Yesterday, convicted identity thief Gregory Kopiloff was reportedly sentenced to 51-months in prison for using LimeWire to download inadvertently shared tax returns, credit reports, bank statements and student financial aid applications that he then used to commit credit-card fraud.

Some sources report Kopiloff as the first case involving inadvertent sharing and identity theft. Actually, it is the first federal prosecution of an ID thief who exploited inadvertent sharing. Back in 2006, Denver District Attorney Mitchell Morrissey indicted an 8-person ring that used LimeWire to download inadvertently shared files, commit identity theft and fraud, and then use its proceeds to buy and sell crystal meth.

For prosecutors, this means that nine identity thieves exploiting inadvertent sharing have gone down and "tens of thousands" remain. This latter point was reinforced in two recent Information Week stories (here and here) that focused on inadvertent sharing of corporate data:

Are peer-to-peer networks really filled with sensitive corporate data just waiting to be plucked and abused? It seems unlikely--surely people wouldn't be that sloppy....

The results were shocking and scary--loads of confidential business documents and enough personal information to ruin any number of lives and create PR nightmares for quite a few companies. Among the business documents were spreadsheets, billing data, health records, RFPs, internal audits, product specs, and meeting notes, all found in a quick expedition....

The Info Week researcher looking for such documents also reportedly found an "information concentrator," someone who appeared to be deliberately collecting other people's inadvertently shared data--bank passwords, credit card numbers, credit reports and tax returns. The researcher realized the irony of what he had discovered: Persons trolling for inadvertently shared documents have the strongest legal and practical reasons not to "share" the data they download. Consequently, Info Week's potential identity thief was almost certainly "sharing" his data stash inadvertently.

If the professional thieves who exploit inadvertent sharing cannot consistently manage to avoid doing it themselves, one can well imagine what happens to the 26% of the 9-to-14-year-olds who reportedly use LimeWire. Indeed, those who would assume that such kids understand even the best-known of the risks that they are incurring should review Torrentfreak's interview with "Hannah," the reported pseudonym of a nine-year-old LimeWire user. Here is a sample:

TF. …"You mentioned you like Sean Kingstone - what if I told you that Sean Kingstone’s boss might send you a letter asking for money because you shared his album on LimeWire? What would you say to him?...."

[Hannah]: "I’d say “tooooo strict!” and anyway he can’t make me do anything. He’s not the boss of me, he’s the boss of Sean Kingstone."

TF. "What do you think might happen if you didn’t pay him?"

[Hannah]: Nothing. I’m too young to be charged by the government so he can’t charge me.

This interview illustrates yet another reason why inadvertent sharing must end. It also illuminates three other important points about Internet copyright enforcement:

First, if Hannah's family has to drain her college fund to settle a potentially ruinous infringement lawsuit, that will happen because distributors of programs like LimeWire chose to ignore the 512(d) safe harbor and to lack any means of disconnecting infringing users and responding to takedown notices. They chose, in other words, to create a conflict between users of their programs and copyright owners that the latter could not resolve through means less punitive than infringement lawsuits. As a result, suing infringing LimeWire users (like "Hannah") was the copyright-enforcement solution proposed by LimeWire LLC in Grokster.

Second, in Grokster, over 8 public-interest organizations, 79 professors of intellectual-property law and a vast array of technology companies and Internet savants argued that that distributors of file-sharing programs should not be liable even if they did intentionally "induce," (i.e., encourage or dupe), 9-year-old-girls into violating federal law. Why not? Well, these amici argued, inter alia, that the adult inducers should go free because copyright owners could just sue the many thousands of children and college students that they induced. Such sue-the-children arguments were made by entities including the distributors of LimeWire, Morpheus and Grokster, CNET, university librarians, some Internet-service providers, and Project Gutenberg, the Internet Archive and four professors from Harvard Law School's Berkman Center for the Study of the Internet and Society. In Grokster, such arguments were also rejected, unanimously, by all nine Justices of the United States Supreme Court.

