Tuesday, October 09, 2007

Guest Article by "igor" about MediaDefender and MediaSentry

Guest article by long-time reader "igor":

Over 6,000 internal emails from Media Defender, a company employed by members of the RIAA and MPAA to penetrate and disrupt p2p networks, were made public by a group calling themselves MediaDefender-Defenders (MDD). Some of these emails, obtained because an employee of MediaDefender forwarded all of his e-mails to an unsecure Gmail account whose password was somehow obtained by MDD, appear to contradict many of the claims the RIAA has made in the tens of thousands of copyright infringement lawsuits it has filed against users of various p2p networks.
Is that a fake file you are sending me or are you just happy to sue me?
The leaked emails show that MediaDefeder was hired by RIAA and MPAA companies to flood file sharing networks with fake or altered versions of their files. Media Defender would simulate the appearance of a file as real and using their large pool of computers share (or seed) the files on most known file sharing networks. Media Defender’s database was also obtained by the same people who obtained the emails (presumably using the emails to gain access). Their database indicates that Media Defender uploaded over 13.6 million decoy files, including audio, video and picture, in just four months alone (from May to September of 2007) to people using file sharing networks. No information about previous months was available. 10.37 million of the uploads were uploads of 1,812 unique mp3 files (the 13.6 million includes multiple uploads of the same file). These decoys often contained parts of songs of severely degraded audio quality according to the emails.
RIAA members are notorious for sending cease and desist letters to hundreds of thousands alleged copyright infringers. Yet from the MediaDefender emails it’s evident that RIAA members could not distinguish between the decoys and real files. One email on this topic read: “Just had a call with Mark Denby (from UMGI). The IFPI have been in contact with him about identifying our decoys we use for protection on BitTorrent. They are concerned that they are wasting their resources and sending C&Ds for our decoy torrents. Furthermore, they are concerned that they are pulling our decoys from services where they have the ability to remove torrents without sending a C&D (like torentspy).“
In another email a Media Sentry employee writes: “Considering that we get Cease and Desists from ALL of our clients in some way or another, would compiling these incidents into a book be useful for showing our effectiveness. The rationale being, if it's good enough for you to sue over, then it must be good enough for the pirates. These abuse complaints come in just about every week, and are generally from BayTSP about Universal Studios video titles, the ESA about video games, the BSA about software, or WebSheriff about UMGI music titles…” (Emphasis in bold added).
These revelations further bring into question the accuracy of RIAA allegations in infringement law suits. If they can’t tell apart their decoys, how can they be even remotely sure they suing an infringer and not someone with a decoy?
Periodically UMG, EMI or other clients of Media Defender would test the effectiveness of Media Defender’s decoying and the ability of people using the search feature to locate the file they want. There are many email summaries of such tests including: “Here is a summary of UMG's torrent testing for this week. The effectiveness for Amy Winehouse is at 40% compared to 37% last week. Colbie Caillat is at 90% from 78%, and Common increased to 73% from 63%. However, Lyle Lovett dropped to 96% from 100% last week. Everything seems to be positive except for the drop…” This basically describes the percentage of files that were decoys that appear when a user searches. For some files, only decoys were available. An example is the screenshot where the top 10 results for Kanye West’s Good Morning were all fake file. An email about this said: “I'm seeing our decoys flood right now for "kanye west good morning." The top 10 results are us. The attached screen cap shows what it looks like on my laptop right now. The file is real for 45 seconds, then goes to crap and sounds skippy, glitchy, etc.”
“A larger volume of CD sales in 2006 were lost to borrowing, rather than p2p”
A “highly confidential” report in an email from The NDP Group, a market research firm the RIAA relies on for some of their data, to Media Defender appears to contradict the RIAA’s claim that p2p piracy causes a significant revenue loss due to a loss in CD sales. In their court documents and in various press releases the RIAA has claimed to lose over $4.2 billion annually due to a significant decline (15 percent from 2000 to 2002) in CD sales, which they claim is mostly caused by illegal p2p file sharing. According to the NDP report, however, p2p piracy only accounted for only 17 percent of the total decline in CD sales.
