of ISPs for these copyright violations was not a settled question; indeed, it is not settled
yet. The safe harbor created by 512(a) was important; it was not superfluous repetition
of established doctrine.
In the content industries’ view, Congress may not have anticipated the magnitude
of the copyright problem that would be created by file swapping through conduits, but it
was certainly aware that there was such a problem. For Congress to ignore it in
fashioning the compromise that was the DMCA would have made no sense.
Page 8 Progress on Point 10.19
Also, it would have made no sense for the content industries to agree to a bill
that ignored the problem of copyright violations via conduits. This section of the DMCA
was very much a compromise, with all interested parties getting something and
agreeing to benefits for others in exchange. The ISPs got their safe harbors from
liability as enablers of copyright violations; in exchange, they agreed to help the
copyright owners identify the actual violators.
Indeed, for content companies, the web-hosting situation contemplated by
subsection (c) represents the situation in which the 512(h) identity-discovering process
is least useful. Most websites contain information on the identity of the host. The
subsection (a) situation, in which no website is involved, is where 512(h) is most
The trial court found for the content companies, primarily on the grounds that the
plain language of the statute brings all service providers within the ambit of subsection
512(h), including those who act as conduits under (a).
The case is not a slam dunk, but it is likely that the trial court decision will be
upheld. A decision the other way would do undue violence to the definitions. This
result does leave dangling some of the language of the cross-reference to material to be
taken down, but this is not as jarring as the problems that would be created by recasting
the definitions so that identical language meant different things in two successive
paragraphs, and so that the precise provisions of the definitions section were recast.
The logical explanation for the glitch is that the drafters were indeed focusing on
the problems presented by copyrighted materials contained on computer servers
operated by ISPs and covered under (c). That is where most of the problems were in
1998. But this does not mean that they were unaware of the problems of transmission
by ISPs acting as conduits, and of the need to identify violators in that context as a quid
pro quo to content holders for the immunity granted by subsection (a). Nor does it
mean that they did not intend to write a law that would address problems created by
future technologies, such as P2P file sharing. Hence the inclusive nature of the
definition of service providers in subsection (k) and the application of this definition to all
subsections other than (a) – viz. not just (h) but (i).
Constitutional and Policy Arguments (Verizon II)
The constitutional dimension of Verizon II has two parts. The first concerns the
requirement of Article III of the Constitution that a federal court has no jurisdiction to
decide a dispute unless an actual “case or controversy” exists; courts do not give
advisory opinions. Verizon argues that 512(h) transgresses the requirement because it
invokes judicial power when no case is pending. The trial court disagreed, concluding
that the provision is within the scope of judicial power as construed over the centuries.
The point is of great interest to constitutional scholars and judges, but it is of little
general interest to copyright owners and Internet users, and will not be discussed here.
Progress on Point 10.19 Page 9
The second line of constitutional argument, based on the First Amendment, was
also rejected by the trial court, which ruled that 512(h) contains adequate safeguards to
protect the speech and association rights of Internet users, and that it is not overbroad.
The ins and outs of First Amendment jurisprudence are also technical and of
interest primarily to the legal community, not to copyright owners and Internet users.
However, no matter who wins the current suit, the debate will be continued in the press
and in Congress.7 So the discussion in this paper ignores the legal issues in favor of
focusing on the overall policy – is subsection 512(h) a good idea as a matter of public
policy? In any event, to a great extent these policy arguments are at the heart of the
constitutional debate, only counsel have transmogrified them into the specialized argot
of First Amendment cases.
The policy arguments against the subpoena power of subsection 512(h) fall into
four categories: Costs; Privacy of music downloaders; Privacy of subscribers generally
against false claims or mistake; and Breadth of copyright. These are discussed in
The costs of ISP compliance with subpoenas are not at issue in the litigation. The
DMCA says nothing about payments by the copyright owners to the ISPs, and Verizon
does not claim that the imposition of the costs of complying with the subpoenas violates
any constitutional or other legal rights.
Nonetheless, costs are an important underlying issue, one that has been raised
in congressional hearings. 8 ISPs can make a reasonable case that forcing them to
bear the costs of identifying those engaged in unauthorized downloading is neither fair
nor efficient, and that they should be recompensed for these expenses.
When the DMCA passed in 1998, Napster had not yet been invented, let alone
KaZaA and other decentralized P2P sharing programs. Even if the underlying problem
of trading copyrighted material through ISPs as conduits was within the ken of
Congress, it was not anticipated that mass swapping might necessitate thousands of
subpoenas, and the total cost burden far exceeds anything contemplated in 1998.
The content industry can argue that Verizon and other ISPs received substantial
benefits under the law, and that leaving the costs of compliance with 512(h) on them is
not an unfair quid pro quo. However, from a public policy point of view it would be
better for the enforcement costs to rest on the copyright holder. This would ensure that
only copyrights with substantial economic value are enforced. It would also eliminate
On Sept. 16, 2003, Senator Sam Brownback (R-KS) made public a draft bill to repeal section 512(h)
insofar as it applies to ISPs acting as conduits. www.eff.org/IP/DRM/20030916_brownback_bill.php.
See, e.g., James D. Ellis, Senior Exec. VP & GC, SBC Communications, Testimony on Consumer
Privacy and Government Technology Mandates in the Digital Media Marketplace Before the Senate
Committee on Commerce, Science, and Transportation on Sept. 17, 2003.
Page 10 Progress on Point 10.19
the subsidization of IP by telecom consumers that is inherent in the present system.
Realistically, building fences, buying locks, and bringing lawsuits is a necessary cost of
owning valuable property, and these costs should be factored into the initial decisions
on whether the investment to produce that property is economically worthwhile.
There is a broader point, as well. The telecom companies are at risk of being
overwhelmed with enforcement demands – homeland security, child porn, IP. If these
demands are costless to the demanders, there will be absolutely no limit on them.
Nothing is too expensive for someone who gets the benefits of an action while the costs
fall elsewhere. Establishing the principle of compensation for enforcement costs would
be useful in the long run.
There is, of course, a counter argument. The RIAA calculates that users of P2P
systems consume more than half the capacity of broadband networks. 9 In the content
owners view, it is logical to conclude that their content is a major selling point for the
ISPs, and that the latter are, in effect, receiving immense benefits from RIAA’s
intellectual property. In these circumstances, they ask, why can’t one argue that the
cost of enforcement should be paid by the ISPs and factored into the cost of broadband
This argument has force, but fails the test of pragmatism. Adopting it would raise
the price of broadband to all subscribers, the just and the unjust alike, which would
discourage illicit use only by pricing some users out of the market, and these would not
necessarily be the illicit downloaders, who might in fact value their connections more
highly than other people. It is better to have enforcement costs internalized to specific
works and targeted on the actual violators, not paid by all broadband users.
Verizon argues that it is defending a very important right of its subscribers: their
right to privacy and anonymity.
On this point, it is important to distinguish between two categories of ISP
subscribers, because their claims are quite different.
The first group of claimants consists of the subscribers who are indeed using
P2P programs to download copyrighted material, and whose identity is sought by
Verizon and the other ISPs do not articulate their vision with great specificity, but
they seem to be arguing for a view of the Internet as a zone of anonymity, a realm in
which people can act secure from intrusion from the outside.
This view does not seem realistic. The Internet is a tool, and like other tools it will
be used for both good and ill. People will use anonymity to blow whistles on the
RIAA Brief, p. 3.
Progress on Point 10.19 Page 11
crooked and to make irresponsible slanders against the honest, to engage in political
speech and to destroy a system of intellectual property, to overthrow tyrannies and to
promote terrorism. Both the whistleblower and the Ku Klux Klan favor anonymity.
There is simply no way to establish the Internet as a special zone in which one can act
anonymously without regard to consequences, especially when those consequences
play out in the physical world. The music downloader is having a real effect, in that he
is destroying a system upon which the community relies for the production of something
that is greatly desired by millions of people. The moral case for being allowed to do this
anonymously is weak.
