Thursday, April 19, 2007

kerjodando goes to LRUG (London Ruby Users Group)

Attended the recent Ruby on Rails user group meeting in London. It was very useful. I made one contact. This is what I saw.

Friday, April 06, 2007

New Guide for Anonymous P2P


Quick

1.Goto www.itsdargens.com

2.Select a meetup

3.Click on start

4.Download kerjodando p2p client (click RUN)

5.Connect to other users

6.Search download enjoy


How do I start?

You'll need a computer with a fast internet connection and the latest version of Java, available free from here.

Then visit www.itsdargens.com and start downloading.

Check out the kerjodando Downloading Guide for more details.


Detailed

With kerjodando you can download and enjoy public domain and user created movies, TV shows, music videos, games and more. Here’s how:

You do not initially need to download the kerjodando client.

When you go to download a public domain and user created movie or TV show, you will be given the opportunity to automatically download and install the client then.

You will need the latest version of Sun's Java RE software to run kerjodando available from here (most computers already have this installed).

kerjodando works with Windows, Mac, and Linux.


1. Goto www.itsdargens.com (or some other Ant torrent indexing site) and click on image in TV or search for interesting networks (meetups).

No need to register or login.

However, creating an account will allow you to join more than two meetups (term used for mini network of friends) and to bookmark any intersting meetups that you find.

Find a cool meetup to join.

In this example, let's join an Indie rock and pop music meetup.

2. Click on start link on meetup page.

3. Wait while Java loads (10 seconds).

4.Wait while the kerjodando p2p client for that meetup downloads (1minute).

5.Click on RUN (wait about 30 seconds for p2p client to start).

6.Select language and OK.

7.Select Advance Mode and then OK.

8.To manually connect fill in "connect to neighbours" address and port from trusted peers and then click connect.

9.When connected (about 2 minutes to connect and 5 minutes to connect to super nodes) click on search tab.

10.Search, use search terms such as a*, mp3*, avi* or pdf* to get an idea of what is available for download.

11.Select a search result and right click and select download from sub-menu to download item.

That’s it!

Keep in mind that a number of the steps in this guide assume you have never downloaded anything before from a kerjodando meetup.

Once you are set up, it is normally just a matter of finding something, downloading, opening and enjoying it.

Also see Ants p2p guide for extra information.

Sunday, April 01, 2007

Privacy versus Intellectual Property: Detection Methods Used by Copyright Holders


Found this research paper on the web. I have marked the relevant parts in red.



Privacy versus Intellectual Property:

Detection Methods Used by Copyright Holders

Timothy M. Valdez

tim@idahovandals.com

Department of Computer Science

University of Idaho

Moscow, ID 83844

Dr. Paul Oman, advisor

February 2, 2004

Outline

I. Background

a. Intellectual Property versus privacy

b. Types: mp3’s, books; Napster, et al

c. Value of IP (loss of potential revenue) versus value of privacy

d. Methods of safeguarding IP

i. DRM

ii. Encryption

iii. Licensing (shrink-wrap, et al)

II. P2P and IM uses

a. Personal file sharing

b. Software and file backup

c. Community building

d. Freedom from electronic intrusions

e. Anonymous discussion and criticism

III. Detection and enforcement against infringing uses

a. RIAA hires outside firms for data mining

b. DMCA; Extravagant penalties

c. Legislation

i. Attempted law to legalize hacking into P2P computers

ii. H.R.2752 Author, Consumer and Computer Owner Protection and Security (ACCOPS) Act of 2003: “To encourage the development and distribution of creative works by enhancing domestic and international enforcement of the copyright laws, and for other purposes.”

iii. S.2048 Consumer Broadband and Digital Television Promotion Act (CBDTPA): “A bill to regulate interstate commerce in certain devices by providing for private sector development of technological protection measures to be implemented and enforced by Federal regulations to protect digital content and promote broadband as well as the transition to digital television, and for other purposes.”

iv. H.R.2517 Piracy Deterrence and Education Act of 2003: “To enhance criminal enforcement of the copyright laws, educate the public about the application of copyright law to the Internet, and clarify the authority to seize unauthorized copyrighted works.”

v. H.R.2885 Protecting Children from Peer-to-Peer Pornography Act of 2003: “To prohibit the distribution of peer-to-peer file trading software in interstate commerce.”

vi. H.R.5211 To amend title 17, United States Code, to limit the liability of copyright owners for protecting their works on peer-to-peer networks: “Amends Federal copyright law to protect a copyright owner from liability in any criminal or civil action for impairing, with appropriate technology, the unauthorized distribution, display, performance, or reproduction of his or her copyrighted work on a publicly accessible peer-to-peer file trading network, if such impairment does not, without authorization, alter, delete, or otherwise impair the integrity of any computer file or data residing on the computer of a file trader.”

d. Offering monetary rewards for “information leading to...”

e. Denial of Service attacks on P2P networks

f. Napster-era file hashes

g. Flooding networks with fake files

h. Software written to sabotage P2P networks and computers downloading copyrighted music

IV. Problems with detection and enforcement methods

a. Loss of online privacy and anonymity

b. Possible trespass to chattels issue

c. Illegal subpoenas

d. Presumption of guilt

e. Loss of 5th amendment rights

V. Legislative activity regarding privacy and online freedom

a. Senator Norm Coleman (R-MN) letter to RIAA, follow-ups, congressional investigations

b. Pending legislation

i. H.R.107 Digital Media Consumers' Rights Act (DMCRA) of 2003: “To amend the Federal Trade Commission Act to provide that the advertising or sale of a mislabeled copy-protected music disc is an unfair method of competition and an unfair and deceptive act or practice, and for other purposes.”

ii. H.R.69 Online Privacy Protection Act of 2003: “To require the Federal Trade Commission to prescribe regulations to protect the privacy of personal information collected from and about individuals who are not covered by the Children's Online Privacy Protection Act of 1998 on the Internet, to provide greater individual control over the collection and use of that information, and for other purposes.”

iii. S.563 Computer Owners’ Bill of Rights. “To protect owners of computers, and for other purposes.”

iv. H.R.1066 BALANCE Act of 2003 (Benefit Authors without Limiting Advancement or Net Consumer Expectations) (formerly H.R.5522 Digital Choice and Freedom Act of 2002): “To amend title 17, United States Code, to safeguard the rights and expectations of consumers who lawfully obtain digital entertainment.”

v. S.692 Digital Consumer Right to Know Act of 2003. “To require the Federal Trade Commission to issue rules regarding the disclosure of technological measures that restrict consumer flexibility to use and manipulate digital information and entertainment content.”

vi. H.R.48 Global Internet Freedom Act: “Establishes in the International Broadcasting Bureau the Office of Global Internet Freedom to develop and implement a comprehensive global strategy to combat state-sponsored and state-directed Internet jamming and persecution of those who use the Internet.”

vii. H.R.3159 Government Network Security Act of 2003: “To require Federal agencies to develop and implement plans to protect the security and privacy of government computer systems from the risks posed by peer-to-peer file sharing.”

