DMCA Violation?

Hello,

Has anyone seen a copy of the following email? Furthermore, has it been
determined which ISP services create a legal or equitable liability for
the ISP? God help us if providing transport to an FTP site counts as
one of the offending services. I guess it's time to turn on NBAR at the
edge routers.

This is clearly Big Brother at it's finest and a prime example of John
Stuart Mill's "Tyranny of the Majority." I apply Mill's logic here
because I doubt that the anti-DMCA crowd is packing the halls of
Congress with the rabid fervor that the pro-DMCA crowd has. I hope that
this is not the case!

Respectfully yours,
Christopher Wolff, CIO
Broadband Labs

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Re: Unauthorized Use of Universal Motion Pictures
Notice ID: 123456
5/7/2003

Dear Sir or Madam:

Universal City Studios Productions LLLP and its affiliated companies
(collectively, "Universal") are the exclusive owners of copyrights in
many motion pictures, including the motion pictures listed below.

It has come to our attention that <<ISP Name>> is the service provider
for the IP address listed below, from which unauthorized copying and
distribution (downloading, uploading, file serving, file "swapping" or
other similar activities) of Universal�s motion picture(s) listed below
is taking place. We believe that the Internet access of the user
engaging in this infringement is provided by <<ISP Name>> or a
downstream service provider who purchases this connectivity from <<ISP

.

This unauthorized copying and distribution constitutes copyright
infringement under Section 106 of the U.S. Copyright Act . Depending
upon the type of service <<ISP Name>> is providing to this IP address,
it may have legal and/or equitable liability if it does not
expeditiously remove or disable access to the motion picture(s) listed
below, or if it fails to implement a policy that provides for
termination of subscribers who are repeat infringers (see, 17 U.S.C.
�512).

Despite the above, Universal believes that the entire Internet community
benefits when these matters are resolved cooperatively. We urge you to
take immediate action to stop this infringing activity and inform us of
the results of your actions. We appreciate your efforts toward this
common goal.

The undersigned has a good faith belief that use of the motion pictures
in the manner described herein is not authorized by Universal, its agent
or the law. The information contained in this notification is accurate.
Under penalty of perjury, the undersigned is authorized to act on behalf
of Universal with respect to this matter.

Please be advised that this letter is not and is not intended to be a
complete statement of the facts or law as they may pertain to this
matter or of Universal�s positions, rights or remedies, legal or
equitable, all of which are specifically reserved.

Very truly yours,
<<Snipped>>

Hello,

Has anyone seen a copy of the following email? Furthermore, has it been
determined which ISP services create a legal or equitable liability for
the ISP? God help us if providing transport to an FTP site counts as
one of the offending services. I guess it's time to turn on NBAR at the
edge routers.

This is clearly Big Brother at it's finest and a prime example of John
Stuart Mill's "Tyranny of the Majority." I apply Mill's logic here
because I doubt that the anti-DMCA crowd is packing the halls of
Congress with the rabid fervor that the pro-DMCA crowd has. I hope that
this is not the case!

Respectfully yours,
Christopher Wolff, CIO
Broadband Labs

I have seen e-mail similar to the one you have. Without knowing more about
the service you provide, where the notice came from, and with much of the
content <<removed>> it's pretty hard to tell if it meets the requirements of
a DMCA notice or not.

If it does meet the requirements of a DMCA notice follow the procedure -
it's spelled out pretty well.

It becomes something of a gray area if you are dealing with a dialup user
running servers since you do not have control of the server.

Mark Radabaugh
Amplex
(419) 720-3635

> Has anyone seen a copy of the following email? Furthermore, has it been
> determined which ISP services create a legal or equitable liability for
> the ISP? God help us if providing transport to an FTP site counts as
> one of the offending services. I guess it's time to turn on NBAR at the
> edge routers.

Welcome to the hell that all of us Universities are in. I have no clue
if this particular email is legit, but we receive approximately 100
DMCA violation notices per day (yes, 100 per day) with a timestamp and
individual IP that violated someone's copyright. Our NetSec team has
all kinds of fun tracking each of these...

Eric :slight_smile:

Congrats. You're the recipient of a "512 takedown notice". (There exist ISP's
that haven't gotten one before? I'm amazed..:wink:

(Note - IANAL, what follows is my understanding of what the law says. If
you're worried, get competent legal advice as well).

We get about 250 of these a year. The MPAA and RIAA notices read almost
identically. 17 USC 512 is pretty clear about the ISP 'safe harbor' and what
you have to do to keep it - basically, you as an ISP do *NOT* have to worry
about content that happens to be on or go through your servers as a result of
your user's actions *IF* you take action when you *do* receive an infringment
notice (one of the *good* things about the DMCA, incidentally - fielding 250
complaints a year is a lot easier than filtering an OC12 for content and
worrying if you miss something).

http://www4.law.cornell.edu/uscode/17/512.html is the full text - it's
actually fairly readable.

All you have to do is make the infringing material not accessible - and
17 USC 512 is *very* non-specific as to *how* you do it. You can nuke the
file, you can change the permissions, you can make the user remove it - your
call. You just have to make it inaccessible, and if you have a repeat
violator, you need to have a policy that allows you to terminate them.
They even don't specify a time frame other than "expeditiously", so as
long as you aren't dragging your feet, you're probably OK.

Our standard procedure for first-time offenders is to track down the user who
has/had the IP address in question, and e-mail them a notice that basically
says "Take it down by COB today, and notify us you've done so, or your access
will be terminated".

As far as "Big Brother" goes, 17 USC 512 is *NOT* the big problem in the DMCA
(in fact, I'd say that 17 USC 512 is reasonably good legislation - it gives
the ISP a safe harbor, gives the copyright owners a clear path of action,
and 17 USC 512 (f) and (g) talk about what happens if the MPAA/RIAA/whatever
make a mistake).

If you want an example of *bad* legislation in the DMCA, go read 17 USC 1201
(b)(1)(A) - the infamous "circumvention clause". The problem is that it
prohibits you from gaining access to information you could otherwise obtain
under "fair use" (you've paid for the DVD, but you're not allowed to descramble
it so you can actually *USE* it, for example).

The last time I saw one of their "notices" they didn't meet the
requirements set forth under the DMCA for notice of infringement, making
the notices a waste of electrons.

http://www.chillingeffects.org/dmca512/question.cgi?print=yes

Have your lawyer look at it for you and given you his professional opinion
because IANAL.

Yes, the DMCA is a beast. What's even more damaging is the "Super DMCA"
that the **AA is trying to get pushed through the state governments. They
have the ability to outlaw things like NAT and VPN if you interpret them
in their literal sense. That's what's scary.

http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2003/04/28/BU269543.DTL

It always amazes me how legislation can be bought. One of these days
we're going to have to start electing officials that have a little
backbone and some semblance of integrity.

Justin

I find the DMCA works well for content stored on webpages. However, I've told all the notice senders the same thing. If they are sending reports of peer to peer, it is beyond my power. I do not have rights to the customers computer, nor do I personally have the ability to verify their claim that the information is actual infringement before cancelling the account.

For some reason, they are too lazy to request a search warrant to obtain the customer's contact information. I'm not Verizon. If the law says you are entitled to information, then you are entitled to information. The fact is, to enforce peer to peer, I'd have to have a search warrant myself to check the person's computer. Of course, I have always been aggrivated with the fact that they send out the peer to peer notices *without* downloading the file first.

-Jack

Welcome to the hell that all of us Universities are in. I have no clue
if this particular email is legit, but we receive approximately 100
DMCA violation notices per day (yes, 100 per day) with a timestamp and
individual IP that violated someone's copyright. Our NetSec team has
all kinds of fun tracking each of these...

Oops... order of magnitude typo.. that should be 100 per week...

note to self: COFFEE - get some.

Eric :slight_smile:

I prefer to take a two pronged approach to these requests.

1. If it's on a web site any they provide a link to one of my servers,
then I'll jump to the site, modify the file and notify the owner. That one
is easy.

2. Some of these letters only provide IP address and Song title or Movie
title. I'm not a lwayer, but they don't have a leg to stand on if they
don't follow the law they are quoting:

`(3) ELEMENTS OF NOTIFICATION-

   `(A) To be effective under this subsection, a notification of claimed
   infringement must be a written communication provided to the designated
   agent of a service provider that includes substantially the following:

...blah...blah

      `(iv) Information reasonably sufficient to permit the service
      provider to contact the complaining party, such as an address,
      telephone number, and, if available, an electronic mail address at
      which the complaining party may be contacted.

*** End

By my understanding, an IP address is not listed on any of that. I
don't have to waste time sifting through dialup logs, or even using an
automated process I have in place for subpoenas to answer this
request. At least if they subpoena the information they have to prove to a
judge they have a good claim. I wish I had the reference at hand, but when
they subpoena information, we bill the requestor $450 for the time to
lookup the user information. (Your Lawyer should be able to tell you the
maximum now you can request for subpoena information.)

Read the whole section 512 yourself though:

http://www.cyberspacelaw.org/dogan/dmcaisp.html

Gerald

[Snipped]

2. Some of these letters only provide IP address and Song title or Movie
title. I'm not a lwayer, but they don't have a leg to stand on if they
don't follow the law they are quoting:

`(3) ELEMENTS OF NOTIFICATION-

   `(A) To be effective under this subsection, a notification of claimed
   infringement must be a written communication provided to the designated
   agent of a service provider that includes substantially the following:

...blah...blah

      `(iv) Information reasonably sufficient to permit the service
      provider to contact the complaining party, such as an address,
      telephone number, and, if available, an electronic mail address at
      which the complaining party may be contacted.

*** End

By my understanding, an IP address is not listed on any of that. I
don't have to waste time sifting through dialup logs, or even using an
automated process I have in place for subpoenas to answer this
request. At least if they subpoena the information they have to prove to a
judge they have a good claim. I wish I had the reference at hand, but when
they subpoena information, we bill the requestor $450 for the time to
lookup the user information. (Your Lawyer should be able to tell you the
maximum now you can request for subpoena information.)

[Snipped]

Paragraph (iv) from above states the the contact information must be for the
Complaining party. Not the Offender. The Complaining Party would be, in this
case, Universal Studios / MPAA. In all the DMCA letters I have recieved,
right after the "Very truly yours," contains a name, phone number, and
e-mail address...which satisifes paragraph (iv).

Thanks,

Adam Debus
Linux Certified Professional, Linux Certified Administrator #447641
Network Administrator, ReachONE Internet
adam@reachone.com

The one similar message that I've had to deal with complained about
copyright violations from several of my IP addresses. None of those
addresses:

* were ever in used subnets
* had ever been assigned or delegated
* had ever been routed on the Internet

My conclusion is that either the complainant was incompetent, was blowing
smoke, or others have figured a way to confuse them.

Tony Rall

My mistake. Glad I'm not anyones Lawyer.

I did a little more homework, and the best I've come up with is:

http://www-2.cs.cmu.edu/~dst/Terrorism/form-letter.html

The latest I can find on subpoenas related to IP addresses is the RIAA v.
Verizon lawsuit. RIAA prevailed as far as it has been taken, but I don't
know for certain if Verizon complied yet.

My questions are:
  1. Can anyone find the provision in any law or ruling that allows the
  ISP to be compensated for the time it takes to accomodate these?

  2. In the instance that the information that ties the IP address to the
  username is removed on a regular basis, what liability do I maintain?
  (read: Is ignorance a viable answer?)

Gerald

My questions are:
  1. Can anyone find the provision in any law or ruling that allows the
  ISP to be compensated for the time it takes to accomodate these?

    I've not heard of anything...I would be interested in the answer to this
question as well.

  2. In the instance that the information that ties the IP address to the
  username is removed on a regular basis, what liability do I maintain?
  (read: Is ignorance a viable answer?)

    In reality, you should ask your lawyer that question. My understanding
(I haven't read the bulk of the Code, so take this with a grain of salt) is
that the Complaining Party has a certian amount of time to notify the
carrier/ISP of a violation. It might be worth while looking into setting up
your Radius log to rotate on the timeframe of that notification limit...

Thanks,

Adam Debus
Linux Certified Professional, Linux Certified Administrator #447641
Network Administrator, ReachONE Internet
adam@reachone.com

Consult a lawyer - you probably need to keep those records for a certain
amount of time (especially if you do chargeback for connect time). If your
billing is strictly all-you-can-eat, you probably can get away with keeping
them less time, since there won't be any billing disputes...

While you're there, ask him what "expeditiously" means in this context..

My questions are:
  1. Can anyone find the provision in any law or ruling that allows the
  ISP to be compensated for the time it takes to accomodate these?

  Why should they pay you to police your own network? Do you have a problem
with a large number of unfounded complaints?

  DS

This is the best information I have seen and its exactly what we do.

Even if the note doesn't exactly match the DMCA requirements, I think there is all ready a ruling in a lower court that says some were close enough

Also, if you simply blow off the notice, you can become liable since you didn't follow the intent of the DMCA to remove copyrighted material.

Why should they pay you to police your own network?

I'll answer this off the list if you so desire. I don't see how my answer
can contribute to the list.

Do you have a problem with a large number of unfounded complaints?

Yes.

Gerald

Several times we've had complaints come in that run afoul of the language
in 17 USC 512(c)(3)(vi):

A statement that the information in the notification is accurate, and under
penalty of perjury, that the complaining party is authorized to act on behalf
of the owner of an exclusive right that is allegedly infringed.

Seems that somebody's net-crawler sees music from No Strings Attached and
throws a fit. Unfortunately:

1) No Strings Attached is a local band (http://www.enessay.com) that's
been playing under that name since 1978 (in other words, since before the
guys in that OTHER band that released an album with a confusing name were
even toilet trained (they contemplated calling their ninth album "In Sync"
but decided against it.. :wink:

2) No Strings Attached is an indie band that's not signed by any RIAA member.

3) The band *WANTS* their MP3's traded - a major source of income is touring
and selling CD's, and quite often, they get booked on the basis of somebody
hearing an MP3 (Or so the band members have told me - their dulcimer player's
office is two cubes over from mine)..

Kind of like Randy telling me about shopping for a new stereo - he goes in
and gets a snotty salesman.. he asks the salesman to play this No Strings
CD so he can hear how it sounds compared to how it's supposed to sound, and
the salesman is all "How would YOU know what it's supposed to sound like?"
"Uhmm.. I helped mix it at the studio." - salesman fixed his attitude then :wink:

IIRC, they have to provide you with a written (and hence legal) copy of
the notice if you request it. It's my understanding that many places are
doing this to all "notices" they get. Since they never get a written
reply in return it's assumed that the email was fraudulent and they ignore
it. It works for them. If I can find that discussion, I'll provide the
link.

Justin

The DMCA creates a specific safe harbor for ISPs, and compliance with the
relevant statute makes the ISP eligible for the safe harbor so described
therein.

HOWEVER, I seem to recall a long series of civil cases preceding the DMCA
that established almost universally that the ISP was not liable as a
mere "conduit" for copyright infringing content made available by its
customers and through its facilities.

Does the DMCA supercede and invalidate this case law, as it had
been established prior to the passing of the DMCA?

Specifically: does the DMCA make an ISP liable for copyright
infringement (rather than merely denying the safe heaven) of its customers
if the ISP refuses to play along with the RIAA/MPAA bullies and does not
make the alleged content unavailable, lacking any evidence presented that
establishes the unlawful infringement with a preponderance of evidence
(and a DMCA take down notice is FAR from even being close to preponderance
of evidence, let alone beyond reasonable doubt ; for criminal cases)?

bye,Kai

IANAL, but yes, you become liable if you intentionally drag your feet and
don't make the content unavailable "expeditiously". (a)(1), (b)(1), and (c)(1)
all say "you are not liable for monetary relief if you comply". There's some
stuff about injunctions down in (j) that usually won't get invoked because
it's more work for the complaintant - those basically boil down to "If you
don't comply with a 512 takedown order, they'll show up with a court order
telling you to do almost exactly the same thing".

See 17 USC 512 (g), where the problem user gets to file a counter-notification
saying it's *not* infringing.

Remember - it's between the "copyright nazis" and your *USERS*. If you follow
the rules, you can pretty much stay out of the worst of the mess. Feel free
to get dragged in if you want to make a point/statement about how you feel
about 17 USC 512 - but bring a lawyer or 4 if you do. :wink: