Smoke on the Water: What’s in a “locker”?

As we say around MTP, where there’s fire there’s smoke.

Given the misreporting about recent activity in “The Cloud”, one might want to consider the following regarding “locker services.”   What distinguishes what is called a “cyber locker” and “The Cloud”?  The more cynical among us may believe that companies like Google that profit from the human misery of artistic theft and want to launch cloud music services would like to blur this distinction as much as possible.

1.  Purpose of the “Locker”:  One of the fundamental issues in negotiating a license for a cloud music service is defining what the file storage areas will look like.  It is common to refer to these storage areas by a physical meme, such as a “locker”.  (For those in the space in the late 90s, this really is like Groundhog Day.)

We know what a locker is, we’ve all had them.  It’s a place where you keep things that belong to you and you put a lock on it that only you can open.  It’s a private area in the middle of a bunch of people, like a gym.  It’s a private secure area where only the locker owner is supposed to control access.  A private locker is just that—a place with access usually limited to one person whose identity is known (to the gym, for example) and that person, or that person’s parents, usually have a contract with the gym or wherever the locker is located.

If you look at some of the functionality of the sites that often call themselves “cyberlockers”, you’ll see that they bear little resemblance to the locker meme, and a lot more resemblance to a website with a bunch of links.  Or a virtual chop shop, albeit one with an endless supply of luxury cars.

Remember—the purpose of the Cloud storage area is to allow a user to store music they acquired legally (or created themselves) in an online location that they can access conveniently.  Perhaps the “user” includes a family.   And of course, the copies that are stored are licensed.  That limitation on access and that license are two fundamental attributes of a licensed storage area and are the fundamental distinctions between a virtual  private “locker” and a virtual chop shop.  (This is particularly true of the Apple iCloud and particularly untrue of the infringement inducing Amazon offering.)

Key aspects of an honest private locker service would include:

(a) Identification: Knowing the identity of both uploaders and downloaders—because if the true purpose of the service is to let users access their own content, then why wouldn’t the service offering the storage space and access want to know who was accessing the account?  Isn’t the value of an honest locker in offering storage to a known person who presumably pays something for the service or has an expectation that their identity will be known to at least the service offering the storage?

(b) Access: Limiting the number of persons who can access the account—because why wouldn’t an honest locker expect that a limited number of people had access to the private locker.  If you had even dozens of people accessing the private locker, at what point does it stop being private and start being public?  And if it’s public—it’s not private.  So if you don’t have a limit on the number of users when does the private locker stop being private and start being merely a user page in a larger website?

(c) Terms of Service:  The honest locker operator should provide terms of service that prohibits misuse of the account, including making the content available to anyone other than the limited set of people with access to the private locker.

(d)  Account Termination:  A repeat violator policy needs to actually result in a meaningful termination and deletion of the account—not just allowing the user to sign up under a different name within minutes and maintain previously uploaded files.

(e)  URL registration:  If linking is permitted at all, there’s no reason why a private locker would link to more than a handful of URLs.

(f)  No Toolkits:  It is very common for rogue sites to support any of a number of tools that allow users to check links, repost links that have been taken down under a DMCA notice (sometimes automatically reposting), permit files to be converted from one format to another (such as the many, many applications that allow YouTube videos to be converted to unauthorized mp3s).  No honest locker service should have any legitimate reason to promote these tools or to support their use.

2.  Purpose of the Virtual Chop Shop:  Unlike a “locker”, the virtual chop shop is not intended to be accessed by a limited number of users, not even a limited number of users who are related to each other.  Just like a real chop shop, nobody acknowledges where the illegal goods came from or even that the chop shop maintains willful ignorance of the origin of the illegal goods.  Also like a real chop shop, one reason that the virtual chop shot exists is to redistribute the illegal goods—at a profit.

Don’t forget—some of these are major operations including many that are consistently in the top 100 sites in the world (  including Rapidshare, Megaupload, Hotfile, MediaFire, 4Shared and Fileserve.  This is big, big business.  By comparison, licensed services (when I checked) like Pandora is number 349, is 2,633, is number 5,649 and is 15,527.

Rapidshare is number 88 when I last checked.  As Officer Malone said in The Untouchables, “Everyone knows where the booze is, Mr. Ness.”

So a virtual chop shop is the opposite of the “locker” in at least these important ways:

(a) The copies to be stored are not acquired legally.  Not only are the copies not acquired legally, they are often pre-release copies that have not even been authorized for distribution by anyone.

(b) The copies are intended to be distributed to unknown and unrelated companies that profit from the distribution by selling advertising or by selling faster access to the illegal copies.

(c)  The chop shop encourages other operators to link to them, and often compensates these operators for bringing traffic or referring users.

(d) They make no effort to identify users or to cross-reference content described in DMCA-style takedown notices.  (If I own the movie Casablanca and there are 1,000 instances of Casablanca that I can find in a chop shop but have not authorized, I have to send 1,000 separate notices—even if the chop shop provides tools for its users to locate these illegal copies.  And if the chop shop uses automatic reposting, the next minute I have to send another 1,000.)

(e) They allow users to use toolkit applications to check links for posting to blogs, message boards and the like, as well as reposting links that are disabled through take down notices.

3.  The DMCA Is Not An Alibi:    It is a mistake to think that a chop shop storage service can be addressed with DMCA notices.

When first passed by the Congress, the purpose of the DMCA safe harbor was arguably to offer a little latitude to reasonable people acting reasonably.  I have to believe that if you asked the Congressional judiciary committees as they were then constituted, much less the bodies as a whole, no Senator or Member would have ever, ever thought that they were passing a law that would require copyright owners to send what now in the ensuing years must be millions and millions of take down notices and to monitor the Internet 24/7.

Let us be clear—the DMCA has not only become an alibi, it is a really bad joke.  I used to think that all the DMCA did was create an underclass of artists who could not afford to enforce their rights.  What it really has accomplished is to create a massive income transfer program to rogue sites.

Neither would Members of Congress have thought that their carefully crafted statute would be turned into a cat and mouse game where copyright owners large and small, independent artists, film makers and major labels and studios, would be told that the DMCA imposed a “shared” responsibility—if you catch me, and only if you catch me, and only each time you catch me, will I disable access to infringing material.  “Shared”, get it?  Stop me before I infringe again.

Yes, in a world where massive theft is passed off as “file sharing” and placing 100% of the online policing burden on the copyright owner is “sharing”, I really wonder what responsibility looks like?  Maybe it’s being responsible for exercising your Google options?

To paraphrase David Mamet, “sharing is collaborative…now bend over and collaborate.”

See also: The 500,000,000 Cost of Google’s 5 million DMCA Notices

7 thoughts on “Smoke on the Water: What’s in a “locker”?

  1. This isn’t hard to agree with, but my question as a musician and producer is, how can we ensure that the technologies I use to transfer large files back and forth to clients (who seem allergic to FTP) can exist while targeting the bad actors? It seems to me that the DMCA has allowed for the development of many useful technologies, although I do understand the burden of notice-and-takedown being perhaps unfairly shouldered by those creators and rightsholders who lack the time and resources to follow up on every incident of infringement. So I ask you this question in all humility: what should a new balance look like? A second question is, are you prepared to accept the existence of multi-use technologies that have perfectly legitimate uses, but can be used for infringement? If the answer to the latter is yes, than the former becomes even more important.


  2. I’m prepared to accept multiuse technologies, just like I’m prepared to accept that my Mossberg pump can be used different ways by different people. The people who use it in an illegal way should be prepared to accept the consequences for their actions as there is no principle of Judeo-Christian (or any other) jurisprudence that says guilty means only having to say you’re sorry when you’re caught. (With apologies to Bob Evans.)

    In these particular cases, though, it think the answer is pretty clear: If advertisers of legitimate goods are going to profit from selling advertising on distribution hubs that pay users to upload and distribute millions of copies of content, it does not seem at all unreasonable that the advertiser would want to pick up the phone and call MPAA to see if any of the studios had licensed that distribution hub. That’s certainly more likely to get an answer than sticking their head in the sand.

    Or even better–expect their ad-serving company to do the same. I think I would be pretty happy if people actually adopted and executed the “Advertisers Bill of Rights” .

    So it really boils down to this: Do you want to bring eyesight to the willfully blind? Or shall we continue to deal with the devastating effects of moral hazard?


  3. So, we appear to agree that payment processors and ad networks are the best place to start (provided there is requisite due process protections). Can we begin with that, and hold off on the DNS stuff and the broad definitions “(facilitates,” separated by a flimsy “or” between that and the preceeding “dedicated to”)? Because that would be a far more thoughtful and cautious approach that would likely have broader support.

    Copyright needs to be enforced, or the rights are worthless. Legit business models need to gain traction, which means bad actors should be dealt with. But let’s limit the collateral damage so I an keep doing the lawful stuff I do with my rights.


  4. Thank you for this, Chris. It is informative and, I think, very balanced. My hope is that WHEN SOPA passes, we can more effectively deal with the chop shops and YouTubes and Groovesharks as “rogue” sites and shut them down.


  5. Asp :

    So, we appear to agree that payment processors and ad networks are the best place to start (provided there is requisite due process protections). Can we begin with that, and hold off on the DNS stuff and the broad definitions “(facilitates,” separated by a flimsy “or” between that and the preceeding “dedicated to”)? Because that would be a far more thoughtful and cautious approach that would likely have broader support.

    Copyright needs to be enforced, or the rights are worthless. Legit business models need to gain traction, which means bad actors should be dealt with. But let’s limit the collateral damage so I an keep doing the lawful stuff I do with my rights.

    If someone is stealing your car, you can call 911 and the police have a well established doctrine for what to do. If someone is stealing your life’s work online and you call 911, they don’t know what to do because they don’t have a doctrinal response to the citizen. You can make excuses for Google all the live long day and you will not change the fact that the number one piracy tool is search and the reason the search companies are having heart failure over rogue sites legislation is because they want to keep profiting from theft. Period, end of story. So as you know, we agree about virtually nothing.


  6. Agreeing on “virtually nothing,” is still something, so I’ll take it.

    Search is the most useful tool for everything; should we destroy it because of one of its uses? Or is it perhaps better to eliminate the economic incentive for the bad actors who can be located using this tool? I think the latter makes most sense, but I guess I’m just inclined to like tools that help me find this site when I search for terms like “Chris Castle + copyright.”

    I wouldn’t be comfortable with you being on a blacklist, but if your site was selling bags of glass to children and making money through ads and credit card processing, I think that preventing those transactions is a good idea.

    To the commenter saying that the proposed legislation would let the US government take down YouTube, well, that’s not what’s on the table. And I know an awful lot of rightsholders who would be disturbed if it were. I have heard directly from the mouths of these rightsholders that YouTube represents one of their most significant revenue streams for digital. I know the platform is owned by Google, and therefore “evil,” but there is a lot of potential in Content ID, and my guess is that technologies of that kind will help alleviate some of the burdens of notice-and-takedown.

    But then again, I like technology. And copyright. And enforcement.


  7. I hesitated to post your comment because of the irrresponsible and frankly tiresome implication that the rogue sites legislation is a “blacklist” which it is not. However, you raise an interesting point about Content ID which is that Google is currently in possession of information it could use to filter unwanted and probably illegal or actually illegal search results–including in organic search–by a number of tools, including hashes if I understand the Content ID functionality correctly. And yet we are told that YouTube is a special case and is not part of their anti-piracy efforts in search. Why? Because using information from Content ID to filter search might actually work and it would otherwise give them actual knowledge of many infringements in search which they will want to be made to acknowledge on a case by case basis even though they are currently in possession of the information. Why? Because they can raise their copyright infringement litigation budgets from selling advertising for illegal drugs or in the public financial markets and indies cannot, so the litigation scares off thousands of people who individually aren’t losing much, but together.,.well, it takes a village to make a profit center.

    Instead of setting up a straw man with searches for me, why don’t you use something real, like searches for adjudicated infringers like Pirate Bay, Isohunt, etc. Google could very easily block those domains and in fact did block the Pirate Bay by accident a few years ago. They then made a public announcement that never fear, the Pirate Bay would be back up pronto. Which it was. Because it profits Google to do so.

    I don’t know who you are talking to, but YouTube is not a “most significant revenue stream for digital.” That would be iTunes, iTunes, and iTunes. And that would very likely be majors, majors and majors. YouTube routinely screws indies and independent artists, and also sends garbage accountings along with the checks to the majors, almost guaranteeing that the actual artists involved will rarely see their share because the payments cannot be easily broken down. This is a very, very old game the likes of which we haven’t seen in the music business since the days of Artie Mogul. And even Artie would make a deal and then pay you what he wanted to pay you anyway, or so the legend goes. Artie wouldn’t refuse the deal and then steal your work anyway. Lower lows.

    But nice try, I’m sure Google will renew your Google Fellowship.

    So as far as defining evil goes, I think plotting to sell counterfeit drugs online indiscriminantly and profiting from human misery pretty much defines one version of evil. That’s why Google was hunted down like common criminals by law enforcement. See Harry Lime–even Harry Lime never made $500,000,000 from drugs like Google did. (And if you count all the drug sites on, continues to do so this very minute.) As Joseph Califano, Jr. told Eric Schmidt, Google is uniquely positioned to reduce this evil and they ignored him, just like they ignore indies. The only good news about that is that they can probably only buy their way out of an indictment once.

    And that story is not over by a long shot. So think about that when the wrongful death suits get filed by state AGs over the Google drugs debacle–maybe after the record is developed a little further in the shareholder derivative suit for Google taking a “liar’s profit”. That fellowship might start looking like blood money.


Comments are closed.