VI. Proactive methods and technologies to protect against network surveillance

a. Conversion of text file lists into graphic images to bypass automated detection

b. P2P file lists employing anti-bot images requiring user interaction

c. Randomize file and subdirectory names via script

d. Tarpits for bots

e. Use of Wi-Fi hotspots for anonymous connections

f. P2P file sharing software using encrypted communication protocols

g. P2P2P proxies

h. Changing MD5 hashes and/or CRC32 checksums of multimedia files

i. Use of darknets

VII. Conclusion

Abstract

Numerous methods are used by copyright holders in an effort to protect their Intellectual Property (IP) rights. In many cases those methods intrude on the real and perceived rights of Internet users to participate in private communications. This begs the question: at what point does privacy lose out against aggressive enforcement toward possible IP-infringing activities such as peer-to-peer file sharing? There is a monetary value attached to IP, and it is measured by the loss of potential revenue. There is also a value attached to an Internet user’s privacy, of which the loss is measured by the chilling effects imposed upon their online freedoms. There are many methods available for copyright holders to protect IP using Digital Rights Management that do not interfere with the privacy rights of individuals. While it has been shown that a few technologies such as peer-to-peer (P2P) and Instant Messaging facilitate IP-infringing activities, there are also many acceptable uses for these technologies. An example of a law that has privacy implications is the Digital Millennium Copyright Act (DMCA). This law has been the basis for many recent non copyright-related lawsuits. Copyright holders are connecting to the largest P2P networks and filing subpoenas with Internet Service Providers to obtain personal information about potential IP infringers. This leads to a loss of the expectation of privacy that Internet users are accustomed to. If the copyright holders electronically enter the hard drives of P2P users they may be held liable for possible trespass to chattels or other legalities. These actions deprive the P2P user of their due process rights and the expectation of innocence. Recognizing that copyright holders such as the Recording Industry Association of America (RIAA) may be too zealous in their detection methods, Senator Norm Coleman (R-MN) has begun proceedings to investigate the privacy implications of their information-gathering procedures. In addition, several bills have been introduced in an effort to curb the misuse of the DMCA. Before these new laws and amendments take effect, P2P users will need to take steps to protect their privacy from the detection methods employed by copyright holders such as the RIAA and its subsidiaries.

Background

The passage into law of the Digital Millennium Copyright Act (DMCA) in October 1998 has affected the balance between consumers’ right to use of resources, and copyright holders’ desire to control their property. This was a direct result of the creation of file-sharing software Napster by University of Michigan student Shawn Fanning in 1999 [6]. The Recording Industry Association of America (RIAA) has filed thousands of subpoenas and instigated hundreds of lawsuits against peer-to-peer (P2P) software users in an attempt to prevent the illegal online sharing of their intellectual property (i.e. music files). This conflict between content owners and content users is occurring due to the differing values attributed to the Intellectual Property (IP) of copyright holders versus consumers’ freedom to use purchased material in any method they wish. Music-purchasing customers are discovering that the implementation of certain Digital Rights Management (DRM) components in music CD’s prevents “fair use” of those works. A recent marketing attempt to distribute copy-protected music compact discs met with failure due to consumers’ inability to play them in their cars and computers; they had lost the freedom to use their purchased material as desired. The technical methods employed by this DRM were bypassed by customers with only a felt marker [5]. This example demonstrated to the industry that even highly technical DRM methods are not foolproof.

Section 107 of the Copyright Act of the United States defines a four-factor test for the fair use of IP, generally applied by the courts (when necessary) on a case-by-case basis:

  1. the purpose and character of the use, including whether such use is of a commercial nature or is for nonprofit educational purposes;
  2. the nature of the copyrighted work;
  3. the amount and substantiality of the portion used in relation to the copyrighted work as a whole;
  4. the effect of the use upon the potential market for, or value of, the copyrighted work [4]

Historically, consumers have been able to legally make a copy of a VHS movie, and even software, for archival backup purposes. With new DRM processes and shrink-wrap licenses that capability can be prevented by the copyright holder, thus preventing fair use of the content. Recent court cases have upheld the legality of shrink-wrap licenses preventing the reverse-engineering of software [7], which is a programming technique used to enable market competition and product interoperability. You may be held liable for numerous offenses by reverse-engineering the protection on any DRM in an attempt to bypass or remove the protection to allow saving the content in a new format or simply backing it up.

Each of these mediums (music files, movie files, and electronic books) presents unique challenges to DRM systems. Adobe introduced an encryption scheme based on their Portable Document Format (PDF) to protect books converted into an electronic version. This “e-Book” design [8] used a weak password algorithm [9] to encrypt the contents of the book. This same technique was used to embed software tokens in the data stream which selectively enabled or disabled the ability to print out or copy the file. A company in Russia reverse-engineered this algorithm and began marketing a product [21] to break this protection. Simultaneously, it was discovered that by using a common open-source PostScript-management product one could remove these embedded tokens and some forms of file protection as well. This example demonstrates that the laws in the United States may not be enforceable in different countries such as Russia, where it is legal to sell copy-protection removal software.

IM and P2P

Both Instant Messaging (IM) and Peer-to-Peer file sharing have significant legal uses such as personal file sharing, archival software backup, commercial software support, and anonymous discussion, none of which infringe on any copyrights. IM technology provides the privacy necessary for the freedom of expression and debate of personal and sensitive issues within the Internet community. This anonymous method of communication is what has allowed the Internet to be widely regarded as having freedom from undesirable intrusions. The Supreme Court has consistently afforded first amendment protection to the anonymous posting of comments and “whistle blowing”: “Under our Constitution, anonymous pamphleteering is not a pernicious, fraudulent practice, but an honorable tradition of advocacy and of dissent. Anonymity is a shield from the tyranny of the majority.” [1]

In Reno v. ACLU the Court further upheld anonymous free speech and updated their earlier decision to include the Internet:

Through the use of chatrooms, any person with a phone line can become a town crier with a voice that resonates farther than it could from any soapbox. Through the use of webpages, mail exploders, and newsgroups, the same individual can become a pamphleteer.” [2] In the conclusion of this case, the Court added: “As a matter of constitutional tradition, in the absence of evidence to the contrary, we presume that governmental regulation of the content of speech is more likely to interfere with the free exchange of ideas than to encourage it. The interest in encouraging freedom of expression in a democratic society outweighs any theoretical but unproven benefit of censorship.” [ibid]

Morpheus (a popular P2P client application) was sued for failing to prevent the IP-infringing uses of its software by customers. They won a motion for summary judgment primarily based on the decision in Sony v. Universal Studios (the famous Betamax case) where the Supreme Court declared: “…the mere capability of substantial noninfringing uses is all that is required to protect a new technology from an attack grounded on allegations of contributory copyright infringement.” [37] (emphasis mine)

Separately, in MGM v. Grokster (a case hinging on the possible requirement of a software company to produce a product that prevents infringing uses) the Court followed up with a similar decision:

The doctrine of vicarious infringement does not contemplate liability based upon the fact that a product could be made such that it is less susceptible to unlawful use, where no control over the user of the product exists.” [MGM v. Grokster, 259 F. Supp. 2d at 1045-46 (emphasis in original).] Additionally the Court said: “It is no surprise that – just as the studios initially resisted video tape rather than releasing prerecorded tapes – the established record and movie companies have resisted opportunities to exploit peer-to-peer technology. When one entirely dominates the existing means of distribution, one tends to resist change.” [38]. The Court further states: “In the case of the music and motion picture industries, permitting the incumbent leaders to suppress disruptive technologies will leave not just society, but copyright owners themselves poorer over the long run.” [39]

These court cases have shown that the judicial branch of our government is more savvy than anticipated. It is important to note that the future use of a product must be contemplated while determining if an infringing activity is taking place. An analogous case involving a P2P product named Madster (formerly Aimster) was lost because the defendant (Madster) used examples with copyrighted music files in their program documentation tutorials and also failed to produce any evidence of significant non-infringing product usage.

In an activity related to freedom of speech, the Sarbanes-Oxley Act of 2002 (as passed by the Senate, titled: Public Company Accounting Reform and Investor Protection Act of 2002) [10] which became law in the wake of the Enron debacle gives significant protection to whistleblowers. More recently a June 24, 2003, 9th Circuit Court of Appeals decision gave §230(c) of the Communications Decency Act [3] more protection to anonymous Internet posters than the First Amendment [ibid] and directly addressed “CyberSLAPP” lawsuits (Strategic Lawsuits Against Public Participation) [12] which attempt to prevent public criticism of companies and individuals. These “CyberSLAPP” lawsuits have been consistently dismissed by the courts, yet the newly-elevated subpoena provision of the DMCA allowed corporations and powerful citizens to issue similar “John Doe”-like subpoenas and thereby circumvent this trend, but only if the ISP actually stores the copyrighted materials on their servers and doesn’t just act as a conduit for P2P network activity. [32]

In an attempt to subjugate the anti-P2P actions of the RIAA, MPAA, and similar agencies, Sharman Networks, the creators of the KaZaA file-sharing software, modified their End-user License Agreement (EULA) in October 2003 to provide for their indemnification from any illegal or improper use of their software and network by end users:

2.11 Monitor traffic or make search requests in order to accumulate information about individual users; […]

2.14 Collect or store personal data about other users [55]

They also added verbiage that attempts to prevent the use of their software and network for the purpose of discovering or tracking users’ identities. Historically the courts have upheld shrink-wrap licenses, and it will be interesting to see if this new tactic holds up when it is challenged in the current court case wherein Sharman is suing the record labels and movie studios [56].

Detection Methods

I will concentrate on the current actions employed by the RIAA in their attempt to detect infringing uses of copyrighted materials. The RIAA has retained several companies such as MediaSentry, Cyveillance, BayTSP, and Vidius to broaden their detection and data mining capabilities. Possible detection steps [23] employed by the RIAA and its hired tracking firms are as follows:

  1. Use automated software agents known as “bots” to scan popular P2P networks for potentially-infringing file trading of copyrighted material;
  2. Once a probable list of files is located, download a certain number for later manual verification by a human;
  3. The bot logs the user’s screen name, protocol bring used, network address and looks up the ISP contact information presumably through a “whois” search;
  4. Each file will have a checksum computed and compared to a database of Napster-traded music file hashes (dating back to May 2000) searching for a possible match;
  5. The RIAA then prepared a DMCA discovery subpoena for the Internet Service Provider (ISP) in preparation for future legal action against the P2P user. Due to bad publicity they also started sending out letters to each suspected infringer with a settlement offer in lieu of court action.

Recently, the RIAA suffered a setback in their subpoena campaign when a Federal district court overturned a lower court’s decision on the DMCA subpoena process, stating that the DMCA was passed by Congress before P2P technology existed thus that activity is exempted from the subpoena provision [32]. Now they have the added expense of filing an actual “John Doe” lawsuit against the suspected offender, which then legally allows them to subpoena the ISP for any requested information on that IP address. Putting a twist on the outcome, RIAA president Cary Sherman stated this was an unfortunate event, since it now prevents them from sending letters to the people prior to filing a lawsuit against them.

This automated method is in addition to the brute-force approach of simply logging on to the P2P network with a compatible file-sharing program and searching for potentially-infringing material. In a white paper dated September 11, 2000, titled To Catch a Cyber Thief Arlington, Virginia-based Cyveillance introduces a system of Intellectual Property Protection Solutions they call NetSapien™ Technology: the most powerful business search and analysis tool available” which spiders the billions of web pages on the Internet for relevant content and assesses the meaning of that information for marketing intelligence, customer and brand loyalty [11]. This technology makes searching for unauthorized copies of intellectual property much smarter than blindly doing a keyword lookup on a web search engine [ibid].

A similar approach is employed by Los Gatos, California-based BayTSP; however they go further by actually sending infringement notices to the user and their ISP as well as monitoring for compliance of takedown notices (international infringement notification complies with the Berne Convention.) [24] The automated system runs 24x7 and according to their website “monitors all major P2P networks … global surveillance of the Internet, including web sites, FTP sites, P2P networks, IRC sites, newsgroups, and auction/retail sites.” [25] “BayTSP has patented technology that utilizes the extracted DNA of a specific digital file - still image, video, audio, etc.- which its spiders track on the Internet, FTP sites, peer-to-peer networks, IRC, Usenet, and auction/retail sites.” [ibid]

MediaSentry, a New York-based corporation, also scans the Internet looking for pirated copies of music and videos:

Using a sophisticated network of Internet-based software and data mining techniques, MediaSentry patrols the Internet for possible copyright infringements. Full support is offered for peer-to-peer file trading communities, IRC networks, websites, FTP sites, and newsgroups. A continuously updated catalog of infringements is cross referenced against a database of client materials… The core MediaSentry engine uses advanced heuristics, self-adapting searches, neural search algorithms, and probability ranking formulas, permitting an unprecedented ability to accurately detect piracy and ensure compliance with copyright laws.” [26]

MediaSentry is one of the most hated anti-P2P companies because they actively inject spoofed decoy files on P2P nodes while simultaneously downloading every available infringing file to prevent their download by other file sharers.

In a 75-page, 2001 study titled “The Copyright Crusade” Viant Media and Entertainment CTO Frank Andrew explored the influence of P2P file sharing on the business models of copyright holders [27]. His findings suggested that piracy and copyright infringement via the Internet are runaway activities that must be curtailed soon by copyright holders, and he offers some rudimentary statistics on several methods of Internet file trading such as common P2P clients and the use of Internet Relay Chat (IRC) channels. He concludes that using IRC is not easy for the majority of Internet customers, yet 22% of daily pirated movies pass through IRC servers [ibid]. So far, IRC has remained under the radar of the RIAA, MPAA, and their partners but that is certainly going to change soon.

Enforcement

The Digital Theft Deterrence and Copyright Damages Improvement Act of 1999 amended §504(c) of the U.S. Copyright Act to allow for fines of $750 to $30,000 per infringing act and up to $150,000 per each willful infringement (up to $250,000 per work for repeat offenders) [13]. The DMCA contains a safe-harbor provision that protects ISP’s from legal action if they willingly and promptly comply with subpoena requests. This has led to the ISP capitulating rather than risking criminal penalties, with a resultant loss of privacy and anonymity for their customers. Verizon Internet Services recently attempted to quash an RIAA subpoena seeking the identity of a subscriber who allegedly downloaded over 600 copyrighted music files via the KaZaA P2P network [22]. Verizon cited privacy, First Amendment, and due process issues, as well as the fact that Congress never considered P2P technology when drafting the DMCA “because that technology did not exist in 1998” [14]. The motion to quash was denied by the district court, but on appeal, and after another DMCA subpoena was served upon Verizon, the appeals court overturned those decisions and found for Verizon, calling portions of the RIAA’s argument “silly”:

The issue is whether § 512(h) applies to an ISP acting only as a conduit for data transferred between two internet users, such as persons sending and receiving e-mail or, as in this case, sharing P2P files. Verizon contends § 512(h) does not authorize the issuance of a subpoena to an ISP that transmits infringing material but does not store any such material on its servers. The RIAA argues § 512(h) on its face authorizes the issuance of a subpoena to an “[internet] service provider” without regard to whether the ISP is acting as a conduit for user-directed communications. We conclude from both the terms of § 512(h) and the overall structure of § 512 that, as Verizon contends, a subpoena may be issued only to an ISP engaged in storing on its servers material that is infringing or the subject of infringing activity. [] Finally, the RIAA argues the definition of ‘[internet] service provider’ in § 512(k)(1)(B) makes § 512(h) applicable to an ISP regardless what function it performs with respect to infringing material – transmitting it per § 512(a), caching it per § 512(b), hosting it per § 512(c), or locating it per § 512(d). This argument borders upon the silly. [] In sum, we agree with Verizon that § 512(h) does not by its terms authorize the subpoenas issued here. A § 512(h) subpoena simply cannot meet the notice requirement of § 512(c)(3)(A)(iii). [] We are not unsympathetic either to the RIAA’s concern regarding the widespread infringement of its members’ copyrights, or to the need for legal tools to protect those rights. It is not the province of the courts, however, to rewrite the DMCA in order to make it fit a new and unforseen [sic] internet architecture, no matter how damaging that development has been to the music industry or threatens being to the motion picture and software industries.” [32] (emphasis mine)

Per the decision above it is no longer appropriate for the RIAA to send discovery subpoenas to ISP’s requesting file sharing customers’ contact information when the ISP’s are merely acting as a conduit for P2P network traffic [ibid]. This is perhaps unfortunate, since it implies that the DMCA will soon have a large sum of “special interest” money thrown at it in an effort by large corporations to have this particular shortcoming amended.

