Mathew Englander (http://www.mathew-englander.ca/) recently wrote to me about the latest developments in the CRIA lawsuit appeal. With his permission, I'm including his letter and I suggest taking a look at the appeal materials he refers to:

David,

A while ago you blogged about the decision by Justice von Finckenstein of the Federal Court (2004 FC 488) not to compel several ISPs to release information related to the identities of their subscribers alleged to have infringed copyright by file-sharing (pipeda.blogspot.com/2004/04/privacy-aspects-of-matter-of-bmg.html).

You may wish to run an update as the decision is under appeal to the Federal Court of Appeal. I have been reading the factums at CIPPIC's web site (http://www.cippic.ca/en/projects-cases/file-sharing-lawsuits/document-archives.html). The central issue on appeal is whether a plaintiff in a John Doe lawsuit needs to establish a "prima facie case" or just a "bona fide case" before an innocent third party is compelled to release information about the identity of the defendant.

This may seem like a dry legal distinction, but it has serious implications for privacy. The "prima facie" standard (which Justice von Finckenstein adopted as the first criterion of five; see paras. 13-14 of his decision) is stricter. As I understand it, it means that the plaintiff must provide some acceptable evidence on each element of the cause of action. The "bona fide" standard appears to mean that the plaintiff need only show that it honestly believes the defendants are liable. Having a stricter standard is more respectful of an individual's privacy since it requires more evidence before the court may order the individual's personal information released.

The Canadian Recording Industry Association was coordinating the legal action for the plaintiffs. It is interesting to look at its news releases on the matter (http://www.cria.ca/news.htm). For example, on March 12, after the first day of the hearing before Justice von Finckenstein, it issued a news release saying it was "confident" its motion would be granted.

The plaintiffs' motion was dismissed because of deficient evidence. CRIA had hired a company called MediaSentry to investigate music piracy. MediaSentry downloaded files from 29 users of peer-to-peer software, and came up with an IP address for each user at the time of download. The IP address could be linked with an ISP through whois queries, so the plaintiffs wanted the ISPs to disclose the real name, address for service, and other information about the holder of the account to which the particular IP address was assigned at the particular time.

However, there was no evidence at all as to how MediaSentry came up with the IP address of each peer-to-peer user. In addition, the affidavits tendered by the plaintiffs were full of hearsay with no explanation for why they did not provide affidavits from those with direct knowledge. It seems to me that this was a big screwup by the lawyers who prepared the motion material.

There were five ISPs named as non-party respondents to the motion: Shaw, Rogers, Bell Canada, Telus, and Videotron. All five are respondents on the appeal and each filed its own memorandum of fact and law. It is particularly interesting to read the ISPs' arguments. Only one, Videotron, is basically supportive of the plaintiffs. Bell Canada's position is ostensibly neutral, but its arguments are strongly opposed to the plaintiffs' appeal. The other three expressly argue that the appeal should be dismissed.

In my view, the decision of Justice von Finckenstein is solid and it is surprising that CRIA is even appealing it. Since these are just intended as test cases in any event, it might be better off going back to square one, having MediaSentry or some other company entrap some more alleged copyright-infringers and this time developing a stronger evidentiary base to bring to court.

Mathew Englander

Labels: information breaches, ip address, privacy