University students across the United States and the Recording Industry Association of America (RIAA) are currently engaged in an all out war. Music piracy on college campuses is rampant due to easily accessible high-speed Internet connectivity and a generation of youth in tune with the latest digital content distribution platforms.

The RIAA has the right, as well as the moral and legal obligation, to combat piracy, in furtherance of its record label members’ wishes. However, recent trends illustrate the RIAA’s willingness to attempt to circumvent the established procedures of information gathering and target students by exploiting the relationship between university student and institution.

The ‘John Doe’ Lawsuit

The RIAA has been sending settlement offers to students, who are accused of music piracy, by delivering those settlement offers to the administrations of universities and asking for the notices to be passed down to students. Before a discussion of these letters, however, a synopsis of one of the most common RIAA tools, the “John Doe” lawsuit, is required. The RIAA finds possible pirates and copyright infringers by tracing illegally downloaded music and files to a specific IP address through one of its investigative partners. After obtaining the IP address, a lawsuit is filed naming the defendant(s) as a John Doe, to which information about said defendant(s) is to be obtained.

Once the information is obtained, the RIAA drops the John Doe lawsuit, begins a new lawsuit, sends a settlement letter to the now-exposed accused, and awaits a response. This is where the biggest point of contention comes in, the pre-litigation settlement letters. The murky legality of the process and these letters, as well as the intrusion on the right of privacy, can be analyzed by looking at both the relationship between the universities and their students and the privacy concerns the RIAA policy implicates. Also, strong policy concerns are raised due to the sensitive nature of the college experience as a tool to shape young minds into a new generation of leaders, scholars, and productive members of society.

Privacy, Student/University Relationship

The student/university relationship raises many questions. Firstly, what relationships exist or can exist between a student and the university? Secondly, does that relationship allow for the type of action the RIAA is asking the universities to follow through on? Thirdly, how much and of what type of information is the university allowed to disclose?

The relationship between a student and the university is a tricky subject as many relationships can exist simultaneously, all with legal significance. A student can have a patient-physician relationship with the university health care office. An employee-employer relationship could exist because of so many jobs available to, and aggressively marketed for, students through the university. A landlord-tenant relationship could exist due to the use of student dormitories. The university is also in a unique position in that it is responsible for grading, evaluating, and acknowledging an individual student’s respective prestige and ability, as well as providing guidance and assistance in various aspects of a student’s life.

Universities often have a code of conduct that student’s must follow. Following the rules creates a relationship of trust between student and university – as long as the student follows the rules, they are more than likely to be in good standing with the university.

This relationship of trust is being attacked by the RIAA’s efforts to use universities as conduits for settlement agreements. Allowing the RIAA access to students by dropping off settlement agreements at the university’s doorstep boosts outside forces that interfere with what the university owes the student in respect to privacy.

Privacy of information is obviously important to universities and the students attending. The Family Educational Right and Privacy Act 1 (FERPA) is a set of guidelines that applies to parental access to educational information from a school before the student reaches the age of 18. After the age of 18, FERPA rights transfer to the student. The key issue comes in FERPA’s treatment of directory information, like a student’s name, address, etc. Schools are not required to have consent to disperse directory information, however, schools must inform students of the directory information release annually and give ample time for the student to decide whether or not to allow release of the directory information. This ongoing relationship of communication and trust between the student and university illustrates why the RIAA’s use of this channel seems unethical and exploitive.

Unfair Practices, Debtor/Creditor Relations

One of the more alarming aspects of the RIAA letters is that they purport through accusation that students have committed an illegal act and owe the RIAA a monetary settlement. This accusation looks a great deal like the debtor/creditor relationship, in which the RIAA is trying to collect on owed money. The rules surrounding the debtor/creditor relationship are numerous, and have at their core a strong antiharassment and antifraud spirit. Three instances of Fair Debt Collection procedures are highlighted – New York, California, and the federal Fair Debt Collection Practices Act – to illustrate legislatures’ intent to protect consumers (in our case, students) from creditors, who look a lot like the RIAA.

