Arista Records LLC et al v. Lime Wire LLC et al
Filing
378
DECLARATION of Melinda E. LeMoine in Support re: 234 MOTION for Permanent Injunction.. Document filed by Arista Records LLC, Atlantic Recording Corporation, BMG Music, Capitol Records, Inc., Elektra Entertainment Group, Inc., Interscope Records, Laface Records LLC, Motown Record Company, L.P., Priority Records LLC, Sony BMG Music Entertainment, UMG Recordings, Inc., Virgin Records America, Inc., Warner Bros. Records Inc.. (Attachments: # 1 Exhibit 1, # 2 Exhibit 2, # 3 Exhibit 3, # 4 Exhibit 4 (Under Seal), # 5 Exhibit 5 (Under Seal), # 6 Exhibit 6, # 7 Exhibit 7, # 8 Exhibit 8)(Lemoine, Melinda)
<![CDATA[
EXHIBIT 8
STATEMENT BY Mark Gorton Chairman, The Lime Group BEFORE THE COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM UNITED STATES HOUSE OF REPRESENTATIVES ON Inadvertent File Sharing Over Peer-To-Peer Networks: How it Endangers Citizens and Jeopardizes National Security FIRST SESSION, 111TH CONGRESS JULY 29, 2009
Not For Publication Until Released By The Committee On Oversight And Government Reform United States House Of Representatives
Dear Chairman Towns, Ranking Member Issa and Member of the Committee: I would like to thank you for inviting me to speak before the Committee today. My name is Mark Gorton, and I am the founder and Chairman of Lime Wire LLC. I am happy to report that immediately after the Committee brought the issue of inadvertent file sharing to my attention at the July 24, 2007 hearing on the matter, Lime Wire began the process that culminated in all but eliminating inadvertent filesharing with the LimeWire application. Specifically, within weeks of the July 2007 hearing, the Lime Wire team began working with the Distributed Computing Industry Association ("DCIA") to establish an Inadvertent Sharing Protection Working Group (the "ISPG") of leading P2P and other technology companies to address issues associated with inadvertent sharing of personal and sensitive data. Lime Wire, the DCIA and the ISPG have since worked directly with staff at the Federal Trade Commission in an iterative process to formulate and implement the Voluntary Best Practices For P2P FileSharing Software Developers to Implement To Protect Users Against Inadvertently Sharing Personal or Sensitive Data (the "VBPs"), announced in July 2008. In summary, the VBPs outline seven principle best practices in the areas of: 1) default settings, 2) filesharing controls, 3) sharedfolder configurations, 4) usererror protections, 5) sensitivefiletype restrictions, 6) filesharing status communications, and 7) developer principles. In so doing, LimeWire, the DCIA, the ISPG and the FTC created a set of best practices that may serve as a guide for not only Lime Wire, but all filesharing software developers, in addressing the issue. Within six months after the issuance of the voluntary best practices, Lime Wire, in December 2008, released LimeWire 5, culminating a concerted effort to combat and eliminate inadvertent file sharing in accordance with compliance with these principles. The LimeWire team has put tremendous effort into resolving the issue, completely redesigning and reengineering the entire user interface for the LimeWire application. This has been an enormous task, and our efforts have proved worthwhile. Thanks in part to ongoing feedback from the FTC and DCIA, Lime Wire has since released LimeWire version 5.2.8 taking the inadvertent sharing prevention built into LimeWire 5 and making it stronger and even simpler for the user to control. To mention some of the highlights since the July 2007 hearing · LimeWire 5 does not share any Documents by default.1 In order for a LimeWire user to change their default settings to enable Document sharing, they have to click nine times and disregard three warnings. A LimeWire 5.2.8 user cannot share or even place into the LimeWire Library their "My Documents" folder, "Documents and Settings" folder, "Desktop" folder, or "C" drive no matter what. And this setting cannot be changed. If a user shares the contents of a folder, LimeWire 5.2.8 will not share the Documents in that folder even if the default settings have been changed to allow Document sharing.
·
·
1
LimeWire considers 150 file extensions to be Documents that are not shared by default. See pp. 10, infra.
Page 1 of 21
·
In LimeWire 5 there are no "shared" folders, meaning that if a user elects to share a folder they are only electing to share the contents of that folder at that particular time, nothing will be shared that a user adds to that folder at a later point in time. All LimeWire versions 5 and above automatically unshare Documents that a user may have shared using an earlier version of LimeWire 4.
