By: Piyush Senapati

---

In the previous part of the blog series, the article examined the causes and methods behind digital streaming fraud, and how competition law can combat the same. In the second part, the article will examine how laws pertaining to consumer misrepresentation and computer fraud can deal with the issue, along with some potential solutions and recommendations.

CONSUMER MISREPRESENTATION AND DIGITAL STREAMING FRAUD

France’s Centre Nationale de la Musique in its 2021 study on stream manipulation recommended consumer law as one of the avenues for legal recourse against streaming fraud. Article L. 121-1 of the French Consumer Code prohibits the unfair commercial practices towards consumers. A commercial practice is deemed unfair when it alters or is likely to alter substantially the economic behaviour of the consumer who is normally informed and reasonably observant and circumspect, with regard to a good or service. Similar to the complaint before the Canadian Competition Bureau elaborated on in the first part of the blog series, the argument here is that using tactics to boost a songs popularity and thus influence consumers’ probability to play the same, thus counting as an unfair commercial practice.

Where Indian law is concerned, Section 2(47) of the Consumer Protection Act, 2019 defines an unfair trade practice to mean a trade practice which, for the purpose of promoting the sale, use or supply of any goods or for the provision of any service, adopts any unfair method or unfair or deceptive practice. Section 2(47)(i)(e) further lists making any representation that the goods or services have sponsorship, approval, performance, characteristics, accessories, uses or benefits which such goods or services do not have, as an instance of an unfair commercial practice. The word performance is key here- what streaming fraud essentially does is misrepresent to the consumer the performance of a song by artificially boosting its popularity, thus, making it a classical case of an unfair commercial practice that may induce them to listen to the songs.

LAW AGAINST COMPUTER FRAUD AND DIGITAL STREAMING FRAUD

In the US, Section a(4) of the Computer Fraud and Abuse Act, 1986 criminalises knowingly and with intent to defraud accessing a protected computer without authorisation, or exceeding authorised access to obtain anything of value. Since it has been held in case law that the phrase ‘anything of value’ includes customers or subscribers, it can also be reasonably interpreted to mean increased plays and royalty payments. However, the issue of concern is with the interpretation of ‘exceeding authorised access.’ Streaming platforms such as Spotify have terms of service or terms or use, which are essentially contracts with the artists and users, and usually include restrictions on engaging in streaming fraud. However, courts in the US are split on the question of whether violating the terms of use can constitute ‘unauthorised access’ or ‘exceeding authorised access.’ The First Circuit Court in EF Cultural Travel BV v. Explorica found that the defendant’s access to the plaintiff’s website by using a robot was a breach of the terms between the parties and exceeded authorization. However, the Ninth Circuit held in United States v. Nosal ‘exceeding authorized access’ does not include violating contractual use restrictions, but must be based on contractual or technological access restrictions. Thus, while a broader interpretation of the provision may include streaming fraud within its ambit, the narrower one restricting its ambit to access restrictions alone may not.

In the Indian scenario, computer fraud is dealt with under the Information Technology Act, 2000 [hereinafter ‘IT Act’]. The IT Act lacks any provisions akin to Section a(4) of the Computer Fraud and Abuse Act, 1986. However, Section 43(c) imposes a civil liability on a person who without the permission of the owner/person in charge of a computer network/system who introduces a computer contaminant in the said computer system/network. The explanation to Section 43 defines a ‘computer contaminant’ as a set of computer instructions that inter alia modifies or destroys data in a computer system/network, or disrupts its normal functioning. Section 43(d) of the IT Act imposes a civil liability on a person who without the permission of the owner/person in charge of a computer system/network damages or causes to be damaged the computer system/network, or any data therein. When applied to streaming fraud, such conduct can arguably fall under Section 43, as fundamentally, streaming fraud modifies the stream counts of the songs, i.e., the data on streaming, and disrupts the normal operation of these platforms by interfering with the revenue distribution model. A counter argument can be put forward that since streaming platforms are publicly available, the data in question, i.e., stream counts is as well, and hence the question of ‘unauthorised access’ does not arise. However, unlike the U.S. law, the emphasis here is not on violating any access restrictions that may be contained in the terms of service of the platform or otherwise, but on doing any of the acts enumerated in Section 43 without permission of the owner/person in charge of the computer system/network. Introducing any computer contaminant that modifies the data and disrupts its functioning without this permission attracts this section, regardless of the data being public or private.

CONCLUSION AND RECOMMENDATIONS

The above discussion makes it clear that there are multiple legal avenues through which the issue of digital streaming fraud in the music industry can be tackled, although a specifically tailored legislation for this issue is absent both abroad and in India. However, it must be kept in mind that the above discussion is theoretical, and an exhaustive deliberation by courts on the applicability of any of these laws to the issue of digital streaming fraud presently lacking. Moreover, multiple issues can already be anticipated where litigating claims against digital streaming fraud under any of these laws is concerned. For instance, where claiming consumer misrepresentation is concerned, it would be hard for consumers to demonstrate before the court that they were harmed by the conduct of individuals who upload music on under AI-generated profiles or platforms themselves who engage in such conduct. Streaming platforms may also attempt to escape liability by relying on the safe harbour provisions in Section 79 of the IT Act, which protects intermediaries from liability for third party conduct. While this may shield them from liability for lone actors who have no links with them, this safeguard is not available where there is collusion between them and the platform. Thus, entering into agreements with record labels and artists to engage in fraudulent streaming will deny streaming platforms protection under this section.

Beyond devising legal solutions and remedies, the better approach may yet be to target the problem at its root. Streaming fraud exists and is thriving because of the revenue pool model which ensures that everyone gets a slice of the pie regardless of the number of active listeners they have. An alternate to this is the user centric model. In the previous model, the subscription fees would be divided amongst all artists on the platform proportionately, regardless of whether the listeners listened to some of those artists or not. However, in the user centric model, the subscription fees paid by the listener is divided only amongst the artists they actually listened to. This could potentially wipe out streaming fraud – bots could stream AI generated tracks thousands of times over, but since they pay no subscription fee, such streaming would generate no payouts for the fraudsters, ultimately removing any incentives for them. However, the main issue is that platforms have little incentive to switch to such a model, since it is more expensive to administer, and record labels may oppose the same as it could cut down revenues for the artists with the most streamed songs. Nevertheless, a number of other solutions have been put forward that could address digital streaming fraud. These include identity verification mechanisms for artists, applications for eliminating bot attacks, and using AI-enabled tools to detect manipulated streams, etc. There have also been cross-platform collaborations to address streaming fraud via measures such as data sharing. While the avenues for legal redress remain untested, the best approach for now maybe to enhance these industry-based measures to tackle digital streaming fraud. Overall, it remains to be seen how courts and legislatures all over the world grapple with this emerging problem, either through enhancing existing legislation or devising a new legal framework altogether.

---

(Piyush Senapati is a law undergraduate at the National Law University, Jodhpur. The author may be contacted via mail at piyush.senapati@nlujodhpur.ac.in)

Cite as: Piyush Senapati, Digital Streaming Fraud – Dealing With the ‘Smooth Criminals’ of the Music Industry (Part 2), 15th July 2025 <https://rmlnlulawreview.com/2025/07/15/digital-streaming-fraud-dealing-with-the-smooth-criminals-of-the-music-industry-part-2/> date of access.