On May 8, 2010, German citizen Michael Strotzer was the operator of an Internet connection from where an audiobook was made available on a peer-to-peer network.

Germany company Bastei Lübbe AG owned the copyrights to that content and had not given Strotzer permission to share it online. So, on October 28, 2010, Bastei Lübbe wrote to Strotzer with a demand for him to stop infringing their copyrights.

When the company’s letter failed to have the desired effect, Bastei Lübbe took Strotzer to court in Germany in an effort to obtain financial compensation for the alleged damages caused.

Strotzer denied that he had personally carried out the copyright infringement and said that his home network was secure. He also noted that his parents, who lived at the same address, had access to his network.

However, they did not have the audiobook on their computer and did not use file-sharing networks. In addition, he said that their computer had been turned off at the time when the audiobook was shared online.

The Court dismissed the action against Strotzer on the grounds that the copyright infringement could not be directly attributed to him since his parents could also have shared the audiobook. in response, Bastei Lübbe filed an appeal with the Regional Court of First Instance in Munich.

The Court said it was inclined to assume that Michael Strotzer was responsible for the infringement since it wasn’t clear from his statements that third parties had used his network and it was “highly likely” that the infringement was committed by him.

Case law, however, presented issues. The Federal Court previously ruled that it is for the copyright holder to prove the infringement. It also ruled that the Internet connection owner is likely to have committed the infringement if no-one else could have used his Internet connection at the time of the infringement.

That being said, if the internet connection was not sufficiently secure or was available to use by other people at the time of the infringement, the connection owner should disclose the identity of those people, effectively putting those people in the frame.

However, under Article 7 of the EU Charter of Fundamental Rights, which ensures the right to respect for a citizen’s private and family life, it was argued that the owner of the connection is not required to provide further information if a family member has had access to his network.

With this in mind, the Munich court referred the case to the Court of Justice of the European Union (CJEU) for guidance. Advocate General Szpunar published his opinion yesterday in 21 different languages (except English) but thanks to lawyer Eleonora Rosati, we have his findings in a nutshell.

“[Advocate General Szpunar] advised the CJEU to rule that EU law does not require to provide, at the national level, a presumption of liability of the owner of an internet connection for copyright infringements committed through such connection,” Rosati writes.

“However, if national law envisages such presumption to ensure the protection of copyright, this shall be applied coherently to guarantee effective copyright protection.

“In this sense, the right to family and private life under Article 7 of the EU Charter of Fundamental Rights may not be interpreted in such as way as to deprive copyright owners of any possibility of effective protection of their own intellectual property, the protection of which is mandated by Article 17(2) of the EU Charter,” Rosati adds.

In other words, if a country (in this case Germany) has national laws that reduce the burdens of proof in order to help protect copyright law (something which is not mandatory under EU law), it should not be the case that rightsholders are unable to enforce their rights due to an apparent conflict with the right to respect for private family life.

“If one was able to invoke Article 7 of the Charter to avoid having to disclose the names of those who might have used the connection, then the copyright owner would be deprived of his IP right,” Rosati explains.

“In any case, should a national court deem such intrusion into one’s own right to family life inadmissible, then the owner of the internet connection should be presumed liable for the relevant infringement, insofar as the copyright owner has no other means to identify the actual infringers.”

When cases are referred to the CJEU, the opinions and subsequent decisions of the Court often contain language which aims to balance what are often seen as conflicting rights. In this case, it’s suggested that the right to family life should not be (ab)used in order to avoid liability in a matter where the rights of another party have been infringed.

The opinion of the Advocate General is not binding but the CJEU generally follows such advice.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Source link

In April 2017, San Francisco resident Ross M. Colby was arraigned in U.S. District Federal Court in San Jose following an FBI investigation into alleged hacking offenses.

The 34-year-old was accused of hacking into several local media websites owned by Embarcadero Media Group including the Palo Alto Weekly and the Almanac. He was charged with intentional damage to a computer, attempted damage, and misdemeanor computer intrusion.

According to the indictment, Colby illegally accessed Embarcadero Media email accounts in July 2015. Then, in September 2015, several of the company’s websites were hacked to display the Guy Fawkes image associated with Anonymous. The message “Unbalanced Journalism for profit at the cost of human right. Brought to you by the Almanac” was also left behind.

Facing more than two decades in prison and fines totaling several hundred thousand dollars, Colby pleaded not guilty and was freed on bail. On May 29, 2018, Colby’s trial began in federal court in San Jose. Palo Alto Online has been reporting (1,2) on the case, which has thrown up something of interest to VPN users.

