• by Wendy Davis  @wendyndavis, June 6, 2008

Three computer scientists from the University of Washington who set out to study how people use peer-to-peer networks got some unexpected results--hundreds of takedown notices accusing them of infringing the copyright to books, movies and TV shows like "Harry Potter" and "Battlestar Galactica."

Surprised by the wave of notices, they decided to investigate. What they found was that the procedures used by the record industry and other entertainment companies to identify file-sharers end up singling out the wrong people.

"Our results show that potentially any Internet user is at risk for receiving DMCA takedown notices today," they wrote in a new paper released Thursday.

The report, dubbed "Challenges and Directions for Monitoring P2P File Sharing Networks--or--Why My Printer Received a DMCA Takedown Notice," examines more than 400 takedown notices the authors received in two months alleging that copyright infringement had been traced to their IP address.

The report only focuses on takedown notices and not litigation, and is based on research on only one network, BitTorrent. But the authors, assistant professor Tadayoshi Kohno, Ph. D. candidate Michael Piatek, and research assistant professor Arvind Krishnamurthy, write that copyright enforcement efforts across the board could be flawed.

"The potential for false positives and implication of arbitrary addresses undermines the credibility of monitoring and creates a significant inconvenience for misidentified users (if not financial and/or legal penalties)" states the report.

The reasons for the false positives--innocent people wrongly identified as file-sharers--range from "buggy software" to the ease with which malicious users can frame innocent ones, according to the report.

The authors had originally intended to study how people use peer-to-peer networks in hopes of making the technology more mainstream. After they received around 200 takedown notices last August, they turned their attention to why they were being targeted. They conducted another study in May, during which time they also received more than 200 takedown notices.

"We weren't downloading or sharing copyrighted material, but we kept getting complaints," Piatek said Thursday.

The report comes about five years after the recording industry began suing individual users for file-sharing online. More than 26,000 people have been targeted, with most agreeing to pay between $3,000 and $5,000 to settle the charges.

But it's not clear that the report will affect those types of cases because the record industry usually bases litigation on "direct detection," which involves downloading data directly from users and verifying the content. The report said that "direct detection" on networks like Gnutella seemed less likely to result in mistakes than the procedures they were examining on BitTorrent.

The direct detection approach "reduces the potential for false positives, but is likely to significantly increase the cost of enforcement as well as the risk of exposing monitoring agents," the paper states.

The record industry appears to be taking the report as an endorsement of its procedures. "We're grateful that the study reinforces the fact that our process is especially effective at identifying theft online," a spokesperson from the Recording Industry Association of America said.