Filtering For Copyrighted Content and Liability Under the Wiretap Act:
The New York Times "Bits" Blog reports:
The Wiretap Act makes it a federal crime and a civil wrong permitting the recovery of punitive damages and attorney's fees for intercepting the contents of a person's communications over an interstate communications network. Although there are no cases directly on this, network-level scanning of traffic for copyrighted content is likely to be deemed an "intercept" of the contents of communications. And while there are exceptions for interceptions by parties to communications (18 U.S.C. 2511(2)(d)) and for monitoring narrowly tailored to protect the network provider (18 U.S.C. 2511(2)(a)(i)), it's hard to see how those exceptions would apply to network-level monitoring for copyrighted information.
To avoid liability, these providers probably would need to amend their Terms of Service so that users would explicitly consent to allowing their ISPs to monitor them for copyright violations. Assuming customers didn't revolt against this, that would permit monitoring under the consent exception, at least when a user who actually signed the contract was being monitored. But even the explicit okay in the Terms of Service wouldn't allow all monitoring. The consent would only cover those who signed the contract and the parties to communications with them, and would not automatically extend to those who used the network but had not consented (such as family members of those who agreed to the ISP contract). And of course the ISPs wouldn't know who was being the keyboard, so they would never know if the monitoring was lawful.
I suppose ISPs could then argue that the monitoring was not an "intentional" intercept, as required by the statute, 18 U.S.C. 2511. But that raises a difficult question of how the mens rea requirements of liability interact with the consent exception — in particular, whether an intentional interception that is not intentional as to the lack of consent counts as intentional. I don't know of any cases on this, but off the top of my head it seems like a 50/50 issue. And then there's the issue of liability under state wiretap laws that go beyond the federal wiretap act, and especially those that require all party consent to monitoring.
Would ISPs risk massive liability under the Wiretap Act to try to combat copyright infringement? I can't imagine why they would do that, but I suppose that's a question to ask them and their lawyers.
Thanks to Instapundit for the link.
At a small panel discussion about digital piracy here at NBC’s booth on the Consumer Electronics Show floor, representatives from NBC, Microsoft, several digital filtering companies and telecom giant AT&T said the time was right to start filtering for copyrighted content at the network level.I hope that "open discussion" includes a frank discussion of legal liability under the federal Wiretap Act.
Such filtering for pirated material already occurs on sites like YouTube and Microsoft’s Soapbox, and on some university networks.
Network-level filtering means your Internet service provider – Comcast, AT&T, EarthLink, or whoever you send that monthly check to – could soon start sniffing your digital packets, looking for material that infringes on someone’s copyright.
“What we are already doing to address piracy hasn’t been working. There’s no secret there,” said James Cicconi, senior vice president, external & legal affairs for AT&T.
Mr. Cicconi said that AT&T has been talking to technology companies, and members of the MPAA and RIAA, for the last six months about implementing digital fingerprinting techniques on the network level.
“We are very interested in a technology based solution and we think a network-based solution is the optimal way to approach this,” he said. “We recognize we are not there yet but there are a lot of promising technologies. But we are having an open discussion with a number of content companies, including NBC Universal, to try to explore various technologies that are out there.”
The Wiretap Act makes it a federal crime and a civil wrong permitting the recovery of punitive damages and attorney's fees for intercepting the contents of a person's communications over an interstate communications network. Although there are no cases directly on this, network-level scanning of traffic for copyrighted content is likely to be deemed an "intercept" of the contents of communications. And while there are exceptions for interceptions by parties to communications (18 U.S.C. 2511(2)(d)) and for monitoring narrowly tailored to protect the network provider (18 U.S.C. 2511(2)(a)(i)), it's hard to see how those exceptions would apply to network-level monitoring for copyrighted information.
To avoid liability, these providers probably would need to amend their Terms of Service so that users would explicitly consent to allowing their ISPs to monitor them for copyright violations. Assuming customers didn't revolt against this, that would permit monitoring under the consent exception, at least when a user who actually signed the contract was being monitored. But even the explicit okay in the Terms of Service wouldn't allow all monitoring. The consent would only cover those who signed the contract and the parties to communications with them, and would not automatically extend to those who used the network but had not consented (such as family members of those who agreed to the ISP contract). And of course the ISPs wouldn't know who was being the keyboard, so they would never know if the monitoring was lawful.
