Joe Karaganis, January 24, 2012
Meganomics: The Future of “Follow-the-Money” Copyright Enforcement
As last week’s arrest of Megaupload owner Kim Dotcom emphasized, the main character in the SOPA/PIPA debate is the foreign ‘thief’. He’s everywhere—robbing Americans of their creativity, jobs, and money. Worse, he’s enjoying himself. As the Chamber of Commerce put it: “The criminals behind these sites are laughing all the way to the bank, stealing the best of American creativity and innovation at the expense of our jobs and consumers.”
Strictly speaking, the top five pirated films of the year were Fast Five, The Hangover II, Thor, Source Code, and I am Number Four. It’s not a ‘best of’ list, exactly, but that’s a different story.
Even most opponents of SOPA/PIPA maintain a common front on this issue: the foreign thief must be stopped. Chris Dodd is right about this: the only public debate is about how.
For the past few years, Kim Dotcom (nee Schmitz) has been the MPAA’s go-to example of the foreign thief. Dotcom is a flamboyant hacker/entrepreneur with a fraud conviction, a penchant for fake names, and a fortune built, like many new media fortunes, in the grey areas of IP law. Megaupload was one of the first cloud storage or ‘cyberlocker’ services, and is routinely ranked in the global top 50 in traffic. There is little doubt that it hosted a lot of infringing media. There is doubt about the extent to which Megaupload encouraged this, and how that affects their liability for infringement.
The Megaupload case has important legal implications. Mike Masnick has a very good rundown, but let’s focus on two. The case will certainly challenge the scope of the “safe harbor” from liability afforded online storage providers—a very important issue in an era of cheap, ubiquitous cloud services. It will also be a front in the government’s (and, more particularly, MPAA’s) push to shift from an ex post model of enforcement, involving notification and takedown requests when infringing content is identified, to an ex ante model based on the surveillance and filtering of user activity.
If this sounds familiar, it’s because it is also fundamentally at stake in SOPA, and raises all the same censorship and free speech issues. Holding Megaupload liable for failing to monitor and filter user activity for infringement, for example, would compel monitoring across a wide range of web services, from search to social media. And that would mark a very fundamental shift in the freedoms associated with the Internet. SOPA and the Megaupload case are part of this long game.
The Megaupload indictment is also a public effort to cast a villain in the file sharing story: to prove that someone, other than consumers, benefits from piracy. Kim Dotcom’s arrest—with all of his luxury cars on prominent display—is about making the case not only for abstract losses to industry but also theft from industry. We’ve repeatedly taken issue with the industry calculation of losses, most of which are fictional. But let’s ask the narrower question. Who is the foreign thief, and how much is he stealing?
As usual when talking about piracy, there are lots of claims but very few hard numbers. The revenue estimates that do circulate in file sharing cases are notable, however, for their miniscule size compared to the 10s or, occasionally, 100s of billions in losses claimed by industry groups. Here are a few examples…
· The Swedish trial of The Pirate Bay trial in 2009 became an occasion for all sorts of competing estimates of revenues. Record industry group IFPI estimated the site’s revenues at $3 million per year. The MPAA described $5 million in revenues. But prosecutors endorsed a much lower number: $170,000 from advertising (against what the defense characterized as $112,000/year in server/bandwidth costs and $100,000 per year in revenue). This is for a site that appears consistently among the top 100 visited sites in the world.
· NinjaVideo, a Brooklyn-based movie indexing site whose owners were arrested in 2011, was alleged by prosecutors to have made $500,000 in 2½ years. After the site began to make money, the four administrators split the revenue, netting around $33,000/year each after expenses. Hana Beshara, the site’s primary owner, was sentenced to 22 months in prison under the US No Electronic Theft (NET) Act.
· Brian McCarthy, the owner of Channelsurfing.net, a Texas-based sports streaming site, was alleged by prosecutors to have made $90,000 over five years. He also faces jail time and fines under the NET Act.
· Immigrations and Customs Enforcement (ICE) made some partial revenue estimates for targets of its 2010 domain name seizure program, Operation In Our Sites, based on information from advertising network Valueclick. According to ICE investigators, Torrentfinder, a BitTorrent site, made about $15,000 in ad revenue from Valueclick over a year in 2008-2009. Onsmash, a music link site, made around $2,500 in 2009-2010.
The ICE numbers aren’t complete accounts, but they met the traditional definition of “commercial” copyright infringement that justified the criminal charge (US District Court Case # 10-2822). What they don’t do is describe a very lucrative or, in any other respects, criminal business.
This is a point we’ve made repeatedly regarding the incentives for criminal involvement in piracy. We see little evidence that there’s much money to be made from it—especially as the costs of setting up and running such sites decline. It’s very likely that the larger sites generate significant revenues from advertising—indeed even in the torrent admin community (see below) it’s assumed that the handful of top sites generate six and even seven-figure revenues annually. But at any given time there are only a few such sites. And even accepting the IFPI estimates, it’s chickenfeed. The top 5 pirated films, for comparison made $2 billion last year. The (non-overlapping) top 5 grossing movies made nearly $5 billion. Piracy generates an overwhelmingly consumer, not criminal, surplus.
It’s easy to see how Kim Dotcom got rich by being an early entrant in the cloud storage market, in the only part of the business that required a lot of large file transfers. (Much the same is true of broadband adoption, for which piracy has always been the early killer app—especially outside the US where legal web services are still underdeveloped.)