The NDP data showed that 62 percent of the lost CD sales in 2006 were replaced either by ripping or by burning songs from acquaintances rather than downloading them via p2p. The report also states that 19 percent of the lost sales were replaced by “paid downloads” which is 2 percent more than by allegedly illegal downloads.
Among other interesting data in the report suggesting that both p2p and legal downloads increased in 2006 there was data to show that “established p2p users spend more on CDs than consumers new to p2p.” This seems to indicate that by suing suspected p2p users the RIAA is also suing their best customers.
I sense huge sales ahead…now let’s sue the focus group.
Another email contained a report by a Marshall University professor which indicated that p2p traffic may predict sales for albums. His report stated: “In summary, the model suggests that downloaded number in P2P network will be meaningful in forecasting the sales for newly-released albums and that the sensitivity of market response to the downloaded behavior will differ by its album/artists level characteristics. Coupled with the estimate of the sales-to-download sensitivity parameter, the downloading pattern before launching can give stable pre-launch sales forecasts.”
In fact, emails show that some members of the RIAA used p2p as a predictor or sales and in fact used it to make decisions on how to treat certain singles or albums. In one such email to David Benjamin of UMG a Media Defender staffer writes:
“I wanted to follow up on your data questions from last week using our new system. As you can see from these charts I generated at mi.mediadefender.com there was not much new activity with 50 Cent, but Kanye saw some good activity. Kanye’s two singles are very very popular. At the bottom of the email, I put in a chart for Fergie for a relative comparison. If they theory is that singles sell albums, then Kanye should outsell Fergie and should kill 50 Cent. 50 has more songs that are a little popular but no blow out singles.”
Ethan Karp of UMG replied by asking: “Thanks for putting this together-- so you're saying that the 50 Cent release seems to be a "deeper" record in terms of popular tracks on p2p but that Kanye's is more top-heavy, atleast at this point?“
Other RIAA members also used Media Defender to track unsigned artists. One email states:
“Hey, randy and I had a call last week with Atlantic records who is interested in having us track some unsigned artists they pulled off myspace. I’m not sure we will end up doing this for them since we are heading down the path of giving sonybmg data but I’d be curious to know how many acts he’s talking about. ”
IP Identifies person, unless it identifies a group of people, unless it identifies corporation, unless it’s anonymous,
The RIAA claims in their law suits that an IP address identifies a person. Yet Media Defender’s practice’s is an example why this is not true. In their leaked database, it’s recorded that just over the last four months Media Defender uploaded files from over 5 million different unique IP addresses. Their emails constantly refer to obtaining new IP address to avoid being blocked by the various p2p networks or by Peer Gaurdian software due to their disruptive activity.
One email best exemplified their desperation to find new IP’s: “The Bang Bros guys have a lot of bandwidth because they have to serve up samples. Do you think we could talk to them about getting access to their IPs? My theory: there's no way a p2p network/peer guardian would ban BangBros IPs. If they spend $650k/month on bandwidth they have to have a shit ton of IPs.”
One of the ways Media Defender obtained new IP address is through Anonymizer Inc—A company who advertises their services of hiding IP addresses to allow surfing anonymously.
Media changed iPs often that it’s entirely possible that some unsuspecting people who got cease and desist letters or were sued by the RIAA in fact inherited IP address from Media Defender who intern was scanned by the RIAA.
Media Defender didn’t only flood p2p networks with decoy files. According to their emails they also intercepted downloads that were peered through their servers and instead forwarded bad data. They called this method “Interdiction”. It appears that interdiction may have worked by intercepting packets (pieces of files) and sending bad packets to people trying to download the file. Evidence of interdiction may strengthen counter claims by defendants accusing RIAA plaintiffs of trespassing on into user’s computers.
There’s one email in particular that complains about Media Defender’s attempt to “attack” a user’s computer. It says:
“The following individual on your network has attempted to attack me. The full details of the attack are as below.
Hacker's IP address:
My IP address:
Date/time of attack: Mon Apr 23 22:49:21 CEST 2007 (timezone: GMT1)
Details of attack: Simple rst attempt detected&blocked by my firewall
Please take appropriate action to stop this situation recurring. Please let
me know how this incident is resolved. “
Two Media Defender replies about this complaint are:

“I love these emails :) I wish we could show these to customers questioning our effectiveness. This guy was unsuccessful stealing, so he emailed us that we did something wrong. I LOVE it. “
“Yeah. Total dip shit. Years ago we had a guy trying to download porn. He got a pop up from us. He tracked down a phone number and called us to say we infected his computer. We promptly called him out on downloading porn. “
Media Sentry worked with Media Defender
Media Sentry, the company used by the RIAA to find and sue allegedly infringing IP Addresses collaborated with Media Defender though perhaps not willingly. Several emails on the issue indicate that Media Defender used Media Sentry resources to help with their file flooding scheme.
One email on the topic states: “I uploaded the following decoys to Bitenova, Torrentportal, and Torrentreactor…..which I hope MediaSentry will scrape. I’ll check in a day or two to see MediaSentry’s presence. One decoy has our tracker and the other is a public tracker.”
Soon after this update was emailed:
“So I verified our little test subject from our last meeting..... Turns out that MediaSentry did interdict our decoys below. Plus they inflated the numbers of seeds for the decoy with the public tracker (which started with 1 seed from my seeding machine) and now its showing 165+ on Mininova….WE HAVE EXPLOITED MEDIASENTRY”S RESOURCES….well for now….and who knows when Mininova will catch on……”
Data says otherwise? Well it’s wrong! College students are responsible for the majority of p2p traffic!
UMG asked Media Defender to see if their law suits against college students were working and if Media Defender was seeing less download requests from .edu addresses. An email request for this stated:
“Universal is curiouse if we have any historical data over the last 3 months that show whether .edu IP addresses on p2p have gone down.

They want to see if their lawsuits are getting students to stop using p2p (take a moment to laugh to yourself).”
In reply it was found that consistently .edu IP addresses accounted for less than 2.5% of all file sharers. Media Defender staff members however, refused to believe this.
“These percentages from Danny seem unintuitive. Can you [look] into [this] tomorrow. There must be something wrong w how we r resolving IPs to edus.”
An email in reply tried to justify the low results:
“I *THINK* this is because Gnutella shows us the internal natted IPs from Universities. I *THINK* we had talked about this being a special feature of gnutella. It's possible that Danny didn't take this into account when he calculated this for you. “
This would seem to imply that over the gnutella network (which Kazaa among other p2p programs used) Media Defender was unable to identify the IP address of the user. This may further throw a kink into RIAA’s argument that they are able to identify users based on IP addresses from packet logs from Kazaa.


Commentary & discussion:

Jazz Gallery

Keywords: digital copyright online law legal download upload peer to peer p2p file sharing filesharing music movies indie independent label freeculture creative commons pop/rock artists riaa independent mp3 cd favorite songs


asldkj said...

I am very glad that the MediaDefender emails were leaked for the information will shed light onto the unethical practices of RIAA, and others.

This will surely be a turning point for those with active cases.

Can current defendants can use this leaked information for their defense?

Igor said...

One slight correction... I meant to say LimeWire used gnutella not Kazaa as it uses the fasttrack protocol.

Unknown said...

Nice summary of what the RIAA and their cohorts have been trying to do; and the confusion they have generated amongst themselves with their tactics. As most of us know who have been following this for any length of time, the RIAA's tactics are simply "stabs in the dark". Sooner or later with further litigation this will become obvious to everyone involved in this scam, on both sides, to the RIAA's immense disadvantage.