Exploring what Cornell’s largest file sharing network means for students and the university.By Rob Ochshorn
Fall 2007 [Number 1]
Not supposed to answer the phone at her campus job over the summer, Christine Swoboda, a Cornell sophomore studying Nutritional Sciences, took a bathroom break to return a missed call.
“You’re in really big trouble,” her mother explained over the phone. Swoboda had been sued by the Recording Industry Association of America (RIAA), and the only way out of a lawsuit she couldn’t afford was a $4,000 settlement that, well, she also couldn’t afford. Swoboda (the name means “freedom” in Czech) is one of thousands who has settled bills with the entertainment industry in the four years since it started suing run-of-the-mill downloaders (especially students) for copyright infringement.
These lawsuits can be devastating on a personal level. Swoboda’s father is dead and her mother works odd jobs to subsist; she attends Cornell almost entirely on financial aid. An occasional downloader caught downloading just 10 songs, it took her five tries to even secure a loan to cover the settlement fee, and she may be still paying installments when she graduates. “To suddenly get a $4,000 debt is a huge, huge deal,” she told me.
The situation is bizarre and historically unique. When huge subsets of the population seek remedy for a common wrong, usually imparted by a large corporation, they can turn to federal civil procedures and band together to initiate a class action lawsuit. Now take the complicated class action mechanism, run the machine backwards, and watch as a few powerful corporations crank out by the tens of thousands infringement notices, threats, lawsuits, and subpoenas against anyone and everyone they believe to be violating a copyright. How did it come to this?
 (art by Rob Ochshorn)
setting the stage
The story starts with Napster, a company dreamed up in 1998 by Shawn Fanning while at Northeastern University. Fanning dropped out of school to develop a central system that would keep track of music files users had on their disks, and would then enable them to download music directly from one another in peer to peer (p2p) fashion. It was ready to go in May of 1999, and Napster was sued by the RIAA in December of that year. While the lawsuit moved through the system, Napster’s user base climbed steadily into the millions.
Metallica, an influential heavy metal group, discovered a song of theirs listed through Napster before its release, and, joined by hip-hop pioneer Dr. Dre, entered the legal fray. Napster was not the only target; the musicians threatened universities with legal action unless they blocked the program. They named three universities, including Yale, as defendants in their lawsuit, and wrote letters to 20 more, one being Cornell. All three named defendants promptly blocked access to Napster, and many more followed with similar action.
Cornell declined to block Napster traffic—Associate University Counsel Patricia McClary sent a high-minded response to Metallica and Dr. Dre’s counsel in late September, 2000:
There is, as you must appreciate, great potential for lawful, beneficial uses of file-sharing technologies such as Napster. Indeed, many artists choose to make their work freely available on the Internet as a means to reach larger audiences. Denying the University community the benefits of this technology would, in our view, be inconsistent with the University’s educational mission and the principles of academic freedom. At the same time, file sharing was creating an insatiable demand for bandwidth (a measurement of the amount of data coming and going). Cornell began looking into ways to divide the costs of network usage equitably between colleges and residential units. Napster started losing users when they made a futile effort in March of 2001 to filter illegal exchanges off the network, and by the time they shut down their entire operation in July to comply with a court injunction, Napster had been effectively replaced by a new breed of file sharing applications and protocols like KaZaA.
Demand for file sharing was increasing, and the only effect of shutting down Napster was a dispersion of downloaders among numerous services, many of them more decentralized and harder to control than Napster. (Of course, that didn’t stop the RIAA from filing lawsuit after lawsuit aimed at annihilating every new p2p program.)
According to a section in the Cornell Internet Technologies (CIT) 2001/02 Annual Report titled “Reining in file-sharing on ResNet,” Cornell’s first attempt to negotiate the huge volume of traffic students were consuming by sharing files online was to limit Internet service in the dormitories, the so-called ResNet, to 60 percent of Cornell’s total traffic on the internet, and to assign heavy users (“students whose bandwidth usage exceeds 27 GB over a 3-day period”) to three days in a bandwidth time-out, during which time those users would have just a fraction of their previous speed online.
Tracy Mitrano, now Director of Information Technology Policy and Director of the University Computer Policy and Law Program at Cornell, hosted a ResNet forum to discuss Internet traffic on the network. In a memo written before the forum, Mitrano wrote “The ResNet network capacity problem is the result of the file sharing programs accessing ResNet computers to draw out music or videos for other people on the Internet.”
Also in her memo, years before anyone could have imagined the mass of lawsuits filed against downloaders, Mitrano warned of the possible repercussions of illegal file sharing. “Theoretically, each violation presents fines of $30,000 and criminal sanctions,” she wrote, before adding, ironically, “It would appear that generally copyright holders do not pursue individual infringers.”
Cornell’s policy could have gone in several directions. Unlike other universities, Cornell felt no compulsion to bow down to Metallica, Dr. Dre, and the entertainment industry, but at the same time, file sharing was crippling the network. The CIT 2001/02 Annual Report measured traffic on KaZaA to be almost twice as great as all other protocols put together. Moreover, this bandwidth was extremely disproportionate; the top 25 ResNet users consumed almost as much traffic as the other 5,900 put together.
A report on Internet Usage Statistics presented by the Student Assembly Committee on Information and Technologies and ResNet in early 2002, observing the two-way nature of file sharing, came up with an amusingly self-interested solution: “If everyone on campus turned off only outbound KaZaA sharing (files going to other people), we would have approximately 50% more bandwidth for other Internet traffic. This would mean much faster Internet for everyone!!” (Here, “everyone” is referring only to people on Cornell’s network).
Instead, students entering Cornell in 2003 were allotted 2GB of bandwidth every month before accruing small data charges, a fraction of the daily bandwidth the biggest network users were accustomed to but still enough for most users who didn’t make a habit of file sharing.
Bonafide and the great internal network
By Fall 2003, the game was changing. That semester marked the RIAA’s first 261 lawsuits against users of p2p software and the new bandwidth charges on ResNet. An ecstatic review in the CIT 2003/04 Annual Report noted a “significant decline (70 percent) in Internet usage among students.”
“With this success in encouraging more prudent use of our Internet resources,” the report continued, “we have avoided the tremendous expense of an additional Internet connection or the deployment of more intrusive and restrictive usage controls.”
KaZaA, the most widely used protocol on Cornell’s network the previous year, was not even in the top five any longer; the HTTP protocol used to browse the web was number one by a large margin and Unidata-LDM, used for live meteorological data, was second.
Based on CIT’s Annual Reports, one might get the impression that after the ‘02-’03 academic year, students were so deterred by the bandwidth fees and the entertainment industry’s legal threats that they went cold turkey from file sharing, reverting back to legal, traditional ways of getting music, such as buying CDs.
But no: if it was difficult to share files with the whole Internet, students would figure out how to share amongst themselves. Since Cornell’s bandwidth calculations only accounted for external network usage, traffic on the internal network would not bog down the university’s connection to the Internet and students wouldn’t be charged. It also has the benefit of being pretty damn fast because data never leaves Cornell’s top-notch infrastructure; and because one’s activities are undetectable off the network, it is thought to be safer.
Using the Direct Connect protocol, which allows programs like DC++ and ShakesPeer to connect through a central hub to see other connected users and their shared files, Cornell’s hub (named THCHub based on its original audience of the Townhouse Community on North Campus), is now considered by many an integral aspect of campus living.
I spoke with the hub’s founder, who requested I refer to him by his hub pseudonym, Bonafide, due to risks that his association with the hub could pose to his current employment in the information systems industry. Bonafide never expected his system to extend far beyond a small circle of friends, but knew it was getting serious when he was walking down the street and overheard a girl he didn’t know passing on hub details over her cellphone correcting a friend by saying “No no no! D, C, plus plus”.
From there, Bonafide said, “it just sort of took off.”
Elliott Bäck, a Cornell alumnus whose once-controversial campus blog I previously profiled in this magazine, collected data on the hub before graduating and last September posted to his blog an analysis . Bäck found over 19 terabytes comprising about 2.5 million different files shared between more than a thousand users at any given moment. (Apple’s popular—and legal—iTunes store currently has more than 6 million songs, but not even close to the over 200 thousand video files on DC++ at any one time.)
Diego Asturias, who graduated from Cornell and currently works on the West Coast, was the first user connected to THCHub and at one point ran the operation; Asturias told me that over half of the on-campus population logged on at least once.
