Filesharers petition Downing Street on 'three strikes'

Here's a more entertaining take: abusing the system

Not only are the fundamentals used to "convict" you very easy to avoid for the technically competent, I would go further and say that it's thus easy to see that it's also easy to entrap someone who is wholly innocent.

If this idiocy becomes law I predict that plenty of hackers will create victims at a rate of knots, and it only takes one person to be declared innocent and pursue damages for this whole daft idea to collapse around their ears.

There is a reason there are courts and police - it's to enforce due legal process (OK, don't get me started about the quality of judges but let's stay with the theory). I can't see how turning ISPOs et al into juge & jury is going to improve matters, especially for such nebulous purposes.

I'm almost hoping

It's hard to tell how this will play out but the article brings up a good point. I'm almost hoping that we will see some stupid senseless law which will expose the RIAA and others to ridicule. It might set an example to avoid elsewhere.

I know the constitutionality of cutting someone off has been questioned but one serious problem just occured to me. How can you cut off someone's internet access if that is their only phone connection? I'm not sure about Britain, but here in Canada where this sort of thing is also under discussion, there are many people without a land line, and in the US they have been taking out the copper in some places so a person could be left without the ability to get a phone. Not a safe situation for some people. Just another possible law suit which I'm sure the ISPs want to avoid.

<no title>

Not necessarily. I have signed petitions where I have no personal gain, but just think the issue was a good one to support. I tend not to bother now as all one gets in return is an excuse as to why the government isn't going to comply with the request.

Be fair Chris

"Since the plans made a splash in the mainstream two weeks ago, the public debate has been awash with technological tosh. Tinfoil hat fantasies about ISPs being forced to inspect every packet have been bounced around with little regard for the truth."

This is bending the truth a bit, what most people have been suggesting is that to implement the system fairly they'd have to inspect every packet although only that is semi true admittedly. Currently just by connecting to a swarm and not downloading anything you could possibly get kicked off the net under these rules, this is clearly unfair, but is the sort of game that's worth playing so that you can have the opportunity to to sue your ISP or the BPI and make a quick buck - setup a video camera, get people round as witnesses, use a customized bittorrent client that connects but doesn't download, compile it altogether and go to court to prove you've not actually done anything wrong whatsoever and sue the living daylights out of ISPs/BPI - this is what ISPs are afraid of hence the current discussion.

As there is such discussion however and as ISPs wont accept the current proposals because of this very problem it may be the case that the BPI realises it is a problem when they realise they're going to be the target of a lot of lawsuits. This leaves them with a few options:

1) Scrap the whole idea, stop lobbying the goverment (unlikely)

2) Accept it and figure not many people will sue

3) Push for packet inspection, or setup honeypot torrents

Now, the 3rd is probably the most likely unless the BPI really are as stupid as they sometimes seem in which case they'll take option 2. If the 3rd option is taken we open up a whole new hornets nest of problems:

- Is it illegal to download a block of a few mb of encrypted material from a swarm when this material encrypted and potentially even if decrypted in no way whatsoever resembles original copyrighted content, the only link between a DivX and a DVD is that when it's put through a player the video on screen looks very similar, when you don't have enough to play the movie and when you then encrypt that data it's more like a random block of data.

- If the BPI are the ones uploading the data to you as a kind of honeypot are they not then by their own definitions giving you permission to download the content off their system anyway? Would this fall under entrapment laws otherwise?

- What if I join a swarm, with a modified bittorrent client, the BPI catcher system requests data from me and I send different data - my own content that falls under my copyright, if the above two points going in the BPIs favour I have now used them to cause the BPI to be guilty of copyright infringement under their own sets of premises. If the data doesn't match what was requested their system will delete it but could I not similarly claim my system deleted their content as soon as it received it and "it wasn't what I wanted"?