The music downloader’s claim to privacy is also weak as a legal matter. It
conflicts with the explicit language in the contract with the ISP, which warns the
subscriber that copyright violation cannot be countenanced, that it constitutes a misuse
of the service, and that it is grounds for termination. Surely the ISP itself has a right to
be sure that its service is being used in accord with the agreement, and it is difficult to
see why this right cannot be exercised at the request of the copyright owner.
In addition, in the context of illicit P2P file sharing, the person targeted by the
subpoena is, by definition, someone who has opened up portions of his hard drive to the
entire world of the Internet, allowing in everyone without restriction. But he then wants
to assert that the copyright owner has no right to notice what everyone else in the world
is invited not just to notice but to act upon – namely, the available of copyrighted music.
Such generalized claims of privacy are not countenanced by privacy
jurisprudence, such as that on searches and seizures, which recognizes privacy only in
that which is kept private and in which one has a reasonable expectation that the
privacy can be maintained. The idea that one can put up the equivalent of a sign
outside one’s house saying, “hot goods for sale here (undercover cops not invited),” and
make it stick is not persuasive.
To the extent that privacy claims rest on a reasonable expectation that something
will be kept confidential, one hardly has a reasonable expectation that files that one has
deliberately opened up to the world will be kept private. Note here that the use of
512(h) does not involve any claim that the target has waived his privacy interest in any
files except those that he has chosen to make available to the public at large. There is
no contention of any general right to rummage through his hard drive. The downloader
can control how much of his drive he makes public.
The second group of claimants has a much stronger case. It consists of ISP
subscribers generally, who might become targets of subsection 512(h) subpoenas as a
result of either false claims or mistakes. Verizon is also arguing that the privacy of this
group should be protected against these possibilities.
The two possible causes of error raise somewhat different issues.
Page 12 Progress on Point 10.19
Verizon raises the possibility that the process could be abused by, for example, a
cyberstalker. Someone who knows that an Internet user was on-line at a particular time
might falsely claim copyright violation as an excuse to force the ISP to provide their
Knowledge of the log-on could come from any of several sources, as Verizon
General Counsel William Barr has pointed out in testimony to Congress: “This
identifying information can then be linked to particular material sent or received over the
Internet, including e-mails, web browsing activity, chat room postings, and file-sharing
The counter-argument is that protections against this risk exist. To obtain the
information, the seeker must file a request with the court setting forth his claim, and
must include his own name and address. This ID must be correct, or else he will not be
able to receive the response from the ISP. It would be an unusual cyberstalker who
filed his intentions with a U.S. court.
If a false claim is filed, numerous penalties can be imposed:
• The request must include a sworn declaration that the purpose of subpoena is to
obtain the identity of an alleged infringer and that the only use made of the
information will be to protect copyright; thus falsity is perjury.
• Subsection 512(f) also provides for “any damages, including costs and attorneys’
fees, incurred” to be assessed against a person who knowingly misrepresents
that material is infringing.
• Subsection 512(h)(6) incorporates the sanctions available under Federal Rule of
Civil Procedure 45. The rule requires a party or attorney serving a subpoena to
take reasonable steps to avoid imposing undue burden or expense on a
recipient, enforceable by court-imposed sanctions, which can include (but are not
limited to) lost earnings and attorneys fees.
Verizon and its supporters have proposed a solution to the potential for abuse –
abolish the subsection 512(h) subpoena process and force the copyright owner to file a
John Doe law suit. Then, they say, the claims would be subject to review by a judge
before any subpoena issued, so the false and the frivolous would be filtered out.
This contention is weak, because there is no automatic judicial review of a
subpoena issued in a John Doe law suit. The website Chillingeffects, which is operated
Statement of William Barr, Executive Vice President and General Counsel, Verizon Communications,
Before the United States Senate Committee on The Judiciary, “Hearing on Pornography, Technology and
Process: Problems and Solutions on Peer-to-Peer Networks” (September 9, 2003).
