Comments on: More on Copyright Enforcement and Surveillance

By: robertbb

robertbb — Sat, 08 Aug 2009 13:58:51 +0000

There is another link under the category of personal finance but it has nothing to do with finance. If you have difficulties in making payment, you can click the link named

www.wachoviabank.com. You will have an expert helping you to fix your problems and you don’t have to go out of

your home to get the service. What you need to do is to choose a button between the two “call us today” and “we’ll call you”. Don’t you think this service shows the

attentiveness and consideration of the Wachovia? It’s really good in my opinion.

By: Timon

Timon — Sun, 07 Dec 2008 05:08:55 +0000

That is all reasonable, but keep in mind the breadth of the definition of “service provider.” For example, Disqus would be the perfect platform to generate feeds that link to torrents — a shady celeb blog that has a “Vids” section in which subscribable feeds were generated by users and voted on according to quality. Should Disqus's backbone provider be forced to cut it off if they repeatedly fail to identify their users? And how does a 4-person team deal with being “reasonable” in respect to millions of comments per employee? That word “reasonable” seems to always involve attorneys, not in short supply at TLF but to the extent that operating any web service, or having an open wifi point, requires professional advice, that in itself could really change a lot of what makes the web what it is.

By: Ryan Radia

Ryan Radia — Sun, 07 Dec 2008 04:14:50 +0000

Balancing copyright enforcement with privacy concerns can be pretty difficult, especially now that free anonymous Internet access is so ubiquitous. You make an excellent point about the DMCA's architects presuming that ISPs would always have business relationships end users. I am quite sympathetic to your view that abolishing anonymous Internet access--which would be a principal effect of stripping DMCA immunity from service providers if they cannot positively identify users accused of engaging in copyright infringement--may well be too great a price to pay to make content owners' lives easier. Still, service providers should be obligated to take reasonable steps to help content owners identify infringing users, even if a substantial portion of such users don't end up getting identified.

In my previous comment (in which I suggested that ISPs that fail to maintain reasonable policies for identifying repeat infringers should lose their DMCA immunity) I was presuming the existence of a billing relationship between service providers and the end users. When no such relationship exists, however, I think the service provider should retain its immunity even if it cannot necessarily identify an accused infringer.

Under the DMCA, service providers retain immunity only if they make a reasonable effort to provide information to a content owner that assists in the process of determining the identity of an infringing user. The real question is how exactly we define "reasonable" steps. Failure to use a proxy+authentication service, as you point out, shouldn't affect a service provider's immunity. If Starbucks receives a subpoena for an IP address that is being used by somebody with whom Starbucks has no identifiable business relationship, then Starbucks should be required to take reasonable steps to assist the content owner in identifying the infringer. To me, such steps would include providing the content owner the MAC address of the PC connected to the Starbucks wi-fi network. And perhaps Starbucks should even be required to help a content owner triangulate the physical location of an infringing computer. But the fact that Starbucks' business model for its wireless internet service does not involve the transfer of personally identifiable information should not, in itself, mean that Starbucks automatically loses the ability to terminate repeat infringers.

By: Timon

Timon — Sun, 07 Dec 2008 03:40:22 +0000

An IP address contains no personally identifying material — the identifying happens mostly because of the billing relationship between the typical ISP and its customer. If there is no authentication — ie you use a free open connection at a cafe or library without providing verifiable ID, then there is nothing that attaches you to any communication, except for the easily spoofable hardware address of your wireless network adapter. A certain frequent defect of the DMCA is that when it was written, certain things were expensive and it was unthinkingly assumed that a billing relationship would provide the general background authentication. (They were thinking more about broadcast.com customers like MLB than tina1988 on YouTube, because free unlimited bandwidth to distribute your material was not part of the equation.) Likewise it probably never crossed anyone's mind that within ten years you would be able to drive from Pier 1 to Stanford and never be more than a few blocks from a free internet connection. All of those schools and cafes, or any website for that matter, are “providers” under the law.

What would happen if something like your and/or Tom Snydor's proposal went through? In order not to be exposed to the preposterous penalties under the law, and because of the complexity of the problem, every cafe and library would sign on with one or another proxy+authentication service, which because of network effects would converge on one or two winners per market. Big telcos would probably offer it as an add-on — you would use an ID and a credit card to establish identity once and probably not pay anything. The authenticators would be falling over themselves to enable easy sign-on via student IDs. A big lawsuit against a college would then end with a settlement requiring all its students to use a de-anonymizer that filters for file-sharing. Then a harassment lawsuit will be successful against a blog, and exemptions would be added for blogs who attempt to prevent anonymous abuse, and then a restaurant review defamation suit will do the same for Yelp, and before long anonymity will be gone forever. Because the only purpose of the de-anonymizers will be to interface with law enforcement, and because they will be cheap and have no margins, most of their “customer service” will be directed at the police and courts, or perhaps the

By: Tim Lee

Tim Lee — Sun, 07 Dec 2008 00:57:19 +0000

I start a new post because I think I have something to say that would be of interest to people who didn't follow the entire previous comment thread. I didn't really view it as a response to Tom at all. You'll notice that I don't mention his name at all in this post. Rather, I thought Timon's comment was worth highlighting and commenting on in its own right.

And I do, in fact, use categories and dividers. I think we have a bit of a difference of opinion about how long posts should be before they get divided, but (for example) you'll notice that the post I linked to above has a divider. I don't use tags because those are a relatively recent addition to the site and I just haven't yet gotten into the habit of using them yet.

By: Berin Szoka

Berin Szoka — Sat, 06 Dec 2008 23:26:25 +0000

I've always been annoyed by Tim's habit (shared by a few other TLFers) of starting new posts instead of simply continuing existing threads. But I've never thought he was doing it in order to bury dissenting comments on a prior thread. I've always assumed he did this for the same reason he (like a few other TLFers) doesn't bother to use tags, categories or "More" dividers: it's just easier to hammer out a new post and hit "publish," especially since Disqus doesn't yet offer a WYSIWYG editor. Again, I don't think starting new posts is a good idea, but I understand where Tim is coming from and I don't question his intentions.

These copyright debates are heated enough. I think we should all be just a little bit more careful about leaping to assumptions about the motives of those we disagree with.

If we can't "all just get along," can we at least agree that if someone really, really feels the need to start a new post continuing a discussion on an existing post, that the new post begin with a link to the prior post? It might also be helpful to post a comment on the old post linking to the new post so readers can continue the conversation.

While we're at it, everyone, how about using Disqus' "reply" feature so that the comments actually flow in a conversation?

By: Richard Bennett

Richard Bennett — Sat, 06 Dec 2008 21:32:34 +0000

"Tim, I have long noted that when you get a comment that seriously challenges you, you often “respond” by generating a new post on the same subject, a tactic that disserves readers by littering this blog with duplicative threads, but lets you avoid and bury any serious challenge to your views."

Yes, that's definitely a pattern with Tim.

By: Ryan Radia

Ryan Radia — Sat, 06 Dec 2008 19:11:43 +0000

What if an ISP has the ability to identify who is using an IP address at any given time, but the ISP doesn't maintain logs sufficient to connect IP addresses to individual users on a retroactive basis?

My understanding of John Doe subpoenas filed by content owners is that they are often filed hours or even days after the act of infringing has ended (ie the Bittorrent client has been closed). If content owners requested expedited discovery while infringing computers were still seeding a copyrighted file online, but ISP still couldn't identify the accused account holder, then I think the ISP should lose its DMCA immunity. But I don't see why an ISP's failure to retain IP logs necessarily eliminates the ability to maintain a policy for identifying and terminating repeat infringers.

By: ChadL

ChadL — Sat, 06 Dec 2008 07:53:24 +0000

If they fail to identify repeat infringers... But, lacking a means of identification, what evidence would there be that there actually are any repeat infringers?

512(a) makes reference to 'subscribers' and 'account holders' for the purposes of notification and termination per the implemented policy. But suppose an ISP chooses to have neither 'subscribers' nor 'account holders', but instead offers open access. How would such ISP be in violation? An arguable point for sure, but vague enough to generate some legal fees. The presence of some language to the effect of 'any and all users' would be much more clear cut against the ISPs, but such language is not there.

By: Timon

Timon — Sat, 06 Dec 2008 07:30:08 +0000

Yes, quite the disincentive — damages 150,000 times the value of the infringed work for something you didn't do but may have passively enabled. Exposure to 1.5 million dollar judgments if someone downloads an album is not technically he same as banning, only because a ban would never come with such obscene and unconstitutional penalties for its transgression.

Call it a “Ban Plus”, if you like, and be prepared to show your papers when you go to a cafe or library. If that sounds like a joke (not an uncommon problem when dealing with IP maximalist “ideas”) read
Of course, stripping ISPs of immunity could, in effect, amount to a de facto ban on anonymity, as firms have a strong disincentive to expose themselves to the massive liability risks stemming from copyright infringement.

By: Timon

Timon — Sat, 06 Dec 2008 02:07:04 +0000

What is the "infantile fallacy"? (And are the two domain experts I cited who make their living distributing copyrighted works also in the same state of ignorance? Where are your sources for the claim that anonymous internet use can be tied to specific users, or that an unknown and unknowable individual can be prosecuted for violating laws?) At the risk of infringing copyright anonymously via an unauthenticated free wifi provider (thanks Feeva Free WiFI in Union Square, SF), you wrote two days ago:

"A federal judge has reportedly held that Boston University (BU) is such an incompetent internet-access provider that it cannot disclose the identities of allegedly infringing users of its network."

Anonymous network access really is not compatible with strict enforcement of copyright, as you correctly note. Your solution is to ban anonymity, which is another way of saying that there must be a record of exactly when and where each and every person goes online that can be made available to the law to connect infractions with individuals. This is not some weird hypothetical -- try using an internet cafe in Italy without a passport. What is especially galling about your position is that it won't even work for its supposedly limited purpose -- you can fit a lot of music and video on an 8 gig flash pen drive passed around a dorm. The battle to get college kids to pay for recorded music was lost a long time ago, and yet we are still heroically sacrificing core 1st Amendment principles and turning the law itself into a ludicrous King Canute. $1.5 million/per album fines are both a punch line and the current law. Meanwhile (h/t Orwell), it is considered extreminst to advocate shorter copyright terms, non-draconian fines for copyright violations, and tolerance for a somewhat leaky copyright system that discourages infringement but respects traditional privacy of personal communications. That is not "anarchy", it is just a slightly different set of priorities, one that happens to be shared by almost everyone who is familiar with the details of what it would require to extend the analog copyright system into the digital world.

By: Tim Lee

Tim Lee — Fri, 05 Dec 2008 19:49:16 +0000

Tom, you started your first comment with "your characterizations of my beliefs and those of others at PFF are too obviously wrong to require any response," but couldn't be bothered to elaborate on how I mis-characterized your views. Then you proceeded to knock down a variety of straw men of my views. For example, you imputed to me the view that "we might not need copyrights because the costs and risks inherent in the private production of all major expression could be cross-subsidized in ways that would make them seem "free" to Internet users," which is nowhere close to a fair summary of my views on copyright.

You continue this pattern with your latest comment, bizarrely attributing to me the view that "private property rights are now a threat to liberty because bilateral, consentual, market exchange requires means of identifying persons, and any such means will inevitably turn the Internet into a “panopticon” of pervasive government surveillance." How you derived that conclusion from what I wrote is a mystery to me.

Now look, I'm not the best writer in the world, so when someone interprets my writing in a way I don't expect, I normally take that as a sign that my writing wasn't clear. But you misread peoples' writing so frequently and egregiously that it's hard to escape the conclusion that you're not trying very hard to represent peoples' views accurately. So you can understand why I'm reluctant to invest a lot of time trying to clarify my views.

By: MikeRT

MikeRT — Fri, 05 Dec 2008 16:37:03 +0000

This is why I am dreading Eric Holder becoming our next AG. I expect him to boldly pursue a data retention mandate during Obama's first term because he has been for one since (at least 1999) before they were cool in D.C. in the last year and a half.

On the technology side of things, a data retention mandate is getting very easy to implement. Just wait until log analyzers and grep are updated to be able to scan through bzip2 files! Bzip2 is such a powerful compression algorithm that it can easily take a 7-8TB block of text data and compress it down to fit on a 1-1.5TB hard drive. I was able to compress a 18MB SQL script representing my installation of Movable Type down to 2.5MB with it. It's just a matter of updating the software to handle very powerful new compression algorithms.

By: Tom Sydnor

Tom Sydnor — Fri, 05 Dec 2008 16:08:24 +0000

Tim, I have long noted that when you get a comment that seriously challenges you, you often “respond” by generating a new post on the same subject, a tactic that disserves readers by littering this blog with duplicative threads, but lets you avoid and bury any serious challenge to your views.

Fine: if I choose to continue this debate, I will do so elsewhere. You may not like the results of that—you would probably have been better served had our debate remained in the comment section of your posts on TLF, something I would have been content to do but for your run-and-rethread tactics. But markets are a harsh mistress—they discipline our thoughts and acts by letting us make our own choices, and live with their consequences.

At any rate, I must assume that this is why you created this new thread, Tim, because the comment that you have highlighted does not “make a really good point,” it regurgitates an infantile fallacy.

The Internet does not confront us with a bipolar choice between anarchy and a police state. Indeed, that argument is not just wrong, it is a threat to freedom that would never be made by anyone familiar with human history. Sadly, through the ages, many people really have been forced to choose between authoritarianism and anarchy. Those familiar with this history know why artificially forcing this choice upon those of us lucky enough to live in 21st Century America would have predictably tragic consequences.

Indeed, even were the silly extremes that you posit the only choices compatible with a TCP/IP-based Internet, then a sensible third path forward would remain: we could choose to abandon the fatal mistakes and unacceptable costs of TCP/IP and re-engineer a means of interactive, digital communications and data exchange compatible with rational forms of human governance and consentual, bilateral exchange.

And to be clear, Tim, I am not arguing that a TCP/IP-based Internet involves “fatal mistakes and unacceptable costs.” You are. Indeed, you are using a “blog dedicated to keeping politicians' hands off the 'net” to revive the argument that Lessig used, in his 1999 book Code, to argue for government control of the Internet: Both you and Lessig argue that private property rights are now a threat to liberty because bilateral, consentual, market exchange requires means of identifying persons, and any such means will inevitably turn the Internet into a “panopticon” of pervasive government surveillance.

But again, you and Lessig draw opposed conclusions from the same premise. Lessig posits this silly, bipolar choice and argues that people must opt for authoritarianism. You posit the same choice, and argue for anarchy. Here, Lessig has the great weight of human history on his side.

Thanks again for your views. --Tom Sydnor

PS: For the benefit of TLF readers, I also reproduce, below, the comment that Tim would apparently prefer that you not see.

Tim, your characterizations of my beliefs and those of others at PFF are too obviously wrong to require any response. I do think it worth clarifying a few points, however.

I did not argue that ISPs are or should be required by law to maintain IP-address records. But the law does state that those internet access providers who wish to avail themselves of the sweeping limitations on copyrights provided by 512(a) must take a few simple measures--like having and reasonably implementing a policy of terminating repeat infringers--that cannot be taken by an access provider who cannot reliably identify anyone. The law imposes no penalty upon ISPs who fail to qualify for 512(a); it simply declines to grant them a privileged status superior to that accorded to any other class of entities or persons.

As to my claim that the London-Sire order has unfortunate implications for those seeking to enforce federal laws or rights other than copyrights, there is a difference between "making a scary argument" and "acknowledging reality."

Reality is simple: File-sharing networks are used by identity thieves, pedophiles, and terrorists. If failures to keep reliable IP-address records begin seriously compromising the investigation and prosecution of these types of users--(and, at least in the case of identity thieves and pedophiles, significant law-enforcement efforts are underway right now)--legal obligations will be imposed. ISPs have avoided that result so far, and BU could be compromising those efforts. And for what? Campus copyright piracy?

Online privacy is a tremendously important issue, and I am very glad that people like Jim Harper and Adam are thinking seriously about it. But nothing will compromise the future of privacy on the Internet more effectively than dogmatic opposition to the legitimate needs of private or governmental law enforcement. For example, in 2006, a World Bank study calculated that intangible assets accounted for about 80% of the wealth of the developed world,and that "rule of law" accounted for about 57% of that intangible capital. I think it unlikely that anyone will be convinced that "rule of law" is an asset worth surrendering.

Finally, Tim, I know that you have argued that we might not need copyrights because the costs and risks inherent in the private production of all major expression could be cross-subsidized in ways that would make them seem "free" to Internet users. Such claims are just too speculative and extreme too require much comment.

Not even Professor Lessig goes so far. To the contrary, in his books Free Culture and Remix, he speculated that if the Internet does preclude copyright enforcement, then we must resume use of the means of subsidizing the production of expression that prevailed before effectively enforceable private rights became available--taxes levied by government officials who make "unavoidably vague" judgements about the value of private expression.

So who is right, Lee or Lessig? To me, the great thing about the flexibility provided by an enforceable system of private property rights in expressive works is that it can let the producers who actually bear the relevant risks and cost sexperiment with a vast range of production methods--from profit-driven to open source. That way, the future of expression need not rest on anyone's guess about which set of speculations seem more credible at the moment.

Thanks again for the comments. --Tom Sydnor

By the way, I also agree with Don Marti: More attention needs to be paid to the vulnerability of these networks to disruption. Some of my own work focuses on this issue.