This is the accessible text file for GAO report number GAO-04-503 entitled 'File Sharing: Selected Universities Report Taking Action to Reduce Copyright Infringement' which was released on May 28, 2004. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. United States General Accounting Office: GAO: Report to Congressional Requesters: May 2004: File Sharing: Selected Universities Report Taking Action to Reduce Copyright Infringement: GAO-04-503: GAO Highlights: Highlights of GAO-04-503, a report to congressional requesters. Why GAO Did This Study: The emergence of peer-to-peer file-sharing applications that allow networks to share computer files among millions of users has changed the way copyrighted materials, including digital music, videos, software, and images can be distributed and has led to a dramatic increase in the incidence of copyright infringement (piracy) of these digital materials. These applications enable direct communication between users, allowing users to access each other’s files and share digital music, videos, and software. According to a coalition of intellectual property owners in the entertainment industry, an increasing number of students are using the fast Internet connections offered by college and university networks to infringe copyrights by illegally downloading and sharing massive volumes of copyrighted materials on peer-to-peer networks. GAO was asked to describe (1) the views of major universities on the extent of problems experienced with student use of file-sharing applications as well as the actions that the universities are taking to deal with them and (2) the actions that federal enforcement agencies have taken to address the issue of copyright infringement on peer-to- peer networks as well as agency views on any legislative barriers to dealing with the problems. What GAO Found: The college and university officials we interviewed are aware of the use of file-sharing applications on their networks, almost all of them have experienced some problems and increased costs as a result of the use of these applications, and they are taking steps to reduce the use of these applications on their networks. All of the officials interviewed indicated that their colleges or universities routinely monitor their networks, and most of them indicated that the institutions also actively monitor their networks specifically for the use of these file-sharing applications. When infringing use is discovered, all of the representatives stated that enforcement actions are taken against the individuals responsible. These actions included issuing a warning to the user or users, banning them from the network for a period of time, and managing the bandwidth available for a group of users. Federal law enforcement officials have been taking action to investigate and prosecute organizations involved in significant copyright infringement. These groups use a wide range of Internet technologies to illegally distribute copyrighted materials over the Internet. Federal law enforcement officials did not identify any specific legislative barriers to investigation and prosecution of illegal file sharing on peer-to-peer networks. According to the Department of Justice officials, the department’s recently created Intellectual Property Task Force will examine how the department handles intellectual property issues and recommend legislative changes, if needed. [hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-04-503]. To view the full product, including the scope and methodology, click on the link above. For more information, contact Linda Koontz at (202) 512-6240 or koontzlj@gao.gov. [End of section] Contents: Letter: Results in Brief: Background: Selected Universities Report Taking Action to Reduce Illegal File Sharing on Campus Networks: Federal Enforcement of Copyright Infringement through File Sharing Focuses on Organized Groups: Summary: Agency Comments and Our Evaluation: Appendix I: Objectives, Scope, and Methodology: Appendix II: Description of File Sharing and Peer-to-Peer Networks: Appendix III: Key and Supporting Federal Agencies Involved in the Investigation and Prosecution of Copyright Infringement: Investigating Agencies: Prosecuting Agencies: Supporting Agencies: Appendix IV: Comments from the Department of Justice: Glossary: Table: Table 1: Federal Entities and Supporting Agencies and Organizations Involved in the Investigation and Prosecution of Intellectual Property Rights Violations and Copyright Infringement: Figures: Figure 1: Average Percentage of Bandwidth Used for Peer-to-Peer File Sharing (Selected universities): Figure 2: Number of Notifications and Ability to Trace to an Individual Student (Selected universities): Figure 3: Expenses Associated with Responding to Peer-to-Peer File Sharing: Amount of Reported Additional Funding and Categories of Expense (Selected universities): Figure 4: Educational Activities: Planned and Completed (Selected universities): Figure 5: Enforcement Activities Used (Selected universities): Figure 6: U.S. Customs Agent with Hard Drives Seized during Operation Buccaneer: Figure 7: Peer-to-Peer Models: Figure 8: Topology of a Gnutella Network: Abbreviations: CIO: chief information officer: DHS: Department of Homeland Security: FBI: Federal Bureau of Investigation: IM: Instant messaging: IP: Internet Protocol: VNS: virtual name space: [End of section] United States General Accounting Office: Washington, DC 20548: May 28, 2004: The Honorable Ted Stevens: Chairman: Committee on Appropriations: United States Senate: The Honorable Harry Reid: Assistant Minority Leader: United States Senate: The Honorable John A. Boehner: Chairman: Committee on Education and the Workforce: House of Representatives: The Honorable Howard P. McKeon: Chairman: Subcommittee on 21st Century Competitiveness: Committee on Education and the Workforce: House of Representatives: File sharing—the use of peer-to-peer [Footnote 1] networks to distribute computer files among millions of users—has dramatically changed the way copyrighted materials, including digital music, videos, software, and images can be distributed. By permitting fast, cheap, and easy production of identical copies, file-sharing applications have facilitated both the legitimate distribution of copyrighted materials by the copyright holder and the illegal copyright infringement (piracy) and distribution by unauthorized users. According to a coalition of intellectual property owners in the recording industry, an increasing number of students are using fast Internet connections offered by college and university networks to infringe copyrights by illegally downloading and sharing massive volumes of copyrighted songs, movies, and video games on peer-to-peer networks. As requested, our objectives were to describe (1) the views of major universities on the extent of problems experienced with student use of file-sharing software applications, as well as the actions that the universities are taking to deal with them and (2) the actions that federal enforcement agencies have taken to address the issue of copyright infringement on peer-to-peer networks, as well as agency views on any legislative barriers to dealing with the problems. To address the first objective, we conducted structured interviews with a judgmentally selected group of 13 officials that oversee the computer systems of major postsecondary educational institutions. The selected colleges and universities were located in each of eight geographic regions of the United States. All of these institutions provided Internet access to students in university-administered housing and were large public or private degree-granting colleges and universities. In this analysis, we provide details on the responses of the 13 college or university officials we interviewed; however, because we did not randomly select interviewees, our results are not generalizable to all colleges or universities. To describe federal law enforcement efforts and agency views related to copyright infringement on peer-to-peer networks, we analyzed budget and program documents from the Department of Justice (Justice) Computer Crime and Intellectual Property Section; the Federal Bureau of Investigation (FBI) Cyber Division; and the Cyber Crimes Center of the Bureau of Immigration and Customs Enforcement, Department of Homeland Security (DHS). We also interviewed officials from these organizations. We performed our work from May 2003 to April 2004 in accordance with generally accepted government auditing standards. Further details on our objectives, scope, and methodology are provided in appendix I. Results in Brief: The college and university officials we interviewed are aware of the use of file-sharing software applications on their networks; and almost all of them report that they have experienced some problems and increased costs as a result of the use of these applications, therefore, they are taking steps to reduce the use of peer-to-peer file-sharing technology on their networks. Specifically, several of the college or university officials interviewed stated that, on average, a significant amount of bandwidth on their networks appeared to be used for file-sharing applications; several of the respondents estimated that a sizable portion of the students at the college or university were using file-sharing applications to download or share music, images, and video files during the 2003 to 2004 academic term. Further, most of the officials interviewed stated that their institutions had experienced either network performance problems or security incidents as a result of the use of the file-sharing applications on their networks, and almost all indicated that they had spent additional funds to deal with the problems associated with the use of these applications, including two respondents who indicated that they had spent between $250,000 and $749,999. At the same time, all the college and university officials we interviewed stated that they have implemented technical controls to limit the use of file-sharing technology on their networks and that they have either undertaken or plan to undertake educational and enforcement efforts to limit student copyright infringement. Further, most of the officials interviewed stated that they felt they had the right tools and knowledge to address the issue and that they thought the approaches they have used have been either somewhat or very successful at controlling the problem. Federal law enforcement officials are taking actions to investigate and prosecute organized software-piracy groups that use a wide range of Internet technologies—including file sharing over peer-to-peer networks— to illegally distribute copyrighted materials over the Internet. Two recent examples of major federal law enforcement action that has focused on international piracy groups are (1) the Operation Fastlink coordinated by Justice Computer Crime and Intellectual Property Section and the Federal Bureau of Investigation, and (2) Operation Buccaneer, led by the U.S. Customs Service and Justice. These operations resulted in the identification of individuals engaged in online piracy and the seizure of tens of thousands of pirated copies of software, music, and computer games worth millions of dollars. Federal law enforcement officials did not identify any specific legislative barriers to investigation and prosecution of illegal file sharing on peer-to-peer networks. According to Justice officials, the department’s recently created Intellectual Property Task Force will examine how the department handles intellectual property issues and recommend legislative changes, assuming there is a need for such changes. In commenting on a draft of this report, the Deputy Assistant Attorney General provided information on a recent international law enforcement effort against online piracy and presented additional detail on the department’s policy on investigating and prosecuting intellectual property rights infringers on the Internet and on the peer-to-peer networks. These comments, which are reprinted in appendix IV, have been incorporated into this report as appropriate. In addition, we received comments (via e-mail) from the unit chief of the Cyber Crime Center on behalf of DHS. The unit chief clarified the center’s approach to investigations of individual copyright infringers and provided various technical comments, which have been incorporated into this report as appropriate. Background: U.S. copyright law protects books, photographs, videos, movies, sound recordings, software code, and other creative works of expression from unauthorized copying. A copyright gives its owner the exclusive right to reproduce, distribute, perform, display, or license a work, and the exclusive right to produce or license the production of derivative works.[Footnote 2] Copyright protection attaches as soon as the work is “fixed in a tangible medium of expression,” thus covering both published and unpublished works. However, there are some limits to the protections afforded by copyright law, such as in the use of a copyrighted work for purposes such as criticism, comment, news reporting, teaching, scholarship, or research.[Footnote 3] File Sharing Is a Principal Tool for Distribution of Copyrighted Works: File-sharing software applications work by making selected files on a user’s computer available for downloading by anyone using similar software, which, in turn, gives the user access to selected files on computers of other users on the peer-to-peer network. The growing popularity and proliferation of file-sharing applications such as KaZaA has had a profound effect on the dissemination of copyrighted works, by both the copyright holder and infringers. The use of file sharing has grown steadily over the past few years. For example, by May 2003, KaZaA had become the world’s most downloaded software program of any kind, with more than 230 million[Footnote 4] downloads. According to the Recording Industry Association of America, the increased use of peer-to-peer networks has contributed to an increase in copyright infringement, with millions of users downloading more than 2.6 billion copyrighted files (mostly sound recordings) each month via various peer-to-peer networks. The widespread unauthorized distribution of copyrighted material on peer-to-peer systems is a concern not only for copyright owners but also for those who administer the networks on which the file-sharing applications run. Because of their high-bandwidth connections and the concentration of large groups of young, computer-literate users, college and university networks are particularly vulnerable to adverse impacts from the use of file-sharing applications. In 2002, a committee of representatives from education and the entertainment industry—the Joint Committee of Higher Education and Entertainment Communities—was convened to discuss and address matters of mutual concern, including the misuse of university networks for copyright infringement. In addition, the Recording Industry Association of America has conducted searches for copyrighted material being illegally shared on peer-to-peer networks and has sent more than 30,000 notices to colleges and universities regarding files that are being shared on systems connected to university networks. Congress has moved to address piracy issues that have been raised by developments in computer and Internet technology. With regard to the widespread unauthorized distribution of copyrighted material on peer- to-peer systems, the crime of felony copyright infringement has four essential elements: 1. A copyright exists; 2. The copyright was infringed by the defendant, specifically by reproduction or distribution of the copyrighted work, including by electronic means; 3. The defendant acted “willfully.” Under the law, evidence of reproduction or distribution of a copyrighted work, by itself, is not sufficient to establish willful infringement; and; 4. The defendant infringed at least 10 copies of one or more copyrighted works with a total retail value of more than $2,500 within a 180-day period.[Footnote 5] In addition to criminal liability, significant civil remedies are available to copyright holders for infringement. Copyright holders are entitled to receive either “actual damages and profits” from an infringer, or they can elect to receive “statutory damages” ranging from $750 to $30,000 for each infringed work, increasing to $150,000 if the copyright holder proves the infringement was willful. In addition, a court can order an injunction against further infringement, the impoundment and disposition of infringing articles, and attorneys’ fees and costs.[Footnote 6] Table 1: Federal Entities and Supporting Agencies and Organizations Involved in the Investigation and Prosecution of Intellectual Property Rights Violations and Copyright Infringement: Investigating agency: Department of Homeland Security; Unit: Cyber Crimes Center, U.S. Immigration and Customs Enforcement; Focus: Investigates international criminal activity conducted on or facilitated by the Internet, including money laundering, drug trafficking, intellectual property rights violations, arms trafficking, and child pornography, and provides computer forensics support to other agencies. Investigating agency: Department of Justice; Unit: Cyber Division, Federal Bureau of Investigation; Focus: Investigates federal violations, including intellectual property rights violations, in which the Internet, computer systems, and networks are exploited as the principal instruments or targets of criminal activity. Prosecuting agency: Department of Justice; Unit: Computer Crime and Intellectual Property section; Focus: Consists of specialized attorneys who prosecute cybercrime and intellectual property cases worldwide. Prosecuting agency: Department of Justice; Unit: Computer Hacking and Intellectual Property units Focus: Consist of prosecutors in select U.S. Attorneys Offices dedicated primarily to prosecuting high-technology crimes, including intellectual property offenses. Prosecuting agency: Department of Justice; Unit: Computer and Telecommunication Coordinator network; Focus: Consists of prosecutors in U.S. Attorneys Offices specifically trained to address the range of novel and complex legal issues related to high-tech and intellectual property crime. Prosecuting agency: Department of Justice; Unit: U.S. Attorneys Offices; Focus: Serve as the nation’s principal litigators under the direction of the U.S. Attorney General. Supporting Agency: Department of Commerce; Unit: International Trade Administration; Focus: Monitors foreign governments’ compliance and implementation of international trade agreements, especially those pertaining to intellectual property rights enforcement. Supporting Agency: Department of Homeland Security; Unit: Intellectual Property Rights Coordination Center, U.S. Immigration and Customs Enforcement; Focus: Coordinates the investigation of leads provided by the general public and industry pertaining to intellectual property rights infringement. The Center is a joint effort of the Immigration and Customs Enforcement and the Federal Bureau of Investigations. Supporting Agency: Department of Justice; Unit: Criminal Division; Focus: Provides, through its Overseas Prosecutorial Development, Assistance and Training Office and its International Criminal Investigation Training Assistance Programs, training and assistance to foreign law enforcement and foreign governments to foster the robust protection of intellectual property rights in foreign countries. Supporting Agency: Department of Justice; Unit: Federal Bureau of Investigation; Focus: Fosters the protection of intellectual property rights in foreign countries and assists U.S. prosecutions of intellectual property violations originating in foreign countries through its legal attaches located in foreign countries. Supporting Agency: Department of State; Unit: International Law Enforcement Academies; Focus: Provides specialized training courses in fighting intellectual property rights crime. Supporting Agency: National Intellectual Property Law Enforcement Coordination Council; Unit: Interagency Coordination Council; Focus: Coordinates domestic and international intellectual property law enforcement among federal and foreign entities (including law enforcement liaison, training coordination, industry and other outreach) and increases public awareness. Source: GAO analysis of agency data. [End of table] The federal law enforcement agencies work with state and local law enforcement agencies, including state police and local district attorneys, in the investigation and prosecution of intellectual property crime. In addition, industry organizations, such as the Recording Industry Association of America, the Business Software Alliance, and the Software and Information Industry Association, provide federal law enforcement organizations with information and documentary evidence in support of federal investigations and prosecutions. (See app. III for a detailed description of federal organizations involved in investigating and prosecuting copyright infringement.) Selected Universities Report Taking Action to Reduce Illegal File Sharing on Campus Networks: The college and university officials we interviewed are aware of the use of file-sharing applications on their networks, almost all of them have experienced some problems and increased costs as a result of the use of these applications, and they are taking steps to reduce the use of peer-to-peer file-sharing technology on their networks.[Footnote 7] All of the college and university officials we interviewed stated that they have implemented technical controls to limit the use of file- sharing technology on their networks and that they have either undertaken or plan to undertake educational and enforcement efforts to limit student copyright infringement. Most of the officials interviewed stated that they felt they had the right tools and knowledge to deal with the use of peer-to-peer file-sharing applications to download or share copyrighted material on university networks, and almost all of the officials stated that they thought the approaches they have used to address the problem have been either somewhat or very successful at controlling the problem. University Officials We Interviewed Are Aware of the Use of File-Sharing Applications on Their Networks: All of the university officials we interviewed indicated that their colleges or universities routinely monitor their networks and most of them indicated that the institutions also actively monitored their networks specifically for the use of peer-to-peer file-sharing applications during the 2003 to 2004 academic term. For those colleges and universities that monitored specifically for the use of file- sharing technology (10 of 13 respondents), university officials stated that the amount of bandwidth that appeared to be used by file-sharing applications varied, from as low as 0 to 9 percent to as high as 90 to 100 percent. (See fig. 1.) Figure 1: Average Percentage of Bandwidth Used for Peer-to-Peer File Sharing (Selected universities): [See PDF for image] This figure is a pie-chart depicting the following data: 0-9%: 3; 10-29%: 2; 30-59%: 1; 60-89%: 1; 90-100%: 1; Don't know: 2. Source: GAO analysis of survey responses. [End of figure] While several university officials were unable to estimate the percentage of students using file-sharing applications to download or share music, images and video files, several estimated that 30 percent or more of students were doing so during the 2003 to 2004 academic term. One official estimated that between 90 and 100 percent of the students at the institution were using file-sharing applications. In addition, all of the college and university officials interviewed indicated that they had received notices from representatives of copyright holders alleging file-sharing copyright violations by students, with more than half of the interview respondents indicating that they had received more than 100 notifications. In most or all of these cases, university officials were able to trace the infringement notification to an individual student. (See fig. 3.) Figure 2: Number of Notifications and Ability to Trace to an Individual Student (Selected universities): [See PDF for image] This figure contains two pie-charts depicting the following data: Chart #1: How many notifications were received of alleged file sharing copyright violations by individual students: 1-10: 3; 11-20: 1; 21-50: 1; 51-100: 1; 101-200: 2; 201 or more: 5. Chart #2: Ability of university officials to track violation notices to individual students: Some of the time: 1; Most of the time: 7; All of the time: 5. Source: GAO analysis of survey responses. [End of figure] Use of Peer-to-Peer Technology Has Reportedly Had a Negative Impact on University Networks: Overall, most of the college and university officials we interviewed indicated that they had experienced some network performance or security problems as a result of the use of peer-to-peer file-sharing applications on their institutions’ networks. Specifically, two officials interviewed stated that their institution had experienced network performance problems somewhat often as a result of student use of filesharing applications, and six officials indicated that they had experienced few network performance problems. Further, of the 13 institutions whose officials we interviewed, 9 indicated that they had experienced security problems as a result of file sharing or downloading. For those who indicated that they had experience problems, the most common types of security incidents reported were the introduction of viruses or malicious code (eight interview respondents) and temporary loss of network resources (five interview respondents). In addition, almost all of the officials that were interviewed stated that their institutions had spent additional funding during the 2003 to 2004 academic year to deal with the effects of the use of peer-to- peer filesharing applications on their networks, with the median amount of additional spending being between $50,000 and $99,999;[Footnote 8] two officials stated that their institutions had spent between $250,000 to $749,999. This additional funding was spent on a variety of network infrastructure and operational areas, including bandwidth expansion, bandwidth management software/hardware, system management, and system maintenance. (See fig. 3.) Figure 3: Expenses Associated with Responding to Peer-to-Peer File Sharing: Amount of Reported Additional Funding and Categories of Expense (Selected universities): [See PDF for image] This figure contains two bar graphs depicting the following data: Additional funding spent by your institution for network infrastructure and operations: Don't know: 1; Over $1,000,000: 0; $750,000-$1,000,000: 0; $250,000-$749,999: 2; $100,000-$249,999: 1; $50,000-$99,999: 4; Less than $50,000: 4. On which of the following items, if any, did you spent the additional funds: Don't know: 1; Other: 1; System maintenance: 4; System management: 4; Bandwidth management software/hardware: 11; Intrusion detection system: 1; Firewalls: 4; Additional personnel: 3; Bandwith expansion: 6. Source: GAO analysis of survey responses. [End of figure] Universities Report Taking Steps to Reduce Copyright Infringement on Peer-to-Peer Networks: All of the colleges and universities whose officials we interviewed indicated that they are taking steps to reduce or eliminate the use of peer-to-peer file-sharing technology for copyright infringement on their networks. Specifically, all of the officials interviewed stated that they have implemented technical controls to limit the use of file- sharing technology. These technical controls include (1) limiting access to file-sharing applications, both among internal users of the network and between internal and external users; (2) reducing or limiting the amount of bandwidth available to network users seeking to download or share files; and (3) segregating the portion of the network serving college or university administered housing from the rest of the university network. In addition, all of the officials interviewed stated that they have either undertaken or plan to undertake educational and enforcement efforts to limit student copyright infringement. All of the officials that were interviewed stated that they have undertaken educational efforts, such as issuing or revising network use policies and student codes of conduct; and 12 of the 13 officials that were interviewed stated that they plan to undertake educational activities regarding intellectual property violations or illegal file sharing of copyrighted materials. (See fig. 4.) Figure 4: Educational Activities: Planned and Completed (Selected universities): [See PDF for image] This figure is a bar graph depicting the following data: Actions taken to educate students about issues of intellectual property violations or illegal file sharing of copyrighted materials: Take no action: 0; Issued or revised network use policies: 12; Issued or revised code of conduct: 6; Mounted educational campaign: 11; Included information on file sharing in new student orientation: 11; Other: 6; Don't know: 0. Actions planned to educate students about issues of intellectual property violations or illegal file sharing of copyrighted materials: Take no action: 0; Issued or revised network use policies: 7; Issued or revised code of conduct: 3; Mounted educational campaign: 11; Included information on file sharing in new student orientation: 9; Other: 2; Don't know: 1. Source: GAO analysis of survey responses. [End of figure] Further, all the officials interviewed stated that they have undertaken enforcement efforts to address copyright infringement on peer-to-peer networks. During the 2002 to 2003 academic year, all of the college and university officials interviewed stated that they had either discovered or had been made aware of individuals using file-sharing applications such as KaZaA or peer-to-peer network indexes [Footnote 9] on their institution’s network. When file downloading was discovered, all the officials stated that enforcement actions were taken against the individuals responsible. These actions included issuing a warning to the user or users, banning them from the network for a period of time, and shaping the bandwidth available for a group of users. (See fig. 5.) Figure 5: Enforcement Activities Used (Selected universities): [See PDF for image] Actions taken regarding students who were using file sharing applications to download or share copyrighted files: Took no action: 0; Issued warning to users: 10; Reduced the bandwidth available to the users: 6; Shaped the bandwidth for a group of users: 10; Banned users from the networks for a period of time: 10; Banned users from the networks permanently: 10; Disciplined the users: 9; Other actions: 3. Actions taken regarding students who were operating file sharing Nodes or "mini-Napsters:" Took no action: 0; Issued warning to users: 5; Removed the Node from the networks: 3; Reduced the bandwidth available to the Node owners: 0; Banned Node owners from the networks for a period of time: 1; Banned Node owners from the networks permanently: 0; Disciplined Node owners: 2; Other actions: 1. Source: GAO analysis of survey responses. [End of figure] Most of the officials interviewed stated that they felt they had the right tools and knowledge to deal with the use of peer-to-peer file- sharing applications to download or share copyrighted material. Further, almost all of the officials stated that they thought the approaches they have used to address the problem have been either somewhat or very successful at controlling the use of peer-to-peer applications for downloading and sharing copyrighted