[unisog] Chronicle of Higher Ed. article on NetPD

Johnson, Greg JohnsonG at missouri.edu
Fri Nov 9 19:19:27 GMT 2001


Paul Neubauer observed:
> At least as important is a way for university (or ISP) admins to verify 
your findings. ...  "At time T on date D, you found IP iii.jjj.kkk.lll
serving 'Foo' by Michael Jackson using Gnutella on port P" is a huge
improvement.  

DMCA Section 512(c)(3)(A) says: 

"To be effective under this subsection, a notification of claimed
infringement must be a written communication provided to the designated
agent of a service provider that includes substantially the following:  ...
(iii) Identification of the material that is claimed to be infringing or to
be the subject of infringing activity and that is to be removed or access to
which is to be disabled, and information reasonably sufficient to permit the
service provider to locate the material."  [and five other requirements]

Greg Johnson suggests:

I, like Paul, want to be an instrument of truth.  However:

   The DMCA does not require ISPs to verify a claim!  

That is not to say we must pull plugs on anyone's say-so.  ISPs are not able
and thus not required to take down a site without "information reasonably
sufficient".   Here are the eight items I require.

Date 
Time
Timezone
IP Address
IP Port Number (1-65535)
Network Protocol (TCP or UDP for now)
Filename 
Application Protocol (Gnutella, Aimster, etc.)

In some cases port & tcp/udp are unnecessary, but NetPD and others who file
complaints can not assume that for all cases.  ISPs want the file name and
application protocol to "locate the material".   We want to verify that a
take down succeeded.  These items should be easy enough to provide.

It would be cool if identifying information is provided in a consistent,
plaintext machine readable form in the note body with case reference IDs, so
we all can automate what could be a voluminous task.  XML comes to mind.  

There are excellent probabilities that a claim might cause take down of the
wrong source.

A claim might be vague, omitting any of the eight above items.  A claim
might contain a typo in an IP address or other simple mistake.  A claim may
be based upon outdated external reference such the Aimster directory,
without actually having examined the data in situ.  Similarly, a claim may
be based on a file name without examining file content.  NetPD asserts that
it has content matching technology, though the ISP community has reason to
believe that claims are based mainly on external reference file names. 

A miscreant might spoof Aimster or broker directories.  The mischief maker
might make it appear that Michael Jackson's greatest hits are all over
198.137.240.92 tcp port 1214.  Such forgery might aim to overwhelm
enforcement efforts.  Or the forgery might aim to hassle an innocent person.
The first indication of such forgery was pollution of Gnutella indexes with
bogus items in order apparently to topple Gnutella or at least irk Gnutella
users.

So anything NetPD and other copyright enforcement agents / bounty hunters
can do to help ISP technicians justify the extra work of verifying a claim
will help all concerned.

What a mess.

My University counsel says that her peers are arguing the legal issues
on-line with conflicting conclusions.  Please consider my suggested standard
information above and items already mentioned so that we can at least
present technology requirements for compliance.  What I'd like to draft,
perhaps then with lawyer help, is a model DMCA claim.

--
        Greg Johnson (573-882-5008)

        MU Computing and Network Security Office <abuse at missouri.edu>
        MU Information and Access Technology Services
        615 Locust Street #001, University of Missouri
        Columbia, MO  65211  USA

        http://iatservices.missouri.edu/security - Policy, Best Practices,
Info



More information about the unisog mailing list