As developers of generative AI models and services continue to progress at a startling pace, it was only a question of when the RIAA would select the perfect litigation candidate, for the purpose of drawing a line in the sand.

Two Targets, Two Lawsuits

The RIAA announced not one, but two copyright infringement lawsuits on Monday, filed against two of the most impressive services in the generative AI music market.

Udio owner Unchartered Labs was sued in the US District Court for the Southern District of New York, while Suno, Inc. was targeted in a similar lawsuit filed at the US District Court for the District of Massachusetts.

Several of the plaintiff record labels appear in both lawsuits. UMG Recordings, Capitol Records, Sony Music Entertainment, Atlantic Records and Warner Records seem set for the heavy lifting, along with several smaller but not insignificant industry players.

In common with the RIAA’s claims against the defendants, the lawsuits are generated from common material and in the early stages, they’re almost indistinguishable from each other.

Noting that the music industry has always been at the forefront of technological advancement, “ready to push boundaries” and expand commercial opportunity, the labels say that, since AI technology has enormous potential for abuse, implementation must be carried out “responsibly, ethically, and legally.”

The purpose of these lawsuits, stated separately yet identically in each, is to enforce two basic principles: AI technology is not exempt from copyright law and AI companies must play by the rules.

Those rules were broken, the lawsuits individually claim, when Udio/Suno “copied decades worth of the world’s most popular sound recordings” and then ingested those copies into AI models to generate outputs that “imitate the qualities of genuine human sound recordings” for the purpose of generating profit. (Examples embedded below)

AI Companies “Deliberately Evasive” About Sources Copied

The record labels allege that the foundations of the Udio and Suno businesses are identical; they “exploit copyrighted sound recordings without permission” and then become “deliberately evasive” in respect of what content was copied and from whom.

In Suno’s case, the labels allege that one of its co-founders admitted that the service is trained on a mix of proprietary and public data, using practices “fairly in line with what other people are doing.”

Executives at Udio, the labels claim, admitted that their service is trained on a “large amount of publicly-available and high-quality music” obtained from the internet.

The plaintiffs conclude that the services offered by Udio and Suno would not be able to function as they do without ingesting huge quantities of sound recordings. In many cases, they add, those sound recordings are owned by them.

Responses Suggest Reliance on Fair Use Defenses

Ongoing copyright infringement lawsuits against various AI companies appear set for a showdown on similar, specific grounds; any unauthorized use of copyrighted works is protected under the doctrine of fair use and the copyright holders are entitled to nothing.

Microsoft and OpenAI insist that any use of copyrighted works belonging to the New York Times amounts to protected fair use, with the same applying to other material referenced in a lawsuit filed by other publishers.

Nvidia also appears set to defend lawsuits on fair use grounds, and the same can be said for argument in legal action involving Meta.

After being allegedly evasive on the origins of source material, the labels note that in pre-litigation discussion, both Udio and Suno were directly accused by the plaintiffs of copying their content, but the AI companies’ responses were limited.

The companies “did not deny or proffer any facts to undermine those allegations. It would have been simple to admit that other, legally acquired recordings were used,” the plaintiffs say, adding that responses received were “disingenuous.”

A Fair Use Defense in Either Lawsuit Cannot Prevail

Ultimately, however, the lawsuits note that the defendants did eventually respond by indicating that to the extent there was any coping, that was permitted under fair use.

“[Which] was telling, the labels write, “because fair use only arises as a defense to an otherwise unauthorized use of a copyrighted work.”

As far as the labels are concerned, defenses based on fair use are inapplicable here. “[W]holesale copying of countless recordings” serves none of the classic fair use exemptions such as “criticism, comment, news reporting, teaching, scholarship, or research.”

Rather, the Suno and Udio services copy and ingest massive amounts of copyrighted works “to create computer-generated imitations of human expression that do not merit copyright protection.” The labels state that the motive is “brazenly commercial and threatens to displace the genuine human artistry that is at the heart of copyright protection.”

In summary, both services are described as for-profit operations, that ingest unlicensed copyright works, for the purposes of imitating established artists and musicians in generated music, that could substitute and compete in the same market as the originals.

The labels’ claims for relief are the same in both lawsuits; willful direct copyright infringement (post-1972 recordings) and willful direct copyright infringement (pre-1972 recordings), for which the labels say they are entitled to injunctive relief and either actual damages and profits, or statutory damages of up to $150,000 per work infringed pursuant to 17 U.S.C. § 504(c).

Copies of the lawsuits against Suno and Udio available here and here (both pdf)

Examples of contentious tracks generated by Suno and Udio ( 404media.co )

From: TF , for the latest news on copyright battles, piracy and more.

The M3U file format has been around for more than a quarter-century. In essence, it links to a streamable media file that can be loaded through media players.

In the early days, it was predominantly used to stream Internet radio though Winamp and other media players. While the format is still used for that today, M3U files have enjoyed a resurgence as a video streaming tool in recent years.

The M3U file format is content-neutral, but many people are using it to share IPTV streams, which are often redistributed without permission. Those who look hard enough can find access to pretty much any channel imaginable.

IPTV-org.github.io

One of the largest repositories of IPTV links is hosted through GitHub Pages. The site, iptv-org.github.io, has roughly a million monthly visits and lists more than 37,000 channels, many of which are streamable. Not all these streams are infringing, but some clearly are.

The maintainers of the site are aware of the potential copyright issues. However, they don’t see the links to M3U playlists as copyright infringements. Instead, they urge rightsholders to go after the providers that host these files.

“Note that linking does not directly infringe copyright because no copy is made on the site providing the link, and thus this is not a valid reason to send a DMCA notice to GitHub,” they explain .

This is an interesting take that could be worth defending in court. However, when torrent sites tried a similar defense in court, it failed , mainly because the infringing links are intentionally indexed, curated and categorized.

Warner Bros. Takedown

Warner Bros. already seems convinced that the links are infringing. A few days ago, the Hollywood studio sent a takedown notice to GitHub though its anti-piracy partner MarkScan, asking it to remove iptv-org.github.io in its entirety.

“Based on our investigation, we have determined that “iptv-org.github.io” is providing the Live TV channel of WBD illegally. This site is engaging in copyright piracy by providing unauthorized streams of digital content without the consent of the copyright owner,” the takedown notice reads.

The takedown notice asks GitHub to remove or disable access to the infringing links. However, before taking any action, the developer platform nudged the maintainers of the site, allowing then resolve the matter on their own accord.

Self-Administered Takedown

GitHub allowed the developers one business day to remedy the Warner Bros. complaint. In this case, that means removing all WBD content, including HBO, Cartoon Network, and several Discovery channels.

While the developers previously suggested that these types of DMCA takedowns should not be valid, they didn’t file a counter notice. Instead, they swiftly identified all Warner Bros. and Discovery channels, to remove these from the site within the deadline.

“Successfully merging a pull request may close this issue,” an internal note reads, after which dozens of links were indeed removed.

The self-administered takedown appears to have been too broad initially, as several links – presumably unrelated to Warner Bros. – were later restored. However, the swift action appears to have saved the site.

GitHub typically publishes DMCA takedown notices after it has fully processed a matter, which often means that sites or repositories are removed. However, “iptv-org.github.io” is fully operational at the time of writing, minus the Warner Bros. content.

Warner Bros. had its takedown notice honored, as the infringing channels are no longer linked. However, instead of simply taking down the entire site, it became a ‘precision’ takedown, merely focusing on the content that it was supposed to target.

From: TF , for the latest news on copyright battles, piracy and more.

Italy’s Guardia di Finanza (GdF), a law enforcement agency operating under the Ministry of Economy and Finance, has often been the source of some of the country’s most dramatic pirate IPTV news.

With a key focus on financial crime, GdF appears to adopt a ‘follow-the-money’ approach. Over several years, GdF claims to have taken down dozens of IPTV providers and resellers, denied scores of millions access to pirate services, and redirected the whole country’s internet traffic to identify pirates.

‘Signal Transmission Obscured’ For Over 1.3 Million Users

A new announcement claims that fresh GdF action running alongside Euro 2024 is responsible for over 1.3 million IPTV pirates having their viewing “blacked out.” In football-crazy Italy, that’s a significant claim.

“The soldiers of the Provincial Command of the Guardia di Finanza of Milan, coordinated by the local Public Prosecutor’s Office, conducted an important investigation to combat the phenomenon of audiovisual piracy, the so-called ‘IPTV’,” the statement reads.

“In conjunction with the 2024 European Football Championships, the Fiamme Gialle carried out 14 local and IT searches throughout the national territory against 13 suspects, residing in various Italian regions and abroad.”

The IT specialists from the Fiamme Gialle unit have been credited with a number of successful anti-IPTV operations since 2022; 6,500 IPTV pirates identified after accessing a police honeypot , action against 545 Telegram channels , and a more recent operation targeting a provider in Italy, for example.

GdF continues by noting that 13 of the suspects are “accused of managing illegal distribution networks of the major television schedules protected by copyright, illegally decrypting and redistributing the contents of the most important global television players via unauthorized IPTV platforms, causing significant economic damage to legitimate broadcasters.”

No Mention of Any Arrests, No Mention of Equipment Seizures

While it’s certainly possible that this operation led to arrests, details like that are typically present in deterrent messages issued by the authorities, especially in tandem with an event like Euro 2024. Towards the end of the statement, GdF says the investigation “concluded with the identification of 13 people ” suspected of various crimes. An operation last December was reported in similar fashion.

A critical eye further reveals other noteworthy details, such as the Fiamme Gialle carrying out “14 local and IT searches” against suspects “residing in various Italian regions and abroad.” Exactly what an “IT search” amounts to is unclear but, if any searches took place physically, there’s zero mention of any hardware seizures, which are usually detailed down to the last thumb drive.

Massive Pirate IPTV Blackout

“The signal transmission was therefore obscured, preventing access to content for over 1.3 million users.” (GdF statement)

The most recent published study on IPTV consumption in Europe arrived in December 2023, so around 18 months ago. The Audiovisual Anti-Piracy Alliance (AAPA) estimated that 2.5% of the Italian public accessed illicit IPTV services, around 1.14 million people in total.

Given that these figures relate to consumption in 2021, to obtain an estimate on consumption today, let’s generously double 1.14 million to 2.28 million, and completely ignore Italy’s massive Piracy Shield IPTV blocking program launched this year.

That leads to the conclusion that over half of all pirate IPTV consumers in Italy (1.3 million) had their supply cut off sometime during the last 10 days, since this operation ran “in conjunction” with Euro 2024.

The GdF announcement on X/Twitter currently has around 3,500 views; four people have posted a comment, one of which is an ad for a pirate IPTV service. That seems to be at odds with the number of people said to have been denied access to pirate IPTV services.

Google Trends data suggests more people were interested in the most popular search terms last November; Piracy Shield was expected to launch then, but didn’t. There was no blocking until February 2024; that caused a spike in engagement, but even that dropped off quickly.

Google Trends: Popular search terms

The red line depicting searches for IPTV is on the rise but the kind of apocalyptic event that sees half or more IPTV device users in the country having their service terminated would be a much steeper rise than that. The next few days will provide a clearer view of the data but at the time of writing, interest in ‘IPTV’ is roughly half the peak seen late August/early September 2023 in response to the passing of a new anti-piracy law.

“The investigations, conducted by a team of soldiers from the Economic-Financial Police Unit of Milan, highly qualified in combating computer crimes, coordinated by the local Public Prosecutor’s Office, arose from a complaint from SKY ITALIA,” the GdF statement continues.

The next few lines of detail are something rarely discussed in public, for reasons that will become immediately obvious.

The Suspects’ Operations Are ‘Completely Innovative’

“The suspects operated in a completely innovative way compared to the past, i.e. through the exfiltration of the decoding keys, necessary for the decryption and ‘unencrypted’ viewing of all the channels and television schedules of the main and most important broadcasters..” (GdF statement)

While pirates and others interested in encryption have no problem discussing the above in public, it’s interesting that the authorities and presumably Sky, which this directly affects, are mentioning this in public.

This is a reference to a major weakness in the security meant to protect content at Sky in Italy and other countries around Europe.

Mostly, but not exclusively, impacting the Widevine digital rights management (DRM) system owned by Google, a subscriber to legal IPTV services can extract encryption keys using certain software and ultimately obtain otherwise subscription services for free. Broadcasters have been aware of the problem for years and take action when tools appear in public , at least where they have the ability to take them down.

In respect of IPTV piracy, this raises two key issues. Firstly, while legal broadcasts are often obtained by capturing/recording video streams and rebroadcasting those to the public, this technique allows IPTV providers to capture a digital data stream directly from the source, i.e. the broadcasters’ content delivery networks (CDN).

A positive for broadcasters, in this scenario, is that since streams are rebroadcast from providers’ own servers, Italy’s Piracy Shield system is, in theory, capable of preventing any restreams reaching consumers.

A potentially more worrying issue is when people access this content directly, i.e. they use extracted keys to view the broadcasters’ streams directly from the broadcasters’ servers. If Piracy Shield attempted to block the source, not even legal customers would be able to access a service they actually pay for.

A positive for broadcasters in this scenario is a fairly high barrier to entry; the downside is that software and services to make this easier are becoming more accessible.

A self-hosted software package, to make one aspect of this process much more straightforward, has been attracting interest recently, but with the same and similar tools available via any web browser, it’s not difficult to see where this is headed.

From: TF , for the latest news on copyright battles, piracy and more.

Following the example of the United States, the EU began publishing its very own piracy watchlist a few years ago.

The ‘Counterfeit and Piracy Watch List’ is compiled by the European Commission. Like its U.S equivalent, it relies on stakeholder groups to nominate problematic sites and services for inclusion.

New EU Piracy Watch List

The most recent version of the report was published in late 2022 and the EU is currently soliciting comments from stakeholders for the next release. As in previous years, the focus is on sites and services that are presumably operated from outside the European territory.

“The European Commission services request written contributions from stakeholders identifying online services and physical marketplaces that may fulfil the criteria to be included in the ‘Counterfeit and Piracy Watch List’,” the Commission writes .

Based on previous reports, we can expect that torrent sites, stream-rippers, and pirate streaming sites will make an appearance. The same applies to IPTV services, piracy apps, and bulletproof hosting providers.

Not All ‘Pirates’ are Equal

An overview of all sites and services listed in the latest ‘watchlist’ is available below . Many of these are classic pirate sites with anonymous operators. However, the list also includes companies that categorically deny the ‘piracy’ label and any bad intent often associated with it.

For example, tucked in between pirate portals such as Fmovies and The Pirate Bay, we find the Russian social media platform VK.com and the file-hosting service Mega. These services are run by corporations. They typically cooperate with rightsholders, unlike traditional ‘pirate’ sites.

To add more balance, the EU now specifically invites companies and services that appeared on the previous list, to share their views on the matter.

“Online service providers and physical marketplace operators appearing in the Counterfeit and Piracy Watch List of 2022 are also invited to submit written contributions in which they present the actions they have taken to address IP infringements on their services or while providing their services,” the Commission notes.

Mega Nuance

While The Pirate Bay is unlikely to submit a serious comment, Mega almost certainly will. When the New Zealand-based company was added to the watchlist in 2022, it wasn’t pleased at all.

At the time, Mega’s executive chairman Stephen Hall said he was disappointed the European Commission didn’t reach out to the company beforehand. If it did, Mega would’ve been happy to explain the measures they take to accommodate copyright holders.

“The inclusion of Mega on the watchlist lacks legitimacy and we refute their findings,” Hall informed TorrentFreak in 2022.