As a subscription business selling a scarce commodity, Megaupload’s revenues were many times larger than the largest torrent or link sites. In 2010, execs at Paramount Pictures estimated (in testimony to Congress) its profits at between $41 million and $300 million per year, with the range reflecting different assumptions about its subscription rate. The Justice Department’s recent indictment put the number below the low end of the range—committing to only $175 million in total revenues since 2005–under $30 million/year–and reflecting a roughly 7-1 split between subscriptions and advertising. There are no estimates of how much of this came from legal sources.
In contrast, it’s hard to see how this model remains lucrative. Storage costs are falling rapidly, and there are no barriers to entry or significant network effects. For a comparable market, look to the highly competitive web hosting business rather than search engines or operating systems, which have more characteristics of natural monopolies. Many companies–including Megaupload–already give large amounts of storage away. Many compete for “premium” users, either with inducements or bundling with other services.
The sum of Megaupload’s activities may well satisfy a court that it encouraged large-scale copyright infringement, and therefore should be held liable. But Megaupload’s survival is not the main concern: it’s what happens when all storage is mirrored in the cloud. It’s whether we’ll monitor and police the core features of the web: storage, linking, and search.
The Torrent Admins Survey
Now that the nerds have (provisionally) won the argument that DNS blocking could break the Internet, attention will turn to “follow the money” enforcement strategies—especially those targeting advertising and payment systems. We might ask, in this context, what “follow the money” looks like in a sector where there are few barriers to entry and costs are falling toward zero?
To find out more, we prepared a short survey of torrent site administrators, which was circulated through torrent admin lists and IRC channels by some trusted intermediaries. We received 11 responses to our survey—most of them anonymous; most of them ‘vouched for’ by our partners; and most of them anonymized through various services. We neither asked for nor received identifying information. This is, in other words, a small sample with some big caveats (such as selection bias). Nonetheless, the responses tell an interesting story.
Responses came from a pretty wide spectrum of sites, including:
· 2 that receive over 10 million visits per month
· 2 that receive 2-10 million visits per month
· 2 that receive 500,000 – 2 million visits per month
· 2 that receive 25,000-100,000 visits per month
· 2 that receive less than 25,000 visits per month.
· 1 that did not specify traffic
To provide some reference points, the two current largest torrent sites—the Pirate Bay and Torrentz—receive roughly 88 million visits/month and 46 million visits/month respectively (according to Google Adwords. There are claims that this significantly undershoots traffic on those sites.) Although cyberlocker sites like Megaupload and Mediafire now outdraw torrent sites by a wide margin, the latter remain a good indicator of the cost structure—and costs of entry—of large scale file sharing. BitTorrent is now a thoroughly commoditized technology, running on low cost hardware with freely available software. Cyberlockers are slightly further behind.
How much does running a torrent site cost? The largest site in our survey, with over 10 million visits per month, was also the most expensive. It reported server and bandwidth costs of $25,000-$30,000 per year. Most of the sites operate on less than $10,000 per year. A couple of the smaller ones were under $3,000.
How much money do these sites make, and how? Of the eleven responses, only the largest site used advertising. It reported a roughly break-even operation, with costs covered in most months by advertising. The other ten do not use advertising. These are typically the smaller, private trackers that require invitations to join—a category that nonetheless reaches into the millions of visits per month.
Eight indicated that they meet the majority of their expenses through member donations. Only one indicated that it fully met expenses this way. Only one earned additional income through affiliate links. The balance typically comes out of the pockets of the site administrators.
Although we received less information on staffing, several indicated that they operated entirely with volunteer labor—in a couple cases involving communities of a dozen or more administrators. This is the norm among smaller, private sites.
The picture that emerges from the survey is one of financially fragile but low cost operations, dependent on volunteer labor, subsidized by users and founders, and characterized by a strong sense of mission to make work more widely available within fan communities. Few such sites make or seek to make money. Many are specialized communities exchanging media of particular types, genres, or languages. A site like NinjaVideo began this way, but grew into a larger, revenue-making operation.
Rights holder pressure on payment systems is not new, but it has been ad hoc. Credit card companies were enlisted in the mid 2000s, when the record industry group IFPI waged war against the (nominally legal) Russian pay-download site AllofMP3. Industry threats against safe harbor provisions for payment providers played an important role in this process. No payment provider wants to tangle with industry lawyers on behalf of an accused infringing site, even if there is no legal basis for cutting off service. Few accused sites are able to lawyer up to respond. Strict legality doesn’t make much difference in such contexts. One site administrator showed us a letter from a payment provider terminating service based on a DMCA complaint—a law that makes no such provisions.
SOPA and PIPA legalize these strategies and make them much easier to use. Under SOPA, rights holders gain a strong right of “private action” that allows them to issue cut off letters directly to advertising services and payment systems. The latter must cut off service or face secondary liability for infringement. Under SOPA, moreover, neither the payment system nor the rights holder is liable for damages from any mistaken or overly broad actions. The “safe harbor,” under these circumstances, is repurposed to empower the complainant rather than the user.
Independent of the potential for collateral damage, SOPA and PIPA are best understood as collections of harassment measures for pirate sites, rather than any sort of “solution” to piracy. A loss of advertising revenue would harm some file sharing sites—especially the larger, more public sites that have grown into advertising-dependent commercial operations. The loss of primary payment systems such as PayPal would complicate life for the smaller torrent sites, but wouldn’t cut off revenues: there are many ways to manage the modest donation systems that keep these sites in business.
Some parts of the file sharing ecology, consequently would be vulnerable to payment system attacks. But the overall impact is likely to be low. Much of the file sharing ecology already operates at very low cost, on minimal revenue. Much of the labor is volunteer—with advertising and the “professionalization” of staff a matter of choice rather than necessity. And infrastructure costs are falling.