Bulgaria Approves Draft Law That Turns Pirate Site Operators Into Criminals

A draft law that aims to criminalize and prosecute those who “create conditions for online piracy” has been approved by Bulgaria’s Council of Ministers. The proposed amendments are Bulgaria’s response to heavy criticism from the United States, most publicly via the USTR’s Special 301 Reports. It’s hoped that prison sentences of up to six years will send a deterrent message. TorrentFreak reports: Last week the Council of Ministers approved draft amendments to the Criminal Code that aim to protect authors, rightsholders, and state revenue. “Crimes against intellectual property should be perceived as acts with a high degree of public danger, not only considering the rights and interests of the individual author, which they affect, but also considering the financial losses for the holders of these rights, which also affects the revenues in the state budget,” the explanatory notes read.

The stated aim of the bill is to solve identified weaknesses by upgrading substantive law to counter computer-related crimes against intellectual property. The text references those who “build or maintain” an information system or provide a service to the information society for the purpose of committing crimes. The notes offer further clarification. “The bill aims to prosecute those who create conditions for online piracy — for example, by building and maintaining torrent tracker sites, web platforms, chat groups in online communication applications for the online exchange of pirated content, and any other activities that may fall within the definition of ‘information society service’ within the meaning of the Electronic Commerce Act (pdf) and which are carried out with the specified criminal purpose.”

The Bulgarian government notes that the amendments are part of its response to criticism in the USTR’s Special 301 Report. [When countries are placed on the USTR’s ‘Watch List’ for failing to combat piracy, most can expect years of pressure punctuated by annual Special 301 Reports declaring more needs to be done. Bulgaria was on the Watch List in 2015 when the USTR reported “incremental progress” in the country’s ability to tackle intellectual property infringement, albeit nowhere near enough to counter unsatisfactory prosecution rates. In 2018 the United States softened its position toward Bulgaria, removing it from the Watch List on the basis that the government would probably deliver.] The fact that Bulgaria has been absent from the ‘Watch List’ for the last five years is down to “specific commitments” made by the authorities, with progress being monitored closely by the United States in respect of Bulgaria’s future status. The draft approved by the Council of Ministers last week envisions sentences of up to six years imprisonment and a fine of up to $5,600. According to the draft, there is no intent to prosecute individual users who simply consume pirated content.

Read more of this story at Slashdot.

BitTorrent Seedbox Provider Handed Criminal Conviction Over Users’ Piracy

A man who rented out servers configured for BitTorrent file-sharing use has been handed a three-month suspended sentence in Denmark. Known as ‘seedboxes’, these pre-configured servers are not illegal per se, but when customers used the devices to break copyright law on known pirate sites, rightsholders held the server provider liable. TorrentFreak reports: Local anti-piracy group Rights Alliance (Rettigheds Alliancen) mitigates all types of piracy but for the past few years, has maintained a keen focus on torrent sites. Working in partnership with the Danish government’s SOIK IP-Task Force, Rights Alliance forced several sites to close down and successfully prosecuted site operators, staff members, and users who uploaded content to those sites. In 2021, Rights Alliance targeted specialized servers that not only supply content to torrent sites but also play a role in boosting download times while improving security.

In 2021, news broke that six people had been arrested in Denmark due to their alleged connections to several local torrent sites. Among them was Kasper Nielsen of internet services company HNielsen Networks, a supplier of servers under various brands that could be configured for ‘seedbox’ purposes. Available information indicated that the servers had been used by an unknown number of users to share content on private torrent sites ShareUniversity, Superbits and DanishBytes. […] When Rights Alliance filed its criminal complaint against HNielsen Networks, the anti-piracy group referenced the landmark Filmspeler case which involved the sale of piracy-configured media players.