Progress on Point 10.19 Page 13
by a consortium of legal clinics from several prestigious law schools, objects to John
Doe law suits on this precise ground – the lack of any control over the quality of the
case before a subpoena issues.11
A subpoena in a John Doe law suit is contested via the same mechanism as a
subpoena under subsection 512(h): either the ISP contests it directly, or the ISP
notifies the subscriber, who contests it. Indeed, the protections in a John Doe law suit
are less than those under subsection 512(h), which limits the nature of the information
sought and the purpose for which it can be used.
On balance, it is difficult to see what would be added by a requirement that a law
suit be filed except added expense and dead weight loss. It would not add procedural
protections. Indeed, in its briefs for the D.C. Court of Appeals Verizon has receded from
this suggestion, limiting discussion of John Doe law suits to a single sentence.
In Verizon II, the judge was skeptical about the substantiality of the fear that false
notifications would be filed for nefarious purposes, pointing out that the statute had been
in existence for five years and that no actual instance of such abuse had come to light.
In addition, the RIAA points out that the problem is, to a high degree, within the
control of Verizon itself. Subsection 512(h) does not require an ISP to notify the
subscriber that a subpoena requesting his or her identify has been filed, but neither
does it forbid such action. An ISP could adopt a practice of notifying the subscriber as
soon as it receives the subpoena, and before compliance, so as to give the subscriber a
chance to contest the disclosure.
From Chilling effects:
Question: Don't judges [in a John Doe case] review subpoenas before they are sent to
Answer: No. The issuing of civil subpoenas is not monitored by the court handling the case.
Under the normal rules of discovery in civil lawsuits, parties to a suit can simply send a
subpoena to anyone they believe has information that could be useful. That information
doesn't even have to be relevant to the lawsuit, as long as it could possibly lead to the
discovery of relevant information. The only way that a court will evaluate an identity-seeking
subpoena is if either the ISP or the target of the subpoena files a motion asking the judge to
block the subpoena. Unfortunately, in practice that rarely happens. That is because these
subpoenas usually have a short, roughly 7-day deadline, and because many people never
even find out that their Internet data has been subpoenaed.
Question: Aren’t people required to explain why they’re subpoenaing my identity and
Answer: Not with the initial request. The reasons for the subpena [sic] are only provided
if the subpena [sic] is challenged, through a motion to quash. In opposing the motion to
quash, the person seeking the information must demonstrate, at a minimum, that it is
likely to lead to the discovery of information that would be useful in a lawsuit.
http://www.chillingeffects.org/johndoe/faq.cgi#QID20. The website is operated by a
consortium of legal clinics from the nation’s most prestigious law schools.
Page 14 Progress on Point 10.19
The second claim Verizon asserts on behalf of subscribers in general is the need
for protection against the possibility of mistake. An example cited repeatedly is a child’s
book report entitled “Harry Potter” that triggered a warning letter from the copyright
The chance of mistake is compounded by the realities of enforcement practice.
Copyright holders or their surrogates write search programs – called “bots” for “robots” –
that log onto the file sharing network and search for designated names of artists or
titles. A file with a name close to that of copyrighted material can look like a copyright
violation to an inadequately programmed bot. Furthermore, the process can be fully
automated, with the bot programmed to record the portal information and print out the
section 512(h) declaration needed to obtain a subpoena.
Should the copyright owner follow up with a law suit, the subscriber has a
complete defense, of course, but he or she could still be put to the expense and anxiety
of retaining a lawyer and defending.
Protecting subscribers against mistakes is indeed an important interest, but it is
not clear why the solution should be to wipe out the whole subpoena system. The more
efficient solution is simply to put the cost of error on the copyright owner who makes the
To a large degree, the provisions for sanctions in section 512 and FRCP 45
already accomplish this. However, some improvements might be needed.
For example, an automated action of the type described above might escape the
sanctions provided for in subsection 512(f), which requires that the misrepresentation
that a copyright exists be “knowing.” On the other hand, it is by no means certain that a
court would in fact rule that the sanctions subsection is inapplicable. Under the
jurisprudence of intent, acting with reckless disregard of truth or falsity can be regarded
as the equivalent of acting with knowledge, and a court might well so hold with regard to
512(f). This could use clarification.
Another path to making the party requesting a subpoena pay for its mistakes is
also available. Establishing an automated system in which a notice is sent without
intervening human review, and thus shifting the cost of error to the recipient, is dubious
practice under the Rule 45(c) requirement that “reasonable steps” be taken to avoid
undue burdens. A court might well impose sanctions pursuant to that authority even if it
did not believe the level of knowledge met the standard of intent required for sanctions
under subsection 512(f). Judicial discretion to craft a suitable remedy under Rule 45(c)
is extremely broad.
Progress on Point 10.19 Page 15
In addition, if the ISP adopted a policy of notifying the targets of subpoenas, then
someone targeted by mistake could simply inform the copyright owner that it had picked
the wrong guy and that it proceeded at its peril. The sanctions available under Federal
Rule of Civil Procedure 11 as well as 45 would then be adequate to deal with the
problem if the matter were pursued through actual litigation.
On balance, the right of a subscriber to be free of any possibility of mistake
should not outbalance the vital interest of copyright owners in countering illicit
downloading, as long as mechanisms for placing on copyright owners the cost of their
mistakes, and compensating ISP subscribers.
Breadth of Copyright
Another objection is based on the breadth of copyright protection afforded by
It is also important to remember that the threshold for a claim of copyright in
any form of expression is extremely low. This subpoena power applies not
just to sound recordings, it applies to the expression contained in an e-mail
or posting in a newsgroup, digital photographs, and even pornographic
materials. It has and will be used and abused by parties far less responsible
than the recording or movie industries.12
The last sentence deserves consideration, because one can imagine an irascible
Netizen objecting that someone forwarded one of his emails without permission, or in
some other way violated a copyright, and that he needs a subpoena to determine that
person’s identity. There may also be problems in the borderland between copyright
and political speech. For example, a critic of a corporation may forward sections of an
annual report, which is indeed copyrighted, and trigger a subpoena from the offended
company. Arguably, no copyright violation has occurred because the use of the report
was fair, but “fair use” doctrine is notoriously murky and few individuals can incur the
legal expense to defend themselves against businesses that have legal battalions
already on the payroll.
Such actions would not be subject to the sanctions contained in the statute –
under the circumstances described, a copyright exists and the purpose of the subpoena
is to protect it.
The risk here cannot be ignored, but it should not be exaggerated, either.
To some degree, the quarrel is with substantive doctrines of copyright, and the
proper solution would be to clarify or modify those doctrines, not to maintain them while
undercutting their unenforceability.
Barr, supra note 10.
Page 16 Progress on Point 10.19
Beyond this, some inherent checks on the use of copyright actions are built into the
system. Infringement suits cannot be maintained unless a copyright is registered with
the Copyright Office, and few casual communications meet this standard. This would
not prevent a subpoena under subsection 512(h), but it certainly mitigates the potential
consequences that would flow from it.
In addition, while anonymity can be important, especially in political speech, the
number of instances which will involve both a need for anonymity and a colorable claim
of copyright violation is likely to be quite small. It does not seem to outweigh the
importance of protection of creators’ rights to their intellectual creations.
Finally, if a legitimate claim for anonymity exists, it could be met by a procedure
whereby the ISP notifies its subscribers who are targets of subpoenas so as to give
them the opportunity to contest the matter. This would be a more economical solution
than upsetting a complicated statutory scheme on the basis of hypothetical problems.
On the statutory interpretation claim, both sides score points, but on balance the
RIAA probably will continue to win, based on the language of the statute and on the
congressional intent to deal with the whole problem.
With respect to the policy issues, the most serious and meritorious claim of the
ISPs is the cost recovery issue, something not at issue in the current law suits. Solving
this could be the subject of private negotiation, however. It would not require new
Any claim of privacy by the music downloaders is weak, especially because they
themselves control what files are made available over the Internet. They only files
accessible by the copyright police are those that have been designated as available for
The cyberstalking issues and other possible abuses must be regarded as
worrisome, but the problem has not been shown to be real, nor is it clear that the
sanctions available would not be effective. With respect to mistakes, adequate
sanctions are available to deter the content owners from acting sloppily on the theory
that they can shift the costs of error to the targets.
