King:
Sorry for the jargon. Habits of a lifetime.
Basic translation: The Fourth Amendment is aimed at activity by government agencies, not private parties. If you break into my house looking for evidence that I breached a contract with you, that's a crime but its not a violation of the 4th Amednment. That's because you're a private party, not the government.
The interesting twist is this. When you look at the DCMA - which is the law that authorizes these subpoenas - you see that it is a criminal statute as well as a non-criminal statute: there are criminal sanctions attached to a violation. At the same time, it looks like the statute is delegating (or assigning) a governmental function - investigating the crime - to a private party (the RIAA).
Well, the suggestion is as follows.
The government would have to go before a judge to obtain a search warrant or subpoena in a criminal investigation. The cops can't just break into your house on an unsupported suspicion. That's the 4th Amendnment issue.
So why should the government be allowed to avoid that requirement by downloading the responsibility to the RIAA for conducting the investigation without judicial oversight when it may wind up in the same place - a criminal prosecution by the government?
Don't think it works, though. One other difference I didn't mention in the last post: the 4th Amendment protects a defendant against invasion of his property from illegal search. Here, the subpoena is directed to a third party (Verizon), so even if you accept the analogy, Verizon's not a potential defendant and wouldn't be able to claim 4th Amendment protection for a search aimed at one of its customers.
I suppose it could notify the end-user and let him raise the objection.However, as far as the customer is concerned, don't know if he has the same legitimate exp[ectation of privacy for his account with an ISP as he does for his home or his car.
On ex-US activity: maybe yes/maybe no.
Dutch courts for instance have refused to shut down p2ps, so the legal issue - violation of intellectual property rights - is handled much differently in other countries.
But that's not the end of the issue. US courts have begun claiming authority over exclusively off-shore activities. Historically courts have required some evidence of a defendant's physical presence or business contact with the state in order to exert legal authority over it. However, there was a recent decision by a US court that it had jurisdiction over the Australian company that runs Morpheus or one of the other p2ps even though that company had no such presence or activities in the US.
The basis for allowing the US court to proceed with the case seems to be that users in the US were utilizing the program, and that was sufficient to allow the court to deal with the defendant.
So, even if the non-US defendant doesn't show up in court, the court may enter a judgment against it. Under international treaties and international law principles, the courts in the home jurisdiction (Australia) may then enforce the US judgment without reviewing the legal basis for the original claim.
But that's not a slam-dunk, for reasons that are quite complex. This whole issue of jurisdiction over foreign parties in cyberspace is quite unresolved ATM.
Hope that was more helpful and not too tedious. (I know, I'm setting myself up.)
HTH