I suppose ISPs could then argue that the monitoring was not an "intentional" intercept, as required by the statute, 18 U.S.C. 2511. But that raises a difficult question of how the mens rea requirements of liability interact with the consent exception — in particular, whether an intentional interception that is not intentional as to the lack of consent counts as intentional. I don't know of any cases on this, but off the top of my head it seems like a 50/50 issue. And then there's the issue of liability under state wiretap laws that go beyond the federal wiretap act, and especially those that require all party consent to monitoring.
Would ISPs risk massive liability under the Wiretap Act to try to combat copyright infringement? I can't imagine why they would do that, but I suppose that's a question to ask them and their lawyers.
Thanks to Instapundit for the link.
I think we may need to look to the 4th Amendment for protection here...
-Tyson
The Constitution doesn't apply, as the ISPs are not government actors. As for amending the Wiretap Act, that's an interesting question: I don't know how easy it would be for such an amendment to be passed in the current legislative climate.
Doesn't RIAA and MPAA own a majority in each chamber of the Congress?
Technological attempts to filter copyright content are just not possible and the sooner the content producers come to terms with that reality, the better off we will all be.
One also suspects that the "consent" would be gotten from the customer with the least notice and most obfuscation that ISPs could possibly get away with. Not really meaningful. There seems to be a bit of a revolt by courts at the moment against that kind of quiet, one-sided changes to contracts that customers generally agree to without realizing it, though. As to customer "revolt": doubtful. That would require not only that a large percentage of subscribers be aware of the monitoring that their ISP was trying to impose on them, but that a large percentage of that group rebel against the monitoring - large enough to be a viable counterweight to the influence of the RIAA, MPAA, etc. Moreover, the ability even to make a choice about whether to "revolt" against one's ISP requires other options for high-speed Internet service - and there are plenty of people in the U.S. who live in areas where such service is a local monopoly. In many instances, the contract change to consent to monitoring would be pretty "adhesive": agree to let us monitor what you do, or no high-speed Internet for you. In that situation, your consent isn't really. And if enough people are in that situation, critical mass to counteract rights-holding organizations' influence is pretty much impossible. It will be positively a privilege if citizens live in an area where not only there are multiple high-speed Internet providers, but some of them spy on you and some of them don't (and maybe make that a selling point, even?), so you can pick the latter.
Maybe if the issue could be framed as "Internet monitoring will make us more like the French! And you don't want to be like the French, do you?", that would be enough to trigger mass revolt.
Regardless of what they anticipate customer response will be, I would imagine that ISPs' going forward with this plan may depend on the outcome of e.g. Hepting and the congressional hemming and hawing over wireless carrier immunity for that whole NSA phone eavesdropping thing. The outcome of that firestorm will signal to ISPs whether or not the judicial/legislative environment is such that they could get away with mass monitoring. Might take awhile, though.
About the only thing that I think might work is to put fingerprints or watermarks of some sort in digital works, and then look for them. Or, of course, using some sort of metadata, including, for example, file names.
I also don't think the statute reads in a way where consent affects the mens rea of the interception. I think consent just stands as an exoneration to what otherwise would have been a wiretap act violation (when there's been an intentional interception of the contents of a communication with a device). The ISPs would be better off challenging the definition of "interception," or trying to argue that the maintenance exception might also exonerate what they're trying to do, although I think (as well as hope!) that both arguments would be unlikely to succeed.
They'll push first for a law to make this legal and then push for ways to make it as close to mandatory as they can. This won't hurt the larger providers very much but will seriously cramp the smaller ones.
The filtering technology providers will benefit massively from round after round of escalation. The filtering will get more and more invasive to combat encryption, and eventually we'll wind up with an ugly unworkable mess.
Fortunately, none of that will ever happen, as this idea is clearly dead on arrival for so many reasons.
How would this technology determine if copyright was being violated exactly?
230(c)(2) bars liability for good faith restriction of access to particular material. The CDA says that it shall not impair the electronic communications act of 1996 (which I assume the Wiretap Act would fall under), but given the fact that a party to a communication is exempted, then all ISP's would need to do is have their subscribers agree (and I use "agree" very, very loosely here) that the ISP may filter, and the CDA would kick in.
Indeed, if I were with an ISP, I would argue that there is no way the wiretap act can mean "no filtering" because interpreting it that way would make 230(c)(2) meaningless, which violates a key canon of statutory interpretation.
(2) Civil liability
No provider or user of an interactive computer service shall be held liable on account of—
(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected;
Makes you wonder what chances Copernicus would have to publish his book had market was monopolised by RIAA' RICO.
obscene, lewd, lascivious, filthy, excessively violent, harassing, copyright infringement
Are you proposing that screening for copyrighted material falls under the "otherwise objectionable" category? That's placing a fairly broad construction on the term. Otherwise, it doesn't look like the proposed filtering can slip in via the 230(c)(2)(A) "good faith to restrict" exemption.
Has anybody heard of a criminal acting NOT in his/her "good faith"
"Obscene"? Didn't we have guy named Comstock giving us the New York Society for the Suppression of Vice?
"otherwise objectionable"Well, I don't like you Mr. Jew - signed A. Hitler. Enough?
Once files land in a user's computer, software screening of these files might no longer be considered a prohibited "intercept" under the Wiretap Act. However, there appears to be dicta in US v. Councilman that suggests a requirement for real-time interception may not apply to electronic communications.
Further, by requiring the use of such software to access the network, it may fall under the 18 USC 2510(5)(a) exemption for "any telephone or telegraph instrument, equipment or facility, or any component thereof, (i) furnished to the subscriber or user by a provider of wire or electronic communication service in the ordinary course of its business and being used by the subscriber or user in the ordinary course of its business"
Given the lack of choice in ISPs in most locations, even this scheme may not be enough to result in any "revolt" by consumers - particularly if this were adopted by most of the big ISPs.
Sure, why not? I understand that reasonable minds can differ in that "otherwise" must follow from the terms listed, but if 230(c)(1) has been construed as broadly as it has, why should (c)(2) be any different?
vs. RIAA
In 2005, Tanya Andersen of Oregon responded to a lawsuit on behalf of Atlantic Records by in turn suing them under the RICO laws. Her suit alleges that RIAA members, in this particular case Atlantic, engaged in illegal computer trespass, extortion, and unfair trade practices under Oregon state law.
That would require not running standard internet protocols on the local loop.
While possible, that would require writing a comparable protocol stack. That's non-trivial (MS bungled this job a couple of time). It has to run on XP and Vista at the very least. Since that the standard IP code is deeply embedded in those OS, installing it will be "interesting". It will require lots of "truck rolls", which will make internet access unprofitable at current price levels.
I'm ignoring the fact that the protocol stack doesn't know that it's downloading a file; applications do. You have to get all applications that can down load files to do the actual verification. Congrats - you have to replace all of the aps that people use over the internet. (For example, lots of folks use VPNs to work from home. There are at least a dozen VPN applications, and almost all of them can transfer files.)
While each person may only use one or two aps, different people use different aps. If you break the aps that they use, they have no reason to use your service.
Even if they can solve the technical problems, the open source community has repeatedly reverse engineered such protocols. Why won't they succeed this time? (Remember, they can observe the bits on the wire AND they can monitor what's happening in the PC.)
And, once they do so, why won't they produce applications that don't obey the rules?
Isn't the concern not so much that every ISP will run scans, but that AT&T will, on every communication on their network? My understanding, perhaps faulty, was that AT&T and a few other companies control much of the "backbone" of the internet. Isn't the risk mostly that once communications pass from your local ISP's network onto AT&T's wires (or Qwest's wires, or Level3 or whatever), these companies will scan it?
