If you were around in the late 90s and early 2000s, you'll remember that it seemed ordinary people were being sued every day by the Recording Industry Association of America (RIAA) for downloading music from Napster, Morpheus, Kazaa, and BitTorrent. Later the Motion Picture Association of America (MPAA) got in on the act. The problem was that these suits were often mistargeted. One of the best examples was a suit against an older woman who did not own a computer capable of running any of the file-sharing services. Now, we are seeing similar situations happening with the DMCA, but these are mistargeted on purpose.
Take, for example, Reddit user u/NateNate60. He recently posted about an email he received from his ISP Comcast. They said he had received a DMCA copyright violation notice for downloading software via BitTorrent. But, there are a number of issues with this DMCA notice. The first is that the software he downloaded and is being accused of pirating was Ubuntu Linux. That version is allowed to be in any way, including via BitTorrent. The second issue is that the torrent he was using was the official one provided by Ubuntu themselves. The third and most important is that the organization listed as the complainant did not send the complaint.
The way BitTorrent works is, while you are downloading a file, it also means you are sharing it. While you are sharing a file, your public IP address is broadcast so that other clients can connect and download it. That does expose your identity to others, however, including organizations who might be looking to protect their own IP. But, after research conducted by Ars Technica, that was not the case here. The complainant, OpSecSecurity, did not file the complaint.
So, what happened? Someone obviously made a false DMCA claim against a legit torrent. But, why would someone do that? One reason why this happens (and it happens more than one might think) is because of the process that is required to counter-claim. If you have ever had to file a counter-claim under DMCA, you know that it requires a ton of personally identifiable information, including name, address, and phone number. This process exposes a lot more information than downloading a torrent file, and can be used for a lawsuit.
While this download did not violate any laws, a claim cannot be validated by the ISP, unless they want to lose their immunity under Section 230. So, Comcast was forced to send this nonsense request through. And, any possible punishment stemming from the notice can only be dismissed by releasing this information to the complainant, who is not who they say it is. Once the complainant has that information, they can use that to file suit over something completely unrelated to the original complaint.
The majority of this issue, as is the norm, comes from a lack of understanding of the effects of a law by legislators. When you create rules, you create a game. With any game, some players are better than others, and some know how to exploit poor rules to their own advantage. In this case, someone used the poor rules in the DMCA process to force someone to expose their personal details in order to attack on another front.
The problem, of course, is that filing a fraudulent DMCA notice is illegal. But, proving that it is illegitimate is more difficult than giving in and filing the counter-claim. All of this was made possible because the public IP address was the one connected to the ISP. This is yet another reason why a VPN is essential.