Courtesy of groklaw a great research paper (pdf) from the University of Washington dissecting under which assumptions DMCA copyrights infringement takedown notices are in fact generated for BitTorrent users(1). The conclusions of the paper are most troubling and show that a number of current enforcement practices lead to poor, inconclusive identifications.
Note that this research doesn't even take into account the obvious cases where a computer has been cracked in any way (e.g. trojan). This is the IP identification process itself which is shown to be highly unreliable in most cases.
- Innocent users can be targeted by a notice even when they are not using any P2P software and without being framed
Our results show that potentially any Internet user is at risk for receiving DMCA takedown notices today. Whether a false positive sent to a user that has never even used BitTorrent or a truly infringing user that relies on incomplete IP blacklists, there is currently no way for anyone to wholly avoid the risk of complaints.
- It's incredibly easy to frame/implicate pretty much any user or any machine, even for devices like printers or even non-DHCP wireless access point:
Copyright holders utilize inconclusive methods for identifying infringing BitTorrent users. We were able to generate hundreds of DMCA takedown notices for machines under our control at the University of Washington that were not downloading or sharing any content.
- Current privacy protection measures like black lists are largely inefficient, but for now stealth monitoring is not completely possible either.
We also find strong evidence to suggest that current monitoring agents are highly distinguishable from regular users in the BitTorrent P2P network. Our results imply that automatic and fine-grained detection of monitoring agents is feasible, suggesting further challenges for the monitoring organizations in the future.
- Interestingly, not all swarms are created equals as regard to monitoring.
[...] the current approach to enforcement has a natural limiting factor. To avoid being detected, our traces suggest that enforcement agents are not monitoring most swarms and tend to target those new, popular swarms that are the most economically valuable.
What can we conclude?
- People who don't agree with the law should try to get it changed
- People who are concerned by privacy issues should contribute to developing enhanced P2P systems: the paper suggests indeed a few directions such as on-the-fly black lists and stronger encryption.
- People who have been unfairly targeted should fight back, with the help of organizations such as the Chilling Effect Clearinghouse or the EFF.
Addendum
Carol Ruth Shepherd from Arbor Law left a great, detailed comment (see below) and reminds us that the DCMA has a section 512 (f) against fraudulent, overreaching, and incorrectly targeted DMCA takedown demands.
(f) Misrepresentations. - Any person who knowingly materially misrepresents under this section —
(1) that material or activity is infringing, or
(2) that material or activity was removed or disabled by mistake or misidentification,
shall be liable for any damages, including costs and attorneys' fees, incurred by the alleged infringer, by any copyright owner or copyright owner's authorized licensee, or by a service provider, who is injured by such misrepresentation, as the result of the service provider relying upon such misrepresentation in removing or disabling access to the material or activity claimed to be infringing, or in replacing the removed material or ceasing to disable access to it.
Addendum (06/15/08): Apparently the EFF decided to fight back in this case
(1) Here is a FAQ about DMCA, takedown notices and P2P protocols.
As the study shows, recent attempts by content providers and online service providers to lower their costs by 'automating' the DMCA takedown and demand letter process have geometrically increased the number of inaccurate claims and have randomly targeted innocent users and unfairly forced them to settle or mount a legal defense. Large content providers are using the legal equivalent of a sawed-off shotgun.
I'm constantly surprised that few blog commentators are aware that the DCMA has a section against fraudulent, overreaching, and incorrectly targeted DMCA takedown demands. Section 512(f) of the DMCA exists to award penalties against rights holders who abuse the DMCA process. There's no coverage of this.
It would be interesting to see Section 512(f) used in a lawsuit seeking declaratory judgment against large content providers using automated DMCA procedures, claiming that the use of automated DMCA demands without human verification leads to an unacceptable level of inaccuracy and violates the law. A handful of DMCA cases under Section 512(f) have held against the content providers and awarded penalties to the targets.
I recently wrote an article on incorrectly using DMCA takedown demands and Section 512(f) for the Michigan State Bar. The article can be downloaded from my blog at http://arborlaw.biz/blog/2008/02/05/dmca-takedowns-and-cd/ .
It's a good idea for all those criticizing the current state of DMCA enforcement to go back and read Section 512(f) of the DMCA itself (http://www.copyright.gov/title17/92chap5.html#512). A huge number of DMCA takedown notices are defective in following the required notice procedure, and a significant percentage seek to enforce laws unrelated to copyright, or are used to attack or stifle competitors or act out a vendetta. All of these would entitle the wrongfully targeted Internet user defending against a DMCA claim to the remedies in Section 512(f).
Regards,
Carol Shepherd, Attorney
Arborlaw PLC
Posted by: Arborlaw | June 10, 2008 at 09:47 AM
@Carol
Excellent! Thanks for such a useful and detailed comment!!
mtg
Posted by: mtg | June 12, 2008 at 01:33 PM