materials. Federal Enforcement of Copyright Infringement through File Sharing Focuses on Organized Groups: Federal law enforcement officials told us that they have been taking actions to investigate and prosecute organizations involved in significant copyright infringement, such as the warez[Footnote 10] groups—loosely affiliated networks of criminal groups that specialize in “cracking” the copyright protection on software, movies, game and music files. These groups use a wide range of Internet technologies— including file sharing over peer-to-peer networks—to illegally distribute copyrighted materials over the Internet. According to the Deputy Chief for Intellectual Property Computer Crime and Intellectual Property Section, Justice, the top warez groups serve as major suppliers of the infringed works that eventually enter the stream of file sharing on peer-to-peer networks. Two recent examples of major federal law enforcement actions that have focused on international piracy groups are the Justice’s Operations Fastlink and the U.S. Customs Service’s Operation Buccaneer. Operation Fastlink is an international investigation coordinated by Justice’s Computer Crime and Intellectual Property Section and the FBI. According to the Deputy Chief for Intellectual Property Computer Crime and Intellectual Property Section, Fastlink is the largest international enforcement effort ever undertaken against online piracy. As part of Operation Fastlink, on April 21, 2004, U.S. and foreign law enforcement officials executed more than 120 simultaneous searches across multiple time zones. In addition to the United States, searches were executed in Belgium, Denmark, France, Germany, Hungary, Israel, the Netherlands, Singapore, Sweden, Great Britain, and Northern Ireland. As a result, more than 100 individuals believed to be engaged in online piracy have been identified, many of them high-level members or leaders of online piracy release groups that specialize in distributing high-quality pirated movies, music, games, and software over the Internet. More than 200 computers were seized worldwide, including more than 30 computer servers that function as storage and distribution hubs for the online piracy groups targeted by this operation. Operation Buccaneer was an international investigation and prosecution operation led by the U.S. Customs Service and Justice. The operation resulted in the seizure of tens of thousands of pirated copies of software, music, and computer games worth millions of dollars and led to 30 convictions worldwide. Operation Buccaneer targeted a number of highly organized and sophisticated international criminal piracy groups that had cracked the copyright protection on thousands of software, movie, and music files and distributed those files over the Internet. As part of Operation Buccaneer, on December 11, 2001, the U.S. Customs Service and law enforcement officials from Australia, Finland, Norway, Sweden, and the United Kingdom simultaneously executed approximately 70 search warrants worldwide. Approximately 40 search warrants were executed in 27 cities across the United States, including several at universities. Pursuant to the search warrants, law enforcement seized 10 computer “archive sites” that contained tens of thousands of pirated copies of software, movies, music, and computer games worth millions of dollars. According to the Deputy Chief for Intellectual Property Computer Crime and Intellectual Property Section, as of April 1, 2004, 27 defendants had been convicted in the United States, with 2 awaiting sentencing and 1 other under indictment. Internationally, six defendants have been convicted in Finland and the United Kingdom, with four additional defendants scheduled to go to trial in the United Kingdom in the fall of 2004. Figure 6: Photograph of a U.S. Customs Agent with Hard Drives Seized during Operation Buccaneer: [See PDF for image] Source: U.S. Immigration and Customs Enforcement. [End of figure] According to DHS officials, the Cyber Crime Center of the U.S. Immigration and Customs Enforcement does target individual violators who are involved in cyber intellectual property piracy on a profit or commercial basis. The officials noted that the center does not pursue investigations of individual peer-to-peer file violators due to the statutory dollar-value threshold limits and lack of a profit motive. According to these officials, the statutory dollar-value threshold is very difficult to meet in peer-to-peer cases, since most peer-to-peer infringement is based on the sharing of music, and the major record labels have set $0.80 as the dollar value of each copy of a song (the officials noted that most successful prosecutions are based on copyright infringement of software applications, because these tend to have a higher dollar value than songs). Proving criminal intent is also often a problem in these cases, since file sharing is a passive act, and in most cases there is no profit motive. According to Justice officials, federal intellectual property protection efforts do not focus on investigation and prosecution of individual copyright infringers on peer-to-peer networks, but instead they focus on organizations or individuals engaged in massive distribution or reproduction of copyrighted materials. According to these officials, this focus exists because: * Federal law enforcement is best suited to focus on large-scale or sophisticated infringers, including organized groups, large-scale infringers, infringers operating out of numerous jurisdictions and foreign countries, and infringers using sophisticated technology to avoid detection, identification, and apprehension. By and large, individual copyright holders do not have the tools or ability to pursue these types of targets. * Copyright holders do not have the legal tools or ability to tackle the organized criminal syndicates and most sophisticated infringers, but they have the tools and ability to target the individual infringer. While federal law enforcement has the tools, ability, expertise, and will to tackle the most sophisticated infringers, including those operating overseas who are part of a large syndicate and those using sophisticated technology to avoid detection, individual copyright holders have the tools to pursue individual infringers. Congress has provided for civil enforcement actions. Individual copyright holders, mostly through industry associations, have been very active in their pursuit of individual infringers using peer-to-peer applications. * Focusing law enforcement and industry on their respective strengths results in maximum impact. By using both the criminal and civil tools given to law enforcement and industry by Congress, Justice can achieve a more significant impact. * Technological limitations pose a challenge. Given the technology involved, it is challenging to gather the necessary evidence for a successful criminal prosecution of individuals using peer-to-peer applications. For example, it may be possible to prove that someone is offering copyrighted material for download through a peer-to-peer application; but, according to law enforcement officials, it is usually difficult or impossible to determine the number of times files were downloaded. * Burden of proof in criminal prosecutions is more onerous. The criminal statute at issue requires proof of a willful intent and requires that each element of the offense be proven beyond a reasonable doubt. The willful intent is a higher burden than is found in most criminal statutes. By contrast, the intent element and overall burden of proof is significantly less onerous in civil enforcement. * Statutory thresholds favor a federal criminal enforcement focus on the more significant targets. The thresholds require a retail value of $2,500 or more for the goods pirated by the infringer. With a valuation of $0.80 per song that is traded on a peer-to-peer application, federal criminal law enforcement could not be used to target individuals downloading fewer than 3,100 music files, for example. The technological limitations mentioned earlier, combined with the heightened burden of proof, make it challenging to show criminal violations for each of the more than 3,100 downloads. * The need for efficient use of resources suggests a focus on large- scale sophisticated targets. The need for law enforcement to use resources efficiently suggests that federal law enforcement should focus their efforts in a way that yields the greatest impact. For many of the reasons detailed above, federal law enforcement has determined that they can make the biggest impact by focusing on the larger-scale, more sophisticated targets. According to Justice officials, the recently created Intellectual Property Task Force—headed by the Deputy Chief of Staff and Counselor to the Attorney General, and comprised of several of the highest-ranking department employees who have a variety of subject matter expertise—is charged with examining all aspects of how Justice handles intellectual property issues and with developing recommendations for legislative changes and future activities. One of the issues to be addressed by the task force is the most appropriate use of department resources to ensure that the department has the most effective enforcement strategy. Federal law enforcement officials did not identify any specific legislative barriers to investigation and prosecution of illegal file sharing on peer-to-peer networks. According to Justice officials, the department’s Intellectual Property Task Force will also recommend legislative changes, assuming there is a need for such changes. Summary: The college and university officials we interviewed are aware of the use of file-sharing applications on their networks, almost all of them have experienced some problems and increased costs as a result of the use of these applications; therefore, they are taking steps to reduce the use of peer-to-peer file-sharing technology on their networks. All of the officials interviewed indicated that their colleges or universities routinely monitor their networks; and most of them indicated that the institutions also actively monitor their networks, specifically for the use of peer-to-peer file-sharing applications. When infringing use was discovered, all of the officials stated that enforcement actions were taken against the individuals responsible. These actions included issuing warnings to the users, banning them from the network for a period of time, and shaping the bandwidth available for a group of users. Federal law enforcement officials have been taking action to investigate and prosecute organizations involved in significant copyright infringement. These groups use a wide range of Internet technologies to illegally distribute copyrighted materials over the Internet. Federal law enforcement officials did not identify any specific legislative barriers to investigation and prosecution of illegal file sharing on peer-to-peer networks. According to Justice officials, the department’ s recently created Intellectual Property Task force will examine how the department handles intellectual property issues and recommend legislative changes, if needed. Agency Comments and Our Evaluation: In providing comments on a draft of this report, the Deputy Assistant Attorney General, Criminal Division, Department of Justice, provided additional information on a recent international law enforcement effort against online piracy, coordinated by the department’s Computer Crime and Intellectual Property Section and the FBI, and presented a detailed description of the department’s policy on investigating and prosecuting intellectual property rights infringers on the Internet and on peer-to- peer networks. The Deputy Assistant Attorney General also noted that the department’s recently created Intellectual Property Task Force will examine how the department handles intellectual property issues and recommend legislative changes, if needed. We have incorporated this information into this report. We also received comments (via e-mail) from the unit chief of the Cyber Crime Center on behalf of DHS. The unit chief provided additional details on the number of investigations conducted by the Cyber Crime Center and clarified the center’s approach to investigations of individual copyright infringers. Specifically, the unit chief stated that, while the center targets individual violators who are involved in cyber intellectual property piracy on a profit or commercial basis, it does not pursue investigations of individual peer-to-peer file violators, due to the difficulties in meeting the statutory dollar- value threshold in peer-to-peer infringement cases and the lack of a profit motive. We have incorporated these details into this report. As agreed with your offices, unless you publicly announce the contents of this report earlier, we plan no further distribution until 30 days from the report date. At that time, we will send copies of this report to the Chairmen and Ranking Minority Members of other Senate and House committees and subcommittees that have jurisdiction and oversight responsibility for Justice and DHS. We are also sending copies to the Attorney General and to the Secretary of Homeland Security. Copies will be made available to others on request. In addition, this report will be available at no charge on the GAO Web site at [hyperlink, http://www.gao.gov]. If you have any questions concerning this report, please call me at (202) 512-6240 or Mirko J. Dolak, Assistant Director, at (202) 512- 6362. We can also be reached by e-mail at koontzl@gao.gov and dolakm@gao.gov, respectively. Key contributors to this report were Jason B. Bakelar, Barbara S. Collier, Nancy E. Glover, Lori D. Martinez, Morgan F. Walts, and Monica L. Wolford. Singed by: Linda D. Koontz: Director, Information Management Issues: [End of section] Appendix I: Objectives, Scope, and Methodology: Our objectives were to describe (1) the views of major universities on the extent of problems experienced with student use of file-sharing software applications, as well as the actions that the universities are taking to deal with them and (2) the actions that federal enforcement agencies have taken to address the issue of copyright infringement on peer-to-peer networks, as well as agency views on any legislative barriers to dealing with these problems. To describe the views of college and university officials, we conducted structured interviews with a judgmental sample of large colleges and universities. The interview contained 35 questions referring to (1) the extent to which the college or university monitors its network or networks and the impact of the use of file-sharing applications on the network, (2) estimates of the number of students using file-sharing applications and the number of files shared or transferred over the network, (3) the discovery of nodes or mini-Napsters on the network and response of the university to their existence, (4) the discovery of file-sharing applications on the network and response of the university to their use, and (5) the actions taken by the college or university to address copyright infringement and the use of file- sharing applications on its networks. We pretested the content of the interview with chief information officers (CIO) of four major colleges and universities. During the pretest, we asked the CIOs to judge the following: * how willing the CIOs would be to participate in the interview, particularly given the sensitive nature of some of the information requested; * whether the meaning and intent of each question was clear and unambiguous; * whether the CIOs were likely to know the information asked, and if the questions should be addressed to someone in a different position; and; * whether any of the questions were redundant. We made changes to the content and format of the final structured interview based on pretest results. To administer the structured interviews, we selected 45 colleges and universities from the Department of Education Integrated Postsecondary Education Data System. The colleges and universities were judgmentally selected from among large public and private degree-granting colleges and universities in each of eight geographic regions of the United States that provide Internet access to students in university administered housing.[Footnote 11] Of the 45 colleges and universities selected and contacted, 13 agreed to participate in the interview. We then analyzed the interview responses. Our analysis provides details on the responses of the 13 college and university officials we interviewed; however, because we did not randomly select interviewees, our results cannot be generalized to all colleges and universities. To describe federal law enforcement efforts and agency views related to copyright infringement on peer-to-peer networks, we analyzed budget and program documents from the Justice Computer Crime and Intellectual Property Section; the Federal Bureau of Investigation (FBI) Cyber Division; and the U.S. Immigration and Customs Enforcement’s Cyber Crimes Center, under the Department of Homeland Security. We also reviewed agency documents related to the efforts of other organizations that support the investigation and prosecution of copyright infringement, including the Department of State’s International Law Enforcement Academies; the Department of Commerce’s International Trade Administration; and the Intellectual Property Rights Coordination Center and the National Intellectual Property Law Enforcement Coordination Council. We performed our work between May 2003 and April 2004 in Washington, D.C. Our work was conducted in accordance with generally accepted government auditing standards. [End of section] Appendix II: Description of File Sharing and Peer-to-Peer Networks: Peer-to-peer file-sharing programs represent a major change in the way Internet users find and exchange information. Under the traditional Internet client/server model, the access to information and services is accomplished by the interaction between users (clients) and servers— usually Web sites or portals. A client is defined as a requester of services, and a server is defined as the provider of services. Unlike the client/server model, the peer-to-peer model enables consenting users—or peers—to directly interact and share information with each other’s computer without the intervention of a server. A common characteristic of peer-to-peer programs is that they build virtual networks with their own mechanisms for routing message traffic. [Footnote 12] The ability of peer-to-peer networks to provide services and connect users directly has resulted in a large number[Footnote 13] of powerful applications being built around this model.[Footnote 14] Among the uses of peer-to-peer technology are the following: * File sharing, which includes applications such as Napster and KaZaA, along with commercial applications such as NextPage.[Footnote 15] File- sharing applications work by making selected files on a user’s computer available for download by anyone else using similar software. * Instant messaging, which includes applications that enable online users to communicate immediately through text messages. Commercial vendors include America Online, Microsoft, and Jabber. * Distributed computing, which includes applications that use the idle processing power of many computers. The University of California– Berkeley’s SETI@home project uses the idle time on volunteers’ computers to analyze radio signal data. * Collaboration applications, which enable teams in different geographic areas to work together and increase productivity. For example, the Groove application can access data on traditional corporate networks and on nontraditional devices such as personal digital assistants and handheld devices. As shown in figure 7,[Footnote 16] there are two main models of peer- to-peer networks: (1) the centralized model, based on a central server, or broker, that directs traffic between individual registered users and (2) the decentralized model, based on the Gnutella[Footnote 17] network, in which individuals find and interact directly with each other. Figure 7: Peer-to-Peer Models: [See PDF for image] This figure provides two illustrations of peer-to-peer models, centralized and decentralized. The illustrations depict the following models: Centralized: Users A, B, C, and D connect to a server/broker; User C asks 'who has file X; Server send information back to User C that User D has the file; File is downloaded from User D to User C. Decentralized: Users A, B, C and D interact with one another; User A asks User B who has file X; User B asks User C who has file X; User C asks User D who has file X; User D replies to User C that he has file X; User C replies to User B that User D has file X; User B replies to User A that User D has file X; User A downloads file X from User D. Source: Mark Bontrager, Bob Knighten. Note: Adapted from Mark Bontrager’s adaptation of original by Bob Knighten. [End of figure] As figure 7 shows, the centralized model relies on a central server/broker to maintain directories of shared files stored on the respective computers of the registered users of the