Thursday, 29 September 2011

Swedish Film Institute Learning That An IP Address Is Not A Person

The Swedish Film Institute (SFI) is in the middle of a crisis after an anti-piracy company revealed that it had tracked several leaked movies on The Pirate Bay back to its servers. Desperate to deflect the accusations, today the SFI made a long statement. It turned out to be a perfect illustration that allegations of piracy based on an IP address and nothing else, simply must be backed up by something more solid.

Early September it came to light that the Swedish Film Institute (SFI) was being sucked into a scandal.

While monitoring movies leaked to The Pirate Bay, anti-piracy company DoubleTrace said it had discovered that IP addresses in the BitTorrent swarms belonged to none other than the SFI. The drama only escalated when Sweden’s Ministry of Culture and angry movie-industry figures became involved.

After first playing down the news, SFI managing director Bengt Toll later made an announcement which indicated that following an internal audit of firewalls and other logs, no wrong-doing could be found.

Considering the embarrassment of becoming the focus of movie piracy allegations and the importance of dealing with them effectively, some might look at SFI’s initial denial and say, “Well they would say that, wouldn’t they?”

But let’s slow down and take a look at information made available today by the Institute.

Although SFI acknowledge that the IP address (or addresses) logged by DoubleTrace does indeed belong to them, they reveal that it’s hardly trivial to discover the real-life person behind it. Not only do all of SFI’s staff share that IP, but several tenants (such as film and TV producers) do too. And visitors to their library, and visitors to some of their cinemas, and diners in the restaurant, not to mention those using the open WiFi in the cafe and foyer areas.

As indicated by the way they have been proactive in this case by calling in the police, the SFI really seem to want to get to the bottom of the allegations. They say they have firewall logs that could show when and from where in their infrastructure the movies were being shared.

But – and little surprise here – DoubleTrace, the anti-piracy company behind the allegations, aren’t being forthcoming with their evidence.

“The week before the incident became public we carried out intensive work in which we asked the information technology company DoubleTrace AB and production company Strix to show us the data that they claim to have, to get a chance to see if the sharing actually took place here, and if so, from where,” the SFI explains. “Since we are being denied the material it means that we can not verify whether the information is correct.”

In an effort to show how it has attempted to find the source of the problem, SFI goes on to list a whole range of activities carried out to locate any infringement including searching all PCs, servers, networks and logs, calling in auditors, advising the Ministry of Culture and engaging the wider film industry.

As previously detailed, the police were also called in to investigate and are apparently concentrating on the illegal distribution of four films. Their focus is said to be on the illegal activities, not the SFI themselves, yet because the SFI’s IP address was allegedly used to carry out the uploads, they are getting all the bad press.

Now, it’s certainly possible that the SFI person who handles the Internet account could be responsible for the uploads, but equally a passing Pirate Bay fan with access to the free cafe WiFI could have carried out the offenses too. Maybe it was more than one person, maybe DoubleTrace’s systems screwed up – who knows?

The important thing here is that when it comes to the allegations against SFI, and the refusal of the anti-piracy company to make their ‘evidence’ available, SFI should be given the benefit of the doubt.

But, unlike the hundreds of thousands of other ISP account holders around the world who receive letters claiming that they illegally uploaded a movie or song and therefore should pay compensation or, increasingly, be disconnected from the Internet, they are treated more respectfully, quite simply because of who they are.

An IP address is not a person, and unless anti-piracy companies want to let their ‘evidence’ be seen and tested in public, perhaps it’s better if they keep their allegations to themselves.

No comments: