Oregon A.G. challenges RIAA subpoena on behalf of state university

Computerworld - In a move likely to be closely watched elsewhere in the nation, Oregon Attorney General Hardy Myers is seeking to quash a subpoena from the Recording Industry Association of America (RIAA) seeking the identities of 17 students at the University of Oregon who allegedly infringed music copyrights.

In a motion filed Oct. 31 in the U.S. District Court in Oregon, Myers said the move was based on the fact that the university was unable to identify 16 out of the 17 alleged music pirates based solely on the IP address information provided by the RIAA. Myers filed the motion on behalf of the state-run institution.

"The university had no other option but to file this motion," said Stephanie Soden, a spokeswoman at the Department of Justice in Oregon. The university had received a prelitigation notice from the RIAA last summer asking it to help identify alleged music pirates and had already signaled its willingness to assist the group in whatever manner in could, Soden said.

"To then be on the receiving end of a subpoena that is quite broad in the way it was drafted" gave the university no choice but to seek to quash it, she said.

In its campaign to root out music piracy, the RIAA has been subpoenaing universities and Internet service providers for the identities of individuals it suspects of illegal file sharing. The modus operandi is to send the university -- or Internet provider -- a list of IP addresses on their networks that the RIAA claims was used for illegal file sharing. It then demands the institution to turn over the identities of the individuals to whom the IP addresses were assigned to.

In the Oregon University case, five of the 17 John Does in the RIAA subpoena accessed the copyrighted content in question from double occupancy dorms. "With regard to these Does, the university is able to identify only the room where the content was accessed and whether or not the computer used was a Macintosh or a PC," Myers' office said in an affidavit. But no login or other personally identifiable information was used by any of the five to authenticate themselves to the university network. As a result, it was impossible for the university to say for sure which specific individual might have accessed the copyrighted information in each case.

Similarly, while two of the 17 John Does accessed the content in question from single occupancy dorm rooms, the university does not know for sure whether the content was accessed by the students themselves or by visitors to those rooms. Nine other John Does in the RIAA subpoena accessed the content via the university's wireless network using assigned usernames. But the university could not determine whether the content was accessed by the user the name was assigned to, or by someone else, Myers' motion said.