Digital Pinkertons: Anti-CASE Act Spambot Maker Helped Tech Firms End Labor Action

We’ve been covering all week two Google-funded astroturfs, Public Knowledge and EFF, and their efforts to spam The Senate with automated tweets, emails, comments, and phone calls in hopes of blocking the CASE Act (voluntary small claims court for copyright).

To catch up you should start here:

https://thetrichordist.com/2019/10/24/deja-vu-google-funded-astroturf-groups-use-spambots-robocalls-in-senate-to-block-case-act/

As we dug into this, we started focusing on Public Knowledge and their tweetbot. While experimenting with the tweetbot, I discovered it took total control of my twitter account. Like completely. It basically makes your twitter account part of a botnet that is controlled by Public Knowledge or their agent Phone2Action. Look at the permissions it asks for:

But even stranger (or maybe not), shortly after authorizing permissions, I noticed unfamiliar devices logging into my account.

See screengrab above. I was nowhere near Scaggsville MD.  I don’t know that it was Phone2Action, but I’ve never seen this sort of activity on my accounts. I’m pretty security conscious.

Particularly funny (or outrageous) since besides being copyright skeptics Public Knowledge claim to be privacy advocates. That is obviously bullshit.

You can read the full article here:

https://thetrichordist.com/2019/10/25/stunning-privacy-violations-by-privacy-advocate-publicknowledge-and-other-outrages/

Who is Phone2Action?

Phone2Action is the maker of the above tweetbot.  Phone2Action website says:

“In the United States, everyone’s voice counts. The opportunity for civil discourse is what makes our country a model for democracies everywhere. When we have problems, we don’t look the other way—we try to solve them. We built Phone2Action to empower the problem-solver and advocate that lives in everyone. Our tools amplify the voices of movements through technology in order to effect change.” (emphasis added)

Alright, that sounds neat. I mean amplify sounds like a little more than one vote per person, but otherwise it seems cool.  Phone2 Action was founded by two democrats. One married to a former Obama administration official. The third founder seems to be independent but was in the US Digital Service an Obama initiative. So Phone2Action seems generally progressive outfit. And if you look at their webpage front and center they have some non-profits, corporate responsibility efforts, and commercial campaigns by vaguely virtuous companies like Patagonia and Ben and Jerry’s.

But if you dig a little deeper, into the case studies, it’s not long before you find Satan’s cobbler-er, oops I mean the Internet Association. There is also mention of a Net Neutrality campaign, although that seems to be downplayed. Probably because the net neutrality campaign devolved into the mother of all bot-fueled fake public comment disasters. 22 million comments, with reports of half of them being fake.  From an NPR article:

The Pew Research Center took a close look at the comments. Associate Director Aaron Smith said several things popped out. Maybe the biggest, 94 percent of the comments “were submitted multiple times, and in some cases those comments were submitted many hundreds of thousands of times.”

The Net Neutrality fake comment scandal has even become the focus of a US Senate investigations. See here.

Is this starting sound like the massive spamming of the EU Parliament that happened with the EU Copyright Directive (N-Square, SaveYourInternet.eu, EDRi, Open Media and New/Mode)?  Yes, and we will come back to that probably later this week.  Something else caught my eye. This article by the Consumer Technology Association (aka CEA) Chairman Gary Shapiro.

Phone2Action Grassroots Effect: West Coast Ports

Whoa. Shapiro is basically bragging about the CEA and Phone2Action together breaking a union work slowdown by the longshoremen.  Have you ever met a longshoreman?   While the CEA is your usual anti-worker corporate trade group, it seems pretty weird that Phone2Action with its progressive Obama credentials would get involved in strikebreaking.

Now check this out:

“CEA, with support from over 200,000 Innovation Movement members who help us advocate for smart tech policies and several key industry stakeholders, effectively shared the urgency of the West Coast ports crisis via social media, asking Congress and the White House to help keep our ports open for business,” CEA CEO and President, Gary Shapiro, said.

This is a picture of Gary Shapiro. You think this dude leads an auxiliary of a boring-ass trade group that has 200,000 active members? This guy is clearly not a whirling dervish of raw charisma. 200,000 members?  Yeah right.  And the Innovation Movement? I didn’t believe it so I looked it up.  Well there once was a website for the Innovation movement.

But as far as I can tell by 2015, at the time of the longshoreman slowdown, the website hadn’t been active for two years. By 2017 the site redirected to a domain reseller.   I know a thing or two about grassroots organizing, and if you have 200,000 active members helping you lobby Congress you don’t let the website domain around which you organize expire.  That is seriously valuable real estate. Keep your members. Keep them engaged.

So clearly I don’t think they ever had 200,000 members.  My hunch is that they had a few thousand members and then a bunch of fake email addresses and sock puppet social media accounts.  I could be wrong.  I’m not saying CEA or Shapiro had any idea they were fake… well maybe I am saying that, otherwise, why would he let the domain expire? Aw shit, I don’t know.  Politics plus the internet is such a shitshow. Anything seems possible now. But there is no way there were 200,000 real members.

Just let me say this.  I hope I’m wrong.  Cause otherwise Shapiro and Phone2Action ran a spam op and tricked The President of The United States into intervening in a labor dispute.  I hope I’m wrong. I don’t want to believe the worst about our democracy.  Cause if I’m right we are screwed.

 

Stunning Privacy Violations by Privacy Advocate PublicKnowledge and Other Outrages

 

Public Knowledge’s canned message Tweetbot completely takes over your twitter account. How is this any different than a botnet? 

Many of you are familiar with Public Knowledge for their general hostility towards copyright and the rights of authors. In particular, they are currently opposing the CASE Act which would finally give artists a small claims alternative to federal court.  Most independent artists do not have the $100,000+ it takes to pursue a case in federal court.  The court is voluntary, both parties have to agree to use the small claims copyright court. No one is forced into this system.  It’s good for the claimant and the party accused of infringement. By all measures, this is a simple commonsense solution. And an overwhelming bipartisan consensus agrees in congress agrees. The Case Act recently passed in the house 410-6.  Stunning!

The bill now goes to the Senate for consideration.  Of course, Public Knowledge (Google-funded) doesn’t want the CASE Act to pass. So they have attempted to mount a “cyberturf” campaign directed at Senators using some sketchy social media and phone bots. This tweet bot distributes canned messages that are factually incorrect. Hostile foreign governments need not mount disinformation campaigns against our democratic institutions as we’ve already got Google astroturfs on the job!

 

In particular, Public Knowledge is distributing a tool that combines a “tweetbot” and “patch through calling.” The tweetbot is easy to understand.  The patch through calling requires a little digging to understand how it could be (is intended to be?) abused. It doesn’t really provide any extra convenience to an individual activist. Any activist can look up their Senator’s office on iPhone and click on the telephone number.  Whereas, for instance, if you have a boiler room full of paid activists, a third party could easily direct a firehose of phone calls at a wavering Senator, and the calls would be untraceable, the Senatorial staff would not realize it was the same group of paid activists calling over and over. It is my strong suspicion this is the point of these “patch through” phone bots.  This is not far-fetched as something similar seems to have played out last summer in the EU parliament.

So I spent the last few days playing around with the “tools” provided by Public Knowledge (and EFF tools).  The Public Knowledge tools were the most interesting. Perhaps horrifying is a better description. I   came to three extraordinary conclusions:

First. In order to use Public Knowledges tweetbot, you have give total control of your twitter account to Public Knowledge’s contracted agent a company called Phone2Action.  The permissions literally let the Public Knowledge and Phone2Action do anything with your account.  It is as if you have joined a botnet. (See screenshot at top of article)

Second. Public Knowledge Tweetbot allows you to customize your message to Senators (above). But it also will tweet their canned message back to your followers (Below) WTF? This has got to be illegal.  It’s forcing me to make speech that I would never make.  It’s an unauthorized appropriation of my pubic persona to involuntarily endorse something I don’t want to endorse.  What else is this bot doing in my name? 

Third.  After observing the tweetbot in action for a while,  I went to revoke the Twitter permissions I had granted to Public Knowledge (Phone2Action).  I noticed something unusual. Under twitter’s “apps and permissions” I saw an iPhone I did not recognize using my twitter account.  See screenshot below.

Twitter was identifying this phone as being in Cedar Rapids IA.  This seemed very strange.  It was not my iPhone. Was not on airport Wifi and my phone IP address indicated my true location. (Not Cedar Rapids). I was not using a VPN.  Bizarre.  I logged this iPhone out of my twitter account as well as every other device using omy twitter account.* In the confusion, I forgot to disable the PublicKnowlege/Phone2Action permissions.

About an hour later I remembered I hadn’t revoked permissions. I checked my account and I saw that there were two new Ipads logged into my twitter account.  WTF?  One reported its location as Scaggsville MD, which is just outside the beltway in Maryland. I was hundreds of miles from that location.  I have since disabled the permissions I gave to Public Knowledge/Phone2Action.

There have since been no unusual logins on my twitter account.   I have no idea if this tweetbot had anything to do with these mysterious logins. But I have never seen anything like it before. On this third issue, I’m not placing the blame on Public Knowledge.  But I’m having a hard time coming up with an explanation here.

*21 twitter sessions? Yes, I have a lot of computers. And many of them are running programs that monitor twitter and other social media for certain patterns and keywords. It’s part of other research I hope to publish one day.

Guest Post: UK Official Investigating PledgeMusic Directors, Asks the Public for Information

By Chris Castle

Don’t believe the headlines–just because there’s no money for artists from the PledgeMusic bankruptcy does not mean that the story is over.  It just means that justice is going to take longer.  If you were paying attention, it should have been obvious from the beginning that PledgeMusic was a financial roach motel–the money goes in but doesn’t come out.

In the least suspenseful story of the decade if not longer, it appears that PledgeMusic’s officers and directors ran the company straight into the ground.  It’s unclear from the Official Receiver’s report (which is available here) whether Pledge had any cash on hand when it filed for liquidation.  The Official Receiver appears to value the company’s intellectual property at £20,000 as its only asset.  Pledge had £7.4 million in “debt” so nothing for the artists or anyone else.

However, the really important part of the Official ReceiverReceiver’s report relates to the officers and directors.

Pledge Liquidator 1

So unpacking that paragraph, the directors seek to avoid liability by saying they weren’t involved with the “day to day running of the company”.  Well, no kidding.  That’s why they are directors.   But they are answering a question that isn’t relevant.  The question is not whether they were involved with the day to day, the question is what did they know about the company’s insolvency and when did they know it?  A related question is whether they were willfully blind about the financial condition of the company?

It is difficult to understand how they couldn’t have known about the company’s financial condition.  This is not something you find out from interviewing Benji Rogers.  This is something you find out by examining board minutes, financial statements, internal accounting, and of course internal emails.

It must be said, of course, that stating that “the company continued to operate as previously” begs the question “previously” to what date?  And of course, if it continued to operate as an insolvent, that doesn’t really help them.  At all.

Let’s not forget that to a large degree, once the board becomes aware that their company is insolvent, their fiduciary duty shifts from the shareholders to the creditors, especially if the board fails to disclose the insolvency to creditors and fails to seek bankruptcy protection (which goes by different names in the UK, administration or liquidation).

And that last sentence is also telling.  Why did the board seek legal advice about whether the pledge monies were or were not trust monies?  Again, answering a question that wasn’t asked exactly.  Who gave them this advice, what prompted the board to ask for it, when did they ask for it and what happened after they got the advice?  Did the lawyer also tell the board that they could tell the public they were soliciting funds for one purpose and then use the money for an entirely different purpose for their or the company’s own benefit?

You see, it doesn’t really matter whether the monies were held in trust if the entire process was a fraud.  But I’d still like to hear from that lawyer as to exactly what he or she told them–I seriously doubt that it’s quite as broad as all that.

But here is the punchline of the Official Receiver’s report:

Pledge Liquidator 2

It does not sound to me like the Official Receiver (the liquidator) views her work as completed.  What it appears remains to be determined now is whether the cause of the insolvency (or bankruptcy) requires further action, including a referral by the Official Receiver to Scotland Yard and/or the Crown Prosecution Service (which is essentially the prosecution arm of the Home Office–the people with the white wigs for the BBC watchers).

Artists should feel free to call the Official Receiver at the number they gave or I believe you can still email to LondonB.OR@insolvency.gov.uk using the matter LQD5671373 in the subject.

Deja Vu: Google Funded Astroturf Groups Use Spambots, RoboCalls in Senate to Block Case Act

 

This EFF form allows anyone anywhere to repeatedly call Senators from this webform, no identification, no email, phone or geolocation verification.  Pure cyberturfing. BTW the “tens of thousands of dollars” is false.  Also not mentioned: CASE ACT is a voluntary small claims court for copyright claims. Explicit opt-in process. No one is “on the hook” for anything.

++++++++++++++++++++++++++++

It’s deja vu all over again.  Looks like Google-funded astroturf groups EFF and Public Knowledge are using the same questionable tactics that Google affiliated astroturfs used in the EU to try to defeat the Copyright Directive. Spambots, Tweetbots, and automated calls.

If you’re not familiar with what happened in Europe here’s a very brief summary:

EU parliament proposed some copyright changes that required digital platforms like Facebook and Youtube to do a better job policing their platforms for copyright infringement.  Naturally, Google did what they always do and mounted what can only be described as a massive disinformation campaign against the proposed copyright changes.  Most of this took the form of angry emails, phone calls and tweets to EU parliamentarians.  And at first it worked.  In July 2018 cowed MEP (Members of European Parliament) voted against a sort of fast track approach to legislation.  This blog noted some very non-organic patterns in the emails, tweets and automated calls (example tweets to Spanish MEPs stayed at a constant frequency in the overnight hours). Further, this blog noted the financial connections between the groups running the campaign and Google.  Eventually, the Times of London and Frankfurter Allgemeine Zeitung became aware of this and ran high profile stories detailing the entire fiasco.

See here:

Google Funds Website That Spams for its Causes

https://www.thetimes.co.uk/article/google-funds-activist-site-that-pushes-its-views-rg2g5cr6t

Anatomy of a Political Hacking

https://www.faz.net/aktuell/feuilleton/medien/eu-and-copyright-anatomy-of-a-political-hacking-15771185.html

The good news is this, EU parliamentarians were so outraged when these tactics were exposed, support for the Copyright Directive dramatically increased and eventually passed.

Now Google-funded groups like EFF and Public Knowledge are using the same tactics in hopes of creating the appearance of a fake grassroots uprising.

Here Public Knowledge is pushing the same call spamming tool as above.  The difference here I was able to “repurpose” the spam tool to connect to the Public Knowlege office (Hey, it was research!).  When I tried it on my own number I was able to make about 3 calls a minute. It would be possible to harass the shit out of anyone with this tool.  It’s like leaving a loaded phone DDOS gun around for anyone to use. I do not believe that this is a bug or defect.  I think that this is the intention of putting these tools out there.  They hope the angry internet-paranoids will abuse these tools. Just like they did in the EU.  Otherwise, why not just provide a phone number to call?  Type in your address and your senator’s phone number appears.  Take out your phone and dial the number. Or Why make the call come from a webtool on the Actnow.io server?  I say it’s cause it is easily hackable and automatable.  Fuck these groups.  Both are objective dangers to our democracy.

There are also tools available for emailing and tweeting your Senator.  I was able to fire off tweets at about a dozen a minute. I changed the text to alert the Senators this was a demonstration.  Can you imagine what 20 sock puppet accounts could do?  Swamp all hundred Senators in a few minutes! Again no geolocation verification.  I could be in Tehran, Belarus, Davos or Mountain View.  No need to be in US!

They are even providing tools for leaving comments on official government websites of Senators. Pretty sure that I read somewhere that there are regulations that forbid the use of automation to leave comments on most federal govt websites. Maybe someone can point me to the text? In the meantime you can always repurpose the tools to spread the truth about these folks.

 

 

Breaking: Robocall and Spambots out Against CASE Act

I still don’t have all the details on this.  But as the House prepares to vote on the CASE Act  (voluntary small claims copyright court option for creators and users) it appears that EFF, ACLU and others have started a Robocall and spambot campaign against the bill.

The webforms are here and I have confirmed they are easily automatable.  Even from a smartphone.

Use the forms against the tech monopolies.  Flip the script,  make pro Case Act calls.  Put your own pro Case act text in email forms.

Robo call tool  here

https://act.eff.org/action/call-congress-and-tell-them-not-to-let-a-quasi-court-bankrupt-internet-users

Spambot to leave message on Congressman’s website.

https://act.eff.org/action/tell-congress-don-t-let-a-quasi-court-bankrupt-internet-users

 

 

Music Reports Inc is TikTok’s Copyright Infringement DMCA Agent?

MRI (Music Reports Inc) is a company that collects and licenses royalties on behalf of songwriters and publishers.   They also act as a licensing agent for digital services.  That is, like HFA they work both sides of the digital music market.  Personally, I think these sorts of arrangements present some competition and conflict of interest problems. And eventually, those problems will emerge. As a frequent investor in startups, I don’t invest in companies like this.  But that’s just me. Other folks like to make money by seeking out and exploiting legal loopholes.

So MRI’s appearance on both sides of the streaming music marketplace raises eyebrows. But to be clear that is not illegal.  However, I’ve never seen anything quite like this:  MRI is the DMCA Agent for TikTok!  That means a company that is supposed to be licensing artists and rightsholders work is aiding and abetting a massive infringer (TikTok*) in a whac-a-mole DMCA scam.

And I do mean scam.  Like highly misleading. Bordering on fraudulent. Here’s why. As I detailed in my last blog, I don’t think TikTok qualifies for the DMCA safe harbor on much of the infringing activity that occurs on TikTok. Here is the quick summary:

After a couple of hours messing around with app it appears:

  1. TikTok makes available my work and then provides the copy to the user before the user makes any content.
  2. The copy would seem to be more than “ephemeral” (an important copyright act legal distinction) as at certain stages I can repeatedly access the content even when my device lacked internet connectivity.
  3. TikTok app “marries” or “syncs” the music to audiovisual content provided by their service or uploaded by the user.  Note this is after the recording and composition have apparently been copied and distributed to the user’s device.  In other words, the infringement occurs before user publishes content.
  4. Before the “marrying” or “syncing” of the music to audiovisual content I cut off internet connectivity.  The process of marrying video to music failed. This suggests TikTok service requires sync license, not the user.
  5. Only after all sync has occurred does user have the option to “publish” the work.  This is long after many activities requiring licenses, and thus infringement has occurred.

DMCA safe harbor provides the digital service protection from its user’s copyright infringement.  Not infringement committed by the digital service.   Grooveshark made this mistake and was promptly put out of business.

I’m saying it appears something similar happens with the TikTok app.  So if in fact, I’m right, that would imply MRI by operating TikTok’s DMCA safe harbor operation they are helping to perpetrate a fraud.

Finally I would like MRI explain to its songwriters and publishers, why it is helping TikTok intimidate songwriters and publishers into NOT filing a DMCA notice.   It’s right on the TikTok website.  TikTok basically says they will doxx songwriters and publishers if you file a copyright complaint. And where will they get those complaints?  From MRI.

This is yet another example of why my focus of this blog has switched from investigating civil abuses of artists and rightsholder to investigating criminal abuse.  My hashtag for the year is: #PutADigitalMusicExecutiveInJail2020.  Why? it’s the only thing that will ever stop the abuse.

*TikTok is a massive infringer.  No public performance licenses.  Few if any “mechanical” licenses.  My work has been used and as far as I can tell, there are no licenses, nor have roylaties been paid. To pretend that TikTok is largely licensed service is objective fiction.

TikTok: Nothing Says Chinese State Influence like Censorship and Mass Copyright Infringement Pt I

TikTok has recently been in the news for two reasons.

