Tuesday, February 21, 2017

Three things filesharing copyright enforcers may do but refuse to tell you

Note: The blogster has a simple minded opinion of the German "cease and desist" industry: a truly awful collection of techies and lawyers. So, don't expect a valiant defense of them. Also, pirating music, games, and videos is wrong, and illegal. And dangerous beyond evil lawyers.

In this post from 2013, we wrote about a half hearted attempt to reign in abuse by copyright holders and their assistants.

Since then, the blogster heard stories of people being pestered for months or years with payment notices.

It* also encountered a gut wrenching story of a lawyer roping in helpless clients by promising to defend them against claims for a couple of hundred Euros, only to send a bill of over 1 400 Euros later. The fleeced client got his act together and sued the greedy lawyer.
The court sided with the client but still made him pay 400 Euros as (said the gentleman) "a lesson to not sign a service agreement with a lawyer like that".
The initial bill actually exceeded what the copyright ghouls had asked for in fees and damages in the first place, which was just under 900 Euros.

Apparently, around 900 is the going rate in Germany these days, with roughly 200 as fees and the rest as damages.

And we can now report that 900 is the going rate for an alleged infringement that supposedly lasted as little as two (2) minutes.

One of the blogster's common complaints about Germans is that they don't share information as freely as Americans. There are stereotypical cultural reasons for that as well as legal ones.

If you are not a journalist and put up some blog post or article that details a case, you may find yourself the target of - guess what - a cease & desist letter from a law firm saying that you engaged in giving legal advice.

Which is verboten to non-professionals.

So, for German readers: This is not legal advice. Get a lawyer.

The blogster finally managed to get its tiny hands on a real cease & desist case. This one alleges the letter's recipient uploaded a movie to the Bittorrent network. We'll anonymize the participants as follows.

The movie title is CRAP.
The studio is MOVIE.
The law firm will be DING.
The tracker company is FCKERS.

Another disclaimer: contrary to possible appearances, these are acronyms, not words that should be interpreted as having any real meaning.

So, the mail from DING contains one page that has some information. The rest? An intro sheet, a copy of a blanket court order telling the ISP to hand over data on the lease of IP addresses, the actual cease & desist declaration you are asked to sign plus the most convenient way to hand over money, a pre-filled bank transfer slip.

There is also a note offering you a discount of around 200 Euros if you pay within less than 10 or so days from the date of the letter.

That gives you just over a week, including a weekend, to react.

Sales pressure, we used to call that if we wanted to phrase it nicely.

So, what do you do?

Panic!

Yes, it is natural to panic, even though everyone says "Don't".

Just not too long. Don't call DING because their people are trained. As soon as you give them your name and number, they will ask if you used the router's factory set password.

And if you don't know what that is and blab "yes", you are done. Game over. The default password, or factory set password - which sounds even nicer because "factory set" can make you feel safe, is not what your router and you need.

You need good, long passwords for the router administration and the actual WiFi feature.
If you don't know what that is, stop reading and call a friend who can help.

The single important page of the letter also has the movie title CRAP, the studio, the exact date and time of the alleged infringement as recorded by FCKERS and a "hash value".

The name of FCKERS is not given, just a fancy software name and the assurance that courts have found it to be accurate. They may say 100% or not say it. But it is what they mean. It doesn't have to be true (and isn't) but as long as the courts believe it, it is accurate.

What next?

If you are like most people, just go to a lawyer. It should not cost you more than 200 Euros, but you'll feel a bit safer.

Mind you, this is unlikely to end the periodic begging letters, but mostly you are done.

The DIY method is more stressful but can save you the money.

The best situation for you at the time of the alleged infringement: you were not home, nobody was in the house or apartment, computers were off (or not connected to the internet).

The second best: someone was in the residence but you have done your duty and lectured the person(s) clearly about the moral turpitude of filesharing and other monkey business as well as the legal situation.

If you cannot prove you were out (at work, on vacation, out of town), do some computer forensics, i.e. try to determine if the computer was off, try to find the piece of software allegedly use to upload CRAP. Check for modified files (these things tend to write logs), poke around the system logs in obscure folders like syslog or in the swanky event logging facility of your computer.

Look for malware. Knock yourself out.

Then talk to a lawyer to defend you.

If you were not home and are certain your machine was off or disconnected, should you file a criminal complaint for hacking?

The jury is out on that. If you are 110% sure of the facts, it may be a good idea. If DING won't go away, you can inform them you filed. Don't send them a copy, though. They will think twice before dragging you to court.

If you do file a complaint, make it against Persons Unknown. Not against DING or the FCKERS. They could claim defamation and sue you to death.

And the whole thing is not really about DING and FCKERS or CRAP.

It is about you. You need to assure you are safe. State what you are accused of, state nobody was home, be done.

Don't speculate about stuff like IP spoofing or man-in-the-middle attacks unless you deal with this shit for a living. In which case your home setup may well be a fortress anyway.

This being said, there is a wonderful paper by the SANS Institute that describes Bittorrent and investigation into digital contraband.

Assume that FCKERS use some tool from these tool kits or something very similar.

That SANS paper tells us a few things:
1) FCKERS may save much more identifying information that they disclose to you. For example, This twenty-byte peer ID is generated by a peer before it joins a torrent.  It typically identifies the client software version and includes a random string (Pontes, 2009).
2) If FCKERS download CRAP, they could easily tell you exactly how much CRAP data they downloaded, in KB or MB.
3) Who knows, some FCKERS may also run honeypots, effectively encouraging you to upload stuff: In fact, it is easy to make a torrent file seem very popular, giving the would-be downloader a false sense of security because “everyone is doing it.”  If one controls the bit torrent tracker, it can be done by a simple change to the code or by manipulating the file that the tracker uses to maintain its list of peers (Berns & Jung, 2008).

These three examples of capabilities they don't want you to know have one thing in common: They are meant to screw you over.

If you knew 1), you could do some meaningful investigation of software on what typically are several devices in a household. You could strengthen your proclaimed innocence if that software existed nowhere in your household.

If you knew 2), you could ask around and find that some bloke uploaded a whole CRAP and paid the same amount of money as the poor chap who allegedly did that for 2 minutes over a really bad connection and only got say 2 KB through.
See, if the police catch you speeding, they have to tell you how fast you were going.
FCKERS don't do that, so they can charge more. Whether that is fraud or creative accounting may depend on the jurisdiction you live in.

If you knew 3), you might claim that FCKERS are aiding and abetting. Because the one thing they desperately try to avoid in civil cases is aiding and abetting. How does the blogster know that: because they repeat over and over that their tracker client does not let others download data. At the same time, not a word about messing with torrent control - they know it can be done and don't feel the need to distance themselves from it, hm?
To the blogster, there is no difference (in a civil matter) between encouraging folks to upload and handing out a few bytes for download.

[Update 2/23/2017] This article from 2009, Sniffing out Illicit Bittorrent Files, describes the network sniffing (no faux BT client) approach and issues with the approach. It quotes the tech chief of "well known" German snooping firm Ipoque (they since divested from this product, the blogster believes) and, frankly, does not create much confidence.

[Update 3/2/2017] So, the "honeypot" speculation raised in the original post - it was confirmed by a friend of a friend. Said person deals with Internet scams for a living and is adamant about the fact that some copyright enforcement outfits are running honeypots.

It is next to impossible to prove, because all you need to do is keep the operations separate, the specialist said. A phone call or two, a few meetings for lunch, and you are all set. Some companies with high profile clients are less likely to engage in this, their business is steady enough, and we don't know if they are willing to take the residual risk. But yes, honeypots are definitely being used.

[Update 3/8/2017] That didn't take long. Independent journalist Joseph Cox brought us this gem from the U.S. via his Twitter account yesterday: Crazy case: lawyers filmed pornos, uploaded to Pirate Bay. Used subpoenas to track downloaders, extort millions

* Gender neutral against the tides of time.

[Update 2//22] Added "may" back into the title. Because, well, being polite matters.

No comments:

Post a Comment