The Inexact Science Behind D.M.C.A. Takedown Notices

By Brad Stone
Takedown notice

A new study from the University of Washington suggests that media industry trade groups are using flawed tactics in their investigations of users who violate copyrights on peer-to-peer file sharing networks.

Those trade groups, including the Motion Picture Association of America (M.P.A.A.) Entertainment Software Association (E.S.A.) and Recording Industry Association of America (R.I.A.A.), send universities and other network operators an increasing number of takedown notices each year, asserting that their intellectual property rights have been violated under the Digital Millennium Copyright Act.

Many universities pass those letters directly on to students without questioning the veracity of the allegations. The R.I.A.A. in particular follows up some of those notices by threatening legal action and forcing reported file-sharers into a financial settlement.

But the study, released Thursday by Tadayoshi Kohno, an assistant professor, Michael Piatek a graduate student, and Arvind Krishnamurthy, a research assistant professor, all at the University of Washington, argues that perhaps those takedown notices should be viewed more skeptically.

The paper finds that there is a serious flaw in how these trade groups finger reported file-sharers. It also suggests that some people might be getting improperly accused of sharing copyrighted content, and could even be purposely framed by other users.

In two separate studies in August 2007 and May of this year, the researchers set out to examine who was participating in BitTorrent file-sharing networks and what they were sharing. The researchers introduced software agents into these networks to monitor their traffic. Even though those software agents did not download any files, the researchers say they received more than 400 take-down requests accusing them of participating in the downloads.

The researchers concluded that enforcement agencies are looking only at I.P. addresses of participants on these peer-to-peer networks, and not what files are actually downloaded or uploaded — a more resource-intensive process that would nevertheless yield more conclusive information.

In their report, the researchers also demonstrate a way to manipulate I.P. addresses so that another user appears responsible for the file-sharing.

An inanimate object could also get the blame. The researchers rigged the software agents to implicate three laserjet printers, which were then accused in takedown letters by the M.P.A.A. of downloading copies of “Iron Man” and the latest Indiana Jones film.

“Because current enforcement techniques are weak, it is possible that anyone, regardless of sharing content or using BitTorrent, could get a D.M.C.A. takedown notice claiming they were committing copyright infringement,” said Mr. Piatek.

In their paper, the researchers argue for greater transparency and public review of Big Media’s intellectual property enforcement actions.

“Our study scientifically shows that flaws exists,” said Mr. Kohno, an assistant professor in the university’s Computer Science and Engineering department. “It’s impossible to prove that other flaws don’t exist, especially since current industry practices are so shrouded in mystery. Ultimately, we think that our results should provide a wake-up call for more openness on the parts of content enforcers.”

Comments are no longer being accepted.

sonicwav June 5, 2008 · 12:01 pm

The RIAA and MPAA using strong-arm tactics to hide the fact that their “evidence” is severely flawed? Heavens! It’s almost like all of those piracy advocates who have claimed this for years were right.

Maybe next we’ll find out it’s unsustainable business practices and not piracy that’s been destroying the record industry.

AlanMcR June 5, 2008 · 12:38 pm

It is the old story of “who is watching the watchers”. The DMCA gave out unchecked power. The abuse that follows is simply axiomatic.

DJH June 5, 2008 · 12:58 pm

The way DMCA is written, content owners have no incentive to be accurate in their demands. There is nothing about the law which prevents them from issuing a takedown notice from each and every IP address that ever existed or will exist — except perhaps the amount of work involved in generating them all. DMCA could have been written with disincentives … such as having to pay a fee or fine for issuing notices against non-infringing devices like printers … but it wasn’t. And I’m not betting that Congress will revisit that.

Eric Jacobson June 5, 2008 · 1:15 pm

I don’t agree with stealing art (in any medium).

However, since it’s fine to share what belongs to you, file sharing users ought to create and donate to a fund to defend against these spurious letters.

Ian June 5, 2008 · 1:21 pm

I’ve received DMCA notices for sharing non-copyrighted software…I guess this is why…

R. June 5, 2008 · 1:49 pm

Piracy and theft of intellectual property are highly unpopular subjects which receive every rationalization imaginable.
If perhaps some of the methods used to deter this blatant theft is flawed, why do we hear so little about the stealers? Are their methods not flawed?

Harrison Metzger June 5, 2008 · 2:57 pm

I’m glad this is been published. Anyone know knows just the slightest thing about networking would know this would be possible. I hope people realize that any device can put the 4 bytes (ipv4 that is) on a packet which the police would call “your IP address”.

Matt June 5, 2008 · 3:24 pm

Eric: The Electronic Frontier Foundation (//www.eff.org/) is an organisation defending freedoms on the Internet (and elsewhere). They don’t just deal with filesharing, but e-voting, online privacy etc.

BUBBA June 5, 2008 · 4:00 pm

“R”:

“Piracy and theft of intellectual property are highly unpopular subjects which receive every rationalization imaginable.”

Unpopular subjects? Where have you been?

If perhaps some of the methods used to deter this blatant theft is flawed, why do we hear so little about the stealers? Are their methods not flawed?

If? Perhaps?

Your construct is flaVVed.

In light of this study, perhaps there are no stealers anywhere. Maybe it’s allJetDirect traffic.

How do you know there are “stealers”, R?

Hmmm..?

–Bubba Ho-Tep

Spoonman June 5, 2008 · 4:05 pm

R: Like the general populace, you missed the point entirely. The article wasn’t about protecting illegal file sharing, but protecting those who specifically WEREN’T sharing files, but had to pay the price anyway. The purpose of the article and study was simply that the argument “if you’re not doing anything wrong you don’t have anything to fear” is as flawed now as it’s ever been.

The RIAA sends out take-down notices willy-nilly and innocent people pay the price. They get a notice that says “Pay us $3500 or we’ll sue you”. Sure, they could then try to spend $50,000 fighting it in court, often not even in their own home state, but that doesn’t make much sense, does it? You might just want to spend a couple of bucks and buy yourself a clue. Even a small, used one will get you further than you are now.

Howard June 5, 2008 · 4:07 pm

R. – We do hear a lot about copyright infringers — and it *is* infringement, not theft — in the media. But this story is not about actual infringement, it’s about the false accusation of infringement. Even the staunchest defender of copyright law should also believe that people shouldn’t be unfairly targeted by these trade associations. Casting too wide a net will only hurt their cause anyway.

G June 5, 2008 · 4:08 pm

I have received a DMCA notice for content which I do not own and have never owned, represented by allegedly infringing file names, which I have never had on any of my computers. I know enough about computers and networking to know the allegation was totally false, and wrote a very harsh letter to my ISP, which had forwarded the allegation. They said to basically ignore the allegation, but even the wording of the ISP’s original letter to me had no room for nuance or interpretation. It was basically “you have been sharing these copyrighted files”, not “automated systems seem to indicate you have been sharing…”

I did nothing wrong and there were no consequences, but it still left a very sour taste.

Frank June 5, 2008 · 4:14 pm

SonicWav: It could also be the fact that most radio acts sound eerily similar now, and that there’s usually only a select few tracks on a given album that are actually interesting.

Not to legitimize IP theft, but the record companies have really worked hard to destroy the fans good will in the interest of milking their cash cows. I’m very glad to see bands promoting their own content digitally (Radiohead, NIN, Prince) and the huge amount of “indie” material (Jonathan Coulton for example) that doesn’t need corporate sponsorship is getting better by the day.

Gob June 5, 2008 · 4:20 pm

You don’t need any technical expertise to frame someone else for infringement.

All you need is;
-the IP address of the target.
-a copy of an infringement letter (you can find them all over the internet).
-a way to alter or create a fake infringement letter.

You look up the target’s ISP using their IP address (Whois) and find out the ISP’s address. Then send the faked infringement letter to the ISP.

Do this 3 to 5 times and the target will get kicked off their ISP.

ISP’s never check up to confirm the validity of these letters.

Matt June 5, 2008 · 4:27 pm

R: Because there’s not much to say about them? What software pirates do is clearly illegal, end of story. Abuse of the DMCA, however, can have serious effects on the lives of innocent printers, as the story indicates.

Blue Zolar June 5, 2008 · 4:39 pm

Don’t forget — it was CLINTON who gave us the DMCA!.

Mark Jackson June 5, 2008 · 5:34 pm

So how can we be sure those laser printers *weren’t* illegally downloading films? The financial damage to the movie studios of having pirated content available on the flip-book market would be incalculable!

RAS June 5, 2008 · 6:01 pm

R: It’s an interesting post you left. The tone of your post indicates a preference to take the side of the RIAA and company – even they are responsible for huge injustices.

In case you missed it, there’s numerous parties involved:

a) The copyright holder – represented by the RIAA and such

b) The copyright violator – it can be expected these exist from the simple fact that observing general society leads one to the reasonable conclusion that “if the average individual thinks they can get away with something, they do it even when they know it’s wrong”. There will be those that live by their ethics, but one has to accept the reality there are those who choose to live without ethics.

c) The innocent victims – those that have not been responsible for copyright infringement

Now, one could hold the belief that “no one is innocent”. If you hold that belief, then you must also accept the fact that by holding that belief, you acknowledge you are guilty of copyright infringement.

I know that I live my life respecting copyright law so I know that I’m not guilty of copyright infringement. As a result, I know the belief that there are no innocents is false.

The article is focused on how easy it is for the RIAA and company to be mistaken with their claims. Consider it along the lines of some communities of the “old west”…
“There’s a murderer in town, let’s start hanging all the strangers, sooner or later we’ll hang the right person.”

Do you really believe the RIAA has the right to protect their represented works by instigating mob justice? It’s a sad, sad world you live in if you truly believe anyone has that right.

Doug June 5, 2008 · 7:45 pm

I’m shocked, shocked to discover the RIAA isn’t hip to modern technology.

Will June 5, 2008 · 9:15 pm

“a) The copyright holder – represented by the RIAA and such”

Actually, there’s a large number of artists who object to the RIAA’s actions in their name. I’ve read of two cases of the RIAA attempting to enforce ownership of music it did not own – one was in public domain and the other the artist had released as a Creative Commons property. The RIAA attempted to collect money on both.

There’s a reason European nations are not allowing the RIAA and allies to run riot within their borders. They aren’t bought and paid for by corporations, so their leaders actually take into account the broader impact of giving widespread enforcement power to a secretive, corporate lobbying group.

kdsde June 5, 2008 · 9:19 pm

Oh, and what also sould be noted with respect to false positives of printers stealing Indiana jones;
The tracker software (open tracker) that is used by one of the largest Trackers in the world, is known that it can be setup to report bogus IPs to peers that are not actually in the swarm and doing ANYthing even remotely resambling to copyrightinfringement.

The german programmer of that software calls that feature “Perfect Deniability”
//opentracker.blog.h3q.com/?p=22

Everybody recieving a takedown notice shoudl be made aware of that “defense”

Maybe thepiratebay.org has switched that feature to “on” too?

morkk June 5, 2008 · 10:52 pm

> So how can we be sure those laser printers *weren’t* illegally downloading films?

I heard that the colour laser downloaded Iron Man and turned it into a flip-book!

> Now, one could hold the belief that “no one is innocent”

No one is innocent (unless they have $10m in the bank).

jd June 6, 2008 · 7:08 am

Credit reporting agencies suffer severe penalties and lawsuits for “false positives”. Why are MPAA and RIAA off the hook for the same behavior? Because of strong lobbying and common interests of government and Big Media companies.

Just one question: How come is so easy to those serving DMCA take-down notices to find out about the traffic. Sniffing the network, probably without a warrant and with ISP participation.

Innocent, but Afraid of Big Brother June 6, 2008 · 9:05 am

A CLEAR BREACH…

of due process.

( Hey, but what do Republicans care? They only want massive campaign funds of the DCMA proponents )

A Gould June 6, 2008 · 10:07 am

My first thought would be to start spoofing the MPAA/RIAA IP addresses and see if I can get them to send themselves takedown notices.