Q: How difficult would it be for the copyright holder of a film to get the IP addresses of people sharing that film over bittorrent?

A: Easy as pie. Here’s a portion of a screen capture from my bittorrent client, ktorrent, showing the ip addresses of people sharing a popular file on my computer right now.

I’ve blurred the ip addresses in the image in order to protect the innocent until proven guilty.

The relationship between the IP address on your computer and packets of information sent on the internet is similar to the address of your residence and letters sent by post — both letters and packets must know where they’re going if they’re ever to get there. If you want to access or share data on the internet, you can’t be without one, which is why it is difficult to be absolutely anonymous. Really, the best you can do is use someone else’s IP address — either by connecting through a proxy which, while it sees your IP address, displays its own to everyone else, or by connecting via someone else’s IP address, such as that of the wireless service provided by a local cafe or neighbour who has left their wireless unprotected by a password.

So why then haven’t studios gone after people using bittorrent? Surely the Motion Picture Association of America (MPAA), which represents the big studios, would have an interest. Perhaps they don’t want the negative image that the RIAA and its member labels (Sony, Universal, EMI, Warner, etc.) have acquired by going after the people who are often their own customers. Or perhaps, since they’re experiencing record profits, they don’t really feel a need.

But a smaller studio, Voltage, has filed a copyright complaint against the currently unknown holders of 5,000 IP addresses who used bittorrent to snag a copy of their movie The Hurt Locker. Lawsuits for 10 other small films have been filed by a company called the U.S. Copyright Group.

The message they want to send is probably that you shouldn’t take free copies of movies via bittorrent. But in practical terms the message may be more specific, namely avoid the movies of litigious studios like Voltage and those represented by the US Copyright Group, including Cinepro Pictures International (The Steam Experiment), Far Cry Productions (Far Cry), G2 Productions (Uncross the Stars), Animationwerks (Gray Man) and Braeburn Entertainment (Call of the Wild in 3D). It shouldn’t be too hard, since none of these movies is exactly rated highly.

I just hope this doesn’t represent a new business model — create a crappy movie, then recoup your losses by suing file sharers en masse. It will be interesting to see how this plays out. Will ISP’s cooperate in associating names with IP addresses? Will those targetted simply settle, rather than go to court? If they don’t settle, will the courts react negatively to being used as part of a business model intended to generate revenue through litigation? Or will they award the sort of over-the-top damages that they have in music sharing cases? Stay tuned.

As an act of self-defense, isoHunt has decided to sue the CRIA instead, and today Fung will file a petition (pdf) to ask the Court of British Columbia to confirm that isoHunt — and sister sites Torrentbox and Podtropolis — do not infringe copyright. “This is our preemptive strike with a narrowly defined petition for Declaratory Relief that we do not infringe, in anticipation they are going to file their own lawsuit that we do infringe [their copyright],” Fung told TorrentFreak.

Torrent sites are, for organizations like the RIAA and CRIA, the nightmare offspring of Napster. The record companies slew that beast, but P2P was born of its corpse, a demon whose name is Legion (Luke 8:30). Torrent sites like isoHunt don’t actually host files the way Napster did. They merely index files on tracker servers which help coordinate the computers of various users, each acting as both client and server, downloading and uploading from one another bits of desired files.

For example, let’s say you don’t have slice number 496 of a file but I do, and I don’t have slice 298 of that file but you do. I get the slice I need from you, and you get the slice you need from me. And we could be a part of a cloud of users for that file numbering in the tens or hundreds, or even thousands — plenty of slices for everyone’s bittorrent clients to assemble into a complete file. Then, if we’re nice, we might “seed” — that is, even though we’ve now got all the slices, we stay connected and let others “leech” from us. When there are no seeders, the situation can arise where no one in the cloud possesses the slices needed to complete the file. Blessed are the seeders, for they ensure that no slice goes astray. All in the cloud may ask and may receive.

Since none of these slices goes through isoHunt, you’d think they’d be immune from harassment by the likes of the CRIA. Further, isoHunt has a policy of removing torrents which point to copyrighted material when it is identified as such by the copyright holder. As the proprietor of isoHunt, Gary Fung, notes in a forum post on this subject, CRIA did exactly that in 2006 and received full cooperation from isoHunt. The situation is so grave from CRIA’s perspective, however, that they’re almost certain to strike back.

So, some might be wondering, what prevents isoHunt from proactively removing torrents pointing to copyrighted material? It may be these sites are such a draw because they help people get free stuff they’d otherwise have to pay for, but the argument “Hey, we’re just helping people get what they want” probably wouldn’t work that well in court. Instead, Fung offers some cogent arguments that might:

But given the ridiculously long copyright terms in most countries of the world (which does differ) and that all creative media are copyrighted by default (in many countries), large majority of files exchanged on the internet would be copyrighted. That includes Linux ISO images and your videos of friends and family doing whacky things. The real question is are they infringing against the wishes of respective copyright owners. We make and run a great search engine here at isoHunt, but we unfortunately do not have the technology to mind read what are the wishes of all copyright owners, or who they are to begin with in association with the tens of millions of files on BitTorrent, to which we only indexes metadata links and not actual content files. Whatever copyright laws or safe harbor provisions provided in different countries, the only sensible and technically possible thing to do we’ve found is to take down links to allegedly infringing content upon request and verification.

