ISPs assist in cutting off file-sharing users

Becky waring By Becky Waring

Internet service providers are cooperating more and more with copyright holders to crack down on illegal downloading and peer-to-peer file-sharing.

Some of the changes are due to strict new piracy laws, but others appear to arise from sheer self-interest on the ISPs’ part.

Somali pirates aren’t the only ones making headlines recently. The widely publicized Pirate Bay verdict in Sweden has sent a chill down the spines of BitTorrent freaks worldwide and cast a spotlight on the intensifying battle against illegal downloaders.

Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 7, Windows 8, Windows XP, Firefox, Internet Explorer, Google, etc. Join our 480,000 subscribers!

PC Drive Maintenance (Excerpt)

Subscribe and get our monthly bonuses - free!

Your hard drives store photos, books, music and film libraries, letters, financial documents and so on. This ebook is aimed at helping you understand your hard drives, expand their capacities and length of life, and recover what you can from them when they fail. We're offering you a FREE Excerpt! Get this excerpt and other 4 bonuses if you subscribe FREE now!



In addition to helping convict the Pirate Bay operators, Sweden’s new Intellectual Property Rights Enforcement Directive (IPRED) allows courts to order ISPs in that country to reveal to copyright holders the names of anyone suspected of sharing files illegally. The copyright holders can then use the information to sue or collect damages. Immediately after the law went into effect last month, Internet usage in Sweden dropped by 30%.

While most ISPs in the U.S. and other countries will release information about subscribers only when presented with a court order, these ISPs may not be displeased by the increased pressure being placed on file-sharing networks. Reducing peer-to-peer traffic by the threat of legal action would help unclog the ISPs’ networks and free up some of their bandwidth.

“Fundamentally, ISPs (like all communications carriers) have a primary obligation to their customers not to inspect traffic unless it is necessary for the service, or to disclose information without being required to do so,” Electronic Privacy Information Center (EPIC) president Marc Rotenberg told me in an e-mail interview.

However, Rotenberg also notes that “ISPs are being pulled in several different directions. Advertisers want access to ISP data traffic for marketing. Governments want ISP data retained for surveillance. But the ISPs have one of the most stable business models around — a subscriber-based service — and clear obligations to protect the privacy of their customers.”

Just last year, Charter Communications introduced a deep-packet inspection (DPI) program to gather information from subscriber traffic that online ad firm NebuAd would have used to deliver targeted advertising. Aborted due to the widespread outcry, the program nonetheless illustrates the power of today’s filtering technology.

According to EPIC, “DPI provides ISPs with access to the content of all unencrypted Internet traffic that ISP customers send or receive.” DPI used to be logistically infeasible on a large scale due to the resources required, but that’s no longer the case.

Basically, if unencrypted files are coming through your pipe, your ISP can read them. And since most e-mail, browsing, downloading, and media streaming is not encrypted, your data and your privacy are at risk.

Only federal privacy legislation can prevent such filtering and information gathering. Right now, the U.S. Congress is working on just such a privacy bill, but any legislation able to pass the House and Senate will likely be tempered with provisions for copyright holders.

Recording industry’s new global-scare tactics

So what are the rights-holders doing? After many years of futile efforts, the Recording Industry Association of America (RIAA) finally recognizes that filing lawsuits against individual illegal downloaders is ineffectual in reducing piracy and is a public-relations disaster to boot. The association has stopped filing new cases in the U.S.

Instead, the RIAA instituted a new “graduated response” program earlier this year under which ISPs forward warning letters threatening repeat offenders with account suspension, termination, and other consequences.

The strategy attempts to make parents responsible for their children’s activities, school administrators liable for the network use of their students, and ISPs accountable for all their users. Underlying this policy is the belief that suspension or cancellation of Internet access can be applied much more broadly than lawsuits — to millions of customers rather than to hundreds.

The first warning letter typically contains this statement: “Please bear in mind that this letter serves as an official notice to you that this network user may be liable for the illegal activity occurring on your network. This letter does not constitute a waiver of our members’ rights to recover or claim relief for damages incurred by this illegal activity, nor does it waive the right to bring legal action against the user at issue for engaging in music theft.”

ISPs are cooperating with this program, but not just to appease the RIAA. They are mandated by the Digital Millennium Copyright Act to pass on the letters and to provide illegal downloaders’ identities to copyright holders, pursuant to a court order. Any action beyond that is up to the ISPs.

Some service providers cut off access after repeated infringement, while others leave further enforcement up to the RIAA. For example, Comcast says it has already sent 2 million warning notices to downloaders but that it has no plans to cut off users’ access.

AT&T agrees. At last month’s Leadership Music Digital Summit, AT&T senior executive vice president Jim Cicconi avowed that “AT&T is not going to suspend or terminate anyone’s policy without a court order. What we do is send notices and keep track of violations and IP addresses. It’s our view that any stronger action has got to rest with the copyright owner … That’s what the courts are there for.”

UPDATE 2009-05-14: For more on ISPs threatening to cancel the accounts of users that music and movie industry associations have identified as illegally downloading and sharing files, see the May 14, 2009, Known Issues column.


However, other countries are taking a harder line by enacting new laws and requiring that ISPs suspend repeat offenders. Here are a few examples:
  • In Ireland, major ISP Eircom was sued by four large music labels this January. The companies were seeking to have the ISP monitor its subscribers for illegal file-sharing. A settlement was reached that will disconnect customers after three strikes.

  • In Taiwan, a new anti–file-sharing amendment was passed in April that makes it a crime to deploy peer-to-peer technology that facilitates the exchange of copyrighted material. In addition, users who are caught downloading copyrighted material more than twice face restrictions on their Internet access.

  • In France, legislators are working to pass a similar law that would “boot repeat file-sharers from the Internet for up to a year at a time,” according to an Ars Technica report. A blacklist preventing suspended users from signing up with any ISP in the country would be maintained, and ISPs who fail to promptly cut off suspects would be subject to a €5,000 fine for each instance.
Perhaps the most onerous and insidious part of the proposed French law is that users will also be required to keep their networks secure with certified software so that they can’t claim that someone used their network without their knowledge. This puts the responsibility on network owners for the actions of their users, whether family, friends, students, employees, or customers. The law may be altered before it passes, but so far it has major-party support.

MPAA and RIAA identify illegal downloaders

The laws aren’t the only things getting tougher — so are the downloaders. Predictably, P2P users are employing technology to fight technology, creating an arms race between file-sharers and the recording industry.

To identify illegal downloaders, the RIAA, Motion Picture Association of America (MPAA), and other industry organizations are taking advantage of the public nature of peer-to-peer file-sharing and streaming networks to determine users’ IP addresses. Then they get court orders to force ISPs to identify subscribers. In Canada, the courts have ruled that no warrant is needed and that an IP address is public data, just like a home address.

File-sharers who want to hide from this type of surveillance are using proxy services and anonymous networks such as Freenet, GnuNet, and Mute. While these services currently offer only a small fraction of the content of BitTorrent and Gnutella, the anonymizing movement has grown fast since the recent prosecution of the Pirate Bay operators in Sweden.

Pirate Bay itself is introducing iPredator this month, a global service that promises more anonymity than traditional virtual private networks (VPNs). According to TorrentFreak, “the weak link in any VPN/anonymity service is always their willingness (or otherwise) to hand over your customer data when pressured under the law. However, with iPredator, this should not be an issue since the service is promising to keep no logs of user activity whatsoever.”

Sounds foolproof, right? Well, only if no laws are passed requiring ISPs to keep user logs — as has been proposed in Great Britain — and only if ISPs don’t use DPI to see what you’re downloading and filter it out before it even gets to you, as may become the case in Australia.

The Australian Federation Against Copyright Theft (AFACT, which is similar to the MPAA) launched a lawsuit last fall claiming copyright infringement against major Australian ISP iiNET. AFACT appears to want Australian ISPs to filter out illegal downloads for the movie industry.

In the long term, according to EPIC’s Rotenberg, “the best safeguards for ISP data may come about from a combination of good privacy law and stronger technical measures, such as IPsec.”

In the meantime, if you’re concerned about the privacy of your Web downloads, use a VPN, proxy, or anonymizing service as a first line of defense. The free Tor program is one such option; you’ll find more information about the software at the Tor Project site.

Becky Waring has worked as a writer and editor for CNET, ZDNet, Technology Review, Upside Magazine, and many other news sources.
= Paid content

All Windows Secrets articles posted on 2009-05-07:

Becky Waring

About Becky Waring

Becky Waring has worked as a writer and editor for CNET, ZDNET, Technology Review, Upside Magazine, and many other news sources. She alternates the Best Software column with Windows Secrets contributing editor Scott Spanbauer.