Censoring The Net With A Hotmail Account

Alex Bradbury writes "Members of the Bits of Freedom group conducted a test to see how much it would take for a service provider to take down a website hosting public domain material, and have published their results. They signed up with 10 providers and put online a work by Dutch author Multatuli, who died over 100 years ago. They stated that the work was in the public domain, and that it was written in 1871. They then set up a fake society to claim to be the copyright holders of the work. From a Hotmail address, they sent out complaints to all 10 of the providers. 7 out of 10 complied and removed the site, one within just 3 hours. Only one ISP actually pointed out that the copyright on the work expired many years ago. The conclusion of the investigation is definitely worth reading. The three providers who didn't take down the material are XS4ALL, UPC and Freeler. The company that came out the worst was iFast, who forwarded all the personal details of the site owner to the sender of the fake takedown notice without even being asked to do so."

It shouldn't be that easy

[erick99]

I am amazed that an ISP wouldn't have some process in place to at least check the validity of a party making that request and check the validity of the copyright as well. It wouldn't take much to put such a process in place.

Re:It shouldn't be that easy

[Rikus]

When you're too busy trying to avoid getting sued, you don't have time to check up on the minor details, like whether a claim is actually valid.

Re:It shouldn't be that easy

[anthony_dipierro]

Which is why if you don't want your content being taken down, you shouldn't use a free hosting provider. Then, if they take your content down without doing some basic fact checking, they have to worry about a lawsuit from you.

Re:It shouldn't be that easy

[spottedkangaroo]

It is really not up to the ISP to check the validity of anything. That is what court is for.

What they should do is simply leave the site up and refuse to give out any personal details until they receive a court order compelling them to take an action.

Re:It shouldn't be that easy

[StateOfTheUnion]

They do . . .

They wait for a complaint and then yank whatever was complained about off the server.

This is the cheapest way to handle alledged copyright violations. The people paying to have their material hosted are not going to pay extra to have a group of lawyers check their own material for copyright violations. If the ISP can't get the customer to pay for a team of lawyers to handle complaints of copyright violations then what is an ISP to do?

The problem isn't that the ISP knee-jerk responds to alledged copyright violations; the problem is that the legal system holds ISP's responsible for violations. the party held responsible should be the individual that placed copyrighted material on the internet.

Re:It shouldn't be that easy

[tropicflite]

I don't think this is so much a story about censorship as a comment on people willingness to follow instructions without questioning them.

In a related story, did you know that you can get into any room of a hotel just by going to the front desk and telling them that you locked your key inside and giving them room number you want. No one's EVER asked me for ID for doing that.

Most people just accept the information presented to them as being factual.

Re:It shouldn't be that easy

[Nacon74]

Most of the providers mentioned in the survey, aren't free, but paid hosting providers. Also the survey was trying to prove a flaw in the current system. Currently an ISP risk paying a huge fine under the European Guideline for Electronic Trade if they don`t remove copyrighted materials (if they can reasonably know it's copyrighted). Providers don`t risk a fine for pulling the plug on a website, so in most cases they will do just that. Seems like right now the burden of prove doesn`t rests with the copyrightholder, but with the person publishing the materials.

Re:It shouldn't be that easy

[1ucius]

There is no way for an ISP to evaulate the claims. Fortunately, the copyright laws have a built-in safeguard. The site owner can get the website back up by simply sending an email stating that they have the right to post the content.

Re:It shouldn't be that easy

[fucksl4shd0t]

I don't see how that's obstruction of justice. If the ISP requires you to follow due process, and you follow it, then there's no problem at all. You might be pissed they made you go through all that extra work only to have to do what you told them to, but you can't actually do anything about it.

Naturally, I'm not a lawyer, but my understanding is that obstruction of justice is a criminal charge that can only be brought in a criminal case where you have actually tried to prevent the court or the representative of the court (the prosecutor, investigators, etc) from acquiring evidence that materially affects the case.

The reason this doesn't apply in a civil suit is because a civil suit isn't about justice, it's about liability. Copyright is (was) a civil matter. Now copyright infringement is slowly being criminalized. I think it's because the war on drugs failed, so it's just another mechanism to make sure you can always put someone in jail for something.

Re:It shouldn't be that easy

[Fulcrum+of+Evil]

Can they afford to lose a client so easily?

Let's see - $30/mo or a liability in the six figures. That's a tough call.

Re:It shouldn't be that easy

[Pofy]

>But thanks to the DMCA this is exactly what
>they're *not* going to do.

But thanks to reading the article, one realise it was in the Netherlands and that they will *not* care about the DMCA.

Re:It shouldn't be that easy

[bbc]

" The problem with this is that court is so expensive that the mere threat of lawsuit, however unlikely, is usually enough to get yourself taken down and banned."

In the USA.

There's a reason why the European branch of the RIAA is settling their lawsuits against consumers for way less than 2000 dollars; if they asked that much, the accused might as well take it to court, and at least have a chance of winning. (And, IIRC, some are indeed waiting for the court case. Which will presumably never happen, in case European judges would declare file-sharing legal, like a Canadian judge did.)

Censorship, or just cautious commercial entities?

[Osrin]

I can either invest in lawyers to investigate every claim, or drop a few customers with an "ask no questions" policy.

Which is easier for the smaller ISP to administer and live by?

I'm not saying it's right, we're just in an odd climate around digital rights at the moment.

Re:I would say

[rpdillon]

What should be illegal? Testing ISPs, or handing out information on your customers to whoever asks (or doesn't ask) for it?

I don't know how representative this would be of US ISPs, as all the ISPs mentioned in the article are .nl (Netherlands). The US may have laws that affect this.

Cease and um....stop...or something...

[sgant]

Dear Slashdot,

My great great grandfather had a newspaper in Lizard Lick, NC back at the turn of the century. I was called "The Lizard Lick Slash/Dot".

Please remove your site from the internet as it's in violation of copyright.

As you may know, the Slash/Dot moved it's headquarters from Lizard Lick to Bugfart, Iowa back in the 40's, just after the war. It's publisher, Mavis Leetdudzki also was the town buggerer and notary public.

Thanks.

Re:Cease and um....stop...or something...

[cbraga]

Turn of the century?

You mean, four years ago?

How old were your grand-grandfather, grandfather and father when they had children? I'm guessing they were minus eighteen years old.

Re:Censorship, or just cautious commercial entitie

[erick99]

Put a simple process in place. When someone makes a copyright claim send them an email asking for written proof of who they are and evidence that they do have a legitimate copyright ownership. The party making the request should do all of the work, the burden is on them. They would then have to mail all of this, by certified mail, to the ISP. If the party making the request does all of this properly than a takedown decision can be made. A legitimate party with a legitimate claim should have no problem complying with such a request/process.

Now that's interesting

[mcc]

The company that came out the worst was iFast, who forwarded all the personal details of the site owner to the sender of the fake takedown notice without even being asked to do so."

I can't help but wonder, is this consistent with iFast's user privacy policy? I can't tell, I don't speak Dutch...

Re:Now that's interesting

[Anonymous+Chicken]

I can't help but wonder, is this consistent with iFast's user privacy policy? I can't tell, I don't speak Dutch...
I am, unfortunately they have more items explaining when they can stop providing services due to some 'legal' issue than due to not paying. Below is a summary of what I found to be relevant. Mind you, it's a loose translation of their general conditions. Saying they'll cut you off if:

• you distribute information that's in conflict with (inter)national laws
• you distribute information that's in conflict with general accepted values
• you distribute information that's discriminating (in any way), including (?) adultpages/MP3/warez/video

Disallowed:

• no chatrooms, no irc or irc bots
• their servers may not be the source/mediator for spam, flames or mailbombs
• no form of destabilizing their servers is allowed, including any other type of abuse

"IFast is allowed to decide which kind of actions are in violations of these condition."