So, who knows? Perhaps Madonna wants to share her tunes with all her fans for free. Perhaps she figures, “What the heck, I’ve made a pile of money and I don’t need anymore. Everyone enjoy the music on me!” Hey, could happen, and isoHunt can’t read her mind.

On a purely practical level, we should all want isoHunt to win this one, if only to avoid the chilling effect a loss could have on the interactive nature of the internet. Ther was a time, when the internet was new, that having content on the web meant having your own web site. Then came message boards, and suddenly anyone with a web browser could author content. Then boards evolved to forums evolved into blogs and wikis and social networking sites, and now a huge amount of information on the web comes from the masses. Policing a popular forum could be a full time job. For a major social networking site, forget it, and likewise for a site that hosts user-submitted torrents.

The compromise is precisely the one isoHunt has in place. If you see something that infringes your copyright, complain and it will be taken down. This is formally built into the Digital Millennium Copyright Act (DMCA) in the US, and for all the DMCA’s flaws, is one aspect which appears to work, given that while the host must take down the allegedly offending material upon complaint, the original poster is entitled to immediately contest, which is happening right now on YouTube as a result of 4,000 take-down requests by the Church of Scientology .

Granted, a system like that incorporated into the DMCA can be open to abuse, but it’s better than saying hosting entities are completely responsible for user-posted content, where any infraction by a user must be paid for as an infraction by the host. One of the great democratizing aspects of the internet is the low cost of entry. If that gets stomped by high cost of liability, it will become even more the domain of media corporations with big bucks. With the exception of the media corporations, no one wants that.

So here’s wishing isoHunt the best of luck. Go get ‘em, Mr. Fung!

allofmp3.com appears to share much in common with the Himalayan Blackberry. We may need to come up with another name for it, however, since allofmp3.com is no more. That’s right, the Russian government changed their laws and bowed to the American directive that they shut down the ultra-affordable music downloading service.

But up pops mp3sparks.com, which is different from allofmp3.com only in name and aesthetic. All functions are exactly the same. Former allofmp3.com users may also log into the Windows-based alltunes.com and make full use of their account balance there. In fact, after a purchase from alltunes.com, I logged into mp3sparks.com, and my balance there accurately reflected the alltunes.com purchase.

So what shall we call this entity? The Russian mp3berry?

Clearly the Russian mp3berry has an extensive root system, and to kill it, it is not sufficient to destroy a site. It might theoretically be possible to stop it by attacking the database backend which handles accounting and inventory (these sites seem to have the same catalogue of music as well). That’s assuming it is located in one place and not a distributed application. It is technologically possible to distribute a backend over multiple machines which do not even need to be located in the same facility. In fact, they could be distributed anywhere in the world where there is internet access.

I wonder if the RIAA will ever clue in to the fact that the club of litigation and government coercion isn’t going to serve them well in the 21st century. Rather than try to eradicate the Russian mp3berry, they should seek to learn from it and improve on it. If RIAA member labels stopped screwing artists and passed along a generous share to them, they could create an allofmp3.com style site and even charge a bit more than the Russians, and people would feel good about using it. But unless they wake up to this, they are the ones on the road to extinction, not the delicious Russian mp3berry.

This week I’d like to examine the technical nature of that risk. I’m not going to go into any great technical depth, so if you’re already conversant with tcp/ip and all that, adieu, check in again next week.

One of the original concerns in the design of the internet was that it be able to survive the destruction of any major centre. This was the during the cold war, and the military participants in the project had in mind a nuclear strike, or even a limited nuclear war. This ruled out any design that featured a central hub or control centre. They came up with the idea of a network on which all the computers were “peers.” This was decades before the term “p2p,” or “peer to peer networking” came into being in relation to file sharing.

It did, though, set the course for how the internet works today. Each peer on the network (that includes your computer) has an ip address. This is usually assigned automagically by your Internet Service Provider (ISP) when you connect to the internet, so you may not even be aware of it. When you request something from a remote computer, that request is sent to the remote computer’s ip address. The request also includes your computer’s ip address, so that the remote computer will know where to send whatever it is that you requested.

People sometimes express concern that web sites using cookies (placed in your browser to track visits) may violate their privacy. What they fail to realize is that their ip address has also been logged, as well as what it was they requested, the time of the request, and most likely what browser they used and their operating system. This is not some sinister plot on the part of web site operators; it’s just a basic web server function.

So what has this got to do with the dangers of Robin Hoodism? While one sometimes gets the impression that the RIAA just pulls accusations out of its ass, they do actually do some fishing, and can discover which ip addresses are offering to share files.

Another thing some people don’t realize is that their p2p client is not only sucking down files, but by default is likely configured to turn around and share those files with others. That’s where the big money is from the RIAA’s perspective, since each one of those files is worth billions and billions of dollars (or whatever made up value they care to assign) times an infinite number of copies (or whatever made up number of copies they assert). Their m.o. is to then send a boilerplate extortion letter to the owner of the offending ip address, saying that unless that nefarious villain pays them a few thousand dollars, they will sue for a gazillion dollars (or whatever scary figure they make up).

However, this is easier said than done. They cannot decode your ip address to reveal your name and contact information. Between them and you is your ISP, which knows who had what ip addresses at what time (again, most internet transactions are logged). So the RIAA has a bit more work to do getting that information. A good ISP is one that will refuse to provide that information unless required to do so by a court order or something along those lines.

Most people faced with a copy of the extortion letter will pay. Just the cost of mounting a defense will be more than the amount being extorted. However, anyone in this position may wish to at least get a lawyer to respond to the RIAA with a letter like this one. Perhaps because I’m not a lawyer, but understand the technical issues, the part I find particularly interesting is this:

Your clients take the position that my middle-aged, conservative clients should speculate regarding the identity of persons your clients claim used their AOL account to download pornographic-lyric gangsta rap tracks as predicate to possible case resolution. In an age of Wintel-virus created bot-farms, spoofs, and easily cracked WEP encrypted wireless home networks (among other easy hacks), the only tech-savvy response to such a request is, “You’ve got to be kidding.” The extensive press that has been generated over computer security (and the insecurity of Windows XP and its predecessors) underscores the complete absence of facts on which probable cause to sue my clients could be established and your clients’ willingness (even insistence) that others be implicated in Big Music’s speculative, “driftnet” litigation tactics. Sorry: Mr. Merchant cannot and will not expose himself to still more litigation by speculating.

Upon receiving it, the RIAA dropped the matter. The RIAA does not want to go up against an opponent who understands both the law, and the technical issues. Particularly important is the fact that ip addresses are associated with computers, not people. I hope more of those targeted will get lawyers like Merl Ledford to at least send a letter before caving to the RIAA, which might be all it takes to get them to back off.

I’ve somewhat simplified my presentation of the technical elements involved; those interested in a deeper treatment of tcp/ip networking may wish to pick up O’Reilly’s TCP/IP Network Administration (The Crab Book).

Avast ye, and listen well. Ol’ Joe Biden has turned his guns to North and is taking aim at our Great White Land o’ the Pirates, aye. Seems he and his Congressional International Anti-Piracy Caucus gave fair warning three years ago when they put us on a watch list, but e’en so we did not mend our piratin’ ways. Now they’ve in store for us a worse fate still: being put on another, even more serious, watch list, along with such salts as China, Indonesia, Russia and other scurvy rogues.

Rep. Adam Schiff, a committee member, is quoted in The National Post as saying, “Each year we lose billions of dollars worth of American workproduct and invention.” Oh, Mr. Schiff is being far too restrained. Beyond a buck or two, the price of a DVD is arbitrary, so why not say that each one is worth a billion dollars? Then they could say that they’re losing millions of billions of dollars, oh my! Much more impressive than mere billions, and since it’s all make believe anyway (including the notion that every unpaid for copy is a copy that would otherwise have been paid for), why not have some fun with it and go for the melodrama?

The International Intellectual Property Alliance (IIPA) is concerned about Canada as well. If you thought the RIAA was bad, if you thought the BSA was bad, if you thought the MPAA was bad, how about a coalition of all of them and then some? That is the IIPA. Ally them with the US Government and you have fascism with a capital “F”. With loads of cash (astonishing, given all the billions they’re allegedly losing) and the US Government in their pocket, will our politicians be able to stand up to them and place the interests of Canadians before those of the IIPA? Or will our leaders cave?

Sweden, home of thepiratebay.org, seems strangely absent from this discussion. Here’s an interesting Vanity Fair article with some background on that outlaw outfit (a bit long; the thepiratebay.org stuff is after the section on the author’s experience with bittorrent). Once upon a time I might not have admired its founders, but these days I can’t help but cheer for them. Go Gottfrid! Go Fredrik!

In past posts I mentioned Bill Gates’ dawning realization regarding the limitations of DRM, as well as Steve Jobs’ take on the subject. The President of a leading manufacturer of DRM, Macrovision, has responded to Jobs’ letter with a letter of his own, though the unspun translation by John Gruber of Daring Fireball is much more amusing. And you can add European music executives to the list of seemingly unlikely critics of DRM.

Could it be that reality is trumping the theory that corporations can force stupid consumers to behave as they wish by using technological means? Michael Geist of the Toronto Star thinks so.

The 2005 Sony "rootkit" debacle, which ultimately cost the company millions of dollars in class-action lawsuits, the market disappointments of new digital music players that rely heavily on DRM such as the Microsoft Zune, and the lack of support for digital music subscription services that insert burdensome restrictions on the use of downloaded music such as Rhapsody and Napster, offer compelling examples of why DRM has emerged as the industry's biggest impediment to consumer acceptance.

The only thing greater than the music industry’s stupidity is their greed. If we make it clear to them that they’ll earn more money by ditching DRM, eventually they will. It’s just a question of how long they’ll take to clue in.