After listening to the PA Bellwether trial audio, I thought it might be beneficial to go over some important steps to take when you are notified about an alleged copyright infringement incident happening on your network. Each case and situation is different, but the following recommendations are a good starting point. Even if you find out that an authorized user of your network did this, it is better to be well aware of what actually happened and not take the Copyright Trolls claims at face value. Once you have this information, then you can make an informed decision of what to do.
Notification Via ISP Or DMCA Notice
For most of us alleged pirates, this happens when we first receive that large envelope from your Internet Service Provider (ISP) stating that due to a Federal civil law suit, they (ISP) will be releasing your subscriber information to a Copyright Troll (my opinion). Note: If a Plaintiff/Attorney doesn’t like this term they are more than welcome to change their business model. For this article I will assume the nature of the alleged copyright infringement was done via BitTorrent and the content is an adult pornographic movie(s); but other types of media and content are also relevant.
Another possible way to receive a notification of alleged copyright infringement would be via a Digital Millennium Copyright Act (DMCA) take-down notice. The DMCA take-down notice is usually just an email sent to the ISP and then forwarded to you. The DMCA take-down notice usually doesn’t mean you are/will be sued, just that some content owner wants you to stop the alleged infringing activity coming from your public IP address. Note: CEG-TEK uses these types of notices as a way to try to generate low-dollar settlements without the cost or risk from a law suit. Most of the big Copyright Trolls do not send DMCA notices to the ISP or subscribers. I believe this is indicative of the Plaintiff/Troll wishing to maintain the business model of Copyright Trolling – repeatable generation of settlements. Even for DMCA take-down notices, I would still suggest taking these actions, as if someone is using your Internet connection to do this, they may eventually download/share content from an owner who is more serious about taking legal action (i.e. Malibu Media). Once the confusion and shock wears off, here is a list of things to do that could help you out in the long run.
Take Good Notes
Get pen and paper and get ready to take good notes. Don’t rush to make changes to the network, as this could remove information you may want to record. Now I will caution you that if a case goes to a deposition or even a trial, the notes and screenshots you take could be used by the Troll to try to implicate you.
For majority of the people, this is going to be the WiFi Firewall/Router (WFR), such as a Linksys E3200. It connects to your modem and allows multiple devices (computers, smart phone, etc.) to access your network/Internet connection (wired and wireless). Network Diagram
Take notes and get screenshots of the settings for all sections/pages of the WFR, such as make, model, firmware version, security settings, logging, remote administrative ability, DHCP client list, etc. Refer to your WFR manual for details on how to access the various settings of the WFR.
Security Settings On The WFR
Is your WiFi Internet connection “open” or secured with a password? If it is password protected, note security protocol (WEP, WPA, WPA2, etc.) being used, as well as the password (yes, write it down). WEP is a joke of a security protocol and I don’t know why it is still available on these devices. Note: many people may use WPA2 (a fairly secure protocol), but if your password is weak (i.e. “password” or “letmein”), the security of your network is decreased. Note: most WFRs have a very simple default password (“admin”) and run “open” (no password or security protocol enabled) by default (out-of-the-box). This makes it easier for the novice to get up and running on the Internet. The default settings can also be an issue if you have to reset your WFR because of an error or because you forgot the password.
Does you device use WiFi Protected Set-up (WPS) and was this feature enabled on the WFR? WPS has some vulnerabilities and I’m unsure if the manufactures have corrected this. US-Cert Article
Who Is Using Your Network/Internet Connection?
This can be found in the DHCP Host Page/Client Table of the WFR. It will show all the computers that are currently connected to the network, their systems names (i.e. “Bills CPU”), the MAC address of the system, the internal network IP address, and the time IP address lease will expire. These records are not kept very long, so looking at these as soon as possible is a good idea. If you don’t find any suspicious or unusual systems on your network, do not think all is lost. Make a note of when the alleged infringement took place (date/time). You will likely find the activity allegedly took place weeks or months previously. As the Copyright Troll chose not to send out a DMCA take-down notice in a timely manner, there is little chance you will find a record of a system associated with the date/time of infringement. If you find unknown/unusual systems, even weeks after the infringement, that shows someone is using your network and could have been using it during the period of infringement. After you take notes and screenshots, then you can secure the network.
Was logging enable on your WFR? Some WFR have logging enabled by default – others are the opposite. Turn the logging on. Examine any possible logs to see what systems have used the network, as well as incoming and outgoing communication records. Take note of any unusual systems and/or communication in the logs. As many people do not understand what these logs mean, please ask one of your geeky friends to assist.
Secure The Internet Connection
Doing this shows you are not ignoring the allegations (taking it seriously) and taking steps to prevent it from occurring in the future. You may not like the fact that you feel like the “Internet Police,” but I think it may be the lesser of two evils when compared to a Troll pointing out your did nothing when advised you were the subject of a Federal law suit. If you cannot for some reason password protect the WFR, please consider MAC filtering (see below) and/or preventing the commonly used BitTorrent protocols ports from using your network. It is not 100% effective, but it is better than nothing.
I would ensure that WPA2 security protocol is being used with a complex password (i.e. “@SSh@tTroll3597#!”). Do not reconnect your systems using the new password until you examine each system to determine if it contained the movie(s) alleged to be infringed upon. Document the examination of the systems.
This security setting will allow you to limit what systems can connect to your Internet connection. It can be set to either prevent or allow a connection based on the MAC address of the network adapter on various devices (computers, cell phones, game systems, DVD Players, etc.). Note: This is not perfect and a determined individual can easily spoof a MAC address to get around this security feature.
Block Certain Protocols And/Or Ports
Some WFRs have the ability to prevent the use of various protocols, such as BitTorent, mostly by preventing communication over certain ports. Not 100% effective, but it can show that you have taken steps after the notification.
This is where you look at each system to see if the movies(s) alleged are located on the systems. As well as the movie(s), you need to look for the BitTorrent software. Note: As stated by many (to include Colette of Malibu Media LLC at the Bellwether trial), having/using the BitTorrent software/client is NOT a crime. It is HOW the BitTorrent client is used that is the issue. If you do have BitTorrent on your system, the Troll is going to try to use it as proof that you “could” have been the infringer. The Troll will really like it if he can show that you have the same BitTorrent client (i.e. µTorrent) on your system that his technical personnel recorded during monitoring. For those of you who have BitTorrent on your systems, document what titles/files you are sharing. Note: The Troll will likely just claim you removed all the evidence. It will be your job to show you are not using it to infringe upon Plaintiff or other content owners.
Keep all the notes and screenshots in a safe place just-in-case. I hope you will not need to pull them out for a defense attorney, but better safe than sorry. If you have any suggestions of additional actions, please post or email me.