RIAA couldn't get evidence, dismissed its case with prejudice, and the person they sued dismissed their counterclaim, sued for malicious prosecution and got attorneys fees.
See Here
They would, except the Carlyle Group managed to buy a majority before they could get them all. They used the extra money to install radio transmitters in critics' dental fillings.
This raises the inquiry whether the Internet providers ALREADY have liability for assisting in the wrongful dissemination of copyrighted material occuring by a pirate without consent of the copyright owner. Suppose Tennessee Lawyer over the Internet fraudulently pirates a disabled Bar Applicant's copyrighted work for the purposes of disseminating it extra-judicially to (1) a Law Clerk assigned to Bar applicant's Title II ADA cases \, and (2) to raise money for a legal defense for the Law Clerk, Tennessee Lawyer, and others who are involved in case they are caught -- does the Internet provider have liability for lacking adequate safeguards to prevent the piracy from occurring?
"Would ISPs risk massive liability under the Wiretap Act to try to combat copyright infringement? I can't imagine why they would do that, but I suppose that's a question to ask them and their lawyers"
I can't imagine why they would do that, either, unless the Sabinesque Chief of DOJ Counterterrorism directed certain individuals assisting in the piracy of the copyrighted work to flash a law enforcement badge requiring the Internet provide to do so and to maintain secrecy -- the ultimate objective being, of course, to derail by irreparably prejudicing a DREDDED civil right lawsuit under Title II of the ADA.
Then, it would appear certain defendants might attempt to invoke a Sec. 2520(d) defense (and would the Internet providers attempt to take cover under the same defense). However, it appears 42 U.S.C. Sec. 12201(b) would amend and/or repeal in whole or part Sec. 2520(d) to the extent it is not possible to construe "good faith" in Sec. 2520(d) to exclude Title II or V (retaliation) ADA violations in which there is no legitimate law enforcement interest/purpose.
There may be other defenses raised, but it appears they would also fail on there being no legitimate law enforcement interest/purpose in a discrimination/exclusion/retaliation in violation of a civil rights statute such as Titles II and V of the ADA. Especially ones accomplished for the purposes of stamping out such a civil liberties challenge occuring in the very courts hearing the case.
IANAL, but it seems to me that there is a serious problem here, because there does not seem to be any sort of protection granted to people who did not directly sign the contract, like family members.
ISP's regularly enforce their contracts on family members who did not directly sign the agreement. Either that, or more likely they hold the person who DID sign the contract responsible for the family member's actions.
I know this because I work for one, and enforcement actions happen all the time. Some copyright holder sends us a complaint, we call the customer and explain the situation and offer help to get the offending copyrighted material and/or the sharing software removed from their system. Then we explain that if it happens again we have to terminate their service, because if we don't then the copyright holder can sue us.
Very often, it turns out a family member (like the teenager in the family) is the cause of the problem, not the person who signed the contract. From an enforcement point of view, it simply doesn't make a jot of difference.
Can you help me to understand why detection at the network level instead of by the copyright holder would change this legal relationship in such a way that weather or not the infringer hasn't directly signed the contract suddenly becomes relevant?
Imagine an Evil Norton Anti-Virus that, instead of protecting you, tattles on you. It periodically scans your file system and reports the result to your ISP. And it generates an app-level token without which your ISP won't grant access to its network.
- If EvilNAV.exe finds infringing content, Evil_ISP knows.
- If EvilNAV.exe doesn't give Evil_ISP its cryptographically signed report each month, Evil_ISP denies you access.
- If EvilNAV.exe is disabled or removed so it doesn't provide Evil_ISP its token, Evil_ISP denies you access.
As an added EvilBonus(TM), MPAA/RIAA could even incent users, e.g. by giving free downloaded goodies to users with valid EvilNAV tokens and clean scans. Even MPAA/RIAA are smart enough to see the value in paying a few pennies for the guarantee of a "clean" user.
Of course a hacker can find ways around this, but most users are not hackers.
Invasive access by ISP's on user computers gives criminals the same access. It would turn a hundred million computers into zombies. The idea is dead on arrival.
While ISP's might obtain special legislation immunizing them from class action civil negligence liability, the business community which relies on internet access has far greater political clout than the ISP's or those business interests pushing this damn fool idea.
The ban on incandescent light bulbs is a perfect example of this.
Since this program is running locally it would be trivial to run it in a sandbox where it doesn't have permission to scan anything bad. Remember that a program cannot tell whether it is being run on the hardware or in a virtual machine. Alternatively, someone could patch evilNAV to remove the scanning part of the code and just have it generate tokens.
Of course, now the ISP can make evilNAVchecker program to make sure that evilnav is really running. Lather, rinse, repeat. There is a bedrock principle here - if a user has full control over the computing resources (i.e. the ability to read and write to arbitrary memory locations) then there is nothing you can do to get remote attestation - hence the interest in hardware that will allow such a thing.
Furthermore, there are tons and tons of devices that do not run modern OS's that are now f***ked. Game consoles, ebook readers, WiFi enabled phones. Do you suggest that ISPs deny all those devices access?
Andy Freeman: I believe quaker, by way of the token-based approach of the EvilNav.exe example, has demonstrated that there is no need to rework the network stack. Plus, there is no need to modify applications to perform file tracking. As far as I am aware, modern OSes provide a mechanism for notification of when files are updated, and often by which program. As a simple example, just watching out for access to 1+ GB files is likely to be helpful in identifying HD movies. Or files matching *.mp3. Alternatively, BigBrother.exe could apply more of a brute-force approach, and scan the entire hard drive. Of course, there are probably more interesting/devious approaches.
As for reverse-engineering, I wouldn't necessarily count on open source efforts being capable of hacking arbitrary cryptographically secure systems. Doing so often depends on the incompetence of the designers of the crypto system (see, e.g., the details of hacking the WEP protocol or hacking CSS (sloppy key management in DVD player)). Also, key revocation or a complete overhaul of the authentication system works a lot faster for software products than WEP, DVDs, and HD-DVD (some of the more visible crypto-hacking successes).
In an ideal, but nonexistent, virtualization system is it true that "a program cannot tell whether it is being run on the hardware or in a virtual machine." There is pretty much always something, such as hardcoded virtual hardware or emulated instructions which take more time to execute than the actual hardware, which can tip off an inquisitive program. Run a Google search for "detect virtual machine" for plenty of examples.
Also, I would dispute that "a user has full control over the computing resources" - there are plenty of things that my PC does that I am not aware of, and probably don't even want it to do. Given the expertise developed in creating software-based DRM systems, I would not underestimate the ability to successfully obfuscate cryptographic operations so as to render them essentially opaque and irreproducable.
I would propose a different bedrock principle: once someone has their code running on your system, you're pretty much screwed.
On the other hand, you have an interesting point on non-PC devices. My narrow conception of BigBrother.exe doesn't cover that angle.
A VM would be total overkill for dealing with evilNAV - all that's really required is writing a wrapper that redirect all calls to /dev/hda to /dev/fake (in Windows you'd redirect the equivalent APIs). There is no way for the program to know that it's not reading the actual hard drive.
This is an arms race that evilNAV cannot win and never will be able to.
BigBrother.exe in your scenario is supposed to search hard drives for files, and report back, without users being aware of it, let alone consenting to it. There is a difference between programs which are unintentionally vulnerable to misuse, and those which are intentionally malign. Microsoft gets trouble about forcing automatic updates when users try to block that.
This invasive proposal would be used criminally. ISP's are not as technologically capable as Microsoft.
Such widespread zombificaiton would so injure internet access generally in this country as to impede commerce. I.e., the commercial interests which would be harmed by this have far more to lose than ISP's and their dead media friends have to gain. It would be a brief money tree bill (congress-critters shaking the money tree for contributions) only.
I repeat, David Schwartz has it right. The non-invasive, traffic monitoring, method is IMO what the major ISP's really want. Not to actually work as purportedly intended, but to give them an unfair competitive advantage over smaller competitors.
Consider: ISPs and Carriers could change their terms of service to state that they will cap residential “masked” traffic to some small amount (say a music CD or so worth of bits per month) – where after the cap is exceeded bandwidth for these streams drops to a trickle. Where “masked” is undefined but is likely a measure of randomness in a bit stream (suggesting encryption). Traffic to and from businesses and registered providers (IP addresses) is passed without constraint (anyone who is willing to warrant they protect IPR and host regular 3rd party audits).
For residential streams that aren’t masked, if the data is in a registered DRM wrapper or is watermarked, perhaps signed as public-domain or in the general case doesn’t set off watermark alarms, it is also uncapped. The IPR industry detectives then get to ignore the residential customers and police a much smaller set of providers, ISPs, and related services. The signatures for what’s considered masked and not, watermarked and not becomes another race between the industry and hackers, with industry winning 3 out 5 times (like satellite cable boxes), and as with cable and satellite set-top box hacking, they are able to use criminal prosecution to jail and/or deter the worst (cleverest) offenders.
Granted, Moore’s law improvements seldom accrue to the end customer directly in rented networks (sadly), but Moore’s law does make schemes like the above increasingly affordable in the network, services and billing layers.
Note that network neutrality will suffer the same fate if regulated into existence. The carrier does not need to know what traffic or type of service is transiting their network to reward locality and extract rents from those who demand timely delivery, v. those willing to wait an arbitrarily long time for delivery (i.e. where the price of service approximates the equivalent of every packet bidding for carriage as if it is were the packet that overfilled the (narrowest) pipe (of any provider along the path), and has to pay to bump the lowest bid and/or finance a fractional increase in infrastructure capacity). Note if this is the case that the only thing that can keep an unregulated carrier from demanding an arbitrarily large ROI in the presence of smart-networks is competition (not some notion of must carry implied by network neutrality).
The problem is, they won't revolt. Big, big, big collective action problem.
When people are comfortable, they really don't have much interest in protecting their civil liberties and other freedoms. My best guess is that the vast majority of people won't read the clause, won't understand it, and even those few who do read and understand it won't care because they don't think it will apply to them.
For whatever reason -- and societies like China are a possible example of this -- people who have most of their creature comforts frequently don't give a rat's ass about their personal freedom of speech, privacy, etc. They just want to be able to browse the Internet, chat with friends, etc.
T'would make for an interesting law review (or sociological) article to probe the counters of what precisely would get people to start caring and want to rock the boat.
(Example: I've often mentioned to people that remote road toll collecting systems (like NY's EZ-PASS) can be used to monitor your comings and goings, and could theoretically be used by police (or even commercial systems) to track you. The usual response? "The government and/or My Credit Card Company is perfectly welcome to know where I am at all times because I have no intention of ever doing anything wrong!")
It's not hard to design a player that plays a movie that is stored in dozens of small files. (And no, those files need not store the movie sequentially, so "water marks" will be spread across multiple files.) File extensions also don't work.
And, lots of folks have multiple computers. Even if you guarantee that the one that has net access can't persistently store "bad" files, you're going to have trouble doing the same for a not connected computer.
One fatal problem with all of these schemes is that they dramatically increase the ISP's end user support costs. They also dramatically decrease user satisfaction.
How does imposing DRM provide comparable revenue?
Back in the day, a "friend of a friend" went to Intel with a suggested CPU modification to reduce software piracy. The folks at Intel listened politely, acknowledged that his scheme was effective, and then asked "Why would we want to do this?"
As you point out, this only suggests encryption because well compressed data will have a similar signature. Simply measuring entropy of a data stream will not be enough. To make things even more difficult, it is possible to mask real entropy in an encrypted data stream by adding unneeded redundancy (reverse compression or steganography) which has the effect of increasing the number of bits sent for a given amount of data. I bet ComCast with their recent complaints about limited bandwidth would love that.
Client side monitoring fails if the client can act as a router since nothing needs to be stored locally. This is actually a well supported configuration even on Windows with its ICS (Internet Connection Sharing) functionality. Remove the router functionality and someone will use or write a proxy to replace it.
Ultimately I suspect a better approach would be to ignore the content of the data streams and just rely on traffic analysis. Unfortunately, this will not be able to distinguish legitimate traffic from unlawful traffic unless everything is client/server and block lists are used.
I agree, but I think this is where the cap and trickle changes the balance of power. If the (residential, university dorm room, ...) stream cannot be understood well enough to determine data hiding or not, it gets charged against the "CD a month" limit. P2P (residential to residential) now has an incentive to be transparent. It need not be perfect, just raise the cost illicit acquisition to something within an order of magnitude of the licit in either inconvenience, real cost, and/or risk of successful policing. Wrt policing, much of this should be a misdemeanor, equivalent to running a red light or speeding, a few hundreds of dollars per incident (thousands if in Virginia). Could make it painful, especially for teenagers and college students, by adding points to their driving license (cross domain penalties). “Deny someone else their freedom (to contract), lose your freedom (to drive).”
("Speaking of driving" :-) traffic analysis will certainly be an important component of approaches like this (reducing false positives), as well an interesting class of inference engines, similar to those that rank credit card fraud likelihood ("which ten customers should I call next?") And taking the long view, as IPV6 emerges and IPV4 rusts out, policing will have markedly improved attribution.
It's important to keep the miscreants guessing (not disclose the detection algorithms or answer the “Why me and not him? It’s not fair.” questions, and when discovery or equivalent causes a disclosure have 10s of alternatives ready and more under development). Eventually the system will come to some equilibrium - a balance of false alarms, help-desk costs, inventory "shrinkage,” and improving returns to those who create and finance intellectual works (v. today’s decreasing returns).
I received a Call on Monday of this week from one of there technicians. He left a message stating it was in reference to the download of copyrighted material. I called him back on Tuesday and asked to what he was referring exactly. He said that I had downloaded Harry Potter the Rise of the Pheonix and was storing it on my computer. I then assured him I was not and asked him to find out exactly when I supposedly downloaded this and get back to me. Knowing full well that I did not have this file. I told him when he asked about it that, yes I did run P2P occasionally.
He called back 2 days later and left another message stating that I did indeed have that file on my computer and I had to remove any P2P and this was my first warning. I intern called said rep for the ISP and left a message that, I did not have said file(which I didn't) and that I would remove the P2P as a precaution.
Over the last 2 days I have read hours of posts because of this. It brought to mind the whole legality of my situation. And I think this is the place to ask the readers for help.
P2P software is legal. This I found out and they(ISP) had no right in telling me to get rid of it. To what extent would an ISP have to go to to tell someone exactly what they had downloaded? And how many laws would they have broken doing it?
One more fact. My contract with said ISP ran out already, so there is no legally signed contract. I am month to month.
I posted because there was no examples and I thought mine fit exactly. All help appreciated.
Unless you have some sort of personal knowledge of the internals of your P2P software, there's no way to know exactly what's transiting or being cached on your machine. Meaning if all you’re caching is a portion of the directory that points to pieces of illicit content in the cloud and someone uses your directory entry, are you or are you not complicit in the theft? In a real sense you've become an ISP because you're serving bits no differently than, say, youtube. Skype is an example that is explicit about its borrowing of resources from customers. So you and the ISP could both be right.
And since the ISP is legally required to pursue IPR complaints, he likely put a network monitor on your connection's traffic and perhaps saw a directory entry transiting your wire. If not watermarked data. (I suspect IPR owners are seeding lots of watermarked / discoverable data into the pirate nets given they've little more to lose.) You could do the same when you’re running P2P software to see what other purposes your link has been put to use.
Makes for an interesting legal discussion. If my garage is used by, say, pedophiles because I promiscuously hand out keys but choose to keep my eyes closed, do I have any liability? Or if I hand out keys to others’ garages? Perhaps it's not me, and I can defer to the people that, say, I contracted with to build my garage who said "we'll build it a bit bigger and not charge you if you let us arrange for others to occasionally use your garage. In addition, if you need a garage anywhere, we'll let you use someone else's nearby."
I suspect the judge and jury won’t be too interested in the nuances after the child testifies.