The Pirate Bay verdict explained

The tracker

One difference between The Pirate Bay and Google (or between The Pirate Bay and The Pirate Google) is that TPB run a tracker. As page 14 of the IFPI’s English translation of the verdict states: The purpose of a tracker is to inform users of a specific torrent files [sic] which other users share precisely that digital file. The torrent file can be uploaded to a web server which stores the torrent file for downloading by users. which appears to be the court’s own definition. It would perhaps be interesting if The Pirate Google set up their own tracker, using the open-tracker BitTorrent tracker software, created by a Google employee, available from Google Code, and then ran that on Google’s App Engine service. This would seem to link Google to The Pirate Google in the same way that Carl Lundström is linked to The Pirate Bay, except that, according to page 24, In early January 2005, Carl Lundström discussed an international launch of the website with Fredrik Neij and Gottfrid Svartholm Warg. The opinion was that this would require other languages to be used on the website, as well as an increase in computing power. Far from being simply an ISP for the site, Carl was at least aware of the contents of the site and involved in discussion about promoting it.

For now, The Pirate Google does not run a tracker, though, and there is no court case against it, so the defence of “We were just running a search engine for torrent files” hasn’t been legally tested yet. That is not the full story, though, for two reasons. Firstly, the torrent search engine ISOHunt is involved in a court case in the United States about copyright, and is preparing for another similar case in Canada, which may decide whether the provider of a search service can be prosecuted based on the actions of the users of that service.

Secondly, we may already be able to infer an answer to this question in Sweden because of the logic used by the court in the case against TPB. When dealing with the issue of files that were downloaded with the help of TPB’s tracker but found through sites other than TPB, the ruling states, on page 45: In the view of the District Court, the making available carried out by these users can also be considered within the framework of the principal offence which this case refers to, since it is The Pirate Bay’s tracker which has been used. It is worth noting that this bit of legal logic may not have been possible if the prosecution hadn’t changed the charges they were bringing against TPB by removing the sentence: All components are necessary for users of the service are able to share files with one another. from the indictment.

So the prosecution don’t think that all the components are necessary, and the court didn’t think that the website needed to be involved for a download to be “considered within the framework of the principal offence”, which sets the precedent for one component not needing to be involved. The page 45 quote should then be combined with this one from page 47: Criminal liability rests also with anyone who has aided and abetted the act in a physical or psychological sense. The accomplice must have facilitated the execution of the principal offence. There is no requirement for the accomplice’s actions having been a precondition for the accomplishment of the principal offence. Liability for complicity can apply even to someone who has contributed only insignificantly to the principal offence. This goes even further and says that even if the use of the website is not a “precondition for the accomplishment of the principal offence” then the people running it can still be held criminally liable. Far from The Pirate Google being safe from prosecution because it does not run a tracker, this suggests that the act of providing a search engine is enough to make you liable, or even providing a link to a search engine. Oops.

Intent

Fortunately the law seems to require that there is some degree of intent to be an accomplice to the crime for someone to be liable for complicity in it, and I certainly have no intent to assist anyone in breaking the law. It may seem strange that the prosecution in the case had to prove that the defendants had certain thought processes behind their actions, but they did make a reasonable effort at this, which, as I said above, did not involve inferring things from the name of the website. There are three factors which ultimately get put forward in the judge’s ruling as evidence of the defendants’ intent to offer a service which aids copyright infringement, and I will cover them below.

Unfortunately for the three defendants most closely linked to TPB, the first two pieces of evidence seem to have been provided by their co-defendant. Page 53 of the ruling says: Carl Lundström has confirmed that The Pirate Bay’s website attracts visitors because it offers the opportunity to utilize copyright-protected works free of charge. In an e-mail sent by him to his legal representative, he wrote that the purpose of the website was pirate copying, and he stated, during the main hearing, that the purpose of the website was, inter alia, pirate copying. It is this email and his statement of this belief during the hearing which the court points out in its ruling, and is used in arriving at the guilty verdict. Perhaps this should be a warning against hubris, or a warning against communicating freely in a country where the government can read your emails.

