SINCE THE BIRTH of Napster in the late 1990s the media have bombarded us with horror stories involving peer-to-peer file sharing. Whether they be stories about music and video piracy, viruses, child pornography or national security, the reality is that peer-to-peer file sharing is here to stay and these technologies are changing the way we work, the way we play, the way media providers distribute their content and, of course, the way we break the law.
So what exactly is ‘file sharing’? Put simply, it is a method of connecting computers together so that files can be ‘shared’ on one computer, and a user of another computer on the same network can search for and copy that file to their own computer.
Metallica get heavy
In the late 1990s, a student of Northeastern University in Boston wanted an easier way to find digital music and developed the first version of Napster, a decentralised, easily-distributed program that would allow users to share music quickly and efficiently via the internet.
Everything went well until heavy metal band Metallica discovered that a demo version of one of their songs had been circulating on the Napster network before it had been released, leading to it being played on a number of radio stations.
The song led the band’s management to Napster, and quickly discovered that the band’s entire back catalogue was easily available to anyone with a copy of Napster and an internet connection.
In 2000 a number of record companies sued Napster for contributory and vicarious copyright infringement under the US Millennium Copyright Act, making the following claims:
That its users were directly infringing the plaintiff’s copyright; That Napster was liable for contributory infringement of the plaintiff’s copyright; That Napster was liable for vicarious infringement of the plaintiff’s copyright.
Napster was found guilty on all three claims and went offline. It was unable to comply with the Court of Appeal’s order to monitor all network activity and to block access to infringing material, and eventually declared itself bankrupt in 2002.
Deciding who’s in control
Where Napster failed in the eyes of the filesharing community was the utilisation of servers to maintain databases recording which computers stored which files – in this way Napster was considered to be in control of the content. Today’s peer-to-peer networks do not use the concept of ‘clients’ and ‘servers’, but rather equal ‘peers’ that simultaneously function as both clients and servers: in this way, not only are there no centrally stored databases of content but the software is independent of the network, allowing users to choose from a variety of different applications.
Where once file sharing was primarily music orientated, better compression technologies and increased bandwidth have meant that it is now easy to share video too, which no doubt is causing a headache in the film industry. While they warn us of the dangers of pirate movies and advise us that they are of poor quality, the majority of so-called ‘pirate’ videos circulating on the internet are DVD quality. That includes the pre-release movies, which are often copied from work prints within the movie studios.
A Torrent of information Today, file sharing is joined by a technology called ‘Torrents’. These allow files to be shared in a slightly different way and allow websites to provide small files known as ‘trackers’; the user searches for and downloads the tracker for a movie, album, or TV show from the website and his software does the rest, locating and downloading the material. It’s easy, fast, reliable and free, but also in many cases results in copyright infringement.
In 2006 a high-profile raid on a Swedish-based website hosting these trackers, called The Pirate Bay, resulted in the website being offline for just three days and, rather embarrassingly for the Swedish Police, a significant increase in users of the website.
Having developed these networks, it didn’t take long for people to start using them to share pornography, and of course this meant child pornography too. All the user has to do is search for well-known search terms and within minutes he can have indecent images of children on his computer hard drive. Typically, when downloaded, the file is also shared and available to other users of the network.
If people didn’t share, then the networks would collapse. And there lies one of the fundamental problems when it comes to the law, since the Crown will often assert that simply having a file available for sharing constitutes ‘distribution’.
An analogy could be drawn with an online retailer such as Amazon, which has vast quantities of goods in their warehouse waiting for customers to order them.
In this real world, until the book or CD leaves the building it has not been distributed; but in our world of computer crime we are led to believe that the goods have been distributed even if there is no evidence to show that anyone has requested or received them.
Leaving a trail
To add to this problem, when a file-sharing user downloads a file their computer attempts to download lots of small parts of the file from many different computers at the same time in order to expedite the process. It is rare that an entire file is sourced from just one computer.
So what evidence can be found on a suspect’s computer? Often, filesharing applications will store detailed logs of what files have been downloaded to the computer; and even if the files themselves have long-since been deleted, there is often very clear evidence of what has been there – not just file names but ‘hash strings’ – a digital ‘fingerprint’ that can be compared to known files in order to show exactly what the content of the original file was.
A good forensic examiner will also be able to ascertain what search terms were used by the user of the computer to find the material that was subsequently downloaded, and in some systems can ascertain what files have been shared with others – all this, even if the illegal files themselves have been carefully removed from the computer.
The unwitting pornographer
There is still a grey area which can cause problems and that relates to ‘bulk’ downloads. Often, a user will select dozens of files at a time for downloading, leave the computer running for several hours and come back to it.
There is so much child pornography on the internet that a simple search for ‘Madonna’ can easily result in one or two indecent images of children being unwittingly downloaded, so it is important for the defence expert to investigate thoroughly the circumstances in which a file has been downloaded: there are enough signs to be able to ascertain whether bulk downloading is a contributable factor or not.