[CSG Spring 2008] Discussion with RIAA


David Hughes and Mark McDevitt from the RIAA are here to talk about the RIAA’s efforts to detect and report unauthorized music distribution.

Primary tool they use is the DMCA takedown notice.

In addition to the notices they focus on ebay auctions selling counterfeit CDs and hard drives loaded with content, online video streaming sites, blogs offering music files, irc distribution of files, etc. Also seeing growth of secret closed groups distributing music, and sites offering ringtones, facebook apps and others.

Have a staff of six full-time people investigating. One person is focused on university takedown notices. They’ve sent “tens of thousands” of takedown notices to commercial isps, universities, and others.

Functional process for takedown notices – recent article in Chronicle of Higher Ed, and recent notice to Educause list from Mark Luker.

MediaSentry started with a list of seven hundred songs – typically newer and very popular, plus a handful of popular older songs, e.g. Hotel California. The first step they take is a text-based search for song titles on gnutella, aries, bittorrent, edonkey. They look for a hash that matches a list of previously stored hashes. If they don’t find it, they download the file and create a hash that they create a fingerprint of using Audible Magic. If Audible Magic matches the hash, they add it to the database. If Audible Magic does not find the song, it’s presented to the RIAA for them to listen to to verify.

Media Sentry takes the most widely distributed hashes on the p2p networks. Then sends out requests to p2p nets for files with those hashes. Then sort through IP addresses to determine ownership. Then they attempt TCP handshake to verify IP and request the hash. If the user responds, then they log date, time, and name of infringing file. That info is then used by a human (Jeremy Landis) to send out takedown notices. The notification is not automated.

They do not download every file they send out a notification notice on. There is no rule that says that they send a DMCA notice before a preservation request or presettlement notice is sent. They’re separate processes.

In no case do they rely just on a text match on file info.

The mechanism for presettlement letters has requirements built into it based on needs of litigation. When the system goes out to find users it looks for users sharing files belonging to member companies. Looking for users sharing multiple copies of songs from members, have to be able to download recordings, users have to be in US.

Because they only know IP addresses, they don’t know whether the people they send a presettlement letter to has received a previous takedown notice. Good faith belief is not enough for litigation. What they’re going for in presettlement letters is “egregious” infringers – ones that have hundreds or thousands of songs.

They started sending out takedown notices to the universities in 2003. Notices to commercial entities started in 1996, predating the DMCA. They say that the volume between universities and commercial entities is roughly equal. That’s different than what they said in the Chronicle, but that’s because some context got lost in that interview. Greg notes that this seems like an imbalance, given the relative proportion of users. They note that we have a large concentration of the demographic. Also they note that the volume of outgoing transfers from universities is much larger than on other ISPs. In the case of non-campus ISPs they try to send notices to where “they have the most effect”. When they send to some ISPs for some p2p use, they appear to go in a black hole.

There’s no relation between the recent increase in notices and any political activity, nor do they use the notices to indicate the level of activity at any particular university. The surge is due to software and hardware upgrades at Media Sentry.

They’ve done recent surveys of college-age students where 90% know that it’s illegal, but 70% admit to doing it. Now they know that the population knows it’s wrong but continuing the behavior, therefore that’s what they have to deal with. Elazar notes that after five years of receiving notices, there hasn’t been much change in behavior. The RIAA guys respond by saying that they are seeing some change in behavior – P2P use is not increasing as fast as it was. That’s not true in Canada, where they don’t send out notices or litigate.

Terry asks what the limits are of MediaSentry to see activity inside the institutions, like DC++. They have no visibility into that through MediaSentry. They find out about things like that from things they see – like student newspapers, message boards, etc.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s