Yet ES5's business plan -- or lack of one -- has raised all sorts of questions and suspicions. Rumors abound about the company's motives. Many in the online file-trading community have speculated that ES5 is some sort of front for the RIAA and MPAA, engaging in a giant dragnet to snare unsuspecting sharers. Or that the network's list of trusted proxy servers are actually RIAA "honeypots," designed to snag users' IP addresses. Taylor adamantly denies these stories, and points out the volume of financial damages ES5 is inflicting on copyright holders. Likewise, the RIAA's Oppenheim scoffs at such rumors as "nonsense."

Worse for ES5's reputation, however, was a utility built into the software that wasn't readily apparent. When Kazaa-Lite author Shaun Garriock reverse-engineered ES5's software, he found a tool that allows the network to remotely delete files on users' systems. When he disclosed his findings, it caused quite a stink online. ES5 states that the functionality was built in so that it might remotely update users' software, and that it has since disabled the feature. However, the damage has already been done.

"The key to enabling any functionality that changes the user's software or computing base is to fully disclose said behavior," says security consultant and anonymity expert Len Sassaman, "so that the user is entirely aware of the actions of your software. When such functionality is stealthily introduced, it raises suspicions, warranted or not."

Yet the real question for ES5 users is: Are you really anonymous?

"So-called anonymizers have not worked. We are filing actions against individuals who use them," says Opppenheim. However, he concedes that the organization has taken no action against ES5 users thus far. "We haven't filed suit against Earth Station 5 users to date, but we have the ability to identify infringers on that network and reserve the right to do so at any time."

Shenanigans, replies Taylor. "You can't trust anything the RIAA says."

Since the RIAA won't comment on ongoing investigations, we can't know how it's accessing user data. One answer might be that some ES5 users aren't connecting to the network in "stealth" mode, the setting that hides a user's IP address. Another, more likely scenario, is that the RIAA has found a way to exploit the network of third-party proxy servers ES5 relies on to conceal its users' anonymity.

"Anonymity systems are extremely difficult to build," says Sassaman. "What they claim to have is a 'trusted proxy' system, where the user's anonymity is not verifiable, but relies on the proxy he is using being honest. Even if the proxy is honest, there are possible side-channel attacks which could result in leakage of information about the user."

"Unless you know who the proxy is," concurs Taylor, "you really don't know what's happening." He states that ES5 is in the process of releasing a new version of the application (which should be out by the time this article appears) that doesn't rely on proxy servers at all. But he won't say how it works. "We're not going to discuss that," he says, "and the reason we're not going to discuss that is because the bad boys read everything that's out there."

SharePro is equally circumspect on the details of the new network, even if he is adamant about its effectiveness. "We are releasing ... a new version that will change the entire P2P industry," he writes, "[with] the ability to forge your IP address and share/download. There is no way in hell that anybody can track you down using this protocol and there is no need for a proxy. It's like putting a letter in a public mailbox with a fake return address."

But what about the company itself? Isn't it subject to legal action by the RIAA?

"We saw that a court was willing to exercise jurisdiction over [Kazaa parent company Sharman Networks]," says Oppenheim, referring to a court decision in January that found that although the company was headquartered in Vanuatu, a Pacific Island state with no copyright agreements, it could still be sued in the U.S. based on its millions of American subscribers. "And underlying infringers are subject to enforcement here."

"They can try [to sue us in the United States]," laughs Taylor. "What are they going to do? Why don't they sue us in China? Let's say they did sue us and did win a judgment. What are they going to do, wipe their ass with it? How do they enforce it?"

And that does seem to be the question for the RIAA. Palestine is a unique place, but it isn't lawless. ES5 argues that it isn't breaking any laws, that as long as it doesn't violate any Palestinian copyrights, everything's kosher, so to speak. In Palestine, the company claims, all of its activities are entirely legal. This may or may not be true; it's certainly complicated by the unique legal status of the territories in the West Bank and the Gaza Strip.

According to legal experts Salon talked to, the Palestinian autonomous area is a trouble spot for Western copyright holders, but not a complete free-for-all zone. Israel has intellectual property agreements with the Palestinian Authority that provide TRIPS-level copyright protections between the two entities. At the very least, this would secure Israeli copyrights. Even more compelling, however, is a statute dating back to the time when the entire region was a British Possession, the 1911 Copyright Act, which the Palestinian Authority claims to adhere to. Stanford University law professor and copyright guru Lawrence Lessig concurs with the prevailing Western opinion that ES5 is violating the law.

"The RIAA is correct," says Lessig. "When someone downloads something in the U.S., that constitutes a violation in the U.S. So there is a U.S.-based wrong. They could get a default judgment against the Palestine-based P2P network, and then start foreign proceedings to try to get a judgment. But more likely is that they would get companies supplying bandwidth to stop supplying bandwidth. So whether or not it would be meaningless in Palestine, the RIAA can get effective justice just outside the border."

Or can it? Taylor and Kabir provided Salon with copies of numerous complaints sent to Speednet, the ISP listed on RIPE as ES5's access provider, from the MPAA, dating back to September. The company, however, remains online and untroubled. Taylor contends that under the 1996 agreement granting conditional authority to the Palestinian Territories, the Israeli government is obligated to provide Internet and communications access to the territories, and that the Palestinian Authority is of no mind to cut off ES5. Furthermore, he claims that ES5 has backup access, via satellites and other methods.

Yet whatever the truth of the matter is, and regardless of what the courts may decide, as long as the security situation in the Palestinian Territories is what it is, copyright enforcement will remain difficult for reasons that have nothing to do with international agreements, or the vagaries of an emerging legal system.

"A process server tried to serve papers one time," Taylor explains. "Supposedly, there were shots fired."

Recent Stories