As is said somewhere else, they don't have a privacy statement, at least not on their frontpage. In my opinion the last remark says it all, it is their decision wether something might be illegal or in violation.
Anyway, they seem to be a small and possibly quite new company, probably not able to handle a big case of copyright problems. Not that it's a valid defense but probably the truth anyway.

Disclaimer: I'm an XS4ALL customer, and happy with them: expensive but quality :)

Such a helpful company

[Celt]

I think everybody missed the real test here,
the test is which company is the most helpfull to people sending notices to sites and its obvious that iFast is the most helpful,

Now all I have to do is tell ALL my friends to go with them, iFast will like all the extra business its the least I can do for such a helpful company...

Cowards

[Space_Soldier]

This is very bad news. This means that ISPs are so afraid of litigation that they are willing to remove material at the first threat of copyright violations without cheking whether or not the material is copyrighted. Basically, they are willing to be bullied by any entity that claims copyright.

Well, you're exactly right

[mcc]

And this is exactly why law which holds service carriers such as ISP responsible for the actions of their owners is both invalid and dangerous. ISPs can't and shouldn't be expected to police their customers, and laws or copyright treaties such as the DMCA which place them into the position of having to do so must be changed...

I'm not surprised . . . becuase we prosecute ISP's

[StateOfTheUnion]

I'm not surprised . . .ISP's have to protect themselves because they are being subject to subpoenas, injunctions, lawsuits for what they host . . . I think this is the root cause of the problem.

For example, if the public library was responsible and liable for all material that was copied on it's self service photocopy machine, then most libraries would probably ban use of the copier or manage and log its use very closely and be willing to share this information with anyone that threatens to sue the library. This would be done to protect the legally liable library. The library would be attempting to shield itself from liability by cooperating with those that were alledgedly infringed and by pointing the finger at the person that actually made the copies. Of course libraries are not liable, the person that uses the copier is liable. This is why photocopy machines are normally self service. This prevents the library from being legally liable.

Unfortunately the same doesn't seem to be true for ISP's. ISP's can be legally liable if they don't provide information about an alleged copyright violator or if they don't remove the allegedly copyrighted material from their servers in a timely fashion. It is unfortunate that even though the ISP may not knowingly endorse infringement or actively participate in the infringement, they could still be held liable (or at least named as an infringing party in an expensive lawsuit).

Unfortunately ISP's have not been afforded legal protection similar to that granted to libraries with respect to photocopiers. It is the system that attempts to hold ISP's liable that is the problem. ISP's are merely reacting to this and trying to protect themselves.

Re:I would say

[LordK2002]

US laws don't apply there, I'm pretty certain.

Why not? They apply everywhere else.

So much for innocent into proven guilty.

[Maestro4k]

This is just sad, ISPs are probably overwhelmed with takedown notices but failing to even check the page in question before disconnecting a customer is a bad move. Why? No matter how restrictive the TOS for an ISP may be, shutting down a customer's site without checking the validity of the complaint, or even the validity of rhe complainer (i.e. is this a real company/person/rights holder) is likely to leave them wide open to a breach of contract lawsuit. While the courts have their problems, I doubt a court would look kindly to this type of action in light of a contract for service. If this happened to a business it could really be bad for the ISP.

Tie this in with the RIAA/MPAA's apparent automatic search and send bots (that are programmed moronically to boot, a 30kb file's supposedly a movie?) and you also get the potential to take down large chunks of the web illegally. Just wait till the lowlifes out there start doing DoS's using bogus takedown letters instead of packets. Things will probably get mighty ugly.

Erroring on the side of safety

[LostCluster]

The current setup of copyright laws establishes that there's a steep penalty for not taking down a copyrighted work, but no penalty at all for wrongly taking down public domain work... No wonder the businesses involved reach for the trigger instead of stopping to think. Delaying when it's valid exposes them to risk, tripping over a false positive does not.

Sadly, had to request a takedown once

[MaineCoon]

I had some source code to a game I was working on, and had licensed the code to a friend (it was for a MUD, and I had years of work invested). After an altercation, he violated the agreement we had and decided to release his copy to the world to spite me. Fortunately the code was several years old from my current work, but UNfortunately what he released contained player files with plain text passwords, and some of the players had played on both of the games with the same password.

Within 20 minutes of his posting it, I politely asked the ISP to take it down (was about midnight), and they had it taken down by morning. Someone obviously got hold of it and hacked a few of our players' accounts, but the source+assets itself never resurfaced.

Re:I would say

[igotmybfg]

Had you actually read the article, you would know that the study primarily concerned European providers, not American ones. And one conclusion of the study was that it was actually a lot harder to take down a site in the US than in Europe.

Good, but hardly original!

[killthebunny]

An almost identical study was published by Christian Ahlert of the Oxford Internet Institute, and featured on /. http://yro.slashdot.org/article.pl?sid=04/06/10/17 50232&mode=thread&tid=153&tid=99 See his website for more details http://www.ahlert.org It's good to see that the authors of this article at least provide a reference to his work, but I think this slashdot thread should have mentioned the study that started it all!

Texan-style!

[dougmc]

It only takes a Hotmail account to bring a website down, and freedom of speech stands no chance in front of the Texan-style private ISP justice.

Living in Texas, I'm not sure what constitutes `Texan-style private ISP justice'. Perhaps Sjoera Nas could explain?

Certainly, ISPs here have been known to overreact to complaints before (and the DMCA gives them specific guidelines that they *must* follow, no matte how unfounded the complaint is) but last I checked, this wasn't specific to Texas. But perhaps these Europeans know something about Texas that I do not ...

Re:Texan-style!

[chgros]

Living in Texas, I'm not sure what constitutes `Texan-style private ISP justice'.
It probably means "hang first, ask questions later", as in cheesy western movies.

Not the same thing...

[mOoZik]

But when I was new to PayPal, I and some friends of mine receive spoof emails. I thought to make it known that such a thing was going around (again, I was a newb.) I removed the offending part from the email (the form submit), added a giant notice indicating it was an example or a phish scam, and put on my site. I forwarded the site to my friends.

The next day, my site was taken offline. PayPal didn't even look at the content: they chose to contact my ISP, which didn't even put up a fight, and to put a hold on my account, without any sort of consent on my part.

About XS4ALL

I'm not surprised at all at XS4ALL's behavior. This is the same ISP that went to court to defend one of their customer's rights to host the Fishman Affidavit (a collection of high-level Scientologist documents).

I'm glad that there are companies out there who are willing to stand up for their users when they are right, going so far as to take the heat in court. XS4ALL won the case, too, and the Fishman Affidavit is still hosted there for all to see.

Re:Censorship, or just cautious commercial entitie

[LetterJ]

Exactly. I run www.mncriminals.com, which publishes the MN criminal conviction data. We get the data directly from the state. We frequently get letters from people demanding that we "expunge" their record because "the state cleared their name". We pretty much just ask that they fax a copy of the state's paperwork removing the conviction from their record. We've only ever heard further from one person. Even then, she hadn't really had it expunged. Rather, she'd had the remainder of her sentence, including parole, etc. commuted. A lot of people make demands and I'm perfectly willing to follow through, but you're going to at least provide a piece of paper proving it needs to happen. The BSA can come into my offices only if there's a warrant in their hand, etc.

Re:I would say

[Nicholas+Evans]

You see, they have this little thing called 'Terms and Conditions' that hostings firms reserve the right to give you the boot at their discretion in...

Re:I would say

[pjt33]

Assuming the Netherlands to comply with European data protection legislation, handing out information on your customers like that is already illegal.

It's logical XS4ALL did not budge :

[88NoSoup4U88]

XS4ALL was the first ISP in the Netherlands ; founded in 1993; and setup by hackers.

2 of the 4 founders of XS4ALL were editors at HackTic ; a paperprinted Slashdot at the time;) http://www.hacktic.nl/

They were succesfull from the first day that they started selling internet access to the consumer ; and kinda set first foot in that area, dragging alot of new ISP's into the market over the years.

Currently they are one of the more expensive ISP's around ; but the whole company radiates the Google-vision : 'do no evil'.

Their customer service was one of the best i -ever- had ; I only found out later that most of their helpdesk are actually screened for -really- knowing about computers ; instead of reading from an autocue all day long.

Re:It's logical XS4ALL did not budge :

[NoOneInParticular]

More xs4all propaganda:

One of the founders of Xs4All and the founder of HackTic is Rop Gonggrijp (now famous on slashdot for lending his car out in the terrible car accident a few week back). Xs4all is also the ISP that refused to take down Karin Spaink's website with Scientology papers on it, and went to court over it (which they won). They have a pretty extensive privacy statement for their users, and I do believe they abide that. All in all, this is one of the few ISP's left where the extra euros you spend actually amount to significant value.

Could this be used AGAINST the DMCA?

Consider this possibility:

A bunch of motivated slashdotters all go to their local libraries (or anywhere else they can gain anonymous internet access) and create hotmail or yahoo email accounts. Then, they send copyright violation notifications to various ISP's across America, so that a huge number of legitamite sites get taken down.

The resultant customer rage would get media attention, and the ISP's would mention the DMCA as they speak in their own defense. This would bring the harmful effects of the DMCA into the public eye.

Of course, I am not advocating any such thing. Just reflecting on the possibilities.

--AC (emphasis on the C in my case)

DIY

[tverbeek]

This is one of the many reasons I host my own sites, and how I got into the business of hosting sites for friends who want a person they can trust doing it. I didn't like the one-sided contract terms and the poor service I was getting from hosting providers, so I set up my own shop. A little Apache, some Postfix, and a dash of BIND in a Linux stew, and I was cooking for myself. So now if someone sends a take-down notice to the company hosting my web site... it'll come to me.

Granted, I'm still dependent on someone else for connectivity itself, but I found a pretty good DSL provider with terms I can live with, so as long as I keep my systems are zombie free and I don't do anything stupid enough to get an actual court order sent to my DSL provider, I'm pretty safe from this kind of crap (at least more than I was before). And I got broadband service to my house in the process.

I realise it's not an option for a lot of people, but if you want something done right...

UPC result isnt surprising

[Indy1]

UPC (aka chello) ignore all complaints, valid or not, including spam complaints.

see for yourself

Chello.nl

Chello.at

Re:Multatuli in Finnish

[bbc]

It's Latin, it means "I have suffered much". His most famous work is Max Havelaar, a fictionalized autobiography that had to serve as an indictment of the mistreatment of natives in the Dutch colony of Indonesia, where Multatuli (pseud. of E.D. Dekker) was a minor official.

Re:I would say

[soliptic]

The handing-the-customer-data-out part is already illegal under UK law (Data Protection Act, 1984).

Until you vote

[iminplaya]

the people responsible for these kind of things out of office, this is the future you can expect.

Re:I would say

[aallan]

Why? What crime have they committed?

The ISP is based in the Netherlands, by handing out data about one of their subscribers without a court order they have violated EU data protection laws. That's a crimial offence...

Al.

It's not worth it for the ISPs.

[Mustang+Matt]

A potential legal battle is never profitable for an ISP. Why even take the risk?

Re:I would say

[Awptimus+Prime]

Not only should it be illegal, but the people from the ISPs should go to prison. Yeah, it might be easier and cheaper for the justice department to do away with all trials and just play jury/judge/executioner but that's not the way it works. The ISP should be required to actually investigate it and have real, solid evidence before they go and do something. On a sidenote, I wonder what we could "copyright" on the RIAA's site...

