A New Tactic in the Piracy Battle

Peer-to-peer software makes it easier to unmask users who share copyrighted material.

February 17, 2003|Jon Healey | Times Staff Writer

This story is for all the people secretly copying digital songs, movies and games through online file-sharing systems such as Kazaa and Gnutella.

You know who you are -- and soon, the copyright cops could know, too.

As it turns out, so-called peer-to-peer networks are very good at distributing digital material, but very bad at hiding the sender or the receiver. Taking advantage of this transparency, record companies, Hollywood studios and other copyright holders are tracing users of peer-to-peer networks back to their Internet addresses and cataloging not only the items they've downloaded but also the goods they're storing for others to duplicate.

Once it has an alleged infringer's Internet address, the Recording Industry Assn. of America maintains that a copyright holder can use a federal court subpoena to force the target's Internet service provider to disclose his or her identity promptly.

The association tried to do just that last summer, but the ISP involved -- Verizon Communications Inc., the country's largest local phone company -- refused to comply. U.S. District Judge John D. Bates ruled in the RIAA's favor last month, but Verizon is appealing.

The surprising thing is just how easy such sleuthing is to do -- a fact that suggests the Verizon customer is merely the first of many consumers who will be sought by the anti-piracy police. All it takes is a copy of the free peer-to-peer software and an inexpensive program that monitors traffic to and from a computer.

Matching the Internet address to a specific home, dorm room or office cubicle takes a little more work, mainly because crucial information has to be extracted from the user's Internet service provider. But by simply obtaining a subpoena from the local federal courthouse, copyright holders may be able to accomplish that.

Many Internet users assume that what they do online is anonymous, hidden behind screen names such as "maximus" and "LadyBug." But they frequently -- and unwittingly -- disclose their Internet addresses as they work and play online. For example, the mere act of visiting a Web site can reveal a person's address.

A variety of tools are available for privacy-conscious consumers to hide their true addresses. But security experts say even these tools come up short on a peer-to-peer network when files are transferred.

Here's why. In a file-sharing system such as Kazaa, users copy files directly from each others' computer hard drives. In order to make these connections, they can't conceal themselves behind a bogus Internet address. They have to disclose where they can be found.

"If I allow someone to come onto my hard drive," the Internet protocol address "has to be real," said one security expert, who did not want to be identified. "If you have the real IP address, it's child's play to find out where the computer is. I don't mean child's play for a geek -- I mean my 9-year-old could do it."

The struggle between Verizon and the RIAA stems from the work of one of the association's anti-piracy investigators late in the afternoon of July 15, court documents indicate.

The investigator used a copy of the Kazaa software to search for an unnamed song, discovering that it was available from someone with the screen name "hmbutler."

The investigator then started downloading the song, using a second piece of software on the computer to monitor the data flowing in and out.

That program detected hmbutler's Internet address, which the investigator traced to Verizon. Although the court filing doesn't disclose how the connection to Verizon was made, there's no shortage of Web sites capable of matching an Internet address to the corresponding ISP.

Unlike street addresses, which are tied to a unique location, many Internet addresses shift from computer to computer and customer to customer. But Stewart Baker, general counsel for the U.S. Internet Service Provider Assn., said ISPs keep records showing whose account the addresses are assigned to at any given moment, although he added that those records typically get discarded after a few days.

The RIAA also pulled together a list of more than 600 music files that hmbutler was making available to be copied. That, too, is no great feat -- the Kazaa software enables anyone to click on a user's screen name and view an inventory of the files he or she is offering to share.

The RIAA declined to discuss its anti-piracy tactics, as did the Motion Picture Assn. of America.

Randy Saaf of MediaDefender Inc., a Los Angeles company that provides anti-piracy services to the music and movie industries, said the RIAA doesn't have to grab the Internet addresses of alleged pirates one by one. "You can automate all this stuff," including the file searches and the downloads, he said.

Los Angeles Times Articles