DC++ is nearly perfect: the selection on the hub is determined by students (“Who better to pick?” Bonafide asks). Operating exclusively on the university’s internal network, it’s faster than anything else imaginable and free from prying eyes from outside. The cost is absolute zero, it doesn’t even put a strain on Cornell’s network. Moreover, files have no Digital Rights Management (DRM) constraints to prevent doing what you will with them.
There is one catch, Bonafide said, “The only downside with the hub is that it’s all illegal.”
outside the hub
As far as anyone can tell, DC++ at Cornell has been free from external intervention. Students have been caught downloading with the DC++ software, but in every case Asturias and Bonafide were aware of, these students were inadvertently using DC++ to connect with an external network, not THCHub.
Cornell’s hub was shut down once, during Asturias’ oversight, when a bootleg of a local Jon Stewart talk was shared and the group responsible for Stewart’s visit took action against the hub. As soon as the hub went down, however, three new ones popped up (setting up a Direct Connect server is not terribly difficult) and within a week or two the ad-hoc hubs had merged into one.
DC++ can never satisfy all of the file sharing wants of Cornell students—after all, the files have to come from somewhere in the first place. Many files are likely picked up from external file sharing sites, with all the risks leaving the internal DC++ network entails.
While living on campus, Asturias was identified in an undercover FBI sting operation relating to a DVD he obtained and redistributed several weeks prior to its commercial release. He didn’t play a large role in the leak and was of little interest to the FBI, but this was now the “big boys’ league.” As Bonafide eloquently put it, “that’s a whole new level of shit there.”
There’s a common misconception that small-time file sharing will go unnoticed in the grand scheme of things, which is proving a costly misconception for many. I spoke with RIAA spokesperson Liz Kennedy, who said that anyone engaging in music sharing—“one song or hundreds”—could be sued.
Takedown provisions in the 1998 Digital Millennium Copyright Act (DMCA) grant copyright holders a mechanism for removing infringing content from the Internet. If the poster of the material is unknown, takedown notices may be sent to the Internet Service Provider (ISP) hosting the material. For students living on campus, Cornell is the ISP, and takedown notices are sent to Tracy Mitrano.
Mitrano’s office verifies that the takedown notice is accurate and forwards the takedown notice to the student, before suspending the student’s Internet access until the file in question is removed or rights to it are asserted (the latter hasn’t happened yet).
The student is then referred to the Judicial Administrator, Mary Beth Grant, for internal arbitration. Grant says that most students are issued the blanket “non-compliance with University policies” charge, but some students like Dan Rose, caught by HBO last April downloading episodes of The Sopranos (a TV show rife with extortion and other shady business tactics) are given a “to steal or knowingly possess stolen property” charge and fined $30. (File sharing may infringe copyright and be illegal, but it can be “theft” only rhetorically.)
Mitrano says she has processed over 1,000 takedown notices, and Grant provided me with yearly statistics on the sharply rising numbers of referrals for copyright offense. Mitrano—who teaches a 500-level course in the Information Science department about the role of copyright in society—has developed a curriculum about copyright for eCornell, Cornell’s for-profit distance learning subsidiary, that will soon be assigned to first-time copyright offenders referred to the JA.
Lately, the RIAA has been embedding the DMCA notices within controversial “pre-lawsuit” letters, where they threaten to track down and sue the student unless paid to settle, generally for around $3,000. Cornell forwards these letters to students, who can do with them as they wish.
If the content holder wishes to continue going after a student, the next step is to file a Doe lawsuit and then subpoena Cornell for the student’s name. (The Does—John, Jane, Baby, James, and Judy Doe—are commonly used as placeholder names for defendants when their identity is unknown or masked, while the Roes are used for anonymous plaintiffs, as in Roe v. Wade; Doe lawsuits are commonly filed by content holders because they do not know the name of the copyright infringer.)
When presented with a court-ordered subpoena, Cornell has little choice but to hand over this information. The overwhelming majority of accused file sharers settle, but some extraordinary cases are thrown out, for example when defendants aren’t alive or don’t have Internet service at the time of the alleged infringement (Associated Press headline for the former: “Music Industry Sues 83-Year-Old Dead Woman”). On October 4 of this year, the first file sharing case was decided by a jury; the RIAA won over $200 thousand in damages from a single mother who denied downloading the files. The case is expected to be appealed.
where do we go from here?
