decoration decoration
Stories

GROKLAW
When you want to know more...
decoration
For layout only
Home
Archives
Site Map
Search
About Groklaw
Awards
Legal Research
Timelines
ApplevSamsung
ApplevSamsung p.2
ArchiveExplorer
Autozone
Bilski
Cases
Cast: Lawyers
Comes v. MS
Contracts/Documents
Courts
DRM
Gordon v MS
GPL
Grokdoc
HTML How To
IPI v RH
IV v. Google
Legal Docs
Lodsys
MS Litigations
MSvB&N
News Picks
Novell v. MS
Novell-MS Deal
ODF/OOXML
OOXML Appeals
OraclevGoogle
Patents
ProjectMonterey
Psystar
Quote Database
Red Hat v SCO
Salus Book
SCEA v Hotz
SCO Appeals
SCO Bankruptcy
SCO Financials
SCO Overview
SCO v IBM
SCO v Novell
SCO:Soup2Nuts
SCOsource
Sean Daly
Software Patents
Switch to Linux
Transcripts
Unix Books
Your contributions keep Groklaw going.
To donate to Groklaw 2.0:

Groklaw Gear

Click here to send an email to the editor of this weblog.


Contact PJ

Click here to email PJ. You won't find me on Facebook Donate Paypal


User Functions

Username:

Password:

Don't have an account yet? Sign up as a New User

No Legal Advice

The information on Groklaw is not intended to constitute legal advice. While Mark is a lawyer and he has asked other lawyers and law students to contribute articles, all of these articles are offered to help educate, not to provide specific legal advice. They are not your lawyers.

Here's Groklaw's comments policy.


What's New

STORIES
No new stories

COMMENTS last 48 hrs
No new comments


Sponsors

Hosting:
hosted by ibiblio

On servers donated to ibiblio by AMD.

Webmaster
A Lawyer Would Like to Pick Your Brain Once Again
Monday, July 02 2007 @ 04:51 PM EDT

Ray Beckerman of The Recording Industry vs. The People would like to ask you to look at a declaration that the RIAA has filed with the court in the case of Arista v. The Does -- the Does are college kids in Boston. Is what this declaration tells the court technically valid? Here's his request:
Is RIAA's Linares Affidavit Technically Valid?

In support of its ex parte, "John Doe", discovery applications against college students, the RIAA has been using a declaration by its "Anti-Piracy" Vice President Carlos Linares" (pdf) to show the Judge that it has a good copyright infringement case against the "John Does". A Boston University student has challenged the validity of Mr. Linares's declaration, and the RIAA is fighting back. Would appreciate the Groklaw community's take on the validity of Mr. Linares's "science".

So, have at it, if you wish to lend a hand and this is an area you are qualified to analyze. It's about MediaSentry again. You'll remember the earlier request about that, which he found helpful. I guess this is happening often enough I should set up a new topic for such requests, Pick Your Brain.

I thought it would be a breeze to provide the text, but the PDF seems to have anti-me-doing-so properties, as only some words copy properly and others don't. It is infuriatingly idiotic, but I'm doing it by hand to fill in the blanks. Here's what I have so far:

***********************

EXHIBIT A

UNITED STATES DISTRICT COURT
DISTRICT OF MASSACHUSETTS

No ARISTA RECORDS, INC., a California corporation,
UMG RECORDINGS, INC., a Delaware
corporation; BMG MUSIC, a New York general
partnership; CAPITOL RECORDS, INC., a
Delaware corporation; SONY BMG MUSIC
ENTERTAINMENT, a Delaware general
partnership; MOTOWN RECORD
COMPANY, L.P., a California limited
partnership; MAVERICK RECORDING
COMPANY, a California joint venture;
ELEKTRA ENTERTAINMENT GROUP INC.,
a Delaware corporation; LAFACE RECORDS
LLC, a Delaware limited liability company; and
INTERSCOPE RECORDS, a California general
partnership,

Plaintiffrs,

v.

DOES 1-21,

Defendants.

_____________________

CIVIL ACTION No.

____________________

DECLARATION OF CARLOS LINARES IN SUPPORT OF EX PARTE APPLICATION
FOR LEAVE TO TAKE IMMEDIATE DISCOVERY

I, Carlos Linares, have personal knowledge of the facts stated below and, under penalty of perjury, hereby declare:

1. I am Vice President, Anti-Piracy Legal Affairs for the Recording Industry Association of America, Inc. ("RIAA"), where I have been employed over six years. My office located at [redacted]. I submit this Declaration in support of Plaintiffs' Ex Parte Application for Leave to Take Immediate Discovery.

2. As Vice President, Anti-Piracy Legal Affairs, I am responsible for evaluating and contributing to online strategies for the RIAA, including oversight of the investigations into online infringement of copyrighted sound recordings. As such, this Declaration is based on my personal knowledge, and if called upon to do so, I would be prepared to testify as to its truth and accuracy.

