A couple of weeks ago I used this soapbox to suggest that those with few resources could engage in a kind of “Robin Hoodism” in order to correct the socio-economic imbalance whereby the rich can have all the movies and music they want, whereas the less well to do are expected to do with less. I also warned that “poaching on royal lands can be risky.”
This week I’d like to examine the technical nature of that risk. I’m not going to go into any great technical depth, so if you’re already conversant with tcp/ip and all that, adieu, check in again next week.
One of the original concerns in the design of the internet was that it be able to survive the destruction of any major centre. This was the during the cold war, and the military participants in the project had in mind a nuclear strike, or even a limited nuclear war. This ruled out any design that featured a central hub or control centre. They came up with the idea of a network on which all the computers were “peers.” This was decades before the term “p2p,” or “peer to peer networking” came into being in relation to file sharing.
It did, though, set the course for how the internet works today. Each peer on the network (that includes your computer) has an ip address. This is usually assigned automagically by your Internet Service Provider (ISP) when you connect to the internet, so you may not even be aware of it. When you request something from a remote computer, that request is sent to the remote computer’s ip address. The request also includes your computer’s ip address, so that the remote computer will know where to send whatever it is that you requested.
People sometimes express concern that web sites using cookies (placed in your browser to track visits) may violate their privacy. What they fail to realize is that their ip address has also been logged, as well as what it was they requested, the time of the request, and most likely what browser they used and their operating system. This is not some sinister plot on the part of web site operators; it’s just a basic web server function.
So what has this got to do with the dangers of Robin Hoodism? While one sometimes gets the impression that the RIAA just pulls accusations out of its ass, they do actually do some fishing, and can discover which ip addresses are offering to share files.
Another thing some people don’t realize is that their p2p client is not only sucking down files, but by default is likely configured to turn around and share those files with others. That’s where the big money is from the RIAA’s perspective, since each one of those files is worth billions and billions of dollars (or whatever made up value they care to assign) times an infinite number of copies (or whatever made up number of copies they assert). Their m.o. is to then send a boilerplate extortion letter to the owner of the offending ip address, saying that unless that nefarious villain pays them a few thousand dollars, they will sue for a gazillion dollars (or whatever scary figure they make up).
However, this is easier said than done. They cannot decode your ip address to reveal your name and contact information. Between them and you is your ISP, which knows who had what ip addresses at what time (again, most internet transactions are logged). So the RIAA has a bit more work to do getting that information. A good ISP is one that will refuse to provide that information unless required to do so by a court order or something along those lines.
Most people faced with a copy of the extortion letter will pay. Just the cost of mounting a defense will be more than the amount being extorted. However, anyone in this position may wish to at least get a lawyer to respond to the RIAA with a letter like this one. Perhaps because I’m not a lawyer, but understand the technical issues, the part I find particularly interesting is this:
Your clients take the position that my middle-aged, conservative clients should speculate regarding the identity of persons your clients claim used their AOL account to download pornographic-lyric gangsta rap tracks as predicate to possible case resolution. In an age of Wintel-virus created bot-farms, spoofs, and easily cracked WEP encrypted wireless home networks (among other easy hacks), the only tech-savvy response to such a request is, “You’ve got to be kidding.” The extensive press that has been generated over computer security (and the insecurity of Windows XP and its predecessors) underscores the complete absence of facts on which probable cause to sue my clients could be established and your clients’ willingness (even insistence) that others be implicated in Big Music’s speculative, “driftnet” litigation tactics. Sorry: Mr. Merchant cannot and will not expose himself to still more litigation by speculating.
Upon receiving it, the RIAA dropped the matter. The RIAA does not want to go up against an opponent who understands both the law, and the technical issues. Particularly important is the fact that ip addresses are associated with computers, not people. I hope more of those targeted will get lawyers like Merl Ledford to at least send a letter before caving to the RIAA, which might be all it takes to get them to back off.
I’ve somewhat simplified my presentation of the technical elements involved; those interested in a deeper treatment of tcp/ip networking may wish to pick up O’Reilly’s TCP/IP Network Administration (The Crab Book).