The popular Germany-based file hosting service RapidShare has allegedly begun handing over user information to record labels looking to pursue illegal file-sharers. The labels appear to be making use of paragraph 101 of German copyright law, which allows content owners to seek a court order to force ISPs to identify users behind specific IP addresses. Though RapidShare does not make IP information public, the company appears to have given the information to at least one label, which took it to an ISP to have the user identified.

The issue came to light after a user claimed that his house was raided by law enforcement thanks to RapidShare, as reported by German-language news outlet Gulli (hat tip). This user had uploaded a copy of Metallica's new album "Death Magnetic" to his RapidShare account a day before its worldwide release, causing Metallica's label to work itself into a tizzy and request the user's personal details (if there's anything record labels hate, it's leaks of prerelease albums). It then supposedly asked RapidShare for the user's IP address, and then asked Deutsche Telekom to identify the user behind the IP before sending law enforcement his way.

Ars asked RapidShare for comment and confirmation of the situation, but did not receive a response as of publication time. Gulli, on the other hand, offers a scanned copy of the court decision and also claims it was privy to a confirmation e-mail from RapidShare that it had handed over the information.

RapidShare has had a more than a few tussles in the German courts as of late. In January of 2008, RapidShare found itself pitted against GEMA (the German version of the RIAA) arguing that it was not responsible for the content that users uploaded to the site. The D�sseldorf Regional Court didn't buy it, ruling against RapidShare, saying that the company is responsible for those files and would have to check every file for copyrighted material. In October, the court spelled out its expectations a little more clearly, saying that RapidShare must remove infringing content proactively, despite RapidShare's insistence that it had already hired on six staffers whose sole job was to go through uploaded material and respond to complaints about infringement.

Critics fear that that the latest series of events is evidence that the floodgates have been opened for a more "creative" interpretation of paragraph 101. After all, if they are able to obtain IP information, record labels may begin using it to go after users on BitTorrent and other P2P networks. This is the same fear that fueled borderline levels of panic when rumors circulated about Last.fm handing over user data to the RIAA earlier this year, though both Last.fm and the RIAA vehemently denied the accusations. Last.fm later said that it takes the privacy of its users very seriously and that it would never hand over personally identifiable data like e-mails or IP addresses.

There are, however, many differences between Last.fm and RapidShare. For one, if Last.fm were to find itself in the position RapidShare is in with GEMA, it would be able to argue that the Safe Harbor provision in the DMCA protects it from liability as long as it removes infringing content after being presented with a takedown notice. In Germany (and many other countries), there is no equivalent, meaning that RapidShare has little choice but to comply with the rulings. RapidShare's incredible popularity—Germany-based deep packet inspection (DPI) provider Ipoque recently put out a report saying that RapidShare is responsible for half of all direct download traffic—has only made the issue more sensitive for the record labels and service providers alike.

Whatever the outcome, both situations highlight the precarious level of trust that users have with service providers. If more of them cooperate with the requests of the record industry—court ordered or not—then users will start fleeing user-supported services like rats on a sinking ship.