The The RIAAs Role in Protecting Its Member Recording Industry Companies From Copyright Infringement

3. The RIAA is a not-for-profit trade organization whose member record companies create, manufacture, and/or distribute approximately ninety percent of all legitimate sound recordings produced and sold in United States. The RIAA's member record companies comprise the most vibrant national music industry in the world. A critical part of the RIAA's mission is to assist its member companies in protecting their intellectual property in the United States and in fighting against online and other forms of piracy. All of the Plaintiffs in this action are members of the RIAA.

4. As part of that process, the RIAA, on behalf of its members, retains a variety of services from outside vendors to assist with its investigation of the unauthorized reproduction and distribution of copyrighted sound recordings online.

2

The Internet and Music Piracy

5. The Internet is a vast collection of interconnected computers and computer networks that communicate with each other. It allows hundreds of millions of people around the world to communicate freely and easily and to exchange ideas and information, including academic research, literary works, financial data, music, movies, graphics, and an unending and ever-changing array of other data. Unfortunately, the Internet also has afforded opportunities for the wide-scale piracy of copyrighted sound recordings and musical compositions. Once a sound recording has been transformed into an unsecured digital format, it can be copied further and distributed an unlimited of times over the Internet, without significant degradation in sound quality.

6. Much of the unlawful distribution of copyrighted sound recordings over the Internet occurs via "peer-to-peer" ("P2P") file copying or so-called online media distribution systems. The most notorious example of such a system was Napster, which was enjoined by a federal court. Notwithstanding the court's decision enjoining Napster, similar online media systems emerged and attempted to capitalize on the growing illegal market that Napster fostered. These included KaZaA, eDonkey, iMesh, Ares, BitTorrent, DirectConnect, and Gnutella, among others. To this day, some P2P networks continue to operate and to facilitate widespread copyright piracy. At any given moment, millions of people illegally use online media distribution systems to upload or download copyrighted material.

7. P2P networks, at least in their most popular form, refer to computer systems or processes that enable Internet users to: (1) make files (including audio recordings) stored on a computer available for copying by other users; (2) search for files stored on other users' computers; and (3) transfer exact copies of files from one computer another via the

3

Internet. P2P networks enable users who otherwise would have no connection with, or knowledge of, each other to offer to each other for distribution and copying files off of their personal computers, to provide a sophisticated search mechanism by which users can locate these files for downloading, and to provide a means of effecting downloads.

8. The major record companies generally have not authorized their copyrighted sound recordings to be copied or distributed in unsecured formats by means of P2P networks. Thus, the vast majority of the content that is copied and distributed on P2P networks is unauthorized the copyright owner -- that is, the distribution violates the copyright laws.

9. The scope of online piracy of copyrighted works cannot be underestimated. The RIAA member companies lose significant revenues on an annual basis due to the millions of unauthorized downloads and uploads of well-known recordings that are distributed on P2P networks by infringers who, in virtually all cases, have the ability to maintain their anonymity to all but the Internet Service Provider ("ISP") they use to supply them with access to the Internet.

10. The persons who commit infringements by using the P2P networks are, by and large, anonymous to Plaintiffs. A person who logs on to a P2P network is free to use any alias (or computer name) whatsoever, without revealing his or her true identity to other users. Thus, Plaintiffs can observe the infringement occurring on the Internet, but do not know the true names or mailing addresses of those individuals who are committing the infringement.

The RIAA's Identification of Copyright Infringers

11. In order to assist its members in combating copyright piracy, the RIAA retained a third-party investigator, MediaSentry, Inc. ("MediaSentry"), to conduct searches of the Internet, as well as file-copying services, for infringing copies of sound recordings whose

3

copyrights are owned by RIAA members. A search can be as simple as logging onto a P2P network and examining what files are being offered to others logged onto the network. In gathering evidence of copyright infringement, MediaSentry uses the same functionalities that are built into P2P programs that any user of the software can use on the network.

12. Users of P2P networks who distribute files over a network can be identified by using Internet Protocol {"IP") addresses because the unique IP address of the computer offering the files for distribution can be captured by another user during a search or a file transfer. Users of P2P networks can be identified by their IP addresses because each computer or network device (such as a router) that connects to a P2P network must have a unique IP address within the Internet to deliver files from one computer or network device to another. Two computers cannot effectively function if they are connected to the Internet with the same IP address at the same time. This is analogous to the telephone system where each location has a unique number. For example, in a particular home, there may be three or four different telephones, but only one call can be placed at a time to or from that home. Each computer or network device is connected to a network that is administered by an organization like a business, ISP, college, or university. Each network, in turn, is analogous to an area code. The network provider maintains a log of IP address allocations. An IP address can be associated with an organization like an ISP, business, college or university, and that organization can identify the P2P network user associated with the specified IP address.

13. MediaSentry finds individuals using P2P networks to share music files over the Internet. Just as any other user on the same P2P networks as these individuals would be able to do, MediaSentry is able to detect the infringement of copyrighted and works and identify the

4

users IP addresses because the P2P software being used by those individuals has file-sharing features enabled.