New York state and New York City have different codes dealing with creditor practices, but both aim to protect the consumer from creditor harassment. New York’s General Business Law ?601 and New York City Rule 6 RCNY ?5-77 limit the procedures and scope a creditor may act within in the furtherance of collection debts.

The New York rules set out various times when creditors can attempt to call a debtor, limitations on places that a creditor may contact a debtor, among other regulations. Disclosing debt information as well as disclosure to third parties is a main contention in these laws. These specific statutes limit the communication a creditor may have with third parties related to the debtor in many respects. Discussing a student’s putative debt with a third party, without prior consent from the debtor, is not allowed, save a few exceptions. California’s Rosenthal Fair Debt Collection Practices Act aims to protect consumers in the same vein as the New York statutes by limiting creditor interaction, emphasize disclosing the creditor’s identity, and the obligation to respect the debtor’s privacy.

The Federal Fair Debt Collection Practices Act (FDCPA) amended the Consumer Credit Protection Act in 1996. The FDCPA does what the New York and California statutes do on a federal level. The average college student falls under the definition of a hypothetical unsophisticated debtor – college kids are only now experiencing a good deal of the adult financial and legal world. According to Sims v. GC Services L.P., “the hypothetical unsophisticated debtor is regarded as uninformed, naive, or trusting, but nonetheless is considered to have a rudimentary knowledge about the financial world and is capable of making basic logical deductions and inferences.” 2 College students come from around the country and the world, from various political and legal climates, with little to no legal knowledge, to attend U.S. schools. Not every student would be able to make the logical conclusions dealing with RIAA settlement offers coming from the school’s administration.

The laws also make special mention of the employer/employee relationship and how it is improper for a creditor to harass a debtor at work. Mostly this revolves around embarrassment of the debtor in his work environment. The employer evaluates and, in essence, grades an employee based on many factors. A letter showing up on an employer’s desk with the words “OVERDUE” or “MONEY OWED” stamped on the front unnecessarily involves the employer in an employee’s private matter and can affect evaluation. The same situation can be paralleled in the student/university relationship. The rules against excessive third-party interaction are essential and paramount due to the nature of the evaluation process.

Policy Concerns

There are a large number of policy concerns associated with the RIAA’s current tactics. First, the RIAA seems to be sidestepping a system already in place for gathering information about students. The RIAA is well within its rights to subpoena student information from the universities in order to reach students. One of the only reasons for the workaround to the subpoena process is time saved. The RIAA has been using a working system, hunting down music pirates inside and outside of the country. Why all of a sudden is this new tactic being brought to bear?

Second, allowing the RIAA to reach students so easily creates an aura of distrust among the student populace with respect to the administration, creating another roadblock down the road of a college education. What else, then, can a student expect the university to drop on their doorstep without any legal hoops to jump through? The amount of grants, federal loans, and other aids to help students go to college shows a commitment on the part of the federal government to eliminate roadblocks to higher education; creating roadblocks is decidedly opposite to our nation’s views. Will a new criteria in a prospective student’s mind become ‘how much litigation should I expect from the schools I am applying to?’ That’s not to say college students should not be legally and morally culpable for their actions, they should be. However, college is a grey area to assault young people with extreme litigation of this type. Colleges and the institutions surrounding it strive to keep these legal conflicts away from students so that they can concentrate on college itself, through debt deferment and on-campus jobs, etc.

Third, there is an obvious slippery slope argument that is alarming at best. Giving an entity like the RIAA special privilege to pierce the bubble of privacy and litigation/debt deferment of college can give rise to other organizations expecting the same treatment. What is a student to do as more and more entities gain easier and more access? With the university’s administration as an errand boy, who can calculate the new legal costs facing a university delivering settlement papers to students at all times?

Anybody’s Game

The recent few months have proved to be hotbeds of activity on the piracy/infringement front. Many colleges and universities have amended their student codes to be more RIAA friendly, some even going so far as to champion the RIAA’s requests to deliver settlement notices. In court, one decision has come out that specifically helps students when dealing with the RIAA’s particular brand of “John Doe” lawsuits against college students accused of music piracy and infringement.

