DJ: So, what we saw was a shift towards customers being made part of a business model that involved–I don’t know if extortion is the right word–but embarassment for gain.
An individual would download a movie, using bittorrent, and infringe copyright. And that might be our customer, like Bob Smith who owns a Sonic.net account, or it might be their spouse, or it might be their child. Or it might be one of his three roommates in a loft in San Francisco, who Bob is not responsible for, and who rent out their loft on AirBnB and have couch surfers and buddies from college and so on and open Wifi.
When lawyers asked us for these users’ information, some of our customers I spoke with said “Oh yeah, crap, they caught me,” and were willing to admit they engaged in piracy and pay a settlement. But in other cases, it turned out the roommate did it, or no one would admit to doing it. But they would pay the settlement anyway. Because no one wants to be named in the public record in a case from So-And-So Productions vs. 1,600 names including Bob Smith for downloading a film called “Don’t Tell My Wife I B—F—— The Babysitter.”
AG: Is that a real title?
DJ: Yes. I’ve read about cases where a lawyer was doing this for the movie “The Expendables,” and 5% of people settled. So then he switched to representing someone with an embarassing porn title, and like 30% of people paid.
It seemed like half the time, the customer wasn’t the one right one, but they rolled over because it would be very embarassing. And I think that’s an abuse of process. I was unwilling to become part of that business model. In many cases the lawyers never pursued the case, and it was all bluster. But under that threat, you pay.
AG: So when did you decide to limit data retention?
DJ: Well, we saw a big uptake in this problem early last year. The “Don’t Tell My Wife” one was the first, and we laughed about it. But then we saw more and more coming in. So I looked at this, and it was a cynical, awful business.
I met with my system team, and I said, why are we keeping these logs? The primary reasons were law enforcement and spam, so we looked at our law enforcement subpoenas, and the spam processing. In the case of spam, someone is infected and becomes part of a botnet, somebody kicks off a spam job and the customer dumps 20,000 emails in a day. We get complaints, and they’re all about the last day. My systems team also only needed logs for a day.
So then I looked at law enforcement subpoenas and tried to balance an ability to help law enforcement when it’s morally right to do so with an inability to help anybody beyond a certain window. In the civil copyright cases, we’d get a subpoena from them anywhere from 30-90 days later, sometimes longer after the alleged act of piracy has occurred.