Feeds:
Posts
Comments

Archive for the ‘Technology’ Category

I am not licensed to practice law in Canada, and my knowledge (as far as I am able to share) is limited to U.S. Copyright Law, and the states in which I am licensed.

That being said, I have received more than just a few inquiries from those of you who have received “DMCA Copyright Infringement Notices” from your ISPs in Canada and Australia, and I thought it was time to clarify which ISPs appear to be “working” with Ira Siegel (CEG-TEK), and what their capabilities appear to be.

HOW CAN CEG-TEK SEND OUT LETTERS TO CANADIAN CITIZENS, AND WHICH CANADIAN ISPs APPEAR TO BE WORKING WITH CEG-TEK?

So far, infringement notices began to be sent out to Canadians under a loophole which allowed U.S. copyright holders to send infringement notices to Canadian subscribers.  While many have received these notices, it appears to me that CEG-TEK is focusing on the following ISPs:

Bell Canada
Rogers Communications (a.k.a. Rogers Cable)

Shaw Communications Inc. (a.k.a. Shaw Cablesystems G.P., or “sjrb.ca”)
ACN Canada
Electronic Box Inc.
TELUS Communications Company
Start Communications (a.k.a. “start.ca”)
TekSavvy Solutions Inc.

Now obviously there are others out there, but these seem to be where the focus of the letters seem to be going out.  Also, remember that CEG-TEK spends a large amount of time recruiting ISPs to sign on to their “cause” to eliminate piracy.  I remember how happy they were when in the U.S., they got COX Communications to start working with them.  No doubt, they are working to recruit more and more ISPs every day, and these few ISPs seem to be the Canadian ISPs that CEG-TEK appears to be regularly using to send out the DMCA settlement demand letters.

WHAT DO THE CANADIAN ISPs [WHO WORK WITH CEG-TEK] APPEAR TO BE PROVIDING THEM?

Originally, I expected that because of the Canadian loophole, that CEG-TEK was sending these “blind,” meaning, not knowing who the downloader is.  But, because of recent trends (where CEG-TEK is now picking up “additional cases” which were downloaded by that same user sometimes weeks or months ago), I am now understanding that certain Canadian ISPs (my best guess, Bell Canada, Rogers, Shaw, and possibly the others) are working with CEG-TEK to provide them 1) geolocation data as to where the downloads are taking place, and/or 2) lists of past IP addresses which have been leased to that internet user / subscriber over the past twelve months (or, whatever that ISPs “IP Retention Policy” before they purge the IP address data for older records).

Thus, Canadian CEG-TEK cases are starting to look and act more like U.S. CEG-TEK cases as far as them having the ability to identify who the subscriber is, and CEG-TEK being able to “look back in time” to see what other bittorrent downloads belonging to their many clients [that their bots tracked on the bittorrent networks realtime weeks or even months ago] these subscribers participated in.

WHAT ARE YOUR CONSIDERATIONS AS TO WHETHER TO IGNORE OR SETTLE WHEN YOU LIVE OUTSIDE OF THE U.S.:

If the Canadian accused of downloading copyrighted materials via bittorrent is concerned that maybe they will be named and served as a defendant in a U.S. federal court, and they have a reputation that they must preserve (meaning, they have little-to-no risk tolerance of having their name become associated with being part of a pornography or piracy lawsuit), AND THE COPYRIGHT HOLDER IS A “COPYRIGHT TROLL,” (meaning, they have sued John Doe Defendants in the U.S. courts, or they have made known that they intend to sue defendants who ignore the DMCA copyright infringement letters that are sent to accused internet users), ONLY THEN does it make sense to settle a CEG-TEK claim against you.

Why?  Because as soon as an individual is named and served as a defendant in a U.S. lawsuit, there are many “spiders” and “robots” which comb the U.S. District Court (federal) court cases, and report and index the names of the court cases on the various search engines.  The efffect of these “spiders” on a Canadian is that information on the lawsuit gets posted on the internet and remains there forever.  That way, if someone (e.g., an employer, a creditor, or someone who wants to dig up information on a particular person) does an internet search for that person’s name, then that person’s name and his involvement in the lawsuit will show up as one of the top entries on the search engine’s results, along with the case information.

And to make matters worse (which is why I would like to see some discretion on the part of the websites NOT to index the names of defendants in search engine results), even if that accused defendant did not do the download but was merely the account holder when the download allegedly occurred, or EVEN IF THAT DEFENDANT FIGHTS THE CHARGES AND WINS — FOREVER, THAT “NAMED” DEFENDANT WILL HAVE THE FACT THAT THEY WERE IMPLICATED IN A COPYRIGHT INFRINGEMENT LAWSUIT FOR PORNOGRAPHY OR PIRACY will have their reputations tarnished because the lawsuit will show up in the search engine results.

This is the most powerful leverage a copyright holder has over an accused defendant, namely, that even if he fights the case and wins, his reputation will forever be tarnished, and for this reason alone people settle the claims against them, even before there is a lawsuit.  I have spoken to hundreds (if not thousands of accused defendants) over the years, and this is the primary reason people (even those outside of the U.S.) settle.

[Personally, this is why I would like to see the laws changed to make it a crime (or more likely, very heavy civil fines, penalties, or sanctions) to name and serve a defendant without having a higher threshold of evidence (e.g., “clear and convincing” rather than “more likely than not”) that it was them who did the crime they are accused of.  Too many families have had their reputations ruined because some overzealous attorney accused them of a crime they did not commit.]

Because of the leverage a copyright holder yields over an accused defendant that they may sue, this is why I read the press releases and follow the financial lives of many of the copyright holders — so that I can properly predict what they will or will not do in the future.  This is also why I make such a large distinction on this blog and when discussing cases with potential clients of distinguishing those copyright holders who are “copyright trolls” (those who have sued in the past, or are likely to sue in the future) versus those who have not yet sued in the U.S. federal courts, and those who (in my opinion) will never sue.  That way, at least I can properly advise clients as to which copyright holders pose the greatest risks, and which copyright holders they can ignore based on who the copyright holders are, what they have done in the past, and what they have publicly stated (in court cases, motions, press releases, and on website articles) that they will do in the future.

IN SUMMARY:

So for those of you who live in Canada, or Australia, or whatever countries the U.S. copyright holders will go next to enforce their rights, please be level-headed when receiving these infringement notices from CEG-TEK and the like.  Don’t call the copyright holder or CEG-TEK and argue whether you are “guilty” or not, because their job is merely to collect a settlement from you.  Rather, contact an attorney (me, or someone else who knows the operation of CEG-TEK and the tendencies of the specific copyright holder), and determine whether you are dealing with what I refer to as a “copyright troll” or not.  Assess your risks, and proceed accordingly down the “settle” or “ignore” route we discuss on our calls.

Once again, the main consideration as to why people settle is if you have a copyright holder who is a “copyright troll,” and you are concerned that you will be named and served as a defendant in a U.S. lawsuit, and that your involvement in that lawsuit (whether or not you are found guilty) will tarnish your reputation abroad in a search engine when someone searches your name when applying for a job, etc.  Otherwise, learn who your copyright holder is and if there is a low risk of them suing, save your money.

LEGAL DISCLAIMER: I personally find it silly to see attorneys place disclaimers on website articles, but here it is actually appropriate.  In this article, I am not suggesting that any person ignore a settlement demand letter that is sent to them, nor am I suggesting that they settle the claims against them.  I am also merely stating my thoughts about the likelihood of being sued so that they can evaluate their options and the risks and rewards of each course of action.  These are not legal opinions, nor are they to be considered advice to act upon or not act upon. 

Every person’s situation is different, and every person has a slightly different set of circumstances that can affect whether the best course of action is to ignore, fight, or settle, and every copyright holder similarly makes the same financial risk-reward analysis of whether it makes financial sense to take a particular action.  Often, lawyers take actions which do not make financial sense for an alternative reason, e.g., to get a judgement in a particular location against a poor person, NOT to ever collect that judgement, but as a trophy or a weapon to show the next set of would-be defendants that he is ready, able, and willing to pursue a particular line of attack against them as just as they did to so-and-so.  The opinions stated here are my own calculations based on my own understanding of the circumstances.


CONTACT FORM: If you have a question or comment about what I have written, and you want to keep it *for my eyes only*, please feel free to use the form below. The information you post will be e-mailed to me, and I will be happy to respond.

NOTE: No attorney client relationship is established by sending this form, and while the attorney-client privilege (which keeps everything that you share confidential and private) attaches immediately when you contact me, I do not become your attorney until we sign a contract together.  That being said, please do not state anything “incriminating” about your case when using this form, or more practically, in any e-mail.

Read Full Post »

There was a point where someone raised the question, “should I be afraid that a copyright troll might try to sue or collect money for copyrights they don’t own?” That is an interesting question and certainly this could happen, but apparently CEG-TEK took it seriously since they represent so many copyright holders, and they have altered some of the DMCA letters that they send to accused internet users through their ISPs.

As a response to this question (which I suppose was asked enough times to inspire them to take action upon it), in the most recent versions of the CEG-TEK DMCA letters, there is now often a link to a “certification page” which affirms that CEG-TEK is authorized to collect settlements on behalf of a particular copyright holder.

I clicked on a few of the links, and while a few of them were innocuous (containing only the certification from the copyright holder’s website), some of them were pretty explicit as far as the graphics they show on their websites. I thought it would be a good idea to take a few screenshots and post them here, but after seeing a few of the sites, posting the screenshots here would put our website into the “Not Safe For Work (‘NSFW’)” category (as if it is not already in that category from its content).  I have pasted one below just to show an example of what they look like:

Reality Kings

For some of their other clients, below are some of the links I have collected over the past few weeks (and by NO MEANS is this a complete list of CEG-TEK’s client list. I tried to create such a “List of CEG-TEK clients” in June, 2014, and it backfired because immediately afterwards, so many of the copyright holders scattered and changed their name completely confusing the issue of who is a copyright troll and who is not a copyright troll.) I am merely providing this list as a quick sample to prove the existence of an AGENCY AGREEMENT between CEG-TEK and various copyright holders:

Digital Sin Inc. (a known copyright troll which carries the following brands: Digital Sin Inc, Greedy, Hot Boxxx, Lesbian Provocateur, New Sensations Inc*, The Romance Series, Vengeance XXX, X-Play)
http://www.digitalsindvd.com/distro/agent-cert.php

MG Premium Ltd DBA Mofos (which carries the following brands: Canshetakeit, Iknowthatgirl, Ingangwebang, Latinasextapes, Letstryanal, Milfslikeitblack, Mofos, Mofosnetwork, Mofosoldschool, Mofosworldwide, Pervsonpatrol, Publicpickups Realslutparty, Shesafreak, Teensatwork)
http://www.mofos.com/cegtek-cert/

Porn Pros [also seen as AMA Multimedia, LLC] (which carries the following brands: Drive Shaft, Gay Castings, Gay Room, Man Royale, Men POV, Porn Pros, Pure Passion, Thick and Big, Tiny4K)
http://pornpros.com/cegtek-cert

MG Premium Ltd DBA Brazzers (which carries the following brands: Asses In Public, Baby Got Boobs, Big Butts Like It Big, Big Tits At School, Big Tits At Work, Big Tits In Sports, Big Tits In Uniform, Big Wet Butts, Brazzers, Brazzers Vault, Brazzers Network, Busty And Real, Bustyz, Butts And Black, Day With A Pornstar, Dirty Masseur, Doctor Adventures, Hot And Mean, Hot Chicks Big Asses, HQ Honeys, Jizz On My Juggs, Jugfuckers, Milfs Like It Big, Mommy Got Boobs, Pornstars Like It Big, Racks And Blacks, Real Wife Stories, Sex Pro Adventures, Shes Gonna Squirt, Teens Li)
http://www.brazzers.com/cegtek-cert/

MG Content RK Limited DBA Reality Kings (which carries the following brands: 40inchplus, 8thStreetLatinas, Bignaturals, BigTitsBoss, Bikini Crashers, CaptainStabbin, CFNM Secret, Cum Girls, CumFiesta, Cumfu, Dangerous Dongs, EuroSexParties, Extreme Asses, Extreme Naturals, FirstTimeAuditions, FlowerTucci, Footville, Girls of Naked, Happy Tugs, Hot Bush, InTheVip, Itsreal, Kingdong, Kristinslife, Manueluncut, MegaCockCravers, MikeInBrazil, MikesApartment, MilfHunter, MilfNextDoor, Mollyslife, Moms Bang Teens, MoneyTalks, MonsterCurves, Muffia, Mysexylife, Nakedmovie, etc.)
http://www.realitykings.com/cegtek-cert.htm

MG Content DP Limited DBA Digital Playground
http://www.digitalplayground.com/cegtek.html

E.A. Productions / Evil Angel
http://www.evilangelvideo.com/copyright/

Addicted 2 Girls
http://www.addicted2girls.com/cegtek.php

New Sensations Inc. (a known copyright troll which carries the following brands: Digital Sin Inc*, Greedy, Hot Boxxx, Lesbian Provocateur, New Sensations Inc, The Romance Series, Vengeance XXX, X-Play)
http://www.newsensations.com/tour_ns/cert.html

MG Cyprus Ltd DBA Men
http://www.men.com/cegtek-cert/

*[UNRELATED, BUT FUN TO NOTICE: Note the overlap between these companies as far as which brands are owned by which companies. Many of the popular names have the same parent company, e.g., MG Content, MG Premium, or more plainly, Manwin.  Also notice that some “brands” which market themselves to be separate and apart from one another are actually owned by the same entity, e.g., New Sensations, Inc. and Digital Sin, Inc.; as much as they tried to pretend that they were different entities when suing in the federal courts, we now know that they are the same entity. It is also interesting to see what a “small world” the adult industry is, and who the power players are behind the scenes of the “large” brand names. Unrelated to this article, when defending clients in federal court and in settlement negotiations, I have often found it funny to find that “old man grandpa” or “innocuous family woman grandma” is the CEO or power behind a large multi-million dollar adult company.]

What to take away from this article is simply that CEG-TEK’s role is as an “Intellectual Property Monetization” company, where the copyright holders hire them to track instances of copyright infringement using the bittorrent networks (hence the “CEG” portion of their name stands for “Copyright Enforcement Group,”), to collect and record the IP addresses of the accused infringers, identify the internet service providers (ISPs) associated with those IP addresses (and yes, they now contact ISPs not only in the U.S., but also in Canada and Australia), and request, pay, pressure, or threaten the ISPs to forward their copyright infringement notices to the subscribers which invites the accused internet user to visit their CopyrightSettlements.com website in order to view the claims against them and to pay a settlement fee to avoid potential legal action that may be taken against the internet users.

What is also important to note is that the legal role CEG-TEK plays is the authorized AGENT of the copyright holder. This means that whatever CEG-TEK agrees to (e.g., when an attorney negotiates a settlement on behalf of a client, or when CEG-TEK agrees to make one or more cases “go away” as part of a settlement negotiation), all of their activities are binding on their client, the copyright holder. Thus, if you pay CEG-TEK*, it is as if you paid the copyright holder. I am obviously simplifying the law of Agency here (where there are nuances), but what to take away is that anything CEG-TEK does, they do on behalf of their client and with the implicit [and in many cases, explicit] authorization of their client. That means that no, a copyright holder cannot turn around and sue you if you paid CEG-TEK to satisfy that copyright holder’s claim of copyright infringement against you where that client has hired CEG-TEK to enforce the copyright holder’s copyrights on their behalf (now you know the term, as their “agent.”).

*NOTE: I don’t need to toot my own horn and solicit my own services, but before you decide to pay CEG-TEK or visit their website, please do your research and contact an attorney who is familiar with their operation.  There are things to be aware of specifically with regard to capabilities CEG-TEK and ISPs have as far as geolocation technologies to identify the location where a download is claimed to have taken place, and how a company can dig into your past browsing history (with the help of an ISP providing your past IP addresses) in order to discover past acts you may or may not have taken part in.  Each of these impact your anonymity when settling a claim against you, and ultimately what a copyright holder can or can not later claim against you.  Your lawyer should understand this to help you understand the limits of CEG-TEK’s knowledge so that whether you choose to ignore or settle a claim, you will be aware of who is allowed to do what before, during, and after a settlement, and what are the time limits they face before information they may have on you is purged from your ISP’s records, sometimes making it unnecessary to worry about a settlement or a lawsuit.

Read Full Post »

Last month, I wrote an article entitled, “Whether internet porn viewers ‘should expect viewing histories to be made public.”  The fear that prompted that article was that someone could hack into the logs of a porn-streaming website, and with that information, expose the porn viewing habits of millions of Americans.  The conclusion of that article was that it would be difficult for a hacker to hack into a website which streams adult content, steal the website’s logs containing the IP addresses of those who have viewed the web pages which stream the videos, and then somehow correlate that IP address list with the actual identities of the internet users.  Thus, I do not expect to see any Ashley Madison hacks for websites streaming copyrighted content anytime soon.

The next question people asked was, “can I be sued for viewing copyrighted content on a YouTube-like site?”  In short, the answer is yes, you can be sued, but it will likely never happen.  Here’s why:

POINT #1: A COPYRIGHT HOLDER WOULD LIKELY NOT BE ABLE TO OBTAIN THE IP ADDRESSES OF THOSE WHO VIEWED THE WEBSITE STREAMING THE CONTENT.

While a hacker would likely be able to obtain the IP address records from a pornography website’s analytics through theft, a copyright enforcement company such as CEG-TEK or RightsCorp would be unable to get this information without 1) a court order, or 2) the cooperation of the adult website itself.  The reason for this is that 1) porn website owners are notoriously outside the U.S., and thus, they are outside the jurisdiction of the U.S. federal courts.  The copyright holders could try suing the website owners, but this is often a difficult task (finding an elusive website owner outside the U.S. is a much more difficult task than suing internet users who participate in a bittorrent swarm to obtain files using BitTorrent).

While the analytics companies could be sued and forced to disclose the list of IP addresses for a particular website, this is also an unlikely scenario because complying with such a court order directing them to turn over records for one of their clients’ websites could be 1) illegal, and 2) it could put them in jeopardy of being sued by their customer.  So this is not a likely outcome.

Secondly, the copyright holders could “join forces” with the website owners to participate in the financial earnings of going after the downloaders (alternatively, they could be outright paid to disclose this information), but again, doing so would put the websites own visitors (their own customers) in financial jeopardy, and thus they would likely not participate in such a scheme.

In short, it is unlikely that a copyright holder would be able to obtain this needed list of IP addresses of those who viewed certain copyrighted content, and thus, with a streaming site, the copyright holders would likely not be able to learn who you are.

NOTE: It is still advisable to use a VPN when accessing a site streaming content, because your own ISP could be monitoring your web viewing habits, and they ARE in the U.S., and they could be sued and/or pressured to hand over “evidence” that your account visited a particular web page at a certain date and time.  It is unlikely this would ever happen, but it is best to err on the side of caution.

POINT #2: ALL LAWSUITS TO DATE HAVE BEEN FOR BITTORRENT ACTIVITY.  I HAVE NEVER (YET) SEEN A LAWSUIT SUING SOMEONE WHO VIEWED A PARTICULAR VIDEO ON A PARTICULAR WEBSITE.

To date [and as far as I am aware], all of the copyright infringement lawsuits filed in the U.S. District Courts (the federal courts) across the U.S. have been for BITTORRENT ACTIVITY.

With very few exceptions where the copyright holder identified and sued the UPLOADER (the one who POSTED the video onto the website) based on a watermark or secret code embedded into the copyrighted video that identified the accused infringer as being the one who disseminated the copyrighted materials, there has never been a “John Doe” bittorrent lawsuit against a downloader who got caught by viewing content streamed on a YouTube-like website.  This is not to say that there will not be one in the future based on future internet fingerprint IDs forced upon internet users by government entities, or the like.

Thus, copyright holders have not yet and likely will never go through the initial step of 1) suing the website owner to obtain the list of IP addresses, and for this reason, I have not seen and do not foresee seeing lawsuits filed against internet users who view copyrighted content using a YouTube-like streaming service.

This is not to suggest or encourage that someone use this medium of viewing copyrighted films as technology can change, laws can change, and as the courts loosen their long-arm jurisdiction against foreign corporations and entities (weakening the Asahi case), the United States might start asserting its jurisdictions over foreign countries or foreign entities or corporations, and they might start forcing an internet fingerprint ID on the citizenry to track each citizen’s internet usage.  The takeaway, however, is that it is a lot harder to sue someone for viewing streamed content rather than suing someone for downloading content via bittorrent.

NOTE: An obvious exception to this article are those who have created accounts using their real identity or contact information, either 1) to participate or comment on forums or in the comment sections of the websites, or 2) those who pay a monthly or annual membership to access the premium content (e.g., faster speeds, unlimited content, etc.).  If you have an account on a website which streams content, then YES, your identity is at risk, and your viewing habits could be exposed for the world to see.  Otherwise, likely not.

Read Full Post »

[This is a post about security and privacy.  In this post, I speak about what could go wrong if you do not properly secure your computer, and my thoughts about encryption and privacy.]

I am reviewing a case where a group of “zombie” infected computers have been hacked to work together (a “botnet”), and it appears as if the courts are going after ZeroAccess as the crime ring behind the botnet. In my readings, a federal judge has blocked the IP addresses belonging to ZeroAccess-infected computers because they allegedly directed many of their millions of infected computers to click on a number of paid ads, where the advertisers using Google, Bing, and Yahoo! have paid out an estimated $2.7 Million per month from the ad revenue generated as a result of these clicks. The lawsuit is for what is known as “click fraud,” and it got me thinking about 1) the application to the bittorrent lawsuits, and 2) to privacy and security in general.

While I have NO REASON to think the following is happening, it is completely plausible that one or more “infected” computers could be directed to connect to various bittorrent files without the computer owners being aware of the “zombie” status of their computers (e.g., the software is being run as a service, or minimized without an icon showing on the desktop).  While the connections to the bittorrent swarms are happening, the copyright trolls could be “coincidentally” monitoring the bittorrent swarms as the downloads are happening unbenownst to the computer owner. When the copyright holders (“copyright trolls”) send the DMCA letters to the ISPs, or when they file John Doe copyright infringement lawsuits against the subscribers, the ISPs would correctly confirm and coroborate that it was the subscriber’s ISP who was connected to the bittorrent swarm at that particular date and time, and the problematic conclusion would be that it was the subscriber who downloaded the file. And, when the download was complete, even though the malware would likely “cover its tracks” by deleting all traces of itself, it would be programmed to leave the downloaded copyrighted file in some obscure randomized file folder on the subscriber’s computer to be “conveniently” found by the forensic examiners during the lawsuit. I understand that malware could also actually alter the computer’s logs based on analyzing the computer owner’s past browsing history and program usage (most people do not clean this) to make it look as if it was the ACCUSED SUBSCRIBER who was “at his computer at the time of the download.” This could all happen without the knowledge of the subscriber being aware that the computer was infected with the malware or that the illegal downloads were taking place.

While this feels a bit sci-fi’ish, and again, I have no reason to think this is actually taking place, the technology is certainly around for this to happen.  I have personally watched enough podcast videos on Hak5 demonstrating how this could be done, and I could figure out ways to alter the malware program to gain administrator access to the computer and change the system logs on the computer before deleting itself.  If someone as simple as me could figure out how to do it, for sure the more crafty ones will eventually stumble onto this scheme as well. For this reason, I am writing this article as a warning to take your computer’s security and your online privacy seriously, and here are the simple steps I would take if it were my own computer.

Step 1: Don’t balk, but make sure you have antivirus software and anti-malware software running on your machine. Also make sure your software and virus definitions are up to date. I have my personal favorites as far as software goes, but quite frankly, free or paid software both do their job fine. There are many free anti-malware programs out there, so make sure the one you use is not malware itself. For free malware detection, I find SuperAntiSpyware and MalwareBytes to be sufficient.

Step 2: Protect your identity and your browsing habits. This depends on how much “tin hat” you want to go, but I personally use JonDoFox’s version of the Firefox browser. There is a STEEP learning curve to use it (meaning, the add-ons will initially break most of the websites you use, and most websites need to be configured once before you get it the way you like it), but in my opinion it is worth the effort to learn. You can check your current browser security at http://ip-check.info/ (by the way, I do not use JonDo anonymization software because they charge by the actual usage; rather, I opt for the less secure route of encrypting my traffic using a secure VPN provider). On the flip side, for convenience, I also use Comodo Dragon Chrome which is a faster, less secure browser, but I have many add-ons that I’ve installed (e.g., Scriptsafe, AdBlock Plus, etc.), and I keep the software running in the Sandboxie software. That way, if some critter gets past my defenses (e.g., think, “CryptoLocker,” or other ransomware which encrypts your files and charges you hundreds of dollars in bitcoins as ransom to decrypt them), it won’t get access to my hard drive files.

Step 2.1: This belongs to the previous step, but encrypting your traffic is very important. There is a phrase, “I have nothing to hide… from people I trust,” and I stand by that phrase. With the NSA and government snooping, and the ISPs watching your every move, regardless of whether you are doing something wrong or not, it is a smart idea to not give all of your shopping and browsing activities to your ISP and to Uncle Sam. There are also many commercial trackers and social networks who track you for commercial purposes as well — everything I say above applies for them too.

Step 3: Secure e-mail, secure chat… The best way to protect your e-mail is to encrypt it.  Unfortunately, e-mail by its nature is insecure, and even if you encrypt the contents of your e-mail, the METADATA (e.g., your own e-mail address, to whom you are e-mailing, the time and date of your e-mail, along with the geolocation of you IP address you use to connect to the e-mail server, etc.) remains exposed.  The only foolproof way I know to encrypt e-mail is to use Pretty Good Privacy (PGP) software.  The problem is that it is simply inconvenient.  In order to encrypt your e-mail, you need to not only setup and share your own public and private keys, but you need to find and look up the keyrings of those you want to communicate with.  While there are attempts to incorporate encryption into e-mails (e.g., projects such as gnupg), the average person does not encrypt their e-mails, and trying to get everyone to do so is just an exercise in futility.  Plus, we know that the NSA saves encrypted e-mails for the sole purpose of trying to “break” the encryption because “if you use encryption, you are presumed to be using it for a criminal purpose.”  Thus, I am unhappy with the current state of technology with the adoption of encryption for sending e-mails, but for the time being, this is the way it is.

Secure chat is very easy, and there are many convenient ways to encrypt your instant messages.  Whether you are using the Pidgin software with the encryption plug-in, or whether you are using Cryptocat or any of the secure chat softwares readily available for the PCs, iPhones, and Androids, achieving perfect security is very doable.  For me, I do not encrypt my e-mails, and whenever I have a friend or peer who has the capability to encrypt our chat sessions, I have him do so just for the “geeky” fun excitement of it.

Step 4: Keeping your own computer clean and neat. Your Microsoft Windows operating system keeps logs of pretty much everything you do, and it is specifically the failure to clean up after yourself which can give malware the chance to impersonate you. Similarly, by not regularly cleaning up after yourself, should you one day face a lawsuit, a forensics expert can glean an ungodly amount of information about you, your whereabouts on a certain date and time, and your activities (e.g., whether you were surfing the web or writing a text file, and, which text file you were writing at that particular time and date) just by reviewing your logs. Now I personally do not trust my Microsoft Windows operating system not to “spy” on me, and if I had it my way, I’d run a Linux operating system (I have in the past, and I may in the future), but for the time being, be aware that the “privacy” settings in Windows stops NOBODY from snooping on you. I have not figured this one out yet (especially since most of my law firm’s software are Windows-based), but Windows is simply a minefield of privacy leaks and data you don’t want about yourself recorded and logged.

While this is certainly not even close to a solution, I run CCleaner from Piriform regularly to clean up the logs and to keep my computer relatively clean.  I would love to delve into the depths of my operating system and tweak certain settings to shut off the “phone home” leaks in my system — I simply do not have the time, the “tin hat” motivation, or the skill to do so.

Step 5: Lastly (and there are probably a million other steps I could take, but I like to keep things simple). I encrypt my hard drive data 1) in my computer, 2) outside of my computer (e.g., external drives and thumb drives), and 3) in the cloud. There are many ways to do this, most popularly is the “TrueCrypt” software. If you cannot encrypt your drives (I cannot, since my computer is a Windows 8 machine and TrueCrypt has not figured out how to encrypt UEFI systems yet), then create a large container, and set up your programs (e.g., Thunderbird Mail) to store your files in your encrypted container.  Better yet, install the program onto the encrypted drive so that it is not in your C:\Program Files folder.  That way, if your computer is ever stolen or lost, your programs and your data will remain unusable and encrypted. I often take this one step further and have Windows configured (to the extent possible) to use the encrypted drive to store my “Desktop” and my “My Documents” folder. Thus, if I do not unlock the encrypted drive when I first log in, my computer does not work properly, and I get a blank desktop. Along with this, my computers have log-in passwords which I have activated before the operating systems even boot. I have this running because even little me knows which piece of software one can run to bypass the password on Microsoft Windows machines.

In sum, you could take privacy to an extreme. The best privacy is the “trust no one” type of privacy. For some cases (e.g., our cloud storage backup servers are “trust no one,” meaning not even the company who hosts our data has the keys to unencrypt the encrypted data which is stored on their servers), using the best security is feasible and doable. But there are limits and there are sacrifices to your privacy, and it usually comes at the benefit of having more convenience. Truly, the most secure password is one not stored in a text file, or written on a piece of paper, but one that is in someone else’s head (not even your own).  The best security is not using a computer or connecting to the internet at all. Then again, that is not feasible to most of us who live in the internet. However, learning to take steps to protect your privacy (within reason) can only work towards your benefit.

Read Full Post »

This will be a tough article to write, but someone needs to say this.  If you are accused as a John Doe Defendant in a bittorrent lawsuit, your first step needs to be to make your identity online disappear. 

I would use politically correct terminology such as “manage your online presence,” but simply quite frankly, “disappearing” yourself and making your online presence go away is probably the most effective thing that you can do in order to avert the attention of the copyright trolls to other John Doe Defendants.  If they cannot find you online, then they will not know how to pressure you to pay them their extortion settlement amounts.

This is obviously not well known or else we all would do it, but quite frankly, everything you do online is tracked these days.  Marketing companies, commercial websites such as common as Amazon.com, social networking websites such as Facebook, LinkedIn, Twitter, Myspace, Google+, etc. all track you by 1) the information you provide them, and 2) by your activities.  Have you ever wondered why you can log onto so many sites using your Facebook login?  Is this because they are being nice or because they are recording your search habits to create massive portfolios all about YOU.  Even when you are smart and you manage your privacy settings in these sites, they still tell volumes about you and your friends without your permission.  And, even when you lock everything down, there are still companies who create profiles on you based on your credit card transactions, where you register your driver’s license, and where you choose to keep your body (e.g., where your smart phone’s GPS logs the location associated with your cell phone provider’s account).

Quite frankly the lack of privacy we have is staggering, and what little we can do to protect ourselves online we should do.  And, for the inevitable volumes of data that are compiled on each of us without our permission, there are mechanisms in place to remove yourself from their databases.  Since much of this is online, removal in many cases is instant, and it is worth the effort and time to do this (even if you are not accused in a lawsuit).

Just a few days ago, there was a LifeHacker article entitled, “AdjustYourPrivacy Locks Down Your Entire Internet Life from One Page,” where Lifehacker discussed a website — http://www.adjustyourprivacy.com — which has buttons that you can click on to manage your online privacy.  The website has essentially five steps (detailed below), and I suggest that each one of you visit this page and work through the links on the site.

STEP 1: ADJUST THE PRIVACY SETTINGS ON THE SOCIAL NETWORKING WEBSITES YOU ARE ON.

This is a bit complicated, but the amount of information about you that you can prevent from being leaked to the world is staggering.  I am not advocating closing down your Facebook or your LinkedIn accounts, although in my opinion this is the best option, especially for those of you who take pictures and videos of yourselves when you are at a bar after a few drinks.  I am also not advocating making yourself invisible to your friends, but I do think that you should be vigilant to make sure you actually know the people who are your friend, because for all you know, a plaintiff attorney can look at one social network of yours where you have 800 friends and choose a buddy of yours from that account and do a friend request which most people will approve and click “okay” without thinking twice or investigating who is really “friending” them.  This is called social engineering and is outside the scope of this article.

What I AM suggesting here is taking the time to read the privacy options and setting your privacy settings to avoid outside “non-friends” from seeing your posts or your profile.  I would also obviously shut down all applications “apps” linked to your account which often report everything you do to the companies I am discussing in this article.  Take “Angry Birds,” “Farmville,” or any of the online free games as an example.  Did you ever wonder why these game are free and what they report about you?  Did you think they merely show banner ads to you? Or are they also installing cookies and do they stay resident on your machine after you close the game watching and reporting your every move?  I am not being paranoid here, I am merely telling you to be smart.

STEP 2: LOOK YOURSELF UP ON THE SAME WEBSITES THAT YOUR PLAINTIFF COPYRIGHT TROLLS PROBABLY USE.

STEP 3: REMOVE YOURSELF FROM THE COMMERCIAL DATABASES WHICH HAVE BEEN BUILT BASED ON YOUR ACTIVITIES AND YOUR PUBLIC RECORDS.

You’ll notice that to do a full search, many of these services charge a subscription fee which no doubt your plaintiff attorneys pay.   You’ll also notice that there are likely MULTIPLE RECORDS on you based on the many places you have lived in the past.  Don’t just look for your current information and your current e-mail.  Dig a bit.

STEP 4: DO SOME RESEARCH ONLINE ABOUT THE OTHER TOOLS TO SHUT DOWN ACCOUNTS YOU DO NOT USE AND TO PROTECT YOUR PRIVACY.

STEP 5: LEARN TO BROWSE ANONYMOUSLY AND TO PROTECT YOUR INTERNET TRACKS:

Even though everything that I blog about and everything that I post online is not done anonymously, if I was not an attorney helping clients accused in these bittorrent cases, I would certainly be anonymous.

When I surf the web, I do it anonymously.  When I make financial transactions, I always make sure I am using SSL or a secure and encrypted connection.  When I browse my personal e-mail or even check the news, I do it using VPN software and if this is not feasible, I use a custom browser (e.g., JonDoFox) on top of my Firefox browser for complete protection.  I also always have OpenDNSCrypt running (which in my opinion doesn’t do much, but for whatever it is worth, I have it running because I am not paranoid, but I am not giving the ISPs (who also collect information on you) data on me if I don’t have to).  I also encrypt my drives on all my computers and regularly clean traces of my activities on my computer.  That way, if my computer is taken at an airport, or if for some reason I am accused of something (e.g., copyright troll tries to get MY computer to learn about a client), everything is encrypted.  This is simply a responsible and prudent thing to do.  With everything I have written here, in my opinion, it is irresponsible NOT to be vigilant with your private information.

All this being said, there is a lot about me which is still online.  But what you see online, chances are that I LET IT BE ONLINE knowing that many will see it.

STEP 6: IF YOU ARE NAMED IN A LAWSUIT, DO EXACTLY THE OPPOSITE OF WHAT I HAVE DESCRIBED ABOVE AND FLOOD THE INTERNET WITH INFORMATION YOU WANT THE INTERNET TO KNOW ABOUT IT.

This is probably the most important point, and it is counterintuitive.  If you are named in a lawsuit, eventually a site such as RFC Express (http://www.rfcexpress.com) or other legal docket websites will index your name and search engines will post it online making it obvious to employers and peers that you have been implicated in a lawsuit, sometimes for embarrassing content.

While overtly saying this is outside the scope of this article, it is probably a good idea to create as much content as you can (e.g., join social networking sites, and “manage your online presence”) to BURY the lawsuit (e.g., 12 pages in) so that when someone searches for your name on a search engine, the lawsuit will not show up.  That way, your involvement in this lawsuit will not hurt your future chances for employment, or for your business to get contract with customers, etc.  

If you are named in a lawsuit, my opinion is that you should not only TAKE DOWN the information about yourself in STEPS 1-5 that I have outlined above, but you should SET UP SOCIAL NETWORKING ACCOUNTS AS POSSIBLE, FILLING IT WITH CONTENT THAT YOU WOULD LIKE THE WORLD TO KNOW ABOUT YOU.

I cannot say this strong enough.  You need to protect your privacy, and if you are involved in a lawsuit where opposing counsel is a copyright troll, a patent troll, or anyone who will want to use the information online against you to solicit or extort large sums of money from you, it is wise to protect yourself and manage your online profile.  I hope this helps.

Read Full Post »

I am always hesitant to write articles which are not relevant to the reason you are here. Very simply put, you and I are fighting against the production companies (the “copyright trolls”) who hire Intellectual Property (“IP”) Enforcement Companies and “copyright troll attorney” law firms who turn around and hire local counsel (your “Doug McIntyres, Joseph Pereas, and Mike Meiers” of the world) who sue defendants on behalf of their bosses to shake down internet users (regardless of whether they actually did the bittorrent downloads or not) to extort thousands of dollars “or else they will move forward in a copyright litigation lawsuit against that individual John Doe Defendant.” This is *our* fight.

However, there is a bigger fight looming in the courts, and our so-called “piracy” lawsuits are getting influenced by their headwinds — there is a brewing fight between 1) the CONTENT DISTRIBUTORS (e.g., the cable companies, the ISPs, and streaming content providers such as Netflix, Hulu, and now Amazon Prime), and 2) the CONTENT CREATORS (e.g., the television networks and movie, film, and production companies) who produce the films that the ISPs share with you, sometimes for a fee or a premium membership. Where it is impacting us is the strange and recent “out-of-place” rulings in our cases discussing the applicability of the Cable Act to ISPs. It appears that the judges want the ISPs and the CONTENT DISTRIBUTORS to fall under the Cable Act.

This morning, I read an ArsTechnica article written by New York Law School Professor James Grimmelmann entitled “Why Johnny can’t stream: How video copyright went insane,” which skillfully goes through the recent changes in the evolving application of copyright law from the creation of VHS and VCRs to today’s digital age of DVRs and more recently, Cablevision’s own DVR-RS (remote streaming — “DVRs in the cloud”) technology.

The ultimate issue which everyone is tiptoeing over is simply, “can an internet user download, share, stream, view, or save copyrighted content on their computers (or in their computer’s memory) and not be in violation of the copyright laws?” I suspect the answer will eventually be “yes,” but the law has a lot of catching up to do, and a lot of people like you and me will be sued in the process. This sounds scary, but this is the bigger fight we are in the middle of with our bittorent piracy lawsuits.

In the ArsTechnica article, it appears as if there is a circle of corporate parties fighting to capture the dollar of the internet user. The TV networks create and copyright the movies and the videos they produce, and the cable companies, the ISPs, and the online streaming companies pay extensive licensing fees to the TV networks in order to provide that TV show or that movie to their paying subscribers (and the advertisers who subsidize when subscribers view “free” content). The problem is that as a particular show (in my case, Stargate SG-1 which was pulled from Netflix a few weeks ago without explanation) gets popular, more people view and subscribe to the cable companies’ and online streaming companies’ websites to view the film. The problem is that as shows get more popular and the content distributors make more money from their subscriptions and their advertisers, the TV networks and content creators increase the licensing fees they demand from the cable companies and online streaming companies to erase their profits (and quite often to grossly unfair amounts). As a result, the cable companies and online streaming companies simply pull the show from the list of shows they offer their subscribers, and everyone loses. No TV show is being shown, the online content providers lose subscribers who go elsewhere, the advertisers don’t pay their advertising dollars (products that would be shown in the ads do not get sold) and the TV networks lost their licensing fees. Quite frankly, it is my opinion that this is where piracy kicks in, where users share with others shows that they cannot find online through normal streams of commerce without an outright purchase of a particular season at retail prices — in other words, the internet user loses as well.

In my opinion, the ArsTechnica article is more than a history lesson on copyright as its application to the everyday viewer has evolved over the years as the internet and technology has advanced, but it also discusses the absurdity of the “hoops” that cable companies and other start-ups are jumping through in order to be in strict compliance with the draconian copyright laws. Really? 10,000 tiny antennas so that a cable company does not infringe a TV network’s copyright [when ONE ANTENNA would serve exponentially more viewers at a dramatically LOWER COST to both the cable company AND the viewer]? This is where the laws are interfering with technology (think eating wet glue), and I have a problem with this.

As to the applicability of the cable companies (the “cable operators”) and the internet service providers (“ISPs”), I understand that these smaller-case Cable Act rulings in our cases have nothing to do with our problem, but with the fight between the cable companies, the ISPs, and the television networks. Cable companies have clear regulations as to where they fit within the Cable Act and the FCC’s rules. ISPs however are not so clear, and the water gets muddied when one skilled in telecommunications law compares the rules governing an ISP run by a cable company (e.g., Cablevision, or Xfinity run by Comcast, or Roadrunner run by Time Warner Cable, etc.) and the rules governing an ISP which provides their DSL, satellite (e.g., Dish Network), or fiber optic (e.g., Verizon “Fios”) who use means to allow users to view content other than through a coaxial cable. THE RELEVANCE OF THIS WHOLE FIGHT APPEARS TO BE OVER THE EVER-SKYROCKETING LICENSING FEES PAID TO THE TELEVISION NETWORKS, AND THE CABLE COMPANIES AND ISPs WHO ARE TRYING TO FIND WAYS NOT TO PAY THEM.

I understand that this should help you understand the headwinds which are affecting our cases, and while it is not relevant to the outcome of whether Hard Drive Productions, Inc. or West Coast Productions, Inc. sues thousands of internet users, or whether Malibu Media, LLC (a.k.a., “x-art”) has an unfair strategy in hooking internet users who download one torrent file (a bittorrent “siterip”) and are sued for twenty copyrighted films (even though they probably never downloaded them all in their entirety), it is still interesting to know that judges adjudicating the fight between the television networks and the ISPs are using our small lawsuits to plant case law which I suspect in the coming months and years will become relevant in the fight over licensing fees and which content provider has to pay them.

Read Full Post »

For those bittorrent users accused of copyright infringement in Arizona, there is a new rule which you can use in your defense.

Traditionally, in order to properly sue multiple bittorrent users together in one lawsuit, they need only to participate in the “same transaction or occurrence.” In other words, they need to do the same “crime” at the same time. Not so in California, and NOW, not so in Arizona. [For the California citation, see Document 26 in the Hard Drive Productions, Inc. v. Does 1-188 (Case No. 3:11-cv-01566) case in the U.S. District Court for the Northern District of California.]

In bittorrent language, when you connect to a bittorrent swarm and download copyrighted media, all of you participating in that bittorrent swarm would be sued together. This is one of the most recent kinds of lawsuits by the more skilled plaintiff attorneys — instead of Plaintiff v. John Does 1-123 (or however many John Doe Defendants there are lumped together [and separated by the state in which they reside] in this lawsuit), smarter plaintiffs are suing participants of the swarm itself (e.g., Plaintiff v. Swarm of Nov. 3rd, 2011 [and participants thereof]). No longer in in Arizona.

NEW RULE: Now in Arizona, in order to be sued with other John Doe Defendants, you must have either UPLOADED TO or DOWNLOADED FROM each one of the other defendants. If not, the defendants are not properly joined and defendants can be severed and dismissed from the case for improper joinder.

TODAY in the Patrick Collins, Inc. v. John Does 1-54 (Case No. 2:11-cv-01602) case in the U.S. District Court for the District of Arizona, in U.S. District Judge G. Murray Snow’s own words:

Plaintiff alleges that the two remaining Defendants “participat[ed] in the BitTorrent swarm with other infringers” but does not claim that John Doe 6 provided data to the former John Doe 12 or vice versa. (Doc. 26 ¶ 56). …

… Plaintiff alleges no facts that these two particular Defendants shared data with each other, and provides data instead that they were logged on to BitTorrent weeks apart. “The bare fact that a Doe clicked on a command to participate in the BitTorrent Protocol does not mean that they were part of the downloading by unknown hundreds or thousands of individuals across the country or across the world.” Hard Drive Prods., Inc. v. Does 1–188, 11 No. CV-11-01566, 2011 WL 3740473, at *13 (N.D. Cal. Aug. 23, 2011)

(emphasis added).

Personal Note: While this ruling is not immediately relevant if you do not live in Arizona, it is still good news because it indicates that judges are starting to understand how rules (here, the rules of “joinder”) apply in the bittorrent context. No doubt, this order will be recognized and used in other cases in other jurisdictions as being persuasive as to how a judge should understand who can be sued together with whom. Soon it will no longer be permitted for an enterprising plaintiff (e.g., “copyright troll”) to sue tens or hundreds of defendants in one lawsuit, lumping them together by the state in which they live (this lumping-together-by-state was the result of the dismissals last year over personal jurisdiction issues). I look forward to other judges in other states soon to adopt this ruling. It is a well thought-out understanding of the joinder issue.

I have pasted the link to the order below for your enjoyment.

Read Full Post »

Older Posts »