Understanding Anti-Piracy Enforcement
Written by Ben Jones on May 14, 2008There is a great deal of confusion on the net, as to just how people get warning letters and notices from ISPs and copyright holders. In an attempt to clear the murk, we’ve produced this guide to help clarify what actions are taken, by whom, and how to respond to it.
Above all else, right at the start, I will reiterate one thing - I AM NOT A LAWYER. None of what is said is legal advice, nor should it be used as any basis for defense. If you feel the need for legal advice, then get competent legal advice. This is a point most strongly emphasized by the Jammie Thomas trial, where she had legal advice, but it was NOT competent in the subject. Finally, for the most part, this will be referring to US laws, as that’s where the majority of lawsuits occur.
The first thing to remember is, there is nothing on the net that you know of, that anti-piracy organizations don’t. No protocol, or secret piece of software, that you know of but which shouldn’t be talked about ‘in case they get to hear of it’. They employ people who do nothing all day but surf and chat. They act just like you or me - there’s no reason for them to behave in any other way. So, one of the first things to remember is, there’s no such thing as security by obscurity in P2P. If you can find it, what’s stopping someone in the pay of an anti-piracy organization from finding it too? That’s just common sense. Of course, as in the old saying - poachers make the best gamekeepers - quite often the people doing the investigations are not newcomers to p2p, but have been doing it for years themselves. In that respect, over most users, they have the advantage in experience.
The one thing most people seem to fail to understand, is that there are no magic solutions. At the end of the day, you have to get data back to your IP. In order to do that, at some point, your IP has to be known. While this can be obfuscated to the point at which it’s extremely impractical to trace, it is at the expense of bandwidth. This is why torrenting over Tor is a no-no. You could use a VPN service, but they also know your home IP, and also generally billing details for the account. In that way, they’ve not only associated it with a name, as they would with a home IP, but also your financial information, which would be a great way to prove you personally were behind it.
There are some common misunderstandings about anti-piracy activities that seem to be pervasive. So let’s address them.
- There have been very few actual legal cases, as yet, that have involved torrents.
- The majority of copyright cases are CIVIL, not criminal
- What most people think of as being the law, often isn’t.
- The RIAA and the MPAA never get involved in anti piracy evidence collection directly.
- Most of the time, people are going from what someone they have met on a forum had read in an IRC channel.
1) - There have been very few actual legal cases, as yet, that have involved torrents.
Cases involving torrents are rare, as yet. This will probably change over the next few years. Despite the protocol having been around since 2002, it wasn’t until around 2004 that it started to gain widespread acceptance. Since then there have been a few cases, such as the DVDr-core, and the Elitetorrents enforcement activities, but they are in the main, the exception rather than the rule.
The Torrentspy judgment, handed down this past week, is also now heading for appeal, which could significantly change things, or could have it all stay the same. It’s too early to tell at present. Likewise, the ISOhunt case hasn’t even gone that far. Despite there being in excess of 100+ torrent sites active now, and a similar number at least having been opened and closed for various reasons over the past 5 years, that only one has got to an initial judgment says something.
Torrents are a difficult subject to litigate - the ISOhunt case is evidence of that. Unlike most other methods, which rely on a few centralized servers to index and sort, torrents rely on trackers, and on DHT. File names can be used to find torrent files, but owning a torrent file is not actionable. They are metadata (data about data) files and are not covered under the same copyright as the original source, any more than a film review belongs to the movie studio. The error checking aspect has a legitimate use as well, as it could be argued (how successfully I don’t know) that the torrent file is being used to error check existing data legitimately acquired.
Most recently, cases centering around BitTorrent sites have focused more on vicarious infringement, as in the Pirate Bay and oink cases. Basically, this means that the defendant had the right and ability to control the infringer’s acts, by being able to add or delete torrents, and that the defendant gets a direct financial benefit from these acts of infringement. Hence the claims of ‘paying for membership’ given to the police for the OiNK raids, and the focus on advertising in the Pirate bay trial. However, this can be a tricky subject for other companies too - including ISPs and technology companies like Sony, where they have to be certain to not fall foul of the ability+control aspect. This is why bandwidth-choked ISPs are firmly opposed to be involved in any sort of P2P-policing.