In any event, an ISP policy of notifying the targets of subpoenas would do much
to forestall any real-world problems that might arise. The costs of this procedure could
be incorporated into any reimbursement scheme. If problems do exist, then relatively
minor changes in the system should be adequate to address the problems.
There is a legitimate concern about issues related to the breadth of copyright
protection and the possible application of subsection 512(h) to emails, chatroom debate
and similar writings. But this potential problem remains inchoate, and might best be
Progress on Point 10.19 Page 17
fixed by judicial action to clarify the doctrine of fair use, not by a roundabout route of
leaving the right fuzzy but undermining enforcement.
In the end, there should be substantial agreement on the best long term solution
to the problem of illicit downloading. There need to be:
• A number of services that provide music over the Internet at reasonable prices,
with purveyors experimenting with various contractual terms to find those favored
• Digital rights management to implement the contractual terms;
• Education to make consumers aware that: (1) Their interest lies in the creation
of markets for music and in compensating its producers appropriately, not in
short-term siren songs of “get it free”; and (2) Those whose who wreck the
market system by piracy are not the friends of consumers; and
• Enforcement against those who pirate music.
Enforcement cannot be foregone completely because music, no matter how well
protected by DRM, at some point must go through an audio output, which means it can
be captured, redigitized, and sent over the Internet. The need for content owners to
have a capacity to ascertain the identity of illicit users will not disappear. But if the other
conditions are met, then enforcement will be a small part of the total picture, and
subsection 512(h) will be a small part of that.
Page 18 Progress on Point 10.19
Publications on Related Topics
Jeffrey A. Campbell, James V. DeLong, Sarah B. Duetsch, Mitch Glazier, “Can’t We All Just Get Along?
The Content, Tech and Telecom Industries Examine Intellectual Property.” Progress on Point 10.11 (July
William F. Adkinson, Jr., “Orbitz Should Still Pop Up On Antitrust Agencies’ Radar Screens,” Progress on
Point 10.7 (March 2003)
James v. DeLong, “Intellectual Property in the Internet Age: The Meaning of Eldred,” Progress on Point
10.5 (February 2003)
Kent Lassman, “The Digital State Part III: Digital Democracy, Electronic Commerce & Business
Regulation and Management and Administration,” Progress on Point 9.22 (September 2002)
William F. Adkinson, Jr., “Domain Name Services: Let Competition, Not ICANN, Rule,” Progress on Point
9.21 (September 2002)
William F. Adkinson, Jr. and Jeffrey A. Eisenach, “The Debate Over Digital Online Content:
Understanding the Issues,” Progress on Point 9.14 (April 2002)
James W. Harper and Thomas M. Lenard, “Online Tax Preparation: Beyond the Bounds of E-
Government,” Progress on Point 9.13 (April 2002)
Dale W. Jorgenson, “American Economic Growth in the Information Age,” Progress on Point 9.12 (April
Jeffrey A. Eisenach, “The Need for a Practical Theory of Modern Governance,” Progress on Point 7.7
Paul H. Rubin and Thomas M. Lenard, Privacy and the Commercial Use of Personal Information,
(Washington, DC: Kluwer Academic Publishes and The Progress & Freedom Foundation: November
The Progress & Freedom Foundation is a market-oriented think tank that studies the digital revolution and its
implications for public policy. Its mission is to educate policymakers, opinion leaders and the public about issues
associated with technological change, based on a philosophy of limited government, free markets and civil liberties.
The Foundation disseminates the results of its work through books, studies, seminars, conferences and electronic
media of all forms. Established in 1993, it is a private, non-profit, non-partisan organization supported by tax-
deductible donations from corporations, foundations and individuals. PFF does not engage in lobbying activities or
take positions on legislation. The views expressed here are those of the authors, and do not necessarily represent the views of
the Foundation, its Board of Directors, officers or staff.
The Progress & Freedom Foundation 1401 H Street, NW Suite 1075 Washington, DC 20005
voice: 202/289-8928 fax: 202/289-6079 e-mail: firstname.lastname@example.org web: www.pff.org