If you've followed the published an article in which an RIAA spokesperson--anonymous for fear of hate mail--outlined the organization's surprisingly low-tech methods., perhaps you've wondered how they find suspected pirates. Yesterday, the The Chronicle for Higher Education
The RIAA hires an organization called MediaSentry, which has developed an automated program that scans LimeWire for song titles that match titles of copyrighted material in an RIAA database, collects the IP addresses of the computers where these songs have been made available, then reports this information back to the RIAA. The article doesn't reveal how the RIAA picks among these IP addresses to decide where to focus but I'm guessing that volume of pirated material plays a large part.
If the RIAA sees a lot of piracy happening on a university's network, it might issue a takedown letter to the university asking it to remove copyrighted songs. In this case, MediaSentry will gather more specific information about the songs being offered, including checking them against a digital fingerprint to make sure they actually represent a real copyrighted song, or having real people listen to them if the digital fingerprints don't quite match. There's more detail in the piece.
Notably, the RIAA only checks to see which songs are being offered. It doesn't check--and it appears like it has no way to check--if anybody's downloading them. This is why the RIAA has to argue that making a file available is copyright infringement. And the so-called "making available" argument is very much in a legal gray area--some judges have allowed it to stand, but an Apr. 29 judgment in Atlantic v. Howell rejected that argument.
If "making available" is rejected once and for all, the RIAA will have to come up with some new methods to prove users are actually downloading pirated files. I'm not sure how they can do that, short of subpoenaing ISPs (an expensive legal tussle) or putting tracking software on users' PCs (a public relations nightmare waiting to happen).