peer-to-peer network. When user C submits a request for a file, the server/broker creates a list of files matching the search request by checking the request with its database of files belonging to registered users currently connected to the network. The broker then displays that list to user C, who can then select the desired file from the list and open a direct link with user D’s computer, which currently has the file. The download of the actual file takes place directly from user D to user C. The broker model was used by Napster, the original peer-to-peer network; it facilitated mass sharing of copyrighted material by combining the file names held by thousands of users into a searchable directory that enabled users to connect with each other and download MP3 encoded music files. The broker model made Napster vulnerable to legal challenges[Footnote 18] and eventually led to its demise in September 2002. Although Napster was litigated out of existence and its users fragmented among many alternative peer-to-peer services, most current-generation peer-to-peer networks are not dependent on the server/broker that was the central feature of the Napster services, so, according to Gartner,[Footnote 19] these networks are less vulnerable to litigation from copyright owners. In the decentralized model, no brokers keep track of users and their files. To share files using the decentralized model, user A starts with a networked computer equipped with a Gnutella file-sharing program, such as KaZaA or BearShare. User A connects to user B, user B to user C, user C to user D, and so on. Once user A’s computer has announced that it is “alive” to the various members of the peer network, it can search the contents of the shared directories of the peer network members. The search request is sent to all members of the network, starting with user B, who will each, in turn, send the request to the computers to which they are connected, and so on. If one of the computers in the peer network (for example, user D) has a file that matches the request, it transmits the file information (name, size, type, etc.) back through all the computers in the pathway toward user A, where a list of files matching the search request appears on user A’s computer through the file-sharing program. User A will then be able to open a connection with user D and download the file directly from user D’s computer. [Footnote 20] One of the key features of Napster and the current generation of decentralized peer-to-peer technologies is their use of a virtual name space. A virtual name space dynamically associates user-created names with the Internet address of whatever Internet-connected computer users happen to be using when they log on.[Footnote 21] The virtual name space facilitates point-to-point interaction between individuals, because it removes the need for users and their computers to know the addresses and locations of other users; the virtual name space can, to a certain extent, preserve users’ anonymity and provide information on whether a user is or is not connected to the Internet at a given moment.[Footnote 22] The file-sharing networks that result from the use of peer-to-peer technology are both extensive and complex. Figure 8 shows a map, or topology, of a Gnutella network whose connections were mapped by a network visualization tool.[Footnote 23] The map, created in December 2000, shows 1,026 nodes (computers connected to more than one computer) and 3,752 edges (computers on the edge of the network connected to a single computer). This map is a snapshot showing a network in existence at a given moment; these networks change constantly as users join and depart them. Figure 8: Topology of a Gnutella Network: [See PDF for image] [End of figure] [End of section] Appendix III: Key and Supporting Federal Agencies Involved in the Investigation and Prosecution of Copyright Infringement: The emergence of the Internet as a principal medium for copyright infringement and other crimes has led to the development of new divisions within the federal government that are specifically trained to deal with cybercrime issues. These divisions, as well as other entities that are involved in combating copyright infringement, fulfill three main roles: investigation, prosecution, and support. The investigation role includes activities related to gathering and analyzing evidence related to suspected copyright infringement, while the prosecution role includes activities related to the institution and continuance of a criminal suit against an offender. The support role includes activities that are not directly involved in either investigation or prosecution, but which assist other organizations in these activities. Support activities include providing specialized training, producing reports specifically pertaining to intellectual property rights and copyright infringement, observing international trade agreements, and providing investigation leads and supporting evidence. Investigating Agencies: Federal agencies involved in the investigation process of copyright infringement include the following: Department of Homeland Security: U.S. Immigration and Customs Enforcement, Cyber Crimes Center. The Cyber Crimes Center, independently or in conjunction with Immigration and Customs Enforcement field offices, investigates domestic and international criminal activities conducted on or facilitated by the Internet. The organization’s responsibilities include investigating money laundering, drug trafficking, intellectual property rights violations, arms trafficking, and child pornography cases, and they provide computer forensics support to other agencies. For fiscal year 2002, the U.S. Customs Service[Footnote 24] referred 57 investigative matters related to intellectual property rights cases to the U.S. Attorneys Offices. Of these cases, 37 involving 54 defendants were resolved or terminated. Department of Justice: FBI Cyber Division. The Cyber Division coordinates, supervises, and facilitates the FBI’s investigation of federal violations in which the Internet, computer systems, and networks are exploited as the principal instruments or targets of criminal, foreign intelligence, or terrorism activity and for which the use of such systems is essential to that activity. For fiscal year 2003, the Cyber Division investigated 596 cases involving intellectual property rights. Of these cases, 160 were related specifically to software copyright infringement and 111 were related to other types of copyright infringement. The results of these investigations include 92 indictments and 95 convictions/pretrial diversions. Prosecuting Agencies: Federal agencies involved in the prosecution process of copyright infringement include the following: Department of Justice: Computer Crime and Intellectual Property Section. The Computer Crime and Intellectual Property Section consists of 38 attorneys who focus exclusively on computer and intellectual property crime, including (1) prosecuting cybercrime and intellectual property cases; (2) advising and training local, state, and federal prosecutors and investigators in network attacks, computer search and seizure, and intellectual property law; and (3) coordinating international enforcement and outreach efforts to combat intellectual property and computer crime worldwide. Computer Hacking and Intellectual Property Units. Computer Hacking and Intellectual Property units are comprised of highly trained prosecutors and staff who are dedicated primarily to prosecuting high-tech crimes, including intellectual property offenses. There are 13 Computer Hacking and Intellectual Property units located in U.S. Attorneys Offices across the nation. Each unit is comprised of between four and six prosecutors and dedicated support staff. Computer and Telecommunication Coordinator Network. The Computer and Telecommunication Coordinator program consists of prosecutors specifically trained to address the range of novel and complex legal issues related to high tech and intellectual property crime, with general responsibility for prosecuting computer crime, acting as a technical advisor and liaison, and providing training and outreach. The Computer and Telecommunication Coordinator program is made up of more than 200 Assistant U.S. Attorneys, with at least one prosecutor who is part of the program in each of the 94 U.S. Attorneys Offices. U.S. Attorneys Offices. The U.S. Attorneys serve as the nation’s principal federal litigators under the direction of the U.S. Attorney General. U.S. Attorneys conduct most of the trial work in which the United States is a party and have responsibility for the prosecution of criminal cases brought by the federal government, the prosecution and defense of civil cases in which the United States is a party, and the collection of debts owed the federal government which are administratively uncollectible. There are 94 U.S. Attorneys stationed throughout the United States, Puerto Rico, the Virgin Islands, Guam, and the Northern Mariana Islands. For fiscal year 2002, the U.S. Attorneys Offices received 75 referrals involving investigative matters for Title 18, U.S.C., Section 2319—Criminal Infringement of a Copyright—and 28 cases involving 56 defendants were resolved or terminated. Supporting Agencies: Department of Homeland Security: U.S. Immigration and Customs Enforcement, Intellectual Property Rights Coordination Center. The Center is a multi-agency organization that serves as a clearinghouse for information and investigative leads provided by the general public and industry, as well as being a channel for law enforcement to obtain cooperation from industry. Department of Justice: The Criminal Division, through its Overseas Prosecutorial Development, Assistance and Training Office and its International Criminal Investigation Training Assistance Programs, provides training and assistance to foreign law enforcement and foreign governments to foster the robust protection of intellectual property rights in foreign countries. Federal Bureau of Investigation: Through its legal attaches located in foreign countries, the FBI fosters the protection of intellectual property rights in foreign countries and assists U.S. prosecutions of intellectual property violations that have foreign roots. Department of State: International Law Enforcement Academies. The academies foster a cooperative law enforcement partnership and involvement between the U.S. and participating nations to counter the threat of international crime within a specific region. The academies develop foreign police managers’ abilities to handle a broad