On July 1, 2012 television, movie, music businesses, as well as major Communications Service Providers (CSPs) in the US (including AT&T, Verizon, Comcast, Cablevision, Time Warner Cable) started implementing a voluntary Copyright Alert System, often referred to as the “6-strikes rule” to reduce online copyright infringement in the US. The agreement seeks to create balance between rights to privacy as well as rights to content, an argument which had put the CSPs in the middle.
Previous to this agreement, using the US Digital Millennium Copyright Act (DMCA), a content holder would typically go to a CSP and request the identity of a suspected infringer, and then notify them directly. This had lead to a large number of blanket lawsuits and a large amount of work for the CSP to lookup who had a specific IP address at some time, which is why the Copyright Alert System was created.
So how does the identification of suspected copyright infringement occur? Is your ISP snooping on you? In a nutshell: the detection is done by a 3rd party, not by your ISP and it is done off the network. To answer this question more thoroughly, let’s first look at how that information is collected, by examining how one of the most popular P2P filesharing networks works – BitTorrent.
With BitTorrent there are several key components. The ‘tracker’ is an entity which acts like a phone book: it knows who has what pieces of a file. A ‘seed’ is a computer that has completed the download of a file and is sharing it with others. A ‘leech’ is a computer that is still trying to download the file. As shown in the figure below, the communication flows are:
- Seed to Tracker: notifies tracker that it has 100% of the file, of the IP address & port of the seed computer
- Leech to Tracker: notifies tracker what segments it has, of its IP and port
- Seed to Leech: Leech connects directly, downloads missing chunks
- Leech to Leech: Leech connects directly, downloads missing chunks
Typically the communication between the peers (Seed & Leech) is encrypted and cannot be seen by anyone except the two computers communicating with each other. Even if that data stream could be intercepted in some way, files are only identified by an undecipherable ‘hash’, meaning instead of seeing a file being transferred as ‘boxofficehit’, they would see an alphanumeric string of characters like ‘350df1e49804608d65ef7769b0430cb6’.
Prior to the implementation of the ‘six-strike model’ (or for CSP’s who are not participating in the agreement), companies generically termed ‘media defenders’ such as Peer Media Technologies played a key role in attempting to enforce copyright law. These companies follow torrent websites such as The Pirate Bay or Demonoid that are known to index large volumes of torrent files. Using the content on these sites, they obtain the ‘hash’ names of the files, then connect to the trackers in order to obtain a list of the IP/port for the seeds and leeches to create a database of what IP/port is sharing what hash, from what web-site and its filename.
The media defender companies would then take the IP and port addresses obtained, lookup the CSP (using Whois) and then send a letter to them asking to provide the subscriber’s contact information. The CSP would, if they agreed, look in their internal database of who was using that IP and port at that time and then provide the information. In instances where the CSP did not volunteer to provide subscriber contact information, the media defenders could then go to court and attempt to obtain a Doe subpoena in order to find the identity of the accused infringer.
Under the new ‘six-strikes model’, the CSPs who are participants in the system now agree to notify their subscribers who have been identified as downloading infringing content on behalf of the media defender, but not to provide the identity of the subscriber to the media defender or attempt to determine what content is potentially being infringed. Once a subscriber has received a sixth-strike they may face mitigation measures that could include a temporary reduction in Internet speed or a redirection to a landing page with educational material.
Throughout the entire escalation process, the copyright owner still maintains their right to pursue legal action under the DMCA, although both CSPs and copyright owners who are participants in the alert system feel that there will be very few subscribers who after having received multiple alerts, will continue to infringe on copyrighted works.
There have been a lot of mainstream press articles recently that have fundamentally misunderstood the data flows and the participants involved with this new Copyright Alert System. As more subscribers begin to receive copyright notifications in the coming weeks, I expect this to get even more attention, so I just wanted to take to shed some insight on how the identification process works.
If you have any questions, feel free to drop a question in the comments, and I will do my best to answer them for you.