| |
Chairman Upton, Ranking Member
Markey, and members of the Subcommittee:
I am Assaf Litai, Founder of Vidius, Inc.
Vidius is a start-up company, co-founded by veterans of Israel's
underseas and land defense forces. It
offers technology services and support to those who are concerned about the
unauthorized, mass distribution of their products -- movies, music, games,
computer software, books, and databases -- over peer-to-peer networks. Vidius has developed and applied for twenty patents on
techniques and services, which I will demonstrate today, to assist owners of
such products in protecting themselves. But
current law actually provides disincentives for these owners, and for legitimate
institutions and businesses whose facilities are the unwitting hosts for pirate
distribution, to take simple and effective steps to stop the unauthorized mass
distribution of these valuable entertainment, computer software, game, and
publishing properties.
Industry and congressional concern over copyright has focused
increasingly, and now almost exclusively, on the business that Vidius is in --
addressing mass, unauthorized distribution of content that is "hosted"
on servers scattered around the country and the world.
These servers are of two general types -- those that are maintained for
other purposes by large institutions, and, to a far lesser extent, those
maintained expressly for this purpose by some individuals.
A letter recently sent by a group of motion picture CEOs to a group of
hi-tech industry CEOs said:
"[U]nauthorized
peer-to-peer file distribution *** harms existing theatrical, home video and
subscription outlets, and discourages legitimate on-line services which cannot
sell access to movies, music and other entertainment content … available for
free. We … should all work
together in a consensus-based and cooperative fashion to find solutions to this
problem that is threatening the very essence of our business."
Indeed, this understates the problem -- our research has shown that these
very same servers also host computer software, books, games, etc., responsible
for much or most of the piracy in several other industries.
Today I will demonstrate a Vidius system called ClearSite™ that is
capable of identifying, auditing, and interdicting such piracy.
I want to emphasize the importance of its "auditing" feature.
Most of the "servers" for piracy in fact are owned and
controlled by legitimate institutions in entirely unrelated businesses or
endeavors, without their knowledge. Let
me repeat that -- most of the peer-to-peer servers
that deliver pirated material are owned and controlled by legitimate
institutions in other lines of endeavor. This should not be a surprise, because most symmetrical
broadband access today (hi-bandwidth for both uploads and downloads) is still
provided through institutions rather than private homes. Real, viral distribution occurs when participants have high
bandwidth for uploads as well as downloads.
This is the case today primarily in institutional settings, and is
unlikely to change any time soon.
While we know that much of the motion picture material distributed on
peer-to-peer networks has been obtained, as well as distributed, in an
unauthorized fashion, many of the items distributed -- particularly in the area
of computer software -- were not "stolen" at all.
Rather, they are legitimate, purchased and licensed copies. However, they have been illegally made available for mass
distribution by employees or others at these institutions or companies, many of
which themselves have been, and are, prominent victims of piratical
distribution. To paraphrase the song --
"Who's
hostin' stuff on your own servers
While
you are out sellin' stuff?"
Before demonstrating ClearSite™ I want to provide some assurances as to
what the ClearSite™ system is not:
-
First,
our system does not invade the privacy of any data stored on anyone's server
or hard drive. It operates only
on data that has been publicly displayed to any inquiring computer.
This data describes the content that has deliberately been made
available to the public for piratical distribution.
If this information were not purposely delivered to anyone who
inquired, the Vidius system could not operate.
-
Second,
our system does not require the modification of anyone's server, PC, home
network, or consumer electronics product.
Nor does it interfere in any respect with the operation of such
products on an institutional or home network.
-
·Third,
the ClearSite™ system cannot operate against the wishes of the ISP that
connects the server to the network.
Now for our demonstration. In
our offices we recorded an actual instance of finding one product on a server
that offered it for mass unauthorized distribution.
We can collect and audit this information either by product or by host.
Thus, in a different demonstration from today's, we could show how XYZ
corporation's peer-to-peer servers -- generally PCs used by its employees -- are
today hosting a range of software, books, games, databases, and audiovisual
material for mass unauthorized distribution.
Today, however, we will focus on tracking and addressing the distribution
of a particular piece of content -- a motion picture.
To track and audit a particular movie, we need not have implanted any
information in it, or have been given any special knowledge about it. We can figure these things out for ourselves, through a
process known as "fingerprinting."
Our demonstration shows our actual survey, acquisition, and evaluation of
a single case, including a determination as to how many copies of the movie are on the server.
(This part we could have demonstrated in real time, remotely, using any
laptop computer tied in to our office.) Our
movie then shows us interdicting further illegal distribution.
(This part we can only do from our office facilities, which is why we
recorded the entire demonstration.) This
is a demonstration of our actual process at work, not
a simulation.
*
* *
Our system is sufficiently flexible to be applied only to those servers
that offer a certain number of illegal copies, or that have downloaded a
particular movie a certain number of times.
That is another reason why our audit function is so important.
I am not here today to denigrate other approaches, particularly those
favored by our potential clients in various business.
We are, after all, a startup company building a clientele among the
various industries that are here before you today. Having listened to the
debates about other approaches, however, I submit that from the standpoint of
law-abiding consumers and businesses, ours is the approach to stopping piracy
that is least intrusive to consumers and employees, and most productive for
those who employ it.
I also should note that neither Vidius nor I am opposed to distributed
computing in general, or peer-to-peer networking in particular.
To the contrary, I agree with those who have said that distributed
computing and peer-to-peer networks present many new opportunities to the
information technology industry. To
be kept free from regulation, this
activity needs the advantage of self-protection.
Such protection is available to top-down networks through DRMs.
I said at the outset that existing law provides disincentives
to such self-protection. I can
point to two areas in which the law needs to be understood or amended:
First, there are some who would interpret existing privacy laws,
originally addressed to intrusive practices such as wiretapping, so as to
support aggregated civil damages, and even criminal penalties, against any touching of a peer-to-peer server -- even where it only involves
the public "out box," and the subject is clear, red-handed, repeated
piracy. Under such a legal
interpretation, the more piracy that is tracked from a single server, the
greater the number of incidents of "touching" that might be
aggregated, by some court, into "damages"
in favor of the pirate, against the
owner of the illegally distributed property.
This is a complicated issue involving both Federal and state law.
The subject needs to be
addressed with care, with complete regard for the rights of consumers and
technologists. But unintended legal
consequences cannot and should not persist, in state or federal law, as a
barrier to self-protection.
Second, existing law provides a disincentive
for legitimate institutions -- businesses, universities, foundations, even
congressional offices -- to audit and address their own unwitting activity in
supporting piracy through their own computer systems. The "NET Act" provides criminal penalties for use
of such systems in piracy, but rightly provides that the system operator is
liable only if specifically aware of the activity.
But if the law stops there, legitimate institutions will continue to have
a strong incentive to turn
a blind eye to their own support of mass, piratical distribution.
Even companies that can point to millions or even billions of dollars in
losses as to their own products still have a
very strong legal disincentive to find out whose products their own employees
are distributing via their own systems.
What is needed is to go further -- to provide a "safe harbor"
from criminal liability, under the NET Act, for entities that do try to find out
what is being illegally distributed via their own systems. Remember, Mr. Chairman, most broadband exchanges today
occur via institutional networks.
If
major organizations and institutions had
the proper legal incentive to clean up their own computer servers, the majority
of the illegally posted movies, books, songs, software, games, data, training
manuals, and pornography that we find in our audits could disappear overnight.
Thank you, Mr. Chairman, for the opportunity to have appeared today.
|
|
