Illegal Copies of “Alone in the Dark” on RapidShare

Today, the Federal Court of Justice in Karlsruhe (BGH) has published a press release (BGH 114/2012) concerning its not yet published decision in the lawsuit between Atari Europe, Inc. and the RapidShare AG (Urteil des I. Zivilsenats vom 12.7.2012 – I ZR 18/11).

Atari has been suing RapidShare for providing disk space for distributing illegal copies of its video game “Alone in the Dark”. As with a number of previous lawsuits, the BGH has pointed out that there is no general obligation for RapidShare to unconditionally filter files uploaded by its users for potentially being illegal. However, RapidShare is obligated to do its best to prevent reoccurring of illegal uploads of the same file has it once been notified by the aggrieved person. This findings are in line with other recent decisions (eg LG Hamburg, Az. 310 O 461/10 GEMA vs YouTube). The court also acknowledged that RapidShare does no indexing of the uploaded files and doesn’t allow browsing or searching them. However, it generally deemed it feasible for RapidShare to regularly check “a limited number of [third party] hyperlink collections for specific contents” (translated by myself), presumably meaning that the RapidShare employees should type “rapidshare download alone in the dark” in some popular search engines and see if it lists any links to their service and, if so, investigate those.

The BGH digresses from the aforementioned YouTube decision of the LG Hamburg in explicitly mentioning that RapidShare had not used a “word filter for the consecutive words ‘alone in the dark’ to scan the file names” (translated by myself). The LG Hamburg had only suggested YouTube may compare the MD5-sum to find duplicates of illegal uploads.

The difference between these two filters is significant. MD5 is a so-called secure hash function that attempts to map an arbitrary sequence of bytes to a string of 128 bit (16 characters) size, called digest or hash. The design goal of any secure hash function is to make it as difficult as possible to find two distinct files that map to identical hashes. This makes MD5 a convenient way to check data integrity. For example, suppose that Alice sends Bob a big file. She might be concerned that during transmission the file got damaged and Bob received something different from what she has sent. She might therefore compute the MD5 hash of the file and send it to Bob too. Bob can now compute the hash of the file he has just received and compare it to the hash Alice told him. If they match, Alice and Bob can be pretty sure that the file was transmitted correctly and Bob will be safe using it. Similarly, if a copyright holder tells YouTube that a video with a certain MD5 hash is illegal, YouTube can delete all videos with identical hashes and be pretty sure that it won’t delete legitimate videos too. On the other hand, an uploader can easily circumvent this restriction by making minor edits to the file, for example by adding some text at the beginning of the video. Filtering for file names is quite the contrary. It is arbitrarily likely that a file with a suspicious file name exists that is not a duplicate of the reported illegal file. The judges at the LG Hamburg have clearly valued the danger of accidentally deleting legitimate files (false positives) more than the danger of not deleting an illegal file (false negatives). I’m not so certain how the BGH sees this in the current suit.

I want to emphasize that the final decision is not yet published and the press release may not accurately reflect the actual decision of the court. Also, the decision is not final but the BHG has sent the case back to the lower instances that now have to negotiate it again. Finally, the press release doesn’t say anything about what RapidShare should do when a file matches a search pattern. Should they delete it unconditionally? Should they open it and see what it is? What should they do if they don’t understand the file format or if the file is encrypted? (RapidShare’s terms of use make no restriction to the file formats that can be uploaded.)

As a demonstration how silly word filtering is, I have created an Account on RapidShare and uploaded a copy of this text and named it rapidshare_illegal_copies_of_alone_in_the_dark.gpg. It must be matched by any word filter applied to the file names and it won’t be possible to easily find out that the file is actually just a text file (for which I have all possible copyright) because it is stored encrypted. All this is legal according to RapidShare’s terms of use and since the text is all about illegal copies of “Alone in the Dark” Atari also can’t claim that I have abused their trademarks. To decrypt the file, use the CAST5 algorithm (GPG’s default symmetric algorithm) and the password “what now?”. On a UNIX shell, do

  gpg --decrypt rapidshare_illegal_copies_of_alone_in_the_dark.gpg

to get the decrypted HTML document, entering the password when prompted for it. RapidShare can’t feasibly tell whether this file is illegal because they would have to search all through the web until they finally find this blog post with the password. If somebody can tell me the file size of an ISO image of “Alone in the Dark” I will construct and upload a file that matches it as close as possible to also make decisions based on the file size impossible.

I will closely watch both, the status of my file and the further turns in this lawsuit. I’d be thankful to anybody who downloads and spreads my file and ask you not to buy video games from Atari.—They should be lost in the dark!

One Trackback

  1. […] BGH had to deal with a lawsuit against RapidShare within only little more than a year. Last July, I have posted about a BGH decision that was cited in today’s decision and obligated RapidShare to install […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s