Entertainment industry accuses campus laser-printers of downloading Indiana Jones

Discuss

33 Responses to “Entertainment industry accuses campus laser-printers of downloading Indiana Jones”

  1. Uncle_Max says:

    I’d watch an IronMan flipbook.

  2. Halloween Jack says:

    You know what would really be cool? If you could spoof those red-light cameras so that they sent the traffic tickets to a fire hydrant.

  3. Kyle Armbruster says:

    s sl, Cry hs tkn smthng t f cntxt nd sd t t crt msldng ttl fr n rtcl bt P (s n “ntllctl prprty”).

    As Knodi pointed out above, yes, the fact that these IPs (as in Internet Protocol) belonged to laser printers is wholly irrelevant, because the researchers deliberately spoofed those IPs and joined Iron Man and Indiana Jones swarms. All they were trying to show is that IP addresses are not a very good way of tracking infringements, and the subsequent takedown notices are proof of that argument.

    The headline should, therefore, read:

    “Entertainment industry tricked into accusing campus laser-printers of downloading Indiana Jones”

    –Bt why bthr bng clr nd hnst? t’s nt lk cnstntly fbbng nd xggrtng wll ndrmn th rghts crsd fr P lw rfrm… Rght?

    Whn y hv spprtrs lk Cry Dctrw, wh nds dtrctrs?

  4. Teresa Nielsen Hayden / Moderator says:

    Bit over the top, Kyle.

    What they were demonstrating was that the enforcers knew considerably less about the BitTorrent users than they’ve claimed, and are using far sloppier procedures than they should. Look at this again:

    The researchers introduced software agents into these networks to monitor their traffic.

    Being present on those networks is not illegal. Neither is it evidence that anything you’re doing is illegal. Legitimate content runs through BitTorrent too. If the method you’re using just looks to see what IP addresses are present, and doesn’t check to see what they’re doing, then you don’t have enough evidence to accuse anyone of wrongdoing.

    Even though those software agents did not download any files, the researchers say they received over 400 take-down requests accusing them of participating in the downloads.

    Takedown notices are overprivileged and overpowered. They’re not supposed to be sent out indiscriminately.

    The researchers concluded that enforcement agencies are looking only at I.P. addresses of participants on these peer-to-peer networks, and not what files are actually downloaded or uploaded—a more resource-intensive process that would nevertheless yield more conclusive information.

    If the UWash uses a system that dynamically reassigns IP addresses, and if the **AAs aren’t tracking actual uploads and downloads and the time at which they happen, they don’t know jack — and legally, you’re supposed to know a lot more than jack before you can send out a DMCA takedown.

    Even if the UWash computer system uses fixed IP addresses, an investigative process that doesn’t track what’s uploaded, what’s downloaded, and the times at which they happen, isn’t careful or accurate enough to be the sole grounds on which they’re accusing students of theft.

    Also, check out Anonymous @25′s story, and this more recent story from Wired. They have a history of sending out masses of indiscriminate DMCA takedowns. That’s not what that law had in mind.

    In their report, the researchers also demonstrate a way to manipulate I.P. addresses so that another user appears responsible for the file-sharing.

    If you were going to demonstrate that point, whose account and whose address would you use? No human who testifies that they didn’t do any illegal downloading, and that they got sent takedown notices anyway, could be as convincing as the non-testimony of an accused downloader that turns out to be a laser printer.

    An inanimate object could also get the blame. The researchers rigged the software agents to implicate three laserjet printers, which were then accused in takedown letters by the M.P.A.A. of downloading copies of “Iron Man” and the latest Indiana Jones film.

    The point is not that the **AAs were tricked. Here’s the point: if (1.) that’s all it took to hoodwink them; and (2.) with that little certainty or proof on their side, they were nevertheless prepared to formally accuse three “students” of stealing movies (potentially exposing said “students” to serious disciplinary action), then it’s fair to say that their procedures are legally irresponsible and technically inadequate.