On September 18, Cornellian Hanna Roos was named as a defendant in a federal district lawsuit filed by UMG Records, Elektra, Virgin Records, Capitol Records, and Sony BMG for copyright infringement using Limewire. One of the songs Roos allegedly infringed was by Radiohead, a group known for their openness to digital distribution of music (the song, entitled “Let Down,” also features the appropriate lyrics, “let down and hanging around / crushed like a bug in the ground”).
In fact, a month before Radiohead was set to release their highly experimental Kid A in 2000, the whole album appeared on Napster, where it was downloaded without payment an estimated millions of times. When the CD was finally released, though, it hit number one on album charts in the US and around the world—Kid A is not a typical top 20 album, so its performance was especially surprising. And by the time this magazine is distributed, Radiohead will have released a new album, In Rainbows, where buyers can pay as much (or as little) as they wish to download the album. Without a record label, they will take in all proceeds; a class action lawsuit filed against Sony by the legendary Allman Brothers Band and Cheap Trick last April revealed that those bands made only 4.5 cents on a 99 cent download.
In an interview with Time after their contract with Capitol Records expired, Radiohead vocalist Thom Yorke said “I like the people at our record company, but the time is at hand when you have to ask why anyone needs one. And, yes, it probably would give us some perverse pleasure to say ‘Fuck you’ to this decaying business model.” With Radiohead’s ubiquity, if the distribution model for In Rainbows succeeds there could be major implications for the relevance of the entire recording industry infrastructure.
For now, though, the law is very bad for alleged file sharers, and most defenses rest on the unreliability of methods used to track down infringers. The university has tried to provide legal alternatives for downloading music, like the back-from-the-dead subscription Napster Service (paid for by an anonymous corporate donor). That expired after two years when the Student Assembly was too uninterested to even bring its extension (with student money) to a vote. Cornell alumnus Kwame Thomison, who was president of the Student Assembly last year, told me that while he felt differently about the matter, the sentiment was that Cornell had DC++ so students didn’t want to pay for an inferior alternative.
“If there was no DC++, things would look a lot different,” Thomison said. Dean of Students Kent Hubbell told me about a new, ad-supported music service, Ruckus, being introduced on campus this semester. But Hubbell understood that the restrictions on the music even after downloading can be disenchanting. “Until it’s DRM-free,” Hubbell said, “it’s not the same as free.”
The fact is, no legal service can compete with the DC++ hub, especially given the perceived invulnerability of operating in an internal network, a walled Garden of Eden. But LANs, as such local networks are called, are not completely insulated from the entertainment industry’s watchful eyes. The first four lawsuits against college students, filed in April 2003 as a precursor to the thousands that would follow, targeted students organizing campus hubs much like Cornell’s. (All four settled, for amounts between $12,000 and $17,000.) In April of 2006, the RIAA launched a “Systematic Program to Curtail Campus LAN Piracy,” according to their press release, and last spring the president of the RIAA, Cary Sherman wrote to the Cornell Daily Sun urging his alma-mater to monitor the campus network.
Mitrano, Hubbell, and Grant all told me that this was not something Cornell was interested in doing. “We don’t sift pipes, if you will,” Hubbell said. “We don’t monitor content.”
In fact Cornell has been proactive lately on behalf of its students’ privacy, helping to defeat a Senate amendment that would have forced the 25 universities receiving the most copyright infringement notices to formulate a plan of action on how to stop such infringement on campuses.
But all Cornell can do is step back and stay as uninvolved as possible in the conflict between the entertainment industry and students, a stance Cornell is already taking. While some national student movements like Free Culture have emerged to address the burgeoning copyright battle, most of the student troops are on the sidelines, or, more probably, in the hub rocking out in our internal file sharing bubble.
In DC++, students have constructed a world where cultural artifacts are shared freely and widely, but outside, things are shaping up very differently. When the hub comes down—and the current scale of operations ensures that it will—what will students do to make the law conform to their usage? If students like the hub, and usage would certainly suggest that this is the case, what needs to be done to turn it into a viable system that allows content to be produced as well as shared? Can the hub help budding artists as well as starving students?
Mitrano sums up our task pretty well, “Students need to make this the political issue of their generation...They need to be political, they need to be citizens...citizenship doesn’t mean just blind obedience to the law—challenging the law! It means challenging strong lobbyists who are dramatically influencing the law. That’s what I want to see.” |
