Censoring The Net With A Hotmail Account

Alex Bradbury writes "Members of the Bits of Freedom group conducted a test to see how much it would take for a service provider to take down a website hosting public domain material, and have published their results. They signed up with 10 providers and put online a work by Dutch author Multatuli, who died over 100 years ago. They stated that the work was in the public domain, and that it was written in 1871. They then set up a fake society to claim to be the copyright holders of the work. From a Hotmail address, they sent out complaints to all 10 of the providers. 7 out of 10 complied and removed the site, one within just 3 hours. Only one ISP actually pointed out that the copyright on the work expired many years ago. The conclusion of the investigation is definitely worth reading. The three providers who didn't take down the material are XS4ALL, UPC and Freeler. The company that came out the worst was iFast, who forwarded all the personal details of the site owner to the sender of the fake takedown notice without even being asked to do so."

It shouldn't be that easy

[erick99]

I am amazed that an ISP wouldn't have some process in place to at least check the validity of a party making that request and check the validity of the copyright as well. It wouldn't take much to put such a process in place.

Re:I would say

[rpdillon]

What should be illegal? Testing ISPs, or handing out information on your customers to whoever asks (or doesn't ask) for it?

I don't know how representative this would be of US ISPs, as all the ISPs mentioned in the article are .nl (Netherlands). The US may have laws that affect this.

iFast breaks all EU Data Protection Laws

[hattig]

Maybe this group should forward their findings onto the relevant data protection agency in the Netherlands ... it would be interesting to see what happened.

(answer: nothing, these agencies exist to suck money and do nothing)

Now that's interesting

[mcc]

The company that came out the worst was iFast, who forwarded all the personal details of the site owner to the sender of the fake takedown notice without even being asked to do so."

I can't help but wonder, is this consistent with iFast's user privacy policy? I can't tell, I don't speak Dutch...

Sadly, had to request a takedown once

[MaineCoon]

I had some source code to a game I was working on, and had licensed the code to a friend (it was for a MUD, and I had years of work invested). After an altercation, he violated the agreement we had and decided to release his copy to the world to spite me. Fortunately the code was several years old from my current work, but UNfortunately what he released contained player files with plain text passwords, and some of the players had played on both of the games with the same password.

Within 20 minutes of his posting it, I politely asked the ISP to take it down (was about midnight), and they had it taken down by morning. Someone obviously got hold of it and hacked a few of our players' accounts, but the source+assets itself never resurfaced.

Re:I would say

[imemyself]

Convicting and punishing a person for a crime they didn't commit. They didn't even try to find out if they committed it.

Not the same thing...

[mOoZik]

But when I was new to PayPal, I and some friends of mine receive spoof emails. I thought to make it known that such a thing was going around (again, I was a newb.) I removed the offending part from the email (the form submit), added a giant notice indicating it was an example or a phish scam, and put on my site. I forwarded the site to my friends.

The next day, my site was taken offline. PayPal didn't even look at the content: they chose to contact my ISP, which didn't even put up a fight, and to put a hold on my account, without any sort of consent on my part.

About XS4ALL

[Anonymous Coward]

I'm not surprised at all at XS4ALL's behavior. This is the same ISP that went to court [xs4all.nl] to defend one of their customer's rights to host the Fishman Affidavit (a collection of high-level Scientologist documents).

I'm glad that there are companies out there who are willing to stand up for their users when they are right, going so far as to take the heat in court. XS4ALL won the case, too, and the Fishman Affidavit is still hosted there for all to see.

Re:Censorship, or just cautious commercial entitie

[LetterJ]

Exactly. I run www.mncriminals.com [mncriminals.com], which publishes the MN criminal conviction data. We get the data directly from the state. We frequently get letters from people demanding that we "expunge" their record because "the state cleared their name". We pretty much just ask that they fax a copy of the state's paperwork removing the conviction from their record. We've only ever heard further from one person. Even then, she hadn't really had it expunged. Rather, she'd had the remainder of her sentence, including parole, etc. commuted. A lot of people make demands and I'm perfectly willing to follow through, but you're going to at least provide a piece of paper proving it needs to happen. The BSA can come into my offices only if there's a warrant in their hand, etc.

Could this be used AGAINST the DMCA?

[Anonymous Coward]

Consider this possibility:

A bunch of motivated slashdotters all go to their local libraries (or anywhere else they can gain anonymous internet access) and create hotmail or yahoo email accounts. Then, they send copyright violation notifications to various ISP's across America, so that a huge number of legitamite sites get taken down.

The resultant customer rage would get media attention, and the ISP's would mention the DMCA as they speak in their own defense. This would bring the harmful effects of the DMCA into the public eye.

Of course, I am not advocating any such thing. Just reflecting on the possibilities.

--AC (emphasis on the C in my case)

Re:I would say

[Gentlewhisper]

that would actually involve breaking the law.

tell me again exactly what law was broken by this group?

Erm..

Perjury?

When you send out a take down notice you are making a legal claim that is not true.

My experience

[acidrain69]

activewebhosting.com decided to pull my site just because there were MP3's on it. MP3's that I had permission to store.

DIY

[tverbeek]

This is one of the many reasons I host my own sites, and how I got into the business of hosting sites for friends who want a person they can trust doing it. I didn't like the one-sided contract terms and the poor service I was getting from hosting providers, so I set up my own shop. A little Apache, some Postfix, and a dash of BIND in a Linux stew, and I was cooking for myself. So now if someone sends a take-down notice to the company hosting my web site... it'll come to me.

Granted, I'm still dependent on someone else for connectivity itself, but I found a pretty good DSL provider with terms I can live with, so as long as I keep my systems are zombie free and I don't do anything stupid enough to get an actual court order sent to my DSL provider, I'm pretty safe from this kind of crap (at least more than I was before). And I got broadband service to my house in the process.

I realise it's not an option for a lot of people, but if you want something done right...

Re:It's logical XS4ALL did not budge :

[AlXtreme]

They are also one of the major sponsors and backers of BOF, who conducted the test. I wonder what would have happened if they really did 'do evil' and took down the information... but that's just me and my tinfoil hat.

proud (to be paranoid) XS4all customer since 1997

Re:Texan-style!

[chgros]

Living in Texas, I'm not sure what constitutes `Texan-style private ISP justice'.
It probably means "hang first, ask questions later", as in cheesy western movies.

Re:I would say

[RWerp]

A group of journalists in Poland managed to sneak into the airpoart and stick a label onto the plane on the runway. They could stick a bomb onto it as easily.

It's probably more about the terms of service

[jesterzog]

Which is why if you don't want your content being taken down, you shouldn't use a free hosting provider.

I don't think that being free really has much to do with it, although there could perhaps be a correlation. Probably what matters is the terms of service that you agree to. Even if you pay for the service, virtually all terms of service will contain a clause that states the provider can yank your access or hosting or whatever they provide on a whim at their own discretion.

Clearly it might not hold up in court, and it's perhaps even less likely to hold up if you're paying for a service and they don't have reasonable grounds for not providing it... regardless of what's in the terms of service. But they could still potentially get away with claiming that they don't have time or resources to follow up complaints and have to protect their liability, and it still means going through the court system. The latter is a huge disincentive when it's normally much easier to just find a different provider.

It's not worth it for the ISPs.

[Mustang Matt]

A potential legal battle is never profitable for an ISP. Why even take the risk?

Re:It shouldn't be that easy

[Jim Starx]

The diffrence is that child pornography is a legal matter, copyright violations are a civil matter.

Re:It shouldn't be that easy

[Anonymous Coward]

Unfortunately it's the ISP who gets sued, and so even at best they have to get a lawyer to say it's not us they should be suing it's our customer, that costs more money than that customers business is worth, so they take down the site instead.

It is worrying that the majority didn't even slightly check the complaints origin as I would imagine it's going to get more and more common as time goes by that petty online arguments will result in people sending annymous complaints to ISP's to try and get peoples websites shut down.

Can You Blame Them?

[superultra]

Say you're the ISP in this situation. It makes more sense to take it down than it does to leave it up. What do you gain for just leaving it up after receiving a dispute? Nothing, really. What do you have to lose if you continue host something that is truly under copyright? A lot more. The potential for more work is there by leaving it up than there is for merely taking it down.

Now, I'm not saying this is right. But there has to be a better incentive than "the good of all humanity" to protect fair use.

Re:It shouldn't be that easy

[Fulcrum of Evil]

Can they afford to lose a client so easily?

Let's see - $30/mo or a liability in the six figures. That's a tough call.

Re:Erroring on the side of safety

[mabhatter654]

But the penalty should be to the person/company sending the takedown letter, not the ISP.

Supposedly, they have to attest, under oath, that the letter they send is factual...I think if it becomes too big a problem that ISP's will get the courts involved FOR their customers when the time is right.

Right now, they all know too many people are trying to get away with posting stuff they shouldn't ...they consider themselves "lucky" to "only" get noticed for takedown and not told to "police" their servers for "illegal" content. When things settle down that will change...

Isn't that what they are supposed to do?

[cybrangl]

I'm not sure this is a fair test. Under the DMCA, the ISP must take down the material within (I think) 72 hours to maintain immunity. The site owner can respond in 10 days to deny the charges and the ISP can put it back up with immunity. Now I'm not saying that the DMCA is the correct way to do things, and I really don't condone the idea of handing out personal information without a court order, but this "test" doesn't tell us anything except that ISPs don't want to get into legal trouble. Surprise, surprise.

Change the system through the system

[cgenman]

I don't think we'll see action on this area until people start sending annonymous copyright takedown notices to the ISP's of members of congress, as well as the heads of major corporations, showing them the folly of giving others full control over your life and business without due process. Of course such a thing would be illegal [andrebacard.com] and dangerous [hushmail.com], and a person would have to be crazy [doityourself.com] to [diynet.com] do [doitnow.org] such a thing. After all, laws are a social contract [guerrillanews.com], which we must obey [grandtimes.com] in order for society to function [indymedia.org]. In a society ravaged by terrorism [nationmaster.com] like ours [palestinemonitor.org], sending mixed messages [guardian.co.uk] is the last thing [guardian.co.uk] we can afford.

One of the guilty

[cyberfoxz]

I happen to work at the abuse department of one of the ISP's who deleted the content(No name mentioned, but it is the biggest in Europe, I believe). What I like the world to know, is that the test done isn't done realy carefull. After we received the complaint we checked the site and concluded that the mentioned text was shown. We then sent a notice of warning to the "customer", in which we asked the person to respond to this message by mail or phone if the complaint was not accurate. After giving the customer a few days to respond, we heard noting. We know from experience that everybody who is wrongly acused/warned will respond within a few days. After not hearing from the customer, whe decided to pull the website. If it was a big issue we would have asked our legal department to take a look at the case, but we concluded this wasn't so. We didn't check the original of the text, since we are not working there to be experts of literature, just to keep our network clean. I also mailed the guy who did the test and asked him why he didn't respond to our warning notice, but he hasn't returned a message to me.

Re:It shouldn't be that easy

[bbc]

" The problem with this is that court is so expensive that the mere threat of lawsuit, however unlikely, is usually enough to get yourself taken down and banned."

In the USA.

There's a reason why the European branch of the RIAA is settling their lawsuits against consumers for way less than 2000 dollars; if they asked that much, the accused might as well take it to court, and at least have a chance of winning. (And, IIRC, some are indeed waiting for the court case. Which will presumably never happen, in case European judges would declare file-sharing legal, like a Canadian judge did.)

Re:I would say

[KillScriptKiddies]

I would say this is typical for the dutch.
They sell everybody they can to save themselves, without any serious research, and certainly without thinking of the consequences.

They have no idea of freedom of speech, privacy. Mainly because holland has no culture of professionals. About 40% leaves school at the age of 16 to 18, those that choose to study, choose for very low levels, and meaningless degrees.

The people that choose for something higher, choose for economy and other vague and contradictive educations combined with economy, like hyped studies with an IT factor that's reduced to utter insignificance and a mockery.

In many other countries youngsters pursue a professional life, not in holland. In holland they all want to be 'manager'.

Without a professional attitude things get political, like in backstabbing political. They find every excuse to get rid non-dutch people, even when the non-dutch have a much better grasp of any work at hand.

Re:One of the guilty

[cyberfoxz]

Everybody tries to have an effect on the lawmakers, the only problem is that the lawmakers always seem to only listen to the wrong voices. My own second problem, is that the opinion of the company (e.g. the board and the marketing dep.) seems to be that this is not a real problem, we handled it ok and it is not important enough. We do try have an influence but our voice isn't always heard.

It is true that we have to decide which one we believe, the complaint, or the customer. We always work together with our legal dep. if there is any doubt whatsoever. We always try to only work with evidence, because in the end we may have to show everything in court. However, this rarely happens since the laws in The Netherlands are much different then the laws in the USA. For instance, the complaints of the MPAA and RIAA are mostly dismissed since we can only act if the material is on our own servers. The privacy of customers is very important and we are not allowed to check the contents of a customers computer. Only when they use a public service (web server, ftp) we can check the contents, in every other case it would be an illegal form of hacking and only the Dutch authorities have the right to investigate this. This is also true about p2p trafic, so the complaints about sharing have no way to be found illegal, because we don't have any real evidence. The complaining party doesn't give us any evidence because if they did, it would have been illegal and can not be used in the courtroom. Changes are going to happend because the copyrights issue is being heavily discussed in the european union. I fear the day that we have to give the customers name and adress to complaining party, but this is just my own opinion. The company will only do what the laws tell us and try to protect the privacy of our customers as best as it can, simply because doing otherwise will make a lot of people go to other ISP's and it will cost us a lot of money.