  5. OsoMan says:

    You really should have used the picture from Office Space for this one….

    http://www.goodcleantech.com/images/OfficeSpace.JPG

  6. aseriesoftubes says:

    Shit, I have a laser printer! Could it torrent movies without my knowledge if I left it on standby overnight?

  7. Teresa Nielsen Hayden / Moderator says:

    BitWiseShiftLeft:

    The researchers found that copyright bots are scanning BitTorrent swarms of infringing torrents.

    I object to the word “infringing.” If you aren’t keeping track of uploads and downloads, you don’t know whether their activities infringe copyrights.

    Because participating in such a swarm generally
    - is unauthorized

    Participation in such a swarm doesn’t need authorization.

    - makes copies [of] the entire work,

    Again: if you’re not keeping track of uploads and downloads, you don’t know that.

    - decreases the work’s market value,

    I deny that this is known. I believe it’s not true. It has never been demonstrated (to any respectable degree of certainty) that BitTorrent downloads decrease a work’s market value. The hard evidence I’ve seen suggests that the effect is neutral or positive. People who download books and find they like them have a strong tendency to buy a printed copy of that title. If they don’t read it, or try to read it and don’t like it, no sale has been lost. Meanwhile, the ones who liked it are now far more likely to buy other books by that same author.

    In music, people who listen to a lot of new music buy more new music than people who don’t. People who like one recording by a musician or group are much likelier to buy other recordings by the same act.

    Every instance I’ve ever seen of the recording or movie industry estimating their losses to illegal downloads have been such overinflated monuments to wishful thinking that I have to doubt they’ve ever done a sober study of what actually happens.

    there is probably no fair-use exception of any kind for anyone actively participating in the swarm.

    Once again: you don’t know that.

    As such, if the swarm is advertised accurately, the participants are probably all infringing.

    Amateur site advertising is not a sufficient basis for wholesale legal prosecutions.

    Now, the tracker is giving out a list of IPs which purports to be a list of everyone actively participating in the swarm. Of course, it contains some errors, between research bots, MediaSentry noisebots, the copyright bots themselves, dynamic IP addresses, and framed laser printers. But after removing known copyright bots, the rate of these errors is probably be very low, less than 1% (I sucked that out of my thumb, but I’d be shocked if it was more than a couple percent).

    It’s a blue-sky estimate, which you just happen to set at 1%? You might be right — but then again, it might be wishful thinking.

    Am I sounding too severe? If so, I’m sorry.

    I don’t think the **AAs are acting in good faith. I think they’ve been careful to act in such a way that it can’t be proved that they aren’t acting in good faith. This article is about a couple of guys demonstrating that the **AAs have inadvertently gone over that line.

  8. semiotix says:

    They’re fools to be suing laser printers. If they caught my inkjet downloading movies, they could get its ink in the lawsuit, which is where the big bucks are.

  9. hillbilly1980 says:

    Someone geeker then i probably knows this better. But didn’t we just hear this spring about xerox copiers and other multi functional printer type devices being susceptible to hacking. Now that we’re in the age of copiers / laser printers having hundreds of gigs of drive space, powerful cpus running management consoles on linux operating systems with apaches web servers it’s possible to overtake a “laser printer” and use it for whatever purpose you like.

    Perhaps before we dismiss this out of hand it would be interesting to know if these lasers are the type of machine that could have been breached.

    Keith

  10. Baldhead says:

    What it shows is that and IP address can very easily be faked, putting another block in the way of actually convicting anyone accused of copyright infringement. It makes it harder to stand in criminal court.

    Too bad they seem to just sue people, eh?

  11. KeithIrwin says:

    You can say that they were tricked if you want, but what it really comes down to is that their investigatory methods are insufficient. They have claimed in court before that there was no possible way that they could be wrong about who was doing what file sharing when, but this paper clearly demonstrates at least two situations in which they could have the wrong IP address, one of which doesn’t even involve trickery.

    As they point out, at many universities student’s laptops are given dynamic IP addresses through a DHCP system when they bring them on campus. If one student was downloading a movie at 1pm and then put his computer to sleep or left campus, another student could be given his IP address soon afterwards, say 1:10. Because the copyright investigators are only checking with the trackers, if the first student’s BitTorrent client didn’t close out the connection cleanly (as it wouldn’t if you just put it to sleep), that IP address will stay registered with that tracker for some time. So if at 1:15 the investigators query the tracker to see who is a part of the swarm, they will find that IP address. When they send a DMCA complaint to the campus, the campus will check to see who had that IP address at that time, and they’ll report that it was the second student, not the first.

    This is a very realistic scenario, and I would be very surprised if it hasn’t happened already. They could prevent both the trickery and the mistakes by taking steps to verify that the identified IP addresses are at least running a BitTorrent client by attempting to connect to it on the given port.

    The evidence in the paper also points to an obvious strategy which illicit trackers could employ to undermine the evidence quite a bit further. All they would have to do would be to intentionally serve random IP addresses along with legitimate ones. If a client receives several IP addresses which are not actually running BitTorrent clients it will incur only a small amount of overhead sending out connection requests to those IP addresses. If a tracker generated and stored 1 or even as many as 3 random IP addresses for each legitimate one and sent those out as well, it would have only a small impact on the overall throughput of the download (might slow starting just a little as it churns through the fake peers), but it would completely undercut any claims against the clients using that method of detection since the best that they could claim would be “There is a 1 in 2 (or 1 in 4) chance that this person was sharing this file.” That’s not the sort of claim which would ever get a subpoena.

  12. bjacques says:

    These takedown notices are disturbingly like NAL (Notice of Apparent Liability) letters the FCC slaps pirate broadcasters with. Essentially they’re notices of fines levied for violation of regulations, not violation of laws, because the FCC are executive branch. So you can’t fight them in court; you can only appeal to the body that sent the NAL, and the appeal is usually turned down.

    Certainly the RIAA would like you to think of their takedown/dunning notices in the same way.

    Sadly, for most recipients of such letters, the bigger threat comes from secondary consequences, such as eviction from public housing, firing from one’s job or expulsion from college, none of which require finding of guilt in a court of law.

  13. Fnarf says:

    Sethum @11: sue where? That’s right, in a COURT OF LAW. Run by the GOVERNMENT. You don’t get to set up your own kangaroo court and decide cases and mete out punishment all by your lonesome. You have to get the executive authority of the state involved.

    Part of the reason why that’s true is to ensure due process. There’s no due process in this RIAA/MPAA crap; you’re guilty if they say you’re guilty. And there’s no recourse if you’re not.

    We’ve ceded one of the fundamental functions of government to private companies, and let them run wild with no oversight, no control, and no recourse. In a very real sense the RIAA and MPAA OWN US now, and the actual government thinks this is hunky-dory, and is busy trying to spread this virus to other areas of life.

  14. Anonymous says:

    Guys, I used to run the network for a large university (early half of the decade). I can tell you that the **AA folks went through a period of time when they sent many copyright complaints which were completely baseless.

    We would look up who was using the IP addresses at the time of the complaint and forward the messages along. Fine. But then we started seeing more and more addresses in the complaints we couldn’t trace back to owners (the university had many, many IP addresses under its control).

    So I was quite concerned, and spent quite a bit of time trying to figure out what was wrong. The clincher were a series of complaints we received for addresses which were not routed on our network at all. Meaning the addresses in the complaints were completely bogus.

    How much time did we waste tracking down addresses which were never really used by anyone? How many students did we harass (I’ve got to think getting one of those nasty-grams was quite unpleasant)?

    Sure, some folks were willful, serial violators. And eventually the **AA folks subcontracted out their dirty work to folks who knew what they were doing a bit better. But they never published a “we’re sorry” or responded to any of our complaints about the inaccurate reporting.

  15. spokehedz says:

    Well, that solves those lawsuits! Thank god we run by science and documentation, and not just whatever people are told by a lawyer.

    Wait, what? We aren’t? Bugger.

  16. jdw242b says:

    ugh…

    Will those stupid old men ever learn?
    They will not win this battle.
    Technology like this is too complicated for their aged brains…

  17. knodi says:

    This is silly. Okay, they only looked at the IP addresses of people who were participating in the “Iron Man – DVD Screener” torrent, and blindly assumed that they were all sharing files. That’s a pretty reasonable assumption if you ask me.

    Don’t get me wrong, I’m a copyright abuser just like the people that are being prosecuted (persecuted?). I download TONS of tv shows (but only a couple of movies a year). But I’m siding with the MPAA on this one- of COURSE it looks like these people were guilty.

    And as to the address spoofing- who cares if the address they spoofed was currently assigned to a Laser Printer? It’s not like the MPAA said “Oh, a laser printer is pirating movies? Derrrr, let’s sue it.”

    I hate the MPAA as much as the next guy, but it’s important to hate them for what they ARE, not for the straw-man caricatures that we wish they were. They sue their customers, assume every download equates to a lost sale, and sometimes resort to illegal means to try to prevent sharing. But accusing someone of copyright infringment because their IP address participated in a torrent is a pretty safe assumption. As to the framing argument, well, you can frame people for lots of things, if you put some effort into it.

  18. angusm says:

    I look forward to seeing someone use “the laserprinter defense”:

    “It wasn’t me that downloaded all that music, it was my LaserJet CM1312 … and you can’t prove that it wasn’t!”

    More seriously, there’s a civil disobedience opportunity right there: fire up a P2P agent, point it at a file-sharing network, and let it sit there doing nothing. Then laugh scornfully when they send you takedown messages.

    Get enough people doing it, and you can make a nonsense of the whole process, or at least force the industry associations to monitor what’s really being uploaded and downloaded, rather than cutting corners.

  19. NotThisGod says:

    It really just shows how the entertainment industry has dealt with changing media instead of adapting. They are so far behind, and they think that they can somehow stop this new “internet” thing. They spent their time taking down Napster instead of creating a internet music service, and by then it was too late.

  20. Wareq says:

    Imma chargin’ tha lazer

  21. scottfree says:

    But it sort of testifies to how modern universities are run as much like prisons as possible that those are the among the few places downloading music or films is taken seriously. A negligible proportion of those who download off the internet are prosecuted while, if rumours are to be believed, universities are only too happy to expel or otherwise discipline students, with no apparent incentive to do so. Weird, that.

  22. Comedian says:

    Begin the asset forfeiture proceedings immediately!

  23. Takuan says:

    notthisgod, twig or get sanctioned

  24. bitwiseshiftleft says:

    @ #30:

    While I despise the entertainment industry’s copyright tactics, I think that you’re being a little too hard on them here, and that an unbiased view would probably be somewhere between yours and Kyle’s.

    The researchers found that copyright bots are scanning BitTorrent swarms of infringing torrents. Because participating in such a swarm generally
    - is unauthorized
    - makes copies the entire work, and
    - decreases the work’s market value,
    there is probably no fair-use exception of any kind for anyone actively participating in the swarm. As such, if the swarm is advertised accurately, the participants are probably all infringing.

    Now, the tracker is giving out a list of IPs which purports to be a list of everyone actively participating in the swarm. Of course, it contains some errors, between research bots, MediaSentry noisebots, the copyright bots themselves, dynamic IP addresses, and framed laser printers. But after removing known copyright bots, the rate of these errors is probably be very low, less than 1% (I sucked that out of my thumb, but I’d be shocked if it was more than a couple percent).

    If I’m right about the accuracy here, MPAA indeed has a good-faith belief (what is required to file a DMCA notice) that the IPs in the swarm are infringing, at least if they have verified that the swarm is distributing what it claims.

    That said, universities and other providers should be aware that DMCA notices only convey good-faith belief, and shouldn’t discipline their students on the basis of DMCA notices alone. Furthermore, perhaps Big Entertainment should be required to have something stronger than a good-faith belief that some work is infringing before taking it down.

  25. Fnarf says:

    Is anybody but me upset more at the notion that PRIVATE COMPANIES are “enforcement agencies” now, and investigate crimes, or “crimes”, and mete out punishment without any, you know, police or anything involved?

  26. Anonymous says:

    So the really important question is: who’s going to make the “Arrest my laser printer” t-shirts?

  27. Anonymous says:

    Isn’t this kind of like pretending the rob a store and someone watching through a window outside calling the cops? You know you weren’t actually committing a crime, but to an outside observer it appeared as such? The metaphor may be flawed, but basically they setup software processes that were simulating someone downloading content and they received takedown notices for such. What did they expect?

  28. takeshi says:

    @ knodi:

    I disagree. Yes, it’s true that the MPAA didn’t intentionally target a laser printer, but that’s hardly the point.

    What you are saying (“of COURSE it looks like these people are guilty”) is indicative of a tendency to accept these tactics as business as usual. They may appear guilty, but does that presumption give the MPAA the right to threaten students’ academic careers?

    Does it give them the right to bully you or anyone else into paying them money, when none is owed? I would think that if the charge was murder, you’d be singing a different tune. “Sure, I look guilty, with all of this blood everywhere.” Thank God for forensic analysis, or you’d never be able to prove your innocence. A presumption of innocence should exist, but we are badgered into compliance, and to many of us a presumption of guilt is just easier. Fear is a powerful tool.

    Case in point… I have been stealing the Internet from a local school for nearly two years. Now, given the fact that their connection is left open (and incredibly fast, I might add) I’m not sure that it’s altogether illegal for me to jump on and do what I do on a daily basis. If I steal movies, TV shows, video games, software, or music, it’s still a crime, no? And yet, the MPAA would have a hard time tracking me down were I to download a pirated movie such as the abysmal Indiana Jones. Without a subpoena, they’d have an easier time bringing charges against my router.

    What you are suggesting is dangerous. Never mind the fact that you might have been away from your computer while the alleged theft was going on. Indeed, forget about the fact that your computer wasn’t even used. You have the same last name (or IP address) as someone else, so you must be guilty of whatever we say you are. Because you live on the same block, you are hereby condemned to a life sentence for the murder of a person you’ve never met. Sound fair to you? Your suggestion is much the same.

    Anyone with a working knowledge of the Internets and access to the Google can spoof your IP from across the world, instantaneously and without your knowledge. You think framing someone for murder would be easier? Seriously, side with the MPAA all you want. Until you find yourself at the receiving end of a nastygram intended for someone else, I doubt you’ll understand why this informal study was important.

    The MPAA shouldn’t be coddled by Universities or anyone else. This is their war to lose, and by the looks of things they’re doing a pretty good job of it on their own.

  29. Sethum says:

    fnarf, large swaths of IP have always been depended upon owner enforcement. You have to protect your own IP rights just like you have to sue if you want to collect compensation for personal injury. Of course, the MPAA use it as a weapon rather than a shield.

  30. macisaguy says:

    the machines have become aware…and have already been suckered in by summer movie advertising just like the rest of us…

  31. Taniwha says:

    I think they’re really printing out IronMan flibbooks – have you checked your toner budget recently?

  32. Anonymous says:

    It would be interesting to see the result if somebody start using fake IPs of the White House or Pentagon for bitTorrent. Come to think about it, somebody should start using IP of MPAA for bitTorrent.

  33. scottfree says:

    I, for one, welcome our new legally responsible laser printing overlords.

    Does that work in this context?

Leave a Reply