Managing use of copyrighted material across national borders is forging new partnerships, reports Greg Masters.
As Bob Dylan 2.0 might put it: The times, and the means of distribution, they are a-changin'.
His music and other artists' creations now often are downloaded through illegal peer-to-peer (P2P) networks, various social media and other sites by individuals who want to avoid paying the entertainment companies representing them.
On Jan. 19, MegaUpload, a P2P file-sharing site, became the victim of its own success when New Zealand police, following a request from the FBI, shut down operations with a raid on its headquarters in a rented $30 million mansion near Auckland.
Certainly the parameters of “acceptable use” have altered considerably since Sean Parker and two partners started Napster in 1999 as a P2P service. The service made it easy to distribute music, even though the enterprise was flagrantly flouting legal boundaries. Consumers who were fed up paying $19 for a CD were easily tempted to abandon ethical concerns for the convenience of downloading music for free.
But, this phenomenon was able to exist only because the internet at that time was still in its early stages. If large corporations were aware of the activity, it was still only a blip on their screens, not enough of a threat to instigate action.
Nowadays, however, copyright holders could not ignore the number of users MegaUpload attracted: MarkMonitor, an enterprise brand protection firm, put the figure at more than 21 billion visits per year. The half-billion dollars in revenue corporate big daddies were claiming to lose also proved intolerable.
Just like Napster in its early days, this site, established in 2005, had put up a pretense of legitimacy by agreeing to remove files when infringement complaints came in. This gesture proved insufficient, however. Its dissemination of purloined movies, television shows, music and other digital content clearly skirted copyright laws.
Facebook and YouTube began their existence flirting with copyrighted material, also. But, to reach mainstream acceptance and avoid being sued out of existence, they had to clean up their acts. When Google bought YouTube for $1.65 billion in October 2006, that process entailed deleting copyrighted material from the servers.
Still, the growth of file-sharing sites such as these has increased the stakes for large entertainment companies and other copyright holders, as well as the law enforcement and legal bodies attempting to exert control and enforcement over which laws govern usage across national boundaries. To date, it is difficult for law enforcement to pursue many of the electronic crimes across international boundaries – often due to country-specific laws relating to cyber crime, says Gunter Ollmann (left), vice president of research at Damballa, an Atlanta-based network security vendor.
“Many countries simply don't have the appropriate laws,” he says. “Subsequently, law enforcement must look for other ‘related' crimes conducted by the cyber thieves – and use those in their international law enforcement discussions.”
For example, at the time of the massive Mariposa botnet, which was primarily employed to steal data and launch denial-of-service attacks, Spain neither had laws governing botnets nor any that made the unauthorized installation of software on someone else's computer a crime, Ollmann says. So, to arrest and prosecute the Mariposa operators there, law enforcement had to make a case around credit card fraud. That is, the criminals were caught making physical copies of the credit card details they leeched from their victims' computers to purchase goods and services in Spain.
Philip Victor, director of the Centre for Policy & International Cooperation at the International Multilateral Partnership Against Cyber Threats (IMPACT), agrees that the challenge is gigantic as cybercriminals are unfettered by national boundaries, while law enforcement agencies' efforts are limited to local jurisdictions. "All agencies, countries industry partners and organization should cooperate with each other to share their expertise and resources," he says. This entails the sharing of databases and information from neutral organizations containing such details as the names of cyber crime offenders, profiles of previously identified theft/cyber crime, the anatomy of different cyber crime groups, information for latest threats and proactive measures to practice.
"Every country should ideally audit and list their critical infrastructures and key organizations who are involved in the areas of cybersecurity, along with list of responsible focal point within the country who can contribute in securing their cyber infrastructure, Victor says. This will shape a national security database which could play a vital role in terms of takedowns, and serve as a contact point for rapid action response.