The U.S. District Court of New Mexico, in Capitol Records v. Does 1-16, denied the RIAA’s ex parte application to take discovery. The court looked at the two most prevailing factors, the RIAA’s claim that, “unless the Court allows ex parte immediate discovery, [the plaintiffs] will be irreparably harmed,” and the potential harm of allowing the disclosure of “confidential information in a student or faculty member’s Internet files.” The court makes a profound statement against the RIAA’s irreparable harm argument, stating that it would require a great amount of “suspension of disbelief” for anyone to believe that an issue so easily remedied with monetary damages could cause such irreparable harm. 3

The main concern is notice. The court ordered the RIAA and the University of New Mexico to discuss an appropriate process for informing students or faculty that a subpoena for information has been issued, giving those John Does the opportunity to intervene and defend. One final statement by the court that illustrated the court’s protection of personal information was that “ex parte proceedings should be the exception, not the rule.” 4 The court’s strong language could become commonplace in future John Doe defense arguments. Students are getting their chance at defending themselves at a time when an attorney can gather information on the lawsuit, opposed to being thrust into the middle after a new lawsuit has been filed against an unsuspecting, now exposed, accused infringer.

In response to the RIAA’s distribution requests, schools have amended, strengthened, or drastically changed their Internet usage policies within the university and dorm environment. The University of Washington has openly stated that it would unconditionally assist the RIAA in providing information about students accused of copyright infringement over Peer-to-Peer networks. The cost to universities in money and manpower is growing as the settlement campaign ramps up; many schools do not want to waste resources on combing through the subpoenas and challenging information gathering when it is much more cost effective to hand over information carte blanche. Is the easy way out selling students short?

On April 25, 2007, Ohio University released a statement 5 on the Ohio University Web site that disabled all Peer-to-Peer network file sharing at the university. The release claims that the widespread ban, despite the release’s own concession to the legitimate uses for Peer-to-Peer connections, is due to the “recent crackdown by the Recording Industry Association of America on illegal music downloading.” 6 Ohio University took the extreme route to solving the problem on its own campus. Time will tell as to the ramifications of implementing such a widespread ban. Could this ban be seen as a challenge to ambitious students to find ways around such a stringent policy?

The University of Kansas has instituted a “One Strike” policy against students who engage in illegal downloading via Peer-to-Peer networks. According to the university’s Internet policy, 7 a student’s Internet usage will be permanently deactivated if the student fails to appeal an RIAA notice connected to their IP address. The University of Kansas alerts students whose IP addresses are mentioned, putting the student on notice and creating a concrete appeals process.

This system seems to be much more in the spirit of fairness and the student-university relationship as described previously. The university does not release information until the student is informed and on notice to appeal, effectively protecting the student until the formal requests for information are granted.

Finally, the University of Washington has said that it will not shield students against the RIAA and also assist in delivering papers to accused students. 8 But really, is this not just the same as the University of Kansas’ policy, in that the university will be putting the student on notice before the John Doe litigation can be brought and subpoenas issued to find out IP identities?


These new tactics are being used because piracy is becoming a bigger problem. Behind this discussion is still an illegal act, but the tactics being used by the RIAA, and the concessions made by universities towards the recording industry, just feel off. Protective procedures were put in long ago despite the legitimate interest in controlling improper conduct and collecting debts that are truly owed.

Those procedures are designed to prevent the leveraging of fear, embarrassment and potential retaliation into a device for the collection of a debt claimed but not adjudicated. Improper notice is a concern that should not be taken lightly, and new university policies have the power to remedy the lack of communication. After all, most relationships can be saved with some healthy communication.

Donald N. David is a shareholder in Akerman Senterfitt’s New York office. He can be reached at


1. 20 U.S.C.A. ?1232g.

2. Sims v. GC Services L.P., 445 F.3d 959 (7th Cir. 2006).

3. Capitol Records v. Does 1-16, 2007 WL 1893603 (D.N.M., 2007).

4. Id.


6. Id.