Several bills have been independently introduced by the House and Senate to further protect the interests of big business IP owners and copyright holders from piracy and infringing uses of their property:

  • H.R.2752: Author, Consumer and Computer Owner Protection and Security (ACCOPS) Act of 2003: “To encourage the development and distribution of creative works by enhancing domestic and international enforcement of the copyright laws, and for other purposes.” [33] This bill, introduced in the House by John Conyers (D-MI) and Howard Berman (D-CA), makes a federal offense out of providing false information when registering a domain name, and in an attempt to prevent consumers’ computers from being searched without their knowledge it requires that file-sharing sites get consent before storing files on a computer or searching for content. It proposes penalties of up to five years in prison and a $250,000 fine for uploading a copyrighted file to a P2P network and also bans videotaping a movie in a theater. Pop singer Michael Jackson, among others, disagrees with this, stating “I am speechless about the idea of putting music fans in jail for downloading music. It is wrong to illegally download, but the answer cannot be jail...It is the fans that drive the success of the music business; I wish this would not be forgotten.” [34]

  • H.R.2517: Piracy Deterrence and Education Act of 2003: “To enhance criminal enforcement of the copyright laws, educate the public about the application of copyright law to the Internet, and clarify the authority to seize unauthorized copyrighted works.” [36] This Act purports to create an educational program to inform citizens of the benefits of the copyright system in America, as well as inform educational institutions and corporations of copyright law compliance. The FBI would be required to develop a program to deter citizens from copyright infringement. The Department of Justice would be required to hire and train at least one agent specializing in intellectual property crime investigation. Finally, the Bureau of Customs and Border Protection would be authorized to seize all infringing works regardless of whether they have been registered with the Copyright Office. The problem with these requirements is one of training and interpretation of the law. None of these programs has a clause requiring knowledge of the difference between legal and illegal uses of copyrighted works, the so called “fair use” clause of the Copyright Act. If this is not attended to, there will be more harm caused by the improper seizure of works than good.

  • H.R.2885 Protecting Children from Peer-to-Peer Pornography Act of 2003: “To prohibit the distribution of peer-to-peer file trading software in interstate commerce.” [40] The supporters of this bill believe that since P2P software is so popular, and since there is so much pornography being traded, then children need to be protected from inadvertently downloading it because the “production of pornography is intrinsically related to child abuse.” [ibid] Also, supporters believe that P2P software gives free and open access to users’ hard drives and most users do not realize this. Aside from the obvious flaws in this logic, there are more problematical issues at stake. The Act contains a requirement that all P2P software installation programs must look for and comply with a parental “do-not-install” flag on the computer, if it exists. This may not be feasible to implement, and most certainly would be easy to circumvent by most teenagers. There is also a requirement that the P2P software alert the user to any action that might breach their privacy or allow others to view files on their computer. Such activities include: bypassing personal firewall software, becoming a high-speed file sharing supernode on a P2P network, or even searching for available files to download. All of these mandated alerts would prove to be extremely burdensome to the average software user. The final requirement would be that non-U.S. residents that distribute P2P software must have a U.S. agent designated for process service. Since every popular P2P program has been written by either an individual or a non-commercial group, and most are off-shore, this would be a financial burden.

  • H.R.5211 To amend title 17, United States Code, to limit the liability of copyright owners for protecting their works on peer-to-peer networks: “Amends Federal copyright law to protect a copyright owner from liability in any criminal or civil action for impairing, with appropriate technology, the unauthorized distribution, display, performance, or reproduction of his or her copyrighted work on a publicly accessible peer-to-peer file trading network, if such impairment does not, without authorization, alter, delete, or otherwise impair the integrity of any computer file or data residing on the computer of a file trader.” [41] This resolution attempts to make it legal for anyone to launch a Denial of Service (DoS) attack against a P2P network without repercussion if they believe that their copyrighted material is being traded over that network. Proponents state this is akin to making every copyright holder a judge, jury, and executioner without proper judicial oversight. Again, there is no way for the copyright holder to know for what purpose their works are being downloaded, since fair-use is permitted within certain guidelines.

Anti-P2P Actions and Detection

The RIAA and its hired tracking firms have several options at their disposal if they wish to lessen or prevent copyrighted content from being traded over P2P networks. It is known that some of the following techniques are currently being used or might be used soon, and at least one is being prepared for use:

  • Offering monetary rewards for “information leading to the identification of...”
  • Denial of Service attacks against P2P networks in an attempt to make them unusable
  • Flooding the P2P networks with fake music files containing white noise or anti-piracy messages
  • Using “original” Napster file hashes for comparison of traded music files with known pirated copies
  • Using software written to sabotage P2P networks and the computers downloading copyrighted music [15]
  • Embracing the technology and building a viable business model around it instead of alienating customers

If the RIAA or its agents access a P2P network with the intent to either flood the network with fake multimedia files or otherwise perform a denial of service action, they could be liable to a civil lawsuit under the “trespass to chattels” common law. This intentional tort (a wrongful act…that injures another and for which the law imposes civil liability) [18] is defined as: “…an intentional interference with a plaintiff's right of possession to personal property. This may occur if a defendant damages the property or deprives the plaintiff of possession of the property.” [19]

The use of software [15] written specifically to disrupt network communications or personal computers engaged in same may also fall under the trespass to chattels tort. This angle has yet to be explored in court.

Constitutional issues might also arise. The Fifth Amendment to the Constitution of the United States of America contains the following text:

No person shallbe deprived of life, liberty, or property, without due process of law; [The Fifth Amendment] can be asserted in any proceeding, civil or criminal, administrative or judicial, investigatory or adjudicatory; and it protects against any disclosures which the witness reasonably believes could be used in a criminal prosecution or could lead to other evidence that might be so used.” [20]

The “Due Process” clause affords many rights to the individual, yet the subpoena provision of the DMCA does not take those rights into account.

The methods employed by the RIAA for detecting materials being downloaded by web and P2P users, in conjunction with the associated presumption of guilt, intrude upon the privacy expectations of Internet patrons with the loss of online privacy and anonymity as a result. Some of these methods have been mentioned previously.

The issuance of subpoenas to a P2P-user’s ISP for possibly-infringing file trading activities, in the absence of solid evidence, could be construed as a privacy invasion. If it is later determined that no laws were in fact broken, the loss of anonymity, public integrity, and time spent dealing with the actions of the RIAA can not be regained. There is also no guarantee that the ISP will be able to identify the actual person who is performing the action. All they can potentially do is confirm that the logged-in account’s computer was connected at the time specified in the subpoena.

The subpoena process specified in the DMCA runs contrary to the accepted procedure known in legal circles as “Rule 45” (of the Federal Rules of Civil Procedure) which states: “If separate from a subpoena commanding the attendance of a person, a subpoena for production or inspection shall issue from the court for the district in which the production or inspection is to be made.” [16] (emphasis mine) This is how both Massachusetts Institute of Technology and Boston College successfully quashed the subpoenas from the RIAA attempting to obtain the identities of several students alleged to be conducting illegal file sharing [17]. In response, the RIAA simply filed the subpoenas again in the state of Massachusetts. Now that the DMCA subpoena process has become unenforceable for P2P network traffic, the media companies are going to have to find a new method for detecting the owners of any IP addresses suspected of trading copyrighted materials across P2P networks.

Legislation

Congress has recognized the problem of maintaining citizens’ online anonymity and privacy, and has been proposing legislation that appears to begin the process of balancing property holders’ and users’ rights. The most vocal proponent is Senator Norm Coleman (R-MN) who recently sent a letter to the RIAA [42] asking for the specific methods they use to identify illegal file sharing and what safeguards are in place to protect P2P users’ privacy. The RIAA responded to the request quickly [43]. This action was initiated due to the voluminous number of subpoenas the RIAA has filed in Washington D.C., currently holding at 382, which required extra court clerks to process the enormous tide of paperwork [42]. Each piece of proposed legislation has pros and cons, but all are designed to more equitably balance copyright law and empower the consumer with knowledge and rights. Senator Coleman is also holding congressional hearings in an effort to lessen the bludgeoning of citizens by the RIAA.

The House of Representatives has the following items on the table:

  • H.R.107 Digital Media Consumers' Rights Act (DMCRA) of 2003: “To amend the Federal Trade Commission Act to provide that the advertising or sale of a mislabeled copy-protected music disc is an unfair method of competition and an unfair and deceptive act or practice, and for other purposes.” [44] This bill attempts to correct two things: 1. it directs the FTC to ensure the proper labeling of copy-protected music CD’s to help avoid consumer confusion and disappointment prior to purchase; 2. it restores balance in U.S. Copyright Law. It reaffirms fair-use under the DMCA by allowing the circumvention of a protection mechanism as long as no copyright infringement is taking place. The BetaMax standard (Sony v. Universal) would be reaffirmed by enabling the use, manufacture, and distribution of software and hardware that bypasses protection mechanisms as long as it is capable of significant non-infringing uses. Finally, scientific research into methods of bypassing protection mechanisms other than encryption would be protected, as well as the creation of tools to facilitate such research.

  • H.R.69 Online Privacy Protection Act of 2003: “To require the Federal Trade Commission to prescribe regulations to protect the privacy of personal information collected from and about individuals who are not covered by the Children's Online Privacy Protection Act of 1998 on the Internet, to provide greater individual control over the collection and use of that information, and for other purposes.” [45] All online service and web site operators will be held accountable for any privacy leaks which occur as well as having to release a list, upon demand, of all persons and companies to whom they have released any personally identifiable information on a customer. A violation will be treated under the Federal Trade Commission Act as “a violation of a rule defining an unfair or deceptive act or practice” [ibid].

  • H.R.1066 BALANCE Act of 2003 (Benefit Authors without Limiting Advancement or Net Consumer Expectations) (formerly H.R.5522 Digital Choice and Freedom Act of 2002): “To amend title 17, United States Code, to safeguard the rights and expectations of consumers who lawfully obtain digital entertainment.” [46] This bill amends the Copyright Law in several areas:

(1) include analog or digital transmissions of a copyrighted work within fair use protections; (2) provide that it is not a copyright infringement for a person who lawfully obtains or receives a transmission of a digital work to reproduce, store, adapt, or access it for archival purposes or to transfer it to a preferred digital media device in order to effect a non-public performance or display; (3) allow the owner of a particular copy of a digital work to sell or otherwise dispose of the work by means of a transmission to a single recipient, provided the owner does not retain his or her copy in a retrievable form and the work is sold or otherwise disposed of in its original format; and (4) permit circumvention of copyright encryption technology if it is necessary to enable a non-infringing use and the copyright owner fails to make publicly available the necessary means for circumvention without additional cost or burden to a person who has lawfully obtained a copy or phonorecord [sic] of a work, or lawfully received a transmission of it.” [47]

  • H.R.48 Global Internet Freedom Act: “To develop and deploy technologies to defeat Internet jamming and censorship.” [48] This Bill:

Establishes in the International Broadcasting Bureau the Office of Global Internet Freedom to develop and implement a comprehensive global strategy to combat state-sponsored and state-directed Internet jamming and persecution of those who use the Internet. Requires an annual report from the Office to Congress on the status of state interference with Internet use and of U.S. efforts to counter such interference. Expresses the sense of Congress that the United States should: (1) denounce governments that restrict, censor, ban, and block access to information on the Internet; (2) direct the U.S. Representative to the United Nations to submit a resolution condemning such actions; and (3) deploy technologies aimed at defeating state-directed Internet censorship and the persecution of those who use the Internet.” [49]

  • H.R.3159 Government Network Security Act of 2003: “To require Federal agencies to develop and implement plans to protect the security and privacy of government computer systems from the risks posed by peer-to-peer file sharing. Requires the Comptroller General to review and report to specified congressional committees on the adequacy of such agency plans.” [50]

The Senate has not been sitting idle either; they have introduced these relevant bills:

  • S.563 Computer Owners’ Bill of Rights: “To protect owners of computers, and for other purposes.” [51]

Requires the Federal Trade Commission (FTC) to: (1) establish standards for the provision of technical support for computers and computer-related products by computer hardware and software manufacturers, as well as consultants and resellers that provide technical support (entities); (2) issue guidelines to encourage each such entity to collect and submit to the FTC information on the nature and quality of such technical support; and (3) establish a public registry in which any person or entity that does not seek to receive unsolicited marketing e-mail to a computer may register the e-mail address(es) of such computer for that purpose. Prohibits unsolicited marketing e-mail to registered computers.” [52]

  • S.692 Digital Consumer Right to Know Act of 2003: “To require the Federal Trade Commission to issue rules regarding the disclosure of technological measures that restrict consumer flexibility to use and manipulate digital information and entertainment content.” [53] This bill:

Directs the Federal Trade Commission (FTC) to issue rules to implement requirements that a producer or distributor of copyrighted digital content disclose the nature of restrictions that limit the practical ability of the content purchaser to play, copy, transmit, or transfer such content on, to, or between devices commonly used with respect to that type of content. Requires such disclosure in the case of limitations on: (1) the recording for later viewing or listening of certain audio or video programming; (2) the reasonable and noncommercial use of legally acquired audio or video content; (3) making backup copies of legally acquired content subject to accidental damage, erasure, or destruction; (4) using limited excerpts of legally acquired content; and (5) engaging in the secondhand transfer or sale of legally acquired content. Provides disclosure exceptions. Requires the FTC to annually review the effectiveness of such rules. Expresses the sense of Congress that: (1) competition among distribution outlets and methods generally benefits consumers; and (2) copyright holders selling digital content in electronic form for distribution over the Internet should offer to license such content to multiple unaffiliated distributors.” [54]

Many of these bills are currently wending their way through the House and Senate, and hopefully most will be ratified. This would be a boon for American consumers and go a long way toward bringing balance back to the application of Copyright Law.

Preventing the Loss of Privacy and Anonymity

Several methods exist to reduce the privacy loss facilitated by automated methods of search and discovery. Each of the following techniques exhibits both strengths and weaknesses against certain types of surveillance and monitoring techniques:

1. Conversion of text file lists into graphic images to bypass automated filename detection: The automated scanning of P2P networks can be reduced or even eliminated by conversion of available file lists into graphic images instead of plain text. This simple action would greatly increase the amount of human interaction required to visually confirm downloads. This might mean that existing P2P software or even the underlying network protocols will need to have major reworking in order to maintain ease of use for customers. Instead of connecting to a potential download client and receiving a plain text list of files in their shared folders, the P2P software will need to display a graphic image of the user’s available files. Compiler libraries exist to facilitate the creation of .GIF images in real time (that image format is now royalty free since June 20, 2003 [28]). This will prevent bots from scanning for potentially-infringing multimedia files on P2P networks, forcing humans to perform the search instead. This technique will not stop unwanted file list perusal or P2P network privacy incursions but it will certainly slow them down.

2. P2P file lists employing anti-bot images requiring manual user interaction to download: This technique is already in use today by web-based email providers like Hotmail and Yahoo! mail, which require a person to type in the value displayed by a random graphic image. This prevents any automated method of bulk account creation, which was frequently used by spammers. This would be a relatively easy function to implement in P2P client software, perhaps even being a server-side only component.

3. Randomize file and subdirectory names via script: For files sitting on a web or FTP server, web spiders for any search engine may access directories and their contents, adding them to a central database for public use. By randomizing the directory names as well as individual file names this risk is lessened but not entirely prevented. A simple Perl script can not only rename files and directories, but can also simultaneously update the web page or FTP links pointing to the files. If a search engine manages to spider one set of links, they will only remain valid until the next cycle of renaming occurs. Scheduling this renaming procedure at a high granularity will mitigate discovery.

4. Tarpits for bots: This technique is easily used against web-based bots and to a certain extent FTP-based bots. It could also be used against P2P-based bots on any of the current P2P networks, however this particular case would require some custom programming to implement (this case is covered later.) The basic idea behind a tarpit is to create a bunch of seemingly-real file links, either on a web page or in an FTP directory. When the bot follows this link, it merely leads to another web page or directory with another set of seemingly-real links. Each link can easily be randomly created by using a small database of common file names. This process continues ad nauseum. Intelligent bots would perform a breadth-first search, limiting their search depth to a small value such as five in order to prevent being "trapped" by this technique. However, this idea would still be valid; the file sharer would simply place the "real" files on the server at a level just below this artificial search limit, ensuring that the HTTP_REFERER environment variable points to the final fake directory that was generated in the current session. For a P2P network honeypot, the search results returned by the P2P client software would need to be modified to point to a fake set of filenames which in turn point to another set of fake filenames, etc. By forcing the P2P client user to enter a one-time password embedded in a graphic image at program startup, the network could determine if this was an automated bot or a real human and thus control the link types presented to the client. It is important to note that this honeypot technique is only valid against automated methods of file scanning, however there are so many file sharing locations on the Internet that everyone becomes anonymous simply by sheer numbers.

5. Use of Wi-Fi hotspots for anonymous connections: By using free wireless network connections for P2P file sharing the user is completely anonymous and thus immune to potential liability for alleged illegal activities. Such so-called "hotspots" are located all over: Manhattan's Union Square Park [29] in New York is a prime example of such a location. Funded by several large public and non-profit organizations, this location allows anyone to simply connect with a wireless-enabled laptop or PDA (802.11b) and use the Internet by entering the network ESSID and using DHCP for receiving an IP Address. These areas do not use WEP or any other form of encrypted communications because that reduces the usefulness of free and open connectivity for the public. Many fast-food chains like Taco Time and Arby’s as well as coffee houses such as StarBuck’s also offer free wireless connectivity to the Internet. While a wireless Internet connection somewhat reduces the usefulness of large file uploading activities due to the limited bandwidth available, generally about four or five Mbps, the user can certainly download as much as they want in a single sitting with no fear of being tracked.

6. P2P file sharing software using encrypted communication protocols: Two different directions can be taken with this technique: using existing protocols, or rolling your own. The benefit of using your own protocol is having complete control over every aspect of the data packets. This generally results in a much faster and secure transfer capability over existing protocols, yet requires extensive knowledge of low-level protocol programming. The benefit of using existing protocols such as SSL over HTTPS and SFTP is that these protocols usually bypass ISP and corporate firewalls. Palestine-based EarthStationV is one P2P program that uses existing secure protocols to not only connect to their secure P2P network anonymously, but also allow you to run a secure web server and private network from your own computer [30].

7. P2P2P proxies: This is similar in concept to anonymous email “remailer chaining” where all identifying header information is stripped from the message and forwarded to another remailer, until eventually being delivered to the recipient. In this case, the data stream for a downloaded file is split and sent to a random P2P client that forwards this portion of the download to another random P2P client, until eventually every packet reaches its destination. Each P2P client will not be downloading a complete file but only parts of it, and no one knows which client is requesting the file. This might affect certain legalities of copyright infringement because no single person ever downloads a complete file. AT&T built a free anonymous web browsing proxy in 1997 called “Crowds” based on this idea (now defunct), and the U.S. Navy built an anonymizing network service called “The Onion Routing Project” [31] also based on this principle. It ran for many years before finally being shut down on January 28, 2000 at the end of its proof-of-concept phase:

The Onion Routing [OR] research project is building an Internet-based system that strongly resists traffic analysis, eavesdropping, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routers themselves). It prevents the transport medium from knowing who is communicating with whom -- the network knows only that communication is taking place. In addition, the content of the communication is hidden from eavesdroppers up to the point where the traffic leaves the OR network. [] Onion routing accomplishes this goal by separating identification from routing. Connections are always anonymous, although communication need not be. Communication may be made anonymous by removing identifying information from the data stream. Onion routing can be used by a variety of unmodified Internet applications by means of proxies (non-invasive procedure) or by modifying the network protocol stack on a machine to be connected to the network (moderate or highly-invasive procedure).” [ibid]

8. Changing MD5 hashes or CRC32 checksums of multimedia files: A person only known by the pseudonym nycfashiongirl who decided to challenge her subpoena in a recent RIAA case prompted an interesting discovery: the RIAA has been maintaining a large database of MP3 file hashes dating back to the days of the original Napster file sharing program. These file checksums are compared against the hashes of recently-downloaded music files to see if they are identical or not. If the checksums match, then this file is indistinguishable from one traded on the original Napster network. An obvious solution to defeating this type of “fingerprinting” is to simply change the file in a method that impacts the checksum but doesn’t affect the quality of the sound. The first thing to be done is either eliminate or rewrite the IDv2 or IDv3 info tag in the music file header, located in a fixed position in the MP3 file. There are mathematical methods to change certain bits throughout the MP3 file that affect the file hash yet have no audible affect during playback. A drawback to this solution is that some P2P networks may use the file checksum to identify a valid MP3 music file, instead of just by title. By changing this checksum these P2P networks will need to find another method for identifying known good files so users don’t waste their time downloading fake or corrupted files.

9. Using darknets: Creating and joining a hidden or “unplugged” network of P2P clients is probably the most private method of performing file sharing. Waste [63], MUTE [64], and FreeNet [65] are some proposed methods for performing this activity. These disconnected networks of peers are not open to the general Internet, and clients cannot connect without knowledge of a secret key or password. Thus these “darknets” are highly resistant to privacy incursions by the RIAA or similar agents. MUTE is one of the newer file sharing clients to appear, and seems to be highly-resistant to traffic tracing and logging. Each MUTE client generates a unique “virtual address” upon startup, and only that random ID is returned per client for all successful search requests. All MUTE traffic is also encrypted, thus rendering moot any packet sniffing attempts. And since each request packet (for searches) is routed through a network of peers only the next neighbor’s IP address could be discovered, which doesn’t matter because all file transfers are performed directly between peers.

