Category Archives: DMCA

80,000$ per song

Posted on by
Reply

That is what Jammie Thomas-Rasset should pay to four major labels for copyright infringement of 24 songs. The total fine is $1,900,000!!!

Jammie Thomas was spotted by Media Sentry in February 2005 for sharing 24 songs through Kazaa. She always claimed to be innocent and refused settlement. This was an appeal. The initial decision was around $9,000 per infringing songs.

Unfortunately, for this trial, her defense collapsed. Her defense was that it was not true because the experts could not spot anything on her hard disk. She always claimed that the songs must have been on the hard drive that she had exchanged at Best Buy. Unfortunately, the exchange occurred after the infringement occurrence. Furthermore, she claimed to not even know what Kazaa was. Unfortunately, while student, she wrote an essay about Kazaa. So long…

The severity of the sentence may be explained by a popular jury who did not liked that she lied to them. The severity may also incite people to go for fast settlements rather than prosecution in accordance with current RIAA’s

Veoh versus Universal Music Group (2)

Posted on by
Reply

Last month, a US court ruled that Veoh could not be sued by Universal Music Group (UMG) under DMCA safe harbor. This month, the same court ruled in favor of Veoh, more precisely in favor of its investors. In the Napster case, the investor Bertelsman was sued for copyright infringement. Thus, UMG attorneys expected to do the same to Veoh’s investors.

The Los Angeles judge, A. Howard Matz, reminded that Veoh was not (yet?) yet guilty. Thus, it was impossible to sue the investors for an infringement that is not qualified. In the case of Napster, Bertelsman continued to support Napster once it was condemned. This is not the case.

Some Venture Capitalists will feel better. In these hard time to find money to invest, this may be a good news for VCs. They may take some calculated risks when investing in the Grey area of copyright.

The story of Veoh versus UMG continues.

Veoh versus Universal Music Group

Posted on by
Reply

The beginning of the 2009 has seen an interesting litigation being closed. Universal Music Group (UMG) was suing the video sharing Veoh for copyright infringement. But Veoh claimed to be protected by the DMCA safe harbor act. The safe harbor act does protect service providers against the illegal doing of its users.

UMG claimed that DMCA safe harbor act does only protect for storing bits, not when manipulating bits. Veoh is transcoding the uploaded content in the exchange format. The court decided otherwise. The main argument was that users “signed” term of contract before uploading content. The terms of contract specified that the user agreed not to upload copyright content.

This court decision sets an interesting legal precedent. Will it have any influence on the current battle Viacom versus YouTube?

Academic research and free speech

Posted on by
Reply

As usual,a company attempted to stop the disclosure of weaknesses at a security conference. This time, Massachusetts Bay Transportation Authority seeked to restrain Zack Anderson, R.J. Ryan and Alessandro Chiesa, students at MIT, to present a paper about the weaknesses of the RFID and magnetic stripes card. The targeted conference was Defcon, one of the great hacking conference. Nothing especially new.

The interesting fact is that the District judge Douglas Woodlock granted such temporary restrain. He backed up his decision with the Computer Fraud and Abuse Act. This law targets hackers who “knowingly causes the transmission of a program, information, code, or command to a computer or computer system.” In other words, according to this judge, presenting a paper disclosing weaknesses is equivalent to using a software to penetrate a system.

Obviously, Electronic Frontier Foundation (EFF) immediately fought back invoking the first amendment about free speech. Once more, we have this legal battle between academic researchers who find a flaw and a company that doe not want this flaw to be disclosed. One of the first example was the Felten versus RIAA case (#CVB-01-2669 (GEB)) about SDMI. The team of Ed Felten broke the watermarks scheme proposed by SDMI in an open challenge. RIAA attempted Ed to restrain to disclose it at Information Hiding 2000. Finally, RIAA withdrew its objection and the paper was presented at ICASP2001.

Once more, this case highlights the same questions and remarks

  • What should be done when discovering a security flaw? Typical ethical procedure is to inform the company abut the flaw, give them sometimes to react and then publish. The problem is often on the definition of the reaction time.
  • What is the right reaction of the company? Often they react badly. In believe it is more beneficial to have been informed by white hats who disclose the weakness than to attacked by black hats who will keep it secret. Once informed, you may at least monitor to find eventual attackers. I prefer a flaw in my product that everybody is aware of (and myself) then one present that I am not aware.
  • Are judges sufficiently prepared to deal with high technological issues? Should there not be a special type of technological judge? They rely on experts, but do they understand what experts are explaining. We have even sometimes difficulty to understand our peer experts!

In any case, it is mandatory that researchers continue to look for weaknesses and disclose them. No security by obscurity.

Are modchips illegal?

Posted on by
Reply

Modchips are components that are added to a game console in order to gain new features, often possibility to play replicated games. Modchips require the opening of the console and soldering of a chip on the board. Of course, the addition of a modchip to a console means the loss of the warranty.

In the US, modchips fall under the realm of DMCA. Often the games are encrypted, and thus fell in the scope of DMCA. But, is it the case in all countries? Last month, it seems that English judge Jacobs ruled in favor of legality. Mr Neil HIGGS was released from the 26 counts. He sells modchips imported from Honk Kong.

Modchips are an important factor in game piracy. There are modchips for most game consoles. It is rather easy to find modchips on the Web, but it requires some skills to solder the chip. Some shops offer this service, and even sell already modchiped consoles. Ironically, one large modchip supplier uses holograms to authenticate its modchips. Other suppliers are selling counterfeited modchips!

RIAA attacks project Playlist

Posted on by
Reply

 RIAA is suing Project PlayList. RIAA claims that “Project Playlist performs and reproduces Plaintiffs’ valuable works (and induces and enables others to do so) without any authorization whatsoever and without paying any compensation whatsoever.”

Project playlist allows users to build playlist and share them through social networks such as mySpace. In fact, project playlist does not store any songs. They offer a search tool that proposes only contents that are found on Internet public sites. Here is the description of their music search engine:

Our internet search engine allows you to locate media files that are freely available on the world wide web. The listings in our search engine are automatically gathered from music blogs, trade-friendly concert archives, artist websites, record label websites and other public sources. In addition to automatic gathering, we accept submissions to our search engine by our users.

Unfortunately, being available on web sites does not mean copyright free. Sources such as blogs are for instance often not extremely regarding about copyright. Thus, when giving access to the hosting site of the link, project playlist displays a banner with legal notices.

Below is the website (http://xxx.xxx/) containing the music file. Some music files located in this site may be subject to copyright. To be safe, don’t download from this site. If you like it, click here to download from iTunes or you can download the ringtone!

The page about copyright notices is extremely interesting to read. Some extracts:

Project Playlist, Inc. aspires to index and organize the music on the Internet in a responsible and efficient manner, and is therefore committed to copyright protection.

The creators and publishers of the songs you hear through project playlist.com or our embedded music player, are being paid a royalty for their work if they are members of ASCAP, BMI or SESAC or any one of over 125 other PSOs that represent songwriters and music publishers around the world. The more a song is included on our users’ playlists, the more royalties the writer and publisher of that song are paid by Project Playlist, Inc.

Our users are also allowed to post URLs of music files that they discover on the Internet. Our Terms of Use Agreement prohibits a user from posting a link to a music file that the user knows is not posted by the artist, record label, a music blogger or other third party for promotional or other legal uses.

Will it be sufficient for RIAA? Wait and see.

DVD Jon launches doubleTwist

Posted on by
Reply

doubleTwistJon Lech JOHANSEN, together with Monique FARANTOS launched doubleTwist, a controversial software and service. Jon is better known as DVD Jon. In 1999, he wrote DeCSS, the software decrypting protected DVDs. DeCSS spread over the Internet despite the efforts of studios to stop it. The source code was even available on printed T-shirts. In 2006, he authored software defeating Apple’s DRM FairPlay. DoubleTwist seems to be a sequel of this early hack.

DoubleTwist allows sharing your contents on all your devices and sharing your contents with your friends on social networks such as FaceBook. Currently, doubleTwist supports a limited number of devices through iTunes synchronization: Nokia phones, Sony Walkmans, Sony PSP and Windows Mobile 6.0 platforms. Nevertheless, traditional USB download is valid. DoubleTwist is only available for Windows. The Mac version is under way.

Does doubleTwist infringe copyright laws? According to Electronic Frontier Foundation (EFF), it does not. To by pass FairPlay, doubleTwist uses the analog hole, i.e. it records content while played by iTunes. Thus, EFF claims that it does not circumvent any protection scheme and thus falls out of the scope of DMCA. Will this argument hold in front of a court?

Nevertheless, doubleTwist limited the duration of the shared video to ten minutes and the duration of shared audio to twenty minutes per file. This policy reminds the limitations of User Generated Content sites.

The launch of doubleTwist on 18th February raised a flurry of news. The personality of DVD Jon is probably one explication of such media interest. Since then, no news. Surprisingly, there is no known public reaction of Apple. Would a negative reaction be coherent with Steve Jobs advocating DRM-free content?