The only workable solution is as has been used in the US, where uploaders are targetted and to have a legitimate suit the BPI has to download a full copy of the content off a specific client to prove that they are unquestionably guilty. But even then how do you prove you downloaded a full copy off of a specific system in a swarm and not just partial chunks which are akin to random data when encrypted?

The easier the BPI try and make it for themselves, the more they're opening themselves up as targets. The biggest concern here of course is that the goverment wont play fair and will side with large industry as always such that if I do something wrong it's a major crime, but if a large business commits the same crime it's okay.

Just hit back with...

A DPA request for all your information used to ID you from the BPI/RIAA/IFPI/etc and your ISP. Then maybe an FOIA request too, if appropriate?

They have to comply under law so if every time they issue a strike based on some screenshot some guy sent them and the BPI gets one then it'll cost them too much to maintain the system.

Like a screen shot is documentable evidence anyway. Photoshop, anyone? You could walk into court with screenshots of .gov IP's accessing anything you like that you faked and ask them to prove that their screenshot isn't fake. What's the chances they made some kind of evidentially acceptable screenshot audit system to prove validity?

Joe Bloggs

doesn't know what an anonymous proxy is. I doubt he ever will, it will just be built into clients and you'll never need to know about it. (EarthStation5 anyone?) Probably wouldn't be too difficult to code in a WEP/WPA cracker either.

This will certainly bring 'securing your wireless router' to the forefront, after the first few people fall victim to anonymous users downloading via their connection and having their connection cut off!

There are enough legal loopholes and technological ways around this. It will be interesting to see how they get everyone to thoroughly protect their IP address from any form of abuse. As you pointed out about Joe Bloggs and his ignorance of anonymous proxies, perhaps it should be pointed out that Joe Bloggs also is usually ignorant of securing wifi routers, removing and preventing malware, preventing his kids from installing Limewire etc, etc.

Rather than forcing ISPs to police the networks, they are delegating that to customers, who by and large don't have the requisite knowledge to secure their private networks.

Childish as it may be to mention again that this is an arms race, that doesn't detract from the fact that this IS an arms race and therefore a waste of all these well-paid peoples time and our money, due to the fact that, this time the big army is composed of 'bad guys'.

I'm not taking sides here, other than to point out that this is not really the solution, because as soon as it has mass effect, it will be circumvented, either through law or through technology.

In the mean time, lots of innocent people will be affected and made victims of others 'crimes' as so often seems to be the case with monolithic companies trying to protect their (artists) Intellectual Property.

DRM didn't last either, because it inconvenienced customers who played ball, whilst having zero effect on those who didn't!

Just the BPI?

Something that hasn't been made clear to date is if this new strikes system will apply only to the music and film industry. Will this system be open to all rights holders? if so it could quickly degenerate into some IP based DMCA type takedown process without any legal requirements.

It is difficult to see how this protection should only apply to the music biz and exclude all the other "content producers" who have their work shared all the time.

@ Paul M

"If you don't download music from P2P or BitTorrent, then you've got nothing to worry about."

So will I expect you back hear saying the same thing when your internet gets cut off because someone hijacked your wireless to download MP3s and you can't submit your tax return which must be submitted online only soon? Or when your immobile Grandmas wifi gets hijacked and she gets banned so she can't order her shopping online which she has to do since the goverment/councils removed funding for personal shopper schemes? How about when your kids drop grades at school because their friend came over and downloaded an MP3 and as such they can't compete with the other kids by using the internet for research at home?

If you think it's going to be just file sharers that suffer you don't understand the problem and should hence just keep your mouth shut. As always, the "If you've done nothing wrong you have nothing to worry about" argument falls flat on it's face here as it does everywhere.

@ What's the New Business Model?

If I remember my economics correctly, the 'old' business model works like this:

Price is determined by intersection of demand and supply

Demand is driven up by promos

Supply is then provided by the labels, via mastering, cd stamping/vinyl pressing/etc., boxing, delivery, and all of the other dull stuff that needed to be done.

