Tag Archives: lawsuit

Hollywood and Netflix Ask Court to Seize Tickbox Streaming Devices

Post Syndicated from Ernesto original https://torrentfreak.com/hollywood-and-netflix-ask-court-to-seize-tickbox-streaming-devices-171209/

More and more people are starting to use Kodi-powered set-top boxes to stream video content to their TVs.

While Kodi itself is a neutral platform, sellers who ship devices with unauthorized add-ons give it a bad reputation.

According to the Alliance for Creativity and Entertainment (ACE), an anti-piracy partnership between Hollywood studios, Netflix, Amazon, and more than two dozen other companies, Tickbox TV is one of these bad actors.

Earlier this year, ACE filed a lawsuit against the Georgia-based company, which sells set-top boxes that allow users to stream a variety of popular media. The Tickbox devices use the Kodi media player and come with instructions on how to add various add-ons.

According to ACE, these devices are nothing more than pirate tools, allowing buyers to stream copyright infringing content. “TickBox promotes and distributes TickBox TV for infringing use, and that is exactly the result of its use,” they told court this week.

After the complaint was filed in October, Tickbox made some cosmetic changes to the site, removing some allegedly inducing language. The streaming devices are still for sale, however, but not for long if it’s up to the media giants.

This week ACE submitted a request for a preliminary injunction to the court, hoping to stop Tickbox’s sales activities.

“TickBox is intentionally inducing infringement, pure and simple. Plaintiffs respectfully request that the Court enter a preliminary injunction that requires TickBox to halt its flagrantly illegal conduct immediately,” they write in their application.

The companies explain that that since Tickbox is causing irreparable harm, all existing devices should be impounded.

“[A]ll TickBox TV devices in the possession of TickBox and all of its officers, directors, agents, servants, and employees, and all persons in active concert or participation or in privity with any of them are to be impounded and shall be retained by Defendant until further order of the Court,” the proposed order reads.

In addition, Tickbox should push out a software update which remove all infringing add-ons from the devices that were previously sold.

“TickBox shall, via software update, remove from all distributed TickBox TV devices all Kodi ‘Themes,’ ‘Builds,’ ‘Addons,’ or any other software that facilitates the infringing public performances of Plaintiffs’ Copyrighted Works.”

Among others, the list of allegedly infringing add-ons and themes includes Spinz, Lodi Black, Stream on Fire, Wookie, Aqua, CMM, Spanish Quasar, Paradox, Covenant, Elysium, UK Turk, Gurzil, Maverick, and Poseidon.

The filing shows that ACE is serious about its efforts to stop the sale of these type of streaming devices. Tickbox has yet to reply to the original complaint or the injunction request.

While this is the first US lawsuit of its kind, the anti-piracy conglomerate has been rather active in recent weeks. The group has successfully pressured several addon developers to quit and has been involved in enforcement actions around the globe.

A copy of the proposed preliminary injunction is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Movie Company Has No Right to Sue, Accused Pirate Argues

Post Syndicated from Ernesto original https://torrentfreak.com/movie-company-has-no-right-to-sue-accused-pirate-argues-171208/

In recent years, a group of select companies have pressured hundreds of thousands of alleged pirates to pay significant settlement fees, or face legal repercussions.

These so-called “copyright trolling” efforts have also been a common occurrence in the United States for more than half a decade, and still are today.

While copyright holders should be able to take legitimate piracy claims to court, not all cases are as strong as they first appear. Many defendants have brought up flaws, often in relation to the IP-address evidence, but an accused pirate in Oregon takes things up a notch.

Lingfu Zhang, represented by attorney David Madden, has turned the tables on the makers of the film Fathers & Daughters. The man denies having downloaded the movie but also points out that the filmmakers have signed away their online distribution rights.

The issue was brought up in previous months, but the relevant findings were only unsealed this week. They show that the movie company (F&D), through a sales agent, sold the online distribution rights to a third party.

While this is not uncommon in the movie business, it means that they no longer have the right to distribute the movie online, a right Zhang was accused of violating. This is also what his attorney pointed out to the court, asking for a judgment in favor of his client.

“ZHANG denies downloading the movie but Defendant’s current motion for summary judgment challenges a different portion of F&D’s case: Defendant argues that F&D has alienated all of the relevant rights necessary to sue for infringement under the Copyright Act,” Madden writes.

The filmmakers opposed the request and pointed out that they still had some rights. However, this is irrelevant according to the defense, since the distribution rights are not owned by them, but by a company that’s not part of the lawsuit.

“Plaintiff claims, for example, that it still owns the right to exploit the movie on airlines and oceangoing vessels. That may or may not be true – Plaintiff has not submitted any evidence on the question – but ZHANG is not accused of showing the movie on an airplane or a cruise ship.

“He is accused of downloading it over the Internet, which is an infringement that affects only an exclusive right owned by non-party DISTRIBUTOR 2,” Madden adds.

Interestingly, an undated addendum to the licensing agreement, allegedly created after the lawsuit was started, states that the filmmakers would keep their “anti-piracy” rights, as can be seen below.

Anti-Piracy rights?

This doesn’t save the filmmaker, according to the defense. The “licensor” who keeps these anti-piracy and enforcement rights refers to the sales agent, not the filmmaker, Madden writes. In addition, the case is about copyright infringement, and despite the addendum, the filmmakers don’t have the exclusive rights that apply here.

“Plaintiff represented to this Court that it was the ‘proprietor of all copyrights and interests need to bring suit’ […] notwithstanding that it had – years earlier – transferred away all its exclusive rights under Section 106 of the Copyright Act,” the defense lawyer concludes.

“Even viewing all Plaintiff’s agreements in the light most favorable to it, Plaintiff holds nothing more than a bare right to sue, which is not a cognizable right that may be exercised in the courts of this Circuit.”

While the court has yet to decide on the motion, this case could turn into a disaster for the makers of Fathers & Daughters.

If the court agrees that they don’t have the proper rights, defendants in other cases may argue the same. It’s easy to see how their entire trolling scheme would then collapse.

The original memorandum in support of the motion for summary judgment is available here (pdf) and a copy of the reply brief can be found here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Dutch Film Distributor Wins Right To Chase Pirates, Store Data For 5 Years

Post Syndicated from Andy original https://torrentfreak.com/dutch-film-distributor-wins-right-to-chase-pirates-store-data-for-5-years-171208/

For many years, Dutch Internet users were allowed to download copyrighted content without reprisals, provided it was for their own personal use.

In 2014, however, the European Court of Justice ruled that the country’s “piracy levy” to compensate rightsholders was unlawful. Almost immediately, the government announced a downloading ban.

In March 2016, anti-piracy outfit BREIN followed up by obtaining permission from the Dutch Data Protection Authority to track and store the personal data of alleged BitTorrent pirates. This year, movie distributor Dutch FilmWorks (DFW) made a similar application.

The company said that it would be pursuing alleged pirates to deter future infringement but many suspected that securing cash settlements was its main aim. That was confirmed in August.

“[The letter to alleged pirates] will propose a fee. If someone does not agree [to pay], the organization can start a lawsuit,” said DFW CEO Willem Pruijsserts

“In Germany, this costs between €800 and €1,000, although we find this a bit excessive. But of course it has to be a deterrent, so it will be more than a tenner or two,” he added.

But despite the grand plans, nothing would be possible without first obtaining the necessary permission from the Data Protection Authority. This Wednesday, however, that arrived.

“DFW has given sufficient guarantees for the proper and careful processing of personal data. This means that DFW has been given a green light from the Data Protection Authority to collect personal data, such as IP addresses, from people downloading from illegal sources,” the Authority announced.

Noting that it received feedback from four entities during the six-week consultation process following the publication of its draft decision during the summer, the Data Protection Authority said that further investigations were duly carried out. All input was considered before handing down the final decision.

The Authority said it was satisfied that personal data would be handled correctly and that the information collected and stored would be encrypted and hashed to ensure integrity. Furthermore, data will not be retained for longer than is necessary.

