Tag: infringement

Thoughts on why it’s impossible to prove infringement by downloaders

Final Update

I have canceled the copyright-infringement-notice.com domain name and archived the text elsewhere on this blog. All of this content was written in 2012 and hasn’t been updated in years. I am keeping the post you’re currently reading for historical and entertainment purposes. If you follow any outdated advice or information given below, you do so entirely at your own risk. I am not a lawyer and only a fool would take anything I write as legal advice.


UPDATE: I’m working out the details of a next-gen P2P file sharing program that should fix up most of the problems with P2P file sharing today, including the IP address targeting issue that spawned this article in the first place. I also found an Ars Technica article on why IP addresses aren’t enough to find file swappers.

COMMENTS ARE WELCOME AND ENCOURAGED.

I have always wondered how it is possible to prove in a copyright infringement case that peer-to-peer file sharers and Internet file locker downloaders are individually responsible for what they’re accused of, short of a confession by the person being targeted. I thought that it’s about time to place my logic here. Feel free to post comments poking holes in this logic. (Comments are moderated, by the way…people seem to wonder why they don’t appear immediately, so please don’t double post.)

An IP address is not a computer, and a computer is not a person. You ultimately must sue a person; not a computer, and not an IP address. That’s obvious.

Putting a person behind a keyboard through evidence is nearly impossible. Let’s use an analogy where instead of proving that infringement has occurred, we’ll discuss proving that I posted this article. How can you prove that I am at my computer right now, posting to this blog? You almost certainly can’t. You know it’s being posted, sure, but the challenges that can be mounted against proving the identity of the poster are quite intimidating:

  • How do you know which of my devices I’m supposedly using? You might say “by the IP address it’s posted from” but if it was posted from the static IP of my business, it could mean that someone in my business gained access to my account, or that someone broke in and used my already-logged-in account on an unlocked computer, or any number of other possibilities.
  • Even if you can point to a device, how do you know that I was in control of the device at the time that the post was uploaded from it?
  • Assume you can prove that I was using a device exclusively at the time of posting and that the post came from that exact device. How do you know that malicious software didn’t do it? How do you prove that I took the actions at the keyboard that posted the content, and not something else that might have been on my computer?
  • Assume you proved all of the above, plus in a forensic examination of the hard drive of my system, you could find no evidence that malicious software of any type was present. It’s just as possible that an infection was present in RAM that does not write itself to the hard drive (thus only working until system shutdown). The instant I shut off the computer and provide it to your computer forensic investigator to comply with your discovery subpoena, it would be wiped out, leaving no trace. This isn’t necessarily likely since most malicious software authors want it to persist across reboots, but it is very possible and such an infection would be nearly impossible to make antivirus signatures for or analyze due to the fact that all traces of it are lost at reboot or power down. (There are possible ways to catch it, but they’re very difficult and likely also beyond the skill sets of most casual computer programmers, including myself.)

Keep in mind, all of this isn’t proving that I posted this blog post. This (except the point about infection that’s only in RAM, to some extent) is the process of proving that I was merely capable of doing so. It’s the digital equivalent of proving that someone had a gun in their hand while proving that a murder was perpetrated by that person: the tool is present, but they still have to aim and pull the trigger. How can you prove (once you somehow manage to meet the burden of proving everything above) that a person pulled the trigger and downloaded a copyrighted file? I can only think of one way: show that the computer in question actually downloaded the file over the Internet. The only way that this can be possible is through ISPs logging all packets in and out of your computer or through the copyright holder uploading the file to you. In the latter case, you’d have a solid argument that they gave you permission by offering the file up in the first place, which is almost certainly why no copyright trolls can show traffic logs of this nature. ISPs cannot possibly archive every packet that travels across the Internet (imagine trying to archive everything that flies over a 10 gigabit network connection; unless you have a storage device that can store a gigabyte per second and has millions of gigabytes free, it isn’t happening.)

I just don’t see how anyone proves definitively that someone was responsible for something over the Internet without the targeted person spilling too much information. What do you think?

