CRIA File-sharing Lawsuits (BMG v. Doe)

Following through on its threat, the Canadian Recording Industry Association (CRIA) launched a lawsuit in the Federal Court (Trial Division), in Toronto Ontario, on February 10, 2004 against 29 unnamed alleged music file-sharers.

Court hearings were held on March 12th and 15th, 2004. CIPPIC filed written argument and appeared at the hearing, arguing that there are important privacy rights at stake and that file-sharing does not constitute copyright infringement. The Federal Court issued its decision on March 31st, 2004, ruling that CRIA had not made out a "prima facie" case of copyright infringement, and that merely downloading and making music files available on one's hard drive does not infringe copyright under current Canadian law.

CRIA appealed the decision to the Federal Court of Appeal. The Appeal was heard on April 20, 2005, and the Court of Appeal released its decision on May 19, 2205, uholding the trial court decision. Citing privacy values and the weakness of CRIA’s evidence, the Court concluded that the evidence created “the risk that innocent persons might have their privacy invaded and also be named as defendants where it is not warranted.”

What is happening with the court case?

The Court of Appeal has cleared the way for CRIA to file fresh evidence - which seems unlikely given the age of the evidence it has against its current 29 defendants - or to bring a new application supported by admissible evidence in respect of new defendants. CRIA has said it will be back in court, but no new application has been filed to date.

What test did the Court of Appeal establish for revealing the identities of alleged file-sharers?

The following test is distilled from the Court's reasoning:

  1. Plaintiff must show that it has "a bona fide claim" against the proposed defendant, "i.e., that they really do intend to being an action… based on the information they obtain, and that there is no other improper purpose for seeking the identity of these persons". (para.34)

  2. The bona fide claim must be based on admissible evidence linking the IP address(es) with the impugned action(s). (para.21)

  3. "There should be clear evidence to the effect that the information cannot be obtained from another source such as the operators of the named websites." (para.35)

  4. "The public interest in disclosure must outweigh the legitimate privacy concerns of the person sought to be identified if a disclosure order is made" (para.36)

  5. the information on which a request for identification is made (e.g., IP address) must be timely; no undue delay between investigation and motion for disclosure (para.43)

  6. plaintiffs must not collect more personal information than necessary for the purpose of their claim (para.44).

Addendum re: disclosure orders:

"…caution must be exercised by the courts in ordering such disclosure, to make sure that privacy rights are invaded in the most minimal way" (para.42) In particular, if a disclosure order is granted, specific directions should be given as to the type of information disclosed and the manner in which it can be used. In addition, the court should consider making a confidentiality order or identifying the defendant by initials only (para.45)

Does that mean that I can share music files with others over the Internet without worrying about being sued?

No. While the Federal Court said that passive file-sharing is legal, the Court of Appeal set that ruling aside as premature. Also, CRIA has said that it will be bringing a new application. If that happens, then you could be on the hook for copyright infringement if you shared copyrighted materials with others on the Net. Merely downloading music files for your own use, though, is unlikely to get you into trouble. It's putting them into a shared folder that others can access that really upsets the music industry.

How did ISPs respond to CRIA?

The five targeted ISPs reacted in different ways. Shaw strongly resisted CRIA's requests right from the beginning, citing its commitment to subscriber privacy and technical difficulties associating dynamic IP addresses with subscribers at a given point in time. CIPPIC has publicly commended Shaw on its subscriber-friendly approach in the context of a controversial legal, and broader social, issue.

Although not as strongly as Shaw, TELUS also argued against CRIA's request. Bell and Rogers exhibited less commitment to subscriber privacy, focusing their objections on the cost to them of complying with CRIA's requests. However, all three of these ISPs did make efforts to notify their affected subscribers of the CRIA requests, so that the subscribers could obtain legal advice and possible representation before the court hearings.

Videotron didn't even bother to appear at the court hearing on Feb.16th. It has stated its support for the CRIA lawsuits, expressing "delight" that they are proceeding and an intention to hand over subscriber IDs as soon as a court order is issued.

As far as we know, all five ISPs are complying with federal privacy legislation that prohibits them from disclosing subscriber ID to CRIA without a court order. In other words, no subscriber IDs will be disclosed until March 12th at the earliest.

Other ISPs (e.g., SaskTel, Access Communications) have also confirmed that they will comply with privacy laws and not divulge subscriber information to third parties without a court order.

Is this court decision the end of the story?

No. CRIA has said that it will be bringing a fresh application with proper evidence. Further, all legal proceedings to date have just been about the threshold question of the test CRIA must meet, and the quality of the evidence it must bring, before a court will order an ISP to turn over the identity of a customer accused by CRIA of file-sharing.

Also, CRIA and others are lobbying hard to have the law changed by Parliament so that file-sharing is made clearly illegal. The federal Parliament is currently reviewing Canada's copyright law and is considering reforms that would make it illegal to "make available" copyrighted songs to others by way of shared computer directories. CRIA has been pushing for such changes before the Standing Committee on Canadian Heritage.

What does CRIA know about the 29 defendants?

CRIA conducted investigations of KaZaa users from October - December last year, downloading songs from user shared directories, and taking screen "snapshots" to prove that the songs were being made available to others by that user. CRIA was able to identify the defendants' usernames but they don't know who the individuals associated with those usernames are. CRIA therefore asked the court to order the five ISPs in question (Bell, Rogers, Shaw, TELUS, and Videotron) to hand over contact information for IP addresses associated with each Kazaa username.

What should I do if I want to download music but don't want to be sued?

If you want to play it safe and avoid a lawsuit in the future, you should disable the uploading (i.e., file-sharing) features of any P2P application on your computer.

What is CIPPIC doing on this case?

CIPPIC intervened before both the Federal Court and Court of Appeal to advocate of behalf of the Does' privacy interests. CIPPIC continues to monitor CRIA's activities, and, where warranted, will seek leave to intervene again in CRIA's future applications.


For more information, see:

Websites on file-sharing and the music industry:

Back to top

This page last updated: November 9, 2005

Webpage URL: