E-mail warnings deter Canadians from illegal file sharing (http://www.cbc.ca/consumer/story/2007/02/14/software-warnings.html?ref=rss)


If you're downloading music, movies, shows, etc from the Internet, you may soon receive a legal warning e-mail. Your IP is tracked when you download and ISP's are co-operating with the Entertainment industry by forwarding the e-mails.

Having worked for Microsoft, my guess is it means the ISP's are one step away from providing more information, citing illegal activity as their reason for wiggling around the privacy issue. As it is they will provide your information if the law requires it.

Its going to catch up with you soon....

Full story through above link.

I have, on occasion, used peer to peer file sharing. I have not used it to download movies, music or games. The only thing I download is TV shows. I do not agree that television shows should be included in the files that are illegal to download. What is Tivo used for? It records shows so you can watch them later. When I was younger, and even now, I often tape a show I want to watch if I don't have time.

Now I also download TV shows that I miss. For example, I am a die hard Criminal Minds fan. It was on after Super Bowl and I knew I wasn't going to be able to watch it, so I taped it. Then I figured it wouldn't be on on Wednesday so I didn't watch it. But it was and it was part 2! So I downloaded it. My husband loves South Park, and hasn't had a chance to watch their new seasons, so he downloaded them.

We both still watch these shows on TV, and like when we download, we don't watch the commercials. I get that if we don't watch the show on TV the show won't get the ratings, but what is the harm in downloading the few episodes that you are unable to watch? That is what I don't get.

I kinda feel the same way about music. When I was younger I used to tape songs off the radio all the time. I am sure that is just as illegal as downloading from the internet, but no one could find me then :rolleyes:. Even though I don't see the harm if you still purchase the music from elsewhere, I don't do it.

I have never received one of these e-mails, and I wonder if I would stop if I did :Dunno:

Its not cost effective for them to concern themselves with every downloader and I highly doubt they'd begrudge you your fave show. I think they're after the ones who make a habit of it and/or go beyond personal use, as far as going to court over it goes anyway. If you tape shows at home, they still get their ratings so that will never be nailed.

Right now the laws aren't refined enough to make it criminal so it has to be private court action - copyright violation. Copyright violation is against the law. As long as that's the case, its the companies that have to foot the bill to persue it in court. Therefore they're picky about who they nail, for now. What they would like to do is make it theft - a criminal offense. Right now you can be nailed as a criminal if you profit from the item but I think that's as far as it goes on the criminal level.

I think with music its different than your radio recording because you control it. You can download the three songs you like from the latest Nickelback album and not buy the album.

There's A LOT of money being lost and that means its worth it for them to spend some money working with ISP's and finding other ways to nail you. Look at how much stores spend to prevent theft as an example, and what they lose is just a drop in the bucket compared to the big bucks at the top entertainment levels.

Until and unless they changed the law the act of downloading is not actually illegal in Canada at all. The only thing they can press charges on is uploading. The distiction is they want the pusher not the junkie. At least with current Canadian laws.

I disagree with how much money is being lost in a big way. The industries like to claim losses on every download but not every download would have translated as a sale. Cant find the link atm but sometime lastweek /. had links to a couple stories on various studies that basically debunked all the lost revenue claims. Basically half the ppl who downloaded something later bought it and the other half never would have paid for it in the first place and just gone without.

There track record for actual lawsuits has been abismal in the PR dept. having sued everyone from 80 year old grandmothers and 3 year olds to a dead guys family. This kinda thing has a tendency to backfire.

Most cases have been droped or settled out of court. Their worst fear is to actually sue someone who knows a few things with a lawer who gets internet cases regularly. One nice demo on how retarded easy it is to spoof IP's and Mac addresses makes reasonable doubt so big you could drive a truck thru it. (
o wait the internet is not a truck....ok tubes with holes.)

You cant put the genie back in the bottle. Sorry but its a lost cause.

The good news for me is I don't allow people to upload from me. I agree with the study you mentioned. The things I download I would do without if they weren't there. Or I would wait for them to be re run on TV.

I also agree that the entertainment industry is not going to be able to effectively regulate the downloading/uploading of files over the internet. Copyright infringement has always and will always occur whether we like it or not.

If the company prohibits it, then they can snag you for downloading, its just not a criminal offense. Its criminal to distribute/profit, hence the uploading thing. The problem is that people are saying its not illegal and that gives people a false sense of security. Copyright infringement has been illegal for eons and that hasn't changed. Its just up to the company to persue it. Canada is very weak in intellectual property laws I agree, but that's not quite the same thing. There are also many clauses in fine print that say the copyright, etc is based in the State where the copyright is held and people are bound by those laws as they may be able to apply them. If nothing else, read the legal documentation of each company so you know just how much risk you're taking.

I don't know how they could go after a dead guy or a three year old - its whomever owns the Internet connection who is responsible for what happens via it. I'm not saying it couldn't happen by some mistaken ID or something, but its certainly not the norm. If a teen is doing it in your house, its you who will be nailed for it, type thing.

As for profits, those are definitly factors to consider but its how they see it that counts. Its like Stupid Store - they practically frisk me everytime I'm in there so I don't go in there anymore. They think they're saving money from theft but all they're doing is losing money from harassing innocent people. They think their thefts are down and that's all they see.

Corporate mentality. :no:

But then again, we are also perfectly capable of justifying what we're doing by saying it doesn't matter and its not illegal. We may not agree with it and it may suck to not be able to do it on the up & up, but the facts remain as they are. I'm certainly no angel in this regard....lol.

Regardless, if they're taking this step and the ISP is co-operating, something's up, so its good to be aware of it. Do with it what you will. :smile:

One nice demo on how retarded easy it is to spoof IP's and Mac addresses makes reasonable doubt so big you could drive a truck thru it. (
o wait the internet is not a truck....ok tubes with holes.)


That's why they are going through the ISP's. You can spoof from the company you're downloading from, but you can't spoof your ISP. In order to make a connection your ISP has to know your IP address. In order for the download to reach your computer, it has to be routed through your actual IP address.

Too many years at Microsoft - it would surprise you what they know. I know it surprised me when I started working there. If there's a court order, your ISP will sing like a canary. Now that they're volunteering to become involved, anything is possible.

Too bad they wouldn't put the same effort into spam :rolleyes:

ips can can be spoofed by routing thru anonymous proxies. relaying thru several especially ones based in countries not friendly to the US makes it so they cant trace the proper originating isp.

If you are using another ISP via wireless or other means, naturally your ISP isn't going to know that because you're not connecting through them. If its being downloaded in any way via your ISP, regardless of which point you connect to another one at, it has to go through them and they see it clear as day, you can't hide from them if you connect through them at any point.

Even when you are hidden, the companies know these tricks too. If they take the company enabling this to court or get a court order, that company will sing just as loudly. You are NEVER anonymous on the Internet. Someone somewhere always knows what you're doing. If you steal someone else's connection you may get away with it, but even then they can trace through your phone, modem, etc if you use that.

Edit: Was that a lingo thing? I should have said you can't fool your ISP, not spoof them. Do you mean spoof an ISP as in have the company think you're connecting through another ISP via another IP?

Although I certainly don't know all of the different laws involved across the country, ISPs will have to be very careful about just what information they give out.

My wife works for one the major Canadian banks, from what I have learned from her, privacy laws in Alberta are very strict and very, very clearly defined.

According to the Canadian and Alberta privacy laws, absolutely no personal information can be shared with any third party for any reason without signed consent from the person in question or an order signed by a judge. Assumed consent doesn't count, as Shaw found out a little while ago. Even improper disposal of client information can lead to criminal charges.

My wife can't even be an employment reference for people leaving the bank !

It's part of the reason any time you have to do (almost) anything with the government, you must contact each level and department of government yourself, they can't share information with each other about you.

Doesn't mean I think sharing copyrighted material is OK, but if Joe ISP decides he's tired of the big scary entertainment lawyers, he could find himself in a whole bunch more trouble than he bargained for !

Agreed. What I'm concerned about is them getting around it with 'illegal activity', but you're right, we couldn't release it at Microsoft without a court order. What really worries me is that people think the ISP doesn't know what they're doing, but its all just a court order away. You can hide from the site you're downloading from, but your ISP knows all. :radar:

From the other perspective, the ISP's could be seen as enabling and facilitating illegal activity if they don't co-operate, so what do you think they'll do the second a law backs it? Even now, they may be able to tell the judge that they don't want to facilitate crime and are therefore reporting offenders. The second those downloads enter their server they can see if its a legal download or not. There are lists of download sites that they watch by default... it would be too easy for them to nail you if they get that information. The entertainment industry wants it. If they convince a judge that Sprint is facilitating illegal activity, the judge orders the data released.

The only thing saving people right now is just cause - they need to find better ways to trace the activity from the point of download, thereby justifying the court order. Its quite a wobbly line though, from the ISP perspective. Rather than nail individuals, why not just take the ISP to court for facilitating it? They'd sure sing to get out of THAT one.

It doesn't matter to me either way, I just worry about people getting the wrong idea about how safe it is. I think we'd be better served to worry about child crime online personally, but as you say, the big lawyers can make a lot of things happen if they want to.

Interestingly, even illegal activity isn't a valid excuse when comes to the privacy laws, my wife isn't even allowed to co operate with the crown prosecutor without a court order (and with cr*p she sees, she would really like to) .
She can't even confirm or deny the existence of an account without the order.

Not that I don't believe a big time law firm, with the right judge, can't or won't find a way around the law.

Does make one wonder about open wireless sites though, a poorly thought out decision by a judge could really open up a huge liability issue. Most hotels, public libraries, etc have open wireless available.

Seems people still don't understand though, anything you do on the Internet can be tracked. You can make yourself difficult to track, but not impossible to find.

Exactly. Even if they're protected by a privacy law today, what they're doing is still recorded for a year down the road if the info is handed over.

Not to mention that greasing the right palm could get the info out. Offer them a year's wages and they don't care if they lose their job. Whats $25,000 to the Entertainment Industry? A week of celebrity lunches?

Be careful out there!

It's surprising how much info is retained on servers around the world.
I recently found posts that myself and some friends had made on comp.sys.cbm many years ago when the Internet was still in its infancy and we were on our Commodore 64s. ( Yes, I was a computer geek way back when and yes, I still have my little C64 )

Even in the days of 300/1200 baud you were not anonymous, and computer technology has advanced a little since then.

Melody, you wouldn't insinuate that a lawyer might resort to underhanded bribery to get information would you ? :rolleyes:

That must have been an interesting find! lol I'm not sure I'd want that haunting.

A lawyer would never do that Blaine. Some dude in an overcoat who looked like one you saw on TV might. :WhoMe:

That must have been an interesting find! lol I'm not sure I'd want that haunting.

A lawyer would never do that Blaine. Some dude in an overcoat who looked like one you saw on TV might. :WhoMe:

It was kind of bizarre, I was trying to remember how do something on the 64 one night, so I did a little Googling and found my own reply to someone asking that same question twentyish years ago !

What was I thinking, of course a lawyer would never do that ! Hey, nice overcoat mister !:laugh:

LOL Who was that masked man? :mask:

I dunno, all he left behind was this pile of silver....

Your missing what I'm saying....

In order for the mpaa/riaa to request anything from your isp they first have to suspect that you specifically infringed on their copywrite. In order to do that they need to prove that you are sharing their materials.

How do they prove this? Well they hire various companies that have sprung up a new industry just working on this. These companies spend all day downloading stuff that claims to be their customers product. They then trace the offending IP to the ISP and say "hey ISP would you be a dear and give up your customer information so we can sue him?"
(* note their are lists available with who these companies are and the IP ranges they own so you can block them from making connections to you)

In the past the answer was almost always, "no"

What has changed is that the ISP are being forced to reveal your identity as the account holder of the offending IP at such and such a date/time.

So now the spoof.

Party A (aka the pirate)
spoofs ip then uploads
"fluffy bunny"
real ip = 65.47.*.*
fake ip = 158.47.*.*

Party B (MPAA/RIAA)
downloads "fluffy bunny"
from ip 158.47.*.*
traces 158.47.*.* to another ISP (not the pirates ISP)
request info on IP such and such date/time
ISP provides info on Party C

Party C
some guy who had the misfortune to have IP at such a such a date/time
maybe the guy who ends up getting sued.

Either way the burden of proof is on the MPAA/RIAA to prove that YOU had this address and that this isnt what happened to you.
It doesnt matter that your ISP knows you had 65.47.*.* as your IP because there not requesting it from your ISP they are requesting from the ISP they traced.
In essence they have the wrong info and while there are ways to catch this it doesn't come cheap and often even the police wont bother with it as the cost and the confusion this creates explaining to jurys tends to make doubt.

In the other example with proxies what happens is you send a encrypted secure connection request via standard ssh or https to a remote proxy wich you then use for ALL trafic on the web. The proxy maybe set to spoof an IP or relay to yet another proxy that will do the same thing.

Tracing this is well not easy. If said proxy is located in o I dont know Venezuela when the American Auth. ask for info they say "no we dont like you" Cause you know their part of the axis of evil and all. Even if you pic a Canadian proxy who gives you up now your ISP only has logs of an encrypted secured connection thru standard ports used for that.
Breaking encryption is very tough and involves hacking in order to do it. Who broke what crime just to get the encrypted logs??? Good luck getting that to hold in a court.

If you know what your doing you can be almost invisible, or alot more trouble than its worth finding.

I know what you mean. What I'm saying is that the ISP knows about illegal downloads. They monitor the sites. They know who downloads from Limewire, etc. They are sending the e-mails to people who have acutally downloaded illegally. That means they're co-operating with the Entertainment industry. My warning is it may just be a signal of what is yet to come. So far they are not releasing the information, they're just being the go-between, but they're co-operating.

Spoofing was on the first Microsoft exam :laugh: , I just meant to say 'fool' when I said 'spoof' in regards to the ISP. Anything you download still has to come to you through your real ISP, rendering it fully traceable. Its a few keystrokes - child's play. It is much easier than the Internet 'underground' promotes.

To give you an example of how slick the 'underground' thinks it is as compared to what can be done, take a look at your next spam e-mail. Even though it shows the spoofed IP, the ACTUAL IP that the mail was sent from is either there, or there's an alert that it wasn't sent from the IP the e-mail says its from. Yet the spammers think they're very clever ;) .

You can't be falsly accused of a download - proof of that is a call to your ISP away, they'll release the info to the account holder no prob. The account holder then has an ID theaft-based case, so now you have several people after you. :wideeyed:

Its a false sense of security. Naturally the ISP's don't publish all that they can do and how they do it, but the 'underground' does. The authorities have internet connections too.

On that note, we do have to refrain from describing how to do something illegal in the forum.

Just for fun, here are some of Sprint's policies. By using their service, you have agreed to these policies. You can imagine just how many ways they could use your contract to wiggle around privacy issues (caps, etc are theirs, not mine):

ILLEGAL OR HARMFUL USE

You may access and use our Website and Network only for lawful purposes. You are responsible for any transmission you send, receive, post, access, or store via our Network, including the content of any communication. Transmitting, distributing, or storing any material that violates any applicable law is prohibited. Additionally, the following non-exhaustive list details the kinds of illegal or harmful conduct that are prohibited:

Infringement: Infringement of intellectual property rights or other proprietary rights including, without limitation, material protected by copyright, trademark, patent, trade secret or other intellectual property right. Infringement may result from the unauthorized copying, distribution and/or posting of pictures, logos, software, articles, musical works, and videos.
Offensive Materials: Disseminating or posting material that is unlawful, libelous, defamatory, obscene, indecent, lewd, harassing, threatening, harmful, invasive of privacy or publicity rights, abusive, inflammatory or otherwise objectionable.
Export Violations: Including, without limitation, violations of the Export Administration Act and the Export Administration Regulations administered by the Department of Commerce.
Fraudulent Conduct: Offering or disseminating fraudulent goods, services, schemes, or promotions (e.g., make-money-fast schemes, chain letters, and pyramid schemes).
Failure to Abide by Third-Party Website Policies: Violating the rules, regulations, or policies that apply to any third-party network, server, computer database, or website that you access.
Harmful Content: Disseminating or posting harmful content including, without limitation, viruses, Trojan horses, worms, time bombs, zombies, cancelbots or any other computer programming routines that may damage, interfere with, secretly intercept or seize any system, program, data or personal information. ...

NETWORK SECURITY AND INTEGRITY

You may not violate the security of our Website or Network in any way. Such violations may result in criminal or civil liability. Sprint Nextel may, but is not obligated to, investigate any violation of our Network. Sprint Nextel may cooperate with law enforcement where criminal or unauthorized activity is suspected. By using Sprint Nextel products services or sending, receiving, posting, accessing, or storing any electronic transmission via our Network, you agree to cooperate, as well, in any such investigation. Examples of Network security violations include, without limitation:

...


Interception: Unauthorized monitoring of data or traffic on any network or system without the express prior authorization of the owner of the system or network. ...

Falsification of Origin or Routing Information: Using, selling, or distributing in conjunction with the Services, any computer program designed to conceal the source or routing information of electronic mail messages in a manner that falsifies an Internet domain, header information, date or time stamp, originating e-mail address, or other identifier. ...
INVESTIGATION AND ENFORCEMENT OF THE POLICY AND AGREEMENT

All users of the Services must adhere to the terms of this Policy and Agreement. We have the right, but are not obligated, to strictly enforce this Policy and Agreement through self-help, active investigation, litigation and prosecution.
We may also access and disclose any information (including transactional information) related to your access and use of our Website or Network for any lawful reason, including but not limited to: (1) responding to emergencies;' (2) complying with the law (e.g., a lawful subpoena); (3) protecting our rights or property and those of our customers; or (4) protecting users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services. INDIRECT OR ATTEMPTED BREACHES OF THIS POLICY AND AGREEMENT, AND ACTUAL OR ATTEMPTED BREACHES BY A THIRD PARTY ON BEHALF OF A COMPANY, CUSTOMER, OR USER, MAY BE CONSIDERED BREACHES OF THIS POLICY AND AGREEMENT BY SUCH COMPANY, CUSTOMER OR USER.

...

~ http://www.sprint.com/legal/agreement.html (http://www.sprint.com/legal/agreement.html)

In other words, if you violate the signed agreement, they have the right to do whatever they want in regards to investigation. Now say they find a download from one of the sites they monitor (and they monitor them all - if you can find it, so can they). Even if it was encrypted, you have signed a contract saying that if they suspect that you're infringing on a copyright, they can investigate. You have authorized them to nail you. That doesn't mean they can release information to a third party, BUT, they still know what you're doing and its on record.

I do agree that they're not going to go after everyone, but we thought that about illegal snails in the US. Then individuals, small time owners, started getting visits to their home by the USDA. If they want to set examples, they'll do it.

Anyways, it wasn't my intent to argue the point, I just don't want to see anyone get bitten on the butt because some underground site said they're hidden and protected when they're not. What anyone does is, of course, up to them.

I reserve the right to say "I told you so" :laugh: .

Sorry Mel your wrong. :err:

I dont get my info from some "underground site". I am a certified network admin with 15 years exp. My wife like you is a web developer. I work for an ISP and she does work supporting web hosting companies. I build servers for kicks. Thats been the big joke in the house about the fish. That I finnaly have something organic for an interest. :laugh:

By creating an encrypted channel to the proxy your basically making a VPN. The proxy makes all future requests for you. This will bypass all the ISP DNS servers and will leave no record with them. The only thing the ISP has is that you made an encryted channel to the proxy. All requests to where u went after that are in the proxy records not the ISP. Kinda like going to your banks site once you sign in they dont see jack about what you did. They know you went to the bank but not if you checked your balance or paid a bill or how much money u got. All the ISP has is that you connected to the proxy and it was encrypted.

If the ISP wishes to get that info they need to break the encryption. Since all information about where you went/did is passed encrypted thru the ISP, they cant log what they cant see and they dont have the encryption key.
Cracking SSL is not easy for the army let alone an ISP
http://www.inet2000.com/public/encryption.htm

The TOS may say the ISP can try and break it but its not a flip of the switch, still gets the lawers in a tizy (many parts of the TOS have yet to be challenged and may not actually hold). They are co-operating sure but not going out of their way.

I'm a Web Developer, Microsoft Tech, Telecommunications Technical Admin, Secondary education in Management studies with a side specialty of E-commerce, among other things, actually:smile: . That aside, I don't think we're on the same page. I understand encryption and all of its nuances. The only way your ISP doesn't know you're downloading is if you skip it entirely. It can be encrypted until the cows come home but if they want to decrypt it, there are specialists out there that can do it. Anything done can be undone. You can bet that the encryption programs are not at the same level terrorists use....lol.

I'm not saying they'll do it tomorrow, I'm saying that if the time comes when they have to hand that over, they will do so. We also may follow the UK's idea and have it be a criminal offense to not hand over that encryption key if you're asked to do so. Anything can happen in the future and when it does, everyone who is downloading illegally today could be nailed. That's all I'm saying.

Regardless, I'm not here to convince anyone that they aren't immortal, I'm just posting a warning. If you choose to believe that you are bulletproof, that's you're perrogative, but you're not.