Brian Ladd’s Blog – Notes on Life

Just another WordPress.com weblog

Beat Comcat BitTorrent Throttling on Linux

http://tuxtraining.com/2008/06/21/beating-sandvine-on-linux-with-iptables/

Multiple sites reported a while ago that Comcast was using Sandvine to do tcp packet resets to throttle BitTorrent connections of their users. This practice may be a thing of the past as it’s been found a simple rule in the Linux firewall, iptables, can simply just block their reset packets, returning your BitTorrent back to normal speeds and allowing you to once again connect to all your seeds and peer. So, if you are tired of Sandvine (the application used by Comcast to throttle Bit Torrent with fake TCP packet resets) screwing with your BitTorrent and a user of GNU/Linux, then this is for you. I will tell you how to take your bandwidth back.

Also see:

  1. Basics of iptables
  2. Iptables: How to save and restore rules at boot & shutdown
  3. How to Encrypt Bit Torrent Traffic With Ktorrent and Azurues

If you are using a Red Hat Linux derivative, such as Fedora Core or CentOS, then you will want to edit /etc/sysconfig/iptables. First, make a backup of this file. Next, open this file in your favorite text editor. Replace the current contents with this, substituting 6883 with your BitTorrent port number:

(Note: the values state, reject, dport and tcp-flags begin with a double dash )

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
#Comcast BitTorrent seeding block workaround
-A INPUT -p tcp –dport 6883 –tcp-flags RST RST -j DROP
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
#BitTorrent
-A INPUT -m state –state NEW -m tcp -p tcp –dport 6883 -j ACCEPT
-A INPUT -m state –state NEW -m udp -p udp –dport 6883 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
COMMIT

Reload your iptables firewall with service iptables restart. You should now see a great improvement in your seeding.

If you are using Ubuntu or another non-Red Hat Linux derivative, then place the following in a file and execute that file as root.
#!/bin/sh
#Replace 6883 with you BT port
BT_PORT=6883
#Flush the filters
iptables -F
#Apply new filters
iptables -A INPUT -i lo -j ACCEPT
#Comcast BitTorrent seeding block workaround
iptables -A INPUT -p tcp --dport $BT_PORT --tcp-flags RST RST -j DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
#BitTorrent
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport $BT_PORT -j ACCEPT
iptables -A INPUT -m state --state NEW -m udp -p udp --dport $BT_PORT -j ACCEPT
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited

If you are using Gentoo or another distro, it is important that your iptables rules includes this line, feel free to change the port number (or make it a range of ports).

-A INPUT -p tcp –dport 6883 –tcp-flags RST RST -j DROP

Your firewall is now configured and you should have great upload speed now. You will have to run this script every boot, by the way. One easy way is to call the script at the end of /etc/rc.local.

June 30, 2008 Posted by brianladd | Copyright / P2P / Law, Linux | | No Comments Yet

All Your Coffee Are Belong To Us

http://it.slashdot.org/it/08/06/17/1941200.shtml

“Craig Wright discovered that the Jura F90 Coffee maker, with its honest-to-God Jura Internet Connection Kit, can be taken over by a remote attacker, who can cause the coffee to be weaker or stronger; change the amount of water per cup; or cause the machine to require service (call this one a DDoC). ‘Best yet, the software allows a remote attacker to gain access to the Windows XP system it is running on at the level of the user.’ An Internet-enabled, remote-controlled coffee-machine and XP backdoor — what more could a hacker ask for?”

June 18, 2008 Posted by brianladd | Security | | No Comments Yet

Inside the music industry’s piracy battle

http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10515239&pnum=0

Inside the music industry’s piracy battle

10:20AM Monday June 09, 2008

WASHINGTON – Deep inside the national headquarters of the Recording Industry Assn. of America (RIAA) is a purple room.

Tinted windows shade the faces of young men and women working behind computer screens. They are part of the team investigating the illegal sharing of music files over peer-to-peer (P2P) networks, and they protect their identities carefully.

Such precautions are a reflection of the charged environment in which the music business is operating. The RIAA, the trade group for the major US labels, views anti-piracy enforcement as vital to the recording industry’s future.

Since 2003, labels have filed more than 28,000 lawsuits against individual file sharers. Only one suit has reached trial. Jammie Thomas, a single mother who was ordered by a federal jury in Minnesota last October to pay $222,000, is waiting for the federal court’s decision on her request for a new trial.

Piracy on university campuses is a big part of the problem. In the past year, the RIAA has sent more than 6,000 “pre-litigation settlement letters” to students around the country, giving them the opportunity to avoid a potential lawsuit by settling out of court for a reduced fee. About half have settled, and the other half face formal lawsuits.

Some university administrators complain that record companies unfairly target their campus networks to find infringers. Some judges have questioned whether proof of users making music files available in a P2P network’s “shared folder” is sufficient evidence of copyright infringement. Emotions have run so high that death threats targeting RIAA lawyers and executives haven’t been unheard of.

Despite the RIAA’s efforts, data suggest that demand for pirated content remains strong. A recent NPD Group report estimates that 19 per cent of US internet subscribers 13 and older download free music from P2P services, barely less than the 20 per cent reported when the RIAA began its user litigation campaign in 2003.

While it is all but impossible to gauge how much additional illegal downloading its enforcement actions may have deterred, the RIAA remains determined to clamp down on internet piracy. Billboard visited the trade group’s Washington, D.C., offices for a demonstration of how it tracks down file sharers.

In their world of “hash” files and virtual handshakes, the investigations don’t seem dark and sinister. The search begins simply – with a song.

THE STASH

An RIAA investigator and technology specialist, who asked for anonymity, clicked the keyboard on his laptop. The LimeWire interface appeared on a large screen.

New York-based LimeWire LLC touts on its website that its software is “the fastest file-sharing program on the planet.” The site offers a free version of its software, but it also offers the revenue-generating upgraded version for around $20. LimeWire is one of many software programs that run over the Gnutella file-sharing network.

To root out illegal file-sharing activity, the RIAA works with Maryland-based MediaSentry, which has developed customized programs that also operate over the Gnutella network. MediaSentry has a list of recordings owned by RIAA-member companies and, like any P2P user, can search for a music file by song title.

MediaSentry then collects alphanumeric “hash” codes it discovers online that are associated with these recordings. LimeWire and similar programs will identify how many users are sharing the same file as identified by the hash code. The combination of song titles and hash codes listed in the ever-growing database are the foundation and starting point of all RIAA investigations.

When a consumer rips a song from a CD and gives the digital file a name, the computer hardware, ripping software and other digital data together create a digital file identified by a distinct hash code. If the user rips the same song with an older computer – even with the same software – the file will have a different hash code. The slightest change in the music source, computer hardware, ripping software, P2P protocol, file name or length of recording will change the hash code identifying the resulting MP3 file.

For example, while searching for a Madonna song at the RIAA offices, dozens of users were sharing the same Madonna title over LimeWire – but six users were sharing the digital files with identical hash codes. Since it is highly improbable that more than one user would have the exact combination of equipment and timing to create identical hash codes, the investigator says, the six users are likely sharing copies of the same file that one person originally uploaded to the internet and that was later downloaded and shared by other users.

When MediaSentry observes that an MP3 file of a particular song is available for sharing over a P2P network but the hash code doesn’t match one in its database, the company downloads the file. Then it runs the file through a digital fingerprint system operated by Audio Magic to verify that it is an RIAA-member recording, which has been fingerprinted by the record company when the recording was made. If the file is in fact a copy of the recording, MediaSentry saves the hash code in its database.

What MediaSentry and RIAA investigators do next depends on whether they’re preparing a take-down notice for a university or planning to pursue litigation against an individual.

TAKE IT DOWN

Copyright holders cannot possibly sue every copyright infringer. But they can notify an internet service provider when a user is infringing a copyrighted work. The ISP is required under federal law to block that material from the internet after receiving a take-down notice from the copyright holder, as long as the notice complies with requirements set out in federal regulations. Many universities have their own computer networks and, as such, act as ISPs.

A take-down program begins with the RIAA’s list of about 700 current, popular titles of recordings owned by its member companies. The list is compiled – and continually updated – from Billboard and online music services’ sales charts. The user-litigation program uses many more titles, but the RIAA won’t disclose the number.

Once the MediaSentry search for a title identifies a hash, the software then tries to match it with popular hashes shared among P2P users listed in the database.

“We look for the most popular hashes,” the RIAA investigator says. “It’s then very unlikely that the person ripped it from his or her own CD collection and is making it available for the first time. It’s more likely this person has downloaded it from somebody else. The hash can’t be one we’ve seen many times before if somebody ripped it for the first time.”

Once the popular hash is identified, the MediaSentry program makes contact with the user through a “TCP handshake” – essentially a conversation between the Web server and the Web client, like LimeWire, via the internet transmission control protocol.

“Are you online and do you have this hash code?” the program asks. If the user’s program says “yes,” then the user is pegged. Just one digital file is enough for the RIAA to send a take-down notice.

The user doesn’t have to be sitting at the computer to be sharing a file. LimeWire and similar programs continue to share files over the P2P network as long as the computer is on, the program is open and the file-sharing component is on.

MediaSentry records the IP address, the name of the company or university that owns the ISP, the date and time of the handshake, the user name and the infringed title. The company sends it to the RIAA.

RIAA personnel then review the information, manually prepare the take-down notices and send them to the university.

“There is an idea that we target certain universities,” the investigator says. “That is completely incorrect and, technically, not possible. We find what we find by song and through public means; we don’t try to get into a university’s internal system.”

MEET JOHN DOE

The RIAA uses litigation to target some of “the most egregious users we find,” the investigator says.

This process, too, begins with the song search, but entails the collection of far more data on an individual user than is required for a take-down notice. After MediaSentry finds popular hash codes, the company’s software – just like LimeWire – allows a search of all the files the user is sharing.

The company collects the list of music files the user is sharing, identifies songs that belong to RIAA-member companies and downloads the files. MediaSentry also collects very detailed text logs as evidence of its activities throughout the entire process.

The ISP associated with an IP address is easy to identify. The American Registry for internet Numbers, a nonprofit organization, provides the information via a search on its website.

MediaSentry sends the information to the RIAA, which has staff that listen to each downloaded file to verify the identify of the song. The RIAA notifies the ISP to preserve the evidence connected to the IP address. The record companies then file a lawsuit naming “John Doe” as the unnamed defendant.

Once they file the suit, the labels may then have the court issue a subpoena for the ISP to identify the registered user for the IP address. That person then replaces John Doe as the defendant.

- REUTERS/Billboard

This story was found at: http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10515239&pnum=0

June 10, 2008 Posted by brianladd | Copyright / P2P / Law | | No Comments Yet

Exchange: Full Mailbox Rights

How do I grant the administrator(s) (or any other user) full mailbox right on Exchange 2000/2003 mailboxes?
http://www.petri.co.il/grant_full_mailbox_rights_on_exchange_2000_2003.htm

In Microsoft Exchange Server 5.5, when you grant Service Account Admin privileges on the Site container to a Microsoft Windows account, you grant that account unrestricted access to all mailboxes. Because Exchange 2000 and Exchange Server 2003 do not use a service account, even accounts with Enterprise Administrators rights are denied rights to access all mailboxes, by default.

This means that Exchange Full Administrators do not have the right to open any mailbox found on any server within the Exchange organization.

In fact, if your logon account is the Administrator account or is a member of the Domain Admins or Enterprise Admins groups, then you are explicitly denied access to all mailboxes other than your own, even if you otherwise have full administrative rights over the Exchange system.

However, unlike Exchange Server 5.5, all Exchange 2000/2003 administrative tasks can be performed without having to grant an administrator sufficient rights to read other people’s mail.

This default restriction can be overridden in several ways, but doing so should be in accordance with your organization’s security and privacy policies. In most cases, using these methods is appropriate only in a recovery server environment.
Granting right to a specific mailbox

Use the following procedure to grant access to an Exchange 2000 or an Exchange 2003 mailbox:

Note: You must have the appropriate Exchange administrative permissions to do so.

1. Start Active Directory Users and Computers.
2. On the View menu, ensure that the Advanced Features check box is selected.

Note: This is not necessary on Exchange Server 2003 because of the fact that the Exchange Advanced tab is exposed by default.

3. Right-click the user whose mailbox you want to give permissions to and choose Properties.

4. On the Exchange Advanced tab, click Mailbox Rights.

5. Notice that the Domain Admins and Enterprise Admins have both been given Deny access to Full Mailbox access.
6. Click Add, click the user or group who you want to have access to this mailbox, and then click OK.
7. Be sure that the user or group is selected in the Name box.
8. In the Permissions list, click Allow next to Full Mailbox Access, and then click OK.

9. Click Ok all the way out.

Warning: If the Group or User name list is empty and you only see one line with the name of SELF – do NOT touch the permission settings before you read SELF Permission on Exchange Mailboxes.

Note: If the purpose of granting such access is to permit use of the EXMERGE utility (see Delete Messages from Mailboxes by using EXMERGE for an example of such a requirement), grant Receive As permissions. You can also grant Full Control permissions if you want complete access.
Granting right to a mailboxes located within a specific mailbox store

Use the following procedure to grant access to Exchange 2000 or an Exchange 2003 mailboxes found on a specific mailbox store:

Note: You must have the appropriate Exchange administrative permissions to do so.

1. Start Exchange System Manager.
2. Drill down to your server object within the appropriate Administrative Group. Expand the server object and find the required mailbox store within the appropriate Storage Group. Right-click it and choose Properties.

3. In the Properties window go to the Security tab.
4. Click Add, click the user or group who you want to have access to the mailboxes, and then click OK.
5. Be sure that the user or group is selected in the Name box.
6. In the Permissions list, click Allow next to Full Control, and then click OK.

Note: Make sure there is no Deny checkbox selected next to the Send As and Receive As permissions.

7. Click Ok all the way out.

Granting right to a mailboxes located on a specific server

Use the following procedure to grant access to Exchange 2000 or an Exchange 2003 mailboxes found on a specific server:

Note: You must have the appropriate Exchange administrative permissions to do so.

1. Start Exchange System Manager.
2. Drill down to your server object within the appropriate Administrative Group. Right-click it and choose Properties.

3. In the Properties window go to the Security tab.
4. Click Add, click the user or group who you want to have access to the mailboxes, and then click OK.
5. Be sure that the user or group is selected in the Name box.
6. In the Permissions list, click Allow next to Full Control, and then click OK.

Note: Make sure there is no Deny checkbox selected next to the Send As and Receive As permissions.

7. Click Ok all the way out.

Note: It might take some time before the changes you’ve made will take effect. The amount of time needed is influenced by the number of domain controllers, Global Catalogs and site replication schedules and intervals. On one domain with one site containing multiple domain controllers it might take up to 15 minutes before you can begin using these new permissions. On single servers that are also DCs you can speed up the process by restarting the Information Store service.
Related articles

You might also want to read the following related articles:

Delete Messages from Mailboxes by using EXMERGE
Download Exmerge for Exchange 2000/2003
EXMERGE and Hebrew Fonts
Recover a Deleted Mailbox
SELF Permission on Exchange Mailboxes

June 5, 2008 Posted by brianladd | Windows / Microsoft | | No Comments Yet

Tracking the Trackers – DMCA Takedown notices

Original Content:http://dmca.cs.washington.edu/

Tracking the Trackers

Overview | FAQ | Sample complaint | Paper | People | Acknowledgments

Overview

As people increasingly rely on the Internet to deliver downloadable music, movies, and television, content producers are faced with the problem of increasing Internet piracy. To protect their content, copyright holders police the Internet, searching for unauthorized distribution of their work on websites like YouTube or peer-to-peer networks such as BitTorrent. When infringement is (allegedly) discovered, formal complaints are issued to network operators that may result in websites being taken down or home Internet connections being disabled.

Although the implications of being accused of copyright infringement are significant, very little is known about the methods used by enforcement agencies to detect it, particularly in P2P networks. We have conducted the first scientific, experimental study of monitoring and copyright enforcement on P2P networks and have made several discoveries which we find surprising.