[Added 2012-12-11] In the case of the majority of file sharing software, files are distributed in pieces that are significantly smaller than the total size of the file. Even if you can prove that someone joined a network and started swapping partial pieces of a file back and forth with absolute certainty (which we have established is extremely unlikely if going by an IP address alone), arguments can be made regarding this distribution method that weaken the case of someone attempting to prosecute:

  • Pieces of a file are almost universally useless on their own: The pieces of a file that are shared are generally of very limited use on their own; in the vast majority of cases, without the first piece of a file containing header information that lays out the format specifications of the file, pieces are often completely useless and might as well be random noise. One could argue that having an unusable collection of pieces of the file cannot be considered infringement, because (depending on the file format) missing the header data, the end-of-file data, and/or intermediate data required to connect pieces is sufficient to make it impossible for the computer to reproduce a copyrighted work or a portion thereof from the incomplete file. Video streams in particular encode “key frames” every few seconds, and between those key frames, the only data is what has changed between each successive frame; thus, damage or missing data for a single frame in a video file will render hundreds of video frames thereafter useless.
  • Did you verify the file data solely from the uploader you’re prosecuting? The architecture of most peer-to-peer file sharing networks is such that downloading a file’s pieces is massively multi-sourced across many users with low upstream bandwidth. It is nearly impossible that any given downloader will acquire the entire file from a single uploader, and particularly in the case of large files such as feature-length DVD movie rips, even if an uploader sends the file at 90 KB/sec (not unusual for a decent DSL package) a typical 702MB (CD-length) DVD rip would require 133 minutes of the uploader sending the data solely to the downloader at full upload speed. Needless to say, a combination of client throttling, possible ISP throttling, multiple uploads at once, and other factors pushes the typical home DSL connection’s contribution to a peer swarm closer to 5-10 KB/sec (based on my own experiments with monitoring individual peer bandwidth while downloading torrents of Linux install DVDs, most peers appear to contribute 10 KB/sec or less at a time.) The chances of obtaining a file from a solitary uploader are very slim, and it could be argued that if the copyright prosecutor didn’t download the entirety of the file data from the targeted uploader exclusively, then they are prosecuting that uploader based on file data from other people. This would be no different than someone giving the rights holder two pieces to a puzzle that shows a pattern of random dots until completely assembled, the holder getting the rest of the pieces from 50 other people, then prosecuting all of the people for offering out the entire infringing puzzle based on the revealed image of the fully assembled puzzle based on their obvious possession of only a fractional piece that is not even viewable without the other pieces. Failure to verify that the person has transmitted a complete, usable copy of the infringing file is not convincing when the individual pieces without all other dependency pieces are effectively random noise.
  • Most peers in a P2P file sharing network don’t even have the entire file in their possession to offer for upload in the first place. If the person in question doesn’t have the entire file, they aren’t in possession of the copyrighted work. For reasons outlined above, a partial file is effectively useless; without verifying that the infringing party is “seeding” (has 100% of file pieces and offers 100% of those pieces as downloadable from them) the prosecuting party cannot truthfully state in a court of law that the target possesses the copyrighted work without committing perjury.

I’m interested in any comments on this subject, or any points that I might have left out.

Did your ISP forward you a DMCA copyright infringement notice?

Final Update

I have canceled the copyright-infringement-notice.com domain name and archived the text elsewhere on this blog. All of this content was written in 2012 and hasn’t been updated in years. I am keeping the post you’re currently reading for historical and entertainment purposes. If you follow any outdated advice or information given below, you do so entirely at your own risk. I am not a lawyer and only a fool would take anything I write as legal advice.


HUGE FAT WARNING: I AM NOT A LAWYER. If you need legal advice, GET A REAL LAWYER.

I have a dedicated site for my guide on what to do if you receive a DMCA complaint or copyright infringement notice/settlement “offer” threat from your ISP. [Note: domain canceled, link goes to archived version.]

Update 5, 2012-12-06: I’m working out the details of a next-gen P2P file sharing program that should fix up most of the problems with P2P file sharing today, including the IP address issue.

Update 4, 2012-10-18: Added a rambling post containing my thoughts on why it’s impossible to prove that individuals infringed over the Internet without their own confession to doing so.

Update 3, 2011-11-02: Added a new post with an analysis and the actual text of one of these notices.

Update 2, 2011-11-02: My little site at http://copyright-infringement-notice.com/ has been massively updated, including a guide for people who are panicking and feel a need to do immediate damage control.

Update: This is one of the most popular pages on my entire blog now…so, I’m now running a small website that provides information about copyright infringement notices. Check it out at http://copyright-infringement-notice.com/ and give me additional ideas, suggestions, or information to make it better!

I generally keep myself aware of what’s going on with the whole peer-to-peer file sharing scene, particularly because the case law it generates changes the nature of copyright law in this country, and as someone who writes software, I need to know about such changes.  Additionally, because I download a good number of legitimate files from BitTorrent trackers (i.e. Linux distribution CD images), I want to know what I’m stepping in.  I’ve noticed a very disturbing trend over time which concerned me enough to finally write a whole blog post:

“Copyright cops” who threaten users of BitTorrent trackers frivolously pursue anyone whose IP appears on their radar and their evidence would not stand up to even the most trivial review.

That’s right, companies such as BayTSP, Copyright Enforcement Group, U.S. Copyright Group, and other paid agents of large media companies are bringing claims against torrent users without even collecting evidence of infringement.  For example, the University of Washington was able to trigger a DMCA copyright infringement cease-and-desist notice being sent to their technical department.  The copyright cops caught the user at this UW IP address RED-HANDED, INFRINGING ON THEIR COPYRIGHT!

The IP address being accused of BitTorrent-based copyright infringement belonged to a network printer.

No, I’m not kidding.  The recording/movie/television industry copyright “enforcement” corporations accused their network printer of stealing movies.  That’s how easy it is to be wrongly accused.  But what else?  There’s another experiment from 2007 which was performed with a specially written BitTorrent client which explicitly did not download nor upload any material, only jumped on a tracker and added itself to peer lists.  This client, which was designed to be incapable of actually infringing copyrights, generated copyright infringement notices from BayTSP despite the fact that such infringement was simply not possible with that application!

I find this to be absolutely ridiculous, particularly because of the nature of these notices.  Many of them are also legal threats.  Regardless of innocence or guilt, any filing of a lawsuit against you costs money to handle, and if it’s so easy for these automated copyright scanning processes to both target the wrong person entirely AND target people who didn’t provably upload or download file data at all, that doesn’t bode well for any of the parties involved.  It’s fairly obvious that the “copyright cop” companies are basing their claims of infringement solely on the population of BitTorrent trackers’ peer lists.  They don’t actually download the entire file from you and keep logs that show they did so as evidence that you indeed infringed on their copyright; they merely see your address in a particular list and send off the notice.

Study 1:  http://dmca.cs.washington.edu/

Study 2:  http://bmaurer.blogspot.com/2007/02/big-media-dmca-notices-guilty-until.html

TechDirt article on this topic:  http://www.techdirt.com/articles/20100401/0846028831.shtml

What’s even more outrageous to me is that these companies advertise their services as being unethical right off the bat.  They resort to legal threats and mass lawsuits against “infringing parties” but they advertise it to content owners and rights holders this way:  “Monetize copyright infringement!  We can bring you income from a surprising source: people who download your content illegally!”  It’s not even about doing the right thing, it’s about the bottom line, meaning they have no reason to care about innocent people being caught in the dragnet.

Despite the risk of a lawsuit, if you happen to receive a DMCA copyright infringement notice which is forwarded by your ISP, either by email or regular mail, here’s my advice:

  1. DO NOT EVER CLICK ON ANYTHING IN AN EMAIL, VISIT ANY WEBSITE IN A LETTER OR POSTCARD, OR OTHERWISE REPLY OR MAKE CONTACT IN ANY WAY WHATSOEVER! You run a plethora of risks if you respond in any way, even indirectly such as by visiting the “copyright cops” website out of curiosity.  They can fingerprint your computer, you may be implicitly admitting guilt even if you’re innocent, you could hand them personal information such as your full name by accident…the list goes on.  DON’T DO IT.
  2. Read the studies above, as well as any other relevant material you find online such as articles on p2pnet.net [note: this site has been gone for a while now], just in case anything happens.  If you end up in a bad situation, you need to be able to educate your lawyer on how their infringement detection tactics are grossly flawed.  Be prepared, JUST IN CASE.
  3. If you really did infringe on someone’s copyright, do the right thing. That means disposing of the things you’ve downloaded and putting yourself in a position where you’re less likely to end up with more infringement notices.  That doesn’t mean admitting guilt. Don’t ever admit guilt in any way, just delete the downloads, stop downloading stuff you shouldn’t be, and shut up about the whole thing.  Admitting ANYTHING is just plain begging for a lawsuit.
  4. If you’re truly paranoid, back up your data, zero out your hard drive using something like the Tritech Service System (running “dd if=/dev/zero of=/dev/sda” will do it on almost any computer out there), and reinstall clean so there’s no evidence left behind.  If you get in a legal fight and your computer gets subpoenaed for discovery, you can’t do this, but there’s nothing stopping you from doing as you please with your hard drive before receiving a subpoena.
  5. Most ISPs won’t kick you off their service for this.  Don’t respond to the ISP unless you receive direct threats from them.  If your ISP threatens to disconnect your service, use the information in the experiments above to explain to them that these people are making claims for which they have no real proof, and that you are not infringing on anyone’s copyrights.  Remember that the ISP has no reason to boot you unless you’re a very egregious media thief, and if that’s the case you probably can’t read this by now anyway.

As a creator of copyrighted works, I can’t condone the piracy of copyrighted material, but I also feel that the major media industry corporations have gone way too far with their “sue them all” tactics.  If someone pirated my creation and I found out, I wouldn’t threaten them or demand a settlement payment so quickly; I’d ask them to do the right thing and just pay up for it if they liked it (or toss it if they didn’t and tell me why so I could make it better.)

Don’t steal stuff, but don’t let big companies steal from you for something you didn’t do either.

It would be nice to hear from a real copyright lawyer on this issue.  Feel free to comment, especially if you’re a lawyer.  I don’t post email addresses, your comment will be as anonymous as you name it to be.

The Angie’s List Saga wraps up. *Update: …and yet they still suck!

UPDATE BELOW.

You might be wondering where all my “Angie’s List Sucks” commentary has gone.  Here’s the explanation that I emailed to a reader, which turned out to also be a perfect blog post waiting to happen:

I talked to the COO (Chief Operations Officer, the manager of all other lower managers) of Angie’s List and everything has been resolved to my satisfaction.  Apparently the review also had zero effect on how Angie’s List rates my company because the person indicated no work was ever performed, so it wasn’t as big of a deal as I may have made it out to be.  In life one must pick their battles; I got to the top of Angie’s List, said my piece, and while we obviously don’t agree on everything, I accomplished enough to satisfy me.  The problem wasn’t the review so much as the fact that after the review was “reconfirmed” Angie’s List’s employees essentially ignored me thereafter.  Had someone simply explained to me that the review doesn’t even count and that I am the only computer company in my geographical area of the list in the first place, perhaps I wouldn’t have been so royally pissed off about it, but when I perceive that someone is ignoring me entirely, it only serves to inflame my annoyance to higher and higher levels.

The problem is a customer service problem.  He said that he’s re-examining how the staff at the company handle things because of this problem.  I still believe that Angie’s List’s business model is flawed and possesses conflicts of interest, but at the same time I realize that Angie’s List is likely incapable of changing their business model at this point due to massive venture capital infusions and the resultant control imposed by the interests of the VC firm(s) involved.

Angie’s List is not my business, and I have raised some issues at Angie’s List that may help them to fix some of the problems in how their staff members handle customers.  My opinion of their business model has not changed, but now that I have issued my input directly to the top operations officer at the corporation, they could change in the future and at least become a more customer-conscientious operation.

I removed all of the previous “Angie’s List Sucks” content from this blog as a show of good faith, and because my problems have been addressed adequately.  I regret that I had to be such a jerk to them and force an escalation to the top officers, but sometimes a consumer advocate such as myself has to be willing to do such things in order to exact necessary change.  When a business grows, there is an increasing disconnect between the lowest level staff and the highest officials.  I have seen previews of this disconnect in my own business; this is also the reason that huge companies such as Verizon often don’t seem to have higher-ups who care about the individual.  It’s not that they don’t care, it’s that the digestion (and suppression) of information between layers of management means information is lost on the way up the totem pole.

