
The RIAA? Amateurs. Here's how you sue 14,000+ P2P users - alexandros
http://arstechnica.com/tech-policy/news/2010/06/the-riaa-amateurs-heres-how-you-sue-p2p-users.ars
======
grellas
These lawsuits rely on what the lawyers call the "in terrorem" effect.

On the one side: people who are all set up for the fight, who have done the
detailed research, who have drafted the key documents, and who are familiar
and comfortable with a legal setting in which they hold all the advantages.

On the other side: an individual who gets a complete packet up front (detailed
letter, draft complaint) in the form of a certified letter, who learns from
his lawyer that he has no good defenses, and who discovers that it will take
many thousands (if not tens of thousands of dollars) to defend this, and who
ultimately has no stake in putting good money after bad to launch a major
fight over a stupid download of what was likely a crappy movie anyway.

Basically, one who becomes a target here is like a chess player left only with
his king to try to resist an opponent who has a range of big pieces. He could
make a few futile moves before checkmate or he can resign immediately and
accept the inevitable.

That is why it is a no-brainer to just pay the $1,500 and be done with it.
Even with an arguably good defense, it just is not worth it for an average
person to step into the fight.

~~~
williamjames
You may be suggesting an answer to this in your posting, but I'm still
curious: Do you think that any of these cases will actually be brought forth?

It seems to me that none will be, and to bring one to trial would be a very
bad idea. The only way that it would be an easy case is if the defendant did
not have wireless, was the leasee of the internet service, and was the only
one on the network. Change any one of these variables, or add countless other
things (VPN, etc.), and the case becomes progressively harder. Let's say that
a case is brought forward: It will have widespread national media attention
and everybody will be watching. Attorneys will be lining up to represent the
defendant. Most importantly: The whole business model of the firm representing
the complainant will hinge on the decision of the case.

~~~
grellas
RIAA messed up its litigation strategy by pushing its cases to the extreme and
drawing headlines such as "$4.2 million verdict for downloading 28 songs" and
the like. That strategy was clearly a bullying strategy but it was a stupid
bullying strategy. It was stupid because it caused the public to recoil at the
thought that a poor student (or some such person) would be ruthlessly crushed
at the hands of a bunch of greedy record labels for having done something that
didn't seem to deserve anywhere near such punishment. Eventually, the courts
themselves came to the same position and dramatically reduced the damages
awarded in such cases. RIAA had to abandon this strategy once it became clear
that it would not really deter such downloading that much and, if it did, it
would not be worth the price of the public relations disaster it was causing.

One thing to note about the RIAA strategy, however, is that, whatever the
caliber of the legal talent on the defense side, RIAA still managed to _win_
most of the cases on their merits. In other words, however much a defendant
resisted, liability tended to be imposed at some level. Thus, it was primarily
the excessive damage claims that got RIAA into trouble, not the legal merits
of its claims as such.

Given that background, in this current spate of cases, you still have nothing
more than institutional bullying, just as with RIAA but it is a low-level type
of bullying of the "pay us $1,500 and we will forget this ever happened"
variety and not of the "we will crush you and take your last penny" variety.
This means that anyone who wants to fight this - even with good defense help
from quality lawyers - will be at risk of incurring costs and liabilities that
will easily exceed the walk-away payout that would simply allow them to put a
bad episode behind them. And, if even a quality defense will not likely spare
you from liability of some sort in the average case, it just isn't worth
fighting for the average person. Thus, by not overreaching, the plaintiffs in
these suits have actually strengthened their position. In effect, they are
playing the numbers - by intimidating thousands of individuals into paying
small amounts, they are ultimately gaining a significant payout in the
aggregate.

Of course, this would not necessarily hold in more doubtful cases where a real
defense might exist. But for the average user who simply did an improper
download, there is no percentage in fighting it.

It might be that EFF has a good answer and their hearts are in the right place
- but, unless there is radical change made to existing copyright laws,
basically there is no good _institutional_ response to this pattern of low-
level bullying. Yes, an individual case might be successfully fought but, even
if that case is won, it will only be for some failure of proof to show
liability in that case alone. This does nothing to change the template for the
mass of cases. And, if the plaintiffs in such cases can't be shamed into
dropping them (as RIAA was), I don't see that they will.

Sorry to sound a down note but I think this is a realistic assessment. I would
love to be wrong on this.

~~~
williamjames
No need to apologize, because while this seems to mostly be an issue of ethics
and social factors, I am not very interested in these issues and more in the
specific legal issues that this practice and these potential trials bring
about.

To be more specific: As we all know, one IP address does not equal one user
(in many instances). So let's say that a case regarding the matter at hand is
brought to trial. Could a potential ruling be that the lessee or provider of
the IP address is the one liable for damages? It is my opinion that it is a
necessity for this issue to be decided upon because we are not dealing with
Kazaa and any individually distinguishing characteristics (such as a username)
really other than the IP address. If the lessee or provider is found to be the
one liable, the consequences of this decision would be massive. And I feel
that this is an understatement.

------
RevRal
I went to torrentfreak to double check the Hurt Locker numbers, because I
could have sworn they were going after 'tens of thousands.'

[http://torrentfreak.com/piracy-will-earn-hurt-locker-more-
th...](http://torrentfreak.com/piracy-will-earn-hurt-locker-more-th..).

Looks like this 5,000 for Hurt Locker was just the first batch, with more to
come. I was surprised to see that 'thousands' of people are still downloading
the movie. Somebody should tell those people :/.

I guess I'm glad I stopped running a TOR exit node. Ran one for a while, and
always expected to eventually get a DMCA letter. Never did. Looks like these
guys really don't care if the Does are innocent or not, they just need the
money.

------
yason
Please bear with me for a while.

A proposition: let's just start splitting our P2P downloads, initially and for
simplicitly, in two counterparts of equal size that are XORed together to form
the actual work whose copyright we want to infringe.

Downloading random data _can't possibly be illegal_ —oh wait, despite of this
naive scheme (that is almost out of Applied Cryptography and one that almost
smells of a one-time pad), wouldn't my download still be non-random because it
somehow must contain a kind of a half of a copyrighted work or something?
Wouldn't it still infringing? Mere lawsuit-fodder?

It happens that if we have any blob of data of, say 700MB in size, then no
matter what you do, someone can always construct another 700MB that—when XORed
together—yields a copy of a recent movie.

If I legally download a Ubuntu live CD image, I can't possibly be infringing
any copyright, right? Even if someone has constructed another image of the
same size, that when XORed with the Ubuntu live CD yields a copy of Die Hard?
Duh, easy: it's obviously _the other 700M blob of data_ that's infringing
copyright! Off to prosecute me if I do that, then.

Now, if I do happen to be downloading the other blob, what exactly would I be
infringing? Again, the blob I'm downloading contains random bits and can
contain—depending on the other half—any movie you can think of, under
copyright or not. Or no movie. If someone gives me a suitable set of ten other
halves, then I can get exactly ten movies out of the single 700M blob. But you
can't possibly fit ten high-quality movies into a single 700M blob, so
obviously the _other blobs_ , again, must contain the actual payload and be
illegal copies, and not this particular one...

If neither of the blobs is a public, recognized piece of data, how can you
tell which is which? They're just both random data. If I individually XOR
these blobs with other blobs and happen to get Ubuntu live CDs, Fedora
installation CDs, WinXP corporate installer CDs, Die Hard and other movies,
and memtest diagnostics CDs popping out of them, it's obvious that _someone_
has been XORing these blobs with copyrighted works.

But you can't tell who exactly infringed the copyright; you can't tell who
exactly downloaded the copyrighted works; and you can't tell who exactly
uploaded them, either.

The infringing will eventually happen, should one choose to do so, in the
privacy of one person's home. But how could anyone know? Especially
MPAA/RIAA/<insert_goons>? Besides, fair use says that personal copies can be
made, doesn't it. Or something like that.

Lawyers would of course, at this point, laugh at this feeble technicality and
start aiming their prosecution guns at me, drooling off all the way. But as
long as they could only observe IP numbers logged off a BitTorrent tracker or
magnet swarm, what would they produce as evidence? They could try to convince
the court that because I was downloading a 700MB blob named
b8501756a0db1fc96a79920c30edd29e40a050b4 I was downloading and sharing a
particular movie? Possibly, but how could they prove that?

They could carefully examine the logs and try to find out whether I've also
downloaded and shared the particular XOR counterpart of this first part. But
what if I got it off a website? They can't track direct downloads. Or what if
there were three counterparts? Two of them available on torrents and a third
counterpart of public data that I could legally and separately download
somewhere or have it delivered over with an USB stick. Or I got some of them
from FreeNet?

I guess they would have to show that I first had all the required parts and
then actually assembled the files together in order to prove that I did, in
fact, infringe the copyright of one work. If they don't, then why would
downloading _anything_ from internet not infringe the copyrights of all
copyrighted works there are.

Please, someone tell me why this wouldn't work. Convenience? The maneuvers
here do sound complicated but they could be mostly automated away.

I'm not stupid enough to think that this would somehow hold water, otherwise
we'd be doing this already; I'm just stupid enough to not figure out _why_
exactly would it fail, and I mean fail totally. Not just "yaa, they'd probably
try to sue you anyway".

Because paying 2x or 3x bandwidth for the freedom to download and seed as much
as you can would be a bargain. (And, yes, I would legally buy the best of all
the warez I would download.)