  • Practically any Internet user can be framed for copyright infringement today.
    By profiling copyright enforcement in the popular BitTorrent file sharing system, we were able to generate hundreds of real DMCA takedown notices for computers at the University of Washington that never downloaded nor shared any content whatsoever.Further, we were able to remotely generate complaints for nonsense devices including several printers and a (non-NAT) wireless access point. Our results demonstrate several simple techniques that a malicious user could use to frame arbitrary network endpoints.
  • Even without being explicitly framed, innocent users may still receive complaints.
    Because of the inconclusive techniques used to identify infringing BitTorrent users, users may receive DMCA complaints even if they have not been explicitly framed by a malicious user and even if they have never used P2P software!
  • Software packages designed to preserve the privacy of P2P users are not completely effective.
    To avoid DMCA complaints today, many privacy conscious users employ IP blacklisting software designed to avoid communication with monitoring and enforcement agencies. We find that this software often fails to identify many likely monitoring agents, but we also discover that these agents exhibit characteristics that make distinguishing them straightforward.

While our experiments focus on BitTorrent only, our findings imply the need for increased transparency in the monitoring and enforcement process for all P2P networks to both address the known deficiencies we have exposed as well as to identify lurking unknown deficiencies.

More details about our findings and our experimental methodology are available in our online FAQ. A more thorough treatment is available in our technical report.

Paper

Challenges and Directions for Monitoring P2P File Sharing Networks –or– Why My Printer Received a DMCA Takedown Notice [ pdf ]

Michael Piatek, Tadayoshi Kohno, Arvind Krishnamurthy
Technical report #08-6-01, University of Washington, Department of Computer Science & Engineering.

People

Contact us

Graduate student Faculty
Michael Piatek Tadayoshi Kohno
Arvind Krishnamurthy

Acknowledgments

This work is supported by the NSF (CNS-0720589, 0722000, 0722004) and UW CSE.

uw | cse | systems, networking, & security

Frequently Asked Questions

Background

Q: What is a P2P file sharing network?
Q: What is BitTorrent?
Q: What is a DMCA takedown notice?
Q: Who are the major copyright enforcement agencies?
Q: Could a person receive a DMCA takedown notice and actually be innocent?


Methodology and experiments

Q: Why is this happening?
Q: Can you give us some examples of how this could be happening today?
Q: Your paper mentioned one way in which innocent users might incorrectly receive a DMCA takedown notice. Could there be other ways in which this is happening?
Q: Your paper says that your study is unique in that you intentionally try to receive DMCA takedown notices for your machines. Is that true?
Q: Do your current experiments apply to all copyright enforcement agencies?
Q: The title of your paper indicates that you received DMCA complaints for a printer, but printers can’t even run P2P software. How is that possible?
Implications

Q: What’s the most important conclusion to draw from your study?
Q: Have you notified enforcement agencies of your work?
Q: I use P2P software, but I also installed software that blocks communication with monitoring agencies. Can I avoid detection?
Q: I’m a network operator working at an ISP. Should I be suspicious of DMCA takedown notices?
Q: Suppose the copyright enforcement agencies fix the particular problems that you identified. Will we now all be able to have confidence in the accuracy of DMCA takedown notices?
Q: Do your results mean that all DMCA takedown notices are invalid?
Q: Whose side are you on? Are you helping the copyright enforcers? Are you helping people circumvent copyright?

Background

Q: What is a P2P file sharing network?
 A P2P file sharing network is a service for downloading files on the Internet. Usually, downloading a file is just like downloading a webpage: your computer obtains the entire file from a single webserver. In a P2P file sharing network, files are downloaded from many servers. Further, once a user downloads parts of a file, his or her computer can act as one of these servers.

Our study focuses on one particular P2P file sharing network: BitTorrent.

Q: What is BitTorrent?
BitTorrent is one type of P2P file sharing network that is extremely popular today and is the focus of our study. BitTorrent can be used to share any type of file and is used today to share both legal, freely available content as well as material protected by copyright.

Q: What is a DMCA takedown notice?
A DMCA takedown notice is a formal request to stop a particular file from being shared on the Internet. The name ‘DMCA’ comes from the Digital Millennium Copyright Act, a 1998 law which limits the liability of Internet Service Providers (ISPs) for copyright infringement and defines a new legal framework for copyright enforcement on the Internet. Check out a sample DMCA takedown notice.

Q: Who are the major copyright enforcement agencies?
Generally, complaints are sent by third parties on behalf of content producers. Over the course of our entire study (corresponding to our August, 2007 and our May, 2008 experiments), we have received complaints from both individual companies focused on monitoring P2P networks and larger industry associations. These agencies represent a diverse set of content producers in the movie, television, music, publishing, and software industries.

Q: Could a person receive a DMCA takedown notice and actually be innocent?
Up until now, many people assumed that they were guilty. While others have suggested that the results might not be conclusive, we are the first to provide scientific evidence that people could be receiving DMCA notices today for allegedly illegally sharing content when in fact they were not. Given this potential for false positives, there is a pressing need for the development of more robust monitoring techniques as well as greater transparency and openness on the practices of the monitoring agencies.

Methodology and experiments

Q: Why is this happening?
 Our results uncovered one way that this could be happening today. Downloading a file from BitTorrent is a two step process. First, a new user contacts a central coordinator that maintains a list of all other users currently downloading a file and obtains a list of other downloaders. Next, the new user contacts those peers, requesting file data and sharing it with others. Actual downloading and/or sharing of copyrighted material occurs only during the second step, but our experiments show that some monitoring techniques rely only on the reports of the central coordinator to determine whether or not a user is infringing. In these cases whether or not a peer is actually participating is not verified directly. In our paper, we describe techniques that exploit this lack of direct verification, allowing us to frame arbitrary Internet users.

To draw on a real-world analogy, consider the ride-share bulletin boards common on many university campuses. People post requests for and offers of rides to various locations and contact information. Suppose a monitoring agency wanted to keep track of anyone who shared a ride from Seattle to Portland. One method would be to simply take a picture of the bulletin board each day, noting the names of people that requested a ride to Portland. The problem with this approach is that anyone can post to the bullet board claiming to be anyone else; there is no way to know if the person named in the request actually made that request unless that person is directly observed getting in the car. Unfortunately, several copyright enforcement agencies appear to rely only on the analog of the former approach (taking a picture) and do not directly observe users sharing files (getting in the car).

Q: Can you give us some examples of how this could be happening today?
Here are two examples of how the above-mentioned technical flaw could potentially lead to erroneous DMCA takedown notices to innocent users:

  • Framing: One can implicate arbitrary users by registering their identity in the P2P file sharing networks. Monitoring agencies that use indirect evidence – such as taking a snapshot of the set of users found on the P2P network without actually verifying whether the users are actively sharing the copyrighted content – could end up sending erroneous DMCA notices to innocent users.
  • DHCP: In P2P file sharing networks users are typically identified by the IP addresses of their computers. However, most ISPs today assign IP addresses to users dynamically (using the DHCP mechanism). This dynamic reassignment of IP addresses could result in users being falsely accused.

We have experimentally verified the former and outline settings where the latter scenario could occur. But, we stress that focusing on just these particular examples misses the point. The point is that DMCA takedown notices can and are being sent erroneously. The bigger picture question is: What can we do to ensure that all future DMCA takedown notices are actually well-founded? We argue that this requires more openness in the monitoring and enforcement process.

Q: Your paper exposed one flaw in existing monitoring practices which could lead to innocent users incorrectly receiving DMCA takedown notices. Could there be other ways in which this is happening?
Yes. Unfortunately, there’s still very little known regarding the practices of copyright enforcement agencies. We found one way in which DMCA takedown notices could be sent incorrectly to users of one type of P2P file sharing network. But, many more faults might exist that remain undiscovered. We believe that public review of an open and well-documented enforcement process is critical to building confidence in the accuracy and legitimacy of P2P monitoring and copyright enforcement.

Q: Your paper says that your study is unique in that you intentionally try to receive DMCA takedown notices for your machines. Is that true?
Yes. As a result of our experiments, we’ve collected more than 400 DMCA takedown notices from the music, movie, software, publishing, and TV industries, all without downloading or uploading a single file!

Q: Do your current experiments apply to all copyright enforcement agencies?
In truth, we can’t be certain. Our experiments show that deficiencies exist in the enforcement practices of some agencies, but not necessarily all. In August 2007 we received erroneous takedown notices for all major types of content (music, movies, software, books, etc). And, in May 2008, we received such faulty DMCA takedown notices for movies, television, and software. In our May 2008 experiments we did not receive any notices for music and books, but that is far from conclusive evidence that practices have changed.

We do know, however, that at least the RIAA has started to become more open in describing parts of their processes. We commend them for this, and we hope our work encourages them to continue to become increasingly open. The fact remains, however, that at least some copyright enforcement agencies are using a fundamentally flawed technique when they accuse users of illegally sharing content. We hope that our research will serve as a wake-up call for the entire industry to be more open about their processes.

We further wish to draw a distinction between indirect detection and direct detection methods. We refer the reader to the paper for additional information, but mention here that direct detection methods–like what at least one content enforcement agency claims to use when monitoring Gnutella–have the potential for being much more conclusive than indirect detection methods.

Q: The title of your paper indicates that you received DMCA complaints for a printer, but printers can’t even run P2P software. How is that possible?
Surprisingly, it is possible. We have received DMCA complaints for several printers and even a wireless access point! (Please note that these are printers directly connected to the Internet and have their own IP addresses.) This is possible because some monitoring agencies don’t verify that a user reported to be sharing a file actually is sharing that file. This allows a malicious person to frame any device connected to the Internet: whether a printer, a wireless access point, or an innocent user’s computer.

Implications

Q: What’s the most important conclusion to draw from your study?
The fact that we can generate DMCA complaints for arbitrary users regardless of whether or not copyright infringement actually occurred casts doubt on the current approach to copyright enforcement on P2P networks. As a result, Internet users and ISPs should not interpret DMCA complaints as foolproof; false positives are a very real possibility. Going forward, we believe our work shows a compelling need for increased transparency in the P2P monitoring and enforcement process.

Q: Have you notified enforcement agencies of your work?
Yes. In 2007, our university’s DMCA response team contacted several enforcement agencies and indicated that our work did not involve the sharing of any file data and that their complaints were spurious. In our current study (2008), we continue to receive complaints from several of these enforcement agencies.
We thank Daniel Schwalbe, Head of Outreach & Special Projects, Office of the CISO, and member of UW’s DMCA response team, for all his help here.

Q: I use P2P software, but I also installed software that blocks communication with monitoring agencies. Can I avoid detection?
Not necessarily. In our study, we found that the lists used by some popular blacklisting software cover only some peers that are likely monitoring agents. Several likely monitoring agents are not included. Further, because enforcement agencies often send complaints without having communicated directly with users, whether or not communication with monitoring agents is avoided has little impact on whether a complaint is sent. More details are available in the paper, but in short: current blacklists do not guarantee that P2P users will avoid complaints for copyright infringement.

Q: I’m a network operator working at an ISP. Should I be suspicious of DMCA takedown notices?
Yes. Our results show that some methods used to generate DMCA takedown notices in BitTorrent are not conclusive and may misidentify users. This may also be true for other P2P networks. We therefore think that network operators should sanity check complaints as much as possible.

Q: Suppose the copyright enforcement agencies fix the particular problems that you identified. Will we now all be able to have confidence in the accuracy of DMCA takedown notices?
Unfortunately not. This is another reason why openness and transparency on the part of copyright enforcers is so important.

We’ve discovered one way in which users might falsely get DMCA takedown notices. Without more transparency, our concern is that–even if the copyright enforcers fix the problems we’ve identified–there might still be many other flaws remaining and new mistakes introduced in the future.

In our view, enforcement agencies need to make their processes open and transparent in order to increase confidence in the accuracy of DMCA takedown notices.

Q: Do your results mean that all DMCA takedown notices are invalid?
No, many are still valid. Further, while we found a flaw in how enforcement is done in BitTorrent, we re-emphasize that we did not study other P2P file sharing networks and hence cannot speak authoritatively about enforcement flaws in those other systems.

But, again, we stress that focusing on any particular flaw misses the most important point. The fact that any flaw exists is a serious concern. More hidden flaws could exist, masked by the general lack of transparency in current processes. Our work therefore highlights the need for greater transparency.

Q: Whose side are you on? Are you helping the copyright enforcers? Are you helping people circumvent copyright?
We are not taking sides on this particular issue, except to note that we do not wish to condone or support any illegal activities. Rather, we’re exploring from a scientific perspective the tension between P2P users and enforcement agencies. The results in our paper can be used to help all the parties involved in different ways. Please read the paper for additional information.


June 5, 2008 Posted by brianladd | Copyright / P2P / Law | | No Comments Yet