Questioning internet piracy

Written by Alexander Leise-Hansen, MSc Digital Innovation and Management & Junior Researcher in ETHOS Lab.

This blogpost is a ‘lite’ version of Alexander’s recently completed Master’s thesis project titled “To whom it may concern” for which the lab provided technical and theoretical sparring. Feel free to stop by the lab in our opening hours or send us an e-mail at ethos@itu.dk if you are interested in collaborating in a similar way.

I intend to argue that you are not necessarily a pirate because you accessed a feature film beyond the common recognition of the copyright act. Though it may sound like a provocative post sat out to entice online lawlessness, the aim is slightly more noble. If there is one thing, and one central take-away from a DIM-programme focused on STS, it is to challenge the existing frameworks and rhetorically and keep asking: “Could it be otherwise?”

Firstly, I would like to address the overall terminology of this topic. Why is it still called internet piracy to describe an action that is not in line with the copyright act? It seems vastly exaggerated to compare the accused actions to that of rum-thirsty vigilante swashbuckler with a wooden leg and a squeaking parrot. This binary imagery of framing what is right and wrong when it comes to online behaviour is too simplistic. I’m not out to re-frame internet piracy all entirely as a broad term, though, but a certain practice of accusation instead. In Denmark, we have seen how thousands of Danish homes have received personally addressed letters from a law firm called Opus Law (OL) [1] with claims of copyright violation – something that the media too has been concerned with [2]. OL claim to have identified the individual responsible for violating their client’s copyright-protected material and offers a settlement offer. However, this practice entails numerous technical, legal and ethical issues that requires attention. To do so, I have applied fundamental principles from Science and Technology studies, delivering several key findings for further investigations. I will for now mainly focus on the complexity of creating the claims of copyright violation to explore the tacit ambiguities and troublesome interpretation of the law.

Let’s take a leap forward before tracing backwards again.

The white bubble (H), being the letter OL sends, is the only visible element for the letter recipient. However, the letter is an end-product of a long and detailed journey that I have mapped from months of research. Although I would love to extend all of these entities and elaborate more specifically how it came to be, I have delimited myself to discuss only a few. More specifically, I will engage bubbles (B) through (E) – i.e.: how does OL manage the evidence collection of claiming copyright violation?

Simply put: they do so through surveillance (bubble ‘C’), although OL does not do it singlehandedly. A German-based IT forensics company, Excipio Gmbh, is the company responsible for registering the IP-addresses suspected for illegal behaviour[3]. I investigated just one film (Dumb and Dumber 2) and no less than 9964 Danish IP-addresses had over the course of 239 days been registered and logged in a database. While that number may at first sight demonstrate the issues the rights holders are facing with protecting their rights and revenue streams online, it requires a further layer of exploration to reveal what it really shows. I have compiled a list of issues that critically questions the different aspects of what creating a claim of copyright violation entails.

1. Oblique technology. When someone is accused of illegalities, the evidence collection system to base the claim should always be a place for scrutiny. No involved parties, including the Court of Frederiksberg, TDC A/S or The Danish Data Protection Agency has ever questioned the system. Also, Excipio only delivers the name of the software technology used (NARS) without any details to how it actually functions. Other research reveals how similar technologies are far from perfect[4].
2. The 9964 IP-addresses. So, what does it actually take to become registered in Excipio’s database as a violator of the copyright? Well, according to the excel file Excipio delivers, not much. All IP-addresses are unique meaning that once you have been logged, you are left monitored. They do note a “time of crime”, though. This piece of information is useless as one set of temporal data is insufficient to account for violating the copyright act. In a court of law there would be a huge difference whether the accused has been downloading a given film for several hours or for a split second. Simply tagging an IP-address for a split-second’s activity is therefore an extremely imprecise indicator.
3. Individual awareness. Excipio might have registered your IP-address, but were you really aware of what you were doing? In the realms of IT law there is much attention given to usability and behavioural mechanisms rather than the technical circumstances[5] – legally, OL cannot expect the user to know what is happening in the back-end of a given homepage, protocol or internet service. Yet (as OL actually mentions in their letter) if the user was on PopCorn Time it all becomes fuzzy. OL cannot expect that your technical knowhow is beyond that of a common user, and that PopCorn Time technically does not function as a streaming channel. Instead, PopCorn Time is a P2P Bit Torrent Network that illegally shares copyright-protected material, although the front-end (the layout) is almost identical to that of Netflix (and similar online services). Can OL really claim, that you knew exactly what you were doing?
4. You are not your IP-address. Although OL wants to link you to an IP-address, the correlation is not conclusive. Actually, if we explore this sentiment a little further, OL have no way of telling who is “behind” the IP-address. Excipio log a suspected IP-address and OL then takes this information (through an edition request at the Court of Frederiksberg) to get information about the internet connection’s owner of the IP-address. It is important to specify here, that the owner and the individual behind the IP-address might very well be two different people. It is far from inconceivable that an internet connection is shared among several people in a household. Trying to make the owner of the internet responsible for what others may have done is, in legal terms, inappropriate. There are many legal regulations sat out to mitigate accusations of this kind and it is very clearly stated that a providers of internet connection are not responsible for the actions of others[6]. Although contacting the owner might seem like getting close to someone who they suspect of violating the copyright, it is not sufficient in a legal sense.
5. Surveillance approval. Mass surveilling Danish IP-addresses requires an approval from the Danish Data Protection Agency. Antipiratgruppen (the predecessor of today’s Rettighedsalliancen) had this on strict terms during the 00’s[7]. Their task was to identify violations and take legal actions to combat these. The Danish Data Protection Agency has explained how OL does not have a similar (or other kinds of approvals) to conduct this surveillance. However, it becomes blurry, as OL might successfully have circumvented this obstacle by paying a German-based company to do the surveillance thereby relying on German data-protection regulations instead of the Danish. This is a part of a legal discussion whether OL is a data collector or a data treater.
6. A failed methodology. As mentioned earlier, Antipiratgruppen worked intensively for almost a decade to combat internet piracy through lawsuits, hefty fines and extensive nation-wide campaigns. As a matter of fact, they won almost all of their lawsuits. However, to their surprise, only enforcing the law like so alienated the civil society (and politicians) thus sparking an intense resistance. The organisation’s support vanished entirely and today they function dramatically different (and under a different name). Now, no common user would ever be considered a criminal, violator or pirate. A site may be deemed illegal, but never the user. The responsibility is projected onto the masterminds instead and the supported sites.
7. If it works it works! One film retrieved 9964 IP-addresses and possibly afforded the sending of just as many physical letters. Should all pay the minimum amount offered in the settlement (DKK 1500-2500)  OL stand to make DKK 14.946.000,-. That would be the equivalent of 185.000 admissions in the Danish theatres – and that without sharing the revenue stream with anyone else thereby possibly being the (by far) most lucrative source of revenue. OL would only need for 1,2% of the letter recipients to pay the minimum settlement to breakeven on the logistics costs making this practice, despite the dubious legal and technical circumstances, a potential cash cow.
8. …but who receives these letters? From exploring the IP-addresses OL use in their edition request, I have mapped some trends. Together with ETHOS I tracked where the suspected copyright violators lived (based on the IP-address Excipio had) to see if there were any geographical tendencies. Although I (luckily) cannot link the IP-addresses through Google to a specific physical address, I could get to the nearest internet-hub (provided by the internet service provider). It clearly illustrates how practically every region, very evenly distributed, has been registered in Excipio’s logfile.

9. …and who pays the settlement offer? OL has never responded to any of my inquiries, but I am still able to generate some hypotheses based on my research. Firstly, I noted a strong reaction in receiving a claim like this from individuals of lower socio-economic hierarchy. A serious accusation from a lawyer in a personally addressed letter is not something to take lightly. By considering the communicative means through which OL operates, there is a tendency to “convict” the letter recipient instantly (and setting aside a fundamental legal principle about the presumption of innocence). Only by researching yourself are you able to find guides that help to understand how the letter is not a final conviction, but an initial negotiation. However, the discrepancy between perceiving the law as “black and white” and how it “actually” is, performative and rhetorical, is an important distinction to make.

Needless to say, these legal demands are by no means straight-forward. It does however question whether this practice is appropriate for the film (and tv industry) to rely on – and if the copyright act is being truly being favoured according to its original intention. I will end by quoting a recent TV-series on piracy (the real and too fictitious – the paradox of storytelling that I will leave for another blogpost!) and encourage you to part-take in an open discussion.

“When the king brands us pirates, he doesn’t mean to make us adversaries. He doesn’t mean to make us criminals. He means to make us monsters. For that’s the only way his god-fearing, tax-paying subjects can make sense of men who keep what is theirs and fear no one.” (Captain Flint, Episode 1, Black Sails, 2014 (available on HBO Nordic))

 

[1] Among other companies such as Maq’s Law Firm/NJORD.

[2] https://www.information.dk/indland/2015/09/pirateri-paastande-kan-vaere-svaere-bevise-retten

[3] The edition request seeks to convince the court, in this case the Court of Frederiksberg, to force the internet service providers, in this case TDC A/S, to handover information about the individuals behind the IP-addresses.

[4] Although I cannot create a perfect correlation to the two system, it does however stress out how it at least requires scrutiny and some transparency. See more: http://dmca.cs.washington.edu/dmca_hotsec08.pdf

[5] http://www.it-retten.dk/komplet.htm

[6] http://ipkitten.blogspot.dk/2016/03/breaking-ag-spuznar-says-that-provider.html

[7] https://www.datatilsynet.dk/afgoerelser/afgoerelsen/artikel/behandling-af-personoplysninger-i-forbindelse-med-mulige-kraenkelser-af-ophavsrettigheder/