internet - Page 2

Doing The Government’s Work For Them

Posted on November 28, 2011November 28, 2011 by Matt Taylor Leave a comment

Internet surveillance, censorship, and avenues of resistance with anonymity with Jacob Appelbaum, Researcher and Hacker, The Tor Project.

Go watch Jacob’s talk here.
Points I found interesting:

The concept of lawful surveillance. We make it compulsory for telecom providers to make their networks buggable. Would there be outrage if a law was passed that every road must have a camera and microphone on it?
If you’re not paying for something, you’re the product.
Visualize your cellphone as a tracking device that can also make calls, go on the internet and text people. If the government forced you to carry it everywhere, you’d riot in the streets. They don’t need to; you do their work for them. You carry it with you, willingly.

Posted in Free Speech, Law, New Zealand, Technology, Worldwide

Slingshot Stole My Data Block

Posted on November 4, 2011November 7, 2011 by Matt Taylor 6 Comments

Cut cables

Update: Last rep I spoke to talked over me and implied I just wanted free stuff. First time I’ve lost my cool in a customer service call. But, if all else fails, send an email and a text message to the CEO: “Thanks. I have received the email and I will get it dealt with ASAP.”

Update 2: “I will arrange for a 50Gb datablock to be added to your account, and for your broadband access plan charges for November and December to be credited.” Took a couple of days, but a positive response to a negative situation.

Our internet is currently slowed to dial-up.

We are on a 40GB plan with Slingshot which will change to a new plan next billing cycle.
We get free off-peak data usage.
We used to be on plan with a lower GB limit.
Because of that old plan, we regularly bought data blocks, which roll over from month to month.
The last time we bought a data block was in February – 20GB.
This month is the first time we have used up 100% of our data since January.
‘My Account’ shows that no datablocks were used up this month (0.00GB allowance)

Bro, you know I can’t use your ghost data

This means that some time between February and this month the data block disappeared from the account. It wasn’t used up this month when we used 100% of available data. And it shouldn’t have been completely used up any other month because the last time we used 100% of available data was before the data block was purchased.

I suspect it disappeared when we changed plans at the start of this month.

Slingshot called us about changing to a new plan. They spoke to the account holder first, then spoke to me. I ended up changing the plan, but this wasn’t noted under the account.

Not the account holder

I called them about this and they refused to speak to me about it at all because I’m not the account holder, even though I didn’t want them to share any information with me – I have it all up in ‘My Account’ anyway, and I’m calling from the phone number associated with the account (I know, I know, caller ID can be forged@#$!!11 but again, I wasn’t asking for personal information).

After I told them I’d just pretend to be the account holder because they were being ridiculous, and proceeded to do so they “terminated” the call and said they’d call the account holder on their cellphone. In an act of hilarity, it ends up that my cellphone number is the one listed on the account. That call was terminated too.

The account holder gets home, talks to them and adds me to the account. He gets lectured by the rep that the reason I wasn’t able to talk to them about it was to protect the account holder’s personal information, even though I wasn’t asking for any personal information (and would’ve been able to tell them the account holders name, address and DOB anyway).

WE HAVE TABLES TO PROVE IT

After lots of holding I’m told that they are definitely right and that we have gone well over our data usage (even though that overage would’ve happened on speedy dial-up). I suspect that they can only see what I can see in the history part of billing – the total amount of data used per month: plan + data blocks + free off-peak + zero rated, because past data usage isn’t split up into categories.

Slingshot unfriendly usage

Just because it says we used x amount of GB more than our plan doesn’t mean that we actually went over the plan’s allowance, because of free off peak. That’s also supported by a lack of 100% data usage used emails.

The rep said they could email me what they are seeing showing the significant overage. I say great. He says that it will take two days and mentioned printing. I state the ridiculousness of this and ask to speak to whoever he talked to. I get put on hold and he quickly comes back saying they can actually send it within 30 minutes – 6pm.

The spreadsheet

At 7pm I get an email from tier 2 customer support. Attached is a spreadsheet of our hour by hour data usage over this billing period. Interesting to look at, but not helpful to the situation. The issue isn’t with us using up all of our plan data this billing period, which I’m not debating and I can clearly see from ‘My Account’. What I am debating is that we shouldn’t have been slowed to dial-up because there should have been a data block on the account.

And so the saga continues.

^{Image credit: Nick Webb}

Posted in New Zealand, Technology

Jagex’s War On Bots ft. Scare Tactics, Subpoenas and PayPal

Posted on November 4, 2011February 5, 2013 by Matt Taylor 1 Comment

Jagex, the makers of RuneScape are suing Impulse Software et al. in relation to their sale of bot software that effectively plays the game for a person without needing much human interaction. It’s part of their crackdown on bots; Jagex claims using bots to play violates their rules, is unfair to other players and ruins the game.

Subpoena

As part of the Impulse court case, Jagex subpoenaed Google and PayPal seeking further information about email addresses, YouTube accounts and PayPal accounts.

The information provided by PayPal included personal information on 70,000+ customers who had bought Impulse’s bot software.

Déjà vu

An “outside counsel eyes only” protective order was issued for the information PayPal provided, which meant that the information couldn’t be shared with Jagex employees. Jagex didn’t seem to be happy with this though, so in a different court (U.S. District Court for the Central District of California) and using the same legal counsel, on July, 1, 2011, they subpoenaed for the same information in a different case, Jagex Limited v. John Does, and were allowed to share the results with their employees.

^{[Quotes used in this post are mainly from a PDF of the case that used to be available at http://www.mediafire.com/?ba2nu8puj96tq5b]}
“[The] Plaintiff and its counsel misrepresented the scope of this pending lawsuit by stating that the action involved ‘a developer and seller of Bot software.’ The Notice failed to state that Plaintiff already accused Defendants of having used one or more Bots to allegedly circumvent Jagex’s automated technological measures thus making Defendants a party to both suits.” “Plaintiff and its counsel also failed to inform the court in the Central District of California (CDC) lawsuit of this Court’s Protective Order.”
“Even though Plaintiff and its counsel were bound by the Protective Order entered by this Court and were fully aware that Defendants’ customer information was CONFIDENTIAL-OUTSIDE ATTORNEY’S EYES ONLY, using the subpoena power of the Central District of California, Plaintiff’s counsel undertook a calculated clandestine action to serve a subpoena on PayPal to obtain Defendants’ customer information and turned Defendant’s customer information over to its client who then misused the information.”

Mass email

On October 25, 2011, Jagex sent out a mass email, presumably to those whose information they gained from the PayPal subpoena:

[The forum post is now gone, probably because the very fact that they have to clarify the legitimacy of an email shows that it wasn’t a very effective cease and desist notice.]

26-Oct-2011 06:44:16
Last edited on 26-Oct-2011 06:49:30 by Mod Timo
Hello everyone,
As a part of the update some people will have received the following e-mail communication:
Dear Player,
We have strong evidence that you may have purchased and used botting software in the past, specifically ibot software.
Botting and the cheating it brings is destroying your game, violates Jagex’s rights under the Digital Millennium Copyright Act (DMCA), and any player that continues to engage in botting activity has no place in our community.
As part of bot nuke week we are offering you a 1 time amnesty and settlement lifeline, which is a chance to reform and change your ways. We’d like you to contribute to the community in a positive way, to compete on a level playing field as everyone else does and play in the true spirit of the game, with integrity. All of your accounts, main and otherwise, are now on our watch list and will be monitored for the use of ibot and all other inappropriate third-party software. Regardless of who you are or how long you’ve been with us, if you decide to cheat and bot ever again we will have no hesitation in: (1) permanently removing your account from our wonderful community in order to protect Jagex’s rights under the DMCA, and (2) naming you as a defendant in Jagex Limited v. John Does, which is a lawsuit based on DMCA violations that is currently pending in the U.S. District Court for the Central District of California (Civ. Action No. SACV11-00969-CJC).
Please note that this amnesty and settlement offer is protected under Fed. R. Evid. 408. If you ignore our offer and instead continue use botting software, we reserve our rights to pursue statutory damages against you for between $200 to $2,500 per act of past, present, and/or future botting in accordance with 17 U.S.C. 1203(c)(3).
We do hope you make the morally sound and lawful choice of turning your back on bots. We look forward to seeing you in game having fun in a way that is true to the spirit of fair play and respectful to your fellow players.
Yours sincerely,
Mark Gerhard
I can confirm that this is an official statement from Jagex to the recipient. Please note that there are no website links in the main body of the e-mail. Should you receive any e-mails that contain the above text with website links or additional information, they are likely to be phishing e-mails and should be ignored.
Kind regards,
Mod Timo

Jagex cross referenced those subpoenaed email addresses with their own records, and the next day began sending the same message through the internal Jagex messaging system to individual players.

Interestingly, Jagex recently started giving an increase in bank space, where a player stores items in the game, as an incentive for registering your email address with your account (when RuneScape started, email addresses weren’t required).

Although Jagex claims RuneScape has a large adult player base, it is almost certain that minors received the messages as well. They’re full of legal jargon and are similar to the extortionate letters the music industry (or their lawyers) send. It strikes me as unethical to send threats like that to children.

If Jagex are confident in their bot detection system, how about instead of going from one extreme: no action “we’re watching you”, to another: legal action, they use their in-game powers and just ban accounts if the re-offend. Legal action seems like an unnecessary and scaremongering threat.

Privacy and a chance to response to the subpoena

“In the cases cited by Plaintiff… the individuals… were given a specified amount of time to object to the subpoena through a Motion to Quash and/or Motion to Dismiss… The first time Defendants and their customers learned of the CDC lawsuit is when their customers began receiving a copy of an email from Jagex on October 25, 2011 followed by the message post on October 26, 2011.”

The forum posts I’ve read support this.

Jagex’s counsel say “it was and is our understanding that PayPal would have notified the account owner(s) of the account(s) associated with any email address in the subpoena in order to provide that account owner(s) an opportunity to address the subpoena, prior to releasing the requested information or documents.”

The reply:

“You know that PayPal did not notify my clients of the pending subpoena in the Boston suit when you served the first subpoena without first noticing Defendants’ attorneys. Therefore, to now state that Banner and Witcoff understand/understood that PayPal would notify the Defendants is suspect.”

“This lawsuit’s different”

Jagex disagree that they’re focusing on Impulse Software’s customers and say they just want to “identify [our] own customers who [we] believe may be in violation of S1201(a)”.

The reply:

“Your claim that the John Doe action does not involve our clients is illusionary at best. Not only did [you]… seek to obtain permission to subpoena my clients’ records from PayPal, but the identification of the Doe’s in the Complaint filed described my clients as well.”
“Under the discovery requirements in our pending case and the Local Rules… you had a duty to inform us of the John Doe action… Even when we sent you a letter inquiring about a Press Release issued by Jagex suggesting a violation of the Protective Order, you consciously omitted disclosure of the John Doe action.”

The suggestion of the protective order violation comes from this paragraph:

“We are constantly looking into ways of making the game experience the very best possible for all of our players and as part of our on-going programme to rid the game of bots, Jagex is actively pursuing companies that support the macroing market as well as those who bot. As such we are currently pursuing various bot developers through multiple legal channels, although sadly we cannot yet disclose the full details of our actions for legal reasons. Separately, as part of normal legal process and procedure, we have also taken steps to acquire the details of all players who have purchased bots. Once we have the information regarding the players involved we will take action specifically to ensure that these players are not compromising the game’s integrity through the use of a third party programs.”

This is turning into a very interesting case. Maybe it’s not the best time for business for Impulse Software, but if they come out of this in one piece this could turn into the best advertising money can’t buy.

^{Image credit: Nat Walsh}

Posted in Law, Technology

First Three Strikes Notices & a Centralised Notice System?

Posted on November 2, 2011March 2, 2014 by Matt Taylor 1 Comment

First notices

The New Zealand Herald is reporting that the first(?) notices under the new Copyright (Infringing File Sharing) three strikes law have been received by ISPs. They’re from the Recording Industry Association of New Zealand (RIANZ) for songs by Rihanna, Lady Gaga and Taio Cruz.

It would be extremely interesting to know the specifics: what songs were downloaded and what downloading method was used.

Centralised system

The Pirate Bay Street Art Stuff reports that rights holders have been in discussion with ISPs over creating a centralised system to make it easier for ISPs to deal with copyright notices.

Tech Liberty has found two companies, IPSafe and Datacom, that seem to be interested in that centralised system. The letter they received from the Ministry of Economic Development in response to an Official Information Act request is here (pdf).

No word on how a centralised system would ensure the privacy of ISP customers.

^{Image credit: Jakov Vilović}

Posted in Law, New Zealand, Technology

From Today: Three Strikes and You’re Out

Posted on August 11, 2011January 2, 2013 by Matt Taylor 3 Comments

Copyright infringements, from today, come under the poorly worded, poorly debated regime introduced in the Copyright (Infringing File Sharing) Amendment Act. Infringement notices can be sent out 21 days from today, on September 1st.

The aim is to make it easier for rights owners to take action against copyright infringers who download music, movies, TV shows, books, software etc. Peer-to-peer (P2P) file sharing is the intended target, but the law seems like it could include other types of file sharing, which will end up being clarified by the Copyright Tribunal or the courts:

“file sharing is where—
“(a) material is uploaded via, or downloaded from, the Internet using an application or network that enables the simultaneous sharing of material between multiple users; and
“(b) uploading and downloading may, but need not, occur at the same time

Some examples of the software likely covered under the law (if they’re being used to download infringing content) are here.

Process

Torrenting Notices from rights owners are sent to alleged infringers through their internet protocol address provider (effectively their internet service provider), like Telecom, Orcon and Slingshot. The order of the three notices (hence the three strikes name) are a detection notice, warning notice and then an enforcement notice. What notice you’re on is specific to each rights owner, eg. if you’re on the second notice, a warning notice, with Sony, a notice sent from Universal would be a detection notice, the first notice, assuming this is your first run in with Universal. This example, however, seems like it would be muddied if Sony and Universal both use an agent to do their bidding for them and it is the same agent.

There is a 28 day on-notice period after a detection or warning notice is issued where alleged infringements against that rights owner don’t count towards the next notice.

Detection and warning notices expire nine months after the date of the original detection notice. Enforcement notices expire 35 days after they are dated. The expiration of an enforcement notice expires the previous detection and warning notices too.

Rights owners pay $25 + GST to the IPAP for each notice they send through them. IPAPs have said that this won’t cover the set up and ongoing costs that this act cause, which will probably mean higher internet prices for everyone.

Rights owners don’t see an alleged infringer’s personal details.

The Copyright Tribunal

When an alleged infringer is on an enforcement notice, the rights owner can pay $200 to take them to the Copyright Tribunal, which will normally accept written submissions, but a face to face hearing can be requested by either party. Legal representation isn’t allowed at the hearing, but the rights owner will likely be represented by someone who knows what they’re talking about. Fines can be ordered of up to $15,000. There’s a provision in the act for rights owners to apply to a District Court to get an accused’s internet access cut off for up to six months. It’s currently not available, but could theoretically be implemented at any time.

Challenging notices

The normal burden of proof is reversed with an alleged infringer having to prove that they didn’t infringe copyright (how you prove you didn’t do something, I’m not sure). A notice can be challenged by an alleged infringer. Challenges have to be received by the IPAP no more than 14 days after the notice was dated. It’s up to the rights holder whether they reject or accept the challenge. If a rights holder doesn’t respond to a challenge before the close of the 28th day after the original notice was dated, the challenge is deemed to be accepted.

Account holder

The account holder, most likely the person whose name is on the bill, is liable for any content downloaded or uploaded over the connection they pay for. Unlike speeding tickets there’s no way to transfer this liability. Schools and pupils, universities and students, businesses and employees, libraries and library users, parents and children, landlords and tenants or flatmates could all be affected because of this. This also means that account holders are liable for guests or people they don’t even know who might be accessing their unsecured wireless internet (if you’re not sure if your wireless internet is secure, you can Google something like ‘securing wireless internet’ to make sure).

Effect on illegal file sharing

The regime ends up being ridiculous because a moderately technically competent person can get around it easily. Extreme illegal file sharers are probably already protecting themselves using seedboxes or VPNs. More casual downloaders will likely swap to using seedboxes, VPNs, streaming websites, searching file storage websites like Mediafire with Google or downloading audio from YouTube after they receive a few detection notices. There’s also the possibility of them avoiding the regime using mobile internet, which isn’t covered under the law until October 2013, or by using unsecured or free Wi-Fi.

Is this the death of free Wi-Fi? Are Rugby World Cup tourists going to wonder why their accommodation doesn’t include internet access? Are some ISPs going to start blocking all P2P traffic regardless of the legality of it?

It will be interesting to see which rights owners choose to send notices under the new regime. To be honest, I’m not sure how initiating a process that leads to the Copyright Tribunal is going to want to make people spend money with a company.

More information at 3strikesNZ.

^{Image credit: Jennie Faber}

Posted in Law, New Zealand

The Real Wikileaks

Posted on July 23, 2011November 16, 2011 by Matt Taylor 2 Comments

The English version of Wikipedia is the website that tops the search results for a large majority of popular search terms. How do you keep 140,000+ active editors happily producing good content in a neutral way when they all have opposing viewpoints on content and procedure?

“Wikipedia is like a sausage: you might like the taste of it, but you don’t necessarily want to see how it’s made.”—Jimmy Wales

The Arbitration Committee

Basically the Supreme Court of Wikipedia, the Arbitrators that make up the committee make decisions on Wikipedia disputes that haven’t been able to be resolved through other means or on issues where privacy needs to be protected. Jimmy Wales and The Wikimedia Foundation are essentially the only people above them. They largely conduct business over a private mailing list, potentially to appear in agreement in public. Abd says:

“[the] appearance [of solidarity] was more important than making the whole process transparent, so that the community could understand the logic or reasons behind decisions — for better or worse.”

Arbitrators receive access to the CheckUser and Oversight tools, which gives them access to IP and user agent records and the ability to expunge content from an article’s history, respectively.

List structure and security

The mailing list software emailed each list member their password in plain text every month. Someone gaining access to one of their email accounts, say by using Firesheep over an unsecured WiFi connection, would’ve easily gained access to the private archives. No selective archiving was available in the software, so everything was logged. It doesn’t seem like it would have been difficult for a list member to intentionally leak the contents of the archive (although it appears to be easier for unauthorized users to access the archive than the authorized: “I will take care of that if I can get into the archives, it often doesn’t work for me”). Because of the nature of email it is easy to accidentally send something to the wrong person, illustrated in one of the emails leaked where someone was accidentally carbon copied in on an email about them. Retired arbitrators continued to have access to the list until sometime around 2009. Jimmy Wales continues to have access to the list.

Wikipedia editors generally expect their IP addresses to be protected when they’re logged in and policy supports this assumption (although in reality I’m unsure why IPs are considered such private information). CheckUser records only go back so far so it would be interesting to see what privacy concerns were considered by individuals keeping their own records. It also appears that centralized information on troublesome users is kept on a private wiki.

“Unitanode is formerly known as SDJ (S. Dean Jameson), and has had prior accounts as well. See the WPuser page on the arbwiki.”
“The earlier draft would, incidentally, be very handy on ArbWiki as Wpuser:Sophie to provide all the background should this crop up again later (as I’m sure it will, either in the form of appeals or socks).” [emphasis mine]

Security concerns aside, the mailing list structure doesn’t seem to work. Even though list archives are kept, individual Arbitrators are relied on to forward old information.

“Do you have notes from your Feb 7 [CheckUser] of Guido that will help?”
“Does [anyone] have CU notes on Angela Kennedy or Destroying Angela they can forward to me?”
“Thank you for contacting us; the Committee is currently discussing your offer. Developing consensus among 18 or so people via mailing list isn’t terribly efficient, so we appreciate your patience.”

The leaks

A couple of users on Wikipedia Review, a forum critical of Wikipedia, have been posting email threads, largely based on requests. Why care? Actions on Wikipedia can have serious real world consequences. One of the emails details someone with a Wikipedia article being asked in a job interview about something untrue posted about him on Wikipedia. Another email talks about the power Wikipedia has over other search results, “if you were a sugar producer, how much would having [[Aspartame controversy]] be the first Google result for “artificial sweetener” be worth?” If you’ve ever used Wikipedia, as a reader or editor, what happens behind the scenes is relevant.

^{Note: some of the quoted emails are very old and I may be wrong in the conclusions I’ve drawn from them. Thanks to users at Wikipedia Review who did a great job pulling the interesting bits out of the emails in the forum threads.}

Jimmy Wales versus an admin

A Wikipedia administrator called a user a “little shit” and was blocked from editing by Jimmy Wales for 3 hours. It’s unclear what harm a 3 hour block prevents and probably causes more drama than it solves. Arbitrators on the list raised concerns about Jimmy blocking users because of the attention those users receive as a result.

In emails Jimmy says he’d prefer a private mediation instead of a public Arbitration case:

“Indeed, if we go to a[n Arbitration case], I am going to push for [the removal of your administrator status], because I think you’ve gotten off very lightly so far, and your conduct since the block is very far out of line from what our community standards for admins are.
Whereas if you enter mediation and work with me, I think you’ll end up looking quite good. I am not a man of pride – I am willing to look bad if that will help Wikipedia in some way. Just come and work with me and with someone we both trust, and let’s at least try.”

In an email to the Arbitration Committee on the 22nd July 2009 Jimmy states that he’s giving up the block tool:

“I am hereby permanently giving up the use of the ‘block’ tool. I will remain an administrator so that I can do some other admin things from time to time (most importantly, viewing deleting revisions), so there is no need to do anything technical. I just won’t block anyone ever again.”

However, his actions log shows he performed a block in May 2010.

Threats against arbitrators

Forum user SB_Johnny summarizes an email that was eventually redacted by the leaker:

“Just for the benefit of the curious, a quick synopsis is that some asshole threatened to do harm to the loved ones (including children) of one of the [arbitrators] if the [arbitrator] didn’t do what he wanted. The other [arbitrators] (appropriately and gracefully) gave their moral and [emotional] support to the victim. ‘Nuff said on that.
The only thing that’s really of interest if that there wasn’t much in the way of support from Jimbo or the WMF [Wikimedia Foundation] (at least not in the dox provided), but only interesting in the sense that it was a rather alarming example of the sorts of things WMF volunteers are exposed to, and the WMF’s apparent disinterest in their fates.”

Hiding behind clerks

“Just to note that an anonymous IP (Comcast, Seattle Washington) has now posted an email from Lar (who has been broadly supportive of the proposals, including those relating to Jayjg), which implies that Lar himself is known to canvass. I am inclined to ask a clerk to delete as it is personal communication, but I do not think any of the committee members should do so. Thoughts?” [emphasis mine]

Experienced users versus new users

“Again it would be good enough to be used to justify a sock accusation against a new user, but it would be a world of pain for Arbcom to use it against a functionary who has broad support within the community (e.g. the reasonable recent election given he withdrew, with a growing cloud bearing down on him) and has ties with WMF (I’m not sure of all the details of this).”

Threats and blackmail by an ex-Arbitrator

“On 24 February 2010, FT2 contacted the Arbitration Committee by email to request return of Checkuser permissions for the purpose of participating in a specific sockpuppetry investigation. At that time, an email written by FT2 came to the attention of the entire Arbitration Committee. The email was addressed to an abusive sockpuppeter who had been banned from English Wikipedia and some other WMF projects as a result of a cross-wiki investigation in which FT2 played a significant role. In the email, FT2 threatened to contact family members of the sockpuppeter directly, and laid out a series of conditions including those external to Wikipedia with the threat of contacting employers, government agencies, and others about the nature of the socking.
It was known at the time this email was disclosed to the Committee ”en banc” that the conditions outlined in FT2’s email had not been met, and there was concern that he might proceed with the actions he had threatened in the email. FT2 confirmed that the text of the email was correct and implied that the content had been vetted in advance by a WMF staff member and a WMF board member. Both denied having read the email at any point.”

Here are some parts from that email:

“My conditions to you are simple. I will state them once, below. Failure to take this seriously will lead to the events changing from your rules and WR’s rules, to my rules. Hide one thing now or later, lie or evade once, and the gloves come off. Believe me, you don’t want to test that . That’s the advantage of being a volunteer rather than an employee. My only formal obligation is my own conscience, and the law.
They made errors like confusing your wife and sister. They don’t know about your children, whose names you put in the public domain and used as covers (which would disgust most people including your family). They don’t recognize that the [redacted]’ [his wife’s employer] IP means [redacted]’s [his wife’s] employer is legitimately fair to be brought into the frame to ascertain just what it extended to.
The bad news is, you have a choice: complete abject confession online to your online games, or exposure in your /offline/ world – it goes “real world” as the only way to kill it. You don’t get to keep both. Choose which.
One minute after that, gloves come off all the way, without any further warning, starting with [redacted]’s [his wife’s] workplace for evidence, and the Department of Health, and probably unavoidably, ending with family or someone will inform the police. Do you actually love your family, or need them? Or are they toys too?Sacrifice your fictions, games and abuses for yourself and them. Put right the abuses you have done over the last 3 years and you may survive, or take complete responsibility for any unfortunate results of forcible removal. I don’t know [his wife], but she seems tough, and people don’t like being deceived. I don’t know what settlement you’d get, but I bet it won’t include the things in real life you care most about. Risk it if you like. Your call. And watch me not minding if it hurts you to put this all right.Yes doing this is going to hurt and humiliate you. I couldn’t care less. No, avoiding hurt is not an option in life. You’re about to feel every last person you abused over 3 years, right now. You like editing, you don’t mind others hurting when you edit, so we’re going to edit my way a bit, if you want me to believe in any way that the matter is closed. The lesson here is, a wrong isn’t closed or an abuser off the hook till it’s put right and they commit not to repeat.
Then when that’s done you can fuck off to number 74 to reminiscence with [redacted list of family names] and the family. Or did you think I might be guessing at knowing far more than you thought? You put all that information on the web.By Monday noon EDT (ie Sept 15, 5pm UK, 6pm UTC I think), if you haven’t complied with at least #1 and are visibly in progress on #2 and #3, or there’s one sock you haven’t named, or I ever see one abusive edit after that from you under any name or proxy, the gloves come off for good with no more warning. We can talk as much as you like before then, but when that’s over, we’re done talking and I move on without further discussion if I don’t see a disclosure that I feel is honest and complete.
Others have contacted [redacted] and your workplace — shit happens, too bad, you did expect that, right? As for me, I plan to inform the last major group of victims, your family, not out of malice, but because they are ultimately the only ones who can prevent future abuse here, and recidivism.
You yourself dragged your wife [redacted], her employer [redacted], and your son [redacted] into this by yourself; they are in some ways the biggest victims of all and deserve to no longer be lied to or left ignorant of being taken as victims, as your co-worker [redacted], the beautician [redacted], your boss [redacted], the boudoir’s owner [redacted] whose business you placed at risk, and the rest were.” [emphasis mine]

Kind of takes serious business to the extreme. An Arbitrator says that “half dozen people had been [carbon] copied, including foundation folks. I thought the email was violently objectionable, but no one else seemed to mind. Maybe I’m bonkers?” If this is true, people from the Wikimedia Foundation knew about the content of the message and did nothing.

“No matter what they have done on-wiki, they don’t deserve that. [It’s] still ‘just a website’”—Understatement of the year from an Arbitrator.

Jimmy Wales gets involved and appears to refer to blackmail as “humanitarian kindness”:

“> I don’t know whether FT2 did that due to a momentary slip-up,
> illusions of grandeur, or actual malice. I don’t care whether his
> motivations were good or bad. I simply cannot give my imprimatur on
> him doing any sort of investigation on our site.
Just to be sure I was 100% clear the other day (I’ve been offline for several days due to a computer crash and illness) – I agree with you completely on this.
There are situations in which it could very much be ok to warn a user that continued misbehavior onsite could lead to offsite consequences. My own view is that such warnings should come at the point in which it would already be perfectly ok for us to publish the facts, and should be done as a humanitarian kindness and especially in cases where we think it is likely to be effective.
But this was really not ok at all.” [emphasis mine]

FT2 is still an administrator and has access to the OTRS system. OTRS volunteers deal with emails to a handful of email addresses on behalf of Wikipedia and the Wikimedia Foundation. In his own words:

“OTRS gets numerous emails under real names, describing real issues, legal claims, harassment, threats, and other matters.”

Perhaps concerningly, FT2 appears to actually be working for the Wikimedia Foundation now (from his user page), for time comparison, the above discussion was happening around early 2010.:

“In mid 2010 I was asked to spend time contributing to various projects at the Foundation’s offices, and in 2011 I was invited onto the WMF Communications Committee.”

Predators on my wiki? It’s more likely than you think

Or maybe just trolls and people trying to cause a PR crisis. Here’s the email the Arbitration Committee was going to send to the person in question:

You were asked several times by several Wikipedians interested in your welfare to downplay references to your self-reported age and your reported personal history as a “child porn victim”. Instead, it seems that each time someone asked you to tone things down, you went out of your way to promote yourself as “a little kid”. Your edit notices emphasized that you were “a little kid”, you posted both your age (13) and your reported date of birth on your userpage, and you added an image of a girl even younger than you as “decoration”. This was very provocative, as was explained to you.
The modified screenshot from /b/, an adult-only 4chan forum, that you posted on Jimbo Wales’ talk page again gave the appearance that you wanted to draw the attention of the /b/ editors, known for their vandalism of Wikipedia and their personal attacks directed at our editors. As you frequent the various Wikipedia-related IRC channels, you are well aware of the type of behaviour one can expect from /b/ participants. Your continual demands that people speak to you as if to a young child, posting even on heavily trafficked pages that you were “only 13”, was almost calculated to draw attention to yourself as a very young editor; in particular, your question of a high profile Arbitration Committee candidate, and the request for arbitration that you posted, seemed designed to bring your youthfulness to the attention of an ever-increasing audience. The emphasis on your desire to be spoken to like a child is very unusual behaviour for a 13-year-old girl.
Apart from your behaviour on-wiki, there have been increasing concerns and reports about the stories you have been telling other editors about yourself: that you were kidnapped and forced to do “child porn”; that you are in a witness protection program; that your school burned down so that is why you edit sometimes from [redacted] College, where some of your classes have been moved. (The only school fire reported in the [redacted] area in the past year resulted in the school’s kitchen being out of service for a day.) You have made references to the [redacted].org website, which you say is your father’s website; it’s registered to. He is also the same person who runs the “Help bring Madeline home” pages and you yourself have told me about the HBMH youtube page, which also is run by the same person, and which you say you were involved with.
I note with interest that two of the videos on that site are about internet safety for young people. And yet you would have us believe that your father/parents are oblivious to the fact that you are online until the wee hours of the morning UK time on a regular basis, talking to adult males in private IRC chat rooms, and cruising the 4chan /b/ channel. The moderator of the Youtube page, Steve, says his two daughters were kidnapped for six years, and returned in 2008; I’ve not heard of you mentioning a sister, just a brother, and I also note that there is not a single online news source that corroborates such an unusual case. This combination of stories doesn’t add up very well at all.
User:Sophie, I do not know if you are a 13 year old girl behaving provocatively, or someone pretending to be a 13 year old girl. Either way, the manner in which you have been participating on Wikipedia, starting off with the promotion of the [redacted].org site and now acting as a young child, is not conducive to our primary objective, the development of an encyclopedia.

Additionally “she” offers to provide a photograph of her holding a white board with the date on it to confirm her identity as a 13-year-old, but that she’s “scared of sending it to someone iv not spoken before.”

3. Sophie has presented photo identification to TechEssentials which has turned out to be fraudulent (it’s a copyrighted picture)
<Dusti> 4. In the beginning stages of [redacted].org child pornography was placed on the site.

Just to throw some more weirdness in there.

“Shouldn’t we just be reporting whoever is going around imitating a 13-year-old?”

Yes, great idea!

“Though I’m also aware that there are only two of us in the UK, and I would be reluctant to actually report anything myself, though I think something should be reported.”

No? Oh okay.

But really, predators

A pedophilia advocate was unblocked by the Arbitration Committee with a ban on editing articles about certain topics.

“We tacitly endorsed the continued editing of Davidwr last year. He came to our awareness when he asked permission for topic socks, fearful that editing on local topics could out him. We denied this arrangement, so he continued under his previous deal. He was unblocked a couple of years ago when Fred and FloNight negotiated his return with an unspoken topic ban. Lately, we’re not allowing a topic ban solutions at all. Given the risk of grooming, I think this makes sense.
The only distinguishing feature of Davidwr is that his pedo advocacy was done on an edit-segregated account, and the Davidwr account was swept up by Checkuser. Therefore, there’s no apparent evidence of
advocacy, but does it make sense to rely on this odd fact?” [emphasis mine]

Jimmy Wales Jimmy Wales Black and White doesn’t want to say that pedophiles aren’t allowed to edit Wikipedia:

“At the same time, I am not willing that we should have a witch hunt for pedophiles or anyone else. Nor that we state, categorically, “pedophiles are not allowed to edit wikipedia” — I see no benefit to such a public stance.”

The issues above could have been discussed openly, or dealt with swiftly by actual staff from the Wikimedia Foundation (or wouldn’t have been issues if the ArbCom didn’t exist). In one of the emails Jimmy Wales says:

“To speak of traditionally “law” here, ArbCom is a delegation of my personal powers within the community since day one. I am free to dismiss ArbCom at will.”

Perhaps that’s a good idea.

^{Image credits: Renato Targa, William Brawley and Cary Bass}

Posted in Technology, Worldwide

I Am Famous*

Posted on July 18, 2011April 11, 2014 by Matt Taylor Leave a comment

I thought I recognized one of the photos in one of the presentations at TEDxEQChCh, and I was right. It turns out that I recognized it because it was my image. Kind of.

The photo

Bob Parker talking to a journalist Bob Parker - It's munted

That’s my original photo on the left, which I posted on Flickr. The modified image on the right was used in the talk Tragedy Plus Distance (the other TEDxEQChCh talks are up on YouTube now too, and you should watch them). I’ve looked on Google, Flickr and Facebook and can’t find the modified image anywhere (if you see it let me know). Unfortunately free reverse image search engines like TinEye only index a relatively small number of images.

I don’t know if the site the modified image is on is making money or provided attribution to me. I’m not having a dig at the TEDx speaker—few if any speakers attributed the images used in their presentations and any attribution would likely point to the modified image, not my original one.

The stolen scream

Unlike mine, this is an extreme and interesting case of image plagiarism: Noam Galai‘s photo of himself screaming made it into 30+ countries, on book covers, in magazines and on t-shirts.

The case against watermarking

“[A] watermark breaks the image.”

Watermarking photographs is an option. But an ugly one. The lesser evil of watermarking on the edge of an image rather than in the middle presents the option to someone who is determined of just cropping it off. Is a casual sharer going to go out of their way to crop an image? Unlikely. Let’s assume they would provide attribution either way. Are they going to want to share the image at all? Unlikely. The comments on this post about watermarking are worthwhile reading.

In a survey of professional photo buyers, PhotoShelter found that “an overwhelming majority of them stated that an image with a prominent watermark is less likely to be licensed than an image without any watermark at all.” Co-founder Grover Sanschagrin agrees that watermarks result in people being less likely to pass your images on to others and says that prominent watermarks send a subtle signal to buyers that you’re a difficult person to work with.

The Internet copyright conundrum

I think the interesting thing for me is that the person who modified and posted the image is probably a content creator too. They likely have at least some content they place usage restrictions on.

What does All Rights Reserved mean to an Internet user? Is personal and noncommercial use (like blogging, Tumblring etc.) of a reasonable amount of a person’s content with attribution accepted practice? Some Flickr users don’t want their photographs being shared at all. I disagree—the more people who see my photos the better. A large side goal of that is to promote my other content, which requires attribution.

Should I put my photos under a Creative Commons licence then? I’m hesitant. Among other things: some of my photos have made me money—would buyers be put off if the same photo was available for ‘free’ under a noncommercial licence? Creative Commons is essentially irrevocable and the format of the original content can be changed under any licence—attribution is not linkable offline.

I think I’m happy with the status quo. All Rights Reserved with the knowledge that because of the nature of the Internet the image will be shared noncommercially no matter the licence, but that hopefully a link back will be shared too.

If you share content off the Internet please link back to the original creator. It’s extremely easy to find good quality ‘free’ images on the Internet, I’ve posted before about finding images responsibly on Flickr. When I was trying to track down the modified image I saw that Google provides options for searching for Creative Commons labeled content too.

Even if imitation is the greatest form of flattery it can still leave a bad taste behind.

What does copyright in the context of the Internet mean to you?

Posted in Blogging About Blogging, Life, New Zealand

The Life of a Spam Email

Posted on June 27, 2011November 16, 2011 by Matt Taylor Leave a comment

Cans of spam A group of researchers have published a very interesting paper: Click Trajectories: End-to-End Analysis of the Spam Value Chain (pdf). Using three months of spam data and by purchasing over 100 products advertised by spam emails, the researchers followed the life of a spam email and investigated where the money from purchases actually goes. They found that the people behind 95% of spam-advertised pharmaceutical, replica and software products are using just a handful of banks for their merchant services. Anti-spam efforts focus on the delivery aspect of spam, but there is potential for the quantity of spam to be significantly reduced if the banks the spammers are using are targeted.

Purchasing from spam emails

The researchers collected spam-advertised URLs and data about the hosting infrastructure and DNS of the spammed websites. They grouped the sites by content structure, category of goods and affiliate program and/or storefront brand. The most popular goods advertised in spam: pharmaceuticals, replicas and software were focused on. Pornography and gambling weren’t focused on for “institutional and procedural reasons”.

Purchases were made from each major affiliate program or store “brand” and they tried to order the same types of products from each site to try to gain insights into the differences or similarities in product suppliers that are used. A specialty issuer of prepaid Visa cards teamed up with them and let them use a different card and obtain the authorization and settlement records for each transaction. For legal reasons pharmaceutical purchases were limited to non-prescription goods like herbal and over-the-counter products. Software purchases were limited to products which the researchers already possessed a license for.

120 purchases were made, 76 of which were authorized and 56 of which were actually settled, though half of those failed orders were from one affiliate program which researchers attribute to the large order volume raising fraud concerns.

The honest spammers

A finding I found interesting from the paper is that the likelihood is quite high that you’re not going to be ripped off when ordering through spam emails.

Out of the 56 “successful” orders, 49 of the products were delivered and received. Only seven of the products weren’t delivered. Out of those seven: four sites either sent packages or said they’d send packages after the mailbox lease had ended, one said that the money had been refunded (however the refund hadn’t been processed three months later). Only two “lost” orders received no follow-up email.

The researchers explained the reasoning behind actually fulfilling orders would be so the site would get any potential repeat orders and because their relationship with payment providers could be jeopardized if chargebacks were made by customers who didn’t receive items.

Update: One of the researchers, Stefan Savage, confirmed to me that none of the Visa cards used on the spammed sites were subsequently used fraudulently. It also looks like the pharmaceutical products were legitimate. He says “we only ordered a small subset of goods so any results aren’t representative. However, we did some limited mass spec testing of a few pills against reference samples and the active ingredient was found to be the same and in a similar proportion — note we only tested for the active ingredient and didn’t look at things like binders, contaminants, etc.” Software was pirated, but malware free.

Research done by F-Secure supports this: almost all of their goods ordered from spam emails were delivered, none of the credit cards they used for orders were “stolen” and email addresses used to order the goods didn’t receive an increase in spam.

New Zealand’s fulfillment role

By volume, most herbal products shipped from the United States, but China and New Zealand were also in the mix.

Spam Shippers

A Christchurch based company turned up in results—Etech Media Ltd. Ironically, this: is the email address listed in their whois record.

Perhaps unsurprisingly, the company in question and its owner aren’t new to the spam game. Sole shareholder and director, Shane Atkinson was fined $100,000 in 2009 for sending spam under the name ‘Herbal King’. His occupation listed in the 2005 electoral roll was “pro spammer”. The Herald “understands” that Etech Media’s office was one of the addresses searched in spam raids in 2007. In 2003, Shane admitted to sending up to 100 million spam messages a day, that spamming allowed him to have a nice car and house and said he “had no qualms about it”. “In a later interview, Atkinson said he had given up spamming.”

Perhaps not entirely?

I’ve emailed Etech Media to see if they’d like to comment.

The spam bottleneck

The researchers tried to identify bottlenecks in the spam value chain—stages where few alternative options are available and ideally where switching costs for spammers are high. Which intervention would have the most impact?

For the 76 authorized transactions, there were only 13 banks acting as “acquirers”. Herbal and replica purchases generally cleared through St. Kitts & Nevis Anguilla National Bank. Most pharmaceuticals through Azerigazbank in Azerbaijan and DnB Nord (Pirma) in Latvia. And most software purchases through Latvia Savings in Latvia and B&N in Russia.

Spam Banks The researchers say that the banking/payment component of the spam value chain is the most critical. Payment infrastructure has “far fewer alternatives and far higher switching cost”.

Only three banks provided payment services for over 95% of the spam-advertised goods in the study:
There are only two main payment networks in Western countries—Visa and MasterCard.
The replacement cost of a bank is high in setup fees, time and overhead. Acquiring a merchant account requires a lot of coordination and time. Banks used by the major affiliate programs were either still the same four months later or had changed to another one in the set identified above (only one new bank appeared four months later—Bank Standard in Azerbaijan).

Perhaps a solution is for banks that issue credit cards in Western countries to refuse to settle certain transactions with banks that support spammed goods with specific Merchant Category Codes when the card is not present. All software purchases were coded as Computer Software Stores and 85% of all pharmacy purchases were coded as Drug Stores and Pharmacies. There were some exceptions however “generally speaking, category coding is correct”. “A key reason for this may be the substantial fines imposed by Visa on acquirers when miscoded merchant accounts are discovered ‘laundering’ high-risk goods.” Similar policy has been implemented with MasterCard and Visa not allowing US-based customers to transact with online casinos.

The paper concludes: “the payment tier is by far the most concentrated and valuable asset in the spam ecosystem, and one for which there may be a truly effective intervention through public policy action in Western countries.” However spam is probably profitable for banks and payment processors too, so they might be hesitant to do anything about it.

How much spam do you receive at the moment and how much makes it to your inbox? Do you know anyone who has bought something through a spam email?

^{Image credit: freezelight}

Posted in New Zealand, Technology, Worldwide

The Remedy To Be Applied Is More Speech, Not Enforced Silence

Posted on May 5, 2011April 11, 2014 by Matt Taylor Leave a comment

HRC pressures King & Spalding to drop case defending the Defense of Marriage Act

King & Spalding, the law firm hired by House Republican leaders to defend the Defense of Marriage Act (DOMA) dropped the case. The U.S. Defense of Marriage Act aims to “define and protect the institution of marriage”. It says that no state etc. is required to recognize a relationship that is considered a same-sex marriage in another state.

It’s concerning when lawyers bow to pressure to not take a case on (or to drop one, in this case) because of public opinion. A similar argument could apply to people accused of rape, murder etc.—that lawyers are horrible people for representing them.

The Human Rights Campaign pressured K&S to drop the case. The cost is capped at $500k and a lot of Americans would rather the focus be on other issues—“when read statements for and against defending DOMA in court, 54 percent of voters oppose the House Republicans’ intervention, while only 32 percent support it.…”.

K&S has a high rating on HRC’s Corporate Equality Index, meaning they hire without discrimination. Just because they were going to defend this viewpoint doesn’t mean they supported it.

The pressure should be targeted at the House Republican leaders and not at the people doing their jobs.

Earthquake moon man silenced

Mr Ring said he also feared he would be prosecuted for inciting a riot following his quake prediction.
“I’ve been virtually told by [ACC minister] Dr Nick Smith and Sir Peter Gluckman [the prime minister’s scientific advisor] that I’m not qualified to put statements out about earthquakes. They will have me legally if I do that.
“Until they reverse that, I’m completely bound to silence. I don’t want to go to jail.
“They said it was like calling out fire in a crowded theatre and that’s against the law — it’s called the riot act, and inciting riot.” –Stuff.co.nz

The Crimes Act defines a riot as “…a group of 6 or more persons who, acting together, are using violence against persons or property…”. It also seems like the Riot Act (or at least the reading of the Riot Act?) was repealed.

To my unqualified eye this seems like a questionable interpretation of the law and a questionable use of status to silence someone.

Website blaming earthquake on gays taken down by host

A website was put up shortly after the Christchurch earthquake at christchurchquake.net (now suspended), blaming the quake on the gay community, and the people supporting it. It was widely covered, including by the Sydney Morning Herald. Bluehost received many complaints about it (in the thousands, according to a source) and said they’d only act if they received a court order to do so (I asked and they said they would accept a New Zealand one), but eventually pulled it down because of a copyright complaint.

People or corporations using copyright complaints to get content taken down that they don’t agree with or would rather not have up isn’t uncommon. In this case a whole site was taken down because of one image.

The complaints used Bluehost’s terms of service, section 9.14 as the reason:

Obscene, Defamatory, Abusive or Threatening Language. Use of the Services to store, post, transmit, display or otherwise make available obscene, defamatory, harassing, abusive or threatening language is prohibited.

Several people have pointed out that web hosts shouldn’t have to decide whether something is legal or not. Bluehost refused to decide and asked for a court order. This reasoning would have been better received by complainers if Bluehost didn’t include clauses in their terms of service that say they will take down a site if it contains x. However I am sure Bluehost isn’t the only host that does this.

The site reportedly suffered a DDoS attack as well, which affected other customers on the same server.

This is a change of tune from what I said immediately after I heard about the website, but I support this decision by Bluehost. The site was in bad taste, however should still be protected as free speech until potentially being deemed illegal by a court. If this had been a pro-gay website and anti-gay people had pressured the host to take it down then succeeded because of a copyright complaint, these same people against this site would be angered.

Bluehost let themselves down by taking down the website because of one copyrighted image. I am curious as to whether the customer behind the website was given a chance to respond to the copyright complaint. They received lots of complaints and bad press about this. This would’ve been a perfect topic for the CEO’s blog on why they weren’t going to take action without a court order.

However this event brings up an interesting idea: that the Internet has unwritten rules and if something or someone goes against those rules, people come together over forums or social media etc. to try fight it. This has happened before with child and animal abuse (the perpetrators tracked down), fights for democracy (help with the spread of information to citizens) and corporations with questionable business practices (unfortunate documents released) and because of the nature of the Internet will continue to happen.

Image credit: Christchurchquake/DomainTools

Posted in Free Speech, Law, New Zealand, Worldwide

Shutting Down Skynet: The Copyright (Infringing File Sharing) Bill

Posted on April 14, 2011April 12, 2020 by Matt Taylor 5 Comments

Yesterday the Copyright (Infringing File Sharing) Bill was unexpectedly rushed through Parliament during an urgent session brought about because of the Christchurch earthquake. This morning it was passed and will come into force on September 1st.

Watching the session was frustrating as few contributors truly understood file sharing and the Internet. Gareth Hughes is one of the few who actually gets it. See him talking here, here and here. He brought up a number of good points including:

Access to the Internet is vital.
Termination not being enacted straight away is just a delay.
Many downloads are because content is not even available legally in New Zealand.

(via)

The Green Party opposed the Bill because the disconnection provision was still included. Labour didn’t like the disconnection provision either, however still supported the Bill. As Labour MP Clare Curran explains on the Red Alert blog:

Account suspension remains in the bill and could theoretically be used in the future, but any Minister who implements termination will have to wear the consequences. It won’t be a Labour Minister.

This happened many times throughout the night: great points against this Bill were brought up (like disconnection; the fact it’s being rushed; that the MPs themselves don’t know what their children are downloading from the Internet, keep in mind that the MP as the probable account holder will be responsible for their children’s downloading), but then the person finished with their overall support of the Bill. Someone (I think on Twitter, sorry I lost the source) summed it up nicely: “they’re fundamentally opposed to something, yet they vote for it”.

Without this legislation copyright holders could still send warning notices, but this legislation is intended to make the process faster and cheaper. Another side effect is that the process will favor copyright holders. After receiving a warning notice from a copyright holder, it is up to the Internet account customer to prove their innocence (reversing the usual burden of proof). This basically assumes that users who have been sent notices are infringers. It is unclear (to me at least) how someone will prove that they haven’t downloaded or uploaded a file. This is concerning because copyright owners seem to get it wrong regularly. For example a University Of Washington study found they could get a copyright warning sent to a printer that wasn’t uploading or downloading copyrighted files. They say:

Q: I’m a network operator working at an ISP. Should I be suspicious of DMCA takedown notices?
Yes. Our results show that some methods used to generate DMCA takedown notices in BitTorrent are not conclusive and may misidentify users. This may also be true for other P2P networks.

A U.S. study found 57% of DMCA notices sent to Google for removal of material were sent by business targeting competitors and 37% of notices were not valid copyright claims. (Source: J Urban & L Quilter, ‘Efficient Process or “Chilling Effects”? Takedown Notices Under Section 512 of the Digital Millennium Copyright Act’, http://static.chillingeffects.org/Urban-Quilter-512-summary.pdf (mirror))

In addition to the maximum $15k fine that the Copyright Tribunal can impose on someone who has received three warnings, there is a provision in the legislation to allow the Commerce Minister to introduce a six month Internet account suspension penalty applied by a District Court. In the United Nations Conference on Trade and Development Information Economy Report, UNCTAD/SDTE/ECB/2006/1, Nov 2006, broadband is recognized as an essential utility for individuals. Disconnection from the internet is a disproportional punishment compared with the effects of illegal file sharing.

The legislation makes the Internet account holder responsible for all Internet use through that connection, treating all content downloaded/uploaded by different people through a connection as one. This may mean that a family member, flatmate or landlord is responsible for other people’s illegal file sharing. This also means that account holders could get the blame for things that people they don’t even live in the house do. The account holders would be responsible for random people accessing poorly protected wireless networks, for example.

Is pirating content really that bad?

The U.S. Government Accountability Office says in a report (via):

U.S. government and industry claims that piracy damages the economy to the tune of billions of dollars “cannot be substantiated due to the absence of underlying studies.”

and

“Some experts we interviewed and literature we reviewed identified potential positive economic effects of counterfeiting and piracy. Some consumers may knowingly purchase a counterfeit or pirated product because it is less expensive than the genuine good or because the genuine good is unavailable, and they may experience positive effects from such purchases. Consumers may use pirated goods to ‘sample’ music, movies, software, or electronic games before purchasing legitimate copies. (This) may lead to increased sales of legitimate goods.”

From a TorrentFreak article:

Although IFPI refused to share the entire research report with TorrentFreak, we can conclude the following from the two pages that were published online (pdf).
Compared to music buyers, music sharers (pirates) are…
* 31% more likely to buy single tracks online.
* 33% more likely to buy music albums online.
* 100% more likely to pay for music subscription services.
* 60% more likely to pay for music on mobile phone.

and

[Mark Mulligan, Vice President and Research Director at Forrester Research who conducted the study for IFPI (who “represents the recording industry worldwide”] has his hands tied and couldn’t say much about the findings without IFPI’s approval, but we managed to get confirmation that paying file-sharers are the music industry’s best customers. “A significant share of music buyers are file sharers also. These music buyers tend to be higher spending music buyers,” Mulligan told TorrentFreak.

TorrentFreak on artists actually profiting from piracy:

A study by Blackburn (2004), a PhD student from Harvard, found that the 75% of the [artists] actually profit from piracy. Blackburn reports that the most popular [artists] (top 25%) sell less records. However, the remaining 75% of all artists actually profit from [file sharing]. The same pattern was found by Pedersen (2006, see graph), who analyzed the change in royalties paid by the Nordisk Copyright Bureau between 2001 and 2005.

Michael Geist on a study of music purchasing habits commissioned by Industry Canada:

When assessing the P2P downloading population, there was “a strong positive relationship between P2P file sharing and CD purchasing. That is, among Canadians actually engaged in it, P2P file sharing increases CD purchases.” The study estimates that 12 additional P2P downloads per month increases music purchasing by 0.44 CDs per year.
When viewed in the [aggregate] (ie. the entire Canadian population), there is no direct relationship between P2P file sharing and CD purchases in Canada. According to the study authors, “the analysis of the entire Canadian population does not uncover either a positive or negative relationship between the number of files downloaded from P2P networks and CDs purchased. That is, we find no direct evidence to suggest that the net effect of P2P file sharing on CD purchasing is either positive or negative for Canada as a whole.”

Additionally, downloading doesn’t equal lost sales, some people are trying before they buy. And some people are downloading because they can’t get the content legally.

Labour MP Jacinda Ardern talked about illegal downloading of music hurting small artists, but it’s only the big record companies that you ever hear complaining. Big companies have bigger voices, but small artists are the ones embracing downloads by putting songs up for free on their websites.

A statistic was brought up last night that 90% of people say they will stop downloading illegally after two warnings. There’s a difference between saying and doing and I doubt there’ll be a change.

Will this make those pirates start buying again, or will they just go find the same stuff elsewhere? (via)

Update 17/04/2011: On the InternetNZ blog they point to Amanda Palmer at Webstock 2011 talking about music and giving it away for free. The relevant part starts at 25:00 but her whole talk is worth watching.

Update 19/04/2011: Jonathan Hunt tweeted a link to an episode of This Way Up on Radio NZ. Paul Brislen (from the Telecommunications Users Association Of New Zealand) and Peter Griffin (the Herald’s technology blogger) do a role play of what the notice process could be like, it starts around a third of the way in. You can listen here (MP3).

Some good points brought up:

Generally no legal representation is allowed at the Copyright Tribunal. There will be mums and dads who have no idea what is going on, trying to prove their innocence. There will be ignoring of notices out of confusion.
This could end up costing IPAPs (defined in the Bill as traditional ISPs; not universities, libraries, and businesses) who estimate costs as $14 to $56 per notice. It is noted in the Bill “that the United Kingdom has recently decided on a cost-sharing approach between rights holders and Internet service providers, at a ratio of 75:25 respectively”. ISPs overseas receive a huge number of these notices each day.
If you have a business with 5000 employees, how do you track down whose actions resulted in a copyright warning being sent?
If an Internet account is suspended, is the suspension meant to apply to all ISPs? If yes, is there going to be a database of offenders (potential privacy concerns). If no, couldn’t someone call another ISP and sign up with them?
This is only targeting P2P file sharing. If someone illegally downloads directly from a website, they’re unlikely to be tracked down unless website logs are kept and are requested by rights holders through the courts.
The regime won’t apply to mobile networks until August 2013. It is even easier to “sign up” for a new account; go down to the supermarket and buy another SIM card.

Update 4/06/2011: The United Nations has released a significant report (PDF) relating to freedom of expression on the Internet. A couple of paragraphs are extremely relevant to this post:

49. …he is alarmed by proposals to disconnect users from Internet access if they violate intellectual property rights. This also includes legislation based on the concept of “graduated response”, which imposes a series of penalties on copyright infringers that could lead to suspension of Internet service, such as the so-called “three-strikes-law” in France³⁴ and the Digital Economy Act 2010 of the United Kingdom.³⁵
78. …cutting off users from Internet access, regardless of the justification provided, including on the grounds of violating intellectual property rights law, to be disproportionate and thus a violation of article 19, paragraph 3, of the International Covenant on Civil and Political Rights.
79. …the Special Rapporteur urges States to repeal or amend existing intellectual copyright laws which permit users to be disconnected from Internet access, and to refrain from adopting such laws.

^{Image credit: Gary Denham}