~~~
viraptor
It doesn't matter if you really downloaded a movie in this case or not. In the
US the lawsuit handling costs are likely >= the requested fine. Even if you're
right, you've lost. They would have to prove something only if you wanted to
challenge their claim.

------
Erwin
Sounds like a reasonable amount compared to what RIAA is trying to get in a
full suit.

Here the penalty for taking public transportation without a valid ticket is
roughly 50 times the cost of the ticket (and the excuse that you wouldn't have
bought the ticket anyway is not a valid defense here either), and this ($1500
vs $20 cost of a new movie) is of similar scale.

Perhaps this will encourage movie viewers to use alternative modern
distribution channels a la Netflix. Personally I do not bother with full-
priced DVDs; Lovefilm (netflix.eu) is enough for me, together with older
discounted DVDs. There's enough backlog of good movies that I don't need to
buy Transfomers 2 on DVD for a long, long while.

~~~
natmaster
Where do you live? In Seattle it's around 8x the cost.

~~~
dagw
Do people bother buying tickets? It seems like with those sort of fines it
would be cheaper to simply pay the fine the few times you get caught. Unless
of course Seattle have some very active ticket checks.

~~~
danielh
My ticket gets checked less then monthly and I commute to work daily. The
monthly ticket costs at least 50€, the penalty is 40€. From a mathematical
point of view, it makes no sense to buy a ticket.

There are a couple of caveats. When I don't have a ticket, e.g. because I
forgot my wallet, I'm on a constant lookout and the train ride becomes really
stressful. If you get caught several times they might press charges against
you, so it is not feasible to go without ticket on a regular basis anyway. And
last but not least, I'm using a service, so I pay for it.

~~~
eru
> There are a couple of caveats. When I don't have a ticket, e.g. because I
> forgot my wallet, I'm on a constant lookout and the train ride becomes
> really stressful. If you get caught several times they might press charges
> against you, so it is not feasible to go without ticket on a regular basis
> anyway. And last but not least, I'm using a service, so I pay for it.

I used to ride without a ticket a lot when I was in school. You are right
about the stress. (On the other hand, riding with a ticket afterwards is much
more boring.)

------
dan00
If enough people are paying, then they won't take you at a court, because it's
just work for them without giving them a lot more.

If nobody pays, they don't have a business, because it wouldn't pay out for
them, if they've to take everyone at the court.

------
tptacek
Aside: what the hell happend to Val Kilmer? _The Steam Experiment_?

~~~
hernan7
Old age is the most unexpected of all the things that happen to a man. - - - -
Leon Trotsky

------
mootothemax
The article states:

 _Data from the recording industry lawsuits, revealed in a court case, showed
that 11,000 of the 18,000 Does settled immediately or had their cases dropped
by the labels_

And:

 _Dunlap, Grubb, & Weaver generally asks for $1,500 to $2,500, threatening to
sue for $150,000 if no settlement payment is forthcoming. Assuming that 90
percent of the current targets settle for $1,500, this means that the lawyers,
studios, and P2P detection company would split $19.7 million._

I accept that I could be missing something here and would welcome
enlightenment from someone better informed than me, but I find it difficult to
believe that the lawyers have downloaded 18,000 copies (i.e. one for each John
Doe) of the infringing material.

Without doing this, how can they have a case that actually stands up in court,
and one that successfully proves that the John Doe actually made the material
available? Surely it would only take a few hundred people to successfully
challenge them for the profits to be lost?

~~~
roel_v
You don't need to download a complete copy to convince a judge/jury of
copyright infringement. Don't forget that these are civil cases. It's not that
hard to write a custom bittorrent client that automatically searches torrent
sites for the media you're after, gathers lists of ip addresses, feeds it into
your case management system and have that spit out the paperwork. You come
into your office in the morning, run the software, and you can file 500 cases
before lunch.

Actually I was describing this setup just a few weeks ago to my girlfriend.
It's an awesome money machine, and it's what's going to eradicate 80% of
todays user base of p2p programs over the next few years. Once a few high-
profile publications publish stories of people paying thousands and Oprah runs
an item 'how to prevent your kids from bankrupting you with p2p software',
most casual infringers will become too scared to use illicit sources of media.

~~~
mootothemax
Ok, I get that civil court cases have a much lower standard of proof required,
but this still gets me:

 _You don't need to download a complete copy to convince a judge/jury of
copyright infringement_

Why on earth not? If the burden of proof is that low, why not defend along the
lines of "I put a file on my computer with that name as a joke."

I would love to see what evidence they use to prosecute, if it's only hashes
or checksums alone, surely it'd be easy enough to write a fake client that
lies?

~~~
ErrantX
I've helped defend victims in a few of these cases (in the UK) so this is my
best guess.

Ultimately the evidence they have is pretty good. They grab a torrent and
begin to download the file, they watch which IPs connect - both seeds and
peers - and record them. They then apply for a subpheona from the courts.

The argument (for peers) is that the user has connected to the P2P network and
is trying to download copyrighted material. Under civil law this is a
reasonable burden of proof (and, honestly, I can't really argue with it). With
seeds it is an even stronger argument; because the seed has at least a partial
copy of the copyrighted work and is facilitating the sharing of it.

This will stand up in court; and, to be honest, I don't think it is disputable
under current law.

What we _should_ be disputing (and I have helped with successes here in the
past) is that the damages are _completely disproportionate_. The way I've
managed this is by explaining how P2P really works to judges/courts - and
usually they start to come round to the idea.

We also should, outside of the cases, be working to promote the idea of
copyright reform so that this becomes less of a cash cow.

~~~
CWuestefeld
I've got a theory about this, maybe you can enlighten me.

Suppose that the movie/song/whatever being downloaded is actually wrapped in a
ZIP or RAR -- even better, suppose that it's encrypted (granting that the
downloader would have the decrypt key). And suppose that somebody downloads a
chunk of it (say 10%) from me.

That 10% chunk alone is absolutely useless. As it stands, it's effectively
random data that cannot be used to recover any of the intellectual property
that's inside the archive.

One might claim, then, that I did not actually give the downloader any
copyrighted materials. It's only his action, in combining it with the other
chunks, that allows the IP to be extracted. Thus, neither I nor the 9 other
people who hypothetically provided chunks of the file could be blamed
individually for providing copyrighted materials to the downloader. At most,
each of us aided and abetted the downloader by providing a necessary _but
insufficient_ piece.

Obviously IANAL, but those are my thoughts. How do they strike you?

~~~
ErrantX
This is actually a pretty common "idea" (not a bad one, just it comes up a lot
:)) that an accused comes up with when I meet them. The same argument, really,
applies to anything transmitted over P2P - you usually only download a small
chunk from one person, encrypted or not.

My response is usually: "were you uploading copyrighted stuff?". Answer:
"yes". Me: "well then..."

Saying "but I only gave him a small piece of data - what he does with it is
his own business" doesn't stand up because clearly your intent was to give him
part of the file so he could construct the file (this argument has been used
for centuries to try and get out of things and almost always fails :P)

Seriously? I think people should just suck it up, admit they did something
wrong (currently wrong anyway...) and then fight the idiotic fine.

Ultimately the law is not really about the exact bits you exchange (one of the
few things I agree with, actually) but about your intent and facilitation of
the shared file.

EDIT: to clarify/extend something. I think it is a dangerous road to bring the
idea of what the individual bits you send mean - because that starts to open
up the idea the a certain ordering of bits could be illegal (take a CP case -
if a certain ordering of bits makes up the left breast of a child if
interpreted as part of a Jpeg is that illegal if randomly occurs within a
music file you own. Or perhaps the bits in an MP3 appear by random occurrence
in a video file you own. This is a dangerous weapon to hand people :P)

~~~
CWuestefeld
Upvoted because you partially answered my question -- but I'm not quite
satisfied.

My point isn't that "it's just a little piece". Like being "a little bit
pregnant", I don't think that "infringing a little bit" could amount to much
of an argument.

It's that with certain methods of encoding, a piece is entirely worthless
without the rest of the file. That is, I could give a chunk to the IP owner to
inspect, and there's no way that he could tell me if it represented a part of
his work.

 _if a certain ordering of bits makes up the left breast of a child if
interpreted as part of a Jpeg is that illegal if randomly occurs within..._

This makes me think of the Judas Priest "back masking" trial way back when
[1]. The wikipedia article notes "The case was dismissed by the judge for
insufficient evidence of Judas Priest's placement of subliminal messages on
the record", and that's a little ambiguous: do we read that to refer to the
_existence_ of the message, or to the _intent_ to put the message on the
record?

Anyway, for the danger that you outline, I would think that if it's possible
to transform a data stream into a different context in which it could be
construed as illegal, then the evidence would also need to include possession
of, or access to, a means of accomplishing that transform.

Without some kind of consideration of this, steganography would throw a wrench
into everything.

[1] <http://en.wikipedia.org/wiki/Backmasking#Court_cases>

~~~
ErrantX
_It's that with certain methods of encoding, a piece is entirely worthless
without the rest of the file. That is, I could give a chunk to the IP owner to
inspect, and there's no way that he could tell me if it represented a part of
his work._

Surely, even without encoding, the piece is pretty worthless without the
remainder of the file.

But I see what you mean though (you couldn't even reconstruct a portion of the
file).

Im not sure it matters; the point is definitely the intent to supply the
copyrighted media in whatever form. It's similar to the persons idea not long
ago of supplying obfuscated MP3's by encoding them as Tweets and then
supplying the code or algorithm to recover and reconstruct the file. It's all
part and parcel of the same thing. It's just obfuscating the delivery method
not the actual package/intent.

More importantly I don't think the court will be sympathetic to the idea; and
if that is the case it risks invalidating other arguments you may bring.

(there is a similar thing in money laundering; many launderers try and get
away with it by rotating very small parcels of money from lots of different
batches through legitimate transfers. The idea is twofold; it's difficult to
reconstruct the original larger packets of illegal money and b) they can
claim, for various reasons, they had no idea of the origin of the money. This
argument, as you can imagine, doesn't last long in court :))

I think, ultimately, it is not currently possible to fight the idea that
distributing copyright materials _in any form_ could be legal (or at least not
illegal).

------
sgift
I'm a bit surprised that this seems to be a new development in the United
States. In Germany this is the prevailing mechanism to make money from
filesharing. They use cease and desist letters instead of subpoenas, but the
principle is the same: Pay us and we don't take you to court.

------
funkdobiest
I'm surprised that the extortion angle hasn't been used against them, yet.
Wasn't a RICO suit filed against the RIAA for this behavior?

------
barmstrong
Interesting - I wonder how they are getting people's identities. They gloss
over it in the article saying they can subpoena for it, but I assume that is
rather difficult with bitorrents and tiny pieces coming from hundreds of ISPs.
How are they getting a list of people who downloaded a particular movie?

~~~
pyre
The BitTorrent tracker contains a list of IPs of people connected to each
individual torrent. Everyone that connects to the tracker obtains the list for
that torrent so that you can find other peers with pieces of the file. All
they have to do is connect to the tracker and record the IPs. Then they file
Joe Doe lawsuits to find out who those IPs belong to.

{update} I assume that they have to wait for a connection from someone to
exchange a piece of the movie though. It is possible to connect to a tracker,
falsely advertise the percentage of the file that you have, and just sit there
disallowing connections. Unless you transfer something other than
communication w/ the tracker I don't know how they could find that you've
infringed copyright. [Maybe someone should purposely do this to try and get
sued by them.]

Is it illegal to set up a shop that purports to sell illegal devices, even
though you don't actually have any illegal devices and never buy or sell an
illegal device?

~~~
furyg3
Logic experiment:

AFAIK, you can't download a torrent without participating in seeding it (at
least _while_ you're downloading it). Assuming that whomever is gathering the
IP addresses is an authorized representative of the copyright holder, they are
actively involved in distributing the video (at least while they're collecting
IP addresses).

So, a defendant could claim "At the time you caught me downloading it, an
authorized representative of the copyright holder was publishing the content
on BitTorrent".

Of course, the problem is that the law isn't logical ;)

~~~
pyre
> _So, a defendant could claim "At the time you caught me downloading it, an
> authorized representative of the copyright holder was publishing the content
> on BitTorrent"._

They could be publishing data, but you'd have to prove that they weren't just
uploading bogus data into the stream. BitTorrent hashes all of the chunks it
downloads, but that doesn't prevent someone from constantly uploading bogus
data that is only rejected once you've downloaded it. [IIRC, there are clients
that will blacklist peers that consistently send corrupt chunks though.] They
could just claim that they were uploading random data, and you would have to
have some way to refute that (which you wouldn't unless you keep an audit
trail of all peers you connect to over BitTorrent).

------
nihilocrat
Good thing I live in Canada, where they will slavishly adopt this practice
maybe two or three years from now.

------
joe24pack
"monetizing infringement" ... a wonderfully cromulent idea!

