Q: How difficult would it be for the copyright holder of a film to get the IP addresses of people sharing that film over bittorrent?

A: Easy as pie. Here’s a portion of a screen capture from my bittorrent client, ktorrent, showing the ip addresses of people sharing a popular file on my computer right now.

I’ve blurred the ip addresses in the image in order to protect the innocent until proven guilty.

The relationship between the IP address on your computer and packets of information sent on the internet is similar to the address of your residence and letters sent by post — both letters and packets must know where they’re going if they’re ever to get there. If you want to access or share data on the internet, you can’t be without one, which is why it is difficult to be absolutely anonymous. Really, the best you can do is use someone else’s IP address — either by connecting through a proxy which, while it sees your IP address, displays its own to everyone else, or by connecting via someone else’s IP address, such as that of the wireless service provided by a local cafe or neighbour who has left their wireless unprotected by a password.

So why then haven’t studios gone after people using bittorrent? Surely the Motion Picture Association of America (MPAA), which represents the big studios, would have an interest. Perhaps they don’t want the negative image that the RIAA and its member labels (Sony, Universal, EMI, Warner, etc.) have acquired by going after the people who are often their own customers. Or perhaps, since they’re experiencing record profits, they don’t really feel a need.

But a smaller studio, Voltage, has filed a copyright complaint against the currently unknown holders of 5,000 IP addresses who used bittorrent to snag a copy of their movie The Hurt Locker. Lawsuits for 10 other small films have been filed by a company called the U.S. Copyright Group.

The message they want to send is probably that you shouldn’t take free copies of movies via bittorrent. But in practical terms the message may be more specific, namely avoid the movies of litigious studios like Voltage and those represented by the US Copyright Group, including Cinepro Pictures International (The Steam Experiment), Far Cry Productions (Far Cry), G2 Productions (Uncross the Stars), Animationwerks (Gray Man) and Braeburn Entertainment (Call of the Wild in 3D). It shouldn’t be too hard, since none of these movies is exactly rated highly.

I just hope this doesn’t represent a new business model — create a crappy movie, then recoup your losses by suing file sharers en masse. It will be interesting to see how this plays out. Will ISP’s cooperate in associating names with IP addresses? Will those targetted simply settle, rather than go to court? If they don’t settle, will the courts react negatively to being used as part of a business model intended to generate revenue through litigation? Or will they award the sort of over-the-top damages that they have in music sharing cases? Stay tuned.

As an act of self-defense, isoHunt has decided to sue the CRIA instead, and today Fung will file a petition (pdf) to ask the Court of British Columbia to confirm that isoHunt — and sister sites Torrentbox and Podtropolis — do not infringe copyright. “This is our preemptive strike with a narrowly defined petition for Declaratory Relief that we do not infringe, in anticipation they are going to file their own lawsuit that we do infringe [their copyright],” Fung told TorrentFreak.

Torrent sites are, for organizations like the RIAA and CRIA, the nightmare offspring of Napster. The record companies slew that beast, but P2P was born of its corpse, a demon whose name is Legion (Luke 8:30). Torrent sites like isoHunt don’t actually host files the way Napster did. They merely index files on tracker servers which help coordinate the computers of various users, each acting as both client and server, downloading and uploading from one another bits of desired files.

For example, let’s say you don’t have slice number 496 of a file but I do, and I don’t have slice 298 of that file but you do. I get the slice I need from you, and you get the slice you need from me. And we could be a part of a cloud of users for that file numbering in the tens or hundreds, or even thousands — plenty of slices for everyone’s bittorrent clients to assemble into a complete file. Then, if we’re nice, we might “seed” — that is, even though we’ve now got all the slices, we stay connected and let others “leech” from us. When there are no seeders, the situation can arise where no one in the cloud possesses the slices needed to complete the file. Blessed are the seeders, for they ensure that no slice goes astray. All in the cloud may ask and may receive.