According to evidence provided by FBI Special Agent Anthony Frazier, between July and September 2015, IP addresses operated by VPN provider Private Internet Access (PIA) were used to access email accounts and systems belonging to Embarcadero Media.

A former Colby roommate claims that the pair discussed computer security and frequently had discussions about the use of VPNs. He had even helped Colby set one up, he said. Last Friday, the San Jose Federal Court also heard that Colby told his roommate that he’d hacked a news website for pay.

Also giving testimony was John Allan Arsenault, general counsel for London Trust Media, the owner of Private Internet Access.

According to Almanac News, Arsenault told the Court that some VPN companies, PIA included, do not retain logs of customers’ Internet activities. This means they are unable to produce useful information in response to a subpoena.

Arsenault told the Court that PIA accepts several payment methods, including cryptocurrency, but doesn’t keep records of customers’ names and addresses. The only thing the company holds is the email address used when the customer signs up. There was no record of Ross Colby signing up to PIA with his two known email addresses, Arsenault said.

“We’re limited to search by what the government gives us. Just because we can’t find it doesn’t mean they didn’t use the VPN service,” he said.

“Someone could create a throw-away (email) account to subscribe to us,” he added.

But while PIA could not connect Colby’s IP addresses to any illegal activity, the same could not be said of other companies. Evidence presented to the Court showed that in addition to the PIA addresses that were used to access the Embarcadero Media email accounts, an IP address belonging to Comcast was also used on 20 occasions.

Records provided by Comcast showed that John Colby, Ross Colby’s father and a retired Massachusetts state trooper, was assigned that particular IP address between June 2015 and October 2015, the date of the FBI’s subpoena to Comcast. John Colby further testified that his son stayed with him for about 10 days in July 2015, a period which coincided with the email breaches at Embarcadero Media.

Evidence provided by the FBI also showed that an IP address used by Ross Colby at his home in San Francisco was used to access Embarcadero accounts, as was an IP address registered to a cafe frequently used by Colby.

The case highlights some important points for those interested in Internet security.

The most interesting for privacy advocates is that this is the second time that Private Internet Access’s “no-logging” policy has been tested in court. Such claims are notoriously difficult to prove but PIA has now passed twice with flying colors.

However, the big lesson is that if an Internet crime is serious enough to involve the FBI, IP address evidence will be just part of the equation, with testimony from family and associates playing a major role too.

The final decision on Colby’s plea lies with the jury, which is yet to render its decision.

—

Disclaimer: PIA is one of our sponsors. This article was written completely independently of that fact, as always.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Source link

On May 4, 2016, Scott Sikes, a Special Agent with the Department of Homeland Security, was engaged in a child abuse investigation.

Acting undercover, Sikes was monitoring a channel on Internet Relay Chat (IRC) when a suspect posted a link. When Sikes opened it he discovered an image of child pornography.

Sikes struck up a one-on-one chat session with the suspect who subsequently posted three more links, each containing the same kind of material. It was later discovered that the suspect had posted 17 other links leading to similar abuse imagery.

Having captured the suspect’s IP address (209.197.26.72), Sikes traced it back to Highwinds Network Group, a cloud storage, CDN, and colocation company that is perhaps best known among file-sharers for its massive Usenet-related business.

Homeland Security followed up by issuing a Summons for Records on Highwinds, demanding that it hand over the details of the user behind that IP address at the times the IRC user posted the links.

Although not directly mentioned by name in court documents, at the time Highwinds owned the VPN provider IPVanish, a company that has repeatedly claimed to carry zero logs relating to its customers’ activities. It appears that the suspect tracked by Homeland Security was an IPVanish customer but any hope he would remain anonymous was soon dismissed.

On May 26, Highwinds responded to the summons, confirming that the IP address belonged to its VPN service. Initially, the company told HSI that to protect customer data, “we do not log any usage information. Therefore, we do not have any information regarding the referenced IP.”

However, after Sikes contacted Highwinds again, the company suggested that HSI submit a second summons requesting more detailed subscriber information.

On June 9, 2016, HSI served a second summons on Highwinds, requesting “any data associated with IRC traffic using IP 209.197.27.72, port 6667.” On June 21, Highwinds came up with the goods.

In a response to HSI, Highwinds provided information which allowed HSI to identify the suspect connecting to the VPN server, connecting to the IRC server, and then disconnecting from the VPN server. Highwinds also handed over the suspect’s name (Vincent Gevirtz), his email address, plus details of his VPN subscription.

Also made available to HSI was Gevirtz’s real IP address (Comcast 50.178.206.161) “as well as dates and times [he] connected to, and disconnected from, the IRC network,” times which coincided with the activity being investigated by HSI.

HSI then issued a summons on Comcast, requesting customer information on the IP address in question. Comcast responded three days later with a slightly different name – Julian Gevirtz – plus an address in Indiana. Vincent Gevirtz was subsequently found at that address with his parents and later admitted to the conduct carried out in the IRC channel. He further admitted to having shared images of abuse online for at least seven years.

While there will be few people disappointed that Gevirtz was tracked down by HSI, there was considerable uproar yesterday when the court documents were posted to the /r/piracy discussion page on Reddit.

IPVanish has always been extremely vocal about its no-logging policies but the court documents in the Gevirtz case appear to show that the company logged extensively, apparently down to what services were accessed and when.

So, with this apparent contradiction in hand, TF contacted StackPath, the company that bought Highwinds and therefore IPVanish back in 2017. How can its “zero logs” policy exist alongside the handing over of so much information?

“We are glad you asked. That lawsuit was from 2016 – long before StackPath acquired IPVanish in 2017,” said Jeremy Palmer, Vice President, Product & Marketing.

“IPVanish does not, has not, and will not log or store logs of our users as a StackPath company. I can’t speak to what happened on someone else’s watch, and that management team is long gone. But know this – in addition to not logging, StackPath will defend the privacy of our users, regardless of who demands otherwise.”

It’s pretty clear from this statement that StackPath doesn’t want to get into what went before and at least to a degree, that’s understandable. That being said, these things must have some kind of paper trail – logs if you like – that document what went on and who was responsible. So we asked again, this time tacking on some more questions to try and nail things down.

We began by asking about the general logging policies of IPVanish before StackPath took over. Clearly, if the old policy was to log (as the court papers suggest), at some point StackPath must’ve seen those policies and realized they were incompatible with their new approach to privacy. If that was the case, what were the old policies and when were they revised to StackPath standards?

“I can’t speak on behalf of the former executive or legal team (involved in this issue) as they are no longer part of Highwinds Network Group, and haven’t been since the acquisition,” Palmer reiterated.

“It’s impossible for me to speculate or comment about what may have happened under different ownership/management. We don’t keep VPN logs [now]. We value our customer’s privacy above everything else.”

The problem here is that at least as far as the IPVanish privacy statements go, the old policies are exactly the same as the new ones – no logs. Clearly, something has to give. At this point, Palmer provided us with a statement from StackPath CEO Lance Crosby.

Crosby is an industry heavyweight, there is little doubt about that. Founder, CEO and Chairman of Softlayer until its sale to IBM in 2013, Crosby was also former COO of ThePlanet. He doesn’t offer any clear proof but says that the HSI case could’ve been a one-off.

“At the time of the acquisition 2/6/17, the StackPath team and a third party performed due diligence on the platform. No logs existed, no logging systems existed and no previous/current/future intent to save logs existed,” Crosby says.

“The same is true today. We can only surmise, this was a one time directed order from authorities. We cannot find any history of logging at any level. Your privacy is paramount and we will fight any persons or government agencies seeking to infringe upon such.

“I can’t speak to what happened on someone else’s watch but Technology is my life and I’ve spent my career helping customers build on and use the Internet on their terms. StackPath takes that even further — security and privacy is our core mission. I also happen to be a lawyer and I will spend my last breath protecting individuals’ rights to privacy, especially our customers,” he concludes.

While having Crosby’s word on a no-logging future carries weight, we are sadly no closer to finding out what happened back in 2016. There is no mention in the court documents of the one-time logging scenario outlined above although that is certainly possible. The big question of whether it could happen again is up for debate.

Moving forward, IPVanish says it is committed to its ‘no-logging’ policy and says that the difference today is a “completely different management team” and a CEO who is “a strong privacy advocate” who “built StackPath on this foundation.”

IPVanish is the latest high-profile VPN to have provided information to the authorities after earlier claiming security for their users. Back in 2011, HideMyAss handed over information that would help to jail LulzSec hacker Cody Kretsinger. Last year it was revealed that PureVPN helped the FBI catch a cyberstalker.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Source link

Back in March and just a few hours before the Anthony Joshua v Joseph Parker fight, I got chatting with some fellow fans in the local pub. While some were intending to pay for the fight, others were going down the Kodi route.

Soon after the conversation switched to IPTV. One of the guys had a subscription and he said that his supplier would be along shortly if anyone wanted a package to watch the fight at home. Of course, I was curious to hear what he had to say since it’s not often this kind of thing is offered ‘offline’.

The guy revealed that he sold more or less exclusively on eBay and called up the page on his phone to show me. The listing made interesting reading.

In common with hundreds of similar IPTV subscription offers easily findable on eBay, the listing offered “All the sports and films you need plus VOD and main UK channels” for the sum of just under £60 per year, which is fairly cheap in the current market. With a non-committal “hmmm” I asked a bit more about the guy’s business and surprisingly he was happy to provide some details.

Like many people offering such packages, the guy was a reseller of someone else’s product. He also insisted that selling access to copyrighted content is OK because it sits in a “gray area”. It’s also easy to keep listings up on eBay, he assured me, as long as a few simple rules are adhered to. Right, this should be interesting.

First of all, sellers shouldn’t be “too obvious” he advised, noting that individual channels or channel lists shouldn’t be listed on the site. Fair enough, but then he said the most important thing of all is to have a disclaimer like his in any listing, written as follows:

“PLEASE NOTE EBAY: THIS IS NOT A DE SCRAMBLER SERVICE, I AM NOT SELLING ANY ILLEGAL CHANNELS OR CHANNEL LISTS NOR DO I REPRESENT ANY MEDIA COMPANY NOR HAVE ACCESS TO ANY OF THEIR CONTENTS. NO TRADEMARK HAS BEEN INFRINGED. DO NOT REMOVE LISTING AS IT IS IN ACCORDANCE WITH EBAY POLICIES.”

Apparently, this paragraph is crucial to keeping listings up on eBay and is the equivalent of kryptonite when it comes to deflecting copyright holders, police, and Trading Standards. Sure enough, a few seconds with Google reveals the same wording on dozens of eBay listings and those offering IPTV subscriptions on external platforms.

It is, of course, absolutely worthless but the IPTV seller insisted otherwise, noting he’d sold “thousands” of subscriptions through eBay without any problems. While a similar logic can be applied to garlic and vampires, a second disclaimer found on many other illicit IPTV subscription listings treads an even more bizarre path.

“THE PRODUCTS OFFERED CAN NOT BE USED TO DESCRAMBLE OR OTHERWISE ENABLE ACCESS TO CABLE OR SATELLITE TELEVISION PROGRAMS THAT BYPASSES PAYMENT TO THE SERVICE PROVIDER. RECEIVING SUBSCRIPTION/BASED TV AIRTIME IS ILLEGAL WITHOUT PAYING FOR IT.”

This disclaimer (which apparently no sellers displaying it have ever read) seems to be have been culled from the Zgemma site, which advertises a receiving device which can technically receive pirate IPTV services but wasn’t designed for the purpose. In that context, the disclaimer makes sense but when applied to dedicated pirate IPTV subscriptions, it’s absolutely ridiculous.

It’s unclear why so many sellers on eBay, Gumtree, Craigslist and other platforms think that these disclaimers are useful. It leads one to the likely conclusion that these aren’t hardcore pirates at all but regular people simply out to make a bit of extra cash who have received bad advice.

What is clear, however, is that selling access to thousands of otherwise subscription channels without permission from copyright owners is definitely illegal in the EU. The European Court of Justice says so (1,2) and it’s been backed up by subsequent cases in the Netherlands.

While the odds of getting criminally prosecuted or sued for reselling such a service are relatively slim, it’s worrying that in 2018 people still believe that doing so is made legal by the inclusion of a paragraph of text. It’s even more worrying that these individuals apparently have no idea of the serious consequences should they become singled out for legal action.

Even more surprisingly, TorrentFreak spoke with a handful of IPTV suppliers higher up the chain who also told us that what they are doing is legal. A couple claimed to be protected by communication intermediary laws, others didn’t want to go into details. Most stopped responding to emails on the topic. Perhaps most tellingly, none wanted to go on the record.

The big take-home here is that following some important EU rulings, knowingly linking to copyrighted content for profit is nearly always illegal in Europe and leaves people open for targeting by copyright holders and the authorities. People really should be aware of that, especially the little guy making a little extra pocket money on eBay.

Of course, people are perfectly entitled to carry on regardless and test the limits of the law when things go wrong. At this point, however, it’s probably worth noting that IPTV provider Ace Hosting recently handed over £600,000 rather than fight the Premier League (1,2) when they clearly had the money to put up a defense.

Given their effectiveness, perhaps they should’ve put up a disclaimer instead?

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN reviews, discounts, offers and coupons.

Source link