EU data ruling slaps filesharers with red herring
BPI: You don't have to show us any stinkin' personal data
Analysis Internet users in the UK can safely ignore this week's EU Courts of Justice ruling on data protection for filesharing: it's already irrelevant.
On top of that, the judgement covers an ISP belief system that's being rapidly eroded by governments and rights holders behind closed doors.
Neither fact has stopped the judgement being widely misreported (here's the correct story).
Here's a typical example from The Times, the UK's supposed national newspaper of record: "Record labels and film studios cannot demand that telecoms companies reveal the personal details of people suspected of swapping copyrighted material on the internet, the European Court of Justice ruled yesterday."
No, it didn't.
The court ruled that EU law doesn't compel ISPs to reveal customer details in a civil case brought by a rights holder. National courts are in charge as to whether laws are introduced to that end on the ground.
And in the UK, that happened years ago. Most recently the media law firm Davenport Lyons, acting on behalf of videogames developer Codemasters, easily scored the personal details of ISP customers it wanted to accuse of copyright infringement over peer-to-peer networks.
It obtained a High Court order, which forces ISPs to hand over the details in exchange for a small administrative fee. PlusNet customers were among those targeted, and the firm explained its hands are tied under UK law in a posting here.
Davenport Lyons used the details to fire off dozens of demands for hundreds of pounds along with threats of criminal action.
Thus the EU's judges' ruling is an irrelevant footnote in the UK, where civil courts require a low threshold of proof to issue a court order that trumps data protection regulations.
But for rights holders, battling copyright-infringing filesharers by court order is expensive, time-consuming and impractical given the scale of peer-to-peer networks in 2008.
In the UK and France at least, the real frontline in the filesharing war isn't in the data protection field, but in the ongoing negotiations for a voluntary agreement for ISPs to disconnect persisitent illegal filesharers.
A BPI spokesman told us the system it is pushing for would not require any personal data to be handed over by ISPs.
The line makes logical sense. If the ISPs are one half of a voluntary agreement to cut off filesharers, then the personal data is already where it is needed. No need for courts, lawyers or nastygrams*.
The BPI man was cagey on the technical details of how infringers might be identified, saying that negotiations aren't past the stage of agreeing an enforcement procedure. The recording industry wants a three-stage slap: a first warning letter, a short suspension of service, followed by a termination of service. The government backs the push.
On the nuts and bolts, in our view it's most likely that simple witchfinder procedures will be used to target individual filesharers. All an investigator needs to do is join copyright-infringing BitTorrent swarms and log the IP addresses of the peers. The rest is simple database manipulation. For now, nebulous waffling about filtering technologies in the network can be reasonably disregarded for practical purposes.
And ban the 0wned machines?...
Might be wearable if ISP's policed 0wned machines with the same policy. Might save us enough money from spam and malware that a tax to the RIAA/MPAA might be a pittance..
To Follow up (from the 10 points above)
To Make the Bittorrent Network as Secure as it could be in its current form i would suggest that users, trackers, sites and client builders:
1) Use private trackers on invite peer referral invite only password protected sites that have a user base of about 25K so they aren't big enough to pop up on the radar nor small enough for the protocol to be useless.
2) These sites should use SSL for every page to avoid packet scanning by ISP's which is a known route of detection and users could even get paranoid and user TOR for browsing the sites.
3) The Private trackers should be configured to use only I2P anonymous IP configurations and clients should adopt this as standard option in the installation wizard. This will go along way to establishing anonymity of IP addresses.
4) Clients should also have standard, pre selected, transport encryption enabled in the installation wizard as well without fall backs. To avoid deep packet scanning.
5) Ban lists should also be standard, pre selected, options for the installation wizard.
Its not perfect but it will really make the business of sniffing much harder and may even force them to use non legal invasive techniques and risk getting into trouble themselves or alternatively not being able to use the illegally gathered data in court.
Firewalls etc of course a necessity.
I have to say though, its an awful lot of effort to go to download crap. Still i suppose the anti authoritarian community out there could automate all the above without much effort.
Using Tor is pretty dangerous these days - even participating in a Tor network can be bad for your criminal record. I know someone who had his door kicked in by the German police in a dawn raid, simply because he was running a Tor relay, and it was obviously being used for child porn or something else that was just as nasty. The cops didn't care whether the traffic originated with him - they simply traced the IP address to his computer. But that's the problem when you open up your IP address to all and sundry.
How long do you think it will take, before the law starts to see Tor participation in the same light as aiding and abetting criminal activity?