Police officers have been tracking when downloaders of copyright-infringing files have deleted their download histories, according to the Serious Organised Crime Agency.
On Wednesday evening, SOCA hailed the success of an operation against music blog RnBXclusive, which provided links to illegal music downloads. The agency took down the site on Tuesday, posting in its place a warning to people using the site for downloads that they could face up to 10 years in jail.
The Serious Organised Crime Agency put this notice on the RnBXclusive website for around 32 hours after the website was taken down.
One of the measures of the campaign's success, SOCA said in its statement on Wednesday, is that "a number of site users have deleted their download histories".
RnBXclusive did not host the music files itself, instead directing people to cyberlocker services similar to Megaupload, going by captures of the blog on the Way Back Machine archive. Asked for an explanation of how SOCA could monitor downloads, given these are not available via the blog's site, the agency confirmed it is tracking individual people's actions.
SOCA's investigative team "has been monitoring activities [of] users of the site", a spokesman for the agency told ZDNet UK.
He declined to comment further, saying that to go into SOCA's "techniques and methodology" could hinder the investigation.
Legality questioned
Cybersecurity expert Peter Sommer said the legality of SOCA's monitoring depends on the methods it is using. The UK police have regional units that use hacking as one way of surveilling suspects.
"One can only speculate, but there are only two ways one can think of in which they would know that download histories had been deleted," Sommer told ZDNet UK. "The first would involve them having seized the suspect's computer and carried out a forensic inspection, which would be legal."
"The second would be by remotely hacking into a suspect's computer," Sommer continued. "If they do that, there is a considerable likelihood that it would be illegal because the law enforcement exemption in the Computer Misuse Act does not apply to the use of a Trojan for remote hacking."
In the UK, copyright enforcement laws allow rights holders to get a court order forcing ISPs to block access to copyright-infringing sites hosted overseas, as was the case with RnBXclusive. However, the RnBXclusive takedown was carried out under conspiracy-to-defraud laws, rather than copyright enforcement laws.
"All action taken in this case was done after due and careful consideration with respect to the legal position of [SOCA's] actions," the police agency's spokesman said, when asked whether Tuesday's takedown had followed due process.
– SOCA
All action taken in this case was done after due and careful consideration with respect to the legal position of [SOCA's] actions.
He added that RnBXclusive "enabled access to music obtained by hacking, including some which had not yet been released". The site had 70,000 visitors daily, mainly men between 18 and 25 years old, in the week before the arrest, according to SOCA.
The spokesman declined to comment on whether users of other download-related sites were also being monitored.
Three more music sites have shut up shop or gone legal since the RnBXclusive takedown and arrest of its proprietor, according to SOCA, which said it had "monitored responses" to its action. The agency's spokesman declined to name the three sites.
"One has taken itself offline voluntarily, one claims to be considering taking itself offline, and another has posted a claim on its home page to now only be dealing in legal music files following the activity," SOCA said in its statement.
Industry warning
The message posted by SOCA on RnBXclusive's site said that "as a result of illegal downloads young, emerging artists may have had their careers damaged", and that "if you have illegally downloaded music you will have damaged the future of the music industry". The content of this warning was influenced by representatives of rights holders, according to the police agency's spokesman.
"It was written by SOCA, but we did have input from industry," he said.
That message has now been taken down, having been up for around 32 hours as part of what SOCA described as "the first phase of the operation". This operation is entirely connected to RnBXclusive, rather than referring to future, similar campaigns, the agency's spokesman explained. He also clarified that the 10-year-sentence threat in the message was made under the Criminal Justice Act 1987.
"[Rights-holder group] IFPI estimates losses to legitimate businesses and artists caused by the site to be £15m a year," SOCA said in its statement.
In response, digital rights campaigner Peter Bradwell said collaboration between UK law enforcement agencies and rights holders needs to be more transparent.
– Peter Bradwell, Open Rights Group
"This whole episode seems to be a kind of scarecrow operation. SOCA should not be using threats simply to scare users, almost all of whom have no reason to fear jail. This is at best a distraction for an organisation who should be dealing with serious, material threats," said Open Rights Group member Bradwell.
David Allen Green, head of the media practice at law firm Preiskel & Co, also questioned why the agency is taking part in what is effectively a copyright enforcement case.
"It is not clear why SOCA are involved, and it seems odd that they are using a Heath Robinson combination of contract and conspiracy law," Green said. "The alarmist web page they have used to replace the site taken down is preposterous and makes SOCA look frankly ridiculous."
Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.
Talkback
With respect to the last 4 paragraphs, I'm constantly amazed that people immediately leap to the defence of the undefendable. Notwithstanding that, there does seem to be a query about the method used to obtain individual histories.
A third way to potentially track activity is if the web site kept a log of the searches conducted by its users - even though the files may not be hosted on the site, it may keep logs of the searches carried out that may point to what users were hunting for.
A fourth way would be to look at ISP logs, though that would be time-consuming and unlikely to be worth the effort involved.
Perhaps more likely is that their target was always the web site and not the individual users, and the message and statements were simply to scare people into not using such sites in the future.
@nhawthorn - The problem with both those theories is that it would not have been possible for the users to delete such information. They wouldn't have had access to either the site's logs (the site was taken down) or ISP logs (unless they work for the ISP, which would be something of a stretch).
@David Meyer. The text of my first comment was searchable almost immediately after I had submitted it. So surely the traffic to and from sites under scrutiny by SOCA can similarly be harvested. Hence, if the user cleans up his or her own tracks on his or her computer, then the history is still available. I gathered that it was the legality of such an activity by SOCA was open to question.
As a UK Tax payer I cant help but feel that I would rather the SERIOUS ORGANISED CRIME agency were chasing gang members, serial rapist, and child/people traffickers instead of teenagers downloading the latest lady Gagga track.....