spectrum of contemporary law enforcement issues, including specialized training courses in fighting intellectual property rights crime, and increases their capacity to investigate crime and criminal organizations. As of 2003, academies were operating in Roswell, New Mexico; Budapest, Hungary; Bangkok, Thailand; and Gaborone, Botswana. U.S. Department of Commerce: International Trade Administration. The administration monitors foreign governments’ compliance and implementation with international trade agreements, especially those pertaining to intellectual property rights enforcement. Others: National Intellectual Property Law Enforcement Coordination Council. The Council’s mission is to coordinate domestic and international intellectual property law enforcement among federal and foreign entities, including law enforcement liaison, training coordination, industry and other outreach, and to increase public awareness. The Council consists of members from several agencies, including the Director of the U.S. Patent and Trademark Office (co-chair); the Assistant Attorney General of the Department of Justice’s Criminal Division (co-chair); the Undersecretary of State for Economics, Business, and Agricultural Affairs; the Deputy U.S. Trade Representative; the Commissioner of Customs; and the Undersecretary of Commerce for International Trade. The council is required to report annually on its coordination activities to the President and to the Appropriations and Judiciary Committees of the House and Senate. [End of section] Appendix IV: Comments from the Department of Justice: U.S. Department of Justice: Criminal Division: Deputy Assistant Attorney General: Washington, DC 20530: April 30, 2004: Ms. Linda Koontz: Director, Information Management Issues: US General Accounting Office: 441 G Street, NW: Washington, DC 20548: Dear Ms. Koontz: Thank you for providing the Criminal Division with the opportunity to present the Department of Justice's enforcement efforts in the area of intellectual property crime, particularly related to copyright infringement using Internet technologies such as peer-to-peer applications. On April 21, 2004, the Department led the single largest international enforcement effort ever undertaken against online piracy- Operation Fastlink. Operation Fastlink involved the simultaneous execution of searches in the United States and ten foreign countries. As a result of the coordination by the Department's Computer Crime and Intellectual Property Section and the FBI, in one 24 hour period over 120 searches were executed across multiple time zones. In addition to the United States, searches were executed in Belgium, Denmark, France, Germany, Hungary, Israel, the Netherlands, Singapore, Sweden, Great Britain and Northern Ireland. As a result, over 100 individuals believed to be engaged in online piracy have been identified, many of them high-level members or leaders of online piracy release groups that specialize in distributing high-quality pirated movies, music, games, and software over the Internet. More than 200 computers were seized worldwide, including over 30 computer servers which function as storage and distribution hubs for many of the online piracy groups targeted by this Operation. As noted, this is the single largest law enforcement effort ever undertaken against online piracy, and is the most recent, and best, example of the approach law enforcement is taking toward online piracy.[Footnote 25] The Department's intellectual property criminal enforcement efforts focus on large-scale and sophisticated infringers - for example, organizations or individuals engaged in massive distribution or reproduction of copyrighted materials. This focus exists because (1) federal law enforcement is best-suited to the identification, targeting, and dismantling of significant or sophisticated criminal organizations; (2) copyright holders typically do not have the ability or the tools to focus on the significant and sophisticated organized targets whose activities and members span toe globe - by contrast, they typically do have the legal tools, ability, and will to pursue the individual copyright infringers; (3) focusing law enforcement and industry efforts on their respective areas of strength results in a more significant overall impact; (4) technological limitations make it challenging to pursue individual infringers using peer-to-peer applications; (5) the burden of proof in criminal enforcement is significantly more difficult to meet than the burden of proof in civil enforcement; (6) statutory thresholds, involving the value of pirated goods, tends to favor federal enforcement directed at large-scale or sophisticated infringement activity rather than individual infringers and finally (7) the need for efficient use of resources suggests that federal resources should be used to pursue criminal conduct which has the most adverse impact on copyright holders. (1) Federal law enforcement is best-suited to focus on large-scale or sophisticated infringers: federal law enforcement is best-suited to focus on large-scale or sophisticated infringers, including organized groups, large-scale infringers, infringers operating our of numerous jurisdictions and foreign countries, and infringers using sophisticated technology to avoid detection, identification, and apprehension. By and large, individual copyright holders do not have the tools or ability to pursue these types of perpetrators. (2) Copyright holders do not have the legal tools or ability to tackle the organized criminal syndicates and most sophisticated infringers, but they do have the tools and ability to target individual infringers: Federal law enforcement has the tools, ability, expertise, and will to tackle the most sophisticated infringers, including those operating overseas who are part of large syndicates and those using sophisticated technology to avoid detection; whereas individual copyright holders have the tools to pursue individual infringers. Congress has provided for civil copyright enforcement actions, and individual copyright holders, mostly through industry associations, have been very active in their pursuit of individual infringers using peer-to-peer applications. Recent media reports suggest those civil enforcement actions have had a significant impact on reducing illegal peer-to-peer file sharing of copyrighted works. See: [hyperlink, http://www.pcworld.com/news/article/0,aid,114086,00.asp] and [hyperlink, http://www.cnn.com/2004/TECH/internet/04/26/downloading.music.ap/index.h tml] (3) Focusing law enforcement and industry on their respective strengths results in maximum impact: by using both the criminal and civil tools given by Congress to law enforcement and industry, respectively, we can achieve a more significant impact. (4) Technological limitations pose a challenge: given the technology involved in peer-to-peer applications, it is challenging to gather the necessary evidence for a successful criminal prosecution of individuals using peer-to-peer applications. For example, it may be possible to prove that someone is offering copyrighted material for download through a peer-to-peer application, but it is usually difficult and sometimes impossible to determine the number of times files were downloaded. (5) Burden of proof in criminal prosecution is more onerous: the criminal infringement statute requires proof of a willful intent, and each element of the offense must be proven beyond a reasonable doubt. Willful intent is a higher burden than is found in most criminal statues. By contrast, the intent element and overall burden of proof is significantly less onerous in civil enforcement. (6) Statutory thresholds favor a federal criminal enforcement focus on the more sophisticated targets: the statutory thresholds require a retail value of $2,500 or more of the goods pirated by the infringer. Consequently, if each song that is traded on a peer-to-peer application is valued at $0.80, federal criminal law enforcement cannot be used to target individuals downloading fewer than 3,100 music files. (7) The need for efficient use of resources suggests a focus on large- scale, sophisticated targets: the resource limitations faced by law enforcement generally suggest that federal law enforcement should focus its efforts in a way that yields the greatest impact. For many of the reasons detailed above, federal law enforcement has determined that it can make the biggest impact by focusing on the larger-scale, more sophisticated targets. The Department of Justice very recently created an Intellectual Property Task Force, headed by the Deputy Chief of Staff and Counselor to the Attorney General. The Task Force, comprised of several of the highest ranking Department executives with varied subject matter expertise, is charged with examining all aspects of how the Department of Justice handles intellectual property issues and with developing recommendations for future activity. One of the issues to be addressed by the Task Force is the most appropriate use of Departmental resources to ensure the Department has in place the most effective enforcement strategy. The Task Force will also recommend legislative changes, assuming current practice identifies the need for such changes. Thank you again for the opportunity to share with the General Accounting Office our criminal enforcement efforts to address the growing problem of online piracy. The Department fully recognizes the deleterious effect of this piracy on the economic health of our most innovative companies, our talented inventors and entrepreneurs, and all those Americans employed by affected industries. We are strongly committed to using criminal enforcement tools - appropriately and in the most effective manner - to sent the clear message that the theft of intellectual property will not be tolerated. Sincerely, Signed by: Laura H. Parsky: Deputy Assistant Attorney General: [End of section] Glossary: BearShare: A file-sharing program for Gnutella networks. BearShare supports the trading of text, images, audio, video, and software files with any other user of the network. broker: In the peer-to-peer environment, an intermediary computer that coordinates and manages requests between client computers. client-server: A networking model in which a collection of nodes (client computers) request and obtain services from a server node (server computer). Gnutella: A file-sharing program based on the Gnutella protocol. Gnutella enables users to directly share files with one another. Unlike Napster, Gnutella-based programs do not rely on a central server to find files. Gnutella