Conclusions

The issues surrounding P2P file sharing freedoms and DRM are too complicated to offer a quick and simple solution. As technology becomes more complex and pervasive, it is obvious that copyright and intellectual property protection laws will always play catch-up. While copyright infringement runs rampant over the Internet, there exists a need for a secure DRM technique that also protects an individual’s privacy and allows for unfettered fair use of protected material. It is perhaps more important that a user’s fair-use rights be protected than that of a copyright holder’s control over their material. In this vein, the assumption of guilt for downloading copyrighted material must be changed to a presumption of innocence by the copyright holders such as the RIAA, MPAA, and their ilk. Until existing laws are amended to provide this much needed privacy protection, Internet users will need to protect themselves.

This protection would best be implemented as a series of concentric rings or levels around the user. Moving the privacy protection model from one that is network-based to one client-based might be a step in the right direction. IP-blocking tools like Peer Guardian and properly-tuned personal firewall software can prevent unwanted connections from any block of IP addresses desired. As new addresses to block are discovered they can easily be added to the blocking rules. Moving a level outward, the actual network traffic needs to be encrypted and proxies need to be employed so as to prevent sniffing tactics and name servers from returning useful trace data. Finally, by simply removing themselves directly off the Internet via the use of darknets, P2P users can ensure that the weakest link in their file trading hierarchy is themselves. By allowing only trusted partners into the darknet, they effectively prevent any outside privacy breaches from occurring. With a combination of new technology and new protective laws being ratified, the future of P2P file-sharing remains hopeful.

References

1. Supreme Court Decision: McIntyre v. Ohio Elections Commission (93-986), 514 U.S. 334 (1995).

Available from HTTP://supct.law.cornell.edu/supct/html/93-986.ZO.html (accessed Sept., 2003)

2. Supreme Court Decision: Reno v. ACLU (96-511), 521 U.S. 844 (1997).

Available from HTTP://laws.findlaw.com/us/000/96-511.html (accessed Sept, 2003)

3. 9th U.S. Circuit Court of Appeals Decision: Batzel v. Cremers (01-56380), CV-00-09590-SVW (2003). Available from HTTP://www.ca9.uscourts.gov/ca9/newopinions.nsf/AE0A858C82A2EA8F88256D4E007A736C/$file/0156380.pdf (accessed Sept, 2003)

4. U.S. Copyright Act, Title 17, Chapter 1, Section 107.

Available from HTTP://www4.law.cornell.edu/uscode/17/107.html (accessed Sept, 2003)

5. Leyden, John. “Marker pens, sticky tape crack music CD protection”. The Register, May 14, 2002.

Available from HTTP://www.theregister.co.uk/content/54/25274.html (accessed Sept., 2003)

6. Marcus, Sandra. “Napster and Peer-to-Peer Music Exchange”. December 6, 2001.

Available from HTTP:://web.utk.edu/~smarcus/History.html (accessed Sept., 2003)

7. Harbert, Eric F. “Signed, Sealed, Delivered: You're Mine”. UCLA Journal of Law & Technology Notes 12 (2003).

Available from HTTP://www.lawtechjournal.com/notes/2003/12_030730_Harbert.php (accessed Sept., 2003)

8. Unknown. PDF document: “Adobe and eBooks: Turning a new page in publishing”. September 1999.

Available from HTTP://www.adobe.com/products/acrobat/webbuy/pdfs/eBookWP12.pdf (accessed Sept., 2003)

9. Anonymous. “PDF 1.3 Encryption Explained”.

Available from HTTP://www-2.cs.cmu.edu/~dst/Adobe/Gallery/anon21jul01-pdf-encryption.txt (accessed Sept., 2003). See also Dave Touretzky’s webpage at HTTP://www-2.cs.cmu.edu/~dst/Adobe/Gallery/

10. Public Law 107-204. “Corporate and Criminal Fraud Accountability Act of 2002”. July 30, 2002.

Available from HTTP://thomas.loc.gov/cgi-bin/bdquery/z?d107:HR03763:|TOM:/bss/d107query.html (accessed Oct., 2003)

11. Grand, Rick. PDF document: “To Catch a Cyber Thief”. September 11, 2000.

Available from HTTP://www.cyveillance.com/web/downloads/To%20Catch%20a%20Thief.pdf (accessed Sept., 2003)

12. Beder, Sharon. “SLAPPs--Strategic Lawsuits Against Public Participation: Coming to a Controversy Near You”. Current Affairs Bulletin, vol.72, no. 3, Oct/Nov 1995, pp.22-29.

Available from HTTP://www.uow.edu.au/arts/sts/sbeder/SLAPPS.html (accessed Oct., 2003)

13. “Digital Theft Deterrence and Copyright Damages Improvement Act of 1999”. 106th Congress. June 22, 1999.

Available from HTTP://www.techlawjournal.com/cong106/copyright/s1257is.htm (accessed Oct., 2003)

14. Reply brief of Verizon, “Oral Argument Scheduled for Sept. 16, 2003”, No’s 03-7015, 03-7053 (consolidated appeals).

Available from HTTP://www.eff.org/Cases/RIAA_v_Verizon/20030717_verizon_reply_brief.pdf (accessed Oct., 2003)

15. Zolli, Andrew. “Monsters of Rock”. Wired, issue 11.09. Sept. 2003.

Available from HTTP://www.wired.com/wired/archive/11.09/start.html?pg=12 (accessed Oct., 2003)

16. Cornell University. “Federal Rules of Civil Procedure”.

Available from HTTP://www.law.cornell.edu/rules/frcp/Rule45.htm (accessed Oct., 2003)

17. Federal order granting MIT motion to quash subpoena. August 7, 2003.

Available from HTTP http://merlin.raisethefist.com/riaa/order-080703.pdf (accessed Oct., 2003)

18. FindLaw Legal Dictionary. Search for definition of “tort”.

Available from HTTP://dictionary.lp.findlaw.com/scripts/

results.pl?co=lawcrawler.findlaw.com&topic=71/71cf401e8052ec0c1c26e498c20fb9c3 (accessed Oct., 2003)

19. FindLaw for Business. Search for “trespass to chattels”.

Available from HTTP://sv.biz.findlaw.com/legal/tort3.html (accessed Oct., 2003)

20. Fifth Amendment to the Constitution of the United States of America. The 'Lectric Law Library's Legal Lexicon.

Available from HTTP://www.lectlaw.com/def/f083.htm (accessed Oct., 2003)

21. Katalov, Vladimir. ” Press-release: Advanced Acrobat eBooks are NOT Really Secure”. June 22, 2001.

Available from HTTP://www.planetpdf.com/mainpage.asp?webpageid=2393 (accessed Oct., 2003)

22. RIAA v. Verizon Case Archive.

Available from HTTP://www.eff.org/Cases/RIAA_v_Verizon (accessed Oct., 2003)

23. Associated Press. “RIAA Reveals Method to Madness”. August 28, 2003.

Available from HTTP://www.wired.com/news/digiwood/0,1412,60222,00.html (accessed Oct., 2003)

24. Cornell University. “Berne Convention for the Protection of Literary and Artistic Works (Paris Text 1971)”.

Available from HTTP://www.law.cornell.edu/treaties/berne/overview.html (accessed Nov., 2003)

25. BayTSP (Tracking-Security-Protection).

Available from HTTP://www.baytsp.com/solutions_copyright.html (accessed Nov., 2003)

26. MediaSentry.

Available from HTTP://www.mediasentry.com/about/technology.asp (accessed Nov., 2003)

27. Andrew, Beutler, Markham, et al. “The Copyright Crusade”. Winter/spring 2001.

Available from HTTP://www.ebcenter.org/download/Inf_Viant_CopyrightCrusade_feb02.pdf (accessed Nov., 2003)

