This week, Redditor u/NateNate60 received an unpleasant surprise in his inbox: a DMCA infringement warning from its ISP, Comcast Xfinity. The message warned him that Comcast “had received a notification from a copyright owner, or its authorized agent, who reported an alleged infringement of one or more copyrighted works.”
The strange thing about this warning was the “infringing work” in question: Ubuntu 20.04, which is freely redistributable in any way you like. To make matters worse, the hash listed on the post is the same one linked to Canonical’s own torrent for Ubuntu 20.04.2 – u/NateNate60 was caught torrenting a unchanged copy of an open source operating system.
DMCA, P2P and you
Typically, DMCA infringement alerts are sent as a result of an ISP customer using BitTorrent to illegally obtain media or software. While the client is associated with the swarm, its public IP address is advertised – this allows other members of the swarm to request parts of the files being torrented from that user.
Rightsholders and “authorized agents” can themselves connect to an illegal swarm, collect the IP addresses of all parties involved, and send DMCA takedown notices to the ISPs responsible for those IP addresses.
The ISP uses this information to send an alert to the customer who had that public IP address at the time, and it moves on from there. If the customer continues to activate DMCA takedown notifications long enough, the ISP will eventually begin to escalate from warnings to service outages – or even an outright ban.
A distinct rodent smell
Ars contacted u/NateNate60, Comcast Xfinity and OpSecSecurity, the anti-piracy company that allegedly sent the DMCA takedown notice to Xfinity in the first place. OpSecSecurity was the first to respond, categorically denying sending the message:
OpSec Security’s DCMA transmission program was spoofed by unknown parties on multiple streaming platforms on Wednesday, May 26, 2021. The content in question all appears to be Ubuntu Linux ISO. We have incontrovertible evidence to show that these DMCA notifications were not made by or originated from OpSec Security. OpSec’s enforcement efforts are sometimes falsified by a third party in an attempt to damage OpSec’s reputation. These attempts are easy to spot and easy to refute.
We are informing the appropriate authorities of this incident.
Ars asked OpSecSecurity to expand his irrefutable evidence, but we got no response. It took a little longer to get a response from Comcast. The rep we spoke to was aware of the issue, via the original Reddit post from u/NateNate60. Unfortunately, the screenshot you/NateNate60 took was heavily redacted – too heavily redacted for Comcast to easily track down the incident.
We asked Comcast to look for: each Instead, DMCA sent warnings associated with the hash listed as “Infringing Work” – if possible, this would somehow get us closer to the bottom of the story. Such a warning would either be a fake uninstall for downloading Ubuntu or show that a (very unlikely) hash collision had occurred and that the Ubuntu torrent shared a hash with a torrent for something unrelated had.
Comcast’s team found no evidence of sending a DMCA alert associated with the hash in question, but the search was severely hampered by the lack of a corresponding case number.
Who forged what and to whom?
Since OpSecSecurity says it was already aware of its DMCA reporting program being spoofed “by multiple unknown parties on multiple streaming platforms”, it seems safe to take u/NateNate60 at his word, that is, he got some resembled a DMCA warning from his ISP regarding his download of Ubuntu 20.04 via BitTorrent.
Comcast probably sent the DMCA infringement warning, even though the team couldn’t find it. It wouldn’t be hard to fake Comcast’s warning, and most people don’t know how to authenticate an email’s headers – but it seems unlikely that anyone other than Comcast could give you/NateNate60’s email address. could have discovered in the first place .
This leaves OpSecSecurity’s statement by far the most likely – rather than the “falsified notification” being sent directly to u/NateNate60 by the attacker, it most likely was sent to Comcast, which passed the warning on in accordance with its DMCA policy.
Updating: Ars was able to check the headers of the email from Comcast to u/NateNate60 and confirm their authenticity. The DMCA warning he received came from Comcast, not a third party.
The standard procedure upon receipt of a false notice of DMCA infringement, such as a notice claiming that you do not have the right to download Ubuntu, is to file a DMCA counter-notice. Comcast outlines the procedure in its DMCA policy:
If a user receives a DMCA notice of alleged infringement and has a good faith belief that the allegedly infringing works have been removed or blocked by mistake or misidentification, that user may send us a counter-notice. When we receive a defense that meets the requirements of the DMCA, we will provide a copy of it to the person who sent the original notice of infringement… all defenses must meet the requirements of Section 512(g)(3) of the US Copyright Act.
This sounds pretty simple, but there’s a catch. Section 512(g)(3) states that a valid DMCA counterclaim must include the name, address, and phone number of the subscriber. Up to this point, the ISP’s customer is shielded from the copyright claimant; all the plaintiff has is the subscriber’s IP address, which is insufficient information for the plaintiff to file a lawsuit against the subscriber.
Filing the counterclaim unfortunately means that you fully identify yourself to the claimant. A particularly cunning and unscrupulous third-party copyright enforcement agency could theoretically use a fake DMCA infringement warning as a sort of Trojan horse – obtaining the subscriber’s legal identity through the obviously fake warning and then using it for lawsuits involving a unrelated swarm that had the same subscriber also been part of.
View image by SOPA Images