back to article BPI rejects scareletter approach to possible pirates

The tactic of using IP addresses extracted from internet service providers to send scare letters to suspected pirates is not something the British music industry would consider. ACS:Law has made a tidy business from sending out letters to suspected file sharers offering a one-off £500 payment draw a line under further …

COMMENTS

This topic is closed for new posts.
  1. cannon
    FAIL

    what horse s**t.

    [quote]The BPI said it did not condone the approach of mass-mailing alleged internet pirates.

    The BPI said it would not be adopting the same approach as ACS: Law if UK legislation on the issue of illegal file-sharing comes into force. [/quote]

    what absolute tosh, so they didnt litigate across the USA demanding huge fees from people on social security, and a you can trust us not to abuse the law to finish!

    BTW if you didnt know the same companies that run the RIAA run the BPI, Sony BMG, Warner, Universal & EMI.

    quote from here: http://news.bbc.co.uk/1/hi/technology/8483482.stm

  2. Dazed and Confused

    False allogations

    I would have thought that the guy who was accused of sharing porn would be in a good position to sue these scum for slander.

  3. Anonymous Coward
    Anonymous Coward

    But how?

    How do this dodgy bunch 'extract' IP addresses from ISPs? Doesn't data protection come in here somewhere?

    1. Maverick
      Pint

      @ AC 10:27

      try: http://www.google.co.uk/search?hl=en&q=Norwich+Pharmacal+Order+&btnG=Search&meta=&aq=f&oq=

      there you go, mine's a pint

  4. Anonymous Coward
    Anonymous Coward

    Legalised mugging?

    Quite right too.

    We used to have an offence in the UK called 'Demanding Money with Menaces'. I'm not aware it's been taken off the statute books, and the letters mentioned surely qualify as criminal in my view.

    But then I forgot - UK law is only effective for those who have money....

  5. irish donkey
    Stop

    BPI rejects scareletter approach.........

    Well if they didn't accept the cheques then they wouldn't be able to do would they.

    Just another form of Wheel Campers making up the rules as they go along and NOBODY is doing anything to stop them

  6. CraigRoberts
    Thumb Up

    Hmmm...

    Maybe El Reg should send them a letter demanding £500 if they want to avoid further questions/investigation? Helps pay for the Friday lunch time pub "meeting" doesn't it...

    ... Mine's a pint, please! :)

  7. Anonymous Coward
    Megaphone

    Tarred with the same brush

    There are so many stories at the moment about letters sent etc by those representing various 'rights holders' that I had missed somewhere in all the mayhem that the BPI weren't doing it. It's a lot easier - and a safer bet - just to assume that any group who makes loud whiny noises about the the public being thieves probably want the gov guillotining the individuals in question, but is resorting to bullying bits of paper as a stop gap. The BPIs statements in general are so uninteresting in any case that by last orders I'll have doubtless forgotten they're not doing the postal bullying thing.

    After all they all seem to assume we are all criminal bastards to a man/woman, spending every waking hour amassing vast silos of their members 'creative' output. So it seems reasonable that we assume they are in their entirety a bunch of greedy, whiny feckless bastards who are to business models what the Hindenburgs designers were to aviation safety**, and who'd rather reach for a lawyer in the hope of a payout than help an old lady cross the street.

    Just to prove how out of touch they are they name themselves after a device not in general use for a century odd.**

    Sad as it may be for the BPI after the apparently magnanimous gesture, I suspect they'll still be seen as just another finger wagging arm of the labour party, with no one any the wiser that they don't sent letters demanding 500 quid to pensioners.

    ** note for pedants: yes, yes, I know.

    The shouty thing looks a bit like a phonograph too.

  8. Anonymous Coward
    Alert

    A simple solution ...

    ... would be to modify the law so that if a company that writes a letter implying a possible offence is subsequently unable to positively PROVE that the offence HAS been committed, the writer must as compensation for inconvenience pay the recipient at least ten times the amount being claimed.

    Companies should absolutely NOT be writing about "possible" offences, they should be required by law to obtain PROOF of the offence first.

    That includes, most especially, the TV licensing unsolicited nuisance mailing unit, which writes letters willy nilly to people asking them to prove they don't have a TV even if it doesn't have a shred of evidence that they even might have one.

  9. blackworx
    Pint

    78yo Father

    In my experience at BT, when it came to 0898 porno lines where the bill-payer was contesting (usually with some story like "but my husband is an ordained minister and my three teenage sons are as good as gold") 99% of the time it was someone in the immediate household who'd done it, and the rest of the time it was a visitor.

    I'm not saying this is the case here, what with unsecured Wi-Fi and all, but I'd still be willing to bet a month's wages on a high percentage of those complaints to Which? falling into the same category.

    I'm also not saying that ACS:Law's actions are justified. They are still a bunch of c*nts.

    1. Ben Norris

      @blackworx

      The difference is that BT know who they connected the line from and to so are at least quite certain that the call was made. ACS:Law are acting a chain of unproven links and using intimidation tactics because they know they have no evidence to take anyone to court.

      They don't prove that anything was uploaded when they log IPs, they can't prove that the logged IP was genuinely from the right ISP or spoofed, the ISPs records are not reliable enough to tie it to a certain household, when you get to the household there is no record to tie it to a specific PC, there is no way to prove it wasn't a trojan or somebody accessing a wireless AP, and finally there is no way to prove who was using the PC at the time.

      So should we put a stop to their tactics or apply them to other crimes? Maybe next time there is a bank robbery we should just pick some random guy off the street with the same colour shirt and lock him up?

      1. david wilson

        @Ben Norris

        >>"

        a) They don't prove that anything was uploaded when they log IPs

        b) they can't prove that the logged IP was genuinely from the right ISP or spoofed

        c) the ISPs records are not reliable enough to tie it to a certain household

        d) when you get to the household there is no record to tie it to a specific PC

        e) there is no way to prove it wasn't a trojan or somebody accessing a wireless AP

        f) and finally there is no way to prove who was using the PC at the time."

        I thought that at least some of the tracking *was* waiting for people to be sourcing copyright content before logging their IP address? That way, they can get people for making content available, not merely downloading it.

        If that was the case, that deals with a)

        As for b), if I actually connect to a machine via an IP address to download content from them, how can I keep a connection running in both directions if they have a fake address? Unlessthere's something between my machine and the internet which is doing some redirection, packets I send presumably must end up at the actual IP address.

        Surely it's only if the packets I send disappear *and* someone can generate packets with a fake 'from' address' *and* they can anticipate all the packets I'd expect to get back that they could really spoof the address?

        c) Are you sure that no ISP has reliable records of who had what IP address at a certain time?

        Even for people with dynamic adresses, they don't change that often, and there are all kinds of reasons (including legal ones) for keeping the relatively tiny amount of data needed for a year or two of connection records.

        Also, a lot of people have static IP addresses anyway.

        d)+e) you might not be able to tie traffic to a specific PC from outside, but you *could* certainly do that if you had access to the machines, whether enforced, or with the co-operation of a responsible householder.

        as for f), if you knew the filesharing was happening on a machine authorised to be on the network, that'd be a good justification for suspending network access if the customer had already had clear prior warnings that something was going on which they had done nothing about.

        Even though civil damages don't look like the best way of dealing with everyday filesharing, if someone is unable/unwilling to control people they give network access to, then the buck does eventually stop with them, whether it's a loss of connection or even civil damages.

        If someone is actually being *consistently* reckless as to what they allow to happen on the network they control, then they do have some liability.

        Also, even though I'd say again that civil damages don't look like the best way of dealing with filesharing, *especially* if there haven't been any kind of initial warnings to deter the casual filesharer, for all the talk of the need for perfect evidence, Magna Carta, longstanding freedoms, hard-fought-for human rights, etc, people should remember that the burden of proof in civil cases *is* lower than in criminal cases - 'balance of probabilities' vs. 'beyond reasonable doubt'.

        If there *had* been warnings and someone didn't take any action, they might find it quite hard to defend themselves in a subsequent civil action.

        I think that's one of the major problems with letters out of the blue - they seem much more designed to make money than to stop people doing something, which is seriously unfair when there's a chance that the first thing a target ISP customer knows about someone abusing the network connection is a letter arriving.

        In practice, in the first instance, there's a whole range of responsibility, from people not knowing that their network was insecure or that someone they allowed to use their network was doing something wrong through people who suspected or knew what was happening through to people doing it themselves.

        Giving people warnings does give them the chance to sort things out, and also makes 'We honestly didn't know it was happening' much less of a usable response to future letters or actions.

        Still needs some kinds of safeguards, though, so someone who really isn't capable of securing their network can get some cheap/free assistance if they need it. Which also obviously then makes "I didn't know how to/couldn't afford to fix it" less useful a s response to later letters.

        I guess that's the thing about a more reasonable approach - the more reasonable and helpful it is, the better it is for the innocent customer, the easier it makes it for the casual offender to stop gracefully, and also the harder it makes it for the persistent offender to claim ignorance of what was happening, or a technical inability to prevent it happening again.

        Which is ultimately what I guess many of the music industry people want - to stop people taking the piss, while not getting bad PR in the process.

      2. blackworx
        FAIL

        Hello?

        Next time try reading comments in their entirety before jumping to reply.

  10. jon 72
    Pirate

    Hacked WiFi

    It's an ugly little fact about WiFI that a typical Hub employing a WEP encryption will quite happily reveal the access code to the householders (or business) internet connection in under an hour. ( Under controlled test conditions we did actually manage to break a default key in twenty minutes )

    Sadly, the excuse of ' Hackers Did it ' is no defense and according to the law, the buck stops at the householder. This is largely for deterernt value as far as I can tell and the fact that tracking down the actual culprit(s) is niegh on imposible. Bearing in mind a good directional antenna could place the hacker anywhere within 200 meters of your home WiFi router, simply looking out the window for cars with blacked out windows or somebody hiding in the bushes with a laptop is futile.

    Those of you who are a little more tech-savvy and use WPA encryption and MAC address filtering, wipe that stupid grin off your faces.. it jtakes less time to hijack your connection than to break a 'weaker' WEP key.

    Whilst ACS may be complying with the letter of the law, one wonders how eager they would be to pursue hard targets such as other law firms, judges, or a large PLC for instance who happen to have an insecure WiFi network?

    1. Danny 14
      Pint

      20 minutes is quite conservative too

      We had a fool about with a live CD and a prism promiscuous card and grabbed our own WEP in a few minutes (64 bit) and certianly no longer than it took to make a brew (128bit). And that was a live CD too - hardly difficult to come by.

  11. Steve Swann
    Joke

    ...but, but... I'm only REPLYING...

    "So, how do you know he's a file-sharer then?"

    "Well, he weighs the same as a duck....."

  12. Tom 35

    ACS

    "We don't favour the approach taken by ACS:Law to tackling illegal filesharing"

    I'm sure ACS don't give a fig about filesharing, they just found a way to make money without doing any real work.

  13. Anonymous Coward
    Unhappy

    short memories

    You've all got very short memories...

    Has no one noticed how ironic it is that BPI is not advocating the approach taken by ACS Law? They did EXACTLTY the same thing in 2005. They got a 3rd party to grab some IP addresses and time stamps from the sexy P2P networks of the day then got Norwich Pharmacal court orders against the ISPs and wrote letters extorting monies from the ALLEGED infringers.

    It's even reported here http://www.theregister.co.uk/2005/06/08/bpi_legal_campaign/

  14. heyrick Silver badge
    Grenade

    Safety and security

    Regarding whether or not ADSL boxes easily divulge the wireless key... if you have a netbook computer, you can plug directly into a Livebox's ethernet port. The default password is "admin" and I bet a lot of people still use it. The Livebox 1.2 (Livebox Mini) login is "admin" and, astonishingly, this is fixed. You can't change it. You can then go to the settings, look at WiFi. Bing! There it is, cut'n'paste it into a Notepad docment, ^S it, close your netbook, put it back in your backpack. You've just ripped off somebody's WiFi while they went for a pee. Oh, and the Livebox helpfully doesn't even bother recording the time of the last administrative log-in.

    However, on the subject of security, there is a trend that people really ought to consider. Earlier today I took my eeePC while my mother went shopping. I sat in the car and "wardrove", sort of. Oddly, Windows own WiFi scanner did a better job than NetStumbler, albeit lethagically. Go figure!

    Most Liveboxes are locked up, while the majority of Free boxes and pretty much every Neuf box I've seen are open. So I connected to a few. About half of these boxes were just somebody's personal WiFi - when I went to the host IP address (often 192.168.1.1) I got the control panel. And, sadly, the Livebox isn't the only unit blighted with admin/admin as a password. These people should be slapped for making NO attempt to secure their network. On the plus side, if they don't know it's wide open, they probably won't know I was ever there. I don't anticipate a honey-trap, but just in case I didn't do any external accesses. I think it is fair to say that if I can reconfigure the box, I can Google through it...

    Then there's the other demographic. The HotSpot. A feature that seems to be built in to more and more ADSL boxes. Going to 192.168.1.1 redirected me to the hotspot login. Some actually wanted a login (mainly those tied to SFR - you can have an interesting time arguing the ethics of purchasing "time credit" for roaming hotspots when you are piggybacking off somebody's connection... do they get a cut of this?) while others were a big smiley-face aimed-at-a-five-year-old welcome display with an embedded frame giving eighty paragraphs of Ts&Cs at six point text, practically unreadable. Whatever, Google worked.

    So, back up and read that again.

    The first lot was an unauthorised connection to an unsecure WiFi box.

    The second lot was an encouraged "welcome online dude!" connection to a WiFi box happily acting as a public AP with somebody probably unknowingly picking up the tab.

    Only a few cared who I was, and that seemed to only be concerned if I had sufficient paid-for credit to do this on somebody else's box.

    In any case, if I downloaded some illegal stuff, on which IP will it be? In every AP I have seen, you are DHCP'd a local network address (192.168.1.x) and the world-facing IP is that of the AP itself. Pretty much like the subscriber's own use of the box. You tell us apart HOW?

    It is one thing to complain about clueless users failing to adequately secure their WiFi, but what about when the box is providing its own hotspot services? How can YOU monitor what somebody ELSE does without your explicit knowledge? Surely in that case you become an extension of the ISP? Is there any sort of "safe harbour"-like provision for this? MP3s are not terribly big (1-8Mb ish) and with 16 megabits, you can do quite a bit of damage in ten minutes. And ten minutes in a town is a long time when you can be in a car (as I was), in a bar, or if it is a deliberate rip-off, there's no reason you can't get your computer to auto-connect to an open AP and have a download manager run on a schedule, so your little netbook can be safely in your backpack with an ice pack beside it (keep it cool) downloading away with the lid closed. I have done this more or less legitimately. Had a meal in a cafe with free WiFi. Windows Update offered some BIG downloads (of which IE8 was one, and about thirty .Net patches). I told the machine to not go standby when the lid was closed. I closed the lid, put it aside, put the newspaper on top of it, had my meal in peace while it got on with updating.

    It could just as easily have been a few Hollywood Blockbusters pulled off an open AP. Who'd suspect somebody that isn't even looking at a computer screen?

    Doesn't the BT HomeHub have an option to do hotspot services? How about YOUR box?

    Hand-grenade icon because open hotspot services, if giving the world the same IP address as the owner of the box, are yet another spanner in the works of the simplistic-minded view being taken for who is responsible for what.

    PS: EPIC EPIC EPIC F**KING FAIL OF EPIC PROPORTIONS to Orange. If you connect to your orange email, your internet/phone account (download your itemised bills as PDFs!), your answering machine... all this stuff is online. All this stuff uses the identify of your Livebox to authorise you. All this stuff is WIDE OPEN to anybody connected to your machine. I discovered this when at my favourite cafe looking to get my own broadband, so I went to "www.orange.fr" to check on the current prices and promotions. That's how I found out they were using a Livebox as I was redirected to the owner's private personal homepage. While it is a nifty feature in some ways, it is also a security nightmare. The Livebox has a way to assign names and pictures to connected equipment (it remembers the MAC) so it should also have an option to only permit specific "authorised" boxes to access private account details. If nothing else, it will stop kids ("think of the children!" <g>) from signing up for all sort of cool services from their own computer...

This topic is closed for new posts.