Since none of these slices goes through isoHunt, you’d think they’d be immune from harassment by the likes of the CRIA. Further, isoHunt has a policy of removing torrents which point to copyrighted material when it is identified as such by the copyright holder. As the proprietor of isoHunt, Gary Fung, notes in a forum post on this subject, CRIA did exactly that in 2006 and received full cooperation from isoHunt. The situation is so grave from CRIA’s perspective, however, that they’re almost certain to strike back.

So, some might be wondering, what prevents isoHunt from proactively removing torrents pointing to copyrighted material? It may be these sites are such a draw because they help people get free stuff they’d otherwise have to pay for, but the argument “Hey, we’re just helping people get what they want” probably wouldn’t work that well in court. Instead, Fung offers some cogent arguments that might:

But given the ridiculously long copyright terms in most countries of the world (which does differ) and that all creative media are copyrighted by default (in many countries), large majority of files exchanged on the internet would be copyrighted. That includes Linux ISO images and your videos of friends and family doing whacky things. The real question is are they infringing against the wishes of respective copyright owners. We make and run a great search engine here at isoHunt, but we unfortunately do not have the technology to mind read what are the wishes of all copyright owners, or who they are to begin with in association with the tens of millions of files on BitTorrent, to which we only indexes metadata links and not actual content files. Whatever copyright laws or safe harbor provisions provided in different countries, the only sensible and technically possible thing to do we’ve found is to take down links to allegedly infringing content upon request and verification.

So, who knows? Perhaps Madonna wants to share her tunes with all her fans for free. Perhaps she figures, “What the heck, I’ve made a pile of money and I don’t need anymore. Everyone enjoy the music on me!” Hey, could happen, and isoHunt can’t read her mind.

On a purely practical level, we should all want isoHunt to win this one, if only to avoid the chilling effect a loss could have on the interactive nature of the internet. Ther was a time, when the internet was new, that having content on the web meant having your own web site. Then came message boards, and suddenly anyone with a web browser could author content. Then boards evolved to forums evolved into blogs and wikis and social networking sites, and now a huge amount of information on the web comes from the masses. Policing a popular forum could be a full time job. For a major social networking site, forget it, and likewise for a site that hosts user-submitted torrents.

The compromise is precisely the one isoHunt has in place. If you see something that infringes your copyright, complain and it will be taken down. This is formally built into the Digital Millennium Copyright Act (DMCA) in the US, and for all the DMCA’s flaws, is one aspect which appears to work, given that while the host must take down the allegedly offending material upon complaint, the original poster is entitled to immediately contest, which is happening right now on YouTube as a result of 4,000 take-down requests by the Church of Scientology .

Granted, a system like that incorporated into the DMCA can be open to abuse, but it’s better than saying hosting entities are completely responsible for user-posted content, where any infraction by a user must be paid for as an infraction by the host. One of the great democratizing aspects of the internet is the low cost of entry. If that gets stomped by high cost of liability, it will become even more the domain of media corporations with big bucks. With the exception of the media corporations, no one wants that.

So here’s wishing isoHunt the best of luck. Go get ‘em, Mr. Fung!

Some might say, “So what? The ultimate Internet news is Google Groups, with its massive archive going back more than a decade. If you have a web browser, you can access it, and it doesn’t matter what operating system you use.” Which would be a good point if all we were interested in was information. But Google Groups doesn’t carry the binary news groups.

Non-text files (binaries) can be attached to news group messages in much the same way attachments are made to email messages. The binary is converted to text characters, posted, and then decoded back into binary after downloading. With email, this has become so transparent to end users that most don’t even realize there’s no such thing as a literal “attachment” — email messages still contain only text characters.

While news groups aren’t as popular as they were back in the days before blogs, web forums, and message boards, those devoted to binaries contain more data than ever before. This is one of the reasons that not only Google but many ISP’s won’t carry them, if they offer news groups at all. The storage required is great and it just isn’t worth it when only a minority of subscribers use them.