According to statements published by Rights Alliance and NSK (Saerlig Kriminalitet) Denmark’s Special Crime Unit, Nielsen was convicted yesterday for selling seedboxes in the knowledge they were being used by others to share movies, TV shows, eBooks and other content, without permission from rightsholders. “On February 28, the Court in Aalborg ruled against the Danish owner behind a seedbox company for, in the period November 2020 to May 2021, having sold seedboxes and server capacity to an unknown number of people, knowing that they were used for illegal sharing of no less than 3,838 copyright-protected works on the Danish and Nordic file sharing services ShareUniversity, Superbits and DanishBytes,” Rights Alliance reports. Nielsen was handed a three-month conditional (suspended) sentence and a confiscation order for DKK 300,000 (around $42,600), the amount users had paid his company to access the seedbox servers. The 35-year-old must also pay compensation of DKK 298,660 to Rights Alliance. “Providers of seedboxes have a responsibility to ensure that their services are not used for illegal uploading and downloading of copyrighted content, which the Rights Alliance can clearly see that they are doing,” says Maria Fredenslund, Director of Rights Alliance. “Therefore, this case helps to send a signal to other providers that you cannot deliberately sell services to the illegal market.”

Since Neilsen took a plea deal at an early stage, none of the claims made by Rights Alliance were needed to be proven in court. “The 3,838 figure and any evidence related to ‘knowledge’ of infringement carried out by seedbox customers on the sites, were accepted as true,” reports TorrentFreak.

Read more of this story at Slashdot.

Major Private Torrent Sites Have a Security Disaster to Fix Right Now

At least three major torrent sites are currently exposing intimate details of their operations to anyone with a web browser. TorrentFreak understands that the sites use a piece of software that grabs brand-new content from other sites before automatically uploading it to their own. A security researcher tried to raise the alarm but nobody will listen. From the report: To get their hands on the latest releases as quickly as possible, [private torrent sites, or private trackers as they’re commonly known] often rely on outside sources that have access to so-called 0-Day content, i.e, content released today. The three affected sites seem to have little difficulty obtaining some of their content within minutes. At least in part, that’s achieved via automation. When outside suppliers of content are other torrent sites, a piece of software called Torrent Auto Uploader steps in. It can automatically download torrents, descriptions, and associated NFO files from one site and upload them to another, complete with a new .torrent file containing the tracker’s announce URL. The management page [here] has been heavily redacted because the content has the potential to identify at least one of the sites. It’s a web interface, one that has no password protection and is readily accessible by anyone with a web browser. The same problem affects at least three different servers operated by the three sites in question.

Torrent Auto Uploader relies on torrent clients to transfer content. The three sites in question all use rTorrent clients with a ruTorrent Web UI. We know this because the researcher sent over a whole bunch of screenshots and supporting information which confirms access to the torrent clients as well as the Torrent Auto Uploader software. The image [here] shows redactions on the tracker tab for good reason. In a regular setup, torrent users can see the names of the trackers coordinating their downloads. This setup is no different except that these URLs reference three different trackers supplying the content to one of the three compromised sites.

Rather than publish a sequence of completely redacted screenshots, we’ll try to explain what they contain. One begins with a GET request to another tracker, which responds with a torrent file. It’s then uploaded to the requesting site which updates its SQL database accordingly. From there the script starts checking for any new entries on a specific RSS feed which is hidden away on another site that has nothing to do with torrents. The feed is protected with a passkey but that’s only useful when nobody knows what it is. The same security hole also grants direct access to one of the sites tracker ‘bots’ through the panel that controls it. Then there’s access to ‘Staff Tools’ on the same page which connect to other pages allowing username changes, uploader application reviews, and a list of misbehaving users that need to be monitored. That’s on top of user profiles, the number of torrents they have active, and everything else one could imagine. Another screenshot featuring a torrent related to a 2022 movie reveals the URL of yet another third-party supplier tracker. Some basic queries on that URL lead to even more torrent sites. And from there, more, and more, and more — revealing torrent passkeys for every single one on the way.

Read more of this story at Slashdot.