I have other battles to contend with in life that are far more problematic for my business, and Angie’s List has become insignificant in its effect on my business.  Because of this fact, I’m not going to bother with any further chatter on Angie’s List without additional provocation.  I will, however, caution anyone that deals with any business on issues such as trademark and copyright infringement (which Angie’s List falsely claimed I was engaging in) to take the time to understand the truth about “fair use” doctrines in said laws.  Even if Angie’s List sued me for copyright infringement over posting a brief 3-4 line review about my business on a personal blog, they would never have stood a fat chance in hell of winning such a case because of the four tests that determine if a use of copyrighted material falls under the fair use exemption.  The noncommercial nature of my blog, the lack of any kind of profit from my personal blog, the lack of originality of the work in question (a mere collection or summarization of facts is not copyrightable in general), and the purpose (criticism of said material) of my use all play a part in reinforcing exemption under fair use.  As for trademark infringement, that can only happen if I use someone’s trademark in a way that confuses consumers about my affiliation with that business, and if anyone read my blog and thought I was somehow commercially affiliated with Angie’s List, they probably need to go back to elementary school and learn to read better.

Indeed, Angie’s List still wants me to sign off on that form that admits a violation of their copyrights, and Angie’s List will never receive any such paperwork, particularly since my business did not post the information in question and they sent the notice directly to me at my business, as the business owner.  They misinterpreted the nature of my blog and asserted rights which my posts did not violate, so why on earth would I ever sign and return a form admitting that my business committed a violation of someone else’s rights when no such thing happened?

The consequence for not returning that form is essentially “suspension from Angie’s List for a year and revocation of current outstanding awards.”  Angie’s List has so far had a net negative impact on my business since one of my kind-hearted pre-existing customers put me on it in the first place, and all I want is to be permanently removed from the list anyway.  It seems to me that I get a sweeter deal if I DON’T return the letter.  Thus, it will remain scanned in my computer for eternity but otherwise totally unused.

Wherever Angie’s List goes from here, it will do so without bothering me or my business, especially since we STILL will not accept Angie’s List referrals due to my past experience with the type of customers they seem to attract.  Stay tuned for my next post and you’ll read about something that is far more idiotic and disgusting than this whole Angie’s List deal has been–and one that directly hurts my potential earnings in my business.

UPDATE, SEPTEMBER 18, 2009:

This post was originally created in April 2009, and since then, I myself have reconfirmed that Angie’s List does, yet again, indeed, suck.  My prior posts about Angie’s List’s business model, which I deleted without a way to “undelete,” are still partially valid in that the way Angie’s List works is more of a “money funnel” for the owners than a review site that works.  I’ll make a separate update post to cover the entire update, but if you’ve read the above message and think I no longer have an issue with Angie’s List, think again.  More bad customers have surfaced, and I have come up with a more general criticism of the service than I had before.  It seems that the users of Angie’s List are a worse problem than Angie’s List the company itself!  Search the blog for posts tagged “angieslist” and you’ll find the new version of “Angie’s List Sucks.”

UPDATE 2, DECEMBER 1, 2010:

I was reading some things about the Lamebook trademark dilution case with Facebook which reminded me of the Angie’s List situation, and I thought it would be a good idea to tack on some additional thoughts for anyone who happens upon this page. I didn’t post this before, but feel that for completeness it should be discussed. Angie’s List sent me a five-page letter to try to coerce me into doing what they wanted, and when I informed them that I would publish that five-page letter as well if they continued to threaten me with bogus trademark and copyright infringement lawsuits, they claimed that publishing a copy of the legal threat for the world to see would also constitute copyright infringement! Once again, there is simply no way that not-for-profit republishing of a letter received in the mail for the purposes of criticism and fact-reporting will be seriously considered by any court as copyright infringement. If that were the case, freedom of the press in this country would slow to a crawl. Companies whose memos were leaked could assert copyright protection over the memos and sue anyone who published them, for example.

Granted, I’ve not interacted with Angie’s List since the ridiculous fiasco 1.5 years ago, and I can’t complain any further. My desire is to be as complete as possible in detailing what happened to me so that others may learn from it. Angie’s List have certainly earned a reputation as trademark and copyright bullies with me, and I continue to this day to advise others to steer clear of them.  Come to think of it, does anyone even take them seriously anymore?  I’ve not heard nor read a single thing about them (not even a television commercial) for quite some time. Perhaps their era has gone “over the hill” and is on the decline.

That’s what happens to flawed business models that don’t adapt.

UPDATE 3:

I just wanted to add that if you buy an Angie’s List membership, you’ve been suckered and should get your money back ASAP. What a load of garbage that site is! Every customer that I knew was using Angie’s List has long since cancelled their membership and agrees that Angie’s List sucks hard.