[unisog] bogus (and real) DMCA notices

Dave Dittrich dittrich at u.washington.edu
Fri Nov 10 22:02:07 GMT 2006

Rita Seplowitz Saltz wrote:
> Most of the bogus filings involved
> addresses within our range, but never used.

That was the specific situation I was interested in
when this thread started.  It sounds like you have an
easy time with that, now that you've already invested
in an infrastructure that supports the lookups.

> The scheme they devised makes good sense in general, not just for  
> identifying DMCA-notice "suspects."  The same data are indispensable  
> in identifying compromised systems, misconfigured devices that are  
> disrupting network performance, and in allowing our office's Help  
> Desk folks to contact the responsible person(s).
> I am monumentally grateful that our network folks invested their time  
> in constructing a design, and tools, that allow ready identification  
> of machine and human.

Yes, you are right that there is dual-use for such an infrastructure.
It would be interesting to know, although hard to quantify
I bet, how much money it cost (in total) to implement the
DMCA notification and verification system, including cost per
notice (bogus vs. valid included.)  I hear from some people that
a significant amount of time and energy is put into DMCA
letter processing, which is a cost burden placed on educational
institutions (among others) as a result of the DMCA legislation,
paid for by the public through tax dollars for public institutions,
tuition and donations for private institutions, and fees for
commercial ISPs.  (I may be leaving some category out, but you
get the idea.) If another system can be devised that lowers
the cost for service providers, while having a similar benefit
to copyright holders, the saved costs can be directed towards
incident response (which is my primary goal in all of this

> For me, the truly labor-intensive aspect of DMCA notices often is the  
> aftermath, when a student poses questions.  But that shows the  
> student is ready to learn, so investing time at that point seems very  
> worthwhile.

That is good data to know.  Thank you for all the input.

Dave Dittrich                          Information Assurance Researcher,
dittrich at u.washington.edu              The iSchool
http://staff.washington.edu/dittrich   University of Washington

PGP key      http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint  FE97 0C57 0843 F3EB 49A1  0CD0 8E0C D0BE C838 CCB5

More information about the unisog mailing list