Torrent Site User Who Transferred 120TB of Pirated Content Avoids Prison

A torrent site user accused of downloading and uploading at least 120TB of movies, TV shows, eBooks, music and software, has avoided an immediate prison term. The 28-year-old was arrested as part of a police operation against DanishBytes. A member of the same site was sentenced earlier this month after he uploaded Netflix content obtained using hacked credentials. TorrentFreak reports: Early November 2021, Denmark’s Public Prosecutor for Special Economic and International Crime (SOIK) announced that six people had been arrested following criminal referrals by Rights Alliance. All were members and/or operators of ShareUniversity and DanishBytes. Prosecution of site operators is not uncommon but when it’s deemed in the public interest, pirate site users can also face charges. Every case is unique so criteria differ, especially across national borders, but when evidence shows large volumes of infringement, successful prosecutions become more likely. That was the case when a former DanishBytes user was sentenced last week. According to Danish anti-piracy group Rights Alliance, the 28-year-old man was a regular site member and wasn’t involved in running the site. That being said, evidence showed that for the period January 2021 to November 2021, he downloaded and/or uploaded no less than 3,000 copyrighted works, including movies, TV shows, music, books, audiobooks and comics.

Information released by the National Unit for Special Crimes (NSK), a Danish police unit focused on cybercrime, organized crime, and related financial crime, reveals that the user’s traffic statistics interested prosecutors. “During the period, the man downloaded no less than 100 TB and uploaded no less than 20 TB of copyrighted material,” NSK says. BitTorrent trackers operating a ratio model usually insist on a better ratio of downloads to uploads but DanishBytes’ situation was out of the ordinary.

The site launched in January 2021 in the wake of other sites being shut down, so had to get going from a standing start with no users. Even when arrests were being made, the site still had a relatively small userbase, which can limit opportunities to upload more. That may have been a blessing in disguise. Faced with the evidence, the man decided to plead guilty and was sentenced last week at the Court in Vibourg. In common with similar prosecutions recently, he received a suspended conditional sentence of 60 days’ probation, 80 hours of community service, and confiscation of his computer equipment. The case against the DanishBytes user began with a Rights Alliance investigation and a referral to the police. As part of his sentence, the man must pay the anti-piracy group DKK 5,000 (US$600) in compensation but Rights Alliance director Maria Fredenslund is focused on the deterrent effect of another successful prosecution.

Read more of this story at Slashdot.

US Navy Forced To Pay Software Company For Piracy

The U.S. Navy was found guilty of piracy and is ordered to pay a software company $154,400 for a lawsuit filed back in 2016. Gizmodo reports: The company, Bitmanagement Software GmbH, filed a complaint against the Navy, accusing the military branch of copyright infringement. GmbH claimed they had issued 38 copies of their 3D virtual reality software, BS Contact Geo, but while they were still in negotiations for additional licenses, the Navy installed the software onto at least 558,466 machines between 2013 and 2015. In the court filing (PDF), GmbH claimed, “Without Bitmanagement’s advance knowledge or consent, the Navy installed BS Contact Go onto hundreds of thousands of computers. Bitmanagement did not license or otherwise authorize these uses of its software, and the Navy has never compensated Bitmanagement for these uses of Bitmanagement’s software.”

The company sued the Navy for nearly $600 million for “willful copyright infringement” of the software which, according to the vendor’s website, is a 3D viewer that “enables you to visualize and interact with state of the art 2D/3D content,” and is based on digital data captured from “various sources (land surveys, CAD, satellite imagery, airborne laser scanning, etc).” The court filings stated that after GmbH filed the lawsuit in July 2016, the Navy uninstalled the BS Contact Geo software from all of its computers and “subsequently reinstalled the software on 34 seats, for inventory purposes.” GmbH wrote in the court filing, “The government knew or should have known that it was required to obtain a license for copying Bitmanagement software onto each of the devices that had Bitmanagement software installed. The government nonetheless failed to obtain such licenses.”

Read more of this story at Slashdot.

Court Upholds Piracy Blocking Order Against Cloudflare’s DNS Resolver

The Court of Rome has confirmed that Cloudflare must block three torrent sites through its public DNS resolver. The order applies to kickasstorrents.to, limetorrents.pro, and ilcorsaronero.pro, three domains that are already blocked by ISPs in Italy following an order from local regulator AGCOM. TorrentFreak reports: Disappointed by the ruling, Cloudflare filed an appeal at the Court of Milan. The internet infrastructure company doesn’t object to blocking requests that target its customers’ websites but believes that interfering with its DNS resolver is problematic, as those measures are not easy to restrict geographically. “Because such a block would apply globally to all users of the resolver, regardless of where they are located, it would affect end users outside of the blocking government’s jurisdiction,” Cloudflare recently said. “We therefore evaluate any government requests or court orders to block content through a globally available public recursive resolver as requests or orders to block content globally.” At the court of appeal, Cloudflare argued that DNS blocking is an ineffective measure that can be easily bypassed, with a VPN for example. In addition, it contested that it is subject to the jurisdiction of an Italian court.

Cloudflare’s defenses failed to gain traction in court and its appeal was dismissed. DNS blocking may not be a perfect solution, but that doesn’t mean that Cloudflare can’t be compelled to intervene. […] Cloudflare believes that these types of orders set a dangerous precedent. The company previously said that it hadn’t actually blocked content through the Public DNS Resolver. Instead, it implemented an “alternative remedy” to comply with the Italian court order.

Read more of this story at Slashdot.

RIAA Flags ‘Artificial Intelligence’ Music Mixer As Emerging Copyright Threat

The RIAA has submitted its most recent overview of notorious markets to the U.S. Trade Representative. As usual, the music industry group lists various torrent sites, cyberlockers and stream-ripping services as familiar suspects. In addition, several ‘AI-based’ music mixers and extractors are added as an emerging threat. TorrentFreak reports: “There are online services that, purportedly using artificial intelligence (AI), extract, or rather, copy, the vocals, instrumentals, or some portion of the instrumentals from a sound recording, and/or generate, master or remix a recording to be very similar to or almost as good as reference tracks by selected, well known sound recording artists,” RIAA writes.

Songmastr is one of the platforms that’s mentioned. The service promises to “master” any song based on the style of well-known music artists such as Beyonce, Taylor Swift, Coltrane, Bob Dylan, James Brown and many others. The site’s underlying technology is powered by the open-source Matchering 2.0 code, which is freely available on GitHub. And indeed, its purported AI capabilities are prominently in the site’s tagline. “This service uses artificial intelligence and is based on the open source library Matchering. The algorithm masters your track with the same RMS, FR, peak amplitude and stereo width as the reference song you choose,” Songmastr explains.

Where Artificial Intelligence comes into play isn’t quite clear to us. The same can be said for the Acapella-Extractor and Remove-Vocals websites, which the RIAA lists in the same category. The names of these services are pretty much self-explanatory; they can separate the vocals from the rest of a track. The RIAA logically doesn’t want third parties to strip music or vocals from copyrighted tracks, particularly when these derivative works are further shared with others. While Songmastr’s service is a bit more advanced, the RIAA sees it as clearly infringing. After all, the original copyrighted tracks are used by the site to create derivative works, without the necessary permission. […] The RIAA is clearly worried about these services. Interestingly, however, the operator of Songmastr and Acapella-Extractor informs us that the music group hasn’t reached out with any complaints. But perhaps they’re still in the pipeline. The RIAA also lists various torrent sites, download sites, streamrippers, and bulletproof ISPs in its overview, all of which can be found in the full report (PDF) or listed at the bottom of TorrentFreak’s article.

Read more of this story at Slashdot.

Court Orders Telegram To Disclose Personal Details of Pirating Users

The High Court in Delhi ordered Telegram to share the personal details of copyright-infringing users with rightsholders. The messaging app refused to do so, citing privacy concerns and freedom of speech, but the court waved away these defenses, ordering the company to comply with Indian law. TorrentFreak reports: Telegram doesn’t permit copyright infringement and generally takes swift action in response. This includes the removal of channels that are dedicated to piracy. For some copyright holders that’s not enough, as new ‘pirate’ channels generally surface soon after. To effectively protect their content, rightsholders want to know who runs these channels. This allows them to take action against the actual infringers and make sure that they stop pirating. This argument is the basis of an infringement lawsuit filed in 2020.

The case in question was filed by Ms. Neetu Singh and KD Campus. The former is the author of various books, courses, and lectures, for which the latter runs coaching centers. Both rightsholders have repeatedly complained to Telegram about channels that shared pirated content. In most cases, Telegram took these down, but the service refused to identify the infringers. As such, the rightsholders asked the court to intervene. The legal battle culminated in the Delhi High Court this week via an order compelling Telegram to identify several copyright-infringing users. This includes handing over phone numbers, IP addresses, and email addresses.

The order was issued despite fierce opposition. One of Telegram’s main defenses was that the user data is stored in Singapore, which prohibits the decryption of personal information under local privacy law. The Court disagrees with this argument, as the ongoing infringing activity is related to Indian works and will likely be tied to Indian users. And even if the data is stored elsewhere, it could be accessed from India. Disclosing the personal information would not be a violation of Singapore’s privacy law either, the High Court adds, pointing out that there is an exception if personal details are needed for investigation or proceedings.

Telegram also brought up the Indian constitution, which protects people’s privacy, as well as the right to freedom of speech and expression. However, that defense was unsuccessful too. Finally, Telegram argued that it is not required to disclose the details of its users because the service merely acts as an intermediary. Again, the Court disagrees. Simply taking infringing channels offline isn’t good enough in this situation, since infringers can simply launch new ones, as if nothing had happened.

Read more of this story at Slashdot.

Pirate Site Blocking Is Making Its Way Into Free Trade Agreements

The new free trade agreement between Australia and the UK includes a site blocking paragraph. The text requires the countries to provide injunctive relief to require ISPs to prevent subscribers from accessing pirate sites. While this doesn’t change much for the two countries, rightsholders are already eying similar requirements for trade deals with other nations. TorrentFreak reports: The inclusion of a blocking paragraph in the copyright chapter of the trade deal was high on the agenda of various copyright holder groups. Following a series of hearings and consultations, both countries settled on the following text:

1. Each Party shall provide that its civil judicial authorities have the authority to grant an injunction against an ISP within its territory, ordering the ISP to take action to block access to a specific online location, in cases where:
(a) that online location is located outside the territory of that Party; and

(b) the services of the ISP are used by a third party to infringe copyright or related rights in the territory of that Party.

2. For greater certainty, nothing in this Article precludes a Party from providing that its judicial authorities may grant an injunction to take action to block access to online locations used to infringe intellectual property rights in circumstances other than those specified in paragraph 1.

This hasn’t gone unnoticed by the Alliance for Intellectual Property, which represents rightsholder organizations such as the MPA, BPI, and the Premier League. The group repeatedly urged the UK Government to include site-blocking powers in the agreement. In a recent submission to the UK Government, the Alliance once again stresses the importance of site blocking, while also hinting at broadening the current anti-piracy toolbox. “It has become a hugely valuable tool in the armory of rights holders looking to protect their IP. It is vital that the UK Government ensures the preservation of the no-fault injunctive relief regime,” the Alliance writes. “We would also encourage the opening of dialogue, wherever possible, to share experience around UK practices and to encourage faster, more efficient website blocking procedures, whether through civil, criminal, administrative or voluntary means.”

The site-blocking language is already included in the latest trade deal draft but the Alliance is also looking ahead at future agreements with other countries. In this context, the blocking paragraph will send a clear message. “We would therefore urge the UK Government to include reference to the site blocking legislation in the FTA with Australia as it will send an important message to future countries that we might chose [sic] to negotiate trade agreements with.” The Alliance for Intellectual Property doesn’t mention any other countries by name. However, it specifically references a report from the U.S. Copyright Office where site blocking was mentioned as a potential future anti-piracy option. In the same report, the Copyright Office also stressed that further research would be required on the effect and impact of a U.S. site-blocking scheme, but the idea wasn’t dismissed outright.

Read more of this story at Slashdot.