“Unfortunately, the Commission never contacted Mega for clarification or comment so they misunderstand Mega and misrepresent our operations. Mega had no opportunity to correct their misunderstandings,” he added.

Mega undeniably faces copyright challenges, as some users abuse the service to share pirated content. However, the company’s transparency report indicates that it isn’t sitting still; it removes millions of files in response to takedown notices, and has thrown out thousands of repeat infringers.

The company now has the chance to share these nuances with the European Commission, as the consultation is now live.

Mega and other stakeholders have until the 15th of August to submit their comments. The new edition of the ‘Counterfeit and Piracy Watch List’ is scheduled to be published in the second quarter of next year.

—

Below is an overview of all the sites and services that were listed in the 2022 Counterfeit and Piracy Watch List.

Cyberlockers
– Mega.nz/.io
– Uptobox.com / Uptostream.com
– Rapidgator.net
– Uploaded.net (ul.to, uploaded.to)
– Dbree.org

Stream-Rippers
– Y2mate.com
– Savefrom.net /ssyoutube.com/sfrom.ne
– Flvto.biz and 2conv.com
– Snappea.com

Linking or referring websites
– Fmovies.to (and related domains)
– Seasonvar.ru
– Rlsbb.ru
– Rezka.ag

BitTorrent and P2P Sites
– ThePirateBay.org
– Rarbg.to
– Rutracker.org
– 1337x.to

Unlicensed download sites
– Music-Bazaar.com and Music-Bazaar.mobi
– Sci-hub.tw; sci-hub.cc; sci-hub.ac; sci-hub.bz and others
– Libgen.onl and mirror sites

Piracy Apps
– IPTV Smarters
– Ievpad.com
– Shabakaty

Hosting providers
– DDoS-Guard.net
– Private Layer
– “Amarutu”, also known as Koddos
– AS-Istqservers / Istqserverses (“Istq”)
– HostPalace Web Solution PVT LTD (“Host Palace”)

Unlicensed IPTV services
– BIPTV.best and BestBuyIPTV.store
– King365tv.com / Theking365tv.pro
– VolkaIPTV.com

Social media
– VK.com

Piracy Supporting Services
– 2embed.ru
– Fembed.com

From: TF , for the latest news on copyright battles, piracy and more.

Google started keeping track of all incoming DMCA takedown notices at the beginning of the last decade.

In the spring of 2012, Google formally launched its Transparency Report, sharing details on all copyright-related removal requests, including the targeted links and their senders.

In the years that followed, the DMCA takedown volume steadily increased. When it eventually hit a plateau a few years ago, we theorized that Google’s anti-piracy measures were paying off. However, pirates turned out to be stubborn and tricky to defeat.

9 Billion

Today, many pirate sites are well aware of Google’s demotion tactics and the relentless stream of takedown notices. In response, many switched to new domains or URL structures, which triggered a cat and mouse game with Google, as a bystander, yet at the center of it all.

Initially, it took several years before Google processed its billionth DMCA takedown notice , but the resurgence we’ve seen over the past year has broken all records.

Last August, Google reached the 7 billion milestone, just nine months after it received the 6-billionth takedown. In February, after just six months, the 8 billion mark was reached and today, four months onward, the totals exceed 9 billion.

New Players

It’s difficult to tell whether this increase will continue, as the figures are dominated by less than a handful of takedowns companies. This includes Link-Busters, which was averaging more than 200 million takedowns a month earlier this year.

Last year, however, adult entertainment company MG Premium, was the most prolific takedown sender. Recently, Link-Busters appears to have scaled down a bit, so a new player might have to emerge for records to be broken again.

Looking at the targeted sites, we see that some new names have appeared. This includes two domain names from shadow library search engine Anna’s Archive. These domain names are targeted by several major publishers, mainly through Link-Busters.

Subdomain Bonanza

Another new domain, currently in third place, is 123rutor.su. This site was flagged more than 100 million times in less than a year, almost exclusively by VGTRK, the Russian State Television and Radio Broadcasting Company.

The main 123rutor.su name is inaccessible, but the Rutor mirror has hundreds of subdomains, and it can add additional ones as required.

Many subdomains seem meaningless, such as b-eqdl.123rutor.su, 16-new-rutor.123rutor.su, and j-idso.123rutor.su. Others, including bruce-willis.123rutor.su and sylvester-stallone.123rutor.su, sound more familiar.

This strategy is understandably frustrating for rightsholders. By adding new subdomains, all previous takedown notices are moot, which results in a seemingly endless whack-a-mole.

Not Everything is Taken Down

Google only reports the totals for how many ‘pirate’ URLs rightsholders report to the company. Not all of these result in content being removed, as it also includes duplicates and URLs for which Google takes no action.

In addition, hundreds of millions of reported URLs have not been indexed by Google, so these naturally can’t be removed. Google puts these on a separate ‘blacklist’ , which prevents them from being added to search results later on.

Overall, it’s safe to say that at the current rate, we’re likely to see the ten billionth takedown notice before the end of the year. Many more will likely follow in the years to come.

From: TF , for the latest news on copyright battles, piracy and more.

In 2019, eight men from Las Vegas were named in a grand jury indictment alleging they conspired to violate criminal copyright law through two IPTV services, Jetflicks and iStreamitAll.

