Friday, April 15, 2011

Hey, Hey, RIAA, How Many Folks Did You Threaten Today?

So, this came in my e-mail yesterday:
Subject: [4.14.2011 5884907] Notice of Copyright Infringement
Date: Thu, April 14, 2011 10:06 am
To: (me)

Dear Charter Internet Subscriber:

Charter Communications ("Charter") has been notified by a copyright owner, or its
authorized agent, that your Internet account may have been involved in the exchange
of unauthorized copies of copyrighted material (e.g., music, movies, or software).
We are enclosing a copy of the Digital Millennium Copyright Act (DMCA) notice that
Charter received from the copyright holder which includes the specific allegation.

Under the DMCA, copyright owners have the right to notify Charter’s register agent
if they believe that a Charter customer has infringed on their work(s). When
Charter receives a complaint notice from a copyright owner, Charter will notify the
identifiable customer of the alleged infringement by providing them a copy of the
submitted DMCA notice. As required by law, Charter may determine that the customer
is a repeat copyright infringer and reserves the right to suspend or terminate the
accounts of repeat copyright infringers.

It is possible that this activity has occurred without your permission or knowledge
by an unauthorized user, a minor who may not fully understand the copyright laws, or
even as a result of a computer virus. However, as the named subscriber on the
account, you may be held responsible for any misuse of your account. Please be
aware that using Charter’s service to engage in any form of copyright infringement
is expressly prohibited by Charter's Acceptable Use Policy and that repeat copyright
infringement, or violations of any other Charter policy, may result in the
suspension or termination of your service. You may view Charter's rules and
policies, including Charter’s Acceptable Use Policy, under the policies section of

We ask that you take immediate action to stop the exchange of any infringing
material. For additional information regarding copyright infringement and for a list
of frequently asked questions, please visit

If you have questions about this letter, you may contact us at 1-866-229-7286.
Representatives will be available to take your call Monday through Friday 8am - 8pm,
Saturday and Sunday 8am - 5pm (CST).


Charter Communications Security Resolution Team

--- The following material was provided to us as evidence ---

Hash: SHA1

Charter Communications
Sir or Madam:

I am contacting you on behalf of the Recording Industry Association of A=
merica (RIAA) -- the trade association whose member music companies crea=
te, manufacture, and distribute approximately 85% of all legitimate musi=
c sold in the United States. =20

If you are an Internet Service Provider (ISP), you have received this le=
tter because we have identified a user on your network reproducing or di=
stributing an unauthorized copy of a copyrighted sound recording. This =
letter constitutes notice to you that this user may be liable for infrin=
ging activity occurring on your network.=20

If you are an Internet subscriber (user), you have received this letter =
because your Internet account was used to illegally copy and/or distribu=
te copyrighted music over the Internet through a peer to peer applicatio=
n. =20

Distributing copyrighted works on a peer to peer system is a public acti=
vity visible by other users on that network, including the RIAA. An his=
toric 2005 U.S. Supreme Court decision affirmed that uploading and downl=
oading copyrighted works without the copyright owner's permission is cle=
arly illegal. You may be liable for the illegal activity occurring on y=
our computer.

To avoid legal consequences, a user should immediately delete and disabl=
e access to the unauthorized music on your computer. Learn how at the "=
About Music Copyright Notices" section of That section al=
so contains practical information about:=20

- How you were identified and why illegal downloading is not anonymous
- What next steps to take
- Where to get legal music online

We encourage Internet subscribers to visit the website www.musicunited.o=
rg, which contains valuable information about what is legal and what is =
not when it comes to copying music. It also links to some of the more p=
opular online music services where fans can go to listen to and/or purch=
ase their favorite songs.

We have attached below the details of the illegal file-sharing, includin=
g the time, date, and a sampling of the music shared. We assert that th=
e information in this notice is accurate, based upon the data available =
to us. We have a good faith belief that this activity is not authorized=
by the copyright owner, its agent, or the law. Under penalty of perjur=
y, we submit that the RIAA is authorized to act on behalf of its member =
companies in matters involving the infringement of their sound recording=
s, including enforcing their copyrights and common law rights on the Int=
ernet. This letter does not constitute a waiver of any of our member's =
rights, and all such rights are expressly reserved.

Thank you in advance for your cooperation. If you have any questions, p=
lease visit the "About Music Copyright Notices" section of

Jeremy Landis=20
Recording Industry Association of America
1025 F Street, NW, 10th Floor
Washington, D.C., 20004
Ph: 1-800-838-9775

List of infringing content
- ------------------------------

- ------------------------------
- ------------------------------
Infringing Work : IM NOT A HUMAN BEING
Filename : Lil.Wayne-Im.Not.A.Human.Being.EP-(Retail)-2010-[NoFS]=20
First found (UTC): 2011-04-06T23:04:16.53Z
Last found (UTC): 2011-04-06T23:04:16.53Z
Filesize : 124871909 bytes=20
IP Address: (MY IP ADDRESS AT THE TIME, allegedly)
IP Port: 50665
Network: BitTorrent
Protocol: BitTorrent =20

(I'll spare you the XML that was included here, but it basically had a case ID, status, severity, etc; apparently there's a schema for these).
I can't tell you how much joy it gives me to finally be on the receiving end of one of these actual RIAA notices I've heard so many good things about!

Can you verify the signed section?

It appears it may have been somewhat mangled on Charter's end and does not pass GPG verification (GPG says "authentication failed: no data"). But I don't think this would tell me anything except whether the contents of the enclosure had been altered since it was signed. That might rule out certain types of copy-and-paste fraudulent notices, but it doesn't tell me if it is really from the RIAA. I would include the full text of the message inline above, but parts of it break Blogger, and I'm not expert enough at all the various escaping and armoring schemes to know how to make it work in there. The raw message with my e-mail address removed can be found here. If you have the expertise, can you help me verify the signed section?

Did you download this music?

No. (Unless I have a very weird unknown and undetected virus, I suppose).

Did your son?

No. He has a little something I like to call "taste in music," for which I am proud to take partial responsibility.

But you're one of those computer geeks - surely you must pirate a lot of music?

Yes, I am a computer geek. But I don't pirate music; my iTunes library has almost 10,000 songs, but they are all either ripped from my own CDs, purchased from the iTunes store, or were made available under a license that allows me to copy, such as the Creative Commons license I use for my own work.

Do you have a BitTorrent client on your computer?


Aha! I knew you were a pirate

Not so fast; there is a lot of legal material one can download using the BitTorrent protocol. For example, concert audio by bands that do not object to the free sharing of concert recordings. Public-domain files. Linux distributions...

Did you forget to secure your network?

No, I didn't forget.

Then it must have been you!

No, I deliberately configured my Airport to provide a separate public guest network. I even named it "The Potts House Guest Network" to make this clear.

Why would anyone do that?

To be neighborly. I've often been in the position where I needed to bop onto someone else's wi-fi to borrow a cup of bandwidth. I've tried not to abuse it. For example, when I was configuring my mother's computer. I had to install a huge number of software updates. Have you ever tried to download a full load of updates over a modem, when the next-door neighbor has a wireless network just yards away? I had to stay up all night to get that done for her. What a pain.

I did this in our old apartment building in Ann Arbor. Some of the broke college students that used it occasionally would thank me.

In this case, one of my neighbors is apparently an asshole. But in general, I would not let that dissuade me.

Did someone really download a torrent while parked outside your house or something?

Apparently; I don't think our connection would reach much father than that, since the Airport signal barely reaches from one side of the house to the other. I suppose one of the neighbors across the street might have been able to connect, but they are mostly elderly people, and I don't think they listen to Lil' Wayne.

I don't know for certain, but I have no real reason to disbelieve the notice.

Surely it must be illegal, to make your network open to the public?

I don't believe so; if it was, why would it be a configuration option?

However, in considering my options, I did discover that leaving my network open to anyone violates Charter's terms of service, so I have reluctantly made it password-protected. If you're actually visiting our home, ask me and I'll give you the password.

It is interesting, though; if it is not illegal, but every available ISP in your area bars the practice, then it is effectively illegal, is it not? That seems like the kind of thing that one might be able to successfully challenge in a democracy that values free speech and treats media neutrally. It's a shame we don't have one.

Does the RIAA really have stateful packet monitoring going on right on Charter's servers, or upstream from them?


Doesn't that constitute some kind of entrapment, or at least unreasonable search and seizure?

IANAL (I am not a lawyer), but yes, in my opinion.

Are you liable for some kind of infringement committed on your openly shared internet connection?

Not in my book. Think of it this way: let's suppose I do secure my connections, but my own security is inadequate, or the Airport firmware has an exploitable security flaw. Am I liable because I'm not a whiz at implementing network security? Is Apple liable for anything illegal done with the stolen bandwidth? Bruce Schneier runs an open wireless network, for similar reasons, and that's good enough for me.

So why didn't you just say screw it, and leave it open?

Because if Charter Communications decides to cancel my service, I have no other good options for high-speed internet in this area. If I were using it only for entertainment, I would not care that much. But I'm using the same connection for my wired work network, upon which I run the VPN connection to my office, and I can't endanger that; relying heavily on svn and large file transfers, I really have no good alternative. Can you say "monopoly?"

You weren't actually sued, though?

Technically true. I just changed the title to "threatened." It was not worded as a threat per se, but the implicit threat is there, and I'm not very pleased about that.