Thanks to the Infringing File Sharing amendment, or "3-strikes law", evidence collected by copyright holders from today may be used from September 1st to force ISPs to give evidence against their customers, implicating them in infringing copyrights via filesharing.

Unfortunately, that evidence could be entirely fabricated, yet be likely to pass unchallenged through the new system.

In last week's article, I detailed how people could be fined for legally using peer-to-peer software, if copyright enforcement agencies detected them using DHT. I think it would be very unlikely for copyright enforcement agencies to use that method, but it's possible, and if you want to be certain of being safe from that kind of accusation, you'll need to take the advice in that article.

Now that the day has arrived, I've saved the worst news until last: It may not even matter whether or not you use P2P software - just using the internet could be enough to get you fined, thanks to fundamental flaws in the methods used by copyright enforcement agencies.

Investigating P2P copyright enforcement

Wanted poster with a picture of a printer

In 2008 researchers from the University of Washington presented the results of their study which found infringement notices were sent by enforcement agencies representing a wide range of rightsholders for computers that had never participated in illegal filesharing - or even any filesharing! They collected over 400 "infringement" notices, all without downloading or uploading a single file.

Quick summary of the details for geeks: The researchers said that spurious notices from enforcement agencies could be generated in a number of ways:

  1. By easily manipulating BitTorrent client requests to fake the IP address sent to the tracker. The spoofed requests succeeded in fooling agencies into sending infringement notices for IP addresses of innocent machines, even including printers and wireless access points! That's right, agencies sent infringing filesharing notices for devices incapable of filesharing.
  2. By spoofing the tracker response - similar to the previous spoof, but sent from a malicious BitTorrent tracker instead of a client.
  3. By a man-in-the-middle attack on the network - anyone on the network path between the tracker and the monitoring agent could alter the tracker response, as above.
  4. Similar man-in-the-middle attacks can be conducted through the other BitTorrent peer discovery mechanisms, DHT and Peer Exchange. More recent research from March this year, in a study from researchers in China and Singapore, found DHT to be spoofable even without a man-in-the-middle.
  5. By the combination of the tracker timeout and a DHCP timeout, so notices could be sent to someone connecting to a WiFi network and being allocated the IP address of a previous user who was participating in infringing filesharing.
  6. By the use of malware or open access points, which I mentioned in my original post "13 reasons the Infringing File Sharing Act is bad for you".

The Washington University study is proof that any infringement notice relying on either BitTorrent tracker evidence, or BitTorrent peer discovery evidence, is insufficient. Many of the above points are also true of other peer-to-peer systems, but their study concentrated on BitTorrent as it is the most popular.

Note that for all the above methods, the enforcement agency (and even moreso, the rightsholder) may sincerely believe that they are sending the notice to the right person, based on solid evidence.

Implications for New Zealand: an insane and unlawful law

Drawing of a pair of scales, one side labelled "rights holder", the other "account holder", with the "rights holder" side weighing more
This adds more weight to the argument that New Zealand's 3-strikes copyright law is at odds with reality. On the one hand, we have a scientific study showing how commonly used agency evidence is insufficient. On the other hand, we have a law which treats agency evidence as conclusive.

The 3-strikes amendment is not only at odds with reality, it is at odds with the rest of New Zealand law. As intellectual property lawyer Rick Shera said, the Copyright Tribunal is like the Disputes Tribunal, but without the usual principles of natural justice - the accused is guilty until proven innocent. Even if the Copyright Tribunal understands the above study, and thus the flaws in the evidence submitted to them, according to the amendment, at best, the Tribunal can balance the probabilities. To reject the agency evidence, they need to be convinced that it is more likely than not that the evidence is falsified. The accused is going to need some very strong evidence to convince them, and it's most unlikely that they will be able to.

Worst-case scenario

But how reasonable is it, really, that someone could falsify the evidence and get away with it? For the sake of discussion, I'll detail an extreme (but plausible) scenario, explaining the legal process in passing:

A malicious hacker acting on behalf of a monitoring agency could purposefully generate false evidence against an account-holder using one of the above methods. The agency would then independently detect the fake infringement, and send a notice to the account-holder's ISP. If the ISP is especially diligent they could check for some of the spoof methods and reject the notice accordingly, but the law doesn't require them to check and ISPs are already hard-pressed to deal with the notices, possibly losing money for each notice they process. Also some of the methods are not detectable by the ISP, in which case their checks would reveal nothing amiss and they would pass on the notice to the account-holder. The innocent account-holder could then challenge the notice, which the rightsholder can automatically reject without penalty. After the third notice, the accused would have to pay the fine - unless they request a hearing at the Copyright Tribunal within two weeks (the former may be preferable depending on the size of the fine and the hassle of attending the Tribunal, despite their innocence).

Proving innocence is hard

The amendment requires the Copyright Tribunal to accept that the "infringement notice is conclusive evidence", so the account-holder is required to prove the evidence wrong, which is likely to be difficult given that

  1. The rightsholder is likely to be more knowledgeable and experienced than the account-holder, having had the time to research before sending the accusation, and having probably been through the process with other people
  2. The accused is not allowed another person to represent them, with a few exceptions (eg. corporations or disabled people), but in no case can their representative be a lawyer (except with special permission from the Tribunal). Thus, the accused is unlikely to have the legal knowledge necessary to defend themselves, and
  3. The accused is unlikely to have the technical knowledge necessary to defend themselves

1. Copyright law, 2. ???, 3. Profit

Optical disc above two ethernet cables, like a skull-and-crossbones
Thus a rightsholder could make a tidy profit by fining people for filesharing they didn't do (fines can be anywhere from $275 to $15,000 per 3-strikes). With the help of a malicious hacker, they could do this whilst having no trail of evidence leading back to themselves, and plausible deniability because they wouldn't have any way of knowing which infringements were real and which were fake. If they're really clever, they couldn't even ask the hacker, as the hacker could protect themselves by using a computer program to randomly select the account-holder from a large list of confirmed IP addresses, and generate the false evidence without manual intervention, so they would have no knowledge of who they attacked. The hacker could hide their own identity with common tools like proxies and wireless connections.

How could the Copyright Tribunal know if false evidence was being used? They wouldn't, only the account holder would know that they were innocent. How would the Tribunal distinguish between the protests of actual infringers, and innocent users?


Computer network evidence is complex and easily falsified by people who are next-to-impossible to track. Whether or not that's a good thing, it's the reality of the internet, and to ignore that fact is to invite injustice. The creation of a fast-tracking process to do away with the requirement for solid evidence hurts the most uneducated users, whilst users with minor technical knowledge simply use alternative downloading methods or hide their filesharing activity.

It's for good reason we have a legal system with legal representation and presumption of innocence, and this mismatched law bypasses it.

These known evidential vulnerabilities provide a great opportunity for rent-seeking by the entertainment companies, who regularly point to junk statistics to claim they are victims of thievery. In reality they are clinging desperately to a business model that became outdated along with the rise of the internet, trying to maintain profits based on distribution costs that no longer exist.

In the US, the entertainment industry has generated hundreds of millions of dollars through settlements - so far 200,000 users have been sued. They have little incentive to make sure their evidence is correct; and indeed, unless the accused admits to infringing downloading, no-one can verify the evidence. But it's cheaper for the accused to settle than to fight in court.

What if rightsholders use a better detection method?

As the Washington University study says,

The main lesson for enforcement agencies from our work is that new methods of collecting user information are required for identification to be conclusive.

The only other known method for agencies to detect people using BitTorrent is to connect as a peer themselves, allowing them to connect directly to the infringing users. But rightsholders must be careful to be a pure leech - only download their file, not upload. This is supposed to be prevented by the BitTorrent protocol, which is all about everybody being forced to share, but there are loopholes rightsholders regularly exploit, using software such as BitThief. If they don't, they're vulnerable to a legal challenge: How is it reasonable for the rightsholder to claim that the peer was downloading the file without their permission, when they (or their agents) were sharing the file with the peer? They could say they were only sharing a piece of the file, which may be useless by itself - but then that same argument could be used by all "infringers" except those who are seeding.

The other option would be to force ISPs to perform deep packet inspection on all their traffic to identify infringing users. Aside from being very expensive, this has major implications for civil liberties, privacy, network innovation and bandwidth. And it would probably be ineffective in the long run, merely escalating the war between the encrypter/anonymizers and the decrypter/data-miners.


What you can do about this craziness

Since the law was passed, like myself, many others have gotten motivated to be involved with organisations working to repeal the law, educate people on how to protect themselves, and improve dialogue with government so something like this doesn't happen again. The government still hasn't released any guidance for internet users, so what we have written, is it (now with the exception of Woosh Wireless, the only ISP to give information to their customers in time).

InternetNZ's 3strikesNZ resource page has a collection of organisations who are involved in one way or another, and some more information on the problems with copyright law in general.

Minimum that you need to know about the law to comply with it

Beached az
  1. Summary from Tech Liberty
  2. Slightly longer guide from Tech Liberty
  3. Flowcharts of the legal process
  4. How to secure your WiFi so someone else doesn't use your connection for infringing filesharing - note that to be fully secure you should use AES, not TKIP

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.