“DFW has stated…that data from users with Dutch IP addresses who were involved in the exchange of a title owned by DFW, but in respect of which there is no intention to follow up on that within three months after receipt, will be destroyed,” the decision reads.

For any cases that are active and haven’t been discarded in the initial three-month period, DFW will be allowed to hold alleged pirates’ data for a maximum of five years, a period that matches the time a company has to file a claim under the Dutch Civil Code.

“When DFW does follow up on a file, DFW carries out further research into the identity of the users of the IP addresses. For this, it is necessary to contact the Internet service providers of the subscribers who used the IP addresses found in the BitTorrent network,” the Authority notes.

According to the decision, once DFW has a person’s details it can take any of several actions, starting with a simple warning or moving up to an amicable cash settlement. Failing that, it might choose to file a full-on court case in which the distributor seeks an injunction against the alleged pirate plus compensation and costs.

Only time will tell what strategy DFW will deploy against alleged pirates but since these schemes aren’t cheap to run, it’s likely that simple warning letters will be seriously outnumbered by demands for cash settlement.

While it seems unlikely that the Data Protection Authority will change its mind at this late stage, it’s decision remains open to appeal. Interested parties have just under six weeks to make their voices heard. Failing that, copyright trolling will hit the Netherlands in the weeks and months to come.

The full decision can be found here (Dutch, pdf) via Tweakers

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Resilient TVAddons Plans to Ditch Proactive ‘Piracy’ Screening

Post Syndicated from Ernesto original https://torrentfreak.com/resilient-tvaddons-plans-to-ditch-proactive-piracy-screening-171207/

After years of smooth sailing, this year TVAddons became a poster child for the entertainment industry’s war on illicit streaming devices.

The leading repository for unofficial Kodi addons was sued for copyright infringement in the US by satellite and broadcast provider Dish Network. Around the same time, a similar case was filed by Bell, TVA, Videotron, and Rogers in Canada.

The latter case has done the most damage thus far, as it caused the addon repository to lose its domain names and social media accounts. As a result, the site went dead and while many believed it would never return, it made a blazing comeback after a few weeks.

Since the original TVAddons.ag domain was seized, the site returned on TVaddons.co. And that was not the only difference. A lot of the old add-ons, for which it was unclear if they linked to licensed content, were no longer listed in the repository either.

TVAddons previously relied on the DMCA to shield it from liability but apparently, that wasn’t enough. As a result, they took the drastic decision to check all submitted add-ons carefully.

“Since complying with the law is clearly not enough to prevent frivolous legal action from being taken against you, we have been forced to implement a more drastic code vetting process,” a TVAddons representative told us previously.

Despite the absence of several of the most used add-ons, the repository has managed to regain many of its former users. Over the past month, TVAddons had over 12 million unique users. These all manually installed the new repository on their devices.

“We’re not like one of those pirate sites that are shut down and opens on a new domain the next day, getting users to actually manually install a new repo isn’t an easy feat,” a TVAddons representative informs TorrentFreak.

While it’s still far away from the 40 million unique users it had earlier this year, before the trouble began, it’s still a force to be reckoned with.

Interestingly, the vast majority of all TVAddons traffic comes from the United States. The UK is second at a respectable distance, followed by Canada, Germany, and the Netherlands.

While many former users have returned, the submission policy changes didn’t go unnoticed. The relatively small selection of add-ons is a major drawback for some, but that’s about to change as well, we are informed.

TVAddons plans to return to the old submission model where developers can upload their code more freely. Instead of proactive screening, TVAddons will rely on a standard DMCA takedown policy, relying on copyright holders to flag potentially infringing content.

“We intend on returning to a standard DMCA compliant add-on submission policy shortly, there’s no reason why we should be held to a higher standard than Facebook, Twitter, YouTube or Reddit given the fact that we don’t even host any form of streaming content in the first place.

“Our interim policy isn’t pragmatic, it’s nearly impossible for us to verify the global licensing of all forms of protected content. When you visit a website, there’s no way of verifying licensing beyond trusting them based on reputation.”

The upcoming change doesn’t mean that TVAddons will ignore its legal requirements. If they receive a legitimate takedown notice, proper action will be taken, as always. As such, they would operate in the same fashion as other user-generated sites.

“Right now our interim addon submission policy is akin to North Korea. We always followed the law and will always continue to do so. Anytime we’ve received a legitimate complaint we’ve acted upon it in an expedited manner.

“Facebook, Twitter, Reddit and other online communities would have never existed if they were required to approve the contents of each user’s submissions prior to public posting.”

The change takes place while the two court cases are still pending. TVAddons is determined to keep up this fight. Meanwhile, they are also asking the public to support the project financially.

While some copyright holders, including those who are fighting the service in court, might not like the change, TVAddons believes that this is well within their rights. And with support from groups such as the Electronic Frontier Foundation, they don’t stand alone in this.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Epic Games Settles First Copyright Case Against Fortnite Cheater

Post Syndicated from Ernesto original https://torrentfreak.com/epic-games-settles-first-copyright-case-against-fortnite-cheater-171201/

Frustrated by thousands of cheaters who wreak havoc in Fortnite’s “Battle Royale,” game publisher Epic Games decided to take several of them to court.

One of the defendants is Minnesota resident Charles Vraspir, a.k.a. “Joreallean,”

The game publisher accused him of copyright infringement and breach of contract, by injecting unauthorized computer code in order to cheat.

According to Epic’s allegations, Vraspir was banned at least nine times but registered new accounts to continue his cheating. In addition, he was also suspected of having written code for the cheats.

“Defendant’s cheating, and his inducing and enabling of others to cheat, is ruining the game playing experience of players who do not cheat,” Epic games wrote.

While the complaint included all the elements for an extensive legal battle, both sides chose to resolve the case without much of a fight. Yesterday, they informed the court that a settlement had been reached.

Epic Games’ counsel asked the court to enter the agreement as well as a permanent injunction, which both have agreed on.

The proposed injunction, signed today, forbids Vraspir from carrying out any copyright infringements in the future, to destroy all cheats, and to never cheat again.

Among other things, he is prohibited from “creating, writing, developing, advertising, promoting, and/or distributing anything that infringes Epic’s works now or hereafter protected by any of Epic’s copyrights.”

While there is no mention of a settlement fee or fine, Vraspir will have to pay $5,000 if he breaches the agreement.

From the injunction

Based on the swift settlement, it can be assumed that Epic Games is not aiming to bankrupt the cheaters. Instead, it’s likely that the company wants to set an example and deter others from cheating in the future.

In addition to the settlement, Epic Games also responded to the mother of the 14-year-old cheater who was sued in a separate case. After we first covered the news last week it was quickly picked up by mainstream media, and it hasn’t gone unnoticed by the game publisher either.

The mother accused Epic of taking a minor to court and making his personal info known to the public.

In a response this week, the company notes that it had no idea of the age of the defendant when it filed the complaint. In addition, Epic notes that by handing over his full name and address in the unredacted letter, she exposed her son.

The rules dictate that filings mentioning an individual known to be a minor should use the minor’s initials only, not the full name as the mother did. While the mother may have waived this protection with her letter, Epic says it will stick to the initials going forward.

“Although there is an argument that by submitting the Letter to the Court containing Defendant’s name and address, Defendant’s mother waived this protection […] we plan to include only Defendant’s initials or redact his name entirely in all future filings with the Court, including this letter.”

Given the quick settlement in the Vraspir case, it’s likely that the case against the 14-year-old boy will also be resolved without much additional damage. That is, if both sides can come to an agreement.

A copy of the stipulation and injunction is available here (pdf). The reply to the mother can be found here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Torrent Site Blocking Endangers Freedom of Expression, ISP Warns

Post Syndicated from Ernesto original https://torrentfreak.com/torrent-site-blocking-endangers-freedom-expression-isp-warns-171128/

LinkoManija.net is the most visited BitTorrent site in Lithuania. The private tracker has been around for more than a decade and has made quite a name for itself.