The fact that the words of one defendant were used to prove the intent of the others does seem to employ a rather questionable legal strategy, though, of treating the group equally culpable for a crime allegedly committed by the sum of their actions. On page 18 a defence lawyer points out: The indictment refers to responsibility for collective complicity, which is not an offence covered by Swedish law. and the court admits on page 49 that: One condition [for complicity] is, however, that it can be proven that each individual has been involved in the execution of the offence and that he has been aware of the others’ actions. which ought at least to mean that Lundström’s view of any intent behind the website should not be automatically assumed to be held by the other three.

There was one other piece of evidence the ruling mentioned, though, which is not so specific to one defendant’s private views. The site itself, it was argued, provides evidence that TPB knew that copyright files were being shared through the service. It might seem that TPB were just unlucky, or that the law was written against hubris or impoliteness, but it was the replies to legal threats that TPB posted on their website which the ruling pointed to. The actual quote is on page 52: The examination of the defendants, the letters from rightsholders published on the website, The Pirate Bay, and the e-mail correspondence indicating that the operation involved pirate copying make it clear that the defendants have been aware that copyright-protected works were available via the website, and were shared via the tracker embedded within the framework of The Pirate Bay’s operation.

Knowing that a crime was being committed through your service (or at least not investigating or stopping these crimes) is not quite the same as intent to assist them, but it does strongly suggest that your continued operation of that service is an intention to run a service which (among other things) assisted crimes. The quote from page 52 goes on to say: Despite this knowledge, they have elected to take no action to prevent the infringement of copyright. Based on their positions in relation to the filesharing service, The Pirate Bay, they have, in the opinion of the District Court, together and in collusion knowingly aided and abetted infringements of the Copyright Act by the individual users. Of course, it might not be hard to show that the CEOs of car manufacturers are aware that their cars are used for speeding and if they had written rude letters to the government saying “We’re not going to do anything about this” then that would hardly show their intent to assist those crimes. The question is, when does intent to assist someone who is committing a crime count as intent to assist in the crime.

The Supreme Court

This is where things start to get really tricky, and perhaps it is not surprising that the judge’s ruling makes the jump from “letters … on the website, … pirate copying” to “knowingly aided and abetted infringements” in the space of almost a footnote. The actual piece of connecting logic is here, also from page 52: The defendants intent does not, however, have to cover the specific works which it is alleged have been made available. It is, rather, sufficient for them to have had the intent to bring about the existence of copyright-protected material on the website (c.f. NJA 2007 p. 929). So the judge is saying that despite TPB not knowing about the works being shared, or who was sharing them, or that the works were copyright, they are still guilty of abetting the infringement of them.

With the verdict spending eight pages (39 - 46) trying to prove that the prosecution really owned the rights to the works in question, and that those works really were in the files specified, and those files really were available at the time periods specified, it seems strange that the most crucial and controversial element of the case was swept away in a handful of abbreviations and numbers. Apparently, though, the onus is on the reader to determine what these abbreviations mean, and as I hadn’t come across an explanation for them, that’s exactly what I did. I still haven’t seen any commentary that goes into detail about this point, so I will include my findings here and hope that it contributes to the debate.

Abbreviations like p. and c.f. are fairly common, but without the context of knowing what NJA means, they don’t impart much meaning in themselves. It was about here that I started to ask a Swedish friend for help, and when I came across the phrase Nytt Juridiskt Arkiv (possibly from a disambiguation page on the Swedish Wikipedia) he confirmed that it was a law archive. I managed to find an English language legal resources site which explained the Swedish legal system and translated the phrase as New Juridical Archive. The site also mentioned a Swedish government legal information portal with the address http://www.lagrummet.gov.se/ and although that address is invalid, I managed to find a page on http://www.lagrummet.se/ which answered a question about the NJA (in Swedish). Using Google to translate the page, I found that I had to visit another Swedish government information site and search for “Högsta domstolens” (Supreme court) rulings. I did a search, and despite the language barrier and the unusable mixture of JavaScript and Frames I managed to get a page which I thought was a Supreme court decision from 2008.