Third, today, many countries are re-assessing whether and how we can significantly reduce the deliberately-crafted problem of file-sharing piracy without asking copyright holders (or prosecutors) to sue tens of thousands of children, students, and single mothers. For the sake of all concerned, I hope that this debate will feature Internet-community thinking more creative than the sue-the-children/my-customers mantra that animated the defense of the Grokster respondents. Indeed, even LimeWire LLC now argues that there are now better, alternative solutions to the mess that it made--albeit legislated solutions that impose significant costs upon all concerned, except LimeWire LLC.

posted by Thomas Sydnor @ 9:45 AM | Academia , DMCA , Enforcement & Remedies , Free Culture Movement , Internet: P2P, Search Engines... , Privacy and Security , Supreme Court

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (3)

Over at Public Knowledge, Sherwin Siy is lecturing Ranking Member Coble about the relationship between file-sharing and identity theft. Mr. Siy claims that his recent editorial shows that Legislators Just Don’t Get P2P:

“Coble … implicitly equat[es the risk of identity theft] with both copyright infringement and p2p software generally. This is a real mistake, and a real cause for concern if that’s the attitude policymakers take when approaching online copyright infringement.”

Mr. Siy both misstates the content of this editorial and ignores evidence strongly suggesting that risks of identity theft are associated with the piracy-driven business models of some distributors of file-sharing programs. As in Grokster, it is once again Public Knowledge that Just Doesn’t Get P2P.

First, it is not a “mistake” to infer a link between inadvertent sharing of sensitive files and the prevalence of copyright infringement. USPTO has explained why the available evidence strongly suggests that inadvertent sharing of sensitive files may be a side-effect of distributor’s seemingly deliberate efforts to trick program users into inadvertently sharing infringing files. Even more information is available here.

Indeed, it is Mr. Siy’s alternative explanation for persistent inadvertent sharing—“bad software” or “dumb software design”—that is far more difficult to square with the available data. So difficult, in fact, as to suggest an ostrich-like desire to cling to a treasured belief in the face of contrary evidence.

Continue reading Public Nonsense about File-Sharing, Identity Theft and Inadvertent Sharing . . .

posted by Thomas Sydnor @ 2:08 PM | Enforcement & Remedies , Free Culture Movement , Internet: P2P, Search Engines... , Privacy and Security

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

In my last post, I discussed the how CNET, Slashdot and others were wrongly asserting that two federal agencies recently told Congress that piracy-prone file-sharing programs pose no unusual risks to agencies or consumers. In the case of OMB, this missed the real story: OMB itself already requires agencies to take special educational and security measures to manage the risks posed by file-sharing programs.

In the case of the Federal Trade Commission (FTC), the real story is far worse. Here is CNET’s report on the FTC’s testimony to Congress about the risks associated with file-sharing programs: “[A] Federal Trade Commission official told politicians that it has found any risks are largely rooted in how individuals use [file-sharing programs].” But this report tells only half of the story. The headline of a more complete report might have read, “FTC Warns That Distributors of File-Sharing Programs May Have Mislead the FTC and the Public.”

Continue reading File Sharing, CNET and Slashdot: Getting the Story Wrong—Again (Part 2) . . .

posted by Thomas Sydnor @ 11:54 AM | Enforcement & Remedies , Free Culture Movement , Internet: P2P, Search Engines... , Privacy and Security

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

Recently, CNET, Slashdot and the usual suspects have been claiming that the “Bush administration” has vindicated their seemingly religious conviction that so-called “peer-to-peer” file-sharing programs just cannot pose risks distinguishable in kind or degree from other sorts of programs. Once again, they have missed the real story—or stories.

Continue reading File-Sharing, CNET and Slashdot: Getting the Story Wrong—Again (Part 1) . . .

posted by Thomas Sydnor @ 10:00 AM | Free Culture Movement , Internet: P2P, Search Engines... , Legislation and Legislators , Privacy and Security

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

In a letter released today, Chairmax Waxman, Ranking Member Davis, and 18 other members of the House Committee on Oversight and Government Reform called for the FTC to investigate the recurring problem of inadvertent filesharing.

As someone who has personally investigated this problem, I suspect that when the FTC does investigate, it will be justly outraged. In fact, I suspect that the FTC will discover that during its 2004 investigation of this issue, distributors' misrepresentations and material ommissions led the FTC to perpetuate--or even exacerbate--the very threat to consumers that it intended to remediate.

In short, I suspect that we will learn that when researchers and Congress identify particular features in filesharing programs as causes of inadvertent sharing, it is a really bad idea for corporations distributing those programs to concoct a self-regulatory Code of Conduct to prevent inadvertent sharing, violate it routinely by deploying equally (or more) aggressive versions of features previously shown to cause inadvertent sharing, and then represent to the Federal Trade Commission that their adherence to their Code had made inadvertent sharing a mere "urban myth."

The letter to the FTC should also lead state attorneys general to renew their investigations of inadvertent sharing. In 2004, at about the same time as the FTC, the National Association of Attorneys General (NAAG) raised its concerns about inadvertent sharing with distributors of filesharing programs. While I have never been able to review the representations that were made to NAAG, it would not be surprising to discover that they were as problematic as some of those made to the FTC.

posted by Thomas Sydnor @ 2:26 PM | Enforcement & Remedies , Free Culture Movement , Internet: P2P, Search Engines... , Privacy and Security

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

YouTube assures the court in their copyright case that it will be installing the latest filtering technology.

Is this a civil liberties issue? Some time back, Fred VL argued--even assumed--that it was. Looking at the issue closely, though--and the case law--it seems that it

Continue reading YouTube Filter Update--and Civil Liberties . . .

posted by Solveig Singleton @ 10:01 AM | DRM & Watermarks, etc. , Enforcement & Remedies , Liberty and IP , Privacy and Security

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (1)

From time to time concern has erupted over the tendency of P2P filesharing software to "share" user files and directories that the user would not want shared--excel files, for example. Identity thieves were known to be mining shared files for social security numbers. Software distributors have several times denied that this continues to be a problem. Apparently that is not so. A new report from the Copyright Office shows that the problem is very much much a current one, and that filesharing software continues to default to settings that share much much more rather than less, sometimes covering the default with deceptive screen displays. TheHouse Committee on Oversight and Government Reform has taken an interest.

Privacy advocates, so far, have not; buy in too far to "business is bad" ideology (ironically perpetrated by Hollywood) and one ends up not being able to see what is right in front of one's face.

Continue reading Yet more on privacy concerns in the context of IP . . .

posted by Solveig Singleton @ 10:25 AM | Internet: P2P, Search Engines... , Privacy and Security , Software

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (1)

In a lawsuit filed by movie studios against a Net-based service that indexes BitTorrent downloads, the service has been ordered to log users' IP addresses as a part of discovery. EFF and CDT have filed an amicus brief objecting.

The concern with privacy in this case puzzles me. The principle seems to be that copyright is

Continue reading Privacy and Security in Conflict . . .

posted by Solveig Singleton @ 11:29 AM | Enforcement & Remedies , Privacy and Security

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

Last night I listened with great interest to Peter Huber's talk here at Lake Tahoe on the technologies and markets of war. I describe here his analysis, leaving aside the details of the technologies he described. He distinguished the nature and import of the analog world--what might inelegantly be called "meat space"--where terrorists really kill you--from the telecosm, where they most certainly cannot. But nonetheless

Continue reading Peter Huber from Gilder's Telecosm event 2006 . . .

posted by Solveig Singleton @ 11:26 AM | Privacy and Security

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (1)

Microsoft GC Brad Smith spoke yesterday at an Internet Caucus lunch, on Protecting Consumers and the Marketplace: The Need for Federal Privacy Legislation. Text here; video here. Press release here. Money quote:

Microsoft Corp. today announced its support for a comprehensive legislative approach at the federal level on the issue of data privacy. In a speech delivered to the Congressional Internet Caucus, Brad Smith, senior vice president and general counsel for Microsoft, told Caucus members that “the time has come” for a strong national standard for privacy protection that will benefit consumers and set clear guidelines for businesses while still allowing commerce to flourish.

posted by James DeLong @ 4:34 PM | Privacy and Security

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by James DeLong @ 8:59 AM | Privacy and Security

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by James DeLong @ 8:03 AM | Privacy and Security

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)

posted by Solveig Singleton @ 1:37 PM | DRM & Watermarks, etc. , Internet: P2P, Search Engines... , Privacy and Security

Link to this Entry | Printer-Friendly | Email a Comment | Post a Comment (0)