Slashdot Mirror
MPAA Goes After Its Customers
EyesWideOpen writes "The Motion Picture Association of America (MPAA) is issuing 'takedown' notices to ISP's to alert them that customers are using their internet service to transmit or post copyrighted movies. The ISP's in turn send a letter to the customers threatening to disable their internet connection unless the offending material is removed. The MPAA is using software that 'cruises file-swapping networks like Gnutella to find copyrighted materials, hunts down the IP address of the poster, then discovers which Internet service provider is being used.'"
My first reaction is "so? Sounds fair". I mean, it's going at the source of pirating and illegal sharing, not a problem.
The article raised the issue of false positives. It had this chilling bit on it:
"Of all the letters we have sent out, we only had 2 other people who corresponded back who said we were mistaken," Jacobsen said. "And we didn't think we were."
Oh, wait-- the folks doing the automated search get to decide whether its infringement. This is kinda backwards.
I mean, someone thinks you stole a coke from 7-11, the cops come and listen and maybe a judge makes a verdict-- not the 7-11 clerk.
But here, the person making the allegation gets to decide if it's true or not-- and when has any person ever been really psyched to say "Oh, wait, sorry, I was totally wrong, wasted your time, and opened myself up to legal risk by making a false accusation."
So, neat idea, but the implementation needs some better due process.
A.
You're only a customer if you pay for a product, or have a legal license to use the product free of charge. I.e. Windows XP NFR copies...you're a customer even though you didn't pay for it.
People who are involved in trading music/movies on the Internet are, for the most point in time, either fully aware that it is copyright infringement (I hesitate to say stealing because I don't really believe it is, but it is copyright infringement) or are vaguely aware that there's something "grey" about it.
It's within the (RI/MP)AA's right to go after the individuals who are responsible for copyright violations, which they are doing--rather than try to increase prices on movies, institute DRM, etc. If a large-scale sharing user knows that if he gets caught, he'll have his bandwidth taken away, that'll be a decent deterrant. Similar to the Windows XP preview editions and Microsoft IRC spiders-anyone running Windows XP and an fserv at the same time was given a nice little message, courtesy NET SEND, warning them not to share software illegally. (I personally know two people this happened to.)
Besides, the gnutella network isn't all it's talked up to be, anyway. I run a very fast DSL connection (1536/512 up/down) but STILL can't maintain more than 3 Gnutella network connections or pull more than 2kb/sec. I get transfers on IRC over 50kb/sec and direct from web sites in the 150kb/sec range...Gnutella as long since stopped being useful to me.
Besides, everyone knows the REALLY good movies are found in IRC FServs in the distro group channels, or on FTP servers--not on Gnutella. All you'll find on Gnutella are fakes and porn.
Before submitting a song to AudioGalaxy, a user has to 'appropriately identify' themselves. Once a user is identified, they can submit songs to the AudioGalaxy universe to be authenticated for distribution.
When an identified user submits a song for use, the song is fingerprinted, and identified as 'good'. A properly identified song is the responsibility of it's submitter. AudioGalaxy is simply a tranmission medium. If a copyright holder feels that their song is improperly submitted, then they can go to the person responsible for the song for the 'publishing' of it. If a user is identified as consistently submitting unauthorized copyright material, then their entire set of authentications can be revoked.
user authentication
Users can be authenticated by any of a set of means -- eg:
- A credit card authorization (should appear on credit card summaries as something obvious like "ID verification audogalaxy-id.com" with the domain (and www.domain) pointing to a page that precisely describs what the ID was for and about and what the associated person would be responsible for [[in case the ID was the result of a credit card theft]]).
- Thawte (www.thawte.com) allows all sorts of ways to authenticate the identify a person -- including their 'web of trust' system which is free, and various paid methods.
- Persons who don't have access to (or don't want to use) other methods, could mail in a notarized copy of personal ID,
- Pick your favorite other method of verification.
Once a user is verified, they would be issued an SSL certificate that would allow them to submit songs (automatedly) for authentication.SSL certificates allow for repudiation, so if someone's ID was used inappropriately, they would be able to issue repudiation.. It should be possible to issue repudiation starting from a specific date (when the certificate was compromised), generally (e.g. if the identity was issued improperly), or even for specific songs (if a publishing authorization turns out to have been mistaken, or the publisher has second thoughts.).
Sharing would then be checked for authentication of a song, rather than a record company claim (after the fact) of copyright infringement. If a record company claims copyright on a song, they would identify it by fingerprint (or a fingerprint summary) then DMCA procedures for notifying the 'owner' of the impugned song would follow.
The point here is that the users are then explicitly responsible for the songs that they post -- combining this with the fact that the RIAA is now proving themselves capable of going after the individual violators, this means that they should have a much harder time going after distribution services like AudioGalaxy for actions that individual customers are really responsible for. (and able to be held responsible for)
On the other hand, the RIAA's high-handed tactics may backfire on them, and provide a real boost to the indie music industry.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
It becomes an invasion of privacy if they decide to break into your computer. What is going on here is quite different. Its more akin to people leaving piles of copied movies on the road with a big "take one" sign.
If you make stuff available for download you stuck it up for people to see and put it out in the open.
There are guilty until proven innocent problems with the current take down approaches but the privacy one is a red herring here.
I can't remember how many times I've said or thought "without the fucking customer, my life would be so much easier". I'm so glad to see somebody finally decided to just say "screw them" to all their customers and live the easy life.
I wonder if the MPAA is hiring...
Unbreakable toys can be used to break other toys.
Unless things have changed dramatically, the MPAA is still using software from Ranger Online to perform their searches exclusively. This software isn't all that technically impressive. Anybody with an understanding of protocols and search techniques can make the searches they do in public forums like gnutella and IRC. So then I imagine that they do a simple traceroute to locate the ISP or hosting provider and then a whois for the contact. THis all publicly available and frankly probably requires lots of human intervention. We're not talking banks of computers here, we're talking about a room full of MPAA flunkies doing jack Valenti's bidding.
Infringement is a crime. It is not theft, as it does not deny use of the item in question to the legitimate holder of copyright.
The Mongrel Dogs Who Teach
The DMCA requires ISP's to takedown materials that are alleged to be infringing until the alleged infringer disputes the allegation. There's a whole messy procedure for the back and forth, and it favors the intital claim of infringment.
Watch out if you are on 192.168.x.x networks! They'll be coming for you next!
I disagree... The MPAA was being lazy going after the software developers before. Now they're moving towards going after the actual offenders. They're getting closer and closer to the actual infringers. Granted, they're doing it slowly, but they're getting there.
Disgusted by this whole modus operandi, I sent the following e-mail to several addresses within Ranger Online:
---
Gentlemen,
I have the static IP address xxx.xxx.xxx.xxx (via my {ISP Name Here} business Internet service) and am officially notifying you that I will not tolerate your firm snooping around on my computer, using bandwidth that I paid for, in order to conduct your clandestine spying. I suggest that you take whatever steps are necessary to assure that Ranger Online and its affiliates never access that IP address. Any attempts by your firm to access data on my computer will be treated as a "trespass to chattels."
I do not like your self-appointed 'net police' attitude. You are not a law enforcement agency and your searches are being carried out without probable cause or a warrant. The accuracy of the information you produce is suspect and your methods have not been undergone public scrutiny and peer review. You are using huge amounts of bandwidth from consumers, businesses, and institutions that often have limited resources and bandwidth already.
Frankly, you are like spammers. You believe that you have a right to use bandwidth paid for by others for your own financial gain.
Regards,
{Name and address}
If I do not get a response from them, I will reformat the message into a printed letter and have it delivered with a signature required and a return receipt.