28. Sperry Corporation Patent. “LZW Compression and GIF”.

Available from HTTP://www-cse.stanford.edu/classes/cs201/projects-99-00/software-patents/lzw.html (accessed Nov., 2003)

29. Union Square Wireless Map via www.nycwireless.net

Available from HTTP://www.nodedb.com/unitedstates/ny/newyork/view.php?nodeid=805 (accessed Dec., 2003)

30. Earth Station V P2P software.

Available from HTTP://www.earthstation5.com/benefits.html (accessed Dec., 2003)

31. The Onion Router Project web site, Department of Defense, U.S. Navy.

Available HTTP://www.onion-router.net/ (accessed Dec., 2003)

32. PDF document: “U.S. Court of Appeals decision reverses district court decision against Verizon, Dec. 19, 2003

Available from HTTP://pacer.cadc.uscourts.gov/docs/common/opinions/200312/03-7015a.pdf (accessed Dec., 2003)

33. “Author, Consumer, and Computer Owner Protection and Security Act of 2003”. 108th Congress. July 16, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c108:H.R.2752: (accessed Jan., 2004)

34. Naraine, Ryan. “Michael Jackson Slams ACCOPS Act”. July 21, 2003.

Available from HTTP://www.atnewyork.com/news/print.php/2238141 (accessed Jan., 2004)

35. “Consumer Broadband and Digital Television Promotion Act”. 107th Congress. March 21, 2002.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c107:S.2048: (accessed Jan., 2004)

36. “Piracy Deterrence and Education Act of 2003”. 108th Congress. June 19, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c108:H.R.2517: (accessed Jan., 2004)

37. PDF document: “Order Granting Defendants Grokster and StreamCast Networks Motions for Summary Judgement”. MGM Studios v. Grokster. Case numbers CV 01-08541-SVW & CV 01-09923-SVW.

Available from HTTP://www.eff.org/IP/P2P/MGM_v_Grokster/030425_order_on_motions.pdf (accessed Jan., 2004)

38. PDF document: “Defendant Grokster’s Memorandum in Support of Motion for Summary Judgement.” MGM Studios v. Grokster. Case number CV 01-08541 SVW. December, 2, 2002.

Available from HTTP://www.eff.org/IP/P2P/MGM_v_Grokster/GROKSTER_MEMORANDUM.pdf (accessed Jan., 2004)

39. PDF document: “Appellee StreamCast Networks, Inc.’s Opening Brief”. Ninth Circuit Court of Appeals. Case numbers CV-01-08541-SVW & CV-01-09923-SVW. September 17, 2003.

Available from HTTP://www.eff.org/IP/P2P/MGM_v_Grokster/20030917_morpheus_appeal_brief.pdf (accessed Jan., 2004)

40. “Protecting Children from Peer-to-Peer Pornography Act of 2003”. 108th Congress. July 24, 2003.

Available from HTTP://www.theorator.com/bills108/hr2885.html (accessed Jan., 2004)

41. “To amend title 17, United States Code, to limit the liability of copyright owners for protecting their works on peer-to-peer networks”. 107th Congress. July 25, 2002.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c107:H.R.5211: (accessed Jan., 2004)

42. PDF document: “Coleman to RIAA Letter”. July 31, 2003.

Available from http://www.senate.gov/~govt-aff/_files/ColemanRIAALetter.pdf (accessed Jan., 2004)

43. PDF document: “RIAA to Coleman Response Letter”. August 14, 2003.

Available from HTTP:://www.senate.gov/~govt-aff/_files/ACF5E9.pdf (accessed Jan., 2004)

44. “Digital Media Consumers' Rights Act of 2003”. 108th Congress. January 7, 2003.

Available from HTTP://www.theorator.com/bills108/hr107.html (accessed Jan., 2004)

45. “Online Privacy Protection Act of 2003”. 108th Congress. January 7, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c108:H.R.69: (accessed Jan., 2004)

46. “Benefit Authors without Limiting Advancement or Net Consumer Expectations (BALANCE) Act of 2003”. 108th Congress. March 4, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c108:H.R.1066: (accessed Jan., 2004)

47. Summary of the BALANCE Act of 2003. March 4, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/bdquery/z?d108:HR01066:@@@L&summ2=m& (accessed Jan., 2004)

48. “Global Internet Freedom Act”. 108th Congress. January 7, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c108:H.R.48: (accessed Jan., 2004)

49. Summary of the Global Internet Freedom Act. January 7, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/bdquery/z?d108:HR00048:@@@D&summ2=m& (accessed Jan., 2004)

50. “Government Network Security Act of 2003”. 108th Congress. September 24, 2003.

Available from HTTPhttp://thomas.loc.gov/cgi-bin/query/z?c108:H.R.3159: (accessed Jan., 2004)

51. “Computer Owners' Bill of Rights”. 108th Congress. March 6, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c108:S.563: (accessed Jan., 2004)

52. Summary of the Computer Owners’ Bill of Rights. March 6, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/bdquery/z?d108:SN00563:@@@D&summ2=m& (accessed Jan., 2004)

53. “Digital Consumer Right to Know Act of 2003”. 108th Congress. March 24, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/query/z?c108:S.692: (accessed Jan., 2004)

54. Summary of the Digital Consumer Right to Know Act of 2003. March 24, 2003.

Available from HTTP://thomas.loc.gov/cgi-bin/bdquery/z?d108:SN00692:@@@D&summ2=m& (accessed Jan., 2004)

55. Dennis. “Kazaa changes its End User License Agreement to block RIAA”. October 16, 2003.

Available from HTTP://www.cdfreaks.com/news2.php?ID=8221 (accessed Feb., 2004)

56. raoulduke1. “Kazaa Owner Cleared to Sue Record Labels”. January 23, 2004.

Available from HTTP://www.boycott-riaa.com/article/10031 (accessed Feb., 2004)

63. Software. Waste”.

HTTP://sourceforge.net/projects/waste (accessed Feb., 2004)

64. Software. “MUTE”.

HTTP://mute-net.sourceforge.net/ (accessed Feb., 2004)

65. Software. FreeNet”.

HTTP://freenet.sourceforge.net/index.php (accessed Feb., 2004)

Appendix

List (as of August 2003) of companies providing P2P identification services to the RIAA/MPAA:

  • AntipiratbyrĂ„n
  • AOL/Warner Music Group
  • APG AntiPiratGruppen
  • Audible Magic
  • BayTSP
  • BigChampagne LLC
  • BREIN
  • BSA- Business Software Alliance
  • C&D Cop
  • CRIA- The Canadian Recording Industry Association
  • Cyveillance
  • DoD Network Information Center
  • DoubleClick
  • ESA- Entertainment Software Ass. (formerly IDSA-Interactive Digital Software Ass.)
  • FBI
  • FACT- Federation Against Corporate Theft
  • GAIN / GAIN CME
  • Grayzone
  • IIPA - the International Intellectual Property Alliance
  • International Federation of the Phonographic Industry
  • IO Group dba Titan Media Inc (porn company going after file sharers)
  • IRMA - the International Recording Media Association
  • Landwell (legal arm of pricewaterhousecoopers)
  • Mark Monitor, EMark Monitor
  • Media Defender Inc (disrupts illegal music downloads)
  • Media Force
  • Media Sentry
  • Media Signature
  • MPAA - Motion Picture Association of America
  • Name Protect
  • NetPD
  • New York Software Industry Association
  • Nuke Pirates
  • OverPeer
  • Ranger Online Inc
  • Retspan
  • RIAA - Recording Industry Ass. of America
  • SPA
  • SIIA - Software Information Industry Association
  • Vidius
  • Web Sheriff
  • WIPO - World Intellectual Property Association
  • Xupiter.com