If you received a subpoena notice, you may be wondering: “How did they even connect this to me?”

Most people imagine a Hollywood-style hack or a secret database with personal details. In reality, many copyright cases involving peer-to-peer file-sharing follow a repeatable method. It often begins with an IP address, then uses the court process to turn that IP address into a name.

This article explains the five-step pathway commonly described in Strike 3 matters—plus what each step means for defense strategy. (General info only; not legal advice.)

The key concept: an IP address points to a connection, not a person

An IP address typically identifies an internet connection at a point in time. It does not automatically identify:

• who was using the connection,
• which device was responsible, or
• whether the activity was authorized or misattributed.

That’s why defense in these cases often focuses on separating the subscriber from the alleged infringer and examining how reliable the identification method is.

Step 1: Software detects an IP address participating in file-sharing

In peer-to-peer systems, users (or devices) can exchange pieces of a file with one another. Monitoring tools may observe IP addresses that appear to be distributing or requesting pieces of a copyrighted work.

What this means for you:
At this stage, the plaintiff typically has an IP address and timestamps—nothing more.

Common defense angles that can start here:

• Timing issues (time zone errors, inaccurate timestamps)
• Misidentification risk (shared connections, dynamic IP addresses)
• Technical limits (what was observed vs. what can be proven)

Step 2: A “John Doe” lawsuit is filed in federal court

Once the plaintiff believes they have a set of IP addresses tied to alleged activity, they may file suit against unknown defendants—often labeled as “John Doe” because the identity is not yet confirmed.

What this means for you:
A case can exist without your name on it. The initial goal is often to obtain permission to serve subpoenas on ISPs.

Why this step matters:
Because from here forward, the process runs on deadlines and court rules—not informal back-and-forth.

Step 3: The ISP is served with a subpoena

The subpoena is typically designed to obtain subscriber information linked to the IP address.

What this means for you:
This is the moment your ISP becomes the middleman. The ISP generally isn’t taking sides; it’s responding to legal process.

Defense strategy often focuses on this step because it’s where privacy and identification issues collide:

• Can the subpoena be challenged?
• Can disclosure be limited?
• Are there grounds for a protective order?

Step 4: Subscriber information is obtained from the ISP

If the subpoena is not blocked or limited, the ISP may produce information such as:

• subscriber name
• address
• possibly other account details (varies)

What this means for you:
This is where many people feel the highest stress—because once the plaintiff has a name, the matter can move from “unknown” to “named.”

But remember:
Subscriber information still doesn’t prove which person engaged in the alleged activity.

Step 5: The plaintiff names the defendant and the case proceeds

With subscriber info in hand, the plaintiff may amend filings and attempt to name and serve a defendant.

What this means for you:
Once you are served, you may have a legal deadline to respond. Missing that deadline can create serious risk.

What makes these cases defensible: the gap between “subscriber” and “actor”

A strong defense often starts by asking:
Even if the IP address is accurate, who actually did what—and can the plaintiff prove it?

Real-life situations that create reasonable doubt or alternative explanations include:

• roommates or guests using the connection
• unsecured or weakly secured Wi-Fi
• prior tenants still having device access
• multiple devices on the network
• misconfigured routers
• IP reassignment or logging errors

Defense strategy is about translating these realities into legally meaningful arguments—without guessing, exaggerating, or destroying evidence.

“But I’ve never used BitTorrent”—what then?

Many people say this, and sometimes it’s true. But even if you’ve never personally used file-sharing software, possibilities include:

• someone else used your network
• a device on your network was compromised
• the observed activity does not match what the plaintiff claims it does
• the plaintiff’s evidence doesn’t reliably identify the person they sued

The point isn’t to speculate. It’s to investigate methodically and respond in a way that protects you.

Why early legal action can matter

Because the process may move quickly from:
IP address → ISP subpoena → name disclosure → named lawsuit

Early action is often about preserving options—especially around privacy and disclosure—and preventing the case from advancing uncontested.

Two early tools often discussed are:

• motions seeking to quash the subpoena
• motions seeking protective orders

Whether those options apply depends on the facts, the venue, and timing.

FAQ section (search-friendly)

How accurate is IP address identification in file-sharing cases?
It can be a data point, but it’s not a person’s identity. Accuracy depends on logging, timestamps, network conditions, and what was actually observed.

Does a subpoena mean the court believes I’m guilty?
No. A subpoena is a legal mechanism to request information. It is not a finding of liability.

What should I do if my ISP says they will disclose my information soon?
Treat deadlines seriously and speak with counsel quickly to evaluate options.

Call to action

If you received a Strike 3 subpoena notice or court documents, speak with a lawyer experienced in these matters as soon as possible. The earlier the review, the more strategic options may be available.