How iCloud And Its Competitors Could Lead To Copyright-Trolling Lawsuits

Now that Apple (NSDQ: AAPL) has launched its iCloud music service, it’s going to be scanning a whole lot of users’ music files. So what is the company-and its music-industry partners-going to do about the fact that much of that music wasn’t legally purchased?

As users move their music to the cloud, it’s likely that a large number of the tracks moving into the cloud are of, shall we say, dubious parentage. That is to say, many of them were likely transferred over a file-sharing network at one point. What’s going to happen with all those pirated tracks as music gets moved to the cloud? And what kind of information will Apple be gathering, and sharing?

While it’s not widely known, MP3 and other music files often contain personal information. Some of the biggest digital music stores-most notably Apple’s iTunes, but also Wal-Mart (NYSE: WMT) and the now-defunct Lala-encode metadata on MP3’s that are sold that include account names and email addresses. (Other services, like Amazon (NSDQ: AMZN), do not include such information-here’s a list of who does what.) Such information could be used in furtherance of a DRM scheme. TechCrunch published an article last year quoting a “music-industry insider” made clear that the encoding of such metadata was a direct result of pressure from certain record labels, which “have aspirations to use this hidden data to control future access to music.”

So will Apple be gathering such “metadata” when users who buy in to the cloud scheme allow the company to scan their hard drives, looking at all the music they bought? The gathering of such information would probably be part of any thorough scan, although that doesn’t mean Apple has to keep that data. In fact, if they’re smart, they won’t hold on to it.

Metadata ownership information about users’ music collections would be mighty interesting to copyright owners, even if they didn’t have any interest in filing a lawsuit over it. Imagine the sort of “See! We told you so!” we’ll be hearing if content owners are able to establish, for instance, that a high proportion of music files sent to the cloud were transferred illegally-in other words, that they have a username or email embedded in them that’s different than the cloud customer.

But let’s imagine how a more direct legal battle could erupt over cloud-music. We might not see a big record label go after a tough target, like Google (NSDQ: GOOG) or Amazon itself (although the labels certainly do seem to be keeping their options open in that regard.) Instead, consider this possibility, outlined to me by New York Law School’s Prof. James Grimmelmann: a much smaller copyright owner-like the ones now engaging in mass-copyright litigation-decide to file a broad lawsuit over music sharing, and try to use courts to get large amounts of metadata that would demonstrate which files were pirated.

“Somebody from a smaller label will be approached by a lawyer, who says, ‘I want to try this fishing expedition lawsuit,'” explains Grimmelmann. “I will try to force Apple to tell me which users have unauthorized versions of this, and then I’ll just file a shotgun lawsuit against all of them.”

To be clear: “Such a lawsuit would have serious problems and I think it would probably lose,” said Grimmelmann. “But because of the iCloud service, it could be a lot more intrusive.” Grimmelmann says he’ll be looking closely at the iCloud privacy policy to figure out just what types of information-gathering, and information-sharing, Apple intends to do with iCloud.

And consider that Google and Amazon are potentially even richer data sources. Apple’s big advantage over those services is that because they have struck licensing deals with the music labels, they’ll be able to simply scan user hard drives and then provide copies of music, obviating the need for big uploads. But users of the Google and Amazon cloud services will have to directly upload their own files-which will inevitably contain metadata indicating the original ownership of some files.

Think it’s unlikely that copyright owners would be able to pressure online companies into handing over private user information? Think again. The fact is, it’s already happening-routinely. For about a year now, enterprising copyright lawyers have been launching mass-copyright suits, suing thousands of “John Doe” defendants believed to have downloaded movies. The lawyers and their investigators collect IP addresses from BitTorrent sites, and then insist that the internet service providers hand over the user’s identity. While some have balked the ISP’s have handed over the identities of hundreds, if not thousands, of users.

This isn’t so hard to imagine. It’s already clear copyright owners are watching the development of online locker services very warily. The entertainment industry has already sued some services that they argue have overstepped the law-that includes mp3tunes, which won its case against the EMI record label in the lower courts and is defending on appeal; as well as the Hotfile service, which was just sued by the MPAA. And while it doesn’t seem likely at the moment, if the RIAA were to re-start its litigation campaign against individual music downloaders, a defendant’s iCloud data could be a big source of evidence.