Tuesday, January 29, 2013

DMCA Notices

It is not a secret that I work in higher education, and with that territory comes the fun of dealing with DMCA notices. First of all, for those who have never seen one, let me share some of the background.

The digital millennium copyright act is a United States law passed in 1998 that protects the interests of copyright holders. It does so almost to the extreme.

In normal circumstances, the owner of a network or a system will be held liable for copyright infringements. One of the aspects of the DMCA is that it provides safe harbor to online service providers. That means that if one of my users infringes on somebody else's copyrights via my network, I will not be held liable for their actions if I do a few things. The most important aspect of the safe harbor provision is that the copyright holder, or somebody acting on their behalf, can send me a takedown notice. The law specifies that the takedown notice must follow certain criteria, and most copyright enforcement companies digitally sign the notices with PGP.


Until now, most copyright notices have been just that: a notice that somebody believes one of my users is sharing copyrighted materials, accompanied with the request to "make it stop" and pass the notice on to the owner. This past week, the notices started changing, and they now include a username/password to a website on which the user can log in to enter into a settlement agreement in order to avoid legal action!


The investigative process doesn't change; we're still checking to see if the message was sent to the right address, if digital signature is valid, if the required DMCA takedown components are present in the notice, and if we can find netflows that line up with the time of alleged sharing. If all of that does match, we find out whose computer was causing the flows, and we "make it stop". That concludes our infosec investigation and the case is handed over to the next stop in the process.

The whole DMCA process already didn't make me feel great, but now that we basically turned in to a messenger of "settle here of be sued"-message, it is even more distasteful.

No comments:

Post a Comment

Please share your view and opinions on what I wrote. In order to maintain quality, all comments will be moderated for merit. Contributions that call me out on statements that appear unfounded, wrong, or simply with which you disagree are highly appreciated and are even encouraged. Spam and 'me too' answers will be ignored.