I would take those figures with a grain of salt since the industry representatives have a vested interest in trying to describe the new law as a success. The fact that we just had Eastern holidays could have a large role. One would at least need to go back one year and see if the holidays then had any effect on sales. I think the decline in bandwidth usage is more certain the sources for that are more impartial.

In addition to the demand for VPN, the directory of one of the major ISPs here said on Swedish Radio this morning that they do not store historic IP-address data. So if someone uses the new law to request contact info for someone who were assigned a specific IP address at a specific time they won’t release any such information since they don’t store it to begin with (the law does not force the ISPs to store this info, only to release the info they have if certain conditions are met). Now it could be that the EU directive on data retention could change this, but since the motivation for this directive was to fight serious crime it would be reasonable not to grant access to such sensitive information for petty crimes. We’ll see how it unfolds I guess.

By the way, the first three uses of the new law to reveal the identity of internet users are interesting:

1) The anti-piracy agency requests the identity of someone running an FTP-server with a large number of audio books. The evidence provided is in the form of screenshots. However, in gaining access to the ftp-server the anti-piracy agency likely committed a data breach crime, since the server is rumoured to have been password protected and it’s very improbable that they had legitimate access to it (even if they got the password from someone using it could still constitute data breach if they were not supposed to have it).

2) The second case wasn’t related to copyright at all. A printing company in southern Sweden had a hacker break into their system and they wanted to use the new anti-piracy law in order to get the identity of the internet user behind the IP address in their server logs.

3) The third case is a young Pirate Party member who decided to give the new law a test run and request the identify of the people sharing his music on Pirate Bay. It’s not yet clear what he will do with the contact info, but maybe he’ll send the persons who shared his music a thank you letter – who knows.

Isn’t it a bit ironic that the first invokation involved data breach in order to gather evidence and the second usage of the anti-piracy law didn’t have anything to do with piracy at all but can be seen as a private company doing their own police-like investigation of a data breach crime?