protocol: Decentralized group membership and search protocol, typically used for file sharing. Gnutella file-sharing programs build a virtual network of participating users. Instant messaging (IM): A popular method of Internet communication that allows for an instantaneous transmission of messages to other users who are logged into the same IM service. America Online’s Instant Messenger and the Microsoft Network Messenger are among the most popular instant messaging programs. Internet Protocol (IP) address: IP address. A number that uniquely identifies a computer connected to the Internet to other computers. KaZaA: A file-sharing program using a proprietary peer-to-peer protocol to share files among users on the network. Through a distributed self-organizing network, KaZaA requires no broker or central server like Napster. LimeWire: A file-sharing program running on Gnutella networks. It is open standard software running on an open protocol and is free for public use. MP3: Moving Pictures Experts Group (MPEG) MPEG-1 Audio Layer-3. A widely used standard for compressing and transmitting music in digital format across Internet. MP3 can compress file sizes at a ratio of about 10:1 while preserving sound quality. node: A computer or a device that is connected to a network. Every node has a unique network address. peer: A network node that may function as a client or as a server. In the peer-to-peer environment, peer computers are also called servents, since they perform tasks associated with both servers and clients. server: A computer that interconnects client computers, providing them with services and information; a component of the client-server model. A Web server is one type of server. SETI@home: Search for extraterrestrial intelligence at home. A distributed computing project, SETI@home uses data collected by the Arecibo Telescope in Puerto Rico. The project takes advantage of the unused computing capacity of personal computers. As of February 2000, the project encompassed 1.6 million participants in 224 countries. topology: The general structure—or map—of a network. It shows the computers and the links between them. virtual: Having the properties of x while not being x. For example, “ virtual reality” is an artificial or simulated environment that appears to be real to the casual observer. virtual name space (VNS): Internet addressing and naming system. In the peer-to-peer environment, VNS dynamically associates names created by users with the IP addresses assigned by their Internet services providers to their computers. World Wide Web: A worldwide client-server system for searching and retrieving information across the Internet. Also known as WWW or the Web. [End of section] Footnotes: [1] Peer-to-peer file-sharing network programs enable direct communication between users, allowing them to access each other’s files and share digital music, software, images, and videos. [2] 17 U.S.C. §§ 106, 201(d). [3] For example, a copyright holder’s exclusive right to distribute and perform the work, make reproductions, and create derivative works is limited by the fair-use doctrine. The fair-use doctrine operates as a limitation on and exception to the rights granted by copyright by permitting the copying of copyrighted works for certain uses that include criticism, commentary, news reporting, teaching, scholarship, or research. Use of copyrighted work is not an infringement if the use falls within the scope of “fair use,” based on a case-by-case analysis of four factors identified by statute. [4] Testimony of Cary Sherman, President, Recording Industry Association of America before Senate Committee on Commerce, Science, and Transportation, September 17, 2003. [5] Generally, the criminal infringement statute provides that where the offense consists of willful infringement of a copyright with a retail value of at least $2,500 over a 180-day period, the penalty is not more than 5 years imprisonment if the offense was for the purpose of commercial advantage or private financial gain, that is, there is an attempt to gain an advantage or profit (violations of 17 U.S.C. § 506(a)(1)). If the infringement consists of willful distribution and reproduction of copyrighted materials with no aspect of commercial advantage or private financial gain (violations of 17 U.S.C. § 506(a)(2)), the penalty is not more than 3 years imprisonment. [6] 17 U.S.C. § 502-505. [7] Although we provide details on the responses of the 13 college or university officials we interviewed, our results are not generalizable to all colleges or universities. [8] A median is the value in an ordered set of values below and above which there is an equal number of values; if there is no one middle number, it is the value that is the arithmetic mean of the two middle values. [9] Peer-to-peer network indexes are high-capacity searchable indexes of files located on other computers on a local area network (similar to the original Napster; see app. II). These indexes are sometimes also referred to as “mini-Napsters” and use software such as Phynd to create and maintain searchable indexes of files shared on a peer-to- peer network. [10] Warez refers to software applications that have had all copy protection removed or circumvented, and are therefore available for unlimited copying, free of charge, in violation of the software owner’ s or publisher’s copyright. [11] The universities that were involved in pretesting the interview questions were not included in the interviews. [12] Matei Ripenau, Ian Foster, and Adriana Iamnitchi, “Mapping the Gnutella Network: Properties of Large Scale Peer-to-Peer Systems and Implication for System Design,” IEEE Internet Computing, vol. 6, no. 1 (January–February 2002). (people.cs.uchicago.edu/~matei/PAPERS/ic.pdf) [13] Zeropaid.com, a file-sharing portal, lists 88 different peer-to- peer file-sharing programs available for download. (hyperlink, http://www.zeropaid.com/php/filesharing.php) [14] Geoffrey Fox and Shrideep Pallickara, “Peer-to-Peer Interactions in Web Brokering Systems,” Ubiquity, vol. 3, no. 15 (May 28–June 3, 2002) (published by Association of Computer Machinery). (hyperlink, http://www.acm.org/ubiquity/views/g_fox_2.html) [15] NextPage provides information-intensive corporations with customized peer-to-peer filesharing networks. It enables users to manage, access, and exchange content across distributed servers on intranets and via the Internet. [16] Illustration adapted by Lt. Col. Mark Bontrager from original by Bob Knighten, “Peer-to-Peer Computing,” briefing to Peer-to-Peer Working Groups (August 24, 2000), in Mark D. Bontrager, Peering into the Future: Peer-to-Peer Technology as a Model for Distributed Joint Battlespace Intelligence Dissemination and Operational Tasking, Thesis, School of Advanced Airpower Studies, Air University, Maxwell Air Force Base, Alabama (June 2001). [17] According to LimeWire LLC, the developer of a popular file- sharing program, Gnutella was originally designed by Nullsoft, a subsidiary of America Online. The development of the Gnutella protocol was halted by America Online management shortly after the protocol was made available to the public. Using downloads, programmers reverse- engineered the software and created their own Gnutella software packages. (hyperlink, http://www.limewire.com/index.jsp/p2p) [18] A&M Records v. Napster, 114 F.Supp.2d 896 (N.D. Cal. 2000). [19] Lydia Leong, “RIAA vs.Verizon, Implications for ISPs,” Gartner (Oct. 24, 2002). [20] LimeWire, Modern Peer-to-Peer File sharing over the Internet. (hyperlink, http://www.limewire.com/index.jsp/p2p) [21] S. Hayward and R. Batchelder, “Peer-to-Peer: Something Old, Something New,” Gartner (Apr. 10, 2001). [22] Peer-to-peer users may appear to be, but are not, anonymous. Law enforcement agents may identify users’ Internet addresses during the file-sharing process and obtain, under a court order, their identities from their Internet service providers. [23] Mihajlo A. Jovanovic, Fred S. Annexstein, and Kenneth A. Berman, Scalability Issues in Large Peer-to-Peer Networks: A Case Study of Gnutella, University of Cincinnati Technical Report (2001). (hyperlink, http://www.ececs.uc.edu/~mjovanov/Research/paper.html) [24] On March 1, 2003 the U.S. Customs Service was reconfigured into two agencies within DHS, at which time the Office of Investigations and the Cyber Crimes Center became part of U.S. Immigration and Customs Enforcement. [25] The Recording Industry Association of America issued a press release regarding Operation Fastlink, praising the effectiveness and commitment of the Department's enforcement effort: We appreciate and applaud the work of the U.S. Justice Department, Attorney General Ashcroft and the entire Administration. They have undertaken and spearheaded an unprecedented, international initiative that strikes a forceful blow at global piracy operations that have been wreaking enormous damage on creative communities around the world. This is a sizeable achievement and creators all over the world owe a debt of gratitude. [End of section] GAO's Mission: The General Accounting Office, the investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through the Internet. GAO's Web site [hyperlink, http://www.gao.gov] contains abstracts and full-text files of current reports and testimony and an expanding archive of older products. The Web site features a search engine to help you locate documents using key words and phrases. You can print these documents in their entirety, including charts and other graphics. Each day, GAO issues a list of newly released reports, testimony, and correspondence. GAO posts this list, known as "Today's Reports," on its Web site daily. The list contains links to the full-text document files. To have GAO e-mail this list to you every afternoon, go to [hyperlink, http://www.gao.gov] and select "Subscribe to e-mail alerts" under the "Order GAO Products" heading. Order by Mail or Phone: The first copy of each printed report is free. Additional copies are $2 each. A check or money order should be made out to the Superintendent of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more copies mailed to a single address are discounted 25 percent. Orders should be sent to: U.S. General Accounting Office: 441 G Street NW: Room LM Washington: D.C. 20548: To order by Phone: Voice: (202) 512-6000: TDD: (202) 512-2537: Fax: (202) 512-6061: To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Public Affairs: Jeff Nelligan, managing director, NelliganJ@gao.gov: (202) 512-4800: U.S. General Accounting Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: