She was overruled. On September 7, 2003, after 16 years with the organization, Rosen stepped down from the leadership of the RIAA. The head of their own trade organization resigning in protest was a telling sign of things to come, but the major labels weren’t paying attention. Project Hubcap had momentum, and the next day the first batch of lawsuits was filed. Two hundred sixty-one individuals were targeted, with the RIAA requesting damages of up to $150,000 a song. Although the association’s public service announcements had attempted to draw a moral equivalency between pirating a song and stealing a CD, the legal reality proved to be a hundred thousand times worse—a million-dollar fine for shoplifting.
The RIAA’s antipiracy division targeted defendants by the number of files they had uploaded, setting a threshold minimum of 1,000 songs shared. The idea was to go after only the worst offenders, but, due to technical factors, it didn’t quite work out that way. Napster and its clones tended to make one’s library uploadable by default. Savvy users often disabled this function, meaning many of the so-called “worst offenders” turned out to be clueless noobs. So to the outside world, Project Hubcap looked arbitrary and vicious. The RIAA seemed to be choosing the defendants at random, picking up IP addresses from peer-to-peer servers like Kazaa and LimeWire and subpoenaing the responsible Internet service providers for customer details. But even with these subpoenas the RIAA never quite seemed to know who it was suing. It targeted single mothers and families without computers. It targeted senior citizens and children. It targeted the unemployed and people who’d been dead for months. In one high-profile case, the RIAA targeted Brianna LaHara, a 12-year-old girl who lived in a New York City housing project and who had downloaded, among other things, the theme song from the TV sitcom Family Matters. Rather than doing the sensible thing—dropping their civil lawsuit against a child—the RIAA instead offered to settle with little Brianna, provided her parents wrote them a check for 2,000 dollars.
Project Hubcap was not popular. The lawsuits asked a few people singled out at random to pay for the collective actions of millions. The RIAA’s website was hacked and repeatedly bombarded with denial-of-service attacks. Dozens of musical artists, including many signed to Universal, disavowed the suits, siding with their fans. Technology commentators called the lawsuits “absurd,” and pointed out that, in the era of unsecured wireless hotspots, an IP address was hardly proof of legal culpability. Legal experts referred to the lawsuits as “shakedowns,” pointing out that many of the accused had neither the time nor the expertise nor the money to properly defend themselves in a court of law. The ACLU filed its own countersuit, contending that the ISP subpoenas were themselves illegal, and called the RIAA’s actions “vindictive.”
The RIAA had its own descriptive term for the Project Hubcap lawsuits. They were “educational.”
In later years, long after the dust had settled, Doug Morris would seek to play down his role in this disastrous policy. He would claim that he had had little personal involvement in Project Hubcap’s design and execution, and that he’d relied primarily on Horowitz and Geller’s advice. Perhaps that was true. But it was also true that Morris was Horowitz and Geller’s boss. It was only with his explicit endorsement that the lawsuits could have been filed. If Morris—who controlled almost 30 percent of the RIAA’s annual operating budget—had opposed Project Hubcap, it never could have happened.
It was widely conceded, even by the RIAA’s own lawyers, that the peer-to-peer file-sharers were not deliberate lawbreakers but just kids who wanted music. Their actions were selfish, perhaps, but they weren’t trying to hurt anyone. That was a far cry from the Scene participants, who from the labels’ perspective seemed like vandals intent on destroying the music business out of spite. During the flap over Project Hubcap, the Scene remained well hidden. Even within the music industry, even among specialists in intellectual property protection and copyright law, even among most pirates, very few were aware it existed.
But the RIAA knew. For years their secretive antipiracy group had been surveilling the Scene. They hung around in the chat rooms and learned the language of the subculture. They tried, as best they could, to track the shifting allegiances of the pirates and the protean relationships of the dozen or so named groups dedicated to music leaking at any given time. They built a large internal database that tracked the groups’ activities, and using this they were able to construct something that looked almost like an epidemiology map of both the origins of the leaked material and its dissemination throughout the Internet. By the end of 2003, their research kept pointing to one increasingly powerful crew: RNS.
In January 2004, the RIAA appointed Brad Buckles, the former director of the Bureau of Alcohol, Tobacco and Firearms, as its new executive vice president of antipiracy. Buckles would be paid nearly half a million dollars a year for his investigative talents and his connections to law enforcement. After his appointment, the RIAA’s antipiracy squad began to meet regularly with members of the FBI, to share evidence and intelligence, and to convince the Bureau to allocate agents to the case. It was around this time that the FBI opened its dedicated case file on RNS. Termed Operation Fastlink, the investigation grew out of intelligence collected from Operation Buccaneer, the successful prosecution against software crackers from a few years before.
The lead case agent was Peter Vu, who had joined the Bureau in 1997 and had spent his career fighting computer crime. The child of Vietnamese immigrants, Vu was a stern if melancholy presence who brought considerable intelligence and dedication to his job. In his time with the Bureau he had worked online blackmail and credit card fraud and harrowing cases of child exploitation. He was professionally obligated to look under the nastiest rocks of the Internet, and few people understood as well as he did how dark the so-called “darknets” could really get.
Thus for Vu working the Scene was almost like a vacation. The targets of Operations Buccaneer and Fastlink tended not to have prior criminal convictions, and in many cases were even surprised to learn that their actions were illegal. Compared with the sort of depraved criminals and serial perverts Vu normally went after, games-cracking crews and music leakers were marshmallows—bright young kids who were terrified of prison and who, once caught, tended to plead guilty immediately and then provide almost obsequious cooperation. As a result, most of those convicted got probation, and even the worst offenders never spent more than a year or two behind bars.
Nevertheless, the economic damage they caused was real, and Vu was determined to put an end to it. His agents began meeting regularly with the antipiracy division at the RIAA to exchange information and intelligence, and to discuss the progress of the case—what little there was. RNS’ chat channels were closed off, and its recruiting strategy was to pull connected players who were already long-standing members of other groups, making infiltration difficult. RNS’ leader, whoever he was, had an excellent understanding of operational security, cultivating high-placed moles in other organizations while preventing his own from being compromised. Vu worked the case for years, and for a long time he got nowhere.
CHAPTER 13