HBO and DMCA, and peer2peer directory mining

[James Moore <jhmiso () RIT EDU>]

This brings up an interesting policy (for our student judicial
proceeding) and law issue (in terms of response), which is why I also
included the Educause ICPL group.

If what HBO (and ???) is reading is directory information from peer to
peer services, then what validity does that have to legal complaints.
Isn't this like hearsay (if not, please explain the differences -- HBO
doesn't have direct knowledge, do they)? (Note: I am not an attorney,
just a security professional interested in stating responses
accurately).

Has anyone analyzed the directory protocols of peer to peer file sharing
for elements of non-repudiation.

And from our campus judicial system perspective, we operate on the basis
of preponderance of evidence.  Is this something that with a lack of
non-repudiation, and issues with currency of data, that we have
preponderance of evidence?

Jim

-----Original Message-----
From: Lovaas,Steven [mailto:Steven.Lovaas () COLOSTATE EDU] 
Sent: Monday, April 30, 2007 2:28 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] HOB and DMCA

We've had a lot of these, and we think we've figure out what's going on:

HBO's notice is based on detecting a particular address' presence in a
cache - basically, a server publishes a list of addresses that will
provide the desired content. When HBO sees their content on one of those
lists, they grab all the addresses in the list. But the problem is, this
is not a live list - it lives on the server for a certain length of time
until an inactive address times out.

On our wired network, where addresses tend to be re-used by the same
device over a long period of time, an HBO complaint based on this tactic
usually captures something real. But when it's a wireless address (in
our case, through our VPN), we cycle through the address pool fairly
quickly. So by the time we get the complaint, a simple time stamp for
when HBO saw the cache list no longer gives us enough information to
track down the offender.

So the problem is not that HBO is giving us bogus information; it's that
they're not giving us ENOUGH information. They give us an address that
has been used *at some point in the past defined by the caching time*,
without giving an indication of when the address was ACTUALLY used. So
we can't really find the culprit.

And that's basically how we've been replying to them... Meanwhile, we're
altering our policies to simply prevent bittorrent, etc. on our
wireless/VPN. Legitimate users can use the wired network.

Steve


==============================================
Steven Lovaas, MSIA, CISSP
Network Security Manager
Academic Computing & Network Services
Colorado State University
970-297-3707
Steven.Lovaas () ColoState EDU
============================================
-----Original Message-----
From: Pace, Guy [mailto:gpace () CIS CTC EDU]
Sent: Monday, April 30, 2007 12:13 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] HOB and DMCA


We have had similar notices from HBO over the last month or so. Most
have indicated activity more than 9 days and as long as 15 days old. My
responses haven't bounced, but I did tell them that chances of finding
anything of value from data that old was negligible. I have yet to see
anything like a reply to email or returned phone call from any of the
senders of these notices--not just from the HBO outfit. I wonder about
the validity of these notices ... enough so that I'm tempted to
recommend they be added to the spam filter.

Guy L. Pace, CISSP
Security Administrator
Center for Information Services (CIS)
3101 Northup Way, Suite 100
Bellevue, WA 98004
425-803-9724

gpace () cis ctc edu


-----Original Message-----
From: Bob Bayn [mailto:Bob.Bayn () USU EDU]
Sent: Monday, April 30, 2007 10:49 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] HOB and DMCA

> ----- Original Message -----
> From: Dick Jacobson <Dick.Jacobson () NDSU NODAK EDU>
>
> There is apparently discussion on the REN-ISAC list about invlaid DMCA

> notices from HBO.

I just reviewed our DMCA complaints.  We haven't been bothered by HBO
much at all, but just got a complaint recently.  It was sent 10 days
after the alleged infringement and implicated our proxy server for which
we don't keep logs that long.  The delivery headers of the complaint
didn't look suspicious, and my reply didn't bounce.

Bob
Utah State University