According to the indictment, the defendants reproduced tens of thousands of copyrighted television shows without authorization, and distributed the illicit content to a vast audience of paid subscribers across the United States.

The scope of their alleged infringement was substantial; Jetflicks reportedly offered access to over 183,200 distinct TV show episodes at one point. iStreamitAll allegedly provided an even more extensive library, boasting over 118,479 TV shows and 10,980 movies in its catalog, surpassing the content offered by Netflix, Hulu, and Amazon Prime at the time.

Five Men Face Trial By Jury in Las Vegas

While some defendants pleaded guilty as far back as 2021, receiving sentences ranging from one year in prison to 57 months , five defendants went on trial before a Las Vegas jury late last month.

Just a few days into the trial, Kristopher Dallmann, the alleged leader of Jetflicks, called for a mistrial, claiming that evidence presented to the jury was both inadmissible and damaging to the defense. That failed to gain traction with the court and this week, all five men were found guilty by a federal jury.

Jury Convicts All Five Jetflicks Operators

Dallmann, Courson, Garcia, Jaurequi, and Huber, were convicted of conspiracy to commit criminal copyright infringement. Dallmann was further convicted of two counts of money laundering by concealment and three counts of misdemeanor criminal copyright infringement.

Kristopher Dallmann: Guilty

“Their scheme generated millions of dollars in criminal profits, while causing copyright owners to lose out,” said Principal Deputy Assistant Attorney General Nicole M. Argentieri, head of the Justice Department’s Criminal Division.

“These convictions underscore the Criminal Division’s commitment to protecting intellectual property rights by prosecuting digital piracy schemes and bringing offenders to justice.”

U.S. Attorney Jason M. Frierson for the District of Nevada noted that the defendants conspired to reproduce and distribute thousands of copyrighted television programs for their own personal gain, but not without consequences.

“This case is another example of our steadfast commitment to combat intellectual property theft and to hold accountable those who violate intellectual property rights laws,” Frierson said.

Aviation Service Ploy Failed to Convince

Commenting on the guilty verdicts, Assistant Director in Charge David Sundberg of the FBI Washington Field Office, recalled the unusual response from the operators of Jetflicks when copyright-related complaints began to threaten the business.

“When complaints from copyright holders and problems with payment service providers threatened to topple the illicit multimillion-dollar enterprise, the defendants tried to disguise Jetflicks as an aviation entertainment company,” Sunberg said.

That revelation first came to light in 2020 . During questioning by the FBI, Dallmann claimed that Jetflicks MoVi Entertainment System was a service that converted customers’ personal DVD collections so they could be viewed in the air. He later conceded that aspect of the venture had been a failure, so downloading TV shows from other pirate sites and streaming them for a fee had become the main business.

A sentencing date has not yet been set but Courson, Garcia, Jaurequi, and Huber face a maximum penalty of five years in prison. Dallmann, however, is facing the possibility of considerably longer – a maximum penalty of 48 years in prison according to the Department of Justice.

The Motion Picture Association (MPA), whose members’ content accounted for much of the infringement on Jetflicks, does not appear to have issued a press release in response to the convictions. That’s quite unusual but if one does appear, we’ll update this article accordingly.

Update: MPA’s Senior Executive Vice President and Global General Counsel, Karyn Temple, just issued the following statement on the Jetflicks verdit.

“This verdict is a landmark victory for intellectual property rights. The Motion Picture Association applauds the Department of Justice for its successful prosecution of five individuals who brazenly and illegally profited by infringing upon copyrighted works belonging to ACE.”

“The jury’s conviction underscores the criminal nature of these types of offenses and the significant harms caused to the creative industry and the tens of thousands of workers who earn a living from key industry roles, including set designers, caterers, hair and makeup artists, and camera operators, to name a few.”

“We look forward to future collaborations with the Department of Justice to ensure digital piracy operators are convicted and sentenced for their crimes and to continue sending a strong deterrence message to those who are currently engaged in copyright infringement.”

From: TF , for the latest news on copyright battles, piracy and more.

Referred to in legal papers as simply J.E., the defendant was targeted in Sweden by local anti-piracy group Rattighetsalliansen (Rights Alliance) on behalf of major movie and TV show companies Svensk Filmindustri and Nordisk Film.

The plaintiffs’ claim stated that J.E., either intentionally or with gross negligence, acted alone or in concert with others, to infringe their copyrights in cinematographic works.

They alleged that between August 20, 2020, and May 17, 2022, J.E. made movies available to the public through a popular pirate IPTV service, Scandinavian IPTV. In the alternative, the plaintiffs said that through his conduct, J.E. encouraged someone else to infringe their rights in 19 movies via the Scandinavian IPTV service.

Suspect Arrested in May 2022

On May 5, 2022, Swedish police arrested J.E. in his absence, with a physical arrest executed on May 17, almost two weeks later. During questioning, J.E. initially denied the offenses, but anti-piracy group Rights Alliance had already amassed considerable evidence.

Scandinavian IPTV wasn’t officially registered as a company. However, via a ProtonMail email address, American Express payment cards, and a Stripe account, Rights Alliance was able to link J.E. to the unlicensed platform.

An analysis of various items of seized equipment revealed telephone messages, sent and received by J.E., which discussed the IPTV business. Information on J.E.’s computer revealed similar evidence in the form of IPTV-related account logins.

A financial investigation indicated that payments totaling SEK 5.5 million (~US$5.2m) had been made to J.E.’s two PayPal accounts, with the funds subsequently transferred to six bank accounts he also operated. IPTV boxes and associated invoices were also seized.

Previously, Rights Alliance had carried out test purchases to show that the service infringed the plaintiffs’ rights by making available around 19 sample movies. That period of testing – or rather the months preceding it – would soon limit the scope of the prosecution’s case.

Patent and Market Court Convicts

In its judgment handed down in April 2023, Sweden’s Patent and Market Court found J.E. guilty of violating the Copyright Act. The defendant received a suspended prison sentence and was ordered to pay 60 daily fines totaling SEK 34,800, around US$3,300 at today’s rates.

He was also ordered to compensate Svensk Filmindustri (SEK 63,000 / US$6,000) and Nordisk Film (SEK 191,500 / US$18,600), with SEK 5,000 (US$4,760) forfeited to the state as proceeds of crime, and an additional SEK 150,000 (US$14,280) to cover legal costs. These amounts were a far cry from those demanded by the plaintiffs.

Svensk Filmindustri had requested compensation of SEK 910,000 (US$86,700), Nordisk Film requested (Danish) DKK 2,355,000 (US$338,000). Yet, despite what amounted to a confession, both realized much smaller amounts. Something had gone wrong.

Confession vs. Evidence

J.E. admitted launching Scandinavian IPTV in 2019 and a Rights Alliance investigator confirmed that the service had attracted attention after appearing close to the top of Google search results.

By August 2020, a “large number of payments” for IPTV subscriptions had been received by J.E., including a one-month subscription purchased covertly by Rights Alliance on August 20, 2020, which was used to the monitor the service for the next seven days. To the standard required in a criminal case, that was the extent of the evidence, as the judgment explained:

The prosecutor has claimed that the access for which J.E. is to be held responsible has been going on for almost two years. During the preliminary investigation, checks were made to ensure that Scandinavian IPTV’s website was still up and running, but there was no documentation that the films in question had been available on the service after August 27, 2020.

Photographs from the search of J.E.’s home on May 17, 2022, show some of the films being played on a TV screen. However, there is no information that the films were played via Scandinavian IPTV’s service, nor has this been alleged by the prosecutor. Under these circumstances, with the strict evidentiary requirements that prevail in criminal cases, it cannot be considered proven that J.E. made the films available after August 27, 2020

The end result was a conviction for copyright infringement, but only for the violations carried out during the evidenced seven-day period. J.E. also had a clean record, with the court noting that “neither the nature of the crime nor the severity of the punishment justifies a prison sentence.”

Calculations presented by the plaintiffs, to demonstrate the value of the film works infringed, were acceptable to the court; however, since infringement could only be established for a week, compensation was reduced to one tenth of the amounts requested.

Patent and Market Court of Appeal

Following an appeal, an amended judgment was handed down Wednesday by the Patent and Market Court of Appeal. Taking into account changes in the wording of the Copyright Act during a now extended period of offending, the Court took a much firmer line.

J.E. was sentenced for violations of the Copyright Act committed between August 28 and August 31, 2020, and during the period September 1, 2020, to May 17, 2022. The Court of Appeal increased the number of daily fines from 60 to 100, for a new total of SEK 58,000 (US$5,520) versus SEK 34,800 (US$3,300) ordered in the previous judgment.

Compensation amounts were also amended in favor of the plaintiffs. (Nordisk award in Danish currency)

• Svensk Filmindustri: SEK 747,500 / US$71,200 | (previously SEK 63,000 / US$6,000)

• Nordisk Film: DKK 2,032,500 / US$291,700 | (previously SEK 191,500 / US$18,600)

The prosecutor’s appeal of the earlier judgment stated that J.E. should be convicted of copyright infringement entirely in accordance with the indictment. Whether J.E. was convicted for the entire period claimed in the indictment or the very short period evidenced in the case, the prosecutor argued that SEK 4,000,000 (US$381,000) should be forfeited as proceeds of crime.

J.E.’s appeal requested the dismissal of the indictment in its entirety, along with the individual claims for compensation and the claim for confiscation of property as proceeds of crime.

Court of Appeal Considered Evidence Obtained During the Raid

In respect of the infringement period, limited by the lower court on evidential grounds, the Court of Appeal disagreed on the scope of the offending by considering evidence obtained by the police.

When J.E.’s home was raided on May 17, 2022, officers searched for the plaintiffs’ films on an IPTV device found on site. All but two of the films existed and were playable. At the time, J.E. claimed that the device used a service other than Scandinavian IPTV, but the Court dismissed that claim as unlikely.

In summary, the Court of Appeal found that, contrary to the conclusion of the lower court, J.E. should be convicted for infringing copyright for the entire period of time stated in the indictment.

The Court also found that the plaintiffs suffered reputational damage, for which J.E. should pay compensation: Svensk Filmindustri SEK 152,500 (US$14,500), and Nordisk Film SEK 252,500 (US$24,000), amounts that are included in the totals above.

From: TF , for the latest news on copyright battles, piracy and more.

In a world where there’s always someone telling people what to do, Garry’s Mod is a breath of fresh air. Launched in 2006, the sandbox game has no goals; just hand over $9.99 to Steam, jump in, and do whatever you like.

With the benefit of hindsight, some fans may have taken that a little too literally. At the time of writing, Garry’s Mod workshop content uploaded by users over many years, is being systematically taken down in response to takedown notices filed by Nintendo.

“This is an ongoing process, as we have 20 years of uploads to go through. If you want to help us by deleting your Nintendo related uploads and never uploading them again, that would help us a lot,” the Facepunch Studios announcement reads.

The team don’t seem especially upset and are taking everything in their stride. Nintendo has a reputation for taking action against content featuring its characters and artwork so removing it now is the right thing to do.

“Honestly, this is fair enough. This is Nintendo’s content and what they allow and don’t allow is up to them. They don’t want you playing with that stuff in Garry’s Mod – that’s their decision, we have to respect that and take down as much as we can,” the announcement adds.

DMCA Notices Aren’t Real, or Even Sent By Nintendo, Some Claim

Normal service will be restored shortly, but some fans may still need convincing regarding recent events. They believe that some type of scammer, probably not even connected to Nintendo, has been using bogus notices to take content down for quite some time.

Mindful that Garry and the team needed to be aware of that, so that nothing gets taken offline unnecessarily, attracting their attention became a priority this week.

As the image from X shows, a few hours after being alerted, investigations ended with the conclusion that the takedowns were legitimate. Yet for some, that still wasn’t good enough. Over the past few months there have been reports of bogus DMCA notices claiming to have been sent by Nintendo, containing allegedly similar fictitious claims. Many were resurrected this week after more than three years, contributing to the chaos.

In some cases, users simply expressed sadness or sympathy for Garry and the team. In many, many others, passions and frustrations proved too much. Instead of the usual blanket bitterness towards Nintendo, Garry’s X account filled up with demands for evidence, rock-solid proof that Nintendo really was to blame. Some even fired off accusations that no work had been done to get to the bottom of the crisis.

In a post to X, Garry addressed the “ it’s fake ” guys by posing five questions, all of them related to a domain name referenced in one or more of the takedown notices. The skeptics believe that the domain mm-nintendo.com is fake; Nintendo ‘always’ use a different domain, and domain details here are different to those used elsewhere, etc.

We’ve seen more than our fair share of bogus notices in the past but since these notices don’t appear to have been shared in public, determining whether they’re real or fake simply isn’t possible.

Since Garry is on record saying that they’re real, there’s no obvious reason to question that. It shouldn’t come as a big surprise that developers can become quite attached to their projects and the communities that support them; removing content for no reason isn’t something they do lightly. So whether real or fake, voluntarily or under duress, a decision has clearly been made to say goodbye to content that, in real terms, amounts to a liability.

That being said, let’s squeeze the domain mm-nintendo.com and see what comes out.

Genuine or a Big Fat Phoney?

Finding takedown notices featuring the domain mm-nintendo.com wasn’t difficult. The pair shown below seem fairly typical; they both use notice@ in their email addresses and were sent to ISPs asking for content to be taken down.

Similar notices dated 2016 , 2017 , and 2018 , fail to raise any obvious red flags and since the first and last were processed by GitHub, people can be confident they received considerable scrutiny.

A similar notice sent to GitHub in 2020 took content down using the DMCA. In other parts of the notice, takedowns were requested under trademark law .

At this point, it’s worth highlighting something that all of these notices have in common: not a single one targets pirated copies of Nintendo games. Instead, they all target audiovisual works, images, and fictional character depictions, to which Nintendo owns the rights. It’s a trend that runs through all similar notices.

A 2019 takedown notice sent to itch.io , also featuring the email address notice@mm-nintendo.com, displays the same features as another sent to Sankakucomplex in 2019 . No games piracy in sight, only alleged infringement in characters, artwork, and audiovisual works.

It doesn’t seem unreasonable to raise a theory at this point; is it possible that Nintendo uses the mm-nintendo.com domain when takedown notices target characters, artwork, and audiovisual works, in cases where specific expertise is necessary?

MarkMonitor (MM for short?)

There’s no direct evidence to show that the MM in mm-nintendo.com stands for MarkMonitor. However, there’s plenty of evidence to show MarkMonitor has connections to Nintendo. The domain was registered through MarkMonitor in September 2016 and then updated somewhat coincidentally this Wednesday when the Garry’s Mod controversy began.

The most obvious change is the prominence of the email address brandprotection@mm-nintendo.com before the update. MarkMonitor doesn’t manage all 6,431 domain names currently listed under Nintendo of America, but it has provided brand protection services for some of the biggest names in business.

When Apple worked with MarkMonitor back in 2013, records show the company operated the domain mm-apple.com. While that domain has long since expired, mm-microsoft.com is very much alive and just like mm-nintendo.com, redirects to its owner’s main domain.

Other domains registered through MarkMonitor and used for brand protection over the years, probably behaved in much the same way; mm-velcro.com, mm-walmart.com, mm-loreal.com, and mm-nissan.com, for example.

So Real or Fake?

There seems no doubt that the domain mm-nintendo.com a) actually exists b) is used for brand protection purposes and c) isn’t used often or even at all for regular DMCA takedown work. That leads to the final item, d) the domain is different because it has a specific purpose.

It’s possible that brand protection matters are handled by a dedicated Nintendo department and/or MarkMonitor itself, which also has an office in the UK. Perhaps the image below, uploaded on Thursday, offers a few more clues. Just don’t venture too close to the edge.

Whether the DMCA or similar takedown notices sent to Garry and the team are legitimate is best judged by those who have seen them. Based on the above, however, his claim – that the notices are official – should really be the last word on the matter.

As for the other ‘fake’ notices previously sent that also mention the mm-nintendo.com domain, only a close review of each could determine whether they’re genuine and/or accurate. When everything is said and done, however, perhaps the most important question is whether they target obviously Nintendo-like characters or imagery.

From what we’ve seen, most seem to do just that.

From: TF , for the latest news on copyright battles, piracy and more.

It’s long been the case that access to certain services, whether on or offline, will only be granted when customers prove their identity.

Often linked to financial products but in many cases basic money/goods transactions carried out online, handing over a name, address, date of birth and similar details, can increase confidence that a deal will more likely than not go according to plan. In some cases, especially when buying restricted products, proving identity can be a condition of sale.

Yet, for many years, companies operating in the online space have been happy to do business with customers without knowing very much about them at all.

In some cases, where companies understand that a lack of friction is valuable to the customer, an email address has long been considered sufficient. If the credit or pre-payment card eventually used to pay for a product has enough credit and isn’t stolen, there seems very little to be concerned about. For many governments, however, any level of anonymity has the capacity to cause concern, and if that means unmasking everyone to identify a few bad actors, so be it.

Improving Detection and Prevention of Foreign Malicious Cyber Activity

Perceived and actual threats from shadowy overseas actors are something few countries can avoid. Whether in the West or the East, reports of relatively low-key meddling through to seriously malicious hacks, even attacks on key infrastructure, are becoming a fact of modern life.

After being under discussion for years, late January the U.S. Department of Commerce published a notice of proposed rulemaking hoping to reduce threats to the United States. If adopted, the proposal will establish a new set of requirements for Infrastructure as a Service providers (IaaS), often known as cloud infrastructure providers, to deny access to foreign adversaries.

The premise is relatively simple. By having a more rigorous sign-up procedure for platforms such as Amazon’s AWS, for example, the risk of malicious actors using U.S. cloud services to attack U.S. critical infrastructure, or undermine national security in other ways, can be reduced. The Bureau of Industry and Security noted the following in its announcement late January.

The proposed rule introduces potential regulations that require U.S. cloud infrastructure providers and their foreign resellers to implement and maintain Customer Identification Programs (CIPs), which would include the collection of “Know Your Customer” (KYC) information. Similar KYC requirements already exist in other industries and seek to assist service providers in identifying and addressing potential risks posed by providing services to certain customers. Such risks include fraud, theft, facilitation of terrorism, and other activities contrary to U.S. national security interests.

While supposedly aimed at external threats, only positive identification of all customers can eliminate the possibility that an ‘innocent’ domestic user isn’t actually a foreign threat actor. Or, according to the proposal, anyone (or all people) from a specified jurisdiction at the government’s discretion. Upon notification by IaaS providers, that could include foreign persons training large artificial intelligence models “with potential capabilities that could be used in malicious cyber-enabled activity.”

Scope of IaaS and Customer Identification Programs

Under the proposed rule, Customer Identification Programs (CIPs) operated by IaaS providers must collect information from both existing and prospective customers, i.e. those at the application stage of opening an account. The bare minimum includes the following data: a customer’s name, address, the means and source of payment for each customer’s account, email addresses and telephone numbers, and IP addresses used for access or administration of the account.

What qualifies as an IaaS is surprisingly broad:

Any product or service offered to a consumer, including complimentary or “trial” offerings, that provides processing, storage, networks, or other fundamental computing resources, and with which the consumer is able to deploy and run software that is not predefined, including operating systems and applications.

The consumer typically does not manage or control most of the underlying hardware but has control over the operating systems, storage, and any deployed applications. The term is inclusive of “managed” products or services, in which the provider is responsible for some aspects of system configuration or maintenance, and “unmanaged” products or services, in which the provider is only responsible for ensuring that the product is available to the consumer.

And it doesn’t stop there. The term IaaS includes all ‘virtualized’ products and services where the computing resources of a physical machine are shared, such as Virtual Private Servers (VPS). It even covers ‘baremetal’ servers allocated to a single person. The definition also extends to any service where the consumer does not manage or control the underlying hardware but contracts with a third party for access.

“This definition would capture services such as content delivery networks, proxy services, and domain name resolution services,” the proposal reads.

The proposed rule , National Emergency with Respect to Significant Malicious Cyber-Enabled Activities , will stop accepting comments from interested parties on April 30, 2024.

Given the implications for regular citizens, many of whom are already hanging on to what remains of their privacy, the prospect of handing over highly sensitive information just to obtain a product trial is a real concern. The potential for leaks grows with each disclosure, as does the possibility of personal information ending up for sale on the dark web.

Which is where the threat actors will obtain other people’s credentials to masquerade as regular users when subjected to a Know Your Customer process. For IaaS services themselves, the largest will have few problems implementing customer identification programs and may even consider them useful. On one hand, they can help to stop threat actors and on the other, take the opportunity to build a database containing the personal details of every single customer.

From: TF , for the latest news on copyright battles, piracy and more.