So I'm going through my mail after being away from my uni digs for 2 weeks, and find a letter from Virgin Media addressed to me, in an off-the-shelf envelope, franked and sent from their Newport office. It contains a lengthy letter from VM and the BPI about a downloaded file linked supposedly to my IP address.

Supposedly on 5th March 2009, at 16:57 and 43 seconds, a track by the filename of: "timbaland-laugh_at_em__give_it_to_me_remix___feat_justin_tim berlake_and_jay_z_(2).mp3", by artist "Timbaland", with track name "Give It To Me (Laugh At Em) (Remix)", from the IP address supposedly used by my cable modem, on protocol Ares, was downloaded at my digs.

Please note the connection is shared between 5 or 6 people. There's no way I'd go near that effer with a 40ft barge, downloading MP3s is so 1999 (FLAC if you're serious about it ;) ), and I doubt "Ares" counts as a protocol (somebody more technically minded would do well to correct me however). Besides, Timbaland's awful music........ :D

I will be posting PDF scans of the letters tomorrow sometime as it obviously demonstrates Virgin are using some form of DPI to monitor usage. But does it contravene the T+Cs of the contract I signed for them to be using it?

So I'm going through my mail after being away from my uni digs for 2 weeks, and find a letter from Virgin Media addressed to me, in an off-the-shelf envelope, franked and sent from their Newport office. It contains a lengthy letter from VM and the BPI about a downloaded file linked supposedly to my IP address.

Supposedly on 5th March 2009, at 16:57 and 43 seconds, a track by the filename of: "timbaland-laugh_at_em__give_it_to_me_remix___feat_justin_tim berlake_and_jay_z_(2).mp3", by artist "Timbaland", with track name "Give It To Me (Laugh At Em) (Remix)", from the IP address supposedly used by my cable modem, on protocol Ares, was downloaded at my digs.

Please note the connection is shared between 5 or 6 people. There's no way I'd go near that offer with a 40ft barge, downloading MP3s is so 1999 (FLAC if you're serious about it ;) ), and I doubt "Ares" counts as a protocol (somebody more technically minded would do well to correct me however). Besides, Timbaland's awful music........ :D

I will be posting PDF scans of the letters tomorrow sometime as it obviously demonstrates Virgin are using some form of DPI to monitor usage. But does it contravene the T+Cs of the contract I signed for them to be using it?

Its Not DPI they are using for this

The BPI have been monitoring the p2p systems using the same systems as the people sharing files illegally and then note any ip sharing a file. They employ various companies to do this and have been for a while. They then ip trace to the isp. when they have the details they then contact VM for the account name and address of the owner of that IP. Its very simple how they do it.

VM do use DPI on their network to monitor traffic patterns, that's a known fact, but this was nothing to do with it.

I was half aware of a coalition between the BPI and UK ISPs, but does this have any legal ramifications for myself? I'm not the pirate (usually), but if others do it on the connection I apparantly pay for, am I the one in the sheetz, so to speak?

I was half aware of a coalition between the BPI and UK ISPs, but does this have any legal ramifications for myself? I'm not the pirate (usually), but if others do it on the connection I apparantly pay for, am I the one in the sheetz, so to speak?

You are responsible for what happens on your connection I'm afraid.

If someone abuses someone else's connection without the owners permission, then surely they can't be held responsible for it? If they can, then its like saying...

I can steal your car, rob a bank with it, and return it to its parking spot, and you are responsible for the robbery, because it was your car that was used.

Even with their permission, it could be argued that they didn't give permission for it to be used for that purpose (*borrows your car and robs a bank, so you get the blame*)

That said, is there not something in the T&C's that state that the connection is provided for you and your family's use only. I'm 90% sure there used to be at least.

Actually, it's more along the lines of "you left your car unlocked with keys in the ignition, so you have some liability, and at the very least, your insurance is invalid).

It states in the terms and conditions that you the account holder are responsible for the connection end of, as for the letter no legal action will be taken unless the copyright holder decided to take legal action then they would have to produce a court order to Virgin Media to get the person detials (never seen this happen), both letters are sent from Virgin, the BPI and employed companies send the detials to Virgin and thats it.

Best secure that wireless network, stop using public trackers, using pants p2p software (limewire).
3 strikes and your outttttttttttttttttttttttt!

Best secure that wireless network, stop using public trackers, using pants p2p software (limewire).
3 strikes and your outttttttttttttttttttttttt!

The three strike rule isn't in place

You are responsible for what happens on your connection I'm afraid.

You are only responsible because that's the ISPs only "target". It's just a trail of people really. VM only know of the account holder and will point the finger at them when the BPI come knocking (obviously BPI need a court order to get the details). If the account holder can prove that someone on the internal network did the deed then will have nothing to worry about, otherwise they'll be in trouble.

It's like a speeding fine, goes to the person who is the registered owner and it's then up to the owner to point out who was actually driving and if they can't they take the heat for being the owner.

It's secured with WPA2. However there's nothing stopping the other flatmates telling others the PSK I suppose, except me checking who's connected thanks to Netgear's useful status pages. ;)

Doesn't make much of a difference to me, as I mainly use a separate 2Mbit modem (I online game regularly, sharing a connection with that is a recipe for disaster). I just happened to sort out the flat with a fast(ish) internet they can use 24/7.

when they have the details they then contact VM for the account name and address of the owner of that IP. Its very simple how they do it.

I believe Virgin's arrangement with the BPI is that Virgin will send the letter to the subs home on behalf of the BPI. The BPI itself doesn't know who is getting the letters. This is not quite as serious as the situation with Davenport Lyons and other law firms who are actually threatening legal action. AFAIK the aim is to scare people into stopping their P2P use. Unless something's changed, of course. It will be interesting to see the scan of the letter and whether it actually makes any concrete threats or not.

You are responsible for what happens on your connection I'm afraid.

As a contractual issue between VM and a subscriber that may well be the case, but I don't believe it has ever been established in a British court that someone can be held liable for any activity on an internet connection that just so happens to be in their name and especially without their permission.

You are responsible for what happens on your connection I'm afraid.

Only in so far as to cover any liability on VM's part.

Only in so far as to cover any liability on VM's part.

VM have no liability for anything their customers do - common carrier protection. Unsure if that still applies of course with all the legal stuff that's been going on but I'm pretty sure that VM aren't responsible for a customer's copyright naughtiness.

Maybe not, but if the connection's hijacked by somebody with illegal intentions - and it's increasingly possible with somebody hacking the thousands of unsecured BT Homehubs out there (WEP is NOT SAFE!), and the customer can prove they weren't the ones doing said illegal downloading, then how can they be expected to front any court cases or fines that come their way when they didn't do it?

It's a legal minefield at the moment, and there's been no clear court case either for or against the customer or ISP.

Scans of the letters (front and back), will be up tomorrow when I'm at uni and have access to a scanner.

The customer doesn't have to prove he wasn't doing the downloading - the one bringing the prosecution, or the lawsuit, has to prove that he was the one doing the downloading. And as it is now widely known that internet connections can be shared and hijacked, the presence of an IP address in a Bittorrent swarm is most definitely insufficient evidence to secure a conviction or establish a civil liability.

And its possible to fake the IP reported to the tracker with uTorrent as well. Its been reported a lot of times that someone who doesn't even know what bittorrent is, has no wifi and uses their PC for e-mail and ebay has been accused of such actions, when in fact its been a spoofed IP which happened to be theirs at the time...

... or possibly an IP randomly added to the swarm by those lovely rogues at The Pirate Bay ...

... or possibly an IP randomly added to the swarm by those lovely rogues at The Pirate Bay ...

Exactly! An IP in a swarm is no proof of downloading anything anymore (if it ever really was)...

The customer doesn't have to prove he wasn't doing the downloading - the one bringing the prosecution, or the lawsuit, has to prove that he was the one doing the downloading. And as it is now widely known that internet connections can be shared and hijacked, the presence of an IP address in a Bittorrent swarm is most definitely insufficient evidence to secure a conviction or establish a civil liability.

Presumably though it would be similar to leaving my keys in the car ignition and it being stolen. The insurance company wouldn't pay up as I hadn't taken reasonable care over its security. The same might apply if you have a wireless network.

No, it's not similar at all. The insurance situation you describe is an issue over the contract between yourself and your insurer. They agree to cover you so long as you lock your car.

The issue over liability (whether civil or criminal) over misuse of your internet connection is only a matter of contract insofar as your ISP wishes to establish that whatever happens, they are not responsible for it. But it does not follow that the person who rents the internet connection is responsible for it. If the connection is misused, it is the individual actually doing the misusing that is responsible, not the person who pays the monthly bill.

To return to your car analogy, if someone steals your car because you left your key in it, then uses it to ram-raid a cashpoint, you are not guilty of robbery. You're not even guilty as an accessory.

However, one is (imho) guilty of stupidity and carelessness for not undertaking the basic principles of care and security.

No, it's not similar at all. The insurance situation you describe is an issue over the contract between yourself and your insurer. They agree to cover you so long as you lock your car.

The issue over liability (whether civil or criminal) over misuse of your internet connection is only a matter of contract insofar as your ISP wishes to establish that whatever happens, they are not responsible for it. But it does not follow that the person who rents the internet connection is responsible for it. If the connection is misused, it is the individual actually doing the misusing that is responsible, not the person who pays the monthly bill.

To return to your car analogy, if someone steals your car because you left your key in it, then uses it to ram-raid a cashpoint, you are not guilty of robbery. You're not even guilty as an accessory.

Then the only other thing I would say is that the terms and conditions state:

D Using our Service

You are responsible for the way the services are used. You must not use the services to do any of the following acts or allow anyone to use the services to do such acts:
.
.
perform an illegal activity
.
.
Upload, post, publish, or transmit any information or software that is protected by copyright or other ownership rights without the permission of the owner

2. You must, at all times, make sure the way you use the services does not break the law or right of any other person


I'd guess that "You are responsible for the way the services are used." covers it.

No, you're still confusing issues of contract with issues of criminal/civil liability as defined by Law. You have a contract with VM under which you agree not to do any of the things listed under 'D'. If VM believes you have breached it, they can disconnect you (although you could sue them for breach of contract if you believe their decision to be unreasonable).

But nothing at all in that contract can be used to establish liability in a civil or criminal court for an alleged offence against, for example, the Copyright, Designs and Patents Act 1988. A contract created by Virgin Media does not supercede the Law.

Its simple make sure you secure your connection and you should be fine.

That's the thing - it IS secure! You can't get much more secure than a WPA2 PSK with Netgear's router. Far better than the Belkin tripe I had beforehand, where if you so much as blinked at WPA2 it'd throw a hissy fit.

Scans of those letters are going up later this afternoon. I presume I need to blank out the IP address and account numbers / address etc to protect my identity, yesno?

Yes, remove anything personally traceable to you.

Right boys and girls, ladies and gentlemen, these are the letters that Virgin Media (un)kindly sent to me. They were scanned as BMPs, edited in goodol' M$ Paint since Adobe Acrobat 8 Pro (which the university has on a fair few computers) couldn't get rid of the offending items: address it was posted to (mine) has been removed on the Virgin letter (which is why there's a blank space), as has account number and case number. The BPI one is a standard jobby slightly edited for Virgin Media customers.

Have a good laugh at them. They certainly gave me a good chuckle, especially the bit on the BPI letter where it says: "Virgin Media recommends that all customers use appropriate security solutions to safeguard their computers whilst online, and therefore recommends that you use PCGuard, Virgin Media's suite of security services, which can be found at: www.virginmedia.com/pcguard. This can also help to prevent the spread of computer viruses which are sometimes disguised as illegal music files and can put your private information at risk."

Long story short - can this come back and bite me in the ass? I never downloaded it (don't like the music, and I'm careful what I download anyway - they've not picked up the multitude of movies and motor racing videos I've nabbed online), but others who use the connection could well have.

You're absolutely fine. I recommend issuing a copy of the Virgin.pdf document to all known users of the connection in an effort to show them that it will land you in trouble if it happens in future. If they cannot agree to atleast find a more secure solution to aquiring the media they want, you have no choice but to stop them using the connection that you pay for.

When it comes down to it, you are responsible for any activity on the connection.

If the users of the network wont play ball and continue to download naughty things then depending on your router, you can block certain apps and protocols.limit the bandwidth they use etc.

I highly recommend a Linksys WRT54GL Open Source Router coupled with Tomato firmware.

http://www.overclockers.co.uk/showproduct.php?prodid=NW-052-LS
http://www.polarcloud.com/tomato

Hopefully your network users will play ball tho and understand the seriousness of the situation :)

the Terms and conditions only limit virgins liability which as a common carrier they dont have in this case

as to your ip being proof it was you would likely ( not been tried yet ) be laughed at

no your not responsible for what people do on your network unless you knowingly allow them to break the law ( that would have to be proved ) you are under no obligation to secure a wireless net work and in any case most are easily breach able even if if secured

( lol i can run a program on my N95 to crack most of them if i wanted to )