The label's business, and function, is to provide the service to the customer for doing that dull stuff - this is, in effect, what they take their 'cut' for, together with pushing up artists' sales.

Problem is, that's not actually needed any more. In a free market, there should be no barriers to entry, and so far there haven't been. The filesharing systems provide an alternate delivery method, which the labels/producers were too slow to pick up on.

Doubly bad for the producers is that now delivery is much easier and less costly there is much greater supply, tending to infinity causing the price _of recordings_ to tend to nothing _over time_. Note my emphasis - it is not impossible to make money in this way, in fact a couple of young bands that I've worked with are doing just this, falling back on the even older model of setting their primary target to be live performance and having a dedicated fanbase.

A 'new' business model must take this into account - remember that people _will_ pay money for stuff that they percieve to be worthwhile. OK, not everyone, and not in the kind of scales that the labels are used to making. But then has anybody stopped to think, what are the labels actually doing to _earn_ those kind of profits?

There will always be a demand for music and entertainment, whether or not the 'industry' exists in its current form or not. In a truly free market then there will be ways to satisfy this demand.

As I recall the record labels have only been around for the last hundred years or so but music has been around a lot longer. Also I've seen plenty of articles about the musicians unions opposing any recording for exactly the same reasons.

Again if I remember my economics correctly this is termed 'structural change' - external factors fundamentally disrupting the market. Exactly what happened to the coal miners, English textile industries, etc. And just like then the government comes down on the side of the big businesses.

Btw, I work producing different forms of content for 'content providers' whether of a musical, online, broadcast or filmic nature.

in whose interest?

Oh, btw, I've never seen how it would be in the ISP's interests to enforce this, other than currying favour, because the only way they can increase their revenues is by selling fatter pipes. Why would you need more than 512k for basic email/web browsing? No, we buy 24meg pipes to download large amounts of content. They'd much rather filter and degrade the pipes to try to stop their profits leaking away.

@ Paul M

"No, it doesn't.

I don't leech music, so I don't see why I should subsidize people who do. Your Freetard "right" to leech music is costing the rest of us real money.

Got it, yet?"

Your comment doesn't make any sense unless you're blindingly choosing to ignore the point in which case that simply shows how utterly ignorant you are to the situation. The issue is that via wifi hijacking, trojans, other family members you could be punished. In other words, to put it clearly in a way you will hopefully be able to understand this time - innocent people will get caught up in this and suffer as a result. You could be one of them. You may be a security guru, you may not have wifi and kids and so may not fit this scenario perfectly but there are literally hundreds of thousands that do and if that's you're viewpoint you're basically telling us you just want the whole internet to yourself and don't care about other internet users even if they're legit users all the way through.

On another note, I'm not sure how you can suggest it's costing other people real money for others to leech when most people are signing up to "unlimited" packages - if people using their internet connections in the way the package they signed up for says they can then I think it's the ISPs you need to be complaining to. I sincerely hope you've never needed to go to hospital, or the doctors or seek unemployment benefits or in fact make use of any state facility or funding because I'd hate to think someone was subsidising anything you do.

@ AC,

You answered your own point - all major forms of Wifi security can be broken, using WEP, WPA or even Mac filtering is as worthwhile as having no security at all from a practical point of view. This still doesn't avoid the problem of someone installing a trojan on your PC or simply your kids having a friend round and causing the problem also. It doesn't matter how many warnings you get, anyone who has worked in IT will know that there is a hell of a lot of average joe users out there who week on week will get infected multiple times.

Essentially by saying "insecure wifi isn't an excuse" you're effectively saying you're not allowed to use wifi because wifi just isn't secure full stop. It doesn't matter how many times you setup and resetup up WPA, WEP and so forth, it can still be broken in an extremely small amount of time.

It's a whole lot of turmoil just because the BPI doesn't want people downloading MP3s. Is the BPI going to be the one to train every single person in this country about running a secure system?

The car analogy is quite fitting here for once, if you park your car (wifi) in the street but lock it (WPA) and someone breaks in and steals it, are you responsible for manslaughter if someone is run over with your car, even if it happens 3 times? Arguably with the car analogy it's easier to protect against and catch the culprit but to use that excuse here essentially says "Yeah, we have no actual solution because it's technologically unenforceable for the most part but if innocents get caught up in it's tough because the BPI doesn't want kids downloading MP3s and that's more important than having a proper legal system for dealing with illegal acts".

Still, if it does go ahead I'd imagine it wont be long before Hacktivists hijack MPs and BPI employees wifi and show them first hand the perils of the legislation they're threatening.

WTF??

Hang on. If the ISP don't want to supply you with a service, they don't have to. You might as well say that your local gunsmiths are infringing your rights by refusing to sell you a gun - when you don't have a gun licence!

That said. I think the ISP ought to have a pretty high proof standard - not just a few screenshots and a fullsome "trust us". I also think the RI ought to have to post a bond of say £80k for each disconnection they ask for. If it is challenged and they are unable to conclusively prove the sharing to a magistrate, then they loose the bond. IE, they'll have to think carefully before acting.

My belief is that this is all just posturing intended to scare people. I don't think they'll actually do it because of the huge practical and legal problems involved.

re @ What's the New Business Model?

I agree that there's a big change coming, but that change could be the end of recorded entertainment.

Your comments about the labels being the delivery mechanism for music is totally valid (they've only been around as long as the recording technology); now that there's a "better and cheaper" delivery mechanism they could be doomed. They have tried to evolve from being delivery mechanisms to owners of IP; but if the law doesn't protect IP then they have nothing.

I also agree that one future-model for the music industry is to use low-quality recordings to promote live music.

But what about film? How can I sell DVDs (or downloads or whatever) if someone can just copy and "share" it? Film making already has a pretty poor ROI, anything that reduces this will kill it; entertainment is a business not a charity.

(Feel free to comment on how valid Hollywood's contribution to culture is, but I'm guessing the majority of "sharers" aren't downloading art-house cinema)

The sharers may "win", but that could mean that in the future there won't be much to "share".

"They will not analyse traffic"

So, Chris, how do they know illegal filesharing is going on? There's plenty of legal filesharing.

Ouji board?

Magic 8 Ball?

@Paul M

I think you may have missed the point.

You don't leech music and, quite rightly, don't want to subsidise people who do.

However, although you have done nothing wrong, you may in theory have something to worry about from someone using your internet connection without your knowledge or consent to download copyright material. Elsewhere, it might have been a fine, in the future it may be a disconnect.

Got it, yet? ;)

On a side note, here's a quote that I can't remember seeing on The Reg:

"Earlier this year it was reported that the government was considering a "three strikes" approach to tackling persistent offenders in the report.

But Mr Burnham denied this was the case and told the FT that the strategy had "never been in the [creative industries strategy] paper"."

http://news.bbc.co.uk/1/hi/technology/7258437.stm

It might be the rarest of events: a disingenuous politician, or it might be that we aren't actually moving towards a three-strike system with the rumbling inevitability that one might think.

@ AC

"However, the civil law on this is less of a problem to ISPs and rights-holders; if they cut off your internet access it will be, at worst, breach of contract by them. The most they will have to do is refund your contract. Home use broadband doesn't carry any guarantees for consequential losses (loss of business, enjoyment of internet porn etc.) so the punter isn't likely to get much in the way of damages, even if he can prove to a civil court that the ISP is in breach of contract when cutting him off."

Well I'd disagree with that. If your ISP cuts you off after you have told them that you are in compliance with their T&Cs (ie you dispute the BPI/whoever version of 'evidence') then they open themselves up to all sorts of problems. Yes, they can cut you off with no comeback if you breach their T&Cs, but if you aren't then they open themselves up to any costs or losses incurred by you as a consequence - even if their contract specifies that they are NOT liable.

You see, a valid argument would be along the lines of : they disconnected your account, in breach of their contract, with the sole purpose of causing you losses. Unless they have proper evidence then they would lose in court - their threatening letters would be proof of their intention to disconnect you.

So simple tactic no 1 : if you get one of these letters simply respond stating quite clearly that a) you are not engaged in illegal or unlicenced activities, b) you will hold them liable for all losses and costs incurred as a result of their proposed actions, and c) their continued actions as threatens will be taken as acceptance of said terms.

Remember that you can take your claim for losses through the small claims court as long as it's under (IIRC) £5,000 - and in the small claims court things are very much easier for you, and a LOT harder for the ISP. They are NOT allowed to use expensive legal councel, and even if they do, then you will probably not have to pay their legal bills if you lose. And, all you need to show (and it's a 'balance of probabilities' thing, not 'beyond reasonable doubt') is that they caused you harm, they reasonably knew that they were going to cause you harm, and that you've done everything reasonable to minimise the harm caused.

Sharing, Revenues and Business models

>>Making "sharing" legal will open the floodgates and kill off the revenues for music and film; why buy if you can "share"?<<

Not really. How about earning some money by actually performing your music? Is it reasonable to record some music and expect that you will be getting money for that one-off work for the next century? Get on a stage, fill in halls and stadiums, play your music and earn all the money you like.

There is also money from radio licensing (the home user could have music for free because he plays the song for his own enjoyment whereas the radio will attach an ad next to it and earn money).

If you are a good musician and grow a big fan base then you can have big income from alternate sources as well (advertising contracts, promo appearances etc.). Trust me, no worthy musicians will starve.

Regarding films; cinema will always be a good income source (TVs are getting bigger and cheaper all the time, but I doubt architects will start building living rooms big as theatres anytime soon). TV broadcasting rights provide revenue as well. Successful films can make enough money out of these sources to cover production costs and make profit. Then why wouldn’t those films be on public domain? Yes, some actors/producers would lose a digit from the >7-digit income figures. Tough isn’t it.

The digital age overturned the established status quo. It put a question mark next to the necessity of having a recording/movie industry (as currently structured). And their greedy pricing policies are anything but helpful. Freeloaders will always exist; it’s human nature. But there is a substantial number of people that would be happy to pay if they didn’t felt ripped-off and knew money would find its way to the people that deserve it. When I found a 14 DVD box-set of Hitchcock films at £22 I bought it and gladly. At the original price of £90 I wouldn’t have touched it. And I don’t think that the movie studio and DVD store thought “Let’s lose some money today” and applied the discount. They simply didn’t make unreasonable profit out of that sale.

You want the Parliament to review it indeed

Which, as for anti-terrorist fuss, will end up being the BPI suspicion taken as proof, only you'll be facing heavy financial penalty and/or prison instead of just being disconnected with still the possibility to attack the disconnection decision if it wasn't justified.

So let's make a law, right. This way we're sure it'll end up with random (probably innocent) people being totally stuffed with no recourse possible. Having to pay a few hundred thousand pounds when you're on minimal hourly wage is totally not going to destroy Joe Bloggs life, is it (not to mention prison)? And the only thing you would need for that to happen to you is to own a Windows machine or a not-too-safe WiFi.

Because, let's face it: a law on this matter is bound to be a pile of crap tailored by clueless morons to suit the rightholders dirtier wishes.

@Mark -- read the article...

"So, Chris, how do they know illegal filesharing is going on? There's plenty of legal filesharing."

Reading comprehension for the win. The intellectual property holder (or whoever their designated rep is) connects to a tracker for a torrent that is passing out their intellectual property. The IP holder gets a list of the IP addresses in the torrent and then contacts the ISPs of those users.

How is this hard to understand? There is no packet inspection necessary. All they have to do is go to a popular torrent search engine and start looking.

Of course they need to make sure that the content being passed around is actually their protected content.