[unisog] another round of bogus DMCA notices

Dave Dittrich dittrich at u.washington.edu
Tue Oct 31 19:10:10 GMT 2006

Michael Holstein wrote:
> On the day in question (as well as several before and after) I have no 
> argus records of any successful connections in/out (just a few inbound 
> TIM missses on ports that are open into that net but didn't find the 
> host). I also don't have any traffic on the PIX, except for a bunch of 
> UDP denies (which interestingly, do reflect eDonkey traffic -- the 
> protocol specified in the complaint).
> Since I already know that Mediasentry (et.al) do not ever actually 
> connect to the host to verify it's really presenting a copy of the 
> purported pirate work -- they just scrape the directory -- I assume some 
> clever person (maybe the same folks that seed bad files) is poisoning 
> the directory with bad information.

OK, that's solid. I think your assumption is right on the mark
(someone feeding bogus information.)  In fact, this could
be a case of one company hired by MPAA/RIAA trying to seed
bad data to annoy file sharers, while another company hired by
MPAA/RIAA is being duped because they are unaware of the tactic
being used by the first company.  (In terms of something I call
"the Active Response Continuum", this would be a situation
where one site is taking ill-thought out actions and causing
unintended consequences, and another site is acting on
inadequate information and reacting to a non-threat, again
causing ANOTHER form of unintended consequences.)

I wonder if your state's Attorney General would be
willing to file a court action questioning the validity of the
data from which they initiate the take-down requests.  It seems to
me that Mediasentry, if they are basing their actions on simply
string matches in a p2p directory search, are not performing
adequate checks before causing sites to go looking for alleged
(and in this case, truly non-existent) hosts.  That would at
least get one of these actors to cut it out.

Dave Dittrich                          Information Assurance Researcher,
dittrich at u.washington.edu              The iSchool
http://staff.washington.edu/dittrich   University of Washington

PGP key      http://staff.washington.edu/dittrich/pgpkey.txt
Fingerprint  FE97 0C57 0843 F3EB 49A1  0CD0 8E0C D0BE C838 CCB5

More information about the unisog mailing list