Report – Rapidshare Gave Personal Information to Rights Holders to Assist Home Raid of Uploader Drew Wilson | April 30, 2009 For a while, Rapidshare was becoming an alternative to BitTorrent. The speeds were great because you are connected to a server and there’s plenty of content to get through different search engines throughout the web. For one user, who evidently uploaded Metallica’s Death Magnetic album days before it’s official street date release, it probably felt like a site that was relatively safe given that most p2p users use BitTorrent – apparently not after the user got their house raided by officials. Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes An editor from Gulli.de has written in to offer a personal translation from German to English an exclusive report into how Rapidshare gave personal information to rights holders details about an uploader. First, a quick overview of what has been happening in this particular case. Back in March, Gulli highlighted (Google translation) a new development that could set a new precedent for file-hosting services like Rapidshare. At the time, not much was known, but a person who uploaded a pre-release album – Metallica’s ‘Death Magnetic’ album to be precise was subject to a home search by prosecutors. There was high suspicion that it was because he uploaded the album, but it wasn’t entirely clear how the upload was connected to him. Still, there was reason to believe that Rapidshare divulged the information to rights holders given that they have already been under pressure from rights holders. Later on that month, more details were discussed and more theories were presented. The question was, has Rapidshare, for the first time, handed over the IP address to a third party through a copyright infringement complaint? There were discussions surrounding local copyright laws and whether this case involved a civil complaint or a criminal complaint. There appears to be discussion on the time frame between when the upload was discovered and when the persons house was raided. Unfortunately, one could only discuss theories on what happened because Rapidshare and rights holders remained tight-lipped on the situation. However, there was an interesting conclusion that the attractiveness of a file-hosting could greatly diminish if the website was found to be handing over personal information (namely IP addresses) to third parties via a copyright infringement complaint – bad news for a prominent file-hoster. Now, Gulli has received confirmation on a number of things regarding this case. Here’s a rough translation provided by FireBird77, though he says that the translation might not be error free: The order of the judge, to raid the house, was soon after that posted in a forum, where it got into the hands of my colleague MSX. At a first view, it seemed like an ordinary judge decision, only with the detail, that it was ordered against an Uploader of Rapidshare. There could have been thousand options, how they got the IP-Address of the person. The scanned decision was transmitted to me by my colleague, so that I had the chance to take a closer look at it. There the difference then pointed out, how the public prosecutor got the IP-Address of the uploader. An e-mail, which was forwarded to us soon after that and that was sent from the Support of Rapidshare, confirmed our suspicion. The civil law based information claim had to be used to get the IP-Address. This information claim went real on 01.09.2008 an gives rights holders the ability, to bypass the public prosecutors, an get to the address of suspected copyright infringers. A list of IP-Addresses can be brought to a judge, if he signs the civil law based information claim, the providers have to tell the names an addresses to the given IP-addresses. But since the introduction of the law, it was only used for P2P-Users and Providers. Now it obviously seems, that it can also be used for something else. As you can see in the second break, the lawyer contacted the German providers 1&1, the Deutsche Telekom AG aswell as Rapidshare AG through the § 101 UrhG. This paragraph represents the civil law based information claim. As it follows, the district court Bielefeld signed the order. The Uploader was accused of uploading music-tracks which the Major labels are the rightsholders. The uploader is concretely accused of uploading the TOP 100 Music-Charts. The value of claim for an MP3 is about 10.000 Euro in Germany at the moment. 100 Tracks, 10.000 Euros. Finishes at 1.000.000 Euro value of claim. If the uploader would get sued and loses in the first instance, he has costs of about 40.000 to bury. It seems like the German content-industry found the ultimate weapon against copyright infringers, with the civil law based information claim. The only factor that is still not absolutely clear is, when this claim can be used. The most probable assumption is the location of the servers. At the moment there are a lot of discussions, if the place of the servers is the reason why § 101 UrhG was applicable. A RS-Support mail says, that this is not the main reason. The problem is, that the explanation is pretty strange. If German law is applicable, then they have to hand out the information, the support mail tells. A user in the gulli:board posted this mail and wrote the thought, that only links from German sites are the reason. The problem is: The cease & desist letter contains the forums, from which the rightsholders got the link. And those forums are not in Germany. We also thought, that the German language could be the reason. But this would be crazy. Changing the sites language from German to English would solute the problem. We´re still waiting for an answer from the lawyer. Until that, the place were the servers are (and Rapidshare has a lot of their servers in Germany) seems the most practicable point. We will work on. So essentially, rights holders in Germany have found a way to exploit the local copyright laws to get Rapidshare to divulge an IP address – sufficient information for rights holders to get other personal information to get prosecutors to investigate. It appears as though that a link was posted to the content on a non-German based website, but since the servers of Rapidshare are located in Germany, that hardly matters and the prime suspicion on why German laws were used against this individual. Shortly afterwards, a representative from Rapidshare issued a press release to confirm that the law applied in this case because the servers were located but the server location had nothing to do with it. It appears, though, that not all the information in this case is perfectly clear, so this story seems to be ongoing. You can read a Google translation of the original report here. All information in this case has been provided by Gulli – a German file-sharing site. Thanks for the translation! Update: The editor corrected me, saying that the server location had nothing to do with the case and that the German laws applied to all filehosters. Exactly when does the law apply is not clear and Gullli is working with lawyers to figure this fact out. Drew Wilson on Twitter: @icecube85 and Google+.