Vista hits Microsoft where it hurts…

Ok, so now we are starting to see the full scope of the Windows Vista debacle. When Windows Vista originally advertised and specs for it started coming out, I was all against it. Most of Windows Vista is designed around MPAA/RIAA DRM and content control schemes. Please keep in mind that I have very strong feelings against DRM. I’ll post a rant about DRM some other time. However, as a computer tech and geek worth his weight, I decided I would install and use Windows Vista for some time. I’ve been running it on my Dell Vostro notebook for a few months now and the experience hasn’t been so bad. It has had it’s ups and downs, but I get that with every operating system. So Vista has been an OK experience for me so far. Then I heard about the Microsoft class-action lawsuit based on the “Vista Ready” marketing scam. The scam goes like this: prior to the launch of Windows Vista, hardware was sold with a “Vista Ready” logo stuck on it. Many times, the hardware was not up toe the minimum requirements for Vista or was just barely over the absolute baseline. Then after Vista officially launched, a lot of people who bought the cheapest possible hardware that was “Vista Ready” found out that they couldn’t run Vista. Shock and surprise! Imagine that, when you buy crap computers, you can’t run an operating system like Vista on the bottom grade computer. Now, Microsoft is facing a possible 8+ Billion dollar lawsuit. But why worry. Microsoft can afford it, can’t they. Opps that’s right. Microsoft is about to layoff 5,000 people. And let’s not forget that they just posted the first financial loss to Wall Street. Starting to look a little grim….

http://www.crn.com/it-channel/212902345

Microsoft Bill For ‘Vista Capable’ Put At $8.52 Billion

By Damon Poeter, ChannelWeb
5:53 PM EST Fri. Jan. 23, 2009

Demand for PC components may have fallen off a cliff in recent weeks, but Microsoft could be forced to pony up for $8.52 billion-worth of memory and graphics cards, according to an expert witness for the plaintiffs in the ongoing “Vista Capable” class-action lawsuit.University of Washington economist Keith Leffler estimates that it would cost Microsoft between $3.92 billion and $8.52 billion to upgrade notebook and desktop PCs that the company labeled “Vista Capable” but which were not able to run the full version of the Windows Vista operating system, Computerworld’s Gregg Keizer reported Thursday.

The software giant disputes that figure as “absurdly” valued in a court filing that along with Leffler’s report was unsealed by U.S. District Court Judge Marsha Pechman Wednesday.

Microsoft launched Windows Vista in January, 2007 following a nine-month marketing campaign with components manufacturers, computer makers and retailers. During that period, Microsoft and its partners placed “Vista Capable” labels on notebooks and desktops that while able to run the entry-level Home Basic edition of Vista, in many cases could not run more advanced versions of the operating system.

Plaintiffs in the lawsuit, which is set for trial in April, say that because Vista Home Basic does not include features like the Aero Glass graphic user interface present on more advanced versions, the operating system shouldn’t have been called Vista in the first place. And because the “Vista Capable”-stickered computers they bought didn’t have the hardware necessary to move to versions which had those supposedly Vista-defining features, like Vista Home Premium or Vista Business, the plaintiffs say they were defrauded.

The “Vista Capable” labeling campaign began on April 1, 2006. Leffler estimates that 19.4 million PCs — 13.75 million notebooks and 5.65 million desktops — were labeled “Vista Capable,” according to the unsealed report.

Leffler came up with his total upgrade costs by calculating how much it would cost to upgrade each of the 19.4 million PCs with 1 GB of memory and graphics cards or onboard chipsets able to run Aero, according to Keizer. Leffler put the maximum cost of upgrading the desktops at $155, while positing that the notebooks’ integrated graphics would be more tricky to replace and would cost between $245 and $590 per unit. The total price tag for Microsoft would thus range from $3.92 billion to $8.52 billion and in some cases would include complete replacements of notebooks that could not be feasibly upgraded, Leffler testified.

Microsoft in its response argued that giving litigants “a free upgrade to Premium-ready PCs would provide a windfall to millions.”

January 25, 2009 Posted by brianladd | Copyright / P2P / Law, Windows / Microsoft | | No Comments Yet

Wow. I hate advertisers. I really hate those advertisers that actually think that invading my privacy and treating my like nothing more than a target for their flying garbage.

http://it.slashdot.org/article.pl?sid=09/01/08/2038216

“Lexus has announced plans to send targeted messages to buyers of its cars based on the buyer’s zip code and vehicle type. Unlike regular spam, these messages will be delivered directly to the buyer’s vehicle, and will play to the vehicle’s occupants as audio. Lexus has promised to make the messages relevant to the car buyers.” Imagine the fun that some targeted malware could do — not that such a thing could happen to a Lexus.

