Slashdot Mirror
This is How We Catch You Downloading
marto writes "All over Europe thousands of people are being threatened with court action for allegedly sharing games like Dream Pinball 3D on P2P networks. Now, documents obtained by TorrentFreak show details of the anti-piracy company's techniques for identifying alleged file-sharers on the internet and the gathering of claimed 'forensic quality' evidence for use in court cases."
Or these guys would be SOL.
Oh, wait...
When are these guys going to adopt a really cool logo, like a cross with bent arms or a bundle of sticks wrapped around an axe?
Once these tactics are accepted and legalized, eventually governments should begin experimenting with the use of webcams and computer microphones to monitor people for other illegal behaviors.
I have mod points. The reign of terror begins now.
Wow. That sounds like a challenge. Seems like somebody ignored the saying "It's hard to make a program foolproof because fools are so ingenious."
www.freenetproject.org
very Utopian of you. I'm sure you'd be just fine if someone used your open connection to download child porn.
I thought they were sharing stuff like Final Fantasy XII, Quake 4, and other top tier titles.
Why minimize the initial act? Thousands of people are not being threatened over "dream pinball 3d".
I don't need no instructions to know how to rock!!!!
I don't see why the private contractual arrangments between you and your ISP would affect whether you are an ISP according to the DMCA. A few problems with your persoanl contractual arrangments wouldn't usually affect something like that. (Someone who's read the DMCA prove me wrong).
As for forbidding "resharing", how on earth can they ask for that? Can I share with my wife? Kids? Friends? Boarders? Relatives? Guests? That's a ridiculous clause if such things exist.
In other words, they have to prove not only what IP did it, but what person.
:)
This is always the crux of the argument I haven't seen fleshed out. If a bank robbery is committed and my license plate is seen on the get away car, I can be quite sure I'm going to be bothered by the police until I tell them who I had let use my car at that particular time (assuming of course *I* wasn't driving a the time!).
I suppose if I could prove I routinely left my car on the street, unlocked, with the keys in it then there might be reason for not charging me, but then I'd have to report the car as stolen (since them putting the car back would be quite unlikely me thinks.
So I don't mean this as a rant, but given the ISP customer signed an agreement, aren't they responsible for all use of that service? If they can prove it wasn't them, but they are on the hook to cough up who *was* using it aren't they?
It's the same thing as the recent RIAA case against the granny who claimed she didn't know what the kids in the house were doing. Given that she's the adult, she's responsible for anything the kids did under her watch isn't she?
If I leave a loaded gun outside for anyone to use, aren't I responsible for anything done with that gun?
I fully appreciate leaving open access for all to use, I just worry about the consequences that's all
People in cars cause accidents....accidents in cars cause people
It's not illegal to offer a settlement if you do have cause.
... in my years as a software contractor I saw it all the time. I would imagine that judges are just as subject to it as anyone else. I had to tell my customers repeatedly that they can't trust the software until they've done end-to-end on it and know that the results are valid. Mistakes get made, people (even me!) screw up on occasion. As far as I'm concerned, log files spit out by a router or DSLAM shouldn't be admissible in court, certainly not as the primary evidence against someone. I wouldn't want my future dependent upon a few magnetic domains on a hard disk somewhere. Let the RIAA collect some actual evidence (say, a picture of me at my computer doing something illegal) and take me to court. ISP logs are a joke at best, or would be a joke if their use weren't unfairly injuring lot of people.
True, but on the other hand if you're going to be suing people on the scale that the RIAA has been suing people, your evidence had better be pretty solid or you're treading on thin ice. Judges are starting to wake up to what the RIAA is doing, and I hope that trend continues.
All of these defenses rely on evidence you bring yourself, there's no official log anywhere to back you up.
Also true, but there's no "official" evidence to back up their claims either, which is the crux of the matter. And no, the information ISPs record hardly qualifies as an official log. Those are typically for provisioning, diagnostic and statistical use, and are not intended to serve as evidence against their own customers. Nor does a screenshot from Kazaa showing a list of IP addresses count as strong evidence.
The chain of evidence is pretty weak, given that they're depending upon data that was not recorded with the intent of being used in court, isn't particularly reliable anyway, and is subject to human mishandling outside any forensic chain established by the courts, and isn't guaranteed to point to the actual "criminal" in any event! The problem here is the (unfortunate) human tendency to accept information generated by a machine that you don't understand as being valid, when there's a substantial chance that it isn't.
That effect is very real
It's not as if there's some official Federal standard in place for ISP data monitoring that would be guaranteed to hold up in court so long as the ISP could be shown to be upholding the standard. I can guarantee that ISPs wouldn't want such a standard because it would cost them a fortune.
The higher the technology, the sharper that two-edged sword.
Oh I wish we did live in such a world, really, I'm not kidding, it would be great.
However you could find yourself arrested, your equipment seized, and stories in the newspaper before anyone had time to believe that is wasn't you who did it, if they ever did.
Sharing is a good thing, but unconditional sharing a net connection without checks of any kind is asking for your generosity to be abused.
1. It doesn't download the whole file from your system. Which means that they can't really show that you have the file
I haven't seen the OA, because part of it is slashdotted. But, presuming they have the SHA1 (and perhaps TTH) hashes from the victim, and a bit-identical sample (compared to the whole file they downloaded from somewhere else), that may be close enough. (I don't know if they restrict themselves to victims who have files with matching hashes, or even make any check for file bogosity, though. Given that they're on record as threatening to sue people who simply had an offending character string in the filename, they may not.)
2. It doesn't really prove it was you, it just logs it to an IP address
This would seem to be the weakest of their points.
3. It currently doesn't do bit torrent, just other P2P systems
Gnutella/G2 and eD2K specifically. Maybe. But what makes you think this is their only tool? We do know they've sued Kazaa and bit torrent users as well. And Shareaza (the OSS source their program is apparently based on) does do bit torrent, so it doesn't seem like a big step, except maybe for the fact that bit torrent doesn't provide an automatic search mechanism.
Their system is not airtight. But for a lawsuit they don't need to meet the standard of proof that a criminal trial needs.
Everyone but the lawyers involved, apparently.
The higher the technology, the sharper that two-edged sword.
However you could find yourself arrested, your equipment seized, and stories in the newspaper before anyone had time to believe that is wasn't you who did it, if they ever did.
Those things could happen no matter what I do. It happens to the people dealing with children occasionally, unfortunately, but fortunately the police are usually adamant about being very sure before they go around arresting people for such crimes until they are reasonable sure. For a mathematician such as I, I find it unlikely. If my IP did show up in a log, the local police might visit me for a chat, I'd show him what I could show (which would be a likely timestamp, maybe) and he would be on his way.
Sharing is a good thing, but unconditional sharing a net connection without checks of any kind is asking for your generosity to be abused.Really? I think you fear your fate too much. In fact, my very open network has only ever been used by one person, and that person is me. What I do is legal, makes the world a bit nicer, harms noone, and the chance of mishaps are small. I'd be a coward for not doing it.
Let me put the risk in perspective for you. The police claims that they monitor several child porn sites. And that lots of lots of people tune in and stays there for more than 1 minute. Yet, charges are rare. Doesn't that tell you something?
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
p2p means sharing, not just downloading. If anything, you will get yourself in MORE hot water - "I bought this item and shared it with the world!!!"
The only way to get there is to start behaving like he is. And since you don't seem even close to ready to do that, it's going to take a while. You can't have a great society if nobody trusts anybody.
Many languages don't have separate words for the two sides of the transaction. If you would take the time to learn a second language you'll find that your tolerance for imperfect use goes way up. And you'll certainly stop thinking of people as "tools" for improperly using a word. Your use of the word tool, for instance, would have been considered laughably improper not very long ago. But now it gets the message across, and that's the real purpose of language.
The very fact that you have to agree not to do so implies that it is technically possible to act as an ISP, so I'd think that would help support a defense that you were acting as an ISP. The violation of your contract with the ISP is a separate issue.
Why this isn't a DMCA violation?
Well, for starters, because it's all taking place in Europe.
"Outside the Premises" is the operative phrase. Premises referrs to the whole property. If you live in an apartment, the whole complex is the premises. If you are a home owner, your property lines define the premises.
A common principle in law is that you are not liable for mis-appropriations of your property for criminal purposes so long as you used ordinary care. Given that the vast majority of all people never change the default allow everything configs on their AP (and don't even know how to change it), that IS ordinary care.
Ask questions in court about how sure the average person is that their AP is secure and that their kids haven't installed on they don't even know about and watch the jury start thinking (because they won't be so sure THEIR ISP connection can't be "borrowed"). In short, they will find it an entirely believable scenerio.
For many (perhaps most) people, leaving an AP open makes plenty of sense. In exchange for a minimal risk, they get no hassles at all for themselves and their guests. Permitting the RIAA to draft the whole population as defenders of their copyrights is not reasonable.
:( I know it is bad in many places, but surely, it is only in the movies it works like that in the US?
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
You can't spoof TCP past the first packet because the acknowledgement gets sent to the false IP. So no problem there unless the P2P network is using UDP.
(Which suggests an idea for anonymous file transfer: use a low-bandwidth anonymous protocol (like Freenet) to say "Y, I wanna download X". Y then sends you UDP packets with a forged source IP. Nobody can tell who Y is without breaking the low-bandwidth anonymous protocol or sniffing Y's actual physical connection. Throw in challenge-response through the anonymous protocol and you're set.)
You're evil, you know that? I like the idea though.
... at that point they will become useless. The only hope the RIAA-types will have is if they can convince/coerce ISPs into monitoring P2P activity at the source. That would probably an easy task if you're dealing with the likes of AT&T, SBC or Comcast. They haven't exhibited the slightest backbone regarding customer privacy, and at some point they'll start piping user activity info right to the lawyers. That would be a dream come true for those people: automated "justice" at its finest.
Frankly, I'm surprised this hasn't been done already. Huh. For all we know, maybe somebody has.
From a purely technological perspective, services like MediaSentry are workable only until file transfer software reaches a certain level of sophistication
At one point I kinda thought the RIAA's lawsuits were targeted solely at suppressing P2P usage, and I suppose initially that was true. Now I'm not so sure, since it does look like they're making a significant amount of money from their campaign, I mean, now there's a profit motive directly attached. They aren't just the paid legal arm of the studios any longer, now they're actually making money from their lawsuit machine. Does anyone know where those funds go? Is the "take" from all these settlements only enough to fund the law firms involved, are they losing money, or are they stashing some away for a rainy day? What are they doing with it?
If they are profiting by this, what it means to me is that the RIAA wouldn't be happy even if they managed to stop all file-sharing tomorrow: they'd lose a significant source of revenue.
The higher the technology, the sharper that two-edged sword.
It's fool-proof for identifying which IP address an infringing file was sent to, but that's like saying, "I saw your car at the crime scene". You have to actually show that the person you're suing is the person who was using the computer at that time, in criminal court, at least. And that's where these cases should be if the RIAA wants criminal penalties such as jail time for violating their copyrights. (Which, if memory serves, is what they've lobbied for.)
If sending a letter to someone threatening a lawsuit counts as bringing a legal action, then the original idea would fit the definition of barratry (if defined as "bringing repeated legal actions only to harass"). Not being a lawyer I don't know about the legal definition of course.
But there is the germ of a interesting idea idea here that might have been really good for making a lot of money and not getting in much trouble. Unfortunately recent court activity puts the usefulness of this idea into question.
The place to look at for the relevant precedent would be the recent sex scandal in Washington D.C. In that case, Deborah Jeane Palfrey, a D.C. call-girl madam, decided to put her entire client phone number list up for auction. And the list started to pull in big money bids, from parties desperate either to suppress or to publish it. Anyone who has ever sold anything on Ebay might easily imagine the possibilities here. And eventually the winning bid came from one who would rather publish. Anyone who knows anything about politics might easily see the possibilities in that. This thing could have turned national politics on its head in an explosion of money with which she planned to cover her legal costs for her racketeering defense.
So this is what you do: just run a sw33t torrent server for a few months and let your logs swell with originating IPs and search requests. Then abruptly one day redirect to an auction site where your Apache logs for the past year are for sale. Use the money from the auction to cover your legal costs for extortion and the DMCA violation.
Unfortunately it seems a judge issued an injunction blocking the sale or transfer of her phone numbers, so if your auction gets shut down you're screwed. And if you try to do something cute like show people their all their searches and downloads, you'd better be careful with cookies and cryptography or the RIAA will just pound your server with forged headers and reconstruct the list itself for free by spidering your threat message.
Just wait until someone makes "Paranoid P2P"
The way things are now, with all this legal stuff flying through the air, you can just shorten the name back to P2P (Paranoid To Paranoid.)
The higher the technology, the sharper that two-edged sword.
I seem to recall an article where they sent a guy a take down notice for his own work. They are obnoxious incompetants.
As I've said many times already, and as you can see otherwise, I do not live in the US, for which I am thankful. I lived there for 10 months, and frankly, that place stunk :) (Alright, so it was Minesota, and small towns stink everywhere. But I've never had the desire to visit US again).
Best case is probably detectives coming in with warrants, taking what they want, and likely you as well. Worst case is the guns..I doubt they would draw on me. It causes them a lot of paperwork, you see. They might take the computers, if they had a warrant, but that costs them a) paperwork and b) money, so I don't think they'd do it for an IP address.
Remember to idiots an IP address is like a street address. They only understand that 64.233.167.99 is YOU and therefore YOU must have done it. If it happened over your router YOU MUST have known about it, and assisted. You fucking pervert!Around here, there are special units handling these cases. Odds are, they even know what a MAC address is.
I like your idea, and I love your style, but if you were in the US, and someone was hosting a bunch of child porn on a comp connected to your router (they go after people who host it far more frequently than people who just download, although both happens..) a 'friendly chat' is very unlikely.Hosting it would be a bit hard. It's just an ordinary wireless, they'd have to park the car around the corner or so. In a small suburb, that would cause a few comments :) Besides, it's behind a NAT firewall (2 actually), so that makes it a bit harder still.
Oh, and what he said about the media is true. If your job in any way interacts with kids. Or if you have any. You'll be fired, harassed, and have your kids taken away even if they haven't convicted you of anything. Good luck getting a job as anything but a janitor with the accusations out there.. Innocent until proven guilty is for the criminal court system, not the court of public opinion.I think you fear your fate too much. At least here, I'd be cleared eventually, and the mark removed. At worst, I'd have to move town. Quite likely, my name would be protected from publishing until the case had concluded (that is standard procedure in these cased). Of course, some wacko might still pin my picture to every available wall, but what's to prevent that from happening in any case?
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
How many did you get before you installed it, or are you saying it had zero impact on your BSA notice quota and is thus an irrelevant data point?
Pain lasts, kid. Its how you know you're alive. Sometimes I think this growing up thing is just pain management-TheMaxx