This was still quite a way off from what I wanted, but I persevered and did a search online (using some text from this 2008 decision as the search query) to see if there was another interface to the same documents. Fortunately I found a site which made much more sense (despite still being in Swedish) and contained the same Supreme court ruling. By looking at the URL, it was easy to find the actual ruling I wanted, the one on page 929 of the NJA for 2007. This just left the small matter of understanding the ruling, so I thought I would ask Google to translate it for me, but unfortunately Google can’t translate pages that are served over SSL. I wasn’t going to let this stop me, though, so using the sort of simple hack that The Pirate Bay would be proud of, I merely accessed the SSL site via an HTTP proxy site, and made Google translate that.

So, this case is given as the justification for claiming that TPB had intent to assist in the sharing of a files which they didn’t even know existed. It may seem strange then that the case does not involve file sharing at all. Instead, this case is about tax evasion and fraud, dealing with how a defendant assisted a crime by transferring some money. Although the transfer of money was not illegal in itself, it was part of an illegal plan which he had not been told about. The critical part of the Supreme court’s decision is here (from Google’s translation), where “RT” is the defendant whose intent is in question: It is not shown that RT had the insight that he, by the management of cash contributed to the fraud. His own data and the circumstances of the offense, however, entitled to conclude that he realized that there was a significant risk that cash management was included as part of an activity meant that incorrect information was submitted to the tax in order to evade state taxes and fees. It is obvious that he was indifferent to the fact that his actions contributed to a tax and fee avoidance. There is therefore placed to judge him for abetting the CB’s and GK’s serious fraud. Unfortunately for TPB this does sound like the sort of situation they are in, where they are an integral part of a system which people use to break the law, and they don’t take any action to stop it.

When I expressed my surprise at this Supreme court decision to my Swedish friend, he pointed out that: Yeah we have a law to say that if you aren’t threatend you can be found guilty for not stopping the crime. … Like if you see somebody being beaten up, and you have a cell phone and can move away to a safe location you should call the police. This still doesn’t answer the question of why a car maker isn’t guilty of being “indifferent to the fact that his actions contributed to” speeding, and perhaps the reason is that cars have a number of legitimate uses, whereas this transfer of money for criminals may not have been done with any legitimate purpose in mind. In contrast to this, the guys running TPB wanted people to share Open Source, Creative Commons and Public Domain works, just like Google want people to find legal information. The Supreme court decision does mention “significant risk” that a crime would be committed, but I think there is significant risk that a car will be used to break the speed limit at some point in its existence, or that every car driver will break the speed limit (even if they are not caught doing it) at some point in their life. Any legal theory which involves putting an arbitrary limit on the probability that a crime will be committed, then, is likely to criminalise car sales long before any torrent search engine.

Only in Sweden

Of course, I can only point out where I think Swedish law or its interpretation is being inconsistent, I cannot complain that it does not reflect my personal views or values. Sweden is a sovereign nation and if its citizens want to outlaw car sales and torrent search engines, that is their democratic right, just as it is their right to legalise car sales and torrent search engines. The other side of this, though, is that Swedish law cannot criminalise actions that I, as someone who is not resident in Swedish territory and is not a Swedish citizen, carry out. In general, then, I would think it is logical that people outside of Sweden and who are not Swedish citizens cannot be said to have broken Swedish law. This is why it seems strange that a Swedish citizen can be charged with assisting a crime when that “crime” is happening outside Swedish territory and being committed by someone who isn’t a Swedish citizen.

The wording from the judgement on page 46 is relevant to this: According to the District Court, there is strong reason to regard an offence which involves the making available of something on the Internet as having been committed in a country where the Internet user can obtain the information which has been made available, provided that the making available has legal implications in the country (c.f. Schønning, Ophavsretsloven with commentary, 3rd edition, p. 686). Unfortunately I cannot look up this reference (even on TPB), and all I have found are some details about it on Google’s book search, such as the ISBN which is 8761905666. It may well state that the making available should be regarded as having happened in Sweden, and this may well be reasonable, given that the tracker and search site were in Sweden (even though the actual transfer of copyright bytes would have happened completely outside of Sweden in most cases), and let’s assume that this commentary does reference valid legal precedents, but it is not at all clear that making something available in Sweden to people outside of Sweden is a crime.

If all the downloading had been done by people outside of Sweden, in countries where there is no copyright law (such as the Marshall Islands), it would be interesting to see the prosecution claim that Swedes should be prevented under Swedish law from helping these people in foreign countries carry out activities which they are legally allowed to do. The ruling itself says on page 41: According to the definition in the Copyright Act of what making something available to the general public entails, the indictment relates to the type of making available which takes place when the work is transferred to the general public. I doubt there has been a legal precedent set for who constitutes “the general public”, at least not with regards to the Copyright Act, but I think it is something the defence lawyers should have questioned.

Damages

Admittedly, even if no one inside Sweden downloaded the works, they were still potentially “available” in Sweden, and it is possible that this is what is forbidden by the Copyright Act (despite a similar line of reasoning being rejected even in America). It would seem to be another legal leap, though, to argue that TPB are responsible for reimbursing the rights holders for downloads that happened in countries without copyright laws. If someone is legally allowed to download something without paying for it, then the fact that they do so with a bit of help from TPB is surely no justification for the rights holder to demand money from TPB. Fining people for crimes which other people commit is one thing, but fining them for legal actions which someone commits seems bizarre.

This is where it is important to consider how exactly the damages were calculated. As the verdict states on page 64: The website also contained numerical information – based on a counter – which showed how many times a sound recording had been utilised for downloading. … The record companies have used the information on the number of downloads for each sound recording and multiplied these by EUR 6.50 to calculate the reasonable compensation. The figure of € 6.50 seems to refer to albums, and it is later explained that individual songs (or a collection of three songs) are charged at € 0.70 per download. Similarly there is a calculation per download for video files as well, with some complicated valuation based on how early relative to the official release date the videos were made available.

Although the court didn’t automatically accept the media companies’ valuation, it was never taken into account how many of these downloads were from Sweden (or the Marshall Islands). More strikingly, the judge seems to have dismissed the points made by the defence on page 15: The making available of the recordings has not led to those who have downloaded the recordings (produced copies) having, consequently, failed to purchase the equivalent copies from the rights-owners. Nor is there any other adequate causality between the specified injuries and the actions of the defendants. Being charged for each download as if it was a lost sale seems to suggest that the judge thinks that people would purchase the same amount of music regardless of whether it were available for free or for a price. If this were a matter of physical goods being stolen, it could indeed be argued that a stolen CD deprives a company of the ability to sell that CD to a legitimate customer, but a download could actually increase the sales of the physical version of a song if people download it and enjoy it.

Apart from the other interesting point made by the defence, also on page 15, that: Accomplices to offences cannot, in any case, be held liable for the whole injury. it must be mentioned how specific this verdict is to TPB itself. Not only did their culture of posting replies to lawyers on their site end up being used as evidence against them, but the fact that they publicised the number of downloads done through the site was a vital piece of the prosecution’s case. Again, you could call this hubris, but it does make one wonder what sort of a precedent this sets. If TPB had not replied to the legal letters, and hadn’t included a download counter on the site, would the trial have gone differently? What about if a new site is set up in Sweden that doesn’t make the same mistakes?

It is perfectly possible to imagine a site which just ranks the most popular downloads without divulging any statistics to the public. With the right software, the download counter could even be stored in RAM so that a shutdown of the server would cause the data to be lost (and a script could be written to keep the numbers persistent across legitimate reboots, if the user provides the right command signed by a private key). In fact, raiding a server would only provide one data point, while the prosecution seemed to require that the downloads were made over a fixed period, so perhaps this extra effort wouldn’t be needed. The only other thing to say about the damages calculation is to ask the question of what would happen if TPB had been tipped off about the investigation and had decided to tamper with their own database? Paying the damages for minus ten million downloads would be fun.

It’s fun to take down the DMCA

The final aspect of the case which I will mention is the attempted legal defence of invoking the Electronic Commerce Act (Bill 2001/02:150). This is especially interesting as it is the Swedish implementation of EU directive 2003/31/EC, which has aspects similar to America’s controversial DMCA. In particular it is worth noting that the DMCA provides a clear method for rights holders to inform the operators of websites about allegedly infringing material they may be hosting, and at least one legal letter to TPB seems to have tried to use this process. As there does not appear to be an equivalent “takedown” process outlined in the EU directive or Swedish act, it is less clear how a rights holder should deal with material they believe to be infringing, and how a website should respond to any requests it receives.