Stepping into the breach are many pay-for-access news server companies. Here’s an overview of some of them. I use easynews.com and have found that it works as advertised.

The best thing about binary newsgroups is that they’re another place to look for files you can’t find via p2p file sharing, or torrent sites like mininova.org, thepiratebay.org, or isohunt.com. As a last resort, you can check binsearch.info and see if that impossible-to-find video or song or whatever is currently being carried by a news group.

You may even find things of interest you weren’t even looking for. I had nearly forgotten there’d ever been a TV show called “Petticoat Junction” until I saw it referred to on the alt.binaries.multimedia.vintage-tv group.

The reason I suggest binary news groups as a “last resort” is that binaries are a bit of a pain, typically chopped up into multiple parts, each one in its own post. This is where Windows shines over Linux. It doesn’t have anything to do with the operating system, but rather the applications available for it. There is arguably no better news reader than Forte’s Agent, and for managing files that have been chopped up into RAR files, WinRAR is a gem.

Those engaged in DIY Robin Hoodism who are assessing the risk may be reassured by the privacy policies of most commercial news servers, though bear in mind that everything on the Internet is logged, so absolute privacy can’t be guaranteed. However, a big difference from a legal standpoint between p2p file sharing and binary news groups is that when you download from a news group, you’re not sharing. You have downloaded a file for yourself, and that’s it, whereas p2p clients default to sharing files downloaded, as do torrent clients. If the MAFIAA want to come after you, your liability extends to one file, not who-knows-how-many copies you’ve shared with others. And because you’re not essentially hanging out a sign saying “files to share,” you’ll be harder to finger in the first place.

Binary news groups may not be the latest, greatest, most amazing source of files, but they still have something to offer the diehard downloader willing to shell out a few bucks a month for gigabytes worth of files.

This week I’d like to examine the technical nature of that risk. I’m not going to go into any great technical depth, so if you’re already conversant with tcp/ip and all that, adieu, check in again next week.

One of the original concerns in the design of the internet was that it be able to survive the destruction of any major centre. This was the during the cold war, and the military participants in the project had in mind a nuclear strike, or even a limited nuclear war. This ruled out any design that featured a central hub or control centre. They came up with the idea of a network on which all the computers were “peers.” This was decades before the term “p2p,” or “peer to peer networking” came into being in relation to file sharing.

It did, though, set the course for how the internet works today. Each peer on the network (that includes your computer) has an ip address. This is usually assigned automagically by your Internet Service Provider (ISP) when you connect to the internet, so you may not even be aware of it. When you request something from a remote computer, that request is sent to the remote computer’s ip address. The request also includes your computer’s ip address, so that the remote computer will know where to send whatever it is that you requested.

People sometimes express concern that web sites using cookies (placed in your browser to track visits) may violate their privacy. What they fail to realize is that their ip address has also been logged, as well as what it was they requested, the time of the request, and most likely what browser they used and their operating system. This is not some sinister plot on the part of web site operators; it’s just a basic web server function.

So what has this got to do with the dangers of Robin Hoodism? While one sometimes gets the impression that the RIAA just pulls accusations out of its ass, they do actually do some fishing, and can discover which ip addresses are offering to share files.

Another thing some people don’t realize is that their p2p client is not only sucking down files, but by default is likely configured to turn around and share those files with others. That’s where the big money is from the RIAA’s perspective, since each one of those files is worth billions and billions of dollars (or whatever made up value they care to assign) times an infinite number of copies (or whatever made up number of copies they assert). Their m.o. is to then send a boilerplate extortion letter to the owner of the offending ip address, saying that unless that nefarious villain pays them a few thousand dollars, they will sue for a gazillion dollars (or whatever scary figure they make up).

