Once upon a time on the Bowery
Talking Heads, 1977
This was their first weekend as a foursome at CBGB’s, after adding Jerry Harrison, before they started recording the LP “Talking Heads: 77.”
For the past few months, the Recording Industry Association of America (RIAA) has been slapping American MP3-swappers with lawsuits in an effort to deter an activity that the entertainment industry claims is costing it millions of dollars. But now, somebody is slapping back. Earth Station 5, or ES5, is a peer-to-peer (P2P) file-sharing network based in the Jenin refugee camp in the Palestinian Territories. The backers of ES5 say that the program can provide complete anonymity for its users via third-party proxy servers (computers that provide a kind of neutral buffer between a file downloader’s home computer and the network); has, on average, 16 million members connected to its network; will never contain stealth adware or spyware programs; and — because it is headquartered in the Palestinian Territories — is immune from the legal grasp of the RIAA and the Motion Picture Association of America (MPAA).
Moreover, ES5 has taken an aggressively hostile stance against the movie, music and software industries. There’s none of the wink-wink, nudge-nudge, we’re-not-responsible- for-what-our-users-do stance that goes on with other P2P platforms such as Kazaa, or, once upon a time, Napster. ES5 claims to be “at war” with the major media organizations. The company actively engages in file sharing, streams unlicensed first-run movies, and claims to have 200 terabytes of “free” music and software it plans to release across its network. And how does it respond to demands to cease and desist?
“Basically,” says ES5 media liaison Steve Taylor, “we tell them to go fuck off.”
“Earth Station 5 is trying to get press by throwing stones at us,” says Matthew Oppenheim, senior vice president of legal and business affairs for the RIAA. Maybe so. But if history is any example, Palestinians can be very determined stone-throwers.
Before Kazaa, before Audiogalaxy, before Gnutella, iMesh, LimeWire, MP3.com, or Napster, MP3 swapping was already rampant on the Internet. If you knew where to look, the files were there. On IRC and FTP sites and in newsgroups, MP3 trading raged. But it was all very quiet, very hush-hush. And then along came MP3.com and Napster. Suddenly, you didn’t have to know where to look anymore. It was all there for the taking.
But the centralized systems turned out to be easy targets for the RIAA. So the rapidly moving P2P world switched to decentralized servers, the Fast Track file-sharing system used by Kazaa and Grokster, and the Gnutella network used by eDonkey and LimeWire. Although the RIAA has had more difficulty stomping out these networks, it has still been able to uniquely identify users on those systems. These are the so-called “grannies and girl scouts” cases, in which the RIAA has sued end-users to try to stem the tide of file swapping.
As it always does, technology evolved in response. The latest generation of P2P applications, such as WASTE and ES5, are designed to thwart efforts to determine who is hosting or downloading files.
“Filehoover and I were talking about the Kazaa court case and how the Fast Track network lacks the ability to secure itself,” says “SharePro,” an ES5 programmer, via online messaging. (Like the users themselves, many of ES5′s employees rely on anonymity. Although a few of the company’s operatives, such as Taylor and company founder Ras Kabir, maintain a public presence, most of the employees tend to go by screen names.)
“Fast Track was built nicely three years ago. But today it is obsolete because it cannot complement modern secure protocols like HTTPS/SSL. Nor can Kazaa support proxies. It supports SOCKS proxies, which are mainly set up by hackers to steal passwords. So Filehoover, I and Ras discussed building a network and program that could support multiple proxies and secure P2Pr’s.
“In addition, we were concerned with how Kazaa contains spyware and the fact that they could be putting their entire user database at risk. Spyware sends at different intervals the Internet Protocol (IP) address, MAC address, registry settings, and the entire upload/download log of the P2Pr. In other words, Kazaa has infected over 300 million P2Pr’s and sold them out.”
But without advertising, or spyware, ES5 would seemingly have no way to make money. Considering the massive infrastructure required to support such an application and network — according to the European and Middle Eastern domain registry RIPE, ES5 owns blocks of thousands of IP addresses — as well as likely ongoing legal costs, ES5 would require some sort of major investment and, presumably, a major payoff eventually.
Taylor claims that the company is spending $2 million a month. Behind the scenes, he says, are six investors who fund the project and keep it going, four of whom are billionaires. He claims that the company sees ES5 not as a P2P network, but rather as a full-service portal, complete with voice-over IP for making long-distance calls on the cheap, online dating, and eventually, online gambling.
Yet ES5′s business plan — or lack of one — has raised all sorts of questions and suspicions. Rumors abound about the company’s motives. Many in the online file-trading community have speculated that ES5 is some sort of front for the RIAA and MPAA, engaging in a giant dragnet to snare unsuspecting sharers. Or that the network’s list of trusted proxy servers are actually RIAA “honeypots,” designed to snag users’ IP addresses. Taylor adamantly denies these stories, and points out the volume of financial damages ES5 is inflicting on copyright holders. Likewise, the RIAA’s Oppenheim scoffs at such rumors as “nonsense.”
Worse for ES5′s reputation, however, was a utility built into the software that wasn’t readily apparent. When Kazaa-Lite author Shaun Garriock reverse-engineered ES5′s software, he found a tool that allows the network to remotely delete files on users’ systems. When he disclosed his findings, it caused quite a stink online. ES5 states that the functionality was built in so that it might remotely update users’ software, and that it has since disabled the feature. However, the damage has already been done.
“The key to enabling any functionality that changes the user’s software or computing base is to fully disclose said behavior,” says security consultant and anonymity expert Len Sassaman, “so that the user is entirely aware of the actions of your software. When such functionality is stealthily introduced, it raises suspicions, warranted or not.”
Yet the real question for ES5 users is: Are you really anonymous?
“So-called anonymizers have not worked. We are filing actions against individuals who use them,” says Opppenheim. However, he concedes that the organization has taken no action against ES5 users thus far. “We haven’t filed suit against Earth Station 5 users to date, but we have the ability to identify infringers on that network and reserve the right to do so at any time.”
Shenanigans, replies Taylor. “You can’t trust anything the RIAA says.”
Since the RIAA won’t comment on ongoing investigations, we can’t know how it’s accessing user data. One answer might be that some ES5 users aren’t connecting to the network in “stealth” mode, the setting that hides a user’s IP address. Another, more likely scenario, is that the RIAA has found a way to exploit the network of third-party proxy servers ES5 relies on to conceal its users’ anonymity.
“Anonymity systems are extremely difficult to build,” says Sassaman. “What they claim to have is a ‘trusted proxy’ system, where the user’s anonymity is not verifiable, but relies on the proxy he is using being honest. Even if the proxy is honest, there are possible side-channel attacks which could result in leakage of information about the user.”
“Unless you know who the proxy is,” concurs Taylor, “you really don’t know what’s happening.” He states that ES5 is in the process of releasing a new version of the application (which should be out by the time this article appears) that doesn’t rely on proxy servers at all. But he won’t say how it works. “We’re not going to discuss that,” he says, “and the reason we’re not going to discuss that is because the bad boys read everything that’s out there.”
SharePro is equally circumspect on the details of the new network, even if he is adamant about its effectiveness. “We are releasing … a new version that will change the entire P2P industry,” he writes, “[with] the ability to forge your IP address and share/download. There is no way in hell that anybody can track you down using this protocol and there is no need for a proxy. It’s like putting a letter in a public mailbox with a fake return address.”
But what about the company itself? Isn’t it subject to legal action by the RIAA?
“We saw that a court was willing to exercise jurisdiction over [Kazaa parent company Sharman Networks],” says Oppenheim, referring to a court decision in January that found that although the company was headquartered in Vanuatu, a Pacific Island state with no copyright agreements, it could still be sued in the U.S. based on its millions of American subscribers. “And underlying infringers are subject to enforcement here.”
“They can try [to sue us in the United States],” laughs Taylor. “What are they going to do? Why don’t they sue us in China? Let’s say they did sue us and did win a judgment. What are they going to do, wipe their ass with it? How do they enforce it?”
And that does seem to be the question for the RIAA. Palestine is a unique place, but it isn’t lawless. ES5 argues that it isn’t breaking any laws, that as long as it doesn’t violate any Palestinian copyrights, everything’s kosher, so to speak. In Palestine, the company claims, all of its activities are entirely legal. This may or may not be true; it’s certainly complicated by the unique legal status of the territories in the West Bank and the Gaza Strip.
According to legal experts Salon talked to, the Palestinian autonomous area is a trouble spot for Western copyright holders, but not a complete free-for-all zone. Israel has intellectual property agreements with the Palestinian Authority that provide TRIPS-level copyright protections between the two entities. At the very least, this would secure Israeli copyrights. Even more compelling, however, is a statute dating back to the time when the entire region was a British Possession, the 1911 Copyright Act, which the Palestinian Authority claims to adhere to. Stanford University law professor and copyright guru Lawrence Lessig concurs with the prevailing Western opinion that ES5 is violating the law.
“The RIAA is correct,” says Lessig. “When someone downloads something in the U.S., that constitutes a violation in the U.S. So there is a U.S.-based wrong. They could get a default judgment against the Palestine-based P2P network, and then start foreign proceedings to try to get a judgment. But more likely is that they would get companies supplying bandwidth to stop supplying bandwidth. So whether or not it would be meaningless in Palestine, the RIAA can get effective justice just outside the border.”
Or can it? Taylor and Kabir provided Salon with copies of numerous complaints sent to Speednet, the ISP listed on RIPE as ES5′s access provider, from the MPAA, dating back to September. The company, however, remains online and untroubled. Taylor contends that under the 1996 agreement granting conditional authority to the Palestinian Territories, the Israeli government is obligated to provide Internet and communications access to the territories, and that the Palestinian Authority is of no mind to cut off ES5. Furthermore, he claims that ES5 has backup access, via satellites and other methods.
Yet whatever the truth of the matter is, and regardless of what the courts may decide, as long as the security situation in the Palestinian Territories is what it is, copyright enforcement will remain difficult for reasons that have nothing to do with international agreements, or the vagaries of an emerging legal system.
“A process server tried to serve papers one time,” Taylor explains. “Supposedly, there were shots fired.”
Mathew Honan is a San Francisco-based freelance writer. His work has appeared in Mother Jones, The National Journal Technology Daily, and Macworld magazine.More Mathew Honan.
This was their first weekend as a foursome at CBGB’s, after adding Jerry Harrison, before they started recording the LP “Talking Heads: 77.”
Patti Smith, Bowery 1976
Patti lit up by the Bowery streetlights. I tapped her on the shoulder, asked if I could do a picture, took two shots and everyone went back to what they were doing. 1/4 second at f/5.6 no tripod.
This was taken at the Punk Magazine Benefit show. According to Chris Stein (seated, on slide guitar), they were playing “Little Red Rooster.”
No Wave Punks, Bowery Summer 1978
They were sitting just like this when I walked out of CBGB's. Me: “Don’t move” They didn’t. L to R: Harold Paris, Kristian Hoffman, Diego Cortez, Anya Phillips, Lydia Lunch, James Chance, Jim Sclavunos, Bradley Field, Liz Seidman.
Richard Hell + Bob Quine, 1978
Richard Hell and the Voidoids, playing CBGB's in 1978, with Richard’s peerless guitar player Robert Quine. Sorely missed, Quine died in 2004.
This photograph of mine was used to create the “replica” CBGB's bathroom in the Punk Couture show last summer at the Metropolitan Museum of Art. So I got into the Met with a bathroom photo.
Stiv Bators + Divine, 1978
Stiv Bators, Divine and the Dead Boys at the Blitz Benefit show for injured Dead Boys drummer Johnny Blitz.
“The kids are all hopped up and ready to go…” View from the unique "side stage" at CBGB's that you had to walk past to get to the basement bathrooms.
Klaus Nomi, Christopher Parker, Jim Jarmusch – Bowery 1978
Jarmusch was still in film school, Parker was starring in Jim’s first film "Permanent Vacation" and Klaus just appeared out of nowhere.
Hilly Kristal, Bowery 1977
When I used to show people this picture of owner Hilly Kristal, they would ask me “Why did you photograph that guy? He’s not a punk!” Now they know why. None of these pictures would have existed without Hilly Kristal.
Dictators, Bowery 1976
Handsome Dick Manitoba of the Dictators with his girlfriend Jody. I took this shot as a thank you for him returning the wallet I’d lost the night before at CBGB's. He doesn’t like that I tell people he returned it with everything in it.
Alex Chilton, Bowery 1977
We were on the median strip on the Bowery shooting what became a 45 single sleeve for Alex’s “Bangkok.” A drop of rain landed on the camera lens by accident. Definitely a lucky night!
Bowery view, 1977
The view from across the Bowery in the summer of 1977.
Ramones, 1977 – never before printed
I loved shooting The Ramones. They would play two sets a night, four nights a week at CBGB's, and I’d be there for all of them. This shot is notable for Johnny playing a Strat, rather than his usual Mosrite. Maybe he’d just broken a string. Love that hair.
Richard Hell, Bowery 1977 – never before printed
Richard exiting CBGB's with his guitar at 4am, about to step into a Bowery rainstorm. I’ve always printed the shots of him in the rain, but this one is a real standout to me now.
Patti Smith + Ronnie Spector, 1979
May 24th – Bob Dylan Birthday show – Patti “invited” everyone at that night’s Palladium show on 14th Street down to CBGB's to celebrate Bob Dylan’s birthday. Here, Patti and Ronnie are doing “Be My Baby.”
Legs McNeil, 1977
Legs, ready for his close-up, near the front door of CBGB's.
Rev and Alan Vega – I thought Alan was going to hit me with that chain. This was the Punk Magazine Benefit show.
Ian Hunter and Fans, outside bathroom
I always think of “All the Young Dudes” when I look at this shot. These fans had caught Ian Hunter in the CBGB's basement outside the bathrooms, and I just stepped in to record the moment.
Tommy Ramone, 1977
Only at CBGB's could I have gotten this shot of Tommy Ramone seen through Johnny Ramones legs.
Bowery 4am, 1977
End of the night garbage run. Time to go home.