I spent a few minutes thinking about possible policies to separate authorized from unauthorized file sharing practices in the hypothesis that social DRM (i.e., data embedded in a file that identify who purchased it) becomes the standard copy-protection mechanism.
Perhaps something like the following, simple as it is, could work (what do you think?):
The owner of a media file (as identified by the data embedded in the file) is considered personally responsible of illegal distribution of that file if and only if it is proved that a person received a copy of the file without being personally identified by the owner of the file.
Proving the absence of personal identification by the owner should be trivial, in particular, when a file is published on public web spaces or on P2P networks: which are the main things that media companies say they want to prevent with current DRM schemes.