As a company IT manager your job is plenty hectic enough as it is, and the last thing you need to deal with are threats and legal notices from movie studios and record companies. So you’ve put in place strict usage policies that all employees must follow, policies that forbid the use of file-sharing applications and the illegal downloading of copyrighted materials.
For a while this seems to work, but then one day it arrives: a dreaded DMCA (Digital Millennium Copyright Act) takedown notice claiming that an IP address in your company network was caught downloading the latest Indiana Jones movie. That’s it, you decide; this person is going to pay for breaking company policy and, worse, putting you through all this hassle.
So you track down the IP address and find the culprit. It’s your networked HP printer. Guess you didn’t know it was such a big Harrison Ford fan.
Now, of course, the printer didn’t download any content, or even use a file-sharing network. But it turns out that the methods used by entertainment industry investigators are even lazier and more inaccurate than most of us thought.
A recent study done by researchers at the University of Washington found that it was possible to receive hundreds of DMCA takedown notices without actually uploading or downloading any files. And it was also possible to easily frame other IP addresses to appear to be infringing and have actual DMCA notices sent to these, even when they were just printers.
It turns out that on BitTorrent networks, many of the firms that look for copyright violations don’t look for actual downloads or uploads before sending out violation notices. They simply look for IP addresses involved with the tracker that may be used by others for downloads. So this means that someone who uses BitTorrent solely for legitimate downloads (such as Linux distros and other large applications) could receive DMCA takedown notices without ever downloading copyrighted content.
Worse, the researchers in the study were able to easily spoof IP addresses to make it appear as if those addresses were involved in illegal downloads. They were able to do this since many BitTorrent trackers make it possible to define a proxy of any IP address, making it trivial to implicate any other user, system or business. The researchers also pointed out several other ways in which the wrong IP addresses could be targeted as copyright violators.
The DMCA investigators could easily fix this by only sending out takedown notices for IP addresses that they directly observed uploading or downloading illegal content, but this is more resource-intensive and less sweeping in its scope than the inaccurate vacuum cleaner approach they currently take.
And to be honest, I don’t think that there are many in the entertainment industry who even care if the enforcement methods are inaccurate. In my experience, most of the hardcore copyright enforcers in the entertainment industry believe that everyone illegally downloads content, so even if the specific takedown is wrong, you’re probably guilty of some other downloads.
Of course, this attitude could change if lots of business heads, legislators and judges start getting framed for DMCA violations. At that point they might have to take another look at their aggressive policies of attacking their own customers.
Because, honestly, does anyone really believe that the printer did it?