With these changes, I am confident that with LimeWire 5.2.8 any sharing is intentional sharing. For the convenience of the Committee, please find a detailed list of the changes made to the LimeWire application attached to this testimony at Appendix A. Lime Wire is proud to have taken a leadership role in the reduction of inadvertent file sharing and, if the Committee desires, Lime Wire is happy to be of assistance with any efforts to ensure that other makers and distributors of P2P software follow suit. From the vast improvements that Lime Wire has made on the front of inadvertent file sharing, I hope that the members of this Committee can see that Lime Wire is sincere and dedicated to working with this Committee and in addressing serious issues that is brought to our attention. In addition to this Committee, Lime Wire has formed successful working relationships with the Federal Bureau of Investigation, the New York State Attorney General's office, and the FTC on a range of issues surrounding P2P file sharing. Unfortunately, the popular perception of LimeWire regarding inadvertent file sharing fails to match Lime Wire's excellent record in addressing this problem. A good part of this misperception is due to the distribution of inaccurate and misleading information concerning LimeWire. One recent example is the July 2009 report of Thomas Sydnor of The Progress & Freedom Foundation entitled "Inadvertent File Sharing ReInvented: The Dangerous Design of LimeWire 5." The numbers of factual discrepancies in Mr. Syndor's report are too many for me to cover in my opening statement but I have attached a thorough illustration to this written testimony as Appendix B. As well, since the PFF report, a new version of LimeWire has been released version 5.2.8, which takes the inadvertent sharing prevention built into LimeWire 5 and improves upon it making it even simpler for the user to control sharing. In short, contrary to what Mr. Sydnor states, LimeWire 5 does not share useroriginated files by default. In fact, by default, LimeWire 5 shares no files of any sort for the new LimeWire user.2 Also contrary to what Mr. Sydnor states, LimeWire 5 does not share "sensitive file types" by default. In fact, by default LimeWire does not permit sharing of Microsoft Word documents, Corel documents, many proprietary tax document extensions, Excel spreadsheets, power point presentations and .pdf file. .Pdfs are file types that are most often associated with scanned personal documents as .pdf is the default file format for most consumer grade scanners. For example, Apple used .pdf as the native metafile format for Mac OS X. Regarding Mr. Sydnor's comment that "LimeWire 5 will share Documents and Settings and its subfolders", LimeWire 5.2.8 does not permit the sharing of a user's "Documents and Settings" folder, nor a user's "My Documents" folder, "Desktop" folder, or "C" drive. This is true no matter where those folders are located. In fact, LimeWire 5.2.8 does not even permit placing these folders or drives into the
For details regarding the sharing of previously shared files for a previous LimeWire user, see p.12, fn. 5 infra.
2
Page 2 of 21
LimeWire Library. Further, no matter what folder or file a user attempts to share, if it is a folder that contains Documents or is a Document file, LimeWire 5.2.8 by default will not share the Documents in that folder or that Document file. Should the Committee take Mr. Sydnor's report into consideration in this investigation, I implore it to make its own assessment as to its accuracy. Although Lime Wire has all but solved the problem of inadvertent file sharing for users of the LimeWire application, the global issue of inadvertent file sharing has not been resolved. While the LimeWire software allows its users to access the Gnutella network, LimeWire is not alone in providing access to the this network, much like Google, Yahoo, and Microsoft are not alone in providing access to the internet. To hold LimeWire solely accountable for what is available on the Gnutella network would be akin to holding Google solely accountable for what is available on the internet both LimeWire and Google provide search and access capabilities to their respective superhighway, but they do not control that superhighway. There are hundreds of P2P applications in the world that are based on the same protocol as LimeWire (i.e., the Gnutella protocol), that allow user access to this same network, and consequently, that contribute to the issue of inadvertent filesharing on Gnutella. Though a file may be found with the LimeWire application, it simply cannot be determined what P2P application was used to place that file into the Gnutella network. As many of these applications are produced outside of the United States, a US regulatory approach that focuses on software developers will always face an uphill battle with other, nonU.S. P2P developers. I would also like to take this opportunity to discuss the current legislative and regulatory environment regarding copyright and the Internet. The gap between copyright law and the actions of hundreds of millions of Americans is enormous, and the lack of viable copyright enforcement mechanisms has pitted the recording industry against its customers and technology companies. For its part, Lime Wire has been working to build a relationship of collaboration between P2P and the recording industry. Lime Wire has invested millions of dollars creating the LimeWire Store to help rights holders monetize users at the point of acquisition: located at store.limewire.com, the LimeWire Store currently sells licensed, DRMfree MP3s. Recent distribution deals bring the total number of sound recordings to over 3.5 million, from hundreds of thousands of artists. In addition, Lime Wire is actively building an advertizing solution to allow participating content holders to profit from advertising related to their media. Many of the very most senior people in the music industry support working constructively with Lime Wire, but building an industry wide consensus on a policy change regarding P2P is a slow, grueling process. After many, many meetings with record industry executives, I am convinced that the industry recognizes the benefits of embracing P2P in order to stay relevant going forward. The history of copyright regulation is one where new technologies have created issues for the old regulatory system, and then the regulatory system was updated to take into account the abilities of the new technologies. The Internet has transformed media distribution and consumption, yet copyright regulation has yet to be updated to account for the new capabilities of digital technologies.