While it’s a ‘closed’ community, that name hardly applies anymore considering that it’s the 32nd most-visited site in Lithuania, beating the likes of Twitter, eBay, and even Pornhub.

Over the past several years, Linkomanija has endured its fair share of copyright-related troubles. This includes a multi-million dollar lawsuit launched by Microsoft, which failed to put the site out of business.

Last week the Lithuanian Copyright Protection Association (LATGA) had more success. The anti-piracy group went to court demanding that local ISPs block access to the site. It won.

The Vilnius Regional Court subsequently issued an order which requires Internet providers including Telia, Bitė, LRTC, Cgates, Init, Balticum TV, to start blocking access to the popular torrent tracker.

“We are glad that our courts follow the precedents set in European Courts and are following their practices,” Jonas Liniauskas, head of LATGA told 15min.

“We really hope that internet providers will not fight the decision and that they have finally decided whether they are ready to fight against pirates who take away their customers, or want to continue to contribute to the illegal exploitation of works on the Internet by providing high-speed Internet access to pirated websites.”

LATGA’s lawyer, Andrius Iškauskas, pointed out that the torrent site was operating as a commercial venture. Between 2013 and 2016 it collected hundreds of thousands of euros through donations from its users.

Internet provider Telia is not happy with the verdict and says it endangers people’s freedom of expression and speech. While the company doesn’t condone piracy, sites such as Linkomanija are also used legitimately by copyright holders to share their work.

Telia pointed out in court that the anti-piracy group represented only 28 copyright holders and listed less than 100 works for which links were posted on Linkomanija.net. Despite these relatively small numbers, ISPs must block access to the entire site.

In response, LATGA’s lawyer pointed out that any rightsholders who legally distribute their content through Linkomania can easily find other suitable alternatives, such as YouTube, Spotify, and many more.

While the verdict is a blow to millions of users, the fight may not be over yet. The ISPs have 30 days to appeal the decision of the Vilnius Regional Court. According to Telia, this is likely to happen.

“We are currently analyzing the solution. It is very likely that it will be submitted to the higher court because the dispute is complex. This case can become case-law and determine when content is blocked on the Internet. This includes the possible restriction of freedom of expression and speech” the ISP notes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Rightscorp: Revenue From Piracy Settlements Down 48% in 2017

Post Syndicated from Andy original https://torrentfreak.com/rightscorp-revenue-from-piracy-settlements-down-48-in-2017-171125/

For the past several years, anti-piracy outfit Rightscorp has been trying to turn piracy into profit. The company monitors BitTorrent networks, captures IP addresses, then attempts to force ISPs to forward cash settlement demands to its subscribers.

Unlike other companies operating in the same area, Rightscorp has adopted a “speeding fine” type model, where it asks for $20 to $30 to make a supposed lawsuit go away, instead of the many hundreds demanded by its rivals. To date, this has resulted in the company closing more than 230,000 cases of infringement.

But despite the high numbers, the company doesn’t seem to be able to make it pay. Rightscorp’s latest set of financial results covering the three months ended September 30, 2017, show how bad things have got on the settlement front.

During the period in question, Rightscorp generated copyright settlement revenues of $45,848, an average of just $15,282 per month. That represents a decrease of 67% when compared to the $139,834 generated during the same period in 2016.

When looking at settlement revenues year to date, Rightscorp generated $184,362 in 2017, a decrease of 48% when compared to $354,160 generated during the same nine-month period in 2016.

But as bleak as these figures are, things get much worse. Out of these top-line revenues, Rightscorp has to deal with a whole bunch of costs before it can put anything into its own pockets. For example, in exchange for the right to pursue pirates, Rightscorp agrees to pay around 50% of everything it generates from settlements back to copyright holders.

So, for the past three months when it collected $45,848 from BitTorrent users, it must pay out $22,924 to copyright holders. Last year, in the same period, it paid them $69,143. For the year to date (nine months ended September 30, 2017), the company paid $92,181 to copyright holders, that’s versus $174,878 for the same period last year.

Whichever way you slice it, Rightscorp settlement model appears to be failing. With revenues from settlements down by almost half thus far this year, one has to question where this is all going, especially with BitTorrent piracy volumes continuing to fall in favor of other less traceable methods such as streaming.

However, Rightscorp does have a trick up its sleeve that is helping to keep the company afloat. As previously reported, the company has amassed a lot of intelligence on pirate activity which clearly has some value to copyright holders.

That data is currently being utilized by both BMG and the RIAA, who are using it as evidence in copyright liability lawsuits filed against ISPs Cox and Grande Communications, where each stand accused of failing to disconnect repeat infringers.

This selling of ‘pirate’ data is listed by Rightscorp in its financial reports as “consulting services” and thus far at least, it’s proving to be a crucial source of income.

“During the three months ended September 30, 2017, we generated revenues of $76,666 from consulting services rendered under service arrangements with prominent trade organizations,” Rightscorp reports.

“Under the agreements, the Company is providing certain data and consultation regarding copyright infringements on such organizations’ respective properties. During the three months ended September 30, 2016, we had no consulting services revenue.”

Year to date, the numbers begin to add up. In the nine months ended September 30, 2017, Rightscorp generated revenues of $224,998 from this facet of their business, that’s versus zero revenue in 2016.

It’s clear that without this “consulting” revenue, Rightscorp would be in an even worse situation than it is today. In fact, it appears that these services, provided to the likes of the RIAA, are now preventing the company from falling into the abyss. All that being said, there’s no guarantee that won’t happen anyway.

To the nine months ended September 30, 2017, Rightscorp recorded a net loss of $1,448,899, which is even more than the $1,380,698 it lost during the same period last year. As a result, the company had just $3,147 left in cash at the end of September. That crisis was eased by issuing 2.5 million shares to an investor for a purchase price just $50,000. But to keep going, Rightscorp will need more money – much more.

“Management believes that the Company will need an additional $250,000 to $500,000 in 2017 to fund operations based on our current operating plans,” it reports, noting that there is “substantial doubt” whether Rightscorp can continue as a going concern.

But despite all the bad news, Rightscorp manages to survive and at least in the short-term, the piracy data it has amassed holds value, beyond basic cash settlement letters. The question is, for how long?

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Supreme Court Will Decide if ISP Can Charge Money to Expose Pirates

Post Syndicated from Ernesto original https://torrentfreak.com/supreme-court-to-decide-if-isp-can-charge-money-to-expose-pirates-171124/

Movie studio Voltage Pictures is no stranger to suing BitTorrent users.

The company has filed numerous lawsuits against alleged pirates in the United States, Europe, Canada and Australia, and is estimated to have made a lot of money doing so.

Voltage and other copyright holders who initiate these cases generally rely on IP addresses as evidence. This information is collected from BitTorrent swarms and linked to an ISP using an IP-database.

With this information in hand, they then ask the courts to direct Internet providers to hand over the personal details of the associated account holders, in order to go after the alleged pirates.

In Canada, this so-called copyright trolling practice hasn’t been without controversy.

Last year Voltage Pictures launched a “reverse class action” to demand damages from an unspecified number of Internet users whom they accuse of sharing films, including The Cobbler, Pay the Ghost, Good Kill, Fathers and Daughters, and American Heist.

The application of a reverse class action in a copyright case was unprecedented in itself. In a single swoop, many of Internet subscribers were at risk of having their personal details exposed. However, Internet provider Rogers was not willing to hand over this information freely.

Instead, Rogers demanded compensation for every IP-address lookup, as is permitted by copyright law. The provider asked for $100 per hour of work, plus taxes, to link the addresses to subscriber accounts.

The Federal Court agreed that the charges were permitted under the Copyright Act. However, when Voltage Pictures appealed the decision, this was reversed. The Appeals Court noted that there’s currently no fixed maximum charge defined by law. As long as this is the case, ISPs can charge no fees at all, the argument was.

In addition, the court stressed that it’s important for copyright holders to be able to protect their rights in the digital era.

“The internet must not become a collection of safe houses from which pirates, with impunity, can pilfer the products of others’ dedication, creativity and industry,” the appeal court Justice David Stratas wrote.

Not happy with the decision, Rogers decided to take the matter to the Supreme Court, which just decided that it will hear the case.

The Supreme Court hasn’t given an explanation for its decision to take the case. For the accused BitTorrent pirates in Canada, it’s certainly one to watch though.

The case will in large part determine how profitable the copyright trolling scheme is in Canada. When ISPs can charge a substantial fee for the IP-address lookups the efforts might not bring in enough money through settlements, making them less likely to continue.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

170 ‘Pirate’ IPTV Vendors Throw in the Towel Facing Legal Pressure

Post Syndicated from Ernesto original https://torrentfreak.com/170-pirate-iptv-vendors-throw-the-in-the-towel-facing-legal-pressure-171121/

Pirate streaming boxes are all the rage this year. Not just among the dozens of millions of users, they are on top of the anti-piracy agenda as well.

Dubbed Piracy 3.0 by the MPAA, copyright holders are trying their best to curb this worrisome trend. In the Netherlands local anti-piracy group BREIN is leading the charge.

Backed by the major film studios, the organization booked a significant victory earlier this year against Filmspeler. In this case, the European Court of Justice ruled that selling or using devices pre-configured to obtain copyright-infringing content is illegal.

Paired with the earlier GS Media ruling, which held that companies with a for-profit motive can’t knowingly link to copyright-infringing material, this provides a powerful enforcement tool.

With these decisions in hand, BREIN previously pressured hundreds of streaming box vendors to halt sales of hardware with pirate addons, but it didn’t stop there. This week the group also highlighted its successes against vendors of unauthorized IPTV services.

“BREIN has already stopped 170 illegal providers of illegal media players and/or IPTV subscriptions. Even providers that only offer illegal IPTV subscriptions are being dealt with,” BREIN reports.

In addition to shutting down the trade in IPTV services, the anti-piracy group also removed 375 advertisements for such services from various marketplaces.

“This is illegal commerce. If you wait until you are warned, you are too late,” BREIN director Tim Kuik says.

“You can be held personally liable. You can also be charged and criminally prosecuted. Willingly committing commercial copyright infringement can lead to a 82,000 euro fine and 4 years imprisonment,” he adds.

While most pirate IPTV vendors threw in the towel voluntarily, some received an extra incentive. Twenty signed a settlement with BREIN for varying amounts, up to tens of thousands of euros. They all face further penalties if they continue to sell pirate subscriptions.

In some cases, the courts were involved. This includes the recent lawsuit against MovieStreamer, that was ordered to stop its IPTV hyperlinking activities immediately. Failure to do so will result in a 5,000 euro per day fine. In addition, the vendor was also ordered to pay legal costs of 17,527 euros.

While BREIN has booked plenty of successes already, as exampled here, the pirate streaming box problem is far from solved. The anti-piracy group currently has one case pending in court, but more are likely to follow in the near future.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Kodi-Addon Developer Launches Fundraiser to Fight “Copyright Bullies”

Post Syndicated from Ernesto original https://torrentfreak.com/kodi-addon-developer-launches-fundraiser-to-fight-copyright-bullies-171120/

Earlier this year, American satellite and broadcast provider Dish Network targeted two well-known players in the third-party Kodi add-on ecosystem.

In a complaint filed in a federal court in Texas, add-on ZemTV and the TVAddons library were accused of copyright infringement. As a result, both are facing up to $150,000 for each offense.

While the case was filed in Texas, neither of the defendants live there, or even in the United States. The owner and operator of TVAddons is Adam Lackman, who resides in Montreal, Canada. ZemTV’s developer Shahjahan Durrani is even further away in London, UK.

Over the past few months, Lackman has spoken out in public on several occasions, but little was known about the man behind ZemTV. Today, however, he also decided to open up, asking for support in his legal battle against the Dish Network.

Shahjahan Durrani, Shani for short, doesn’t hide the fact that he was the driving force behind the Kodi-addons ZemTV, LiveStreamsPro, and F4MProxy. While the developer has never set foot in Texas, he is willing to defend himself. Problem is, he lacks the funds to do so.

“I’ve never been to Texas in my life, I’m from London, England,” Shani explains. “Somehow a normal chap like me is expected to defend himself against a billion dollar media giant. I don’t have the money to fight this on my own, and hope my friends will help support my fight against the expansion of copyright liability.”

Shani’s fundraiser went live a few hours ago and the first donations are now starting to come in. He has set a target of $8,500 set for his defense fund so there is still a long way to go.

Speaking with TorrentFreak, Shani explains that he got into Kodi addon development to broaden his coding skills and learn Python. ZemTV was a tool to watch recorded shows from zemtv.com, which he always assumed were perfectly legal, on his Apple TV. Then, he decided to help others to do the same.

“The reason why I published the addon was that I saw it as a community helping each other out, and this was my way to give back. I never received any money from anybody and I wanted to keep it pure and free,” Shani tells us.

ZemTV was a passive service, simply scraping content from a third party source, he explains. The addon provided an interface but did not host or control any allegedly infringing content directly.

“I had no involvement nor control over any of the websites or content sources that were allegedly accessible through ZemTV. I did not host nor take part in the sharing of any form of streaming media. As an open source developer, I should not be held liable for the potential abuse of my code,” the developer stresses.

Dish Network sees things differently, of course. In its complaint, the company accused Shani of illegally retransmitting their copyright protected channels while asking for donations to maintain the project.

The case is perhaps not as straightforward as either side presents it. However, it is in the best interests of the general public that both sides are properly heard. This is the first case against a Kodi-addon developer and the outcome will set an important precedent.

“This lawsuit is part of a targeted effort to destroy the Kodi addon community. The fight is rigged against the little guy, they are trying to make something illegal that shouldn’t be illegal. They tried to do it with the VCR, and now years and years later they are trying to do it with Kodi.

“Since I am the only addon developer to date who is actually fighting the wrath of big media bullies, it is crucial that I win my case,” Shani adds.

Going forward, the ZemTV developer believes that copyright holders are better off going after the content providers directly. If the sources are down, any problematic addons will also stop working. Rightholders can even work with addon developers and use addons to find infringing content providers.

“I think the copyright holders should target the sources, it’s as simple as that,” Shani tells us.

The fundraiser campaign is now public on Generosity.com. At the time of writing the ticker sits at $50, so there is still a long way to go before the developer can organize a proper defense.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Pirate Site Owner Found Guilty, But He Can Keep The Profits

Post Syndicated from Ernesto original https://torrentfreak.com/pirate-site-owner-found-guilty-can-keep-profits/

Traditionally, Sweden has been rather tough on people who operate file-sharing sites, with The Pirate Bay case as the prime example.

In 2009, four people connected to the torrent site were found guilty of assisting copyright infringement. They all received stiff prison sentences and millions of dollars in fines.

The guilty sentence was upheld in an appeal. While the prison terms of Peter Sunde, Fredrik Neij and Carl Lundström were reduced to eight, ten and four months respectively, the fines swelled to $6.5 million.

This week another torrent related filesharing case concluded in Sweden, but with an entirely different outcome. IDG reports that the 47-year-old operator of Filmfix was sentenced to 120 hours of community service.

Filmfix.se offered community-curated links to a wide variety of pirated content hosted by external sources, including torrent sites. The operator charged users 10 Swedish Krona per month to access the service, which is little over a dollar at the current exchange rate.

With thousands of users, Filmfix provided a decent income. The site was active for more than six years and between April 2012 and October 2013 alone it generated over $88,000 in revenue. Interestingly, the court decided that the operator can keep this money.

Filmfix

While the District Court convicted the man for facilitating copyright infringement, there was no direct link between the subscription payments and pirated downloads. The paying members also had access to other unrelated features, such as the forums and chat.

Henrik Pontén, head of the local Rights Alliance, which reported the site to the police, stated that copyright holders have not demanded any damages. They may, however, launch a separate civil lawsuit in the future.

The man’s partner, who was suspected of helping out and owned the company where Filmfix’s money went to, was acquitted entirely by the District Court.

