IP addresses only get you so close, though. They can sometimes see the computer that did the stealing, but not the actual human perpetrator, which leaves room for reasonable doubt. So, in the case of American universities, which the RIAA believes to be dens of file-sharing iniquity, the RIAA then muscles its way in and tells the universities to conduct their own investigations, find the perps and hand them over. The RIAA then does a second bit of extortion: threatening the alleged thieves with trials (and thus exorbitant legal fees) if they don't settle out of court.
Fearing costs they can't afford, most accused pirates don't fight. Until November, not a single university had either. Then the RIAA issued a subpoena to the University of Oregon. They wanted UO to dig up the identities of 17 students who had been sharing files. The university refused. Then the Oregon attorney general jumped in on the side of the school, seeking to have the subpoena nullified.
The specifics aren't important. What's important is that people have slowly begun fighting back, and now a university has as well. It's so significant that Computerworld has started referring to Eugene as Ground Zero. The American Bar Association is tracking the story closely. This has the makings of a landmark case and the ending, in my opinion, is already written.
The RIAA doesn't want to go to trial on any of these cases -- that'd be more expensive than the return -- which is why they've been extorting people. Now that a school has stepped in and thrown up a roadblock even further from the end goal, this strategy of recouping lost cheddar is on its last leg.