Blog Post

How iCloud And Its Competitors Could Lead To Copyright-Trolling Lawsuits

Now that Apple (NSDQ: AAPL) has launched its iCloud music service, it’s going to be scanning a whole lot of users’ music files. So what is the company-and its music-industry partners-going to do about the fact that much of that music wasn’t legally purchased?

As users move their music to the cloud, it’s likely that a large number of the tracks moving into the cloud are of, shall we say, dubious parentage. That is to say, many of them were likely transferred over a file-sharing network at one point. What’s going to happen with all those pirated tracks as music gets moved to the cloud? And what kind of information will Apple be gathering, and sharing?

While it’s not widely known, MP3 and other music files often contain personal information. Some of the biggest digital music stores-most notably Apple’s iTunes, but also Wal-Mart (NYSE: WMT) and the now-defunct Lala-encode metadata on MP3’s that are sold that include account names and email addresses. (Other services, like Amazon (NSDQ: AMZN), do not include such information-here’s a list of who does what.) Such information could be used in furtherance of a DRM scheme. TechCrunch published an article last year quoting a “music-industry insider” made clear that the encoding of such metadata was a direct result of pressure from certain record labels, which “have aspirations to use this hidden data to control future access to music.”

So will Apple be gathering such “metadata” when users who buy in to the cloud scheme allow the company to scan their hard drives, looking at all the music they bought? The gathering of such information would probably be part of any thorough scan, although that doesn’t mean Apple has to keep that data. In fact, if they’re smart, they won’t hold on to it.

Metadata ownership information about users’ music collections would be mighty interesting to copyright owners, even if they didn’t have any interest in filing a lawsuit over it. Imagine the sort of “See! We told you so!” we’ll be hearing if content owners are able to establish, for instance, that a high proportion of music files sent to the cloud were transferred illegally-in other words, that they have a username or email embedded in them that’s different than the cloud customer.

But let’s imagine how a more direct legal battle could erupt over cloud-music. We might not see a big record label go after a tough target, like Google (NSDQ: GOOG) or Amazon itself (although the labels certainly do seem to be keeping their options open in that regard.) Instead, consider this possibility, outlined to me by New York Law School’s Prof. James Grimmelmann: a much smaller copyright owner-like the ones now engaging in mass-copyright litigation-decide to file a broad lawsuit over music sharing, and try to use courts to get large amounts of metadata that would demonstrate which files were pirated.

“Somebody from a smaller label will be approached by a lawyer, who says, ‘I want to try this fishing expedition lawsuit,'” explains Grimmelmann. “I will try to force Apple to tell me which users have unauthorized versions of this, and then I’ll just file a shotgun lawsuit against all of them.”

To be clear: “Such a lawsuit would have serious problems and I think it would probably lose,” said Grimmelmann. “But because of the iCloud service, it could be a lot more intrusive.” Grimmelmann says he’ll be looking closely at the iCloud privacy policy to figure out just what types of information-gathering, and information-sharing, Apple intends to do with iCloud.

And consider that Google and Amazon are potentially even richer data sources. Apple’s big advantage over those services is that because they have struck licensing deals with the music labels, they’ll be able to simply scan user hard drives and then provide copies of music, obviating the need for big uploads. But users of the Google and Amazon cloud services will have to directly upload their own files-which will inevitably contain metadata indicating the original ownership of some files.

Think it’s unlikely that copyright owners would be able to pressure online companies into handing over private user information? Think again. The fact is, it’s already happening-routinely. For about a year now, enterprising copyright lawyers have been launching mass-copyright suits, suing thousands of “John Doe” defendants believed to have downloaded movies. The lawyers and their investigators collect IP addresses from BitTorrent sites, and then insist that the internet service providers hand over the user’s identity. While some have balked the ISP’s have handed over the identities of hundreds, if not thousands, of users.

This isn’t so hard to imagine. It’s already clear copyright owners are watching the development of online locker services very warily. The entertainment industry has already sued some services that they argue have overstepped the law-that includes mp3tunes, which won its case against the EMI record label in the lower courts and is defending on appeal; as well as the Hotfile service, which was just sued by the MPAA. And while it doesn’t seem likely at the moment, if the RIAA were to re-start its litigation campaign against individual music downloaders, a defendant’s iCloud data could be a big source of evidence.

6 Responses to “How iCloud And Its Competitors Could Lead To Copyright-Trolling Lawsuits”

  1. Here’s the thing. The music has already been pirated by the time the user is sending it to the cloud. If iCloud didn’t exist, the pirated music would be living on a hard drive. With the (rumored) 150 mil deal with labels and undisclosed deal with publishers, money that previously was not there is now getting paid to artists writers and labels. It’s much like the Private Copy levy we have on blank discs in Canada. In a utopia all tracks would be bought and paid for and each additional use would see an additional license. But what we are seeing with the $25 fee and the label deal is money from pirated music where previously there was none. Instead of being wary of an online locker that controls use and has done the legwork of striking a deal or, as one commenter suggested, trying to mine data from people who are paying their part of the license with their $25 a year , (and thusly creating a whole new privacy/PR nightmare) how about we get back to finding a way to license and control distribution over illegal channels? Not chasing the source or the recipient but the channels. Going after iCloud is just lazy thinking and an attempt to apply the buzzword of the week to a different issue.

  2. I suspect that, as a face-saving move (and also a lot less expensive – which means the attorneys won’t like this idea) would be for Apple to program iTunes to auto-suggest paying a one time fee for the each “illegal” tune and that money is routed to the copyright holder.  Any use for iCloud and it’s peers would be for the labels to start gauging actual number of “listens” and come up with a royalty arrangement with their artists.  Imagine the shock and dismay of all the artists who have sold records, only to find that the listening world didn’t really listen after they acquired the recording?  I’ve got lots of CD’s that I’ve listened to MAYBE once.  Just a thought.

  3. Record companies are not going to prosecute, but they will get paid. I am sure apple sold this as a way for the record companies to get paid again for the tracks that we use on itunes/icloud. The way we got the tracks won’t be important. The copyright owner of any track you use with this service will be paid part of that $25 fee. 

  4. As evil as any of these big corporations may be at times, it would just not be in any way in their interest to share the metadata of the music of their users.

    How would a copyright troll know which users to target? When attempting to get user information from an ISP, the copyright troll/enforcement company at least does have an IP address that was downloading the file. Whilst that IP address does not necessarily represent a particular server, it at least does represent a destination where the file was downloaded. To get user information from ISPs, the copyright troll has to convince them that in all likelihood this user is infringing, and therefore for the ISP to keep its safe harbour provisions under the DMCA they should hand over the details. This is legally grey as as I said the IP does not represent a single user, but it at least is a possibility.

    There is no way the copyright troll would know who to try and get details of from these cloud storage services. Apple, Google, Amazon, et al will not be doing any general searches of their users’ files for any such information as it is not in their interest to do so and the copyright trolls can;t force them to do so as they will have *no* evidence of potentially infringing activity to start with. With a downloading IP address they have some evidence to at least know where to start looking, but this would not be the case in the cloud music lockers. To do such a search without *any* evidence would be a privacy nightmare – not something Apple, Google, or Amazon will want anywhere near them.

    • James Dier

      John, you are a moron. Stop fucking going against the artist.

      Apple doesn’t sell data. MP3 tracks have always had “watermarking” and identifiers” on them and it has not been a problem.

    • While this whole thing seems like a huge privacy concern for individuals, and even a potential legal concern, we just have to remember that many other things give away our personal data more than this is. We just need to continue being cautious as much as possible.