The 120-hours of community service stands in stark contrast to the prison sentences and millions of dollars in fines in The Pirate Bay case, despite there being quite a few similarities. Both relied on content uploaded by third parties and didn’t host any infringing files directly.

The lower sentence may in part be due to a fresh Supreme Court ruling in Sweden. In the case against an operator of the now-defunct private torrent tracker Swepirate, the Court recently ruled that prison sentences should not automatically be presumed in file-sharing cases.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Center For Justice Wants Court to Unveil Copyright Trolling Secrets

Post Syndicated from Ernesto original https://torrentfreak.com/center-for-justice-wants-court-to-unveil-copyright-trolling-secrets-171116/

Mass-piracy lawsuits have been plaguing the U.S. for years, targeting hundreds of thousands of alleged downloaders.

While the numbers are massive, there are only a few so-called “copyright trolling” operations running the show.

These are copyright holders, working together with lawyers and piracy tracking firms, trying to extract cash settlements from alleged subscribers.

Getting a settlement is also what the makers of the “Elf-Man” movie tried when they targeted Ryan Lamberson of Spokane Valley, Washington. Unlike most defendants, however, Lamberson put up a fight, questioning the validity of the evidence. After the filmmaker pulled out, the accused pirate ended up winning $100,000 in attorney fees.

All this happened three years ago but it appears that there might be more trouble in store for Elf-Man and related companies.

The Washington non-profit organization Center for Justice (CFJ) recently filed a motion to intervene in the case. The group, which aims to protect “the wider community from abuse by the moneyed few,” has asked the court to unseal several documents that could reveal more about how these copyright trolls operate.

The non-profit asks the court to open up several filings to the public that may reveal how film companies, investigators, and lawyers coordinated an illegal settlement factory.

“The CFJ’s position is simple: if foreign data collectors and local lawyers are feeding on the subpoena power of federal courts to extract settlements from innocent people, then the public deserves to know.

“What makes this case so important is that, based on the unsealed exhibits and declarations, it appears that a German operation is providing the ‘investigators’ and ‘experts’ that claim to identify infringing activities, but its investigators apparently have a direct financial interest and the ‘software’ is questionable at best,” CFJ adds.

Another problem mentioned by the non-profit organization is that not all defense lawyers are familiar with these ‘trolling’ cases. They sometimes need dozens of hours to research them, which costs the defendant more than the cash settlement deal offered by the copyright holder.

As a result, paying off the trolls may seem like the most logical and safe option to the accused, even when they are innocent.

CFJ hopes that the sealed documents will help to expose the copyright trolls’ “mushrooming” enterprise, not just in this particular case, but also in many similar cases where people are pressured into settling.

“The entire lawsuit may have been a sham. Which is where CFJ comes in. Money and information remain the most significant hurdles for those being named as defendants in lawsuits like this one who receive threatening settlement letters like the one Mr. Lamberson received.

“CFJ’s goal is to level the playing field and reduce the plaintiffs’ informational advantage. The common-law right of access to judicial records is especially important where, as here, the copyright ‘trolling’ risks infecting the judicial system,” the non-profit adds.

The recent filings were spotted by SJD from Fight Copyright Trolls, who rightfully notes that we still have to see whether the documents will be made public, or not. If they are indeed unsealed, it may trigger a response from other accused pirates, perhaps even a class action suit.

—–

Center For Justice’s full motion to intervene is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Cracking Group 3DM Loses Piracy Case Against Game Maker

Post Syndicated from Ernesto original https://torrentfreak.com/cracking-group-3dm-loses-piracy-case-against-game-maker-171115/

While most cracking groups operate under a veil of secrecy, China-based 3DM is not shy to come out in public.

The group’s leader, known as Bird Sister, has commented on various gaming and piracy related issues in the past.

She also spoke out when her own group was sued by the Japanese game manufacturer Koei Tecmo last year. The company accused 3DM of pirating several of its titles, including Romance of the Three Kingdoms.

However, Bird Sister instead wondered why the company should be able to profit from a work inspired by a 3rd-century novel from China.

“…why does a Japanese company, Koei have the copyright of this game when the game is obviously a derivation from the book “Romance of the Three Kingdoms” written by Chen Shou. I think Chinese gaming companies should try taking back the copyright,” she said.

Bird Sister

birdsister

The novel in question has long since been in the public domain so there’s nothing stopping Koei Tecmo from using it, as Kotaku points out. The game, however, is a copyrighted work and 3DM’s actions were seen as clear copyright infringement by a Chinese court.

In a press release, Koei Tecmo announces that it has won its lawsuit against the cracking group.

The court ordered 3DM to stop distributing the infringing games and awarded a total of 1.62 million Yuan ($245,000) in piracy damages and legal fees.

While computer games are cracked and pirated on a daily basis, those responsible for it are rarely held accountable. This makes the case against 3DM rather unique. And it may not be the last if it’s up to the game manufacturer.

“We will continue to respond rigorously to infringements of our copyrights and trademark rights, both in domestic and overseas markets, while also developing satisfying games that many users can enjoy,” said the company, commenting on the ruling.

While the lawsuit may help to steer the cracking group away from pirating Koei Tecmo games, it can’t undo any earlier releases. Court order or not, past 3DM releases, including Romance of the Three Kingdoms titles, are still widely available through third-party sites.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Microsoft Sued Over ‘Baseless’ Piracy Threats

Post Syndicated from Ernesto original https://torrentfreak.com/microsoft-sued-over-baseless-piracy-threats-171113/

For many years, Microsoft and the Business Software Alliance (BSA) have carried out piracy investigations into organizations large and small.

Companies accused of using Microsoft software without permission usually get a letter asking them to pay up, or face legal consequences.

Rhode Island-based company Hanna Instruments is one of the most recent targets. The company stands accused of using Microsoft Office products without a proper license.

However, instead of Microsoft going after Hanna in court for copyright infringement, Hanna has filed a lawsuit against BSA and Microsoft asking for a declaratory judgment that it did nothing wrong.

The lawsuit is the result of a long back-and-forth that started in June. At the time, BSA’s lawyers sent Hanna a letter accusing it of using Microsoft products without a proper license, while requesting an audit.

Hanna’s management wasn’t aware of any pirated products but after repeated requests, the company decided to go ahead and conduct a thorough investigation. The results, combined in a detailed spreadsheet, showed that it purchased 126 copies of Microsoft Office software, while only 120 were in use.

Perfectly fine, they assumed, but the BSA was not convinced.

Since Hanna only had Microsoft generated key cards for the most recent purchases, the company used purchase orders, requisitions, and price quotes to prove that it properly licensed earlier copies of Microsoft Office. Not good enough, according to the BSA, which wanted to see money instead.

The BSA’s lawyers informed Hanna that the company would face up to $4,950,000 in damages if the case went to court. Instead, however, they offered to settle the matter for $72,074.

From the complaint

Hanna wasn’t planning to pay and pointed out that they sent in as much proof as they could find, documenting legal purchases of Microsoft Office licenses for a period covering more than ten years. While the BSA appreciated the effort, it didn’t accept this as hard evidence.

“…the provision of purchase orders, price quotes, purchase requisitions are not acceptable as valid proof of purchase to our client. Reason being, the aforesaid documents do not demonstrate that a purchase has taken place, they merely establish intent to make a purchase of software,” the BSA wrote in yer another email.

Interestingly, the BSA itself still failed to provide any solid proof that Hanna was using unlicensed software. The Rhode Island company repeatedly requested this, but the BSA simply replied that it’s neither appropriate nor efficient to request evidence from their clients in every case.

The BSA then went a step further and suggested that Microsoft did the company a favor by approaching it directly. The alternative would have been to call in the U.S. Marshals and raid the company’s headquarters.

“The rights holders had the alternative option of simply commencing litigation and seeking a court order permitting a raid by U.S. Marshals,” the BSA’s lawyers wrote in one of their letters.

This ‘threat’ wasn’t completely in vain. In the past, the BSA and Microsoft’s accusations have developed into fully-fledged raids, with armed law enforcement officials assisting the software vendor, taking away computers for further inspection.

Still, Hanna maintained that it didn’t do anything wrong. At this point, they’d spent $25,000 on disproving the BSA’s “baseless” claims, and saw no other option than to take the matter to court.

Late last week the company submitted a complaint against Microsoft and the BSA in a Rhode Island federal court, asking for a declaratory judgment and monetary compensation.

“To date, the Defendants have not provided any documentation supporting the baseless allegation that Hanna illegally copied Microsoft Office, in spite of repeated requests by Plaintiff’s counsel that BSA produce such information,” the complaint reads.

“By this Complaint, Hanna seeks a declaration by the Court that it has not infringed any Microsoft copyrights, that Hanna has been harmed by BSA’s relentless and unsupported charges, and that Defendants pay Hanna’s costs and expenses for this action, together with reasonable attorney fees, and any additional monetary award this Court deems appropriate.”

It’s now up to the court to decide who’s right and who’s wrong, but the case already provides a rare and intriguing insight into the anti-piracy practices of Microsoft and the BSA.

This isn’t the first time that one of these cases has gone to court. In Belgium, the BSA and Microsoft lost a similar case. Here, a local company was ordered to pay a settlement on the spot or lose its computers. With law enforcement at the ready, the owner decided to pay, despite owning valid licenses.

The full complaint is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Twitter Sued Over Slow Response to DMCA Takedown Request

Post Syndicated from Ernesto original https://torrentfreak.com/twitter-sued-over-slow-response-to-dmca-takedown-request-171112/

In common with many other user-generated content sites, Twitter is used by some of its members to host or link to copyright-infringing material.

If rightsholders submit a takedown request, Twitter swiftly takes the infringing content down. Over the past several months the company has processed thousands of requests and complied with most of them.

However, a new lawsuit filed in a California federal court suggests that Twitter’s takedown efforts aren’t perfect.

Rhode Island-based photographer Kristen Pierson filed a complaint against Twitter, accusing the company of hosting and linking to one of her works without permission.

The photo in question, taken at an Alice in Chains concert in 2006, was posted by Twitter user Karen Juanita. After Pierson found out she sent a DMCA takedown notice to Twitter on April 26 of this year.

Twitter promptly replied that it had “disabled access” to the photo, but this didn’t happen right away. While Twitter noted that it could take some time for the removal to propagate, it appears that something went wrong.

Twitter’s response

According to the complaint, it took 90 days before it was effectively taken down. It seems unlikely that Twitter intentionally waited three months, but Pierson is not looking for an excuse. Instead, she’s demanding damages from the social media outfit.

“Twitter had actual knowledge of the direct infringement and contributory infringement. Pierson provided notice to Twitter in compliance with the DMCA, and Twitter failed to expeditiously disable access to or remove the Copyrighted Photograph from their servers,” the complaint notes.

“Alternatively, Twitter directly infringed Pierson’s copyrights by continuing to allow public access to the Copyrighted Photograph on Twitter’s server or on servers controlled by Twitter.”

Theoretically, damages could go up to $150,000, should willful copyright infringement be proven. However, it’s more likely that both parties will settle their differences, or that the case will be dismissed for other reasons.

This isn’t the first time that Twitter has been sued for failing to promptly remove infringing content. Several photographers, including Pierson herself, have done so before. In most cases, these lawsuits are settled after a few weeks, behind closed doors.

A copy of the complaint is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Dallas Buyers Club Loses Piracy Lawsuit, IP-Address is Not Enough

Post Syndicated from Ernesto original https://torrentfreak.com/dallas-buyers-club-loses-piracy-lawsuit-ip-address-is-not-enough-171110/

In recent years, BitTorrent users around the world have been targeted with threats. They can either pay a significant settlement fee, or face far worse in court.

The scheme started in Germany years ago, and copyright holders later went after alleged pirates in Australia, Denmark, Finland, the UK, US, and elsewhere.

This summer, the copyright holders behind the movie Dallas Buyers Club added Spain to the mix, going after dozens of alleged pirates in Bilbao and San Sebastian. The ‘filmmakers’ are part of a tight group of so-called copyright trolls which are constantly expanding their business to other countries.

While they have had some success, mainly by sending out settlement letters, in Spain the first court case brought bad news.

The Commercial Court of Donostia dismissed the claim against an alleged file-sharer due to a lack of evidence. Dallas Buyers Club identified the infringer through an IP-address, but according to Judge Pedro José Malagón Ruiz, this is not good enough.

“The ruling says that there is no way to know whether the defendant was the P2P user or not, because an IP address only identifies the person who subscribed to the Internet connection, not the user who made use of the connection at a certain moment,” copyright lawyer David Bravo tells TorrentFreak.

“A relative or a guest could have been using the network, or even someone accessing the wifi if it was open,” he adds.

In addition, the Judge agreed with the defense that there is no evidence that the defendant actively made the movie available. This generally requires a form of intent. However, BitTorrent clients automatically share files with others, whether it’s the intention of the user or not.

“The upload of the data from the P2P programs occurs automatically by the program configuration itself. […] This occurs by default without requiring the knowledge or intention of the user,” Judge Malagón Ruiz writes in his verdict, quoted by Genbeta.

In other words, these BitTorrent transfers are not necessarily an act of public communication, therefore, they are not infringing any copyrights.

The case provides hope for other accused file-sharers who are looking to have their cases dismissed as well. Not in the last place because the defense was coordinated online, without active involvement of a lawyer.

Bravo, together with two colleague lawyers, offered self-help forms to accused file-sharers free of charge. Defendants could use these to mount a proper defense, which paid off in this case.

“This ruling sets a precedent,” Bravo tells TorrentFreak, noting that it’s a clear setback for the copyright holders who are involved in these mass file-sharing lawsuits.

While the lawyer cautions that other courts may come to a different conclusion, it appears that Dallas Buyers Club and other copyright trolls will meet some fierce ‘p2p coordinated’ resistance in Spain.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Sony & Warner Sue TuneIn For Copyright Infringement in UK High Court

Post Syndicated from Andy original https://torrentfreak.com/sony-warner-sue-tunein-for-copyright-infringement-in-uk-high-court-171109/

When it comes to providing digital online audio content, TuneIn is one of the world’s giants.

Whether music, news, sport or just chat, TuneIn provides more than 120,000 radio stations and five million podcasts to 75,000,000 global users, both for free and via a premium tier service.

Accessible from devices including cellphones, tablets, smart TVs, digital receivers, games consoles and even cars, TuneIn reaches more than 230 countries and territories worldwide. One, however, is about to cause the company a headache.

According to a report from Music Business Worldwide (MBW), Sony Music Entertainment and Warner Music Group are suing TuneIn over unlicensed streams.

MBW sources say that the record labels filed proceedings in the UK High Court last week, claiming that TuneIn committed copyright infringement on at least 800 music streams accessible in the UK.

While TuneIn does offer premium streams to customers, the service primarily acts as an index for radio streams hosted by their respective third-party creators. It describes itself as “an audio guide service” which indicates it does not directly provide the content listened to by its users.

However, previous EU rulings (such as one related to The Pirate Bay) have determined that providing an index to content is tantamount to a communication to the public, which for unlicensed content would amount to infringement in the UK.

While it would be difficult to avoid responsibility, TuneIn states on its website that it makes no claim that its service is legal in any other country than the United States.

“Those who choose to access or use the Service from locations outside the United States of America do so on their own initiative and are responsible for compliance with local laws, if and to the extent local laws are applicable,” the company writes.

“Access to the Service from jurisdictions where the contents or practices of the Service are illegal, unauthorized or penalized is strictly prohibited.”

All that being said, the specific details of the Sony/Warner complaint are not yet publicly available so the precise nature of the High Court action is yet to be determined.

TorrentFreak contacted the BPI, the industry body that represents both Sony and Warner in the UK, for comment on the lawsuit. A spokesperson informed us that they are not directly involved in the action.

We also contacted both the IFPI and San Francisco-based TuneIn for further comment but at the time of publication, we were yet to hear back from either.

TuneIn reportedly has until the end of November to file a defense.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Me on the Equifax Breach

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/11/me_on_the_equif.html

Testimony and Statement for the Record of Bruce Schneier
Fellow and Lecturer, Belfer Center for Science and International Affairs, Harvard Kennedy School
Fellow, Berkman Center for Internet and Society at Harvard Law School

Hearing on “Securing Consumers’ Credit Data in the Age of Digital Commerce”

Before the

Subcommittee on Digital Commerce and Consumer Protection
Committee on Energy and Commerce
United States House of Representatives

1 November 2017
2125 Rayburn House Office Building
Washington, DC 20515

Mister Chairman and Members of the Committee, thank you for the opportunity to testify today concerning the security of credit data. My name is Bruce Schneier, and I am a security technologist. For over 30 years I have studied the technologies of security and privacy. I have authored 13 books on these subjects, including Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World (Norton, 2015). My popular newsletter CryptoGram and my blog Schneier on Security are read by over 250,000 people.

Additionally, I am a Fellow and Lecturer at the Harvard Kennedy School of Government –where I teach Internet security policy — and a Fellow at the Berkman-Klein Center for Internet and Society at Harvard Law School. I am a board member of the Electronic Frontier Foundation, AccessNow, and the Tor Project; and an advisory board member of Electronic Privacy Information Center and VerifiedVoting.org. I am also a special advisor to IBM Security and the Chief Technology Officer of IBM Resilient.

I am here representing none of those organizations, and speak only for myself based on my own expertise and experience.

I have eleven main points:

1. The Equifax breach was a serious security breach that puts millions of Americans at risk.

Equifax reported that 145.5 million US customers, about 44% of the population, were impacted by the breach. (That’s the original 143 million plus the additional 2.5 million disclosed a month later.) The attackers got access to full names, Social Security numbers, birth dates, addresses, and driver’s license numbers.

This is exactly the sort of information criminals can use to impersonate victims to banks, credit card companies, insurance companies, cell phone companies and other businesses vulnerable to fraud. As a result, all 143 million US victims are at greater risk of identity theft, and will remain at risk for years to come. And those who suffer identify theft will have problems for months, if not years, as they work to clean up their name and credit rating.

2. Equifax was solely at fault.

This was not a sophisticated attack. The security breach was a result of a vulnerability in the software for their websites: a program called Apache Struts. The particular vulnerability was fixed by Apache in a security patch that was made available on March 6, 2017. This was not a minor vulnerability; the computer press at the time called it “critical.” Within days, it was being used by attackers to break into web servers. Equifax was notified by Apache, US CERT, and the Department of Homeland Security about the vulnerability, and was provided instructions to make the fix.

Two months later, Equifax had still failed to patch its systems. It eventually got around to it on July 29. The attackers used the vulnerability to access the company’s databases and steal consumer information on May 13, over two months after Equifax should have patched the vulnerability.

The company’s incident response after the breach was similarly damaging. It waited nearly six weeks before informing victims that their personal information had been stolen and they were at increased risk of identity theft. Equifax opened a website to help aid customers, but the poor security around that — the site was at a domain separate from the Equifax domain — invited fraudulent imitators and even more damage to victims. At one point, the official Equifax communications even directed people to that fraudulent site.

This is not the first time Equifax failed to take computer security seriously. It confessed to another data leak in January 2017. In May 2016, one of its websites was hacked, resulting in 430,000 people having their personal information stolen. Also in 2016, a security researcher found and reported a basic security vulnerability in its main website. And in 2014, the company reported yet another security breach of consumer information. There are more.

3. There are thousands of data brokers with similarly intimate information, similarly at risk.

Equifax is more than a credit reporting agency. It’s a data broker. It collects information about all of us, analyzes it all, and then sells those insights. It might be one of the biggest, but there are 2,500 to 4,000 other data brokers that are collecting, storing, and selling information about us — almost all of them companies you’ve never heard of and have no business relationship with.

The breadth and depth of information that data brokers have is astonishing. Data brokers collect and store billions of data elements covering nearly every US consumer. Just one of the data brokers studied holds information on more than 1.4 billion consumer transactions and 700 billion data elements, and another adds more than 3 billion new data points to its database each month.

These brokers collect demographic information: names, addresses, telephone numbers, e-mail addresses, gender, age, marital status, presence and ages of children in household, education level, profession, income level, political affiliation, cars driven, and information about homes and other property. They collect lists of things we’ve purchased, when we’ve purchased them, and how we paid for them. They keep track of deaths, divorces, and diseases in our families. They collect everything about what we do on the Internet.

4. These data brokers deliberately hide their actions, and make it difficult for consumers to learn about or control their data.

If there were a dozen people who stood behind us and took notes of everything we purchased, read, searched for, or said, we would be alarmed at the privacy invasion. But because these companies operate in secret, inside our browsers and financial transactions, we don’t see them and we don’t know they’re there.

Regarding Equifax, few consumers have any idea what the company knows about them, who they sell personal data to or why. If anyone knows about them at all, it’s about their business as a credit bureau, not their business as a data broker. Their website lists 57 different offerings for business: products for industries like automotive, education, health care, insurance, and restaurants.

In general, options to “opt-out” don’t work with data brokers. It’s a confusing process, and doesn’t result in your data being deleted. Data brokers will still collect data about consumers who opt out. It will still be in those companies’ databases, and will still be vulnerable. It just don’t be included individually when they sell data to their customers.

5. The existing regulatory structure is inadequate.

Right now, there is no way for consumers to protect themselves. Their data has been harvested and analyzed by these companies without their knowledge or consent. They cannot improve the security of their personal data, and have no control over how vulnerable it is. They only learn about data breaches when the companies announce them — which can be months after the breaches occur — and at that point the onus is on them to obtain credit monitoring services or credit freezes. And even those only protect consumers from some of the harms, and only those suffered after Equifax admitted to the breach.

Right now, the press is reporting “dozens” of lawsuits against Equifax from shareholders, consumers, and banks. Massachusetts has sued Equifax for violating state consumer protection and privacy laws. Other states may follow suit.

If any of these plaintiffs win in the court, it will be a rare victory for victims of privacy breaches against the companies that have our personal information. Current law is too narrowly focused on people who have suffered financial losses directly traceable to a specific breach. Proving this is difficult. If you are the victim of identity theft in the next month, is it because of Equifax or does the blame belong to another of the thousands of companies who have your personal data? As long as one can’t prove it one way or the other, data brokers remain blameless and liability free.

Additionally, much of this market in our personal data falls outside the protections of the Fair Credit Reporting Act. And in order for the Federal Trade Commission to levy a fine against Equifax, it needs to have a consent order and then a subsequent violation. Any fines will be limited to credit information, which is a small portion of the enormous amount of information these companies know about us. In reality, this is not an effective enforcement regime.

Although the FTC is investigating Equifax, it is unclear if it has a viable case.

6. The market cannot fix this because we are not the customers of data brokers.

The customers of these companies are people and organizations who want to buy information: banks looking to lend you money, landlords deciding whether to rent you an apartment, employers deciding whether to hire you, companies trying to figure out whether you’d be a profitable customer — everyone who wants to sell you something, even governments.

Markets work because buyers choose from a choice of sellers, and sellers compete for buyers. None of us are Equifax’s customers. None of us are the customers of any of these data brokers. We can’t refuse to do business with the companies. We can’t remove our data from their databases. With few limited exceptions, we can’t even see what data these companies have about us or correct any mistakes.

We are the product that these companies sell to their customers: those who want to use our personal information to understand us, categorize us, make decisions about us, and persuade us.

Worse, the financial markets reward bad security. Given the choice between increasing their cybersecurity budget by 5%, or saving that money and taking the chance, a rational CEO chooses to save the money. Wall Street rewards those whose balance sheets look good, not those who are secure. And if senior management gets unlucky and the a public breach happens, they end up okay. Equifax’s CEO didn’t get his $5.2 million severance pay, but he did keep his $18.4 million pension. Any company that spends more on security than absolutely necessary is immediately penalized by shareholders when its profits decrease.

Even the negative PR that Equifax is currently suffering will fade. Unless we expect data brokers to put public interest ahead of profits, the security of this industry will never improve without government regulation.

7. We need effective regulation of data brokers.

In 2014, the Federal Trade Commission recommended that Congress require data brokers be more transparent and give consumers more control over their personal information. That report contains good suggestions on how to regulate this industry.

First, Congress should help plaintiffs in data breach cases by authorizing and funding empirical research on the harm individuals receive from these breaches.

Specifically, Congress should move forward legislative proposals that establish a nationwide “credit freeze” — which is better described as changing the default for disclosure from opt-out to opt-in — and free lifetime credit monitoring services. By this I do not mean giving customers free credit-freeze options, a proposal by Senators Warren and Schatz, but that the default should be a credit freeze.

The credit card industry routinely notifies consumers when there are suspicious charges. It is obvious that credit reporting agencies should have a similar obligation to notify consumers when there is suspicious activity concerning their credit report.

On the technology side, more could be done to limit the amount of personal data companies are allowed to collect. Increasingly, privacy safeguards impose “data minimization” requirements to ensure that only the data that is actually needed is collected. On the other hand, Congress should not create a new national identifier to replace the Social Security Numbers. That would make the system of identification even more brittle. Better is to reduce dependence on systems of identification and to create contextual identification where necessary.

Finally, Congress needs to give the Federal Trade Commission the authority to set minimum security standards for data brokers and to give consumers more control over their personal information. This is essential as long as consumers are these companies’ products and not their customers.

8. Resist complaints from the industry that this is “too hard.”

The credit bureaus and data brokers, and their lobbyists and trade-association representatives, will claim that many of these measures are too hard. They’re not telling you the truth.

Take one example: credit freezes. This is an effective security measure that protects consumers, but the process of getting one and of temporarily unfreezing credit is made deliberately onerous by the credit bureaus. Why isn’t there a smartphone app that alerts me when someone wants to access my credit rating, and lets me freeze and unfreeze my credit at the touch of the screen? Too hard? Today, you can have an app on your phone that does something similar if you try to log into a computer network, or if someone tries to use your credit card at a physical location different from where you are.

Moreover, any credit bureau or data broker operating in Europe is already obligated to follow the more rigorous EU privacy laws. The EU General Data Protection Regulation will come into force, requiring even more security and privacy controls for companies collecting storing the personal data of EU citizens. Those companies have already demonstrated that they can comply with those more stringent regulations.

Credit bureaus, and data brokers in general, are deliberately not implementing these 21st-century security solutions, because they want their services to be as easy and useful as possible for their actual customers: those who are buying your information. Similarly, companies that use this personal information to open accounts are not implementing more stringent security because they want their services to be as easy-to-use and convenient as possible.

9. This has foreign trade implications.

The Canadian Broadcast Corporation reported that 100,000 Canadians had their data stolen in the Equifax breach. The British Broadcasting Corporation originally reported that 400,000 UK consumers were affected; Equifax has since revised that to 15.2 million.

Many American Internet companies have significant numbers of European users and customers, and rely on negotiated safe harbor agreements to legally collect and store personal data of EU citizens.

The European Union is in the middle of a massive regulatory shift in its privacy laws, and those agreements are coming under renewed scrutiny. Breaches such as Equifax give these European regulators a powerful argument that US privacy regulations are inadequate to protect their citizens’ data, and that they should require that data to remain in Europe. This could significantly harm American Internet companies.

10. This has national security implications.

Although it is still unknown who compromised the Equifax database, it could easily have been a foreign adversary that routinely attacks the servers of US companies and US federal agencies with the goal of exploiting security vulnerabilities and obtaining personal data.

When the Fair Credit Reporting Act was passed in 1970, the concern was that the credit bureaus might misuse our data. That is still a concern, but the world has changed since then. Credit bureaus and data brokers have far more intimate data about all of us. And it is valuable not only to companies wanting to advertise to us, but foreign governments as well. In 2015, the Chinese breached the database of the Office of Personal Management and stole the detailed security clearance information of 21 million Americans. North Korea routinely engages in cybercrime as way to fund its other activities. In a world where foreign governments use cyber capabilities to attack US assets, requiring data brokers to limit collection of personal data, securely store the data they collect, and delete data about consumers when it is no longer needed is a matter of national security.

11. We need to do something about it.

Yes, this breach is a huge black eye and a temporary stock dip for Equifax — this month. Soon, another company will have suffered a massive data breach and few will remember Equifax’s problem. Does anyone remember last year when Yahoo admitted that it exposed personal information of a billion users in 2013 and another half billion in 2014?

Unless Congress acts to protect consumer information in the digital age, these breaches will continue.

Thank you for the opportunity to testify today. I will be pleased to answer your questions.

US Court Grants ISPs and Search Engine Blockade of Sci-Hub

Post Syndicated from Ernesto original https://torrentfreak.com/us-court-grants-isps-and-search-engine-blockade-of-sci-hub-171106/

Earlier this year the American Chemical Society (ACS), a leading source of academic publications in the field of chemistry, filed a lawsuit against Sci-Hub and its operator Alexandra Elbakyan.

The non-profit organization publishes tens of thousands of articles a year in its peer-reviewed journals. Because many of these are available for free on Sci-Hub, ACS wants to be compensated.

Sci-Hub was made aware of the legal proceedings but did not appear in court. As a result, a default was entered against the site.

In addition to millions of dollars in damages, ACS also requested third-party Internet intermediaries to take action against the site.

The broad request was later adopted in a recommendation from Magistrate Judge John Anderson. This triggered a protest from the tech industry trade group CCIA, which represents global tech firms including Google, Facebook, and Microsoft, that warned against the broad implications. However, this amicus brief was denied.

Just before the weekend, US District Judge Leonie Brinkema issued a final decision which is a clear win for ACS. The publisher was awarded the maximum statutory damages of $4.8 million for 32 infringing works, as well as a permanent injunction.

The injunction is not limited to domain name registrars and hosting companies, but expands to search engines, ISPs and hosting companies too, who can be ordered to stop linking to or offering services to Sci-Hub.

“Ordered that any person or entity in active concert or participation with Defendant Sci-Hub and with notice of the injunction, including any Internet search engines, web hosting and Internet service providers, domain name registrars, and domain name registries, cease facilitating access to any or all domain names and websites through which Sci-Hub engages in unlawful access to, use, reproduction, and distribution of ACS’s trademarks or copyrighted works,” the injunction reads.

part of the injunction

There is a small difference with the recommendation from the Magistrate Judge. Instead of applying the injunction to all persons “in privity” with Sci-Hub, it now applies to those who are “in active concert or participation” with the pirate site.

The injunction means that Internet providers, such as Comcast, can be requested to block users from accessing Sci-Hub. That’s a big deal since pirate site blockades are not common in the United States. The same is true for search engine blocking of copyright-infringing sites.

It’s clear that the affected Internet services will not be happy with the outcome. While the CCIA’s attempt to be heard in the case failed, it’s likely that they will protest the injunction when ACS tries to enforce it.

Previously, Cloudflare objected to a similar injunction where the RIAA argued that it was “in active concert or participation” with the pirate site MP3Skull. Here, Cloudflare countered that the DMCA protects the company from liability for the copyright infringements of its customers, limiting the scope of anti-piracy injunctions.

However, a Florida federal court ruled that the DMCA doesn’t apply in these cases.

It’s likely that ISPs and search engines will lodge similar protests if ACS tries to enforce the injunction against them.

While this case is crucial for copyright holders and Internet services, Sci-Hub itself doesn’t seem too bothered by the blocking prospect or the millions in damages it must pay on paper.

It already owes Elsevier $15 million, which it can’t pay, and a few million more or less doesn’t change anything. Also, the site has a Tor version which can’t be blocked by Internet providers, so determined scientists will still be able to access the site if they want.

The full order is available here (pdf) and a copy of the injunction can be found here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.