2) - The majority of copyright cases are CIVIL, not criminal
Now, civil cases are unlike criminal ones in that there is no ‘innocent until proven guilty’. There are just two groups of litigants. Whoever has the most proof (or preponderance of evidence) is the winner. So, where in a criminal trial, they must prove beyond all reasonable doubt that you did commit the acts, in a civil case, they only have to prove you did it better than you can prove you didn’t. Of course, I refer you to the caveat at the beginning, and note that many countries have differing requirements of proof for a civil case.
Another major factor that sets ‘criminal acts’ from those that are ‘civilly actionable’ is that whilst the former is always against the law, and doing that act means you’ve broken the law. If you punch someone, that’s always assault (with a few exceptions). Running a BitTorrent client, or participating in a BitTorrent swarm is not against any law. The contents of it might however be civilly actionable. If the copyright owners decide to sue, they can, but if they don’t, as the law goes, there’s no complaint to be answered.
3) - What most people think of as being the law, often isn’t.
This is especially common. When we broke the story on Mivii last year, a large number cried “entrapment”. There was a similar response the other day, to our story about the IFPI and limewire. Many people also believe that if a media enforcer is on a torrent, they can’t share data, else they’re complicit in the copyright infringement and are giving you some sort of permission to distribute yourselves. This could not be further from the truth.
First of all, entrapment relates only to criminal cases, in the main, and for that matter, only occurs in a specific set of circumstances. If a law enforcement officer (as in someone with the actual power to arrest you) asks or incites you to commit a crime that you wouldn’t otherwise have done, that’s entrapment. However, if you’re not a law enforcement agency, then it can’t be entrapment, pure and simple.
The implicit permission argument is similarly flawed. Whilst the enforcement agent (’snooper’) might have permission to distribute, by distributing in part of a bit-torrent swarm, it’s hard to argue that he’s similarly giving you permission to distribute. Try telling the judge “he did, so I thought I could” and you’ll not get a very positive reaction - mainly because he can point to his ‘distribution agreement’ from the owner of the copyright, and you can’t. If you want an example, look at alcohol. In most countries, alcohol can only be sold by persons licensed to sell it. If you try and sell it, without a license, you can face penalties under the law. Saying ‘I’m selling it because he’s selling it’ won’t work there, and it’s the same case for copyright and distribution.
4) - The RIAA and the MPAA never get involved in anti-piracy evidence collection directly.
Finally, lets just clear something up we all know at the back of our minds, but forget in the heat of an impassioned board post, or IRC comment. The RIAA and MPAA do not directly get involved with the details of ‘evidence gathering’ in these cases. The MPA and IFPI are lobby mouthpieces, not enforcement agencies. Their existence is not to investigate, or to sue. They exist to bribelobby politicians, to issue press releases, and ’studies’, to hide conflicts between the major studios, and to discourage independent works. Member companies put money into these organizations, in exchange for getting their ideas across to those that make the law, to conduct studies to back up the wants and desires of the members, and to be a face to be interviewed by the media.
The enforcement activities are carried out by companies that exist for this purpose. In effect, they are digital private investigators (although most don’t seem to have bothered applying for the licenses) and like the old fashioned gumshoe, they work for whoever pays them. Some activities of the investigator might be illegal, but that’s nothing new from private investigators. Companies like Safenet, and BayTSP aren’t in it for an ideological reason, it’s just a business. As such they work like any other business, with long hours, and trying new things to get clients and please them.
Think you’ve tried hard to get onto that private tracker? Imagine the guy that got onto it, AND got paid to do so, sitting in a nice air conditioned office. I’m certain there are people who’s only task is to gain memberships to private trackers. To collect evidence, build up contacts, and invites. How do I know this? Well, it’s what I would do, if I were running such a company, and it’s fairly obvious, especially given the evidence of the EliteTorrents bust back in 2005. Sites know this as well, which is why most private trackers heavily discourage trading invites, and why the rule is that you only invite those you “know”.
The lack of knowledge most people have about these subjects, especially in relation to the law, is mind boggling. Also, whilst the power to change laws seems to be solidly with the cartels, the position now is better than it was just three or four years ago. If you want to help improve it, join your local Pirate Party, the EFF, or similar organizations and help them out. It might not be easy, but nothing worthwhile ever was.
5) - Most of the time, people are going from what someone they have met on a forum had read in an IRC channel.
Unlike most, I actually used to work in copyright enforcement - those of you that have read my bio will know that. Of course, this was around 10 years ago, when Napster was just becoming popular, and I dealt with physical copyright infringement (people selling CDs). However, I do have a grasp of the law, and personal experience in making and pursuing a copyright case. So, as you can see, this isn’t someone repeating urban myths, or something read in an IRC channel. It’s based on fact, and experience, which isn’t that common in this area.
What to do about it?
To be frank, there is no way to stop the logging bots that harvest peer info from torrents. They don’t give themselves away, because they don’t have to act any differently than normal clients. With a WebUI, or even a VNC set up, it can easily be controlled from the office, and provides much greater anonymity. After all, the bandwidth and reliability of a co-located server isn’t required.
It is also probably wise to avoid anything considered high profile, initially, and if you’re in the US, avoid any films that hit the net before the cinema. It is also safer, in the long run, to avoid private sites which deal in what could be called ‘mainstream’ material, better known as ‘scene releases’. This is stuff that is most likely to be tracked, and private sites, whilst fast, have the great disadvantage of being part of a very small subgroup. Put another way, you could be one of up to 20 million that use the PirateBay, or you are one of 40,000 that use SceneTorrents. And unlike the PirateBay, a private site has your activities stored (in some form anyway, to generate the ratio) as well as an identifier - the email address you used. Remember, it was the similarity between an email address login, and a kazaa login that was the ‘pivotal’ evidence in the Thomas case, and removed doubt about the identity. If the site displays user names on the torrent though, you might as well never contest any case that you are hit with. Being able to track user names as well as IPs in a torrent means they’re likely to get repeat hits on you, even when you switch IPs. You might be able to convince a court that once was a mistake in their evidence gathering, but if they have you on multiple occasions, with different IPs each time, that argument is out the window.
Some suggest using blocklists, but since there is no way to identify an IP logging you, and no way to tell what IP it’s logging from, they really don’t keep you “safe”. Additionally, the most popular list provider, Bluetack, has added such a large number of IPs to their anti-piracy list (something like 700,000,000) that you are only eliminating legitimate peers slowing you down, and increasing the chance of being logged. Besides that, the people who do the logging are very aware of these blocklists, use proxies, and change IPs all the time. Additionally, the criteria for adding may not quite be at the “a guy that works there’s sister’s neighbor gets her hair done at the same place as the nephew of a guy whose company works for the company that delivers the water for the MPAA’s water coolers” - but it’s getting close (see here and here) as well as blaming hosting companies for the actions of their customers (example). The sad thing is, people run this, see all the blocks that come up, marked as being antip2p, and think “look at all those being blocked, now I’m safe” when the reality is, a group of people has claimed this, and how much do you trust the list makers. however, the final word on this comes from Phrosty, one of the coders of Peerguardian, who told one of our researchers “PG might help it might not. we think it does, but make no guarantees. make your own choice”.
Probably the most important thing you can do is know your rights, and know the truth. Use some common sense, and if in doubt, imagine yourself as an antip2p guy, and think of what you might do in their place. Unless it’s illegal, they’re probably doing it already (and maybe some of the illegal stuff too). The lack of knowledge, however, is to their advantage and not yours.
DISCLAIMER - We at TorrentFreak would like to remind you that we neither support or condone copyright infringement or theft, and that all infomation is for news reporting purposes only
Previously: First European Anti-Piracy Disconnection: The Finnish Government
Next: iSlsk Brings File-Sharing to iPhone
66 Responses
Pages: [1] 2 3 » Show All
id say that peerguardian works well but people have to be smart when choosing which torrents to download
he never mentioned anything about how these anti-p2p organizations and maybe even government organizations are probably worried about the bigger fish in the sea to fry and not just the average user. members of the scene are highly targeted individuals and i’m sure they have a much deeper plan to stop piracy than just going after a bunch of random file-sharers. they know themselves that’s not what will stop piracy permanently. taking file-sharers to court is just another scare tactic while they inch their way deeper into controlling their market once again. this article seemed more like a scare tactic produced by the anti-p2p orgs themselves lol
condes - The question is, how can you be certain they [the blocked ips] are actually what they are said to be?
Lets not forget that the odds against a letter are high anyway - you’ve generally got a better chance of being struck by lightning. If I sold a lightning protection kit, and no-one got struck for ten days, would that mean the protection works, even if there was no ground strikes within 30 miles of any users? Thats what the Peerguardian claim basically boils down to.
Regardless, a more in depth study of this will be coming in the near future, when I finish all the research.
[...] & keep PGs blocklists bang-up-to-date…
One important thing, never respond to any legal threat letters. You’re just confirming they found who they were looking for. Just put them into a drawer and forget about it. If they’re serious, you’ll be served with official court-issued papers WITH A COURT DATE. But, they won’t go that far if they don’t even know if they have the right address or name. If they do, that’s when you need to find a good lawyer, BUT NOT A MINUTE SOONER.
When they send these letters out, it is often a fishing expedition to see who’s dumb enough to respond. Once you’ve responded and confirmed you’ve received the letter, they’ve got you.
NEVER directly speak or communicate with someone who’s suing you. They will be recording you, and those recordings will be used against you. Calm down, and keep your mouth shut. People who call these ’settlement hotlines’ are fucking retarded.
If you go to a lawyer, don’t forget they might not be experienced in this sort of thing and they might just be looking to take your money. Often lawyers will want to respond to any old letter since it’s money in the bank for them no matter what the outcome is.
Excellent article. It’s nice to see something clearly written that doesn’t pander to the least common denominator of popular mythology.
Pretty interesting
Bluetack lists are just piece of shait, i use my own lists.
God told me that *your* lista are the “shait” ones & to stick with Bluetack’s
So peer guardian doesn’t work and you’re increasing your chances of getting spotted by using it?
Wow, you can’t escape the law, it’s scary.
I thought private trackers are generally safer than public ones!? I haven’t heard of anyone being sued for using torrents in what or waffles or even demonoid for that matter. Apart from the recent pressure on ISPs, the people the RIAA and co seem to be concentrating on are the inexperienced or universities with students using old school software like limewire etc.
Theres one point that really pisses me off though:
3. What most people think of as being the law, often isn’t.
I’ve lost count of the amount of people who don’t file-share but think torrents are illegal. This is where i think we are really unsuccessful at promoting the potential of filesharing and torrents. eg there is no other technology that offers so much and comes close to eradicating distribution costs in the way p2p tech does.
Anyway, This article is really good. I think peerguardian is better than nothing but there is no guarantees. Doing research is probably the most important thing you can do as a “pirate” or music fan as most people call themselves… long live file-sharing!
“The first thing to remember is, there is nothing on the net that you know of, that anti-piracy organizations don’t. No protocol, or secret piece of software, that you know of but which shouldn’t be talked about ‘in case they get to hear of it’.”
I hope they finally understand this. It annoys me how stupidly naive people can be.
Great article! :) lol at the bribe/lobby part.
@10 Feruken. Where did the PG increasing chances of geting spotted come from? I didn’t get that impression from anything anybody else wrote. Maybe I just skimmed past that part.
Peer Guardian is just a tool. By no means perfect (overblocks a lot). And in no way provides immunity of any sort.
However, there have been occasions I’ve used it and noticed it blocking connections from companies I’m quite happy to have blocked. In those instances I’d have to say it worked quite nicely.
I may never have gotten a letter in those instances even if I hadn’t been using it. But it made me feel better and I can only conclude that there was some actual value in using it.
tl;dr
“Bluetack, has added such a large number of IPs to their anti-piracy list (something like 700,000,000) that you are only eliminating legitimate peers slowing you down, and increasing the chance of being logged.”
Right there.
Not me - apart from the blocklist you are using saying it’s that company, how do you know it is? The first example I linked you to has the godaddy email server listed as Mediadefender. Mediadefender and godaddy have nothing in common, but people would see that block, and believe a connection from mediadefender was blocked. This is the problem with these blocklists.
As far as the less safe part, you must have skimmed it. It is the bit that goes “Additionally, the most popular list provider, Bluetack, has added such a large number of IPs to their anti-piracy list (something like 700,000,000) that you are only eliminating legitimate peers slowing you down, and increasing the chance of being logged.”
That disclaimer is simply depressing…..
But unfortunately, I’m sure it’s necessary.
I think the best thing to do nowadays is to only use services you can trust. For me, that means using Azureus only as a BT client, and using only certain trackers. TPB is the only public tracker that can be trusted anymore. As far as I can tell, the TPB crew has our, the users’, privacy as their top priority (next to ad revenue, of course). Only private trackers that are actually private are really trustable… as far as I’m concerned, if you’ve heard of one, you shouldn’t use it. Private trackers used for very exclusive kinds of content by exclusive users would be good, but… not good for the general public, as we can’t find them or use them.
I definitely support the EFF. If pirates were selling bootleg movies online, then hell, I’d probably support the action against them. But no profit is being made here, only entertainment is being traded. And they have the audacity to freaking watch us, and watch exactly what we’re doing with our computers. This is an invasion of my privacy, and I won’t stand for it. The EFF is out there fighting for us on this front, and so many others. Buy a hat or something from them and help them out.
Sorry I forgot to comment, but this was a great read, and very informative.
The making available theory has been shot down for p2p and there’s no reason bittorrent should be any different. Sure it doesn’t mean we have permission to distribute, but they still have to prove it, civil claim or not.
Having an agent download something is NOT admissible evidence. For a start they are unreliable and biased witnesses. Mediasentry was banned in one state. They operate outside the law.
“None of what is said is legal advice, nor should it be used as any basis for defense”
-Why not, if it’s a valid argument? Of course discretion is needed. You wouldn’t be giving a speech on why you believe copyright infringement is fine if you were claiming you hadn’t done it.
“We at TorrentFreak would like to remind you that we neither support or condone copyright infringement or theft”
-What th???????
The Bluetack list is ridiculous and prevents access to a large part of the Internet for no valid reasons.
Is TV recording infringing copyright? No, but the programs are copyrighted. Is radio recording infringing copyright? No, but music is copyrighted. Is downloading for personal use infringing copyright, since works are copyrighted? No. Infringement means an offense against or misuse of copyright, or a crime, which sharing has not yet proven to be, fortunately and in the name of everything sane and decent.
The claim is that the aforementioned recording is illegal, but the industries never pursued it with individuals. Now however in the age of mass digital distribution they have decided to act.
This is BS and denying the law does not make it so. What’s legal for one must be legal for the other, as it’s merely another format. If not then it should be, and at worst it’s only a grey area which the law hasn’t yet fully come to terms with.
I use bluetack’s emule nipfilter clientside in Azureus and my download speeds are fine, That compilation of lists in no way impacts speed on torrents with a decent ammount of peers (public) or high speed peers (private), and while Ben Jones may argue that it does nothing but potentialy affect downloads, I personaly do not see that to be the case, so see no point in not using it. As to the actual effectiveness, there has already been at least 1 study into the effectiveness of blocklists using the gnutella network, and reported here on torrentfreak. The result of that showed that they were indeed effective. Just because that used the gnutella network as its primary source does not mean it is any less relevant for bittorrent. It may not be total protection, no one is claiming it to be so, but it is better that using nothing at all. As for how can you tell they are who it says they are, I dont care. It may be Safenet, it may be the dude 3 doors down, either way they can both piss off.
In the end, if you’re that worried, just don’t do it.
“Don’t do the crime if you can’t do the time”
I think the main focus of this article is to make people aware that you’re never truely safe. Sure, taking precautions and other steps can help prevent you being caught but in the end, they can find you if they want and if you’re worried, then don’t do it. Simple as that.
Oh, Christ almighty. The blind leading the blind. Another irresponsible piece of tripe from a (self-proclaimed) reformed copyright cop. (And if you’re truly reformed and remorseful, have you looked up the people whose lives you negatively affected [read=f*cked over] and tried to make amends?)
While much of the generalities in the piece are good, there are two glaring errors I see right off.
1. If you don’t like PG or blocklists, then don’t use them. But kindly have a big cup of STFU when it comes to voicing that ill-informed opinion to noobs who will read that and be dissuaded from using such measures. I don’t give a damn if Bluetack TRIPLED the number of blocks they currently have. I still max out my connection anyway and if a legitimate filesharer can’t connect because they’re using a school or work computer, too bad. Get your own ISP account like everyone else.
PG not only helps while filesharing but also when you’re not. New users will be very surprised at the number and type of bad sites that are blocked for malware/trojan infestation, or various corporate and govermental agencies trying to probe your machine while just doing some regular surfing. If someone is too retarded to learn how to configure it properly then I suppose they wouldn’t like PG. But for those who take responsibility for their own online security and are willing to put in the time to learn how to properly use the tools available, the rewards are great.
2. “The RIAA and the MPAA never get involved in anti-piracy evidence collection directly.”
Bullshit. Time and again they have directly participated in such matters. For instance, it was the MPAA themselves who directly hired and paid a hacker $15K to break into TorrentSpy’s system. Sounds pretty directly involved to me.
For me this is simple folks if anybody bother me with copyright crap stuff they go down period!
The copyright loby mess-up our laws?
Fine with me. As far as I am concern there is no law then and the music parasites will face the dear consequences of the situation they created.
Pages: [1] 2 3 » Show All
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.