Infosecurity

In partnership with:

April 2008 issue

Music piracy born out of a ‘something for nothing’ society

Eleanor Dallaway

It is thought that there are currently 900 million music files available online to be downloaded illegally from file-sharing networks. Peer to peer file sharing programmes, the most common method of downloading music today, are easily accessible and blur the line between copyright and open source or free material.
The music industry argues that lost revenue from films and music illegally downloaded will continue to cost the creative industries dear until agreement is reached on how to tackle the problem.

Government proposals to cut the internet access of those illegally downloading music and films online would put the onus onto ISPs, who would be responsible for taking action over users accessing pirated material via their account.
The ISPA (internet services providers' association), in a recently released statement, has argued that “ISPs bear no legal liability for illegal file sharing as the content is not hosted on their servers”.
Technically identifying those downloading illegally may also be problematic, as the BitTorrent protocol – which allows files to be shared many times between internet users – splits the data in small packets for distribution, and can even encrypt the data stream, making ISP detection difficult, if not impossible.
The latest government creative economy programme’s strategy document on the subject of filesharing states “The Government recognises the value of the current discussions between ISPs and rights-holders; we would encourage the adoption of voluntary or commercial agreements between the ISPs and all relevant sectors. While a voluntary agreement remains our preferred option, we have made clear that we will not hesitate to legislate in this area if required.”
Parallel negotiations between Britain’s music industry and individual internet providers have been dragging on for two years. While the BPI, the record industry trade association, argues that ISPs need to take action against customers who are downloading music illegally on their networks, the ISPA deny that this is their responsibility.
Both associations believe that they have the government on their side and both admit that something needs to be done. The problem for them, and the industry and its users, is that neither association can agree on how this can be resolved and whose responsibility it is.

The three-strike proposal
Implementation of a three-strike regime in the US and France – under which repeat offenders are disconnected from their provider - has increased the pressure on UK internet companies and stiffened the government’s resolve.
A three-strike proposal would ensure that the responsibility for enforcing the law would fall to ISPs, who could face prosecution if they choose not to comply.
Richard Mollet, director of public affairs for the BPI, is an advocate for the three-strike proposal. “Guidance should be the first action” having identified a customer who has been downloading illegally, he says. “[ISPs] should write to the customer and tell them that their internet account is being used for illegal downloading. Research suggests that 70 per cent of people would stop downloading illegally after receiving a warning email” (http://www.dmwmedia.com/news/2008/03/04/survey%3A-isp-warning-would-stop-70%25-u.k.-file-swappers), says Mollet.
“If their IP address continues to download illegally, then that account should be suspended. This should be perceived as an act of intent. If the customer still continues to download music illegally, we would then ask the ISP to cancel the account”.
But what’s to stop that customer signing up for an account with a different ISP? “In an ideal world, all ISPs would agree to work together and disbar that customer from all ISPs”, said Mollet optimistically.
But this proposal dismisses privacy concerns, says an ISPA spokesperson.
“Sharing this information goes against privacy laws. ISPs do work together in a lot of ways, but you need to look at the practicalities and privacy concerns”.
“What happens if we got it wrong?” the spokesperson continued, “What is the burden of proof? If we wrote to a customer that wasn’t using the internet to illegally download music, and they decided to sue us, we’d have to pay those legal costs.
Suggesting that ISPs take on an enforcement role with no cost recovery just doesn’t make sense – especially as the music industry aren’t willing to pay for any of this.
Becky Hogge, executive director of The Open Rights Group is concerned that ISPs might cut off the wrong people. “Behind a lot of these people will be households using their internet connection for a range of purposes. The government will undo a lot of the good work it has done towards making Britain an enabled society if it starts cutting off internet connections willy-nilly”.
“[Any agreement that’s made] has to be legal, and it needs to involve government and law enforcement agencies. It’s important that we don’t confuse ourselves with law enforcement agencies”, ISPA’s spokesperson concludes.
Ray Stanton, BT’s head of business continuity, security and governance, agrees the IPSA stance. After all, he says, “ISPs will not be the policemen of the internet”.

Cops and robbers
The BPI say they’re not asking ISPs to monitor their customers’ traffic, and on the contrary are willing to do the detective work themselves.
“We’re just asking ISPs to communicate with their customers when we provide them with the IP addresses of those downloading illegally”, says Mollet. “It would be a very small number of people who would continue to download illegally after these warnings”.
“We just want ISPs to live up to the terms and conditions that disallow illegal downloading that they already have in place. It’s not an idea we’ve dreamt up, it’s there in black and white for their customers to see”.
But Mollet suggests that lack of enforcement is due to the ISPs benefiting from their customer’s illegal downloading habits. “For years, ISPs have built a business on other people’s music, yet have paid nothing to the creators of that music, and done little or nothing to address illegal downloading via their networks”, says BPI Chief Executive, Geoff Taylor.
ISPA rejects this claim, arguing: “People excessively downloading are upsetting users and damaging our bandwidth, which is obviously not something that we want”.

Facing the law
Although both the BPI and ISPA agree that they’d rather introduce a self-regulatory procedure to resolve the issue that could well see a large decline in the British creative industry, the BPI are welcoming the government’s suggestion of legislation with open arms.
“[Legislation] is a clumsy and blunt tool, but it’s fast becoming a last resort” said Mollet. “Our views on this are very similar to that of the governments; we don’t want to go to legislation, but if that’s what it comes down to, it’s our only option”.
ISPs are determined to avoid legislation however, and BT’s Ray Stanton insists that it’s just not their problem.
“Fundamentally we believe it is not the way forward to transfer the responsibility of enforcing copyright to ISP’s themselves…The EU E-commerce directive clearly establishes the status of ISPs as ‘mere conduits’ – we are not responsible for the specific content of the traffic that travels across our network”.
Furthermore, ISPA say that they cannot monitor or record the type of information passed over their network, and that, even if they could, the process throws up a legal minefield.
“ISPs are no more able to inspect and filter every single packet passing across their network than the Post Office is able to open every envelope…and data protection legislation actually prevents ISPs from looking at the content of the packets sent” a spokesperson said.
Stanton seconds this. “None of the technologies proposed by the ISPs to intercept or scan traffic as it travels across the network are proven to work at scale – the electronic equivalent of a ‘stop and search’ of all media files transmitted on our networks would not be a feasible solution”.
The BPI’s Richard Mollet says this is a bogus argument that he’s heard many times.
“We’re not asking ISPs to look at or open each packet – we’re able to identify those [downloading illegal music] by sitting on a peer-to-peer network and looking at IP addresses. Saying that we’re asking them to snoop is simply a canard”.
The Open Group’s Becky Hogge acknowledges that there could be technological complications with this technique. “A hardcore or dedicated illicit file-sharer will instantly route around any IP sniffing that goes on by using encryption”.

It’s all about the music
So what’s the biggest catalyst for clamping down on those downloading music illegally? Is it the cost? Or is the legality?
“The music and film industry are the most important issues here. All of the creative industries are suffering and we care about their future”, says Richard Mollet.
“Internet piracy is a serious threat to the music business here and around the world. In the digital marketplace where ISPs serve as gatekeepers between those making music and those wanting it for free, they need to take responsibility. Otherwise we’re going to see a big drop in creators making the music”.
Over at the BPI, Geoff Taylor says that the BPI supports new ways of selling music legally online.
“But these services are being stifled by a culture of something for nothing from which big telecoms corporations continue to profit at the expense of the music community. It is time ISPs started showing some corporate responsibility and partner with us to allow our digital creative economy to grow,” he said.
Mollet, meanwhile, says his organisation cannot compete against free.
But ISPA refute the claim that illegal downloads are damaging the music industry. “There has been great growth in digital downloads. Indeed, availability of music online saved the single. It’s important that the music industry embraces the internet, because it’s obvious that legal online sales are supporting the music industry”, an ISPA spokesperson says.

Corporate fear
Many organisations are becoming increasingly worried about staff using the company network for illegal downloading, and Spencer Parker, director of product management at ScanSafe, says that companies are right to be concerned. “The International Federation of the Phonographic Industry has recently started to take action against organisations rather than individuals”. Not only should companies be concerned about their exposure to legal liability should an employee be downloading illegally, but “downloads of music consume valuable bandwidth and can have a negative impact on productivity”, said Parker.
In addition to developing an acceptable web usage policy, companies should deploy a web filtering technology, Parker advises. “This will block access to unacceptable websites which might include pornography, gambling or illegal file sharing sites. We find that many companies don’t understand the scale of the problem until they turn our web filtering service on and immediately gain visibility into how employees are using the web”.
“Technology that allows internet providers to monitor what content is being downloaded is becoming more effective”, says James Bates, media director at consultants Deloitte.
Despite government proposals and reluctance from both the BPI and ISPA, legislation is looking more and more likely. ISPA continues to argue that ISPs should not have the power of judge and jury over the legality, suitability or appropriateness of the content that is contained on their servers.
And the BPI continue to fight to save the British creative industry and put a stop to music piracy, but to do this they need the ISPs’ support. Whether or not they offer this up before the government makes them, is one to watch.

Are disconnection or bandwidth throttling the answer?
Steve Gold

Over in Japan, the country's four main ISP associations agreed in March to actively disconnect users who were found to "repeatedly use Winny and other file-sharing programs to illegally copy gaming software and music."
In parallel with the move to disconnect repeat offenders, the four associations, which include the Telecom Service Association and the Telecommunications Carriers Association, are forming a consultative panel in conjunction with a number of copyright groups, to monitor the ongoing situation regarding internet piracy.
The plan is for the copyright groups - which include the Japanese Society for Rights of Authors, Composers and Publishers, and the Association of Copyright for Computer Software - to develop a set of guidelines for the permanent disconnection of illegal internet file-sharers.
Over in the US, meanwhile, cable service provider Comcast has been at the forefront of initiatives to severely restrict the bandwidth (known as throttling) of users of BitTorrent file-sharing applications such as Azureus, BitComet and others.
The telecoms regulator, the Federal Communications Commission, however, looks like coming down on the side of the users, as it is expected to rule that Comcast's actions are contrary to the principles of Net Neutrality, and instruct the ISP to release its bandwidth throttling of file-sharing users.
How the FCC's move will be interpreted by copyright enforcement organisations such as the MPAA and others remains to be seen, but the throttling (and disconnection) issue has now been overtaken by the arrival of new third-party file-sharing services such as Furk.net in Germany.
These services allow users to register and instruct the servers to carry out the file-sharing procedure on their behalf, downloading the resultant file securely and anonymously.
This technology solution to the issues of legal action, throttling and disconnection of illegal file-sharers add a whole new dimension to what is an incredibly complex set of technology and legal issues.