Being a former employee of a major ISP, I can tell you first hand that you are not going to see this reality. Think of this:

You have 6.8 million subscribers, the staff is bare-bones in order to keep the business afloat. It matters not how fiscally responsibe you are, there is little profit in being a service provider when your competitors pay Indians $2/hour for their labor.

Even further, people complain non-stop on the Internet. Just take a gander at a few /. and other techie forums. There is this "I'M GONNA EMAIL MY ISP AND FIXOR THIS NOW" mentality. The bulk really comes from morons who get mad at someone on IRC or AIM and just want a third party to scare someone. It is a real shame, actually. I would come to work and find 4000 emails from customers, other ISPs customers, police departments, copyright holders, etc and 99.9999% of them were complete bullshit.

So, the only way to effectively survive in this type of enviroment is to assume if something looks legit, take the first steps and let the two third parties deal with it on their own. Plus, if you post some garbage on the web, assume it will get deleted at some point. Keep backups. I repeat KEEP BACKUPS. This way, when the differences are settled, you can just upload you junk again and life will be back to normal.

The direction you should focus you anger towards is the DMCA. I know it sounds cliche, but bombard your congressman and other gov offices with letters and faxes with reasonable explanations as to why you think the DMCA is a bunch of crockery. Sending some $30k a year, over worked, ISP employee who's not got a lot of options for jobs to jail because he was just doing his job is pretty stupid to say the least.

Anyway, go read an ISP's terms of service. They are pretty much immune to anything short of calling you racist names or having sex with your handicapped sister.

Can You Blame Them?

[superultra]

Say you're the ISP in this situation. It makes more sense to take it down than it does to leave it up. What do you gain for just leaving it up after receiving a dispute? Nothing, really. What do you have to lose if you continue host something that is truly under copyright? A lot more. The potential for more work is there by leaving it up than there is for merely taking it down.

Now, I'm not saying this is right. But there has to be a better incentive than "the good of all humanity" to protect fair use.

Re:I would say

[Arker]

So, the only way to effectively survive in this type of enviroment is to assume if something looks legit, take the first steps and let the two third parties deal with it on their own

The problem here is that the bar for 'looks legit' here seems to be incredibly low. An email from a hotmail account making an allegation, with no evidence to back it up, 'looks legit?' I don't think so.

In such a situation I would think the minimum would be a certified letter with specific allegations, and some sort of evidence showing that the complainant does have a valid copyright, and the material in question does come under it. Anything less should be sent to the bitbucket.

Of course, there's another issue underneath this one - the ISP shouldn't be involved here at all, if there's a legitimate complaint the customer should be sued, and the only involvement with the ISP should be a court order to identify a particular customer. That's where the bad law issue is. But even with the bad law, the ISP shouldn't be jumping to cut off service to its customers based on unsubstantiated and undocumented allegations. I know they can't, realistically, go around making a decent investigation of every complaint - which is why they should simply bitbucket anything that doesn't come with some evidence - which the complaints in this case did not do.

Isn't that what they are supposed to do?

[cybrangl]

I'm not sure this is a fair test. Under the DMCA, the ISP must take down the material within (I think) 72 hours to maintain immunity. The site owner can respond in 10 days to deny the charges and the ISP can put it back up with immunity. Now I'm not saying that the DMCA is the correct way to do things, and I really don't condone the idea of handing out personal information without a court order, but this "test" doesn't tell us anything except that ISPs don't want to get into legal trouble. Surprise, surprise.

...And the result???

...is just that they make anonymous email accounts illegal.

In response to such information TERRORISM, next thing we know it becomes a federal offense to open anybody an email account without first demanding a notarized photocopy of their drivers license. DMCA stands.

After all, that's as appropriate as most of the responses to 9-11 have been.