According to the defence, on page 29, the directive and the act both make it clear that: a service provider who supplies information but who has not initiated the transfer, which The Pirate Bay has not done, cannot be held responsible for an offence, nor found liable to pay damages. The court does accept, on page 55, that: The Electronic Commerce Act is, consequently, applicable to the filesharing services supplied from The Pirate Bay website. and then on page 56 (where all the remaining quotes are from) it states the first of two sections of the law which apply: The fact that The Pirate Bay offered a service where the user could upload and store torrent files on the website means, instead, that it is a matter of the type of storage service covered by the provisions of § 18 of the Electronic Commerce Act… (as opposed to the exemptions for being an ISP or a cache, for example). Unfortunately for TPB, however, the immunity granted by § 18 only applies if: the supplier was not aware of the existence of the illegal information or operation, and was not aware of facts or circumstances which made it obvious that the illegal information or operation existed or who, as soon as he received knowledge about or became aware of this, prevented the spread of the information without delay. which seems to effectively establish an ersatz DMCA-style takedown process.

Thus the court concludes: The prerequisites for freedom from liability under § 18 have, consequently, not been fulfilled. By not taking down information when informed about it, TPB have lost their immunity from liability that would otherwise have been granted. The law does not deal with the case that the takedown notice was incorrect, or whose responsibility it is to prove that the files being hosted really do belong to the person represented by the takedown request, but the bigger question is whether TPB’s failure to act against one set of files (which were apparently identified in messages from legal representatives) should invalidate their immunity in the matter of another set of unrelated files.

This question is even more striking when considering the other section of the law which the court says is relevant: § 19 of the Electronic Commerce Act is also applicable to service providers who store information. The case for the defence seems even stronger here, as apparently: Under § 19, a service provider who stores information on behalf of others can only be held liable for an offence relating to the content of the information if the offence was a deliberate act. and it is difficult to see how the downloading of files by users, without TPB’s knowledge of those files existence, can be seen as “deliberate”. Again it has to be asked whether this standard of “deliberate” applies to car companies “deliberately” allowing people to speed by continuing to create cars which they know have been used in the past to commit speeding offences. Or would TPB have been immune from prosecution over these 33 files if they had acted on the few takedown requests they had received?

The case takes one final turn for the weird when it continues: Even if the defendants were not aware of precisely those works covered by the indictment, they have, according to the previous findings of the District Court, at least been indifferent to the fact that it was copyright-protected works which were the subject of filesharing activities via The Pirate Bay. Somehow the standard seems to have shifted from “deliberate” acts to “indifferent” lack of action. It is not clear what level of action would be required for TPB to not fall foul of this novel legal requirement the judge has invented. If they had put a sign on their website saying “Don’t infringe copyright” would that count as being not indifferent to the thought of copyright works being shared? If they had removed a single suspected copyright infringing file (despite its legality in the Marshall Islands), as a token gesture, would they no longer be indifferent? I worry that the requirement would actually be that they comply with every takedown request, regardless of its validity, effectively giving big media companies an unaccountable veto on every file which gets shared, while the public have no legal recourse to stop this power of censorship being abused.

So the defence’s arguments are dismissed then, with the judge deciding: Considering that it is a matter of deliberate offences, the actions of the defendants do not enjoy immunity from prosecution under § 19 of the Electronic Commerce Act. This may be surprising, and it may have involved some unexpected legal leaps along the way, but there is every possibility that a retrial or a higher court will decide that TPB must be illegal under the law, or otherwise nothing is illegal under the law. Even if a more narrow interpretation of the law is used next time, and TPB are found not guilty, that will just put the pressure on the Swedish government to update their copyright law again. Such a law could make it clear, for instance, that if a site refuses to take down a file or search result when requested, then the site’s operators are liable for every crime which is committed through the site, and that all actions performed through the site are assumed to have happened in Sweden (by people who only download things which they would be prepared to pay for).

That’s a lot to write about one case, especially by a blogger who doesn’t write about current news articles. Perhaps this case reflects a wider trend in society, or maybe I could say that the case has been going on for years and looks like it will continue for years. Does this mean I’ll cover the retrial? That depends. Will the court’s ruling be a one page PDF next time?