How the RIAA IDs student ‘pirates’: redux
p2pnet news view | RIAA News:- With the news that Vivendi Universal, EMI, Warner Music and Sony BMG’s RIAA has fired long-time sue ‘em all ‘evidence’ gatherer MediaSentry ringing hollowly in the background, an amazing post by the Chronicle of Higher Education’s Catherine Rampell warrants another read.
“To catch college students trading copyrighted songs online, the Recording Industry Association of America uses the same file-sharing software that online pirates love, an RIAA representative told The Chronicle at the organization’s offices during a private demonstration of how it catches alleged music pirates,” she said in her The RIAA Explains How It Catches Alleged Music Pirates May, 2008, post.
“He also said the group does not single out specific colleges in its investigations.”
The demo, “was given by an RIAA employee who would speak only on condition of anonymity because of concern that he would receive hate e-mail,” said Rampell, going on »»»
The official explained that one way the RIAA identifies pirates is by using LimeWire, a popular peer-to-peer file-sharing program that is free online and used by many college students (there is also a more-robust version of the program sold for a small fee).
Here’s how the process works: The RIAA maintains a list of songs whose distribution rights are owned by the RIAA’s member organizations. It has given that list to Media Sentry, a company it hired to search for online pirates. That company runs copies of the LimeWire program and performs searches for those copyrighted song titles, one by one, to see if any are being offered by people whose computers are connected to the LimeWire network. For popular songs, the search can turn up dozens, if not hundreds, of hits. A search on Madonna’s latest release, “4 Minutes,” turned up more than a hundred users trading various copies of the song.
The LimeWire software allows users who right-click on any song entry and choose “browse host” to see all of the songs that a given file sharer is offering to others for download. The software also lists the IP address of active file sharers. (An IP address is a unique number assigned to every computer by Internet-service providers.) While the names of the people associated with particular IP addresses are not public, it is easy to find out which IP addresses are registered to each Internet-service provider. Using public, online databases (such as those at arin.net or samspade.org), Media Sentry locates the name of the Internet-service provider and determines which traders are located at colleges or universities.
Swift Detection
The process mimics how pirates themselves locate files but with a significant difference: speed. Media Sentry has automated the process by using scripting software that types in the songs, grabs the IP addresses, checks them, and forwards the information to the RIAA.
The RIAA’s first step against campus pirates is usually to send a Digital Millennium Copyright Act takedown notice, which asks the college to remove infringing content from its network.
In collecting evidence for those takedown notices, Media Sentry investigators do not usually download suspect music files. Instead, the company uses special software to check the “hash,” a sort of unique digital fingerprint, of each offered file to verify that it is identical to a copyrighted song file in the RIAA’s database. In the rare cases in which the hashes don’t match, the investigators download the song and use a software program sold by Audible Magic to compare the sound waves of the offered audio file against those of the song it may be infringing upon. If the Audible Magic software still doesn’t turn up a match, then a live person will listen to the song.
If there is a match, Media Sentry investigators will then engage in a so-called TCP connection, or an electronic “handshake,” with the computer that is offering the file to verify that the computer is online and is ready to share the song.
Based on that information, the RIAA will send a letter to the college asking for the song to be removed. The letter lists the name of the file and the date and time when Media Sentry investigators saw it available online.
On listservs and in interviews, some university administrators have recently questioned the validity of some of these takedown notices because they say they do not have any record of a download at the named IP address at the specified time. RIAA officials said this is because investigators performed only a “handshake.”
Seeking Settlements
In more serious cases of piracy, the RIAA sometimes decides to send out “prelitigation settlement letters,” which asks alleged infringers to cough up several thousand dollars in lieu of going to court and potentially facing a much more expensive punishment.
Before sending out the prelitigation settlement letters, Media Sentry investigators always download music files believed to be infringing on licensed songs. Live human beings then listen to those songs to verify that the files are infringing. A letter goes out to the college with the date and time when investigators saw that the song was available for sharing.
While the process for generating both takedown notices and settlement letters is largely automated, the RIAA said that before each warning is sent out, a full-time RIAA employee reviews each case to make sure the claim is legitimate and that the alleged pirate is in the United States. Thanks to the speed and ease of the automated process, though, the RIAA is “able to identify hundreds of instances of infringement on a daily basis,” according to RIAA spokeswoman Cara Duckworth. She also acknowledged that the RIAA can tell only when a song is being offered for users to illegally download; investigators have no way of knowing when someone else is actually downloading the song.
The organization does not perform similar automated investigations for file traders on commercial ISP’s (that is, Internet-service providers not operated by universities, such as Comcast). All notices received by commercial Internet-service providers are processed manually.
“The automated takedown notice program we have right now is solely university-focused,” said the anonymous RIAA representative. “We’re trying to make universities aware that they have an issue with peer-to-peer file sharing on their network, and so we don’t send automated notices to commercial ISP’s, I think because they are generally aware that there’s a problem.”
The RIAA said it does not single out particular academic institutions to be “made examples of.
Rempell concludes with an interesting thought from the RIAA tech.
“We have no capability of targeting any school at all,” she has him saying, also arguing it’s a large “misperception” among university administrators that individual colleges are being picked on.
“Technically we can’t do it,” he said.
“We find what we find with this process, and that’s what we send to schools.”
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile - http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
January 6th, 2009 at 12:07 pm
” “We have no capability of targeting any school at all,” she has him saying, also arguing it’s a large “misperception” among university administrators that individual colleges are being picked on.
“Technically we can’t do it,” he said. ”
Can these guys EVER tell the truth ?
‘Technically’ it’s EASY to do that. Easier than going after regular ISP customers.
EVERY university has reserved a ‘block’ of IP addresses.
All of those addresses will be in the same subgroup.
This same method is used by business.
That’s why firewalls like PeerGaurdian can block sequential addresse that all belong to the
same corporate ’spy’ companies.
It doesn’t take much effort to find out what addresse the university holds, and single them out
as targets.
Do you REALLY think its accidental that college students and colleges are getting sued the most ?
It has nothing to do with the lie ‘ so many college students download .. blagh blah ‘ as it does
with Universities are easy to bully and college students have no means to fight back.
It is EXTREMEMLY telling that Harvard has never shown up on the lawsuits. does ANYONE
believe for 1 second that NO Harvard students ever use P2P software for music ?
No , this puff piece is to ease public relations and is complete fiction.
They CAN and DO target COLLEGE STUDENTS because they are less likely or able to fight back.
It is absolutely technologically feasible to do so.
It it EASIER technologically to do than to target the average ISP user.
Fucking liars AGAIN, and the mainstream press onve again gobble it up without any reasearch.
January 6th, 2009 at 12:56 pm
I’m gonna start leaving sharing blank text files with song names
January 6th, 2009 at 2:10 pm
I agree with Dreddnik, completely. It would actually be nigh impossible to NOT target class c IPs, and again hes correct, targeting college students who by all rights probably have money (read parents money), and can be grouped together in ex parte. As if they were all in collusion. ‘Randomly’ wandering the net for offenders would lead to ‘nobody profitable to send the letters to’. The ISPs demand a court order to divulge information, colleges do not, bang, instant target.
They are blatently targeting a demographic thats easy to leverage (use the university against them), have money (if your in college you have money right?), and fear liability (parents/teachers find out about it) or could endanger their entire life (thrown out of college) !!
And if they portent randomness, then again, why has Harvard been avoided? Because they KNOW its sham litigation, FOR A FACT!
Beat down the easiest, most culpable and defenseless examples you can find. College students that probably DON’T even know that they are sharing music folders, or infringing copyright (which is a civil matter, regardless of how many times the MAFIAA claims its a crime) that have money, and threaten to destroy their future!
Slimy money-grubbing bastards, every single one of them.
January 6th, 2009 at 2:11 pm
…..”who would speak only on condition of anonymity because of concern that he would receive hate e-mail,”
now that’s totally untrue !!! give it to me and i’ll proove it
:evil
January 6th, 2009 at 6:06 pm
lol
Who uses Limewire? it would be pretty funny if they downloaded a malware-ridden mp3 at that conference
January 7th, 2009 at 3:36 pm
” Who uses Limewire? it would be pretty funny if they downloaded a malware-ridden mp3 at that conference ”
MP3’s can’t be ‘Malware Ridden’
Their very nature makes that impossible, which is also why
ordinary MP3’s can’t be DRM’d.
Rules of Limewire ..
1. Do not share any folders.
Some won’t allow to DL because of this, but just as many won’t care.
2. Turn off the ability of chatters to browse directories.
3. Turn off the ability to upload.
4. For Music, download ONLY .mp3 extensions. These can’t contain malicious code
or DRM. ANY DRM capable file has code that can be used for malicious purposes,
the worst are .WMA ( windows media ). Don’t DL any .zip .rar .exe etc …. ONLY .mp3
5. for Video, only DL .avi .mpg .mp4, for the same reasons as outlined above.
by their very nature they can’t be DRM, thus can’t be hacked maliciously.
These came rules apply to Kazaa, Shareazaa or any mainstream P2P app.
Rules 4 and 5 apply to Bittorrent sites as well.
Please feel free to correct or add anything I missed.