A law firm deeply entrenched in so-called copyright troll activities in Finland broke copyright law itself, a disciplinary board has found. Hedman Partners sent out letters demanding large sums to make supposed lawsuits disappear but according to the Finnish Bar Association, it committed an offense when it obtained private subscriber data for one client but then used it with others.

So-called copyright trolling in the file-sharing space involves copyright holders claiming their rights have been infringed before heading to court to demand the identities of subscribers behind IP addresses.

Once these identities have been obtained, law firms affiliated with trolls write to the person whose name appears on the ISP bill in order to demand cash settlements to make supposed lawsuits go away. It’s a lucrative but extremely controversial practice.

This type of activity got underway in Finland during 2013, taking hold during 2014, with a notable escalation in 2015 and 2016.

Early 2017, local media sources reported that up to 60,000 people could be in line to receive cash demands from Helsinki-based law firm Hedman Partners, something which prompted the government to conduct an investigation (pdf) with help from the authorities.

Now, however, Hedman Partners have a related matter to deal with, one that’s seen a lawyer at the firm accused of misconduct due to the way some private Internet subscriber data was obtained from ISPs and subsequently handled.

According to the Finnish Bar Association, lawyer Joni Hatanmaa and Hedman Partners applied to the Market Court for access to data held by ISPs, to enable it to send settlement letters to Internet users. The Copyright Act allows rightsholders and their representatives to apply for this right on a case-by-case basis.

However, it appears that after applying to obtain personal information on behalf of one client, Hatanmaa and Hedman Partners then used that same information to identify subscribers who had allegedly infringed the rights of other clients also managed by the law firm.

This means that when an IP address appeared on lists of those sharing multiple clients’ copyright works, the law firm made only one application to obtain the alleged infringer’s personal details instead of starting a new disclosure process for each client.

When ISP subscriber data is handed over to a third-party, it is delivered on the basis that it will be used in a very narrow set of circumstances and certainly not for the benefit of many entertainment industry groups scouring the web for infringement.

This breach of copyright law, the Board found, was not in keeping with the standards expected by the Bar. But, according to Joni Hatanmaa himself, the problems actually arose due to different interpretations of the law.

“In this case, the Board of Supervisors considered that the application process should have been handled in a different way under copyright law,” he told Helsingin Sanomat.

“The decision has made it clear that the law has the potential for a wide range of interpretations.”

In any event, the lawyer says, the cases against infringers will continue. Plenty are still underway and the project continues to expand.

“If copyright infringement has been violated in peer-to-peer networks, those responsible are still liable. The remark was purely a matter of interpreting the law in the application process as to how the application should be made in order to give people full responsibility,” he said.

A second complaint against the law firm, in respect of wording in letters sent to alleged infringers, was also considered by the Board but was deemed to be low priority.

The decision of the Disciplinary Board is not yet final and can be taken to the Helsinki Court of Appeal. Meanwhile, it seems that the threat-letter model will continue. Ahto Apajalahti, a board member at digital rights group Electronic Frontier Finland, informs TF that a change in the law is required to bring ‘trolling’ to an end.

“The Ministry of Education and Culture doesn’t want to change the law. However, both the Ministry and the Market Court are uneasy about the vast scope of these activities. The peak year so far for these letters was 2016, when letters were sent to tens of thousands of people,” Apajalahti explains.

“This unease has been reflected in the decisions by the Market Court in 2017 and 2018 which established some limits. Basically it is now more difficult for Hedman Partners and others to get people’s contact information. They have to show more evidence than before and as a result they get far fewer contact details than they apply for.”

In a recent case, Hedman requested the identities behind 1,860 IP addresses but got only 30. Still, the company continues to send letters to those whose details were obtained in 2017 and 2016 so the company still has plenty to go at, regardless of the negative ruling from the Finnish Bar Association.

“This violation case where Hedman was reprimanded is mostly a technical matter and I don’t think it changes the situation at all. Hedman just have to change their working procedures a bit,” Apajalahti concludes.

—

The complaint to the Finnish Bar Association’s Disciplinary Board was filed by Ritva Puolakka, with help from members of MuroBBS. A copy of the decision is available here (pdf).