CSI: BitTorrent

How’d they know I downloaded Meet the Fockers?

Download the MP3 audio version of this story here, or sign up for The Explainer’s free daily podcast on iTunes.

A wealthy software executive named Shawn Hogan has vowed to fight a copyright-infringement lawsuit in court rather than settle with the Motion Picture Association of America. According to the MPAA, Hogan made the film Meet the Fockers available for download through a BitTorrent file-sharing network. Hogan denies that he did anything of the sort. How do investigators find their targets?

They join the networks. In general, the movie and recording industries search out illegal file-sharers by hiring security firms to monitor popular file-sharing communities and report back on any activity that appears illegal. A company like MediaSentry, for example, will hop on to a file-sharing network and start searching for specific files. (The client provides a list of copyrighted material to check up on.) Investigators use customized versions of standard torrent trackers to sniff out the IP addresses of anyone who makes a given file available. Then they’ll take snapshots of all the other files those users offer. They may also try to connect to one of these targets to see if they can make an illegal download.

At this point, the security firm will have the screen name and the IP address of the person they suspect of trading copyrighted material. An IP address is a unique identifier that your computer gets whenever you log on to the Internet. The only entity that knows which user goes with which IP address is the user’s Internet service provider. That’s why groups like the MPAA have tended to gather a bunch of IP addresses and then file a series of anonymous lawsuits. Once they’ve done that, they can ask a judge to subpoena an ISP for the names that go along with those addresses. With the names in hand, they can swap out the John Does in the lawsuits for real people.

Critics of this name-gathering approach say these sorts of network trawls can make mistakes. For example, the Recording Industry Association of America threatened to sue a Penn State professor named Peter Usher when investigators mistook a file bearing his name for a song by the artist Usher.

Some file-sharers claim that media-security firms also seed networks with dummy torrents to trick potential pirates into revealing themselves. (One file-sharing company says the MPAA hired a hacker to steal its trade secrets.) A couple of years ago, a pair of young hackers started circulating their own fake downloads that displayed a “Bad Pirate!” message and broadcast your IP address when you opened them up.

The Shawn Hogan case seems to have involved a different sort of investigation. Hogan’s lawyer says the complaint against him comes from “Operation D-Elite,” a government investigation of the Elite Torrents file-sharing network that resulted in a series of FBI raids in May of last year. The MPAA says its evidence against Hogan consists of a hash file—data that help users coordinate and verify their downloads.

Got a question about today’s news? Ask the Explainer.

Explainer thanks Seyamack Kouretchian of the Coast Law Group and Seth Schoen of the Electronic Frontier Foundation.