[e-privacy] RapidShare rivela gli ip dei propri clienti

[Anonymous]

http://arstechnica.com/tech-policy/news/2009/04/rapidshare-hands-over-user-info-in-germany-users-panic.ars

RapidShare hands over user info in Germany, users panic

File  hosting service RapidShare  has reportedly  handed over  user IP data to
the record industry, leading to at least one user's home being raided in
Germany. This has led to speculation that content owners may start abusing
Germany's  copyright law to start going  after other P2P users as well. 



The  popular   Germany-based  file  hosting   service  RapidShare  has allegedly
begun handing over user information to record labels looking to pursue illegal
file-sharers. The  labels appear to be making use of paragraph 101 of German
copyright  law, which allows content owners to seek a court order to force  ISPs
to identify users behind specific IP addresses. Though RapidShare does  not make
IP information public, the company appears to  have given the information to  at
least one label, which took it to an ISP to have the user identified.

The issue came to light after a user claimed that his house was raided by   law
enforcement   thanks   to  RapidShare,   as   reported   by German-language news
outlet Gulli (hat  tip). This user had uploaded a copy  of Metallica's  new
album "Death  Magnetic"  to his  RapidShare account a day before  its worldwide
release, causing Metallica's label to work  itself into a tizzy  and request the
user's personal details (if  there's anything  record labels  hate, it's  leaks
of prerelease albums).  It  then  supposedly  asked  RapidShare for  the  user's
IP address, and then  asked Deutsche Telekom to identify  the user behind the IP
before sending law enforcement his way.

Ars asked  RapidShare for comment  and confirmation of  the situation, but did
not  receive a response as of publication  time. Gulli, on the other  hand,
offers  a scanned  copy of  the court  decision  and also claims it was  privy
to a confirmation e-mail  from RapidShare that it had handed over the
information.

RapidShare has had  a more than a few tussles in  the German courts as of late.
In January of  2008, RapidShare found itself  pitted against GEMA  (the  German
version of  the  RIAA)  arguing  that it  was  not responsible  for the  content
that  users  uploaded to  the site.  The Düsseldorf Regional  Court didn't  buy
it, ruling  against RapidShare, saying that the company is  responsible for
those files and would have to check  every file for  copyrighted material. In
October,  the court spelled  out  its expectations  a  little  more  clearly,
saying  that RapidShare  must   remove  infringing  content   proactively,
despite RapidShare's  insistence that  it had  already hired  on  six staffers
whose  sole job was  to go  through uploaded  material and  respond to
complaints about infringement.

Critics fear  that that the latest  series of events  is evidence that the
floodgates  have been opened for a  more "creative" interpretation of  paragraph
101.  After  all,   if  they  are  able  to  obtain  IP information, record
labels may  begin using it  to go after  users on BitTorrent and other  P2P
networks. This is the  same fear that fueled borderline  levels  of  panic  when
rumors  circulated  about  Last.fm handing  over user data  to the  RIAA earlier
this year,  though both Last.fm and the RIAA  vehemently denied the accusations.
Last.fm later said that it takes the privacy of its users very seriously and
that it would never hand over personally  identifiable data like e-mails or IP
addresses.

There   are,   however,   many   differences   between   Last.fm   and
RapidShare. For  one, if Last.fm were  to find itself  in the position
RapidShare is  in with GEMA, it would  be able to argue  that the Safe Harbor
provision in the DMCA protects  it from liability as long as it removes
infringing  content after  being  presented  with a  takedown notice. In Germany
(and many other countries), there is no equivalent, meaning  that RapidShare
has little  choice  but to  comply with  the rulings. RapidShare's  incredible
popularity—Germany-based deep packet inspection (DPI) provider Ipoque recently
put out a report saying that RapidShare is responsible for  half of all direct
download traffic—has only made the  issue more sensitive for the  record labels
and service providers alike.

Whatever the  outcome, both situations highlight  the precarious level of  trust
that  users have  with service  providers. If  more  of them cooperate with  the
requests of  the record industry—court  ordered or not—then users will start
fleeing user-supported services like rats on a sinking ship.