January 9, 2009 Posted by brianladd | Copyright / P2P / Law, Security | | No Comments Yet

Microsoft to hide Irish Tax Haven data of subsidiaries that have saved it billions of dollars in US taxes

I can’t help but wonder if our new President Barrack Obama would keep his promise of making US corporations keep jobs in this country after reading this article. While the article is not really about job, it does speak volumes about Microsoft’s business practices when they use Ireland as a way to dodge US taxes and remove millions of dollars from the US economy. Between the contemptible thieves of Wall Street and the horrendous leadership that allowed the Fannie Mae and Freddie Mac disasters to happen, I can’t be too surprised to discover this one. And the next logical question that comes to mind is: How can I pull this off? Could I somehow hide my earnings from US tax interest by moving it off shore to some other location. I’m sure there probably is, but I just don’t make enough money yet to get away with it.

http://www.finfacts.ie/irelandbusinessnews/publish/article_10005150.shtml

US software giant Microsoft has taken steps to shield from the public, the value of Tax Haven transactions of two Irish-registered subsidiaries that have enabled it to save billions of dollars in US taxes.

Ha’penny Bridge, Dublin – Microsoft’s Round Island One is Ireland’s biggest company. It operates from the offices of corporate lawyers and reported €3.23 billion ($3.88 billion) in fiscal 2004 pretax profit and paid $308 million in Irish corporate tax.

The company applied to the Irish Companies Office on Monday to re-register its Round Island One and Flat Island Company subsidiaries as companies with unlimited liability. Unlimited companies have no obligation to file their accounts publicly. The two companies operate from the Dublin offices of corporate lawyers Matheson Ormsby Prentice.

The move to change the legal status of the subsidiaries follows a November 2005 report in The Wall Street Journal and weeks after the US Treasury Department said it was developing new rules to prevent US groups transferring intellectual property and patents abroad as a way of minimising their exposure to US tax.

Last November, The Wall Street Journal wrote that “a law firm’s office on a quiet downtown street [in Dublin, Ireland ] houses an obscure subsidiary of Microsoft Corp. that helps the computer giant shave at least $500 million from its annual tax bill. The four-year-old subsidiary, Round Island One Ltd., has a thin roster of employees but controls more than $16 billion in Microsoft assets. Virtually unknown in Ireland, on paper it has quickly become one of the country’s biggest companies, with gross profits of nearly $9 billion in 2004.”

Flat Island Company made a profit of $802.4 million in 2004 on sales of $2 billion, but paid no tax. It issues licences for software in Europe, the Middle East and Africa.

Ireland’s low corporate tax rate of 12.5% on trading profits has been a magnet for multinational companies who are responsible for 90% of Irish exports and a significant contributor to the success of the modern Irish economy, commonly known as the Celtic Tiger.

In addition, an Irish tax exemption on patent income, has promoted the parking of US multinational company overseas profits in Ireland, through transfer pricing and other accounting measures. Ireland is the most profitable location of US multinationals and in the period 1998-2002, the profits of US companies with Irish facilities doubled.

Ireland’s annual corporate tax revenue is about €5.3 billion ($6.3 billion). The Wall Street Journal said in its report that a Microsoft Dublin-based company that is used for routing patent a royalty income from overseas operations, paid the Irish Revenue $300 million in taxes last year.

Up to 50% of Irish corporate tax revenue may relate to taxes paid on income earned by US multinationals outside Ireland.

Microsoft’s effective global tax rate fell to 26 percent in its last fiscal year from 33 percent the year before. Nearly half of the drop was attributed to “foreign earnings taxed at lower rates,” Microsoft said in a Securities and Exchange Commission August filing. Microsoft leaves much of its profit in Ireland, including $4.1 billion in cash, avoiding U.S. corporate income taxes. But it still can count this profit in its earnings.

Microsoft did not explain why it chose to re-register the two subsidiaries when questioned about the move. “As part of our strategy to facilitate and support future business growth, Microsoft is re-organising some of its legal entities within the group,” it said in a statement to The Irish Times. “Microsoft Ireland Operations Limited (MIOL) is the primary operating legal entity in Ireland, employing over 1,200 people in four operations based in Sandyford. MIOL remains unaffected by any changes and will continue to publicly file its financial statements.”

IRELAND TOP LOCATION OF US MULTINATIONALS’ PROFITS

Ireland is the world’s most profitable country for US corporations, according to analysis by US tax journal Tax Notes. In a study by the journal’s Martin Sullivan that was published in 2004, it was found that profits made by US companies in Ireland doubled between 1999 and 2002 from $13.4 billion to $26.8 billion, while profits in most of the rest of Europe fell. In his analysis Sullivan termed Ireland a ’semi-tax haven’ for US firms, because firms are involved in real productivity in contrast with locations such as Bermuda.

Between 1999 to 2002, US multinational corporations increased profits in countries with no taxes or low rates by 68% while sharply reducing profits recorded in countries where they engage in substantial business activity, the study published in the journal Tax Notes shows.

In 2002, US companies reported $149 billion of profits in 18 tax-haven countries, up 68% from $88 billion in 1999, according to Tax Notes, which analyzed the most recently available Commerce Department data. This compares with a 23% increase in total offshore profits earned by US multinationals during the same period-total profits of US multinationals’ foreign subsidiaries around the world stood at $255 billion in 2002.

January 1, 2009 Posted by brianladd | Copyright / P2P / Law, General Computer Tech, Windows / Microsoft, World News | | No Comments Yet

Fun with automated speed cameras

For those of you who may have thought that automated speed cameras were a good thing. Think about this one.

http://www.thesentinel.com/302730670790449.php

Local teens claim pranks on county’s Speed Cams

By Joe Slaninka

Special to the Sentinel

As a prank, students from local high schools have been taking advantage of the county’s Speed Camera Program in order to exact revenge on people who they believe have wronged them in the past, including other students and even teachers.

Students from Richard Montgomery High School dubbed the prank the Speed Camera “Pimping” game, according to a parent of a student enrolled at one of the high schools.

Originating from Wootton High School, the parent said, students duplicate the license plates by printing plate numbers on glossy photo paper, using fonts from certain websites that “mimic” those on Maryland license plates. They tape the duplicate plate over the existing plate on the back of their car and purposefully speed through a speed camera, the parent said. The victim then receives a citation in the mail days later.

Students are even obtaining vehicles from their friends that are similar or identical to the make and model of the car owned by the targeted victim, according to the parent.

“This game is very disturbing,” the parent said. “Especially since unsuspecting parents will also be victimized through receipt of unwarranted photo speed tickets.

The parent said that “our civil rights are exploited,” and the entire premise behind the Speed Camera Program is called into question as a result of the growing this fad among students.

The Speed Camera Program was implemented in March of this year and used for the purpose of reducing traffic and pedestrian collisions in the county. Cameras are located in residential areas and school zones where the posted speed limit is 35 miles per hour or lower. A $40 citation is mailed to the owner of the car for violating the speed limit in these areas.

The Montgomery County Police said they have not seen or heard of this prank occurring but said they will keep an eye out for people committing the crime.

“I hope the public at large will complain loudly enough that local Montgomery County government officials will change their policy of using these cameras for monetary gain,” the parent said. “The practice of sending speeding tickets to faceless recipients without any type of verification is unwarranted and an exploitation of our rights.”

Edward Owusu, Assistant Principal at Wootton High School, said that he heard of local students pulling the prank when the school received a call from a parent informing them of its occurrence. “I have not heard of this happening among students at Wootton,” Osuwu said. “It is unfortunate that kids have a lot of time on their hands that they can think of doing such a thing.”

Montgomery County Council President Phil Andrews said that the issue is troubling in several respects. “I am concerned that someone could get hurt, first of all, because they are speeding in areas where they know speeding is a problem,” he said.

Andrews also said that this could hurt the integrity of the Speed Camera Program. “It will cause potential problems for the Speed Camera Program in terms of the confidence in it,” he said.

He said he is glad someone caught it before it becomes more widespread and he said he hopes that the word get out to the people participating in this that there will be consequences.

December 22, 2008 Posted by brianladd | Copyright / P2P / Law | | No Comments Yet

iPod Search & Seizure

http://www.canada.com/topics/technology/science/story.html?id=ae997868-220b-4dae-bf4f-47f6fc96ce5e

Monday, May 26, 2008

CREDIT:

OTTAWA – The federal government is secretly negotiating an agreement to revamp international copyright laws which could make the information on Canadian iPods, laptop computers or other personal electronic devices illegal and greatly increase the difficulty of travelling with such devices.

The deal could also impose strict regulations on Internet service providers, forcing those companies to hand over customer information without a court order.

Called the Anti-Counterfeiting Trade Agreement (ACTA), the new plan would see Canada join other countries, including the United States and members of the European Union, to form an international coalition against copyright infringement.

The agreement is being structured much like the North American Free Trade Agreement (NAFTA) except it will create rules and regulations regarding private copying and copyright laws.

Federal trade agreements do not require parliamentary approval.

The deal would create a international regulator that could turn border guards and other public security personnel into copyright police. The security officials would be charged with checking laptops, iPods and even cellular phones for content that “infringes” on copyright laws, such as ripped CDs and movies.

The guards would also be responsible for determining what is infringing content and what is not.

The agreement proposes any content that may have been copied from a DVD or digital video recorder would be open for scrutiny by officials – even if the content was copied legally.

“If Hollywood could order intellectual property laws for Christmas what would they look like? This is pretty close,” said David Fewer, staff counsel at the University of Ottawa’s Canadian Internet Policy and Public Interest Clinic. “The process on ACTA so far has been cloak and dagger. This certainly raises concerns.”

The leaked ACTA document states officials should be given the “authority to take action against infringers (i.e., authority to act without complaint by rights holders).”

Anyone found with infringing content in their possession would be open to a fine.

They may also have their device confiscated or destroyed, according to the four-page document.

The trade agreement includes “civil enforcement” measures which give security personnel the “authority to order ex parte searches” (without a lawyer present) “and other preliminary measures”.

In Canada, border guards already perform random searches of laptops at airports to check for child pornography. ACTA would expand the role of those guards.

On top of these enforcement efforts, ACTA also proposes imposing new sanctions on Internet service providers. It would force them to hand over personal information pertaining to “claimed infringement” or “alleged infringers” – users who may be transmitting or sharing copyrighted content over the Internet.

Currently, rights holders must collect evidence to prove someone is sharing copyrighted material over the Internet. That evidence is then presented to a judge who issues a court order telling the Internet service provider to identify the customer.

The process can produce lengthy delays.

It is expected the new agreement will be tabled at July’s meeting of G8 nations in Tokyo, Japan.

Fewer has been following the progress of ACTA and has exhausted every avenue at his disposal to gain insight into its details.

He said Friday’s leak of a “discussion paper” which outlines the priorities of the agreement is the first glimpse anyone has into ACTA.

“We knew this existed, we filed an Access to Information request for this but all it provided us with was the title. All the rest of it was blacked out, ” he said. “Those negotiations can take place behind closed doors. At the end of the day we may be provided with something that has been negotiated which is a `fait accompli’ in which civil society gets no opportunity to critique it.”

Fewer expressed concerns about the part of the proposal that calls for ACTA to operate outside of accepted international forums such as the World Trade Organization (WTO), the World Intellectual Property Organization (WIPO) or the United Nations.

In the discussion paper, it is proposed ACTA create its own governing body and be overseen by a committee made up of representatives from member nations.

“This initiative is unprecedented,” he said.

The ACTA discussion paper was leaked online by Sunshine Media, the company that runs the Wikileaks.org website – a whistleblowing website created to help circulate secret documents.

In October, International Trade Minister David Emerson announced Canada would participate in ACTA’s creation. The initiative was originally aimed at stopping large-scale piracy, such as printing operations that make thousands of copies of movies that are still in theatres.

“We are seeking to counter global piracy and counterfeiting more effectively,” said Emerson at the time. “This government is working both at home and internationally to protect the intellectual property rights of Canadian artists, creators, inventors and investors.”

The new document is reported to be drafted by the Office of the United States Trade Representative.

A spokeswoman with the office refused to comment on the leaked document and directed all questions about ACTA to a short information circular about the initiative.

Michael Geist, Canada research chair of Internet and E-commerce law at the University of Ottawa and expert on Canadian copyright law, blasted the government for advancing ACTA with little public consultation. Geist said documents detailing ACTA’s plans would not need to be leaked online if the process was open and transparent.

“That’s what happens when you conduct all of this behind closed doors,” he said. “The lack of consultation, the secrecy behind it and the speculation that this will be concluded within a matter of months without any real public input is deeply troubling.”

Fewer and Geist said, once Canada signs the new trade agreement it will be next to impossible to back out of it.

In a situation similar to what happened in the Softwood Lumber trade dispute, Canadians could face hefty penalties if it does not comply with ACTA after the agreement has been completed.

The Department of International Trade did not respond to repeated requests for comment.

November 13, 2008 Posted by brianladd | Copyright / P2P / Law, Security | | No Comments Yet

Beat Comcat BitTorrent Throttling on Linux

http://tuxtraining.com/2008/06/21/beating-sandvine-on-linux-with-iptables/

Multiple sites reported a while ago that Comcast was using Sandvine to do tcp packet resets to throttle BitTorrent connections of their users. This practice may be a thing of the past as it’s been found a simple rule in the Linux firewall, iptables, can simply just block their reset packets, returning your BitTorrent back to normal speeds and allowing you to once again connect to all your seeds and peer. So, if you are tired of Sandvine (the application used by Comcast to throttle Bit Torrent with fake TCP packet resets) screwing with your BitTorrent and a user of GNU/Linux, then this is for you. I will tell you how to take your bandwidth back.

Also see:

If you are using a Red Hat Linux derivative, such as Fedora Core or CentOS, then you will want to edit /etc/sysconfig/iptables. First, make a backup of this file. Next, open this file in your favorite text editor. Replace the current contents with this, substituting 6883 with your BitTorrent port number:

(Note: the values state, reject, dport and tcp-flags begin with a double dash )

*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i lo -j ACCEPT #Comcast BitTorrent seeding block workaround -A INPUT -p tcp –dport 6883 –tcp-flags RST RST -j DROP -A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT #BitTorrent -A INPUT -m state –state NEW -m tcp -p tcp –dport 6883 -j ACCEPT -A INPUT -m state –state NEW -m udp -p udp –dport 6883 -j ACCEPT -A INPUT -j REJECT –reject-with icmp-host-prohibited COMMIT

Reload your iptables firewall with service iptables restart. You should now see a great improvement in your seeding.

If you are using Ubuntu or another non-Red Hat Linux derivative, then place the following in a file and execute that file as root.
#!/bin/sh #Replace 6883 with you BT port BT_PORT=6883 #Flush the filters iptables -F #Apply new filters iptables -A INPUT -i lo -j ACCEPT #Comcast BitTorrent seeding block workaround iptables -A INPUT -p tcp --dport $BT_PORT --tcp-flags RST RST -j DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT #BitTorrent iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport $BT_PORT -j ACCEPT iptables -A INPUT -m state --state NEW -m udp -p udp --dport $BT_PORT -j ACCEPT iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited

If you are using Gentoo or another distro, it is important that your iptables rules includes this line, feel free to change the port number (or make it a range of ports).

-A INPUT -p tcp –dport 6883 –tcp-flags RST RST -j DROP

Your firewall is now configured and you should have great upload speed now. You will have to run this script every boot, by the way. One easy way is to call the script at the end of /etc/rc.local.

June 30, 2008 Posted by brianladd | Copyright / P2P / Law, Linux | | No Comments Yet

Inside the music industry’s piracy battle

http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10515239&pnum=0

Inside the music industry’s piracy battle

10:20AM Monday June 09, 2008

WASHINGTON – Deep inside the national headquarters of the Recording Industry Assn. of America (RIAA) is a purple room.

Tinted windows shade the faces of young men and women working behind computer screens. They are part of the team investigating the illegal sharing of music files over peer-to-peer (P2P) networks, and they protect their identities carefully.

Such precautions are a reflection of the charged environment in which the music business is operating. The RIAA, the trade group for the major US labels, views anti-piracy enforcement as vital to the recording industry’s future.

Since 2003, labels have filed more than 28,000 lawsuits against individual file sharers. Only one suit has reached trial. Jammie Thomas, a single mother who was ordered by a federal jury in Minnesota last October to pay $222,000, is waiting for the federal court’s decision on her request for a new trial.

Piracy on university campuses is a big part of the problem. In the past year, the RIAA has sent more than 6,000 “pre-litigation settlement letters” to students around the country, giving them the opportunity to avoid a potential lawsuit by settling out of court for a reduced fee. About half have settled, and the other half face formal lawsuits.

Some university administrators complain that record companies unfairly target their campus networks to find infringers. Some judges have questioned whether proof of users making music files available in a P2P network’s “shared folder” is sufficient evidence of copyright infringement. Emotions have run so high that death threats targeting RIAA lawyers and executives haven’t been unheard of.

Despite the RIAA’s efforts, data suggest that demand for pirated content remains strong. A recent NPD Group report estimates that 19 per cent of US internet subscribers 13 and older download free music from P2P services, barely less than the 20 per cent reported when the RIAA began its user litigation campaign in 2003.

While it is all but impossible to gauge how much additional illegal downloading its enforcement actions may have deterred, the RIAA remains determined to clamp down on internet piracy. Billboard visited the trade group’s Washington, D.C., offices for a demonstration of how it tracks down file sharers.

In their world of “hash” files and virtual handshakes, the investigations don’t seem dark and sinister. The search begins simply – with a song.

THE STASH

An RIAA investigator and technology specialist, who asked for anonymity, clicked the keyboard on his laptop. The LimeWire interface appeared on a large screen.

New York-based LimeWire LLC touts on its website that its software is “the fastest file-sharing program on the planet.” The site offers a free version of its software, but it also offers the revenue-generating upgraded version for around $20. LimeWire is one of many software programs that run over the Gnutella file-sharing network.

To root out illegal file-sharing activity, the RIAA works with Maryland-based MediaSentry, which has developed customized programs that also operate over the Gnutella network. MediaSentry has a list of recordings owned by RIAA-member companies and, like any P2P user, can search for a music file by song title.

MediaSentry then collects alphanumeric “hash” codes it discovers online that are associated with these recordings. LimeWire and similar programs will identify how many users are sharing the same file as identified by the hash code. The combination of song titles and hash codes listed in the ever-growing database are the foundation and starting point of all RIAA investigations.

When a consumer rips a song from a CD and gives the digital file a name, the computer hardware, ripping software and other digital data together create a digital file identified by a distinct hash code. If the user rips the same song with an older computer – even with the same software – the file will have a different hash code. The slightest change in the music source, computer hardware, ripping software, P2P protocol, file name or length of recording will change the hash code identifying the resulting MP3 file.

For example, while searching for a Madonna song at the RIAA offices, dozens of users were sharing the same Madonna title over LimeWire – but six users were sharing the digital files with identical hash codes. Since it is highly improbable that more than one user would have the exact combination of equipment and timing to create identical hash codes, the investigator says, the six users are likely sharing copies of the same file that one person originally uploaded to the internet and that was later downloaded and shared by other users.

When MediaSentry observes that an MP3 file of a particular song is available for sharing over a P2P network but the hash code doesn’t match one in its database, the company downloads the file. Then it runs the file through a digital fingerprint system operated by Audio Magic to verify that it is an RIAA-member recording, which has been fingerprinted by the record company when the recording was made. If the file is in fact a copy of the recording, MediaSentry saves the hash code in its database.

What MediaSentry and RIAA investigators do next depends on whether they’re preparing a take-down notice for a university or planning to pursue litigation against an individual.

TAKE IT DOWN

Copyright holders cannot possibly sue every copyright infringer. But they can notify an internet service provider when a user is infringing a copyrighted work. The ISP is required under federal law to block that material from the internet after receiving a take-down notice from the copyright holder, as long as the notice complies with requirements set out in federal regulations. Many universities have their own computer networks and, as such, act as ISPs.

A take-down program begins with the RIAA’s list of about 700 current, popular titles of recordings owned by its member companies. The list is compiled – and continually updated – from Billboard and online music services’ sales charts. The user-litigation program uses many more titles, but the RIAA won’t disclose the number.

Once the MediaSentry search for a title identifies a hash, the software then tries to match it with popular hashes shared among P2P users listed in the database.

“We look for the most popular hashes,” the RIAA investigator says. “It’s then very unlikely that the person ripped it from his or her own CD collection and is making it available for the first time. It’s more likely this person has downloaded it from somebody else. The hash can’t be one we’ve seen many times before if somebody ripped it for the first time.”

Once the popular hash is identified, the MediaSentry program makes contact with the user through a “TCP handshake” – essentially a conversation between the Web server and the Web client, like LimeWire, via the internet transmission control protocol.

“Are you online and do you have this hash code?” the program asks. If the user’s program says “yes,” then the user is pegged. Just one digital file is enough for the RIAA to send a take-down notice.

The user doesn’t have to be sitting at the computer to be sharing a file. LimeWire and similar programs continue to share files over the P2P network as long as the computer is on, the program is open and the file-sharing component is on.

MediaSentry records the IP address, the name of the company or university that owns the ISP, the date and time of the handshake, the user name and the infringed title. The company sends it to the RIAA.

RIAA personnel then review the information, manually prepare the take-down notices and send them to the university.

“There is an idea that we target certain universities,” the investigator says. “That is completely incorrect and, technically, not possible. We find what we find by song and through public means; we don’t try to get into a university’s internal system.”

MEET JOHN DOE

The RIAA uses litigation to target some of “the most egregious users we find,” the investigator says.

This process, too, begins with the song search, but entails the collection of far more data on an individual user than is required for a take-down notice. After MediaSentry finds popular hash codes, the company’s software – just like LimeWire – allows a search of all the files the user is sharing.

The company collects the list of music files the user is sharing, identifies songs that belong to RIAA-member companies and downloads the files. MediaSentry also collects very detailed text logs as evidence of its activities throughout the entire process.

The ISP associated with an IP address is easy to identify. The American Registry for internet Numbers, a nonprofit organization, provides the information via a search on its website.

MediaSentry sends the information to the RIAA, which has staff that listen to each downloaded file to verify the identify of the song. The RIAA notifies the ISP to preserve the evidence connected to the IP address. The record companies then file a lawsuit naming “John Doe” as the unnamed defendant.

Once they file the suit, the labels may then have the court issue a subpoena for the ISP to identify the registered user for the IP address. That person then replaces John Doe as the defendant.

- REUTERS/Billboard

This story was found at: http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10515239&pnum=0

June 10, 2008 Posted by brianladd | Copyright / P2P / Law | | No Comments Yet

Tracking the Trackers – DMCA Takedown notices

Original Content:http://dmca.cs.washington.edu/

Overview

As people increasingly rely on the Internet to deliver downloadable music, movies, and television, content producers are faced with the problem of increasing Internet piracy. To protect their content, copyright holders police the Internet, searching for unauthorized distribution of their work on websites like YouTube or peer-to-peer networks such as BitTorrent. When infringement is (allegedly) discovered, formal complaints are issued to network operators that may result in websites being taken down or home Internet connections being disabled.

Although the implications of being accused of copyright infringement are significant, very little is known about the methods used by enforcement agencies to detect it, particularly in P2P networks. We have conducted the first scientific, experimental study of monitoring and copyright enforcement on P2P networks and have made several discoveries which we find surprising.

Practically any Internet user can be framed for copyright infringement today.
By profiling copyright enforcement in the popular BitTorrent file sharing system, we were able to generate hundreds of real DMCA takedown notices for computers at the University of Washington that never downloaded nor shared any content whatsoever.Further, we were able to remotely generate complaints for nonsense devices including several printers and a (non-NAT) wireless access point. Our results demonstrate several simple techniques that a malicious user could use to frame arbitrary network endpoints.
Even without being explicitly framed, innocent users may still receive complaints.
Because of the inconclusive techniques used to identify infringing BitTorrent users, users may receive DMCA complaints even if they have not been explicitly framed by a malicious user and even if they have never used P2P software!
Software packages designed to preserve the privacy of P2P users are not completely effective.
To avoid DMCA complaints today, many privacy conscious users employ IP blacklisting software designed to avoid communication with monitoring and enforcement agencies. We find that this software often fails to identify many likely monitoring agents, but we also discover that these agents exhibit characteristics that make distinguishing them straightforward.

While our experiments focus on BitTorrent only, our findings imply the need for increased transparency in the monitoring and enforcement process for all P2P networks to both address the known deficiencies we have exposed as well as to identify lurking unknown deficiencies.

More details about our findings and our experimental methodology are available in our online FAQ. A more thorough treatment is available in our technical report.

Paper

Challenges and Directions for Monitoring P2P File Sharing Networks –or– Why My Printer Received a DMCA Takedown Notice [ pdf ]

Michael Piatek, Tadayoshi Kohno, Arvind Krishnamurthy
Technical report #08-6-01, University of Washington, Department of Computer Science & Engineering.

People

Graduate student	Faculty
Michael Piatek	Tadayoshi Kohno
	Arvind Krishnamurthy

Acknowledgments

This work is supported by the NSF (CNS-0720589, 0722000, 0722004) and UW CSE.

uw | cse | systems, networking, & security

Frequently Asked Questions

Background

Q: What is a P2P file sharing network?
Q: What is BitTorrent?
Q: What is a DMCA takedown notice?
Q: Who are the major copyright enforcement agencies?
Q: Could a person receive a DMCA takedown notice and actually be innocent?

Methodology and experiments

Q: Why is this happening?
Q: Can you give us some examples of how this could be happening today?
Q: Your paper mentioned one way in which innocent users might incorrectly receive a DMCA takedown notice. Could there be other ways in which this is happening?
Q: Your paper says that your study is unique in that you intentionally try to receive DMCA takedown notices for your machines. Is that true?
Q: Do your current experiments apply to all copyright enforcement agencies?
Q: The title of your paper indicates that you received DMCA complaints for a printer, but printers can’t even run P2P software. How is that possible?
Implications

Q: What’s the most important conclusion to draw from your study?
Q: Have you notified enforcement agencies of your work?
Q: I use P2P software, but I also installed software that blocks communication with monitoring agencies. Can I avoid detection?
Q: I’m a network operator working at an ISP. Should I be suspicious of DMCA takedown notices?
Q: Suppose the copyright enforcement agencies fix the particular problems that you identified. Will we now all be able to have confidence in the accuracy of DMCA takedown notices?
Q: Do your results mean that all DMCA takedown notices are invalid?
Q: Whose side are you on? Are you helping the copyright enforcers? Are you helping people circumvent copyright?

Background

Q: What is a P2P file sharing network?
A P2P file sharing network is a service for downloading files on the Internet. Usually, downloading a file is just like downloading a webpage: your computer obtains the entire file from a single webserver. In a P2P file sharing network, files are downloaded from many servers. Further, once a user downloads parts of a file, his or her computer can act as one of these servers.

Our study focuses on one particular P2P file sharing network: BitTorrent.

Q: What is BitTorrent?
BitTorrent is one type of P2P file sharing network that is extremely popular today and is the focus of our study. BitTorrent can be used to share any type of file and is used today to share both legal, freely available content as well as material protected by copyright.

Q: What is a DMCA takedown notice?
A DMCA takedown notice is a formal request to stop a particular file from being shared on the Internet. The name ‘DMCA’ comes from the Digital Millennium Copyright Act, a 1998 law which limits the liability of Internet Service Providers (ISPs) for copyright infringement and defines a new legal framework for copyright enforcement on the Internet. Check out a sample DMCA takedown notice.

Q: Who are the major copyright enforcement agencies?
Generally, complaints are sent by third parties on behalf of content producers. Over the course of our entire study (corresponding to our August, 2007 and our May, 2008 experiments), we have received complaints from both individual companies focused on monitoring P2P networks and larger industry associations. These agencies represent a diverse set of content producers in the movie, television, music, publishing, and software industries.

Q: Could a person receive a DMCA takedown notice and actually be innocent?
Up until now, many people assumed that they were guilty. While others have suggested that the results might not be conclusive, we are the first to provide scientific evidence that people could be receiving DMCA notices today for allegedly illegally sharing content when in fact they were not. Given this potential for false positives, there is a pressing need for the development of more robust monitoring techniques as well as greater transparency and openness on the practices of the monitoring agencies.

Methodology and experiments

Q: Why is this happening?
Our results uncovered one way that this could be happening today. Downloading a file from BitTorrent is a two step process. First, a new user contacts a central coordinator that maintains a list of all other users currently downloading a file and obtains a list of other downloaders. Next, the new user contacts those peers, requesting file data and sharing it with others. Actual downloading and/or sharing of copyrighted material occurs only during the second step, but our experiments show that some monitoring techniques rely only on the reports of the central coordinator to determine whether or not a user is infringing. In these cases whether or not a peer is actually participating is not verified directly. In our paper, we describe techniques that exploit this lack of direct verification, allowing us to frame arbitrary Internet users.

To draw on a real-world analogy, consider the ride-share bulletin boards common on many university campuses. People post requests for and offers of rides to various locations and contact information. Suppose a monitoring agency wanted to keep track of anyone who shared a ride from Seattle to Portland. One method would be to simply take a picture of the bulletin board each day, noting the names of people that requested a ride to Portland. The problem with this approach is that anyone can post to the bullet board claiming to be anyone else; there is no way to know if the person named in the request actually made that request unless that person is directly observed getting in the car. Unfortunately, several copyright enforcement agencies appear to rely only on the analog of the former approach (taking a picture) and do not directly observe users sharing files (getting in the car).

Q: Can you give us some examples of how this could be happening today?
Here are two examples of how the above-mentioned technical flaw could potentially lead to erroneous DMCA takedown notices to innocent users:

Framing: One can implicate arbitrary users by registering their identity in the P2P file sharing networks. Monitoring agencies that use indirect evidence – such as taking a snapshot of the set of users found on the P2P network without actually verifying whether the users are actively sharing the copyrighted content – could end up sending erroneous DMCA notices to innocent users.
DHCP: In P2P file sharing networks users are typically identified by the IP addresses of their computers. However, most ISPs today assign IP addresses to users dynamically (using the DHCP mechanism). This dynamic reassignment of IP addresses could result in users being falsely accused.

We have experimentally verified the former and outline settings where the latter scenario could occur. But, we stress that focusing on just these particular examples misses the point. The point is that DMCA takedown notices can and are being sent erroneously. The bigger picture question is: What can we do to ensure that all future DMCA takedown notices are actually well-founded? We argue that this requires more openness in the monitoring and enforcement process.

Q: Your paper exposed one flaw in existing monitoring practices which could lead to innocent users incorrectly receiving DMCA takedown notices. Could there be other ways in which this is happening?
Yes. Unfortunately, there’s still very little known regarding the practices of copyright enforcement agencies. We found one way in which DMCA takedown notices could be sent incorrectly to users of one type of P2P file sharing network. But, many more faults might exist that remain undiscovered. We believe that public review of an open and well-documented enforcement process is critical to building confidence in the accuracy and legitimacy of P2P monitoring and copyright enforcement.

Q: Your paper says that your study is unique in that you intentionally try to receive DMCA takedown notices for your machines. Is that true?
Yes. As a result of our experiments, we’ve collected more than 400 DMCA takedown notices from the music, movie, software, publishing, and TV industries, all without downloading or uploading a single file!

Q: Do your current experiments apply to all copyright enforcement agencies?
In truth, we can’t be certain. Our experiments show that deficiencies exist in the enforcement practices of some agencies, but not necessarily all. In August 2007 we received erroneous takedown notices for all major types of content (music, movies, software, books, etc). And, in May 2008, we received such faulty DMCA takedown notices for movies, television, and software. In our May 2008 experiments we did not receive any notices for music and books, but that is far from conclusive evidence that practices have changed.

We do know, however, that at least the RIAA has started to become more open in describing parts of their processes. We commend them for this, and we hope our work encourages them to continue to become increasingly open. The fact remains, however, that at least some copyright enforcement agencies are using a fundamentally flawed technique when they accuse users of illegally sharing content. We hope that our research will serve as a wake-up call for the entire industry to be more open about their processes.

We further wish to draw a distinction between indirect detection and direct detection methods. We refer the reader to the paper for additional information, but mention here that direct detection methods–like what at least one content enforcement agency claims to use when monitoring Gnutella–have the potential for being much more conclusive than indirect detection methods.

Q: The title of your paper indicates that you received DMCA complaints for a printer, but printers can’t even run P2P software. How is that possible?
Surprisingly, it is possible. We have received DMCA complaints for several printers and even a wireless access point! (Please note that these are printers directly connected to the Internet and have their own IP addresses.) This is possible because some monitoring agencies don’t verify that a user reported to be sharing a file actually is sharing that file. This allows a malicious person to frame any device connected to the Internet: whether a printer, a wireless access point, or an innocent user’s computer.

Implications

Q: What’s the most important conclusion to draw from your study?
The fact that we can generate DMCA complaints for arbitrary users regardless of whether or not copyright infringement actually occurred casts doubt on the current approach to copyright enforcement on P2P networks. As a result, Internet users and ISPs should not interpret DMCA complaints as foolproof; false positives are a very real possibility. Going forward, we believe our work shows a compelling need for increased transparency in the P2P monitoring and enforcement process.

Q: Have you notified enforcement agencies of your work?
Yes. In 2007, our university’s DMCA response team contacted several enforcement agencies and indicated that our work did not involve the sharing of any file data and that their complaints were spurious. In our current study (2008), we continue to receive complaints from several of these enforcement agencies.
We thank Daniel Schwalbe, Head of Outreach & Special Projects, Office of the CISO, and member of UW’s DMCA response team, for all his help here.

Q: I use P2P software, but I also installed software that blocks communication with monitoring agencies. Can I avoid detection?
Not necessarily. In our study, we found that the lists used by some popular blacklisting software cover only some peers that are likely monitoring agents. Several likely monitoring agents are not included. Further, because enforcement agencies often send complaints without having communicated directly with users, whether or not communication with monitoring agents is avoided has little impact on whether a complaint is sent. More details are available in the paper, but in short: current blacklists do not guarantee that P2P users will avoid complaints for copyright infringement.

Q: I’m a network operator working at an ISP. Should I be suspicious of DMCA takedown notices?
Yes. Our results show that some methods used to generate DMCA takedown notices in BitTorrent are not conclusive and may misidentify users. This may also be true for other P2P networks. We therefore think that network operators should sanity check complaints as much as possible.

Q: Suppose the copyright enforcement agencies fix the particular problems that you identified. Will we now all be able to have confidence in the accuracy of DMCA takedown notices?
Unfortunately not. This is another reason why openness and transparency on the part of copyright enforcers is so important.

We’ve discovered one way in which users might falsely get DMCA takedown notices. Without more transparency, our concern is that–even if the copyright enforcers fix the problems we’ve identified–there might still be many other flaws remaining and new mistakes introduced in the future.

In our view, enforcement agencies need to make their processes open and transparent in order to increase confidence in the accuracy of DMCA takedown notices.

Q: Do your results mean that all DMCA takedown notices are invalid?
No, many are still valid. Further, while we found a flaw in how enforcement is done in BitTorrent, we re-emphasize that we did not study other P2P file sharing networks and hence cannot speak authoritatively about enforcement flaws in those other systems.

But, again, we stress that focusing on any particular flaw misses the most important point. The fact that any flaw exists is a serious concern. More hidden flaws could exist, masked by the general lack of transparency in current processes. Our work therefore highlights the need for greater transparency.

Q: Whose side are you on? Are you helping the copyright enforcers? Are you helping people circumvent copyright?
We are not taking sides on this particular issue, except to note that we do not wish to condone or support any illegal activities. Rather, we’re exploring from a scientific perspective the tension between P2P users and enforcement agencies. The results in our paper can be used to help all the parties involved in different ways. Please read the paper for additional information.

iPod Search & Siezure

http://www.canada.com/topics/technology/science/story.html?id=ae997868-220b-4dae-bf4f-47f6fc96ce5e

Monday, May 26, 2008