CENSORSHIP

The first is for censorship.  The Washington Post notes they appear to be censoring clips from users that are critical of the Chinese Government or videos in support of Hong Kong protestors.  The Guardian in the UK reports:

TikTok, the popular Chinese-owned social network, instructs its moderators to censor videos that mention Tiananmen Square, Tibetan independence, or the banned religious group Falun Gong, according to leaked documents detailing the site’s moderation guidelines.

TikTok which has headquarters in Los Angeles may at first seem to be simply joining the ranks of the Nike and NBA as (faux progressive) corporate entities that kowtow to authoritarian governments.  But what most people don’t’ realize is that TikTok is a subsidiary of a 78 billion dollar Chinese “start-up” that is heavily staffed with Chinese Communist Party members and directly under control of a government ministry. It is not unreasonable to characterize this company as an influence tool of the authoritarian Chinese state.  Especially if you consider TikTok is not available in China only outside mainland China.  As BuzzFeed notes:

“Eschewing typical forms of Chinese soft power, TikTok could be the arrival of a subtler form of algorithmic influence, with sophisticated Chinese AI controlling what becomes viral content potentially shared among millions of young Americans”

(Editor note: Try this at home.  Look for any recordings from 1990s or 2000s concerts supporting Tibetan freedom on Spotify. I couldn’t find any. It should be noted Chinese social credit rating app maker Tencent owns a 10%+ stake in Spotify).

COPYRIGHT INFRINGEMENT BY TIKTOK

The Second reason is copyright infringement.  As Billboard reports the National Music Publishers Association has asked the Senate to look into copyright infringement by the social media giant.  President of NMPA David Israelite:

The scale of TikTok’s copyright infringement in the U.S. is likely considerable and deserves scrutiny. We hope that if Congress looks further into matters relating to TikTok that copyright theft is included in the scope of its examination.”

APPARENT LACK OF LICENSES FOR MY WORK

Interesting.  So last night I looked into this by checking my own catalog against what TikTok makes available, copies and distributes from their app. Both recordings and compositions that I directly control were available on the service. As far as I know, these recordings and compositions have not been licensed. At least, so far I have found no record of licenses. It is always possible that some licenses transferred from Muisical.ly when TikTok purchased it.  But I can’t find any licenses for that service either.

It is important to remember that TikTok is making what are essentially video syncs. Under US copyright law these video sync licenses can not be obtained via ASCAP or BMI.  The federal compulsory license for “mechanical” reproductions can also be ruled out as this does not apply. US compulsory mechanical specifically excludes audiovisual content!

I live-tweeted a lot of this last night as I explored what work was available on their service. I also engaged some of this blog’s “irregulars” to verify what I was seeing.

Here is twitter thread.  Sorry for the typos.

Start here:

Screenshot showing TikTok making avaliable my recording I own, following the steps that 30 second snippet appears to be copied into my device. This is not “user-generated ” activity.  It appears TikTok is making available, copying and distributing my work.  This normally requires a direct license with the owner. 

TIKTOK HAS NO DMCA SAFE HARBOR?

Today a little more research was conducted.  Oh boy, now it gets really interesting.  In order to qualify for the DMCA copyright safe harbor, the infringement must be “User Generated Content.” It is my belief that like Grooveshark, TikTok is actually making infringing performances, distributions, and copies themselves not their users. If my observations can be verified then TikTok would lose its DMCA safe harbor for the same reasons Grooveshark did. I am not an IOS app expert and have just enough technical expertise to get me in trouble. So if anyone out there wishes to verify and correct me I am happy to reflect that in this blog.

With that caveat, my observations after a couple of hours messing around with app:

  1. TikTok makes available my work and then provides the copy to the user before the user makes any content.
  2. The copy would seem to be more than “ephemeral” (an important copyright act legal distinction) as at certain stages I can repeatedly access the content even when my device lacked internet connectivity.
  3. TikTok app “marries” or “syncs” the music to audiovisual content provided by their service or uploaded by the user.  Note this is after the recording and composition have been apparently copied and distributed to the user.  The infringement has already occurred.
  4. Before the “marrying” or “syncing” of the music to audiovisual content, if I cut off internet connectivity, the syncing process video to music failed. This suggests TikTok service is doing the syncing, not the user.
  5. Only after all this has occurred does the user “publish” the work.  This is long after many activities requiring licenses, and thus infringement has occurred.

WHEN IS CODING A KLUDGE AND WHEN IS IT A CRIMINAL CONSPIRACY?

There is something extraordinarily clunky and strange in the sequence of steps one takes to search for music tracks. Why not just list tracks available.  Log in and try to make a video (you can stop before publishing if you like).  You’ll see what I mean. Also, the choice of wording seems to suggest the peculiar vocabulary of a lawyer when a company is trying not to be sued.

For example, the clunky search results box seems to imply an algorithm (“4 matched sounds”) has provided you with a selection of songs that are just sort of mysteriously found in an unnamed digital domain. The wide-open internet?  TikTok owned/leased servers? What I’m getting at is they don’t use a term like “available” which might imply a license for works. Maybe this seems petty to you, but it seems a deliberate attempt at obfuscating where these “matched sounds” come from. In addition, shouldn’t there at least be some notice at this point that the TikTok user could be committing Copyright Infringement? I mean if I saw a song in a TikTok search result and used it I would like to know that I’m potentially gonna be sued for copyright infringement.

On more popular tracks there are videos already associated with these tracks and this phrasing would make your average user think, “oh these are already uploaded by someone else and I’m using their file.”  However, on my tracks, especially the most obscure tracks, there are no videos associated.  So where exactly is this “matched sound” coming from.  How did it end up in the TikTok search results?   Someone had to put it there.  This is too clever by half.  Also at some point, someone somewhere has edited these “matched sounds” down to 30-second clips.  They all seem to match digital distributors 30-second previews.  That doesn’t necessarily mean anything.  Where is TikTok getting 30-second previews on a mass scale? Which digital music distributor is providing these previews? Someone somewhere knows something.  If the pay scale at these digital distributors is as low as my former music business students claim it should be pretty easy to flip someone with a meager $5,000 reward.

TIKTOK ENCOURAGES THE EXPLOITATION OF “MISSING TRACKS”

Another rather curious feature of TikTok is that it rewards the creators of the first video that accompanies an unexploited “sound.” A fist TikTok music/video sync gets a special “Original” tag and a seemingly higher number of views. Sure at first this seems reasonable.  Tik tok has lots of catalog, so it’s good to have it exploited potentially generating views and thus advertising revenue.  But if TikTok isn’t really licensing the catalog, isn’t it more likely that this simply encourages users to put new unlicensed work online?  How is this any different than Share-Online.biz.  They were raided and shut down the past week by German Police.  Share-Online was known to reward users that illegally uploaded popular albums, films and video games. My suspicion Share-Online’s major vulnerability will be contributing to mass infringement.  Is it possible that TikTok shares the same vulnerability?

THE DOG THAT DIDN’T BARK

Another curious issue.  If TikTok’s search function were truly passive, why is it that the part of my catalog that is available on TikTok does not include the compositions that were listed in the Spotify class action lawsuit?   I didn’t use all my compositions in the Spotify lawsuit. Essentially the tracks used had the cleanest ownership records. The tracks missing are not just my compositions with copyright registrations. No this is a more subtle detail that would need to be gleaned from court documents. That extra bit of obscure information surfacing here is some kind of tell.  What it means I don’t quite know, but I find it extraordinarily curious that apparently someone somewhere knew to eliminate these compositions from the “matched sounds.”  If these songs were filtered out it was done by someone with some legal/litigation expertise. It strains credulity to think this was accidental.  To be clear, I’m not saying it was TikTok, it could have just as easily been someone further upstream, a third party retained for licensing and identifying tracks, for instance.

Also, suppose coders or lower-level employees at TikTok or third party were instructed to work around these tracks. That’s coming awful close to conspiracy. And you’ve already got mass copyright infringement going on, so can you all say “RICO?”

Now there are other ommissions of compositions and recordings from the matched sounds.  But these are all controlled by Universal Music Group and its subsidiaries. I would assume from this that UMG has not yet licensed TikTok, or is in some sort of dispute with the app.  But this does not fully explain the other missing tracks.  Again I could be wrong.  This is not a smoking gun, but it deserves investigation from someone other than me.  Law enforcement perhaps?

Put a Digital Executive in Jail in 2020

To be clear.  I have no plans to file any copyright lawsuit against TikTok.  I’ll let someone else do that.  I’ve graduated from that league. I’m much more interested in working with law enforcement. After 20 years of artists and rightsholders fighting these fucks we need law enforcement to step up and launch a criminal investigation. It’s a pattern. My experience is that these services make so much fucking money they have learned it’s cheaper to pay the fine or lump sum settlement.  Investment banks like Goldman Sachs will continue to downplay the criminality of these companies “business models” to potential investors and your fucking pension fund will end up holding the bag.  The C-suite will walk away having cashed in their stock and the cycle will repeat again. The only thing that will scare these pricks is Jail time. It would be so much more efficient for courts; artists would be so much better off, and this shit wouldn’t keep happening. Perp-walked a single digital music executive into an LA federal courthouse (Or New York or Nashville) and this shit will stop really fast.  #PutADigitalMusicExecutiveInJail2020.

PS: I notice there is some unfounded speculation about my resignation from the MLC.  Simply put, I don’t have the bandwidth to do this kind of research and also sit on the unclaimed funds committee of the MLC.  I’m the bad cop.  This is my calling. I like to make the bad guys lives miserable. Every hour I spend on MLC work is one less hour I spend doing this. 

Guest Post by @cagoldberglaw:  Scared as Hell: Section 230 Denies Access to Justice, Not Free Speech Protection via @musictechpolicy

By Carrie A. Goldberg

[Chris Castle editor’s note:  We should all be aware that in addition to the “value gap” of the DMCA safe harbor, Big Tech also has another safe harbor in Section 230 which I call the “values gap.”  You have to ask yourself, how do they sleep at night?  We are honored to be able to post this article by one of the great lawyers of our time, Carrie Goldberg, author of the new book Nobody’s Victim: Fighting Psychos, Stalkers, Pervs, and Trolls and victim rights lawyer extraordinaire.  Carrie is going after Grindr for putting a product into commerce with a design defect that allows stalkers to use the app to assault users.  This argument is similar to the Ford Pinto’s exploding gas tank.  This post started as a Twitter thread, and we’re very pleased that Carrie agreed to let us post it as an article.]

For the past 2-1/2 years my firm has been in the fight of our life in the case Herrick vs. Grindr which involved owners and operators of the Grindr gay dating app refusing to assist our client, Matthew Herrick, when mobs of strangers were coming to his home to have sex with him.

Using Grindr’s geolocating and other technology, Herrick’s ex impersonated him and directed over 1200 men to him in person. Sometimes 23 a day. Herrick went to the police and got an order of protection. Nothing Herrick was able to do helped to stop this assault.

And neither did Grindr. No, Grindr said in court they didn’t need to help Matthew because the Communications Decency Act Section 230 protected them from any legal responsibility for harms caused by their app.  The district judge agreed. We appealed it to a panel of judges sitting on the Second Circuit Court of Appeals.

The Second Circuit panel also said Grindr bore no responsibility to Matthew and that the earlier judge was right to throw the case out. We sought a rehearing en banc before all the judges on the Second Circuit trying to explain that we were not suing for words or communications from a user (for which Grindr would get Section 230 immunity) but rather, we were suing Grindr because its product was defective.

Why?  Because Grindr designed their product without an internal system or other protective functionality to save users and the world at large from people abusing their product to impersonate, stalk, prey—easily foreseeable harms that a reasonable person could have predicted might happen before Grindr was put into commerce.

In August we submitted a cert petition for the Supreme Court of the United States to review the Second Circuit’s ruling and reverse it. We’ll know Oct. 1 if they will. In my practice, I see a lot of people like Matthew whose lives were destroyed because apps and social media companies ignored them.  People who are victims of revenge porn, sextortion, harassment, doxxing, horrible content coming up in search engines, all of which could be prevented by eliminating these design defects and putting people over profits.

These Big Tech companies have ZERO incentive to build safety precautions into their products because this 1996 law Section 230 has been interpreted by the courts to shield tech companies from just about any responsibility.  It means we as individuals CAN NOT sue them. A bunch of politicians, lobbyists and even some professors will say that Section 230 protects our speech.

That is not true.

What Section 230 does is remove options for us as individuals when lives are destroyed through tech. Our courts are no longer an option for us to get justice.  I can’t overstate how extreme it is for there to be companies that are UNTOUCHABLE by our courts.

Our tort system is centuries old and it is the great equalizer enforced by the courts—an entire branch of government and integral to our entire concept of checks and balances. In almost every kind of harm, for a couple hundred bucks a single person can use the tort law and the courts to hold the most powerful person or company responsible if they caused us harm and we can stop them from further hurting us which is Matthew’s case.

The ramifications of Section 230 immunity don’t just impact those harmed. Section 230 harms us all as a society. We are entering an era of greater surveillance, Artificial Intelligence, self-driving cars, facial recognition technology.  Companies developing this have ZERO incentive to be thinking about how their products will be abused and exploited by bad actors. Why?  First and foremost because there is no pressure on them from the threat of litigation.

So in addition to Matthew’s battle with the courts, my big discovery is that our politicians are now inserting language into our international trade agreements that echos Section 230.

If they succeed and we are injured by some other country’s negligent tech product, app or social media company, our country is immunizing those companies too. Those international companies now can’t be sued by us either.

Look at Article 19.17 of NAFTA 2.0 nafta excerpt

The language, which is even MORE expansive than Section 230 in protecting tech companies was already included in NAFTA.

And we have some politicians working to include it in trade deals with Japan, India, and the EU.  This is INSANE.

These politicians are taking away our rights against tech companies in our own country and others. This means they can all be as exploitive of users and privacy and human rights as they want.

Everybody should be scared as hell. Section 230 is NOT about online speech. It is about access to justice.  No other industry is immune like this. These companies basically have sovereign immunity. The most powerful, wealthy, omniscient, omnipotent industry in the history of the world has as much or more protections from being sued as a government.

We need to hold our politicians accountable. We need to expose those who are fighting against our individual rights and voting to exclude these companies from judicial systems around the world. Additionally, if our American companies don’t like changes we make to Section 230, they’ll just relocate to a country with whom we have a trade agreement.

Who in congress is THAT owned by Big Tech that they would betray the American people and strip them of all recourse for injuries that occur online?

European Internet “Self-Governing” Body Ignores Own Report and Continues to Serve Criminals

This article was written by my colleague Volker Rieck.  It has been translated from German. It originally appeared here.  While the failure of internet self governing bodies may seem far afield from my usual focus on artists’ rights, it is not.  Artist rights and royalties have been greatly diminished because of a market failure caused by lax enforcement of copyright protections on the internet. And the reason there is little enforcement of criminal activity on the internet is because the “self-government” of the internet, ICANN, and its regional affiliates are spectacularly inept or corrupt.  This article details how the RIPE (the European/Mideast arm of ICANN) has ignored its own internal reports and continues to provide services to criminal organizations. I am not an expert on US Treasury sanctions, but looking at RIPE’s own report it’s likely that RIPE is violating the US prohibitions against providing services to companies/individuals on the Office of Foreign Asset Control “Specially Designated Nationals and Blocked Persons List.”

-Dr. David Lowery

PS.  RIPE client CyberBunker was just taken down today by German police.  See here.

and Republic of CyberBunker?  Clearly RIPE does not give a shit about its responsibilities and duties here. Time to make RIPE and ICANN accountable to the rule of law.  Just like the rest of us. 

Internet self-administration a la RIPE NCC: An oath of disclosure!

There are many examples of successful self-regulation in business. One of them is the age ratings for films and games. The rating processes are relatively quiet and, despite there being many films and games to rate, there are very few complaints.

The reason for this could be that film and game self-regulation assigns duties and responsibilities to all parties involved.

RIPE NCC: Epic Fail

The exact opposite of this successful self-regulation is the sort of self-regulation you find on the internet. RIPE NCC (Réseaux IP Européens) is responsible for assigning numbers and names on the Internet for Europe and parts of Asia. Other parts of the world are represented by 4 others organizations of ICANN, the worldwide Internet self-government organization. As early as spring 2018, this blog pointed out the failure of RIPE NCC to abide by it’s responsibilities as required. Crucially my article revealed that RIPE NCC provides services to criminal customers. Conversely these criminals pay for membership in RIPE NCC and hence help fund RIPE.

While I’m not surprised that the internet overlords pay no attention to this blog, I am quite surprised to find they seem to have ignored their own internal reports.  Recently I discovered on RIPE’s own website a presentation which describes the problem even more clearly and in depth: “Criminal Abuse in RIPE IP space.”

The presentation was given by Dhia Mahjoub, PhD, who is Head of Security R&D Cisco Umbrella, at the RIPE 77 Conference. According to Mahjoub’s CV, he seems to be a proven expert who has given presentations at several conferences. His presentation was held on 18 October, 2018 and can be downloaded here.

Undoubtedly the most interesting thing about this presentation is the fact that it was held at a meeting of RIPE NCC. In other words: those responsible at RIPE NCC have been aware of the illegal activities of their members since October 2018 at the latest.  Yet, RIPE NCC still allows these companies to use the Internet for criminal purposes.

In the 64-page presentation, Mahjoub describes how dubious data centers develop infrastructure for criminals with the help of RIPE NCC. He examined 30 suspicious data centers of which 11 are in the care of RIPE NCC.

The variety of criminal activities taking place is manifold: botnets, sending spam, distributing malware, fake shops, fake software, phishing, money laundering, illegal video streaming, Bitcoin mining, Trojans, etc.

Mahjoub names three countries that stand out for :

Switzerland, the Netherlands and Sweden.

He also gives examples of data centres whose business model is to support criminal activities in total or in part. Specifically: Private Layer PA/CH (which appeared in our 2018 blog post), Serverius NL, Worldstream NL, Altushost NL, Felicity NL, Portlane SE, etc.

Mahjoub gives a very detailed breakdown of how the participants are related to each other:

Illustration: Excerpt from the presentation – Private Layer network.

The German company Corebackbone is also involved:

Illustration: Excerpt from the presentation – Corebackbone, Germany.

The dubious players in this space have been well known for years and have been left to pursue their business undisturbed.

The presentation also shows how these companiescompanies are scattered across different countries which obviously hampers prosecution. And is it any surprise thatIt Mahjoub’s presentation references offshore letterbox companies that can be found in the Panama Papers?

Illustration: Excerpt from the presentation – How to make a business resilient on the Internet.

The presentation also describes how such businesses are rebuilt over and over again with low investments:

Illustration: Excerpt from the presentation – The recipe of a dedicated hoster.

RIPE NCC: Blind in both eyes – where is the self regulation?

Anyone who thinks that the findings from the presentation have changed anything at RIPE NCC will be sadly mistaken. Although many evil organizations and their criminal activities were clearly described in the October 2018 presentation, they are all still present and all this with the blessing of RIPE NCC. There is no better way to show that self-regulation of the Internet has failed completely.

RIPE’s refusal to take action against criminal members would only be understandable if RIPE itself were a part of organized crime. RIPE NCC’s Executive Board Treasurer, Remco van Mook, was country manager for Equinix in the Netherlands. Equinix provides a wide range of hosting services for Private Layer locations, Panama and Switzerland, as well as peering in over 5 data centers in Europe. (Editor note: It’s also a US Government contractor! Yikes!) Let’s hope for the executive board members of RIPE this is simply incompetence and arrogance, not criminal conspiracy.

Is it time for law enforcement and politicians to address this problem? What a crazy world we live in, where powerful tech elites make it so easy for criminals. Perhaps by regulating the RIPE’s self-regulation, we could make the Internet much safer for everyone involved?