
One ISP says RIAA must pay for piracy protection - raju
http://news.cnet.com/8301-1023_3-10127841-93.html
======
moswald
Up until about a year ago I was data security coordinator for a very large
cable ISP. A large portion of our team's time was spent dealing with DMCA
copyright complaints.

At this point, by law, an ISP must accept copyright complaints and have a
publicly registered copyright agent (At our ISP, our team's director was the
registered agent). The DMCA gives ISPs some choice in how they handle the
complaints, but they can not be ignored. I fear this ISP owner may not be
fully aware of current obligations(I am not speaking about non-actionable RIAA
threats or future plans).

We hated this work. Our main focus was catching criminals that were committing
crimes either utilizing or against our network. With an online customer base
in the millions we would get thousands of complaints a day. If a big movie
came out on Friday, for the next week or two we could get upwards of ten
thousand a day. We feared Star Wars openings like you wouldn't believe. You
can imagine a team of 6 very techy hacker guys getting extremely depressed
spending 2-3 hours a day matching IP logs to modem MACs and finally onto a
customer.

Our only solace in this work was something that my manager made clear was a
department goal and practice. That this menial task was meant to protect the
customer base from the copyright holder's carpet bombing mentality. We kept
accurate data and because of that, were able to simply discard a large portion
of the complaints as inaccurate. When the evidence was clear, we forwarded the
complaint to the subscriber by email and snail mail. We instructed our
subscribers to not contact the copyright holder to discuss it as this would
just enable the holder to get identifying info(name, address) without a
subpoena.

We also warned our customers that after a single complaint the copyright
holder may subpoena our records and take them to court. Out of the almost
million complaints a year, I saw an insignificant amount of cases ever go this
far. The DMCA complaints were largely a scare tactic and often nothing more.

I was not privy to any knowledge of the compensation we received for
completing this process, but did gleam from over hearing from the higher ups
that we did indeed receive some money for the process or were in process of
creating contracts to do so. I wish I had more info on that aspect to share
with news.y.

The guys doing this work hate it, but the law forces it onto them. Until the
laws change, no security department is going to bend over backwards for these
guys.

It was an amazing and exciting job despite this issue.

On a lighter note, for your random facts file, the movie "Mean Girls" was the
number one infringed file for 4 years running. Lots of laughs were had seeing
what kind of weird and random stuff the people were downloading. Fun times.

~~~
tlrobinson
_"You can imagine a team of 6 very techy hacker guys getting extremely
depressed spending 2-3 hours a day matching IP logs to modem MACs and finally
onto a customer."_

This seems like a task begging to be automated?

~~~
moswald
I absolutely agree and we did our best to automate as much of the process as
possible. There were a few problems that required a pair of human eyes though.
First, no copyright holder sent a complaint in the same format. Some sent a
simple email with a file name and ip/time stamp while others sent a long
poorly rendered xml file that was automatically sent from some contractor's
hacked torrent client. There was no rhyme or reason to the manner in which we
received the data. Another issue was file name problems. The copyright holder
would send out complaints for a user sharing the movie "Dune" when in reality
the file was only a copy of pictures taken dirt biking at the local dunes.

The automation mostly came in pulling known data like our IP block from the
complaints, and having a good IP logging system. We broke the process down to
3 steps, each very quick. A complaint only took 3-5 seconds to process, so the
issue was just the sheer volume in them.

When the end result is the possibility of a lawsuit, it is in everyone's best
interest to maintain a human element in the chain.

------
iamdave
This has "sick burn" written all over it. The RIAA wants to save their own
money by asking companies to lose their own. I'm actually rather surprised it
took someone to actually stand up and go "wait a minute" before there was any
coverage as to how much BS this is.

------
lallysingh
If the RIAA's losing so much real money over this filesharing,. then the costs
of paying an ISP to reduce it _should_ pay back in droves.

... unless they're full of it.

------
tlrobinson
_"...noting that it's especially difficult nowadays because it's extremely
easy to spoof IP addresses."_

Is it really? It may be easy to spoof the IP of _requests_ in protocols like
HTTP (assuming the networks don't filter erroneous packets), but the RIAA
doesn't typically go after people who merely download, they go after the
people who share.

It seems like it would be much harder to spoof an IP when you're trying to act
as a server (as the people who are sharing on BitTorrent and other P2P
networks are) since you need to actually receive the requests to know
what/when to respond with.

Perhaps this is one of the reasons they only go after the sharers (and of
course, to cut of the supply... like going after drug dealers instead of drug
users)

~~~
m0shen
"and of course, to cut of the supply... like going after drug dealers instead
of drug users"

and we all know how well that turned out...

