Paul Butzi Photography

(I have changed my mind about some of what's written in this article. To preserve the record of the path I've followed, I'm leaving this untouched. Please, if you read this article, read this article as well)

Introduction

I've had this photography website running, in one form or another, since 1998. By some standards, this makes me a relative newcomer (Lloyd Erlick has had www.heylloyd.com since 1995, for instance), and in other ways, it makes me an old timer.

The great thing about the WWW is that it makes it fantastically easy to publish your work and get it out there where it can be seen. Web hosting prices have fallen to the point where quality web hosting, including domain registration, can be had for $100 US per year! However, this is a double edge sword, because the scumbags enjoy the same relative ease, are always on the lookout for content, and have no compunction about stealing your stuff to line their pockets.

In any case, it seems that times they are a'changing. Lately I've been discovering more and more places where people have ripped off material from my website and are using it without permission. Images lifted, entire articles lifted - you name it. And so I've stepped up my efforts at protecting my stuff.

And, I've got to tell you, just learning how to protect your copyrighted stuff is a significant pain in the butt. Actually taking the steps to protect it is also a significant pain in the butt. And, when that's the case, there's only one thing you can do - share your hard-earned lessons with the rest of the web community.

What follows is just that - my lessons learned in dealing with copyright violations on the web.

Rip-off #1 - framing

One way they can rip off your content is to simply build a web site that 'frames' your website - that is, it contains your website inside a 'frame' in the browser window. Usually the scumbag will then have other frames that display advertising, etc. The scumbag gets to sell the advertising, you get nothing, and the viewer sees both your content and the ads. Neat trick, eh?

The easy way to detect this is by examining the logs for your website, examining the referring URL for each hit. I do this on a Linux machine, where I've written some simple tools that search over each day's log, and display each unique referring URL along with the page that was requested. This makes it pretty easy to spot someone who's framing your site.

Amazingly, this particular rip-off seems to be on the outs. I had several incidents of this early on, but I guess that the abuse was so egregious, everyone is on the lookout and the payoff is now small. I don't think it's happened to me in a couple of years. If you run into a persistent problem with this, you can add code to your web pages to 'pop out of frames' whenever someone visits your site from a framing site.

Rip-off #2 - Deep Links

Suppose that someone searches (using a service like Google Image Search) for an image, and ends up finding it on your site. "Aha!", they exclaim, "I can use this image, and I don't even have to pay for storage or bandwidth!"

What they do is this: in their web site, they simply insert a link to the image on your website. When someone browsed their site, the viewer's browser sees the link to the image, and promptly fetches it from your server! Not only does the rip-off artist get to use your image, you pay the storage and bandwidth costs to serve the requests that are coming from people viewing his page!

Now, the actual legal status of deep linking is unclear. That doesn't matter, because what the rip-off artist has forgotten is that while he can deep-link to the image on your page, you still control what's served up at that URL.

So here's what I do - I have a little bit of software that runs over the access logs for my website, looking for any time an image file is requested and the referring URL is from outside www.butzi.net. That is, if someone's browser requests the file rock-scissors-paper.jpg and the referring URL is not the html file on my website that I expect, I know that someone is deep-linked to that image.

At this point, I usually use the referring URL to find the offending web site, and send them email asking them to stop. This works about 5% of the time, because usually the deep link is in some discussion forum frequented by hormone-crazed half-witted teenagers, and the forum moderators just don't give a damn.

The second step is this - I just replace the image. First, I move the real image to another URL, and adjust the links to the image on my web site to point to the new location. At this point, the rip-off artist is screwed, because the image he originally wanted is gone. We can go farther, however, and put a new image at the old URL. That is, I replace the original image with one like this:

And so on the rip-off artist's web site, what used to be a nice photograph of a Leica M6 suddenly becomes an embarrassment. Naturally, there are refinements. One good way to deal with deep linking in discussion forums is to replace the image with one that's just humongous - say, 30000 pixels wide, and 30000 pixels long, so as to make it take a LONG time for the viewer to scroll past the image. If you crank up the compression, such an image can even reside in a surprisingly small file. Wide images also mess up the formatting on some discussion forums, another nice feature of this technique.

Delightful, eh? Who'd have thought that teaching lowlife scumbags a lesson could be so fun?

Rip-off #3 - Google Image Search

The Google search service is great. Not only do I think it's the best web search engine available, it also delivers quite a few viewers to my web site. But I sure don't much care for the Google Image search, because

They cache the image. Sorry, guys, I have a copyright to that image, so I think you shouldn't have it on your service. Still, the courts seem to be ruling in the favor of this as 'fair use' so I guess we're stuck. Still, you can EXCLUDE your images from the image search service by including lines in your robots.txt file. I handle this by putting all the image files in directories just for images, and then excluding the Google search 'bot (Googlebot) from those directories. In fact, I exclude ALL robots from those directories.
If you have an image cached in their image search service, you can rest assured that the majority of the users of the search service are people looking to violate someone's copyright. Google warns people that 'images may be copyrighted' when in fact, every image on the planet is copyrighted the instant its made. Trust me, if your images are in the Google image search database, people will rip them off. Period.

Google aren't the only image search - there are more. That's ok. Just make sure you learn about robots.txt and exclude them all from any directory where you have an image.

The good news is that it's pretty easy to detect. The search services don't want to pay for the huge amount of storage that they would need to store all those images full size, so they just use 'thumbnails', smaller versions. Then they point the user to the full size image on your website, as if saying "Well, we only have this little dinky version. If you want to steal the real BIG version, go here!" Now, when someone clicks through that link, you'll see the referring URL indicate the page from the search service. When you see that, you've got'em! Aren't those referring URL's in the log handy?

All the other rip-offs

At last, we come to the hard cases - where someone has actually made a copy of your content. The difficulty here is that it can be damn difficult to detect. Digital Watermarking outfits like Digimarc offer services where you insert digital watermarks in your content, and their service (which you pay for) will run around the web searching for violations. Expensive.

Often, people will send you email about violations. Surprisingly, this happens for me fairly often.

Amazingly, often the violator himself will tip you off - by either including the copyright notice (or even just your name) or by including a link to the original material. The former can be found using a search engine like Google; the latter can be detected when someone clicks through the link and you see the referring URL in your logs.

Notification

Naturally, when someone violates your copyright and steals your content, you want to let them know they've been caught and you want to tell them to stop.

I've tried different sorts of notifications, ranging from very hostile through fairly polite. The first few times you send off that notification email, it feels pretty good to be pretty hostile, but I'm finding that it's less and less satisfying. I now save hostility for the second notice.

It's probably worth putting together a standard notification. If you do, I suggest that you make it conform to the notice required by the DMCA, so that you're fulfilling your legal requirements under the DMCA and can take legal action. That, plus any notice which conforms to (and mentions) the requirements of the DMCA will probably do more to motivate the offender than any amount of irate name-calling.

The Digital Millennium Copyright Act (DMCA) and You

Now, often, you'll find that the purloined material will actually be posted to some discussion forum (like www.photo.net, for instance, which harbored a guy who violated my copyright recently). In that case, the actual identity of the offender is hidden to you, and you're forced to send the notice to the folks who maintain the website/forum. And when you do that, they're immediately going to claim that they're not to blame, because they are what the DMCA calls a 'safe harbor' - that is, they didn't post the violating material, they just run the web site.

And what I've found is this: there are requirements for anyone who wants to claim 'safe harbor' under the DMCA. Those requirements are:

They must not have any knowledge of the illegal activity (unauthorized use), and they must derive no financial benefit from it.
They must provide proper notification of their policies regarding copyright infringement and repeat offenders to their subscribers
They must provide an agent to deal with copyright infringement claims. The contact information for this agent must be registered with the copyright office and must be made available on the website.
They must follow specific procedures regarding notification and takedown of infringing materials

Failure on ANY of these points means that they can't claim 'safe harbor' under the DMCA. So far, no place that I've detected which has stuff which infringes on my copyrights has actually qualified as a safe harbor under the DMCA.

Anyway, a good source of info on the DMCA safe harbor provisions is at http://www.chillingeffects.org/dmca512

Now, the DMCA also lists the stuff you must have in your notification of a violation. You must include:

Your name, address, and signature
the location [URL] of material you claim infringes, along with enough information to identify it.
A statement that you have a good faith belief that there is no legal basis for the use of the materials you have identified
A statement that, under penalty of perjury, you are the owner or are authorized to act for the owner of the copyright.

so, from now on, my notifications will look like this:

Sender Information:
<my address>

Recipient Information:
<address of offender or agent>

Re: DMCA Copyright Infringement Notification
Dear Registered Agent:
I am writing to provide you legal notice that material on your website infringes on my copyright.

The infringing material can be found on your website at:
    * [URL of material]

    * [URL of more material, etc.]

For identification purposes, a copy of the infringing material can be found at:

    * [URL on my web site where the material resides]

As required by the provisions of the Digital Millennium Copyright Act, this letter serves as an official notification to you to remove the infringing material.
Please be advised that by law, if you wish to claim "safe harbor" status under the DMCA, you must "expeditiously remove or disable access to" the infringing material upon receiving this notice. Noncompliance will result in a loss of immunity under the 'safe harbor' provisions of the DMCA.

I have a good faith belief that use of the material described above is not authorized by the copyright holder (me), my licensing representatives, or the law.
I hereby swear under penalty of perjury that I am the owner of the copyright to this material and am thus authorized to act in all matters pertaining to notification of infringement, and that all information in this notice is correct.

Please send to me prompt response indicating the actions you have taken to resolve this matter. I am sure that we both wish to see this matter resolved swiftly and without litigation.
Very truly yours,
Paul Butzi

<address>

Note - I am not a lawyer. All I've done is find some stuff on the web, and prepare this little document. I believe it serves the purpose, but doubtless, a lawyer could improve it. Indeed, if you're a lawyer and see possible improvements, please let me know!

Lawsuits and alternatives

I admit it, the temptation to sue the knickers off these bozos is nearly beyond enduring. But before you do, consider the alternative - smear their reputation. Consider this: these days, when someone is about do to business with a firm they found on the internet, or even just hire someone, they usually fire up Google (or some other search engine) and type in their name.

Suppose, just for laughs, that your website is reasonably well ranked by the search engines. If you add a page to your website that includes the bozo's name, address, phone number, along with the rude email he sent you, those business or employment prospects will find your page right at the top of the pages returned. I first adopted this tactic when confronted with the theft of an image by one Mauro R. Mattei, and you can see the results of a search for 'Mauro R. Mattei' here. As of the time I wrote this, this returned my Hall of Shame as the top hit. This has apparently caused considerable heartbreak for Mr. Mattei.

Naturally, I don't suggest that you bend the truth at all. First, if you do, you're treading in dangerous waters, for there lurks the dreaded charge of libel. Second, it isn't really needed - most of the scumbags are so scummy that there's no need to exaggerate to make them look bad.

Remember when I said that making the notice of infringement vitriolic was gratifying at first, and then fades? Well, this one doesn't fade. Mr. Mattei, the first to land on my Hall of Shame, has several times requested that I delete his entry. Each time, I suggest that he compensate me for the unauthorized use of my image. So far, he hasn't paid up, and so far, he's still having to live with the fact that when someone types his name into Google, they get to read about how he stole my photo before they see anything else.

Bottom line

What it boils down to is this:

You need to take on the task of hunting down places where miscreants are using your intellectual property without your permission. No one else is going to do it for you, unless you pay them.
The primary way to find out about most infringements is by carefully examining the logs generated by the server that is serving up your web site. If you aren't currently getting log files, you need to arrange to get them on a regular basis. Log files are available in a variety of formats, and you need to get them in a format that will give you, at a minimum, the time and date of the HTTP request, the URL of the requested page, the IP address of the machine that made the request, and the 'referring URL'.
If your web site handles much traffic, you're going to need some assistance to go through the logs for each day. My web site generates daily log files that are about half a megabyte long. That's too long to review by hand, so I wrote a little bit of software to do it. If you can't write software, there are commercial packages out there that you can buy, I suppose.
When you find an infringement, don't bother with insults. Blowing off steam feels good the first few times but the pleasure fades. Instead, develop a standard complaint form that matches the requirements of your main weapon, the Digital Millennium Copyright Act. Use that form each time; it will cut the effort and preserve your legal options.
Remember that the internet and the WWW offer alternatives to legal action. See the Hall of Shame for an example.
Keep perspective. I know it's annoying when someone rips you off. It's easy to let it ruin your day. Try not to let that happen.

Copyright infringement and Your Website