However, this is easier said than done. They cannot decode your ip address to reveal your name and contact information. Between them and you is your ISP, which knows who had what ip addresses at what time (again, most internet transactions are logged). So the RIAA has a bit more work to do getting that information. A good ISP is one that will refuse to provide that information unless required to do so by a court order or something along those lines.

Most people faced with a copy of the extortion letter will pay. Just the cost of mounting a defense will be more than the amount being extorted. However, anyone in this position may wish to at least get a lawyer to respond to the RIAA with a letter like this one. Perhaps because I’m not a lawyer, but understand the technical issues, the part I find particularly interesting is this:

Your clients take the position that my middle-aged, conservative clients should speculate regarding the identity of persons your clients claim used their AOL account to download pornographic-lyric gangsta rap tracks as predicate to possible case resolution. In an age of Wintel-virus created bot-farms, spoofs, and easily cracked WEP encrypted wireless home networks (among other easy hacks), the only tech-savvy response to such a request is, “You’ve got to be kidding.” The extensive press that has been generated over computer security (and the insecurity of Windows XP and its predecessors) underscores the complete absence of facts on which probable cause to sue my clients could be established and your clients’ willingness (even insistence) that others be implicated in Big Music’s speculative, “driftnet” litigation tactics. Sorry: Mr. Merchant cannot and will not expose himself to still more litigation by speculating.

Upon receiving it, the RIAA dropped the matter. The RIAA does not want to go up against an opponent who understands both the law, and the technical issues. Particularly important is the fact that ip addresses are associated with computers, not people. I hope more of those targeted will get lawyers like Merl Ledford to at least send a letter before caving to the RIAA, which might be all it takes to get them to back off.

I’ve somewhat simplified my presentation of the technical elements involved; those interested in a deeper treatment of tcp/ip networking may wish to pick up O’Reilly’s TCP/IP Network Administration (The Crab Book).

Is it okay for the RIAA to “sue ‘em all,” even the weakest members of society? Their latest atrocity is an attempt to get a child to testify against her own mother (also a disabled person living on disability). But the law is the law, it makes no distinction beyond culpability. If the weakest amongst us are infringing copyright, then technically their weakness is no defense.

Or is it? Whatever happened to the social contract? At what point did we say that collective revulsion for persecution of the weak by the powerful must take a back seat to corporate interest? At what point do we simply acknowledge that democracy has fallen to corporatism and that the social contract has been trumped by End User Licensing Agreements, and the latest rationalization of copyright?

I say the “latest rationalization of copyright,” because the original idea of creative works being public property to which the creator has been given a temporary monopoly seems increasingly remote. Now we are to consider creative works to be “intellectual property” belonging to the creator or, more often, whatever corporation secured the rights from the original creator by whatever means — in the case of the music industry often by contracts most advantageous to themselves. And in the US, whenever Mickey Mouse is on the verge of falling into the public domain, you may expect the term of copyright to be extended. The US Constitution dictates the term be limited (Article I, Section 8, Clause 8), but does not specify a duration, so there is nothing to stop Congress from extending it indefinitely.

Along with the idea of “intellectual property” comes the idea that this “property” can be “stolen,” just as actual property can be stolen. The term “piracy” has been successfully applied to such, even though there are significant differences between copyright infringement and theft on the high seas, or, indeed, theft of any kind. Theft involves depriving a thing’s rightful owner of the possession and use of said thing. Making a copy of a thing in no way impairs the owner’s use or possession. Indeed, this kind of sharing would be a wonderful thing for children encouraged to share a toy — imagine if they could simply hand over a copy of it! But contrary to what your mother may have taught you, the RIAA would like you to believe that sharing is a crime.

It seems to me that the last great evil to be acknowledged as such is socio-economic inequality. Slavery has been abolished, civil rights championed, women emancipated, and in many jurisdictions homosexuals are making progress towards equal rights. There’s still work to do in all these areas, but our tolerance of socio-economic inequality reminds me of writings from the 19th-century, where otherwise decent people made blatantly racist or anti-semitic statements as a matter of course because such was the common attitude of the time.

For those of us with few resources, p2p file sharing can be regarded as DIY Robin Hoodism, with a modern twist. Instead of stealing from the rich to give to the poor, the poor can simply share copies of files the rich claim rights to. If the rich complain because they don’t think they’re rich enough without the money they feel the poor should be paying, then screw them. The social contract is breaking down, and the serfs owe only as much obedience as Prince John can enforce. Just be aware that poaching on royal lands can be risky.

For those us with money to spend on music, do not support EMI, Sony BMG Music Entertainment, Universal Music Group, Warner Music Group or other RIAA member labels. If in doubt, check riaaradar.com, and know that the rumours of allofmp3.com‘s demise have been greatly exagerated. You can also keep more money in your own pockets and out of the labels’ pockets by buying second hand. In a corporatist world, the votes you cast with your wallet may matter more than those cast with a ballot.

Avast ye, and listen well. Ol’ Joe Biden has turned his guns to North and is taking aim at our Great White Land o’ the Pirates, aye. Seems he and his Congressional International Anti-Piracy Caucus gave fair warning three years ago when they put us on a watch list, but e’en so we did not mend our piratin’ ways. Now they’ve in store for us a worse fate still: being put on another, even more serious, watch list, along with such salts as China, Indonesia, Russia and other scurvy rogues.

Rep. Adam Schiff, a committee member, is quoted in The National Post as saying, “Each year we lose billions of dollars worth of American workproduct and invention.” Oh, Mr. Schiff is being far too restrained. Beyond a buck or two, the price of a DVD is arbitrary, so why not say that each one is worth a billion dollars? Then they could say that they’re losing millions of billions of dollars, oh my! Much more impressive than mere billions, and since it’s all make believe anyway (including the notion that every unpaid for copy is a copy that would otherwise have been paid for), why not have some fun with it and go for the melodrama?

The International Intellectual Property Alliance (IIPA) is concerned about Canada as well. If you thought the RIAA was bad, if you thought the BSA was bad, if you thought the MPAA was bad, how about a coalition of all of them and then some? That is the IIPA. Ally them with the US Government and you have fascism with a capital “F”. With loads of cash (astonishing, given all the billions they’re allegedly losing) and the US Government in their pocket, will our politicians be able to stand up to them and place the interests of Canadians before those of the IIPA? Or will our leaders cave?

Sweden, home of thepiratebay.org, seems strangely absent from this discussion. Here’s an interesting Vanity Fair article with some background on that outlaw outfit (a bit long; the thepiratebay.org stuff is after the section on the author’s experience with bittorrent). Once upon a time I might not have admired its founders, but these days I can’t help but cheer for them. Go Gottfrid! Go Fredrik!

In past posts I mentioned Bill Gates’ dawning realization regarding the limitations of DRM, as well as Steve Jobs’ take on the subject. The President of a leading manufacturer of DRM, Macrovision, has responded to Jobs’ letter with a letter of his own, though the unspun translation by John Gruber of Daring Fireball is much more amusing. And you can add European music executives to the list of seemingly unlikely critics of DRM.

Could it be that reality is trumping the theory that corporations can force stupid consumers to behave as they wish by using technological means? Michael Geist of the Toronto Star thinks so.

The 2005 Sony "rootkit" debacle, which ultimately cost the company millions of dollars in class-action lawsuits, the market disappointments of new digital music players that rely heavily on DRM such as the Microsoft Zune, and the lack of support for digital music subscription services that insert burdensome restrictions on the use of downloaded music such as Rhapsody and Napster, offer compelling examples of why DRM has emerged as the industry's biggest impediment to consumer acceptance.

The only thing greater than the music industry’s stupidity is their greed. If we make it clear to them that they’ll earn more money by ditching DRM, eventually they will. It’s just a question of how long they’ll take to clue in.