Universities tight-lipped over file sharers

Some universities are balking at stepped-up demands from the recording industry to unmask alleged student file sharers, citing procedural uncertainties over an avalanche of subpoenas filed with the courts in recent weeks.

Boston College and the Massachusetts Institute of Technology on Tuesday said they are barred from immediately handing over the names of students to the recording industry by the Family Education Rights and Privacy Act, which requires institutions to notify students before releasing any personal data.

Both schools said they were opposing the subpoenas on procedural grounds, rather than contesting the RIAA's right to the information. As a result, the refusals could further delay - but are unlikely to derail - the recording industry's efforts to unmask the identities of file swappers and ultimately file suit against them.

"MIT of course has a policy of complying with lawfully issued subpoenas," said professor James Bruce, vice president for information systems at MIT, in a statement. "In this case we have been advised by counsel that the subpoena was not in compliance with the court rules that apply to these subpoenas, and did not allow MIT time to send any notice as the law requires."

The Recording Industry of America (RIAA) has filed close to 1,000 subpoenas in the US District Court in Washington this month requesting information from educational institutions and ISPs on users of Kazaa, the peer-to-peer file-sharing service. The group issued the requests as part of its continuing effort to crack down on individuals using the internet to illegally distribute copyrighted music.

The RIAA has already won a key court decision upholding its right to use the subpoenas, which take advantage of a controversial fast-track provision that allows copyright holders to obtain information about alleged infringers without first filing a lawsuit.

That decision, which forced Verizon Communications to turn over the name of a broadband subscriber accused of swapping copyrighted works on Kazaa, vastly simplified the RIAA's investigations and effectively opened the subpoena floodgates.

ISPs, schools and file-swappers themselves are scrambling to figure out just how much legal space they have to contest the stream of requests, which is testing new areas of law.

MIT reported it filed a motion in the US District Court for the District of Massachusetts asking how it should proceed in light of the subpoenas and requirements of the Family Education Rights and Privacy Act. The school was careful to indicate in its statement that the refusal does not represent MIT taking any position in the war between the RIAA and users of peer-to-peer file-sharing sites such as Kazaa.

Boston College also said it was acting on procedural grounds. "The subpoenas issued by the RIAA were issued from the wrong court under the Federal Rules of Civil Procedure and did not provide us with adequate time to notify the students," Boston College spokesman Jack Dunn said. "We are opposing the subpoenas, not in an effort to protect students from the consequences of copyright infringement, but rather to establish the proper procedures to be followed in the future."

An RIAA spokesman would not elaborate how the group would react to the two schools' refusal to provide student information, but he said the RIAA would continue to issue similar subpoenas when merited as it continues to gather evidence against people. He said the RIAA expects lawsuits to begin being filed in Washington by late August or early September.

"No one should be surprised by any of this, as we've given fair warning that we would be collecting information on individuals who continued to distribute copyrighted materials," the RIAA spokesman said.

Privacy expert Peter Gregory, principal in Seattle-based HartGregory Group, said it remains to be seen how the Family Education Rights and Privacy Act might stand up in court against a subpoena, should the universities fight to keep the identities of their students hidden.

According to Gregory, the current privacy-friendly atmosphere in the US might favour the schools in the short term, but he warned at some point educational institutions will likely be forced to claim greater responsibility for the manner in which their computer networks are used.

"For a number of years, universities have been reluctant to keep a closer eye on how their networks are used in the name of allowing education and experimentation without censorship," Gregory said. "Sooner or later someone is going to push hard to make the schools more accountable, and if there is evidence that a university had knowledge of illegal activity, you will potentially see them held liable."

The stream of subpoenas flowing from the RIAA's legal team over the past few weeks has put unaccustomed pressure on the court system and on the ISP's legal teams responding to the requests.

According to the federal circuit court, which is serving as a clearinghouse for all the RIAA subpoenas, regardless of the location of the target, 871 had been filed by the close of last week. The office is expecting about 300 more per week for the next six months, based on information given to it by the recording industry group.