More from the Copyright Enforcement Follies

Unlike US corporations, IP addresses are not people. At least according to a UK patent and copyright judge. But I’m ahead of myself. In an entry from just over a year ago entitled Cyber-bullying by the copyright Gestapo the shenanigans of ACS:Law described as a “rogue law firm run amok” in this story by Nick Farrell in the Inquirer were reported. Briefly the story goes like this.

[ACS:Law] sent out letters to thousands of Brits accusing them of ‘piracy’  and offering them a chance to settle by paying about £500.

However, loads of people are being accused with what must be inaccurate information. One was a 78 year-old accused of downloading pornography and others are unaware of having done any downloading at all.

Furthermore Andrew Crossley of ACS:Law actually made this profoundly asinine statement to the BBC.

The method used to detect the IP address used for illegal downloads was foolproof.

So now that this fiasco has finally made it into court as we all knew it would, apparently the judge has the same skepticism of this egregious misunderstanding of how the Internet Protocol technology actually works. This piece by Matthew Lasar in Ars Technica entitled Court confirms: IP addresses aren’t people (and P2P lawyers know it) reports it as follows.

“What if the defendant authorises another to use their Internet connection in general and, unknown to them, the authorised user uses P2P software and infringes copyright?” asked His Honour Judge Birss QC last Tuesday.

That’s not the only legal snag Judge Birss noticed. He was particularly irritated over evidence that ACS was trying to withdraw the questionable complaints in a bid to sue the defendants again under better circumstances, and with a new firm: GCB.

“The GCB episode is damning in my judgment,” Birss warned. “This shows that Media CAT is a party who, while coming to court to discontinue, is at the very same time trying to ram home claims formulated on exactly the same basis away from the gaze of the court. That will not do.”

But what makes the England and Wales Patent County Court ruling particularly interesting is the jurist’s obvious skepticism about what has become the central dogma behind these suits—that a torrent share associated with a specific IP address is grounds for legal action against a specific human being. The lawyers argued that, even if the Internet subscriber hadn’t done the deed, he or she had presumably let someone else use their network, and so were therefore responsible for this “authorized” use.

But authorizing a guest to play some online game can hardly be seen as an authorization for that guest to start downloading copyrighted material; if that happens, why would the subscriber be responsible?

Birss had even more concerns:
Then there is the question of whether leaving an Internet connection “unsecured” opens up the door to liability for infringement by others piggy backing on the connection unbeknownst to the owner. Finally, what does “unsecured” mean? Wireless routers have different levels of security available and if the level of security is relevant to liability—where is the line to be drawn? No case has decided these issues but they are key to the claimant’s ability to… say—one way or another there is infringement here.

Judge Birss [stated,] “Proof that a person owns a photocopier does not prove they have committed acts of copyright infringement,” he continued:
“All the IP address identifies is an internet connection, which is likely today to be a wireless home broadband router. All Media CAT’s monitoring can identify is the person who has the contract with their ISP to have internet access. Assuming a case in Media CAT’s favour that the IP address is indeed linked to wholesale infringements of the copyright in question… Media CAT do not know who did it and know that they do not know who did it.”

The judge has given ACS:Law two weeks to continue the case or pay “wasted costs”.

In case you were wondering (as I was) what “wasted costs” are, a clarification by an Ars reader describes them thusly.

“In UK law there is a distinct difference between being awarded costs and ‘wasted costs’ which are awarded where a legal firm has acted improperly or merely incompetently (and is clearly seen as such) wasting the court’s and others’ time. These costs can be punitive. Wasted costs do not reflect on those the law firm represent.”

“Wasted costs” sounds like a really great idea and I would dearly love to see Mitch Bainwol and Co. - Recording Industry Association of America (RIAA) smacked with that particular legal stick. But alas, here in the US where the entertainment industry controls the public discourse on copyright and more than a few politicians I don’t see that happening any time soon. But fortunately there is at least one jurist in the civilized world who gets it. Bravo Judge Birss!

The road to jail is paved with smart phones

Could you get me out of jail?
(Man I aint even done nothin’)
Could you get me out of jail?
(Aye look, aye somebody get my cell phone. Aye get my cell phone.)
Could you get me out of jail?
From Get Me Out Of Jail by Petey Pablo

Possibly the coolest innovation spawned by Apple’s now ubiquitous iPhone was the concept of “jailbreaking” whereby iPhone owners, myself included, could free their device from the Apple/AT&T apps/carrier monopoly by using hacked firmware. Well now, thanks in part to the Supreme Court of the State of California, your phone may require you to do some very literal jailbreaking. This article by Ryan Radia in Ars Technica explains the situation thusly.

[The] decision in People v. Diaz (PDF), [holds] that police officers may lawfully search mobile phones found on arrested individuals’ persons without first obtaining a search warrant. The court reasoned that mobile phones, like cigarette packs and wallets, fall under the search incident to arrest exception to the Fourth Amendment to the Constitution.

So if you live in or plan to visit California any time soon it would probably be a good idea to lock down your cell phone and plan on doing a little time for obstruction or contempt. “Now just hang on a gosh darn minute there, bucko!“, you’re thinking about now, “I’m a law abiding citizen with nothing to hide, so how can this possibly affect me?“. With all due respect and attendant snarkiness, you are probably a criminal whether you know it or not. Sorry, it’s sad but true. There is a disturbing phenomenon called overcriminalization, described by the Heritage Foundation as follows.

Federal criminal law has exploded in size and scope. Federal criminal law used to focus on inherently wrongful conduct: treason, murder, counterfeiting, and the like. Today, an unimaginably broad range of socially and economically beneficial conduct is criminalized. More and more Americans who are otherwise law-abiding are being trapped and unjustly punished.

Regular readers of this blog, other than you Captain X-Ploit fans who consider laws as challenges to be hacked and overcome, will recall that past entries like this and this detail egregious legal abuses in the name of copyright enforcement. So given the penchant of the entertainment industry and their trained stooges in congress [sorry, that's a bit harsh - the Three Stooges as well as Iggy and the Stooges were much smarter than congress - but I digress] to criminalize all sorts of behaviors that interfere with their unmitigated money grab (er… IP protection) I would ask you law abiding citizens this question, How certain are you that the music and videos on your smart phone are “legal” and not “pirated”?Now that’s just ridicules!“, you might respond, “Law enforcement does not enforce those kind of laws.” You think? Sorry to disabuse you of your delusions of freedom, but I’ve written about that very thing in this entry entitled Over the top copyright enforcement insanity.

Or how about those of you who engage in “sexting”? If your “sexts” sometimes include racy photos whose subject was under the legal age of adulthood at the time of the photo that’s child pornography. Or how about that clueless, tasteless friend you have – you know who I mean – that insists on sending you off-color jokes that are illustrated. If you get your email on your smart phone, and who doesn’t nowadays, guess what – potential pornography again. Law enforcement calls that “probable cause”, and no it doesn’t matter that you’ve deleted them. The point is this, again summed up by Ars Technica.

A May 2010 study from the conservative Heritage Foundation and the National Association of Criminal Defense Lawyers found that three out of every five new nonviolent criminal offenses don’t require criminal intent. The Congressional Research Service can’t even count the number of criminal offenses currently on the books in the United States, estimating the number to be in the “tens of thousands.”

So you are almost certainly a criminal whether you intend to be or not. And here is the rub: when I mentioned “locking down” your smart phone earlier, I failed to mention that it’s rarely possible to do so.

While police cannot force you to disclose your mobile phone password, once they’ve lawfully taken the phone off your person, they are free to try to crack the password by guessing it or by entering every possible combination (a brute-force attack). If police succeed in gaining access your mobile phone, they may make a copy of all information contained on the device for subsequent examination and analysis.

A “brute force” attack on a 4-digit lock code as the iPhone has, is hardly a daunting task since 80% of you will use “1234″ or “1478″. Furthermore,

In many cases, extracting data from a mobile device is possible even if the device password is not known. Such extraction techniques take advantage of widely known vulnerabilities that make it disturbingly simple to access data stored on a smartphone by merely plugging the device into a computer and running specialized forensics software.

Ideally you would want full-disk encryption on your mobile device – just like you use on your laptop or netbook computer. But the news is grim in this area as well.

Unfortunately, few consumer-grade smartphones support full device encryption. While there are numerous smartphone apps available for encrypting particular types of files, such as emails (i.e. NitroDesk TouchDown), voice calls (i.e. RedPhone), and text messages (i.e. Cypher), these “selective” encryption tools offer insufficient protection unless you’re confident that no incriminating evidence exists anywhere on your smartphone outside of an encrypted container.

Despite the generally sorry state of mobile device security, a few options exist for privacy-conscious mobile phone owners. Research in Motion’s BlackBerry, when configured properly, is still widely considered to be the most secure smartphone platform. In fact, BlackBerry’s transport encryption is so robust that a few foreign governments have recently forced RIM to install backdoors for law enforcement purposes.

So basically if you want real protection, get a Blackberry. In the meantime there are some steps we non-Blackberry users can take to help shore up our eroding fourth amendment rights.

You should store your mobile phone in your luggage, footlocker, or in some other closed container that’s not on your person, particularly when driving an automobile. (For more on this subject, see our 2008 article summarizing the search incident to arrest exception in the context of mobile phones. Also see The iPhone Meets the Fourth Amendment, a 2008 UCLA Law Review article by law professor Adam Gershowitz.)

So always lock your phone and put it in a bag in the trunk when you drive. That’s a really good idea for a whole lot of reasons, many of which are your fellow travelers who won’t be at risk of you causing an accident because you won’t be able to text and drive.

Cyber-bullying by the copyright Gestapo

And though they’ll hunt you like a dog
Well they won’t take you alive
Because you make them piles of money
Stacked up twenty stories high
And the boys in every bar
Will not miss you when you gone
From A Heady Tale by The Fratellis

Whenever I write about copyright issues I like to set the record straight right off the bat. Having been a software developer for my entire career and a musician who records and produces music, I am not in any way opposed to the concept of copyright or copyright law. I’m certainly do not espouse the idea that all software wants to be free nor, much as I dislike the entertainment industry,  do I advocate torrenting music or movies to avoid paying. So having gotten that out of the way, I’m here to tell you that copyright enforcement is a whole other deal. Here in the US we must contend with the Recording Industry Association of America (RIAA) and the Motion Picture Association of America (MPAA) who have apparently decided that it’s far easier to blame any decline in revenue on “piracy” and sue potential customers, or threaten to and hope to settle out of court, than it is to come up with a viable distribution model for the digital age. But this week our European friends get to share the pain and witness the quasi-legal shenanigans that Americans have come to know and loathe. In this story by Nick Farrell in the Inquirer we hear about an episode of what I think can best be described as cyber-bullying by a law firm in the name of copyright enforcement.

So far at least 150 innocent people have been wrongly targeted in a crackdown on illegal file-sharing that’s being conducted by the rogue law firm run amok, ACS:Law.

The outfit has sent out letters to thousands of Brits accusing them of ‘piracy’ – that’s copyright infringement to anyone not trying to whip up public sentiment for their own monetary gain – and offering them a chance to settle by paying about £500.

However, loads of people are being accused with what must be inaccurate information. One was a 78 year-old accused of downloading pornography and others are unaware of having done any downloading at all.

“My 78 year-old father yesterday received a letter from ACS Law demanding £500 for a porn file he is alleged to have downloaded. Apparently the poor bloke does not know what file sharing is and has never even heard of BitTorrent. Nor has he given anyone else permission to use his computer.”

Which? Computing estimates that up to 50,000 letters have been sent out and is outraged that too many innocent people are being wrongly accused. Matt Bath, technology editor of Which? told the BBC that innocent consumers are being threatened with legal action for copyright infringements they not only haven’t committed, but wouldn’t know how to commit. But many “will be frightened into paying up rather than facing the stress of a court battle.”

Andrew Crossley of ACS:Law admitted that some cases had been dropped although he declined to give numbers. He told the Beeb [BBC to us yanks] that the method used to detect the IP address used for illegal downloads was foolproof, although that really does not explain why some cases needed to be dropped.

But behold, there is a glimmer of hope in this story. I mean other than the wicked sick ego and reputation boost for the 78-year-old guy accused of torrenting porn – You go, grandpa! No, I mean that you really can’t get too worried about litigation originating from a group whose spokes-weasel actually says “the method used to detect the IP address used for illegal downloads was foolproof” out loud. In public. To the press. I mean seriously, I can only assume that ACS:Law lawyers are the same class of moron as Mr. Crossley. [Andy, dude! - one word: TOR].

But sadly I don’t believe that Mr. Crossley and the gang at ACS:Law are stupid. They know very well that such a statement is ludicrous on it’s face and that no one with any kind of technical expertise will believe it. You know, the kind of technical expertise it takes to illegally torrent copyrighted material. So ACS:Law knows very well that the only folks naive enough to fall for their threats are not capable of doing what they are accusing them of. And that, my friends, smells a whole lot like cyber-bullying to me.

Meanwhile we have this dubious report by the International Federation of the Phonographic Industry (IFPI) [Note: Web of Trust (WoT) rates this site BAD in vendor reliability and privacy so be careful if you follow this link] that claims to provide a basis for such egregious behavior by the copyright gestapo. This article in Sonic State reports it like so.

The IFPI report that 95% of all music downloads are illegal – and they say that “cooperation from Internet Service Providers holds the key to this problem.”

The IFPI made the announcement as part of their Digital Music Report 2009:

Piracy is the major barrier to growth of the legitimate digital music sector and is causing severe damage to local music industries around the world.

Three of the world’s biggest music markets, all heavily dependent on local repertoire – France, Spain and Brazil – have seen a sharp slump in the fortunes of their local music industries:

  • In Spain, which has one of the highest rates of illegal file-sharing in Europe, sales by local artists in the top 50 have fallen by an estimated 65% between 2004 and 2009;
  • France, where a quarter of the internet population downloads illegally, has seen local artist album releases fall by 60% between 2003 and 2009;
  • In Brazil, full priced major label local album releases from the five largest music companies in 2008 were down 80% from their 2005 level.

The report shows that, while the music industry has increased its digital revenues by 940% since 2004, piracy has been the major factor behind the overall global market decline of around 30% in the same period.

Okay… So let me get this straight. All of the music purchased and downloaded from iTunes, Amazon, eMusic, Walmart, Napster and Rhapsody plus all of the smaller independent music label sites like Matador Records and individual artist sites together make up only 5% of music downloads? And that 25% of the internet population of France downloads illegally? And this is what is responsible for the 80% drop in full priced major label local album releases in Brazil? I don’t know what those IFPI guys have been smoking but they’d sure have a better chance of convincing me if I had some too. I mean seriously how would you find out that a quarter of the internet population downloads illegally in France and how can you correlate that to local artist album releases fall by 60% between 2003 and 2009. Hello! This is the internet. It’s everywhere. Like lint. And the copyright gestapo. What’s worse is that these bozos (or is that beau zauxs) are trying to convince ISPs that they should collude with the copyright gestapo. And the really sad thing is that some ISPs are going to buy into this nonsense. Let’s be clear here. I sympathize with the musicians who have seen sales of their albums decline. And I also sympathize with their unemployed fans who can no longer afford to buy music. What I don’t sympathize with is the copyright gestapo and their cyber-bullying.

Over the top copyright enforcement insanity

Regular readers of this blog know that as a Software Engineer and music composer I’m all about getting paid for the intellectual property that I create and develop. The mechanism, flawed though it may be, that protects most of the work I do is copyright, which is typically held by my employer. If my company doesn’t get paid for the products I develop, they in turn can’t pay me. So I’m all for copyright enforcement.

I am most assuredly not for the kind of asinine, over-the-top enforcement that is the focus of this article from Make:.

Keene Valley resident Jerilea Zempel was detained at the U.S. border this summer because she had a drawing of a sport-utility vehicle in her sketchbook.

U.S. Customs and Border Protection officers told Zempel they suspected her of copyright infringement.

She was released after more than an hour in custody at the Houlton, Maine, port of entry from New Brunswick, Canada.

Her release came only after she persuaded border guards she was an artist doing a project that involved a crocheted SUV as a statement against America’s dependence on oil and love for big vehicles.

“After going through my (laptop) computer, digital camera, cell phone, business cards, suitcase, reading materials, boxes of yarn and crochet tools, she returned with my sketchbook.

Zempel had drawn an SUV covered by a cozy, with its mirrors marked as “ears.”

“My sketchbook puzzled her,” Zempel said. “It was a cartoon sketch. They couldn’t understand what I was doing. She said, “Just what were you doing in Canada? We think you’re engaged in some kind of copyright infringement.”

Aside from the clear moronic “copyright infringement” excuse, what really chaps my hide is the idea that these brain donors from U.S. Customs and Border Protection were concerned with copyright enforcement in the first place. Such an egregious violation of common sense, not to mention personal liberties, is surely not an actual CBP policy or directive. Is it? So I did a little digging and discovered this information about Intellectual Property Rights on the CBP web site.

CBP protects businesses and consumers every day by combating the trade in counterfeit and pirated goods through an aggressive IPR enforcement program. CBP targets and seizes imports of counterfeit and pirated goods, and enforces exclusion orders on patent-infringing and other IPR violative goods issued by the U.S. International Trade Commission.

So exactly what kinds of “counterfeit and pirated goods” and “patent-infringing and other IPR violative goods” are we talking about here. Well, there’s also this report posted on the CBP web site that details exactly that.

Executive Summary

  • The domestic value of goods seized for intellectual property rights (IPR)
    violations at the mid-year point of Fiscal Year (FY) 2008 increased by
    2.7% to $113.2 million (M) from $110.1M at the mid-year point of FY
    2007.
  • The number of IPR seizures decreased by 1%, from 7,245 to 7,166.
    China was the top trading partner for IPR seizures at mid-year FY 2008
    with a domestic value of $96.7M, accounting for 85% of the total value
    seized. In FY 07, China accounted for 80% of seizure value.
  • Footwear was the top commodity seized at mid-year FY 2008 with a
    domestic value of $40.3M, which accounted for 36% of the entire value of
    infringing goods.
  • The categories of Handbags/Wallets/Backpacks, Cigarettes, and
    Sunglasses had significant increases in domestic value at mid-year FY
    2008 over mid-year FY 2007 values.

OK I guess I can see that. It’s the CBP’s job to protect the interest of American businesses. So a drawing of a SUV cozy would fall into the “All Other Commodities” category – which does, in fact, account for 9% ($6,576,378 US) of the commodities seized. Golly, I’m glad we’ve got the CBP watching our (businesses) backs to protect us from dangerous (to our wallets) IPR violators like Ms. Zempel. Are you kidding me? I’m starting to get the sneaking suspicion that this episode is only tangentially, through creative bending of overly broad policy (now where have we seen that before?), related to IPR enforcement. Could it be that CBP can now detain, harass, and otherwise violate the rights of anyone coming into the U.S. based on specious suspicions of “Intellectual Property Rights violations”? I sincerely hope not, but this episode is clearly evidence of exactly that.

I guess my next trip abroad I will have to make certain that I’m not in possession of such heinous “IPR violative” items as a hand sketched SUV cozy. Thanks CBP for your stellar vigilance. NOT.

I am dizzy now

Increasing Piracy to Cause Rise in Cyber Crime article on DarkReading prompts me to grant the Security For All “Merry-Go-Round” award to Metaforic‘s CEO Andrew McLennan for most ergregious and creative spin to promote a product or service.

“Piracy is a persistent problem which continues to cost software vendors worldwide billions of pounds in lost revenue, as well as harming local resellers and putting a strain on research and development in the technology industry,” comments Metaforic’s CEO Andrew McLennan. “More worryingly, hackers are becoming increasingly sophisticated in their methods of attack. The issue of hacked software and compromised websites goes far beyond that of piracy and standard copyright infringements. It can – and has – led to an explosion in the number of cyber crimes, including the exploitation of personal data, delivering malicious payloads to user machines, the installation of spyware and even taking over a PC as part of a botnet for hosting illegal content, often unbeknown to the owner.”

Hold on! Stop the software presses! You mean that all we have to do is implement one of those annoying little soft key dongles on our software products and we can help prevent our PCs from becoming zombies in botnets? Not only that, but it would be a boon to the folks who manufacture USB hubs since we would need to plug those dongles in somewhere. I’m getting dizzy just thinking about it.

Seriously, I doubt that Mr. McLennan is suggesting that software publishers not implementing “Anti-tamper” technology is a main contributor to cyber-crime, or that all software should be using it (although he might fervently wish for it). But to suggest that software piracy and copyright infringement leads to any cyber-crime (other than software piracy itself being a cyber-crime) – much less an “explosion in the number of cyber crimes” is, well, just spin. Really wicked spin, but balderdash. Hogwash. Crapola.

I mean, I can definitely see where inferior knockoff, “pirated” hardware like fake Cisco equipment poses a real threat, but pirated software? Certainly large software manufacturers lose money due to piracy of their products, but “billions of pounds”? This sounds like the same kind of whining and creative valuation that the RIAA does for pirated music. The consumer (not the professional pirate organizations in China) who pirates copyright protected content would not have purchased it if they had to pay for it. So how can that be revenue lost? Charge these guys penalties for copyright violation when they get caught – sure. Or when they post copyrighted content to a torrent site – absolutely.  But how, exactly does “Anti-tamper” technology prevent any of this – much less mitigate any cyber-crime threat? I could go on to actually question the value of “Anti-tamper” technology period. But I won’t. I’ve been plenty snarky already.

Beside I’m just too dizzy.