14. For each suspected infringer, MediaSentry downloads a number of the music files that the individual is offering to other users on the P2P network. Those music files for each such individual are listed in Exhibit A to the Complaint. MediaSentry assigns an identification number to each individual for which it detects copyright infringement and gathers additional evidence for each individual, such as metadata accompanying each file being disseminated that demonstrates that the user is engaged in copyright infringement. That evidence includes download data files that show for each music file the source IP address, user logs that include a complete listing of all files in the individual's share folder at the time, and additional data that track the movement of the files through the Internet.

15. After MediaSentry collects the evidence of infringement, the RIAA engages in a painstaking process to verify whether each individual was infringing. That process relies on human review of the evidence supporting the allegation of infringement. For each suspected infringer, the RIAA reviews a listing of the music files that the user has offered for download by others from his or her computer in order to determine whether they appear to be copyrighted sound recordings. The RIAA also listens to the downloaded music files from these users in order to confirm that they are, indeed, illegal copies of sound recordings whose copyrights are owned RIAA members. Exhibit A to the Complaint lists the details of these downloaded music files. In my role as Vice President, Anti-Piracy, I provide oversight over the review of the lists contained in Exhibit A to the Complaint and hereby attest to the veracity of those lists. The RIAA also reviews the other evidence collected by MediaSentry.

5

The Subpoena Process to Identify Copyright Infringers

16. The RIAA frequently has used the subpoena processes of Federal Rule of Civil Procedure 45 and the Digital Millenium Copyright Act ("DMCA") to obtain the names of infringers from ISPs. The RIAA typically has included in their subpoenas to ISPs an IP address and on which through its agent MediaSentry observed use of the IP address and a date and time on which the RIAA, through its agent, MediaSentry, observed use of the IP address in connection with allegedly infringing activity. In some instances, providing the IP address alone to the ISP has been enough to enable the ISP to identify the infringer. Providing the date and time further assists some ISPs in identifying infringers, especially ISPs that use "dynamic IP addressing" such that a single computer may be assigned different IP addresses at different times, including, for example, each time it logs into the Internet. 1

Once provided with the IP address, plus the date and time of the infringing activity, the infringer's ISP quickly and easily can identify the computer from which the infringement occurred (and the name and address of the subscriber that controls that computer), sometimes within matter of minutes.

17. Since 1998, the RIAA and others have used subpoenas thousands of times to learn the names, addresses, telephone numbers, and e-mail addresses of infringers for the purpose of bringing legal actions against those infringers. During recent litigation with Verizon (an ISP) relating to the DMCA process, Verizon conceded that, as an alternative to the DMCA process, Plaintiffs could file the "Doe" lawsuits and issue Rule 45 subpoenas to ISPs to obtain the true identities of infringing subscribers.

6

The RIAA's Identification of Infringers in This Case

18. In the ordinary course of investigating online copyright infringement, the RIAA became aware that Defendants were offering files for download on various P2P networks. The user-defined author and title of the files offered for download by each Defendant suggested that many were copyrighted sound recordings being disseminated without the authorization of the copyright owners. The RIAA downloaded and listened to a representative sample of the music files being offered for download by each Defendant and was able to confirm that the files each Defendant was offering for distribution were illegal copies of sound recordings whose copyrights are owned by RIAA members. The RIAA also recorded the time and date at which the infringing activity was observed and the IP address assigned to each Defenant at the time. See Complaint Exhibit A. The RIAA could not, however, determine the physical location of the users or their identities. The RIAA could determine that Defendants were all using Boston University internet service to distribute and make available for distribution all the copyrighted files.

19. The RIAA also has collected for each Defendant a list of the files each Defendant has made available for distribution to the public. These lists often show thousands of files, many of which are sound recording (MP3) files that are owned by, or exclusively licensed to, Plaintiffs. Because of the voluminous nature of the lists, and in an effort not to overburden the Court with paper, I have not attached to this Declaration those lists. Such lists will be made available to the Court upon request. Exhibit A to the Complaint includes the username of the infringer if that was available, the identification number assigned by MediaSentry for that Defendant, and the number of audio files that were being shared by Defendant at the time that the RIAA's agent, MediaSentry, observed the infringing activity.

7

The Importance of Expedited Discovery in This Case

20. Obtaining the identity of copyright infringers on an expedited basis is critical to stopping the piracy of the RIAA members' copyrighted works.

21. First, every day that copyrighted material is disseminated without the authorization of the copyright owner, the copyright owner is economically harmed. Prompt identification of infringers is necessary in order for copyright owners to take quick action to stop unlawful and dissemination of their works and minimize their economic loss.

22. Second, infringement often occurs with respect to sound recordings that have not yet been distributed publicly. Such infringement inflicts great harm on the initial market for new works. New recordings generally earn a significant portion of their revenue when they are first released, and copyright piracy during a recording's pre-release or early release period deprives copyright owners of an important opportunity to reap the benefits of their labor.

23. