Third, our audit system can also be used to help this company identify all illegally offered content of all types, data, software, games, etcetera, on its computer systems so that they can clean it up themselves. Since this material is publicly offered, we would not even have to go onto their premises to compile a report for them. I am not here to denigrate other approaches to dealing with peerto-peer distribution, particularly those favored by our potential clients. Our service, and perhaps those of some competitors, is designed to be part of a multi-faceted approach. I do believe, however, that our own element is least intrusive to consumers and corporate employees and most productive for those who employ it.

In summary, Mr. Chairman, I have demonstrated two separate approaches to dealing with peer-to-peer piracy, and we think both can contribute to dealing with the problem. One is to help content providers protect against illegal distribution of otherwise unprotected content. The other is to help those who unwittingly make such distribution possible to audit and police their own premises. If major organizations and institutions had incentives to clean up their own computer servers, the majority of illegally posted movies, books, songs, software, games, data, training manuals, and objectionable matter that we find in our audits could disappear overnight.

Thank you, Mr. Chairman, for the opportunity to have appeared today.

[The prepared statement of Assaf Litai follows:]

PREPARED STATEMENT OF ASSAF LITAI, FOUNDER AND INTERIM CEO, VIDIUS, INC. Chairman Upton, Ranking Member Markey, and members of the Subcommittee: I am Assaf Litai, Founder of Vidius, Inc. Vidius is a start-up company, co-founded by veterans of Israel's underseas and land defense forces. It offers technology services and support to those who are concerned about the unauthorized, mass distribution of their products-movies, music, games, computer software, books, and databases-over peer-to-peer networks. Vidius has developed and applied for twenty patents on techniques and services, which I will demonstrate today, to assist owners of such products in protecting themselves. But current law actually provides disincentives for these owners, and for legitimate institutions and businesses whose facilities are the unwitting hosts for pirate distribution, to take simple and effective steps to stop the unauthorized mass distribution of these valuable entertainment, computer software, game, and publishing properties.

Industry and congressional concern over copyright has focused increasingly, and now almost exclusively, on the business that Vidius is in-addressing mass, unauthorized distribution of content that is "hosted" on servers scattered around the country and the world. These servers are of two general types—those that are maintained for other purposes by large institutions, and, to a far lesser extent, those maintained expressly for this purpose by some individuals. A letter recently sent by a group of motion picture CEOs to a group of hi-tech industry CEOs said:122 "[Unauthorized peer-to-peer file distribution...harms existing theatrical, home video and subscription outlets, and discourages legitimate on-line services which cannot sell access to movies, music and other entertainment content... available for free. We... should all work together in a consensus-based and cooperative fashion to find solutions to this problem that is threatening the very essence of our business."

Indeed, this understates the problem-our research has shown that these very same servers also host computer software, books, games, etc., responsible for much or most of the piracy in several other industries.

Today I will demonstrate a Vidius system called ClearSite TM that is capable of identifying, auditing, and interdicting such piracy. I want to emphasize the importance of its "auditing" feature. Most of the "servers" for piracy in fact are owned and controlled by legitimate institutions in entirely unrelated businesses or endeavors, without their knowledge. Let me repeat that most of the peer-to-peer servers that deliver pirated material are owned and controlled by legitimate institutions in

other lines of endeavor. This should not be a surprise, because most symmetrical broadband access today (hi-bandwidth for both uploads and downloads) is still provided through institutions rather than private homes. Real, viral distribution occurs when participants have high bandwidth for uploads as well as downloads. This is the case today primarily in institutional settings, and is unlikely to change any time

soon.

While we know that much of the motion picture material distributed on peer-topeer networks has been obtained, as well as distributed, in an unauthorized fashion, many of the items distributed—particularly in the area of computer software—were not "stolen" at all. Rather, they are legitimate, purchased and licensed copies. However, they have been illegally made available for mass distribution by employees or others at these institutions or companies, many of which themselves have been, and are, prominent victims of piratical distribution. To paraphrase the song"Who's hostin' stuff on your own servers

While you are out sellin' stuff?"

Before demonstrating ClearSite TM I want to provide some assurances as to what the ClearSite TM system is not:

• First, our system does not invade the privacy of any data stored on anyone's server or hard drive. It operates only on data that has been publicly displayed to any inquiring computer. This data describes the content that has deliberately been made available to the public for piratical distribution. If this information were not purposely delivered to anyone who inquired, the Vidius system could not operate.

Second, our system does not require the modification of anyone's server, PC, home network, or consumer electronics product. Nor does it interfere in any respect with the operation of such products on an institutional or home network.

• Third, the ClearSite TM system cannot operate against the wishes of the ISP that connects the server to the network.

Now for our demonstration. In our offices we recorded an actual instance of finding one product on a server that offered it for mass unauthorized distribution. We can collect and audit this information either by product or by host. Thus, in a different demonstration from today's, we could show how XYZ corporation's peer-topeer servers generally PCs used by its employees-are today hosting a range of software, books, games, databases, and audiovisual material for mass unauthorized distribution. Today, however, we will focus on tracking and addressing the distribution of a particular piece of content-a motion picture.

To track and audit a particular movie, we need not have implanted any information in it, or have been given any special knowledge about it. We can figure these things out for ourselves, through a process known as "fingerprinting." Our demonstration shows our actual survey, acquisition, and evaluation of single case, including a determination as to how many copies of the movie are on the server. (This part we could have demonstrated in real time, remotely, using any laptop computer tied in to our office.) Our movie then shows us interdicting further illegal distribution. (This part we can only do from our office facilities, which is why we recorded the entire demonstration.) This is a demonstration of our actual process at work, not a simulation.

Our system is sufficiently flexible to be applied only to those servers that offer a certain number of illegal copies, or that have downloaded a particular movie a certain number of times. That is another reason why our audit function is so impor

tant.

I am not here today to denigrate other approaches, particularly those favored by our potential clients in various business. We are, after all, a startup company building a clientele among the various industries that are here before you today. Having listened to the debates about other approaches, however, I submit that from the standpoint of law-abiding consumers and businesses, ours is the approach to stopping piracy that is least intrusive to consumers and employees, and most productive for those who employ it.

I also should note that neither Vidius nor I am opposed to distributed computing in general, or peer-to-peer networking in particular. To the contrary, I agree with those who have said that distributed computing and peer-to-peer networks present many new opportunities to the information technology industry. To be kept free from regulation, this activity needs the advantage of self-protection. Such protection is available to top-down networks through DRMs.

I said at the outset that existing law provides disincentives to such self-protection. I can point to two areas in which the law needs to be understood or amended: First, there are some who would interpret existing privacy laws, originally addressed to intrusive practices such as wiretapping, so as to support aggregated civil damages, and even criminal penalties, against any touching of a peer-to-peer serv

er-even where it only involves the public "out box," and the subject is clear, redhanded, repeated piracy. Under such a legal interpretation, the more piracy that is tracked from a single server, the greater the number of incidents of "touching" that might be aggregated, by some court, into "damages" in favor of the pirate, against the owner of the illegally distributed property. This is a complicated issue involving both Federal and state law. The subject needs to be addressed with care, with complete regard for the rights of consumers and technologists. But unintended legal consequences cannot and should not persist, in state or federal law, as a barrier to self-protection.

Second, existing law provides a disincentive for legitimate institutions-businesses, universities, foundations, even congressional offices to audit and address their own unwitting activity in supporting piracy through their own computer systems. The "NET Act" provides criminal penalties for use of such systems in piracy, but rightly provides that the system operator is liable only if specifically aware of the activity. But if the law stops there, legitimate institutions will continue to have a strong incentive to turn a blind eye to their own support of mass, piratical distribution. Even companies that can point to millions or even billions of dollars in losses as to their own products still have a very strong legal disincentive to find out whose products their own employees are distributing via their own systems.

What is needed is to go further-to provide a “safe harbor” from criminal liability, under the NET Act, for entities that do try to find out what is being illegally distributed via their own systems. Remember, Mr. Chairman, most broadband exchanges today occur via institutional networks. If major organizations and institutions had the proper legal incentive to clean up their own computer servers, the majority of the illegally posted movies, books, songs, software, games, data, training manuals, and pornography that we find in our audits could disappear overnight.

Thank you, Mr. Chairman, for the opportunity to have appeared today.

Mr. UPTON. Thank you.

Mr. Kraus.

STATEMENT OF JOE KRAUS

Mr. KRAUS. Thank you, Mr. Chairman. Mr. Chairman, members of this committee, good afternoon. My name is Joe Kraus, and I am co-founder of a national membership organization dedicated to safeguarding citizens' fair use rights to digital media.

Specifically, we want to be sure that any digital rights management solution or legislation protects the rights of consumers as well as the rights of the entertainment industry. I am here to represent the views of the 35,000 Americans who have become members since our formation 6 weeks ago, and on their behalf we thank this committee for holding this hearing and allowing us to testify.

Our members are not teenagers swapping songs on the Internet. They are ordinary, law abiding citizens who insist that Congress protect their historical fair use rights. They are people like Gregory Brewsaugh, a self-described Republican high school physics teacher in Huntington Beach, California. Mr. Brewsaugh has purchased over 400 CDs. He has copied his CDs onto his personal computer, which he now uses as a 4,000 song personal jukebox to deliver endless varieties of music throughout his home. Mr. Brewsaugh simply loves music and enjoys his freedom to listen to the content in the manner of his choosing.

DigitalConsumer.org members respect intellectual property. We do not condone piracy. However, unlike what media companies would like you to believe, not all unauthorized copying is piracy. Let me say that again. Not all unauthorized copying is piracy.

For example, we have all made mixed tapes of our favorite music. We have all made copies of CDs to take to the gym or listen to in the car. We have all recorded a sporting event to watch after our child's soccer practice. None of these copies were authorized by

the media companies. Yet is there anyone on this committee who believes that those are acts of piracy? Of course not. Although they are unauthorized, they are examples of legal, personal, fair use.

Unfortunately, the entertainment industry has consistently denied the existence of consumers' fair use rights. In July of 2000, Hilary Rosen represented the RIAA before the Senate Judiciary Committee. Senator Hatch asked if it was fair use for him to copy a CD to take in his car or copy a CD to give to his wife. She responded, "none of those examples is fair use." Instead, they are examples of what she called, "tolerance" on the part of the music industry.

We disagree. Consumers have fair use rights, and they expect Congress not to tolerate any erosion of them. Fair use is not a set of consumer expectations. Fair use is not a set of tolerated behaviors. Fair use is a set of rights, and because those rights are being encroached upon, they need to be strengthened and affirmed.

We encourage the content industry to pursue pirates, but that pursuit must not sweep so broadly that it also punishes law abiding citizens; and, unfortunately, the media industry's agenda goes far beyond piracy, and instead intends to create a legal system that denies consumers their personal use rights, and then charge those consumers additional fees to recoup them.

Let me give you some examples of the methods the content industry is using to erode fair use rights. No. 1 is technology. Copy protection technologies in the market today have impacts beyond their stated goal of reducing piracy.

For example, my mother called me to insist her MP3 player was broken, because she couldn't copy a recently purchased CD to her portable player. She was surprised to learn the CD was operating as intended. It was explicitly designed to prevent her from making her legally allowed copy.

Method number 2 is legislation. As we all know, the content industry is urging the passage of legislation like the Hollings bill in the Senate, which does not fully protect fair use by consumers.

Number 3, commercial exclusion: Ordinary people have historically been excluded from decisions that affect how they enjoy the media they pay for. For example, consumers had no voice in deciding that DVDs could disable the menu button during previews, thereby forcing consumers to watch the previews.

A moment on the Broadcast Protection Discussion Group: The erosion of fair use rights is occurring in many different places. The forum that concerns us today is the Broadcast Protection Discussion Group. We see three main problems with the process adopted by the BPDG.

No. 1: No consumers are participating. As in previous cases, citizens are not participants in a process that will affect the way that they watch, record, and enjoy their television.

No. 2: No provisions for fair use. Fair use is not protected by the specification. In fact, it is not even mentioned. While the interim. progress report to this committee briefly discusses some fair uses, the draft of the specification ignores it completely. If we all agree that fair use is going to be protected, then why haven't the parties to the process included it in the specification?

No. 3: Too much control in industry hands. The charter of the BPDG is to prevent the unauthorized retransmission of digital broadcast television. That may be the charter, but the document produced thus far establishes a technical regime which would give a small subgroup of the BPDG members, which, by the way, include no consumer representatives, far greater control, control over how consumers watch, record, and enjoy their digital television.

For example, the specification would allow the deployment of technologies which could give media companies the control over when your VCR recordings expired. Imagine recording all Sesame Street programs to replay for your child whenever you needed to, only to find out your recordings expired after 24 hours.

The entertainment industry wants you to ratify a regime that gives them usage control without guarantees of fair use. I would urge the members of this committee not to approve any specification that does not explicitly assert and defend consumer fair use rights.

In conclusion, I urge this committee that stopping piracy—I urge this committee to recognize that stopping piracy is just one goal of copyright law. That goal needs to be balanced against the goal of protecting the rights of citizens. Congress needs to pass into legislation a positive assertion of consumers' fair use rights.

Your constituents need to rest assured that their historic rights are safe. They need to know that no technology, no legislation, no commercial exclusion and no industry consortia will abridge their rights, and until such a positive assertion is passed into law, consumers' rights will continue to be eroded. Thank you very much. [The prepared statement of Joe Kraus follows:]

PREPARED STATEMENT OF JOE KRAUS, CO-FOUNDER DIGITALCONSUMER.ORG Introduction

Mr. Chairman and members of this committee, good afternoon.

My name is Joe Kraus and I am co-founder of Digital Consumer.org, a new consumer advocacy group dedicated to safeguarding citizens' fair-use rights to digital media. To be more specific, we want to be sure that any digital rights management solution or legislation protects the digital rights of consumers in addition to protecting the digital rights of the entertainment industry.

I am here to represent the views of the 35,000 Americans who have become members since our formation 6 weeks ago. We thank the Committee for holding this hearing and for allowing us to testify.

Our members are not teenagers swapping songs on the Internet. They're ordinary, law abiding citizens who insist that Congress protect their historical fair-use rights. They are people who respect intellectual property but who also believe that their rights should not be "collateral damage" in the "war against piracy". They're people like Gregory Brewsaugh, a self-described Republican high school physics teacher in Huntington Beach, California. Mr. Brewsaugh has purchased over 400 CDs. He has copied his CDs onto his computer which he then uses as a 4,000 song personal jukebox to deliver music throughout his home. Mr. Brewsaugh simply loves music, loves electronics and enjoys the freedom he has to listen to the music he lawfully acquired in a manner and form of his choosing.

Digital Consumer.org members are proponents of intellectual property protection. We do not support or condone piracy. However, unlike what media companies would like you believe, copyright does not confer on the holder of a copyright the power to control every access, use, or copy of a work from cradle to grave. Not all "unauthorized" copying is piracy and not all consumers are potential criminals.

We've all made mixed tapes of our favorite music. We've all made copies of CDs to take to the gym or listen to in the car. We've all recorded a sporting event to watch after our child's soccer practice. None of these copies were "authorized" by the content companies. Yet, is there anyone on this Committee who believes that