Tuesday, April 07, 2009

Good and bad UPS experiances

It's not often That Neuron2Neuron goes off the Peer2Peer/technology track much, but this I just have to share, as it relates, in a way. It's about UPS, who is supposed to be delivering a book, that will be reviewed on TorrentFreak. The book will be reviewed by TorrentFreak's US office (which is mainly the research office) so I'll give it over to them for the lowdown.
-
The book comes from Oxford University Press, and was shipped from New York. The book was supposed to have been shipped 2 weeks ago, so after contacting the author (he approached torrentfreak) they went to ship it out again, and this time gave Ben a tracking number. Alas, in the address, they ommitted the unit number (the office is located in a 40 unit park, in Metro Atlanta). The best I could hope for was to keep an eye out for the truck, and flag it down. Short story, I missed the truck, and it was ben that noticed it in the tracking.
04/07/2009 11:41 A.M. THE APARTMENT NUMBER IS MISSING OR IS INCORRECT. UPS IS ATTEMPTING TO OBTAIN THIS INFORMATION.
Well, first it's not an apartment, but I'm guessing it's a standard message. I went to contact UPS to provide the info (the missing number is "2"). The email system won't work without an infotrack number. This is on a notice a delivery driver leaves when he can't deliver, but since he doesn't know where to deliver, he can't leave a notice, so there's no number. Have I mentioned that the emails can't be sent without this number? BAD

Time to phone UPS, which is based locally, in Atlanta. This is the good part. I've known Ben for years, decades almost (18 years almost) as we both grew up in Liverpool, so I have the Scouse accent. I've also now lived in the US for a number of years, in the south; my wife's southern, my kids are all southern - can you imagine my accent? I can't use drive-thrus, I have difficulty with speech recognition (I'm sick to death of reading 3001 and other books to train Dragon NaturallySpeaking) so voice-based phone menu systems are a nightmare for me. This one actually worked. GOOD
Better, as soon as I gave the tracking number (18 letters and numbers) it immediately put me through to an agent. GOOD
Even better, she had my package details on her screen, and I didn't have to repeat everything! GREAT!!
Alas, after giving her the number, which they were 'attempting to obtain', I was told that it's considered a 'new address' and wouldn't be delivered until tommorows runs now BAD (but on the upside, she was competant, and easy to understand, a rarity in customer service, and start to finish, from hitting send on my cellphone, to hanging up - 3m49s GREAT!)
04/07/2009 12:29 P.M. A DELIVERY CHANGE REQUEST FOR THIS PACKAGE WILL BE PROCESSED / DELIVERY TO AN ALTERNATE ADDRESS WAS REQUESTED

I can understand if it was a few hours later - the truck would be nowhere near, but I doubt it was that far away, or wouldn't be passing close later, on its way back to the depot. BAD

The, there is the option to be notified by email if theres a problem, or when a delivery's been done. At 1:46PM, two emails arrived together, one for the change of address, and the second for the failed delivery attempt; the change of address one arrived a second or two earlier. Very usefull system that. BAD

Of course, it's not all UPS' fault. Someone at OUP was a little careless in not putting the full address on the package. BAD
but back to Ben

-

As TorrentFreak hopes to do more reviews in the future, we just hope that the bad instances are reduced, but at the same time, these things are going to happen sometimes. Look for the start of a reviews section soon, on TorrentFreak.com

UPDATE 8:15PM

MACON,
GA, US 04/07/2009 7:37 P.M. A DELIVERY CHANGE REQUEST FOR THIS PACKAGE WILL BE COMPLETED / THE ADDRESS HAS BEEN CORRECTED. THE DELIVERY HAS BEEN RESCHEDULED
gotta love it...

Monday, April 06, 2009

BERR consultation responses - “03”

In reference to BERR response “p2p – 03 – FOI.PDF”

A short and succinct response, which makes its points clearly and quickly, but gives few actual easily followed references, instead alluding to events. The writer is clearly technology literate, P2P literate, and has been following most of the main cases involving P2P at a level including critical analysis, rather than press releases and mainstream reporting.

I would also have to disagree with the writer on a factual basis, at least on his claim that section 3.6 of the consultation document is flawed. It is actually accurate. However, its the manner in which certain companies go about this that is flawed. It's as much about semantics as anything else. The idea (section 3.6) is sound, the practical operation of it is flawed. Also, there is a slight factual inaccuracy again in 'notices sent to photocopiers'. In actuality, the notices were sent to printers, and other non-storage network capable devices, in a study by the University of Washington, to see if they could spoof IP addresses and get notices sent. Printers and similar were chosen because they were IP addresses that were physically incapable of doing the actions they were accused of. I covered it in more detail in my TorrentFreak article, published when the study came out.

As far as breaching privacy goes, I think that's an argument that will go nowhere. They are not accessing anything you've not released to be accessed. Either knowingly, or unknowingly, and have not used any tools, beyond the counterpart to a program you are using, to obtain data. Now, the legality of a company obtaining data on individuals, for hire, is another question. In many US states, such activities usually fall under the description of “Private Investigator” and require the investigator to be licensed with the state. I'm unclear of the status of similar laws and requirements in the UK, but I am currently unaware of anyone working in a company that does this sort of work holding any such license.

The references to 3.38 though, the E-Privacy Directive, are in the main fairly accurate though. There has been little peer-review of antiP2P detection methods. Most companies claim 'trade secrets' over their collection methodology and technology. However, the vast majority of methods do not manage to identify anything beyond an IP address, much less a computer, and certainly NOT an individual. Thus, under the E-Privacy directive, asserting anyone to be the infringer is false, as there is no evidence to back it up, and so it fails the accuracy standard. The only way to even have a hope of identifying the person, is probably through behavior observation, using deep packet inspection for all computer activity. Even this will be confused by multiple people operating a single computer collectively, or multiple computers behind NAT.

There is also more comment on the quality of the investigation with reference to consultation assertions that it must be successful if so many pay up. However, the consultation itself gives the reasons for it, on the next page, observing that “such legal action can cost in excess of £10,000” In comparison, £500 isn't such a bad figure, and in that case, it's cheaper and easier to pay up. This is the problem with the current method of dealing with alleged copyright infringement, and it's one that will be dealt with more in a more appropriate response, such as Davenport Lyons' response.

As the conclusion of the submission rightly points out, though, the vast majority of the consultation document makes the assumption that identifying the infringer is easy and highly accurate. However, there are plenty of cases where this has been shown to be completely false. Thus, the writer is correct in saying that the majority of the document, and any proposed sanctions, are irrelevent unless and until an accurate and accountable system of identification can be found.

Consultation analysis overview

BERR consultation responses - “02”

In reference to BERR response “p2p – 02 – FOI.PDF”

First of all, the identity of this person is redacted, albeit pointlessly. The author is Bennett Lincoff, which is easily to determine from the first page alone (of the 14 submitted). I wish I knew why the BERR took the strange step of not only removing the person's identity, but also of redacting some of the supporting links in the footnotes, perhaps because the URL is for Bennett's site, BennettLincoff.com. When you also take into account the professional experience he has, it's unusual they bothered to remove his name at all – 15 seconds of searching at most is all it would take anyone to do this.

Mr Lincoff does has some things to say that might surprise people who just look at his professional past. Page 3 exemplifies this. “It seems that whatever the final particulars, the enhanced enforcement regime contemplated by BERR will likely rely on highly intrusive means and *draconian punishments that are disproportionate to the seriousness of the actions* they are intended to deter. Because of this, *it represents a policy initiative of dubious merit*. In any event, as discussed below, *unauthorized P2P file-sharing is not even the primary cause* of the music industry's decade-long decline” (emphasis mine) and indeed the first 5½ pages are a discussion of why the music industry's situation is what it is. While none of the points are new to those who have followed this subject for years, it's nice to have someone that worked in the music industry, in a policy position, say these things out loud.

The main gist of the response thereafter is an interesting idea, that of the 'digital transmission license', one which collectively and jointly replaces the analogue-era collection of rights – broadcast rights, reproduction rights, performance rights etc. – and their resulting royalties. Instead the one license covers all, and is jointly owned by the songwriter, artist, producer and publisher. The right may be granted by any party, they just have to account for the royalties to the other partners.

However, where Mr Lincoff has mainly done well in accepting the technological realities of peer-to-peer sharing, one area he apparently doesn't understand is decentralized systems. “On the other hand, distributors of file-sharing software for decentralized networks who with to secure licenses for their services could do so if they configured future releases of their software to exercise certain key measures of control over the file- and streaming-sharing that the software enabled.” The Problem here is that such a decentralized network, for example Bittorrent, is an open specification. Anyone can write a client, which will work with others, and the basis of the protocol is uploading as you're downloading. Any client with such measures would quickly be ignored, and older clients, or new clients without such restrictions, would be used instead. It's not that far fetched, as a number believe recent versions of the utorrent client monitor actions, and refuse to use a version later than 1.6.1. Despite being factually untrue (and I have checked), it has still persisted for more than 2 years.

Overall, it's a good idea, if somewhat impractical. If it were implemented, then it may also make things easier and cheaper for both consumers, and artists, although at the expense of the labels, who would lose out on the 'double-dipping' of licenses they currently employ. It is, however, hard to argue with his final conclusion. “I suggest, however, that BERR refrain from making matters worse by requiring ISPs to act as enforcers on behalf of copyright holders.

Consultation analysis overview