Page 3 of 21
As a technologist, I have a good sense of the range of technical possibilities available to regulators as they consider updating regulations surrounding the Internet. The Internet is not unpolicable. With determined, targeted regulation, almost any level of control of the Internet is possible. For anyone interested in learning more about this topic, I highly recommend the recent Harvard Business School paper authored by Felix OberholzerGee and Koleman Strumpf titled "File Sharing and Copyright". More than any publication I have yet seen, this paper does a good job at analyzing the costs and benefits of file sharing to both makers and consumers of creative works. A new regulatory balance needs to be found, one that allows our country to benefit from the technical innovations of the digital age while at the same time allowing artists to profit from their work. This system needs to provide incentives to the creators of content while limiting rent seeking behavior that exploits the protections given artists at the expense of the general public. If the correct balance is to be found, Congress must be sure to keep the interests of the American public in mind and not just the corporate interests who pay to have their viewpoint well represented. This legislative reform will be hard work, but if any members of Congress are interested in crafting this legislation, I would be very happy to spent the time to work to find realistic, well balanced solutions to the disconnect between current law and public practice. Mr. Chairman, Ranking Member Issa, Members of the Committee, thank you for bringing to my attention and allowing me the opportunity to deal with the issue of inadvertent filesharing and for the opportunity to appear before this Committee today.
Page 4 of 21
APPENDIX A Since my deposition testimony on July 24, 2007, Lime Wire has made the following changes to the LimeWire software and underlying code to address the Committee's concerns regarding inadvertent filesharing: A. In LimeWire 4.13.13, released July 24th, 2007, Lime Wire updated the "sensitive directory check" to include Windows Vista's "Documents and Settings" directory. The "sensitive directory check" is used to warn users when a sensitive directory may be shared. B. In LimeWire 4.15.0, released November 29, 2007 (the first major release following my testimony): i. The first major change was designed to help the user understand what was being shared and to make more clear how to remove things he/she may not want shared. This change introduced a link, always visible on the search screen, that said, "View your ### shared files", where ### was the number of files that were shared. Clicking on it would open up a tab that displayed every single shared file. You could rightclick on any file and choose to stop sharing that file. 1. A link was introduced on the page displaying your shared files that said, "You are sharing ### files. You can configure which files LimeWire shares." Clicking on that link would open up LimeWire's sharing preferences, where the user would have greater control over which folders were shared. ii. The second major change was designed to give more control over what file types were shared. This change introduced a new step in LimeWire's setup that let the user choose which extensions would be shared. Extensions were categorized into "Audio", "Video", "Documents", "Images", "Programs" and "Other". The user could uncheck any category, or any extension within a category, and LimeWire would stop sharing all files that were in that category. 1. In order to provide even greater control over sensitive file types, certain sensitive file extensions (including but not limited to .doc and .pdf) were marked as "sensitive". An option was added to this page that said, "Do Not Share Sensitive File Types" and was checked by default. Unless the user unchecked this option, LimeWire refused to
Page 5 of 21
allow any sensitive file type from being shared when a directory was shared. iii. The third major change was designed to warn the user in the event an ordinate number of files where being shared by that user. If LimeWire detected that a large number of files were shared, or a large number of folders were recursively shared, LimeWire displayed a warning telling the user that many files were being shared and giving the user the ability the go to their options menu and change this. These warnings were displayed every time LimeWire started until the user actively chose to either correct the problem or hide the warning. iv. The fourth major change was designed to reduce confusion over what is shared and what is saved. This was accomplished by splitting the Sharing & Saving directories. Previously, LimeWire would create one directory called "Saved" where downloads would be saved to. Users also frequently elected to "share" this folder. In order to reduce confusion, this was changed so that downloads would be saved to a folder called "Saved" and a separate folder called "Shared" would be shared by default. The "Saved" folder was no longer shared by default. v. The fifth major change was designed to make sure that all default options were skewed to not sharing sensitive information. This was accomplished by reviewing all prompts where the user was asked whether or not they really wanted to share something. The review focused on defaulting to the negative for any folder or file that was deemed sensitive. vi. Minor Changes: (1) A bug was fixed so that Windows Vista's "Documents" directory was properly considered a "sensitive directory". (2) A bug was fixed so that if a sensitive directory was shared through recursive sharing, the user was properly warned. (3) The "Cookies" folder was added to the list of folders that cannot be shared. C. In LimeWire 4.17.6, released March 27th, 2008, Lime Wire made additional changes to make it more clear to users how LimeWire shares and what sorts of information is likely to be sensitive information. i. When a user chose a new "Save" folder, LimeWire warned them if this folder could contain sensitive information and allowed the user to choose a new location to store downloaded files. ii. In addition we improved the wording for sharing individual files, extensions that are shared, partial filesharing & .torrent filesharing, so that it would be clearer to the user what was being shared.
Page 6 of 21
iii. We audited every possible way a file or folder could become shared and verified that proper warnings are displayed. A few issues were found where the user wasn't properly warned that some files could not be shared, so warnings were added. Prior to this, the folder would still not be shared, but the user was not informed why it was not shared. D. In LimeWire 5.0, released to the public on December 9th, 2008, LimeWire fundamentally changed the way filesharing works. Lime Wire started from the ground up and addressed the fundamental problems that led to inadvertent file sharing. i. Persistently Shared Folders were removed entirely. A user can drag a folder into LimeWire to share it, but the folder itself is no longer shared. Only the files that were in the folder at the time it was dragged are shared. If a new file gets added to the folder at a later point in time, that new file is not shared. Dragging a folder into LimeWire to share it is simply a shortcut for selecting many files and sharing them each individually. ii. Because shared folders no longer exist, recursive sharing (i.e., automatic sharing of newly added files to a shared folder) also no longer exists. In order to drive this point home, recursive sharing doesn't even happen when a user drags a folder to be shared. iii. Documents cannot be shared with the P2P network by default. In order to change this, a user must change his/her settings by going to Tools > Options > Security and clicking Configure under the heading "Unsafe Categories", and disregarding the following warning, "We strongly recommend you do not enable these settings". Should a user elect to continue beyond this point, he/she then has to affirmatively "check" a box stating "Allow me to share documents with the P2P Network" and then click "O.K." in disregard for the following warning: "Enabling these settings make you more prone to viruses and accidentally sharing private documents". Even if a user had shared documents in a version of LimeWire prior to LimeWire 5, these documents will be unshared upon the installation of LimeWire 5. iv. Viruses are typically contained within program files. To address viruses, LimeWire 5.0 completely removed the ability to manage, share, or download any kind of program file. In order to change this setting, the user must go to the same "Unsafe Categories" option with the same warnings as described in 3,E,iii, above. E. LimeWire 5.2.8 introduced even further protections against inadvertent file sharing.
Page 7 of 21
i. Language has been changed to address the pertinent actions of sharing in layman's terms. Instead of using "P2P Network", terms like "Public Shared" and "Shared with the world" are consistently used throughout the program. These terms were found, through user testing, to be the clearest expression of the underlying actions and related consequences of sharing files. ii. For new LimeWire users, the LimeWire Library is no longer populated automatically. Nothing appears in the user's Library unless they put it there. iii. Additional warnings to users were added if a user tries to share sensitive file types after they disable the default settings preventing them from sharing sensitive file types. Along with this, an "Unshare all" button was added to this warning which, when clicked, not only unshares all sensitive filetypes, but also reverts back to the default settings preventing the sharing of sensitive filetypes. iv. Bugs related to inadvertent filesharing were found and fixed. v. Additional file extensions were added to the list of "sensitive file types". "Sensitive filetypes" that are not shared or shareable by default now number 150. vi. The listcentered organization of the library was introduced, allowing users to create groups of files for easier, more informed sharing functionality.
Page 8 of 21
APPENDIX B Re: The Progress & Freedom Foundation, "Inadvertent FileSharing ReInvented: The Dangerous Design of LimeWire 5" (Thomas D. Mr. Sydnor II, July 2009)(the "Report"). I would ask that the Committee take note at the outset that the Report inexplicably concerns itself only with LimeWire. Mr. Sydnor does not make it clear, but the LimeWire software application is only one of many software applications that use the Gnutella protocol to allow users to access the Gnutella network. Some of the more popular Gnutella bases peertopeer programs include Shareaza, Bearshare, Frostwire, and MP3Rocket. And there are many more, including a great number of counterfeit LimeWire applications and many foreign distributed applications. A P2P user can share documents with any one of these applications, not just LimeWire. For every file type that is found using the LimeWire application, it is impossible to determine whether it originally entered the Gnutella network using the LimeWire application or any of the other Gnutella speaking applications. The Lime Wire team has worked very hard to make the LimeWire application the safest and most secure P2P available. And it has succeeded. To dilute or obfuscate the effort and success of Lime Wire by misattributing to it all things P2P runs a very real risk of leaving unmanaged, rogue and irresponsible P2P companies to flower and create true insecurity where LimeWire has created true security. As a threshold matter, it is important to note that the Report redefines (without making clear that it is in fact a new definition) "sensitive file types" to include all Images, Audio and Video. See e.g., the Report, pp. 1516. It is this new definition of "sensitive file types" that Mr. Sydnor uses throughout the Report. However, this new definition is simply unworkable: it has no basis in the industry; it cannot reconcile itself with the near 1 trillion "image" files posted by the public to the internet to date 3 ; and it is in contravention of the definition of "sensitive file types" that has been used by the industry and industry players to date. Specifically, the Distributed Computing Industry Association's ("DCIA") Inadvertent Sharing Protection Working Group's ("ISPG") Voluntary Best Practices ("VBP") defines "Sensitive Files Types" as: "file types which are known to be associated with personal or sensitive data, for example, those with file extensions such as .doc or .xls in Windows Office, .pdf in Adobe, or the equivalent in other software programs." As this is the definition accepted and used by the industry as a whole, this is the definition used by LimeWire in defining what file types will not be shared by default. Mr. Sydnor's confusing and confounding expansion of the definition of "sensitive file types" makes it appear that LimeWire shares "sensitive filetypes" by default. To be clear, it does not. 4
TechCrunch, April 7, 2009 (http://www.techcrunch.com/2009/04/07/whohasthemostphotosofthemallhint itisnotfacebook/). 4 In LimeWire 5.x up to 5.2, allowing Document sharing was accomplished by going to Tools > Options > Security and clicking Configure under the heading "Unsafe Categories", and disregarding the following warning, "We strongly recommend you do not enable these settings". Should a user elect to continue beyond this point, he/she then has to affirmatively "check" a box stating "Allow me to share documents with the P2P Network" and then click "O.K." in disregard for the following warning: "Enabling these settings make you more prone to viruses and accidentally sharing private documents". If a user was running a previous LimeWire 5.x version, AND affirmatively changed the settings as described above to allow document sharing, AND affirmatively elected to share a specific
3
Page 9 of 21
Included among "sensitive file types" (referred to as "Documents" in the LimeWire application) that are not shared by default in LimeWire 5.x up to LimeWire version 5.2.8 are files with the following extensions: html, htm, xhtml, mht, mhtml, xml, txt, ans, asc, diz, eml, pdf, ps, eps, epsf, dvi, rtf, wri, doc, mcw, wps, xls, wk1, dif, csv, ppt, tsv,hlp, chm, lit, tex, texi, latex, info, man, wp, wpd, wp5, wk3, wk4, shw, sdd, sdw, sdp, sdc, sxd, sxw, sxp, sxc, abw, kwd. Included among "sensitive file types" (referred to as Documents in the LimeWire application and this testimony) that are not shared by default in LimeWire 5.2.8 are files with the following extensions: 123, abw, accdb, accde, accdr, accdt, ans, asc, asp, bdr, chm, css, csv, dat, db, dif, diz, doc, docm, docx, dotm, dotx, dvi, eml, eps, epsf, fm, grv, gsa, gts, hlp, htm, html, idb, idx, iif, info, js, jsp, kfl, kwd, latex, lif, lit, log, man, mcw, mdb, mht, mhtml, mny, msg, obi, odp, ods, odt, ofx, one, onepkg, ost, pages, pdf, php, pot, potm, potx, pps, ppsm, ppsx, ppt, pptm, pptx, ps, pub, qba, qbb, qdb, qbi, qbm, qbw, qbx, qdf, qel, qfp, qpd, qph, qmd, qsd, rtf, scd, sdc, sdd, sdp, sdw, shw, sldx, sxc, sxd, sxp, sxw, t01, t02, t03, t04, t05, t06, t07, t08, t09, t98, t99, ta0, ta1, ta2, ta3, ta4, ta5, ta6, ta7, ta8, ta9, tax, tax2008, tex, texi, toc, tsv, tvl, txf, txt, wk1, wk3, wk4, wks, wp, wp5, wpd, wps, wri, xhtml, xlam, xls, xlsb, xlsm, xlsx, xltm, xltx, xml, xsf, xsn. As regards "sensitive folder types", LimeWire 5.2.8 does not and cannot share a user's "My Documents" folder, "Documents and Settings" folder, "Desktop" folder, or "C" drive. This means these folders cannot be shared even if the user tries to do so and that the settings preventing the sharing of these folders cannot be changed. As the Committee can see, the list of "sensitive file types" and "sensitive folder types" that are not shareable by default has grown considerably. This list is dynamic and responsive, built to be able to maintain user safety on an ongoing, updatable basis. And to be clear, LimeWire does not share Documents by default. The Report, Section (A)(1), p. 8 "LimeWire 5 now has a new dangerously ambiguous "share all" feature on major userinterfaces." In LimeWire 5.2.8 (production release date July 22, 2009), there is no "share" button, instead sharing is accomplished via clicking a file and placing into the "Public Shared list", or clicking a file and dragging it to the "Public Shared list" (for further details on how to share in LimeWire 5.2.8, see pp.1213, infra.). Also, the phrase "P2P Network" no longer exists, having been replaced with "the world". Where a user's computer has never had LimeWire installed, the
document (because merely changing the settings to allow document sharing does not automatically share any documents), upon upgrading to a more recent version of LimeWire 5.x, then those documents will be shared per the user's settings. In LimeWire 5.2, allowing Document sharing is accomplished by going to Tools > Options > My Files, and clicking "Configure" under the heading "Sharing" and at the end of the notice that "LimeWire is preventing you from unsafe searching and sharing" at which time a window popsup with the title "Unsafe File Sharing" along with the additional notice that "Enabling these settings makes you more prone to viruses and accidently sharing private documents. We strongly recommend you don't enable them." The user then affirmatively checks a box stating "Allow me to add Documents to my Public Shared list and share them with the world."
Page 10 of 21
following screen appears during the initial run of 5.2.8. In clear, layperson language this screen both explains the concept that placing a file into the LimeWire "Public Shared list" makes that file available "to the world", and allows the user to set their default sharing for downloaded files:
Where a user's computer previously had a prior version of LimeWire installed, the following screen appears during the initial run of 5.2.8. This screen also confirms previous sharing settings:
Page 11 of 21
Having explained the concept that "Files in your Public Shared list are shared with the world", the sharing interface is then presented to the user:
Further, in LimeWire 5.x up to 5.2.8, there was never a oneclick "share all" button that allowed sharing with the P2P network. Always the user had to highlight a category of file type, click "share" and then scroll and click "share all with the P2P Network". Mr. Sydnor's report did undercover a bug (see the Report, p.9, first paragraph). That bug has been fixed. Having informed the user that "Files in your Public Shared list are shared with the world" and shown the user where these settings can be altered, sharing is then accomplished via one of three methods: 5 The user highlighting "Library", right clicking the exact file in the "Library" the user wishes to share, and on the pulldown menu that follows, scrolling down to "Add to List", then click "Public Shared"; or The user highlighting "Library", clicking the exact file in the "Library" the user wishes to share, and dragging that file into "Public Shared" on the left side of the screen 6 ; or
5
In the event a user had a previous version of LimeWire on his/her computer, LimeWire 5.2 confirms his/her previously chosen sharing settings (see screen shot, bottom of page 11, supra.), and continues to share the files the user elected to share in the previous version. So, files may also be shared in this manner.
Page 12 of 21
The user dragging a file or folder from the user's computer into "Public Shared". Note here that dragging a folder into "Public Shared" results only in the informed and consented to sharing of the contents of that folder at the particular time it is dragged to "Public Shared". It is thus not the same concept as a "shared folder" because: 1) no file added to that folder at any later point in time will be shared with the P2P network by default; and 2) downloaded files will not by default be placed in any folder a user has dragged to "Public Shared". Further, in no event, even if the user has changed their default settings will dragging the contents of a folder into "Public Shared" result in the sharing of the Documents in that folder. In the event a user drags a folder into "Public Shared", the user is presented with a clear, easily understood information box asking which types of files in the folder the user wishes to share:
6
In all instance where a user shares a file from the Library by choosing a particular file and right clicking, the user can also select all files in the Library via Control+A and either right click and chose "Add to List" and then select "Public Shared", or drag the entirety of the selected files into "Public Shared".
Page 13 of 21
Also and viewable in the immediately preceding screen shots, in the "Public Shared" screen, always appearing at the bottom is the notice: "Files in this list are shared anonymously with the world. Learn More". Clicking "Learn More" links directly to a page stating: "Files that are in your Public Shared list are shared anonymously with the world. This means that files in this list are available to be downloaded by all other users of LimeWire and other file sharing programs worldwide. All files in your Public Shared list are shared anonymously. This means other file sharing programs or P2P Users who may access your shared files do not recognize you by your name, address or email address, rather they recognize the IP Address of your computer. File sharing programs communicate to other file sharing programs using a computer's IP Address." Even before 5.2.8, the "share" button in LimeWire versions 5.x up to 5.2.8 is not ambiguous and always required the user to click "share" and then select "share all with the P2P Network". Even assuming a user did do the above, Documents would not be shared unless a user changed his/her default settings, a very laborious process. See pp. 910, fn. 4; pp. 1516. The Report, Section (A)(2), p. 9 "The effects of LimeWire 5's "Share all" feature depend upon an obscure filesharing construct called "My Library." In LimeWire 5.2.8, "My Library" no longer exists. There is still a "Library", but LimeWire 5.2.8 leaves the library empty by default. Further, if a LimeWire 5.x but pre5.2.8 user was managing a folder in their "My Library", the LimeWire 5.2.8 "Library" will remove all files that were in the managed folder and which were not being shared. If a user has previously shared files with the P2P network with an earlier version of LimeWire, then LimeWire 5.2.8 will populate a user's "Library" and "Public Shared" list with those previously shared files. However, Document file types will not be shared, even if they were downloaded from the P2P network previously using an earlier version of LimeWire. However, if a user has gone through the process of changing their default settings in a LimeWire 5.x version (see pp. 910, fn. 4; pp. 1516) to allow document sharing, and did share documents (again, only ever following an affirmative act) with the P2P network, documents downloaded from the P2P network with a prior version of LimeWire 5.x will be also be put into the "Public Shared" list. In any event, there is nothing obscure about the concept of "My Library". Many popular software programs employ a "library" feature, including iPhoto, and Picasa. The Report, Section (A)(3), p. 12 "Users can reasonably disregard LimeWire 5's "warnings" and enable documentsharing." This comment is hard to understand indeed, a user can disregard the warnings in LimeWire 5.x and enable document sharing. But note that even after enabling Document sharing, Documents cannot be shared by sharing a folder: LimeWire will ignore Documents that exist in a folder a user shared even if Document sharing is enabled. Moreover, Documents added to that folder Page 14 of 21
later by a user are not automatically placed into the LimeWire or shared. In fact, even with Document sharing enabled, LimeWire will not even put the Documents within a folder into the LimeWire Library. LimeWire simply will not see the Documents and will ignore them for all purposes. In all instances where a user shares a Document, they must do so by clicking on that particular Document. And that is after and in addition to the use changing the default settings to allow Document sharing by doing the following: o o a user must go to Tools then Options, then under the warning "LimeWire is preventing you from unsafe searching and sharing" click "Configure", then ignore a second warning that, "Enabling these settings makes you more prone to viruses and accidently sharing private documents. We strongly recommend you don't enable them", then Affirmatively checks a box stating "Allow me to add Documents to my Public Shared list and share them with the world", then go back to his/her Library and affirmatively select a particular Document and place that particular Document in a list called "Public Shared", then disregards a third warning that popsup stating: "Warning: You are sharing Documents with the World. These Documents may contain personal information. Do you want to keep sharing Documents with the world?" (see screen shot on p. 16, supra), and then click "Continue Sharing". But, even at this point, if a user decides they do not want to share that particular Document, they are presented with the option to "Unshare All" at the click of one button. If the user chooses to "Unshare All", not only does LimeWire 5 unshares that Document, but reverts to the default settings that prohibited Document sharing in the first place:
o
o
o
o
o o
Page 15 of 21
If a user wants to share a Document after having selected "Unshare All", they must repeat the whole process over again. The Report, Section (B)(1), p. 14 "LimeWire 5 violates at least eight of the DCIA Best Practices (1) LimeWire 5 will share UserOriginated files by default." The implication created here is false. The Report states that LimeWire can share usergenerated files "if no version of LimeWire was installed on a user's computer when LimeWire 5 was installed." (Report, p. 15). The implication the Report seems to want to create is that LimeWire 5 will share usergenerated files if no version of LimeWire was ever installed on a user's computer. Such is not true: if no version of LimeWire was ever installed on a user's computer, in no instances will any files, UserGenerated or otherwise, be shared by default. If, as the Report states, "no version of LimeWire was installed on a user's computer when LimeWire 5 was installed" but there was previously a version of LimeWire installed on the user's computer, and that user shared files with the P2P network, then LimeWire 5 will assume that the user intended to share those files and wishes to continue doing so. This was the case with the example provided in the Report, but the Report failed to mention the previous installation and prior affirmative sharing done by the user. Even still, where a user had a 4.x version of LimeWire and elected to share files (including Documents), a later installed version of LimeWire 5.x will not share previously shared Documents. If a user had a version of LimeWire 5.x on their computer and changed their default settings to share Documents (see pp. 910, fn. 4, and pp. 1516, supra.) and shared Documents Page 16 of 21
(because merely changing the settings won't result in sharing without further affirmative action by the user), then a later installed 5.x version of LimeWire will continue to share those Documents. Again, the software assumes, with good reason, that sharing Documents in such circumstances was an intentional act by the user. Because LimeWire version 5.x will not by default share any files of any sort unless a user had a previous version of LimeWire on the same computer and chose to share files with the P2P network, one has to assume that Mr. Sydnor's screen shot showing "Sharing 1,244 files" is merely showing the 1,244 files Mr. Sydnor affirmatively undertook to share when using a previously installed version of LimeWire. The Report, Section (B)(2), p. 15 "LimeWire 5 will share thousands of UserOriginated Files without any clear, timely, and conspicuous plainlanguage warnings." This is false. All LimeWire 5.x versions require an affirmative act on the part of the user to share files. Versions 5.x up to 5.2.8 require a highlighting of a type of file category, then clicking "Share" then clicking "Share all with the P2P Network". For sharing in LimeWire 5.2.8, see p. 13, supra. In the event a user undertook those affirmative acts in an earlier version of 5.x, following reconfirmation of sharing settings, LimeWire 5.2.8 will continue to share previously shared files. The Report, Section (B)(3), p. 15 "LimeWire 5 shares "Sensitive File Types" by default." This is false. By default, LimeWire 5.x will not allow the sharing of Documents. Period. (See pp. 9 10, fn. 4; pp. 1516). Here, the Report creates confusion by redefining "sensitive file types" to include "Images, Audio and Video." (Report, pp. 1516). In so doing, Mr. Sydnor is defining as "sensitive" nearly 1 trillion files that the computing public have made available on the internet. 7 Further, the industry has never defined "sensitive file types" include "Images, Audio and/or Video." See the DCIA ISPG Voluntary Best Practices, which defines "Sensitive Files Types" as: "file types which are known to be associated with personal or sensitive data, for example, those with file extensions such as .doc or .xls in Windows Office, .pdf in Adobe, or the equivalent in other software programs." This is the definition the industry uses and this is the definition LimeWire uses. In any event, LimeWire does not share image, audio or video files by default, rather it permits the sharing of such files be default: only after the affirmative act of the user will LimeWire 5.x by share files. No files are shared by default for a new LimeWire user. 8
TechCrunch, April 7, 2009 (http://www.techcrunch.com/2009/04/07/whohasthemostphotosofthemallhint itisnotfacebook/). 8 To be clear, for a previous LimeWire user, those files (1) shared with the previous version will be reshared by LimeWire 5.x, and (2) non usergenerated files downloaded from the P2P network will be reshared by default. However, where previous sharing was with LimeWire version 4.x and included Documents, LimeWire 5.x will not reshare those Documents. Rather, 5.x will unshared Documents that were shared using 4.x.
7
Page 17 of 21
The Report, (B)(4), p. 17 "LimeWire 5 enables recursive sharing by default." This is misleading. Lime Wire 5.x does not share folders by default, there is no automatic sharing of folders, and indeed "folder" sharing as such is no longer a feature of LimeWire. Specifically, "folders" are not shared, rather the contents of a folder at a particular moment in time may be shared. This however is not a "shared folder" because 1) no file added to that folder at any later point in time will automatically be shared with the P2P network or even added to the LimeWire Library by default; and 2) downloaded files will not by default be placed in any such folder for resharing with the P2P network; 3) Documents in that folder will not be shared no matter if the user has enabled Document sharing or not. Further, in LimeWire 5.2.8, in no event will dragging the contents of a folder into "Public Shared" result in the sharing of the Documents in that folder. In addition, in LimeWire 5.2.8, an attempt to share all files in a folder triggers a screen asking specifically what file types from the folder the user wishes to share:
The Report, (B)(5), p. 18 "LimeWire 5 does not uninstall completely." This is also false. Uninstalling LimeWire by using the standard Add/Remove Program functionality completely removes the LimeWire software from a user's computer. Certain files that LimeWire used do remain on a user's computer. This is to ensure continuity of user intended functionality and is a common practice among software creators and/or distributors.
Page 18 of 21
This is data only. Uninstalling LimeWire using Add/Remove Program results in the 100% removal of the software. The Report, (B)(5), p. 19 "For example, I set up a test computer that had 1752 audio, image, and document files stored in various subfolders of its My Documents folder. I then confirmed that no version of LimeWire was installed on that computer, and then completed a default installation of LimeWire 5.1.3. 1752 files--including document files--were shared by default. Not only did a default installation of LimeWire 5 permit sharing of document files, it actually shared all of the document files in My Documents and its subfolders--with no input from, or warning to, the user, who certainly did not "affirmatively elect" to share document files, or any other files. LimeWire's challenge backfired because neither LimeWire 5 nor prior versions of LimeWire uninstall completely. As Usability and Privacy explained seven years ago: "[U]sers often work in shared computer settings, so it is quite possible for one user to change all the settings and another to know nothing about it." Consequently, a user installing LimeWire 5 might not know that a different user had once uninstalled an earlier version of LimeWire 5 because it had been misconfigured. That was the scenario underlying the testcomputer experiment just described." Again, the stated analysis leaves out myriad significant details and multiple steps a user must take to replicate the stated result and in so doing misinforms as to how LimeWire 5 actually works . The only clue the Report gives as to these missing details are found in the two sentences placed last: "Consequently, a user installing LimeWire 5 might not know that a different user had once uninstalled an earlier version of LimeWire 5 because it had been misconfigured. That was the scenario underlying the testcomputer experiment just described."(emphasis added). Here is what Mr. Sydnor had to do for his test to yield the sharing of Documents: o Install LimeWire 5.x, go to Tools>Options> Security and click Configure under the heading "Unsafe Categories" > o disregard the following warning, "We strongly recommend you do not enable these settings", and affirmatively check a box stating "Allow me to share documents with the P2P Network" > o click "O.K." in disregard for the following warning, "Enabling these settings make you more prone to viruses and accidentally sharing private documents", o and then go back to his computer's hard drive > o drag the files to his LimeWire "P2P Network" list > o then use "Add/Remove Program" to uninstall LimeWire > o then reinstall a version of LimeWire 5.x. o At that time, the newly installed LimeWire 5.x will resume sharing per the settings selected in the earlier installed 5.x. The software reasonably assumes that after all the above steps have been taken by the user, the user intended to share. With a user's upgrade from a 5.x to LimeWire 5.2.8, that user's P2P sharing settings are reconfirmed
Page 19 of 21
LimeWire 5.2.8 nonetheless improves on the issue by not allowing sharing of the "My Documents" folder, "Documents and Settings" folder, "Desktop" folder, or "C" drive. The Report, (B)(6), p.20 "LimeWire 5 does not require users upgrading from prior versions to "reconfirm" their "previously chosen sharing selections." LimeWire 5.2.8 reconfirms a user's sharing settings from a prior version and at the same time provides the user the information necessary to change those settings. See the immediately preceding screen shot. The Report, (B)(7), p. 21 "LimeWire 5 fails to warn users sharing more than 500 files." LimeWire 5 shows the user every file that the user is sharing. The VBPs were created in response to inadvertent sharing. Where sharing happens only after affirmative action by the user and where the event of a sharing is accompanied by clear and positive feedback to the user, by for example, clearly displaying all of the files that are being "shared with the world" by file name, such a warning is no longer called for. Thank you for the opportunity to provide these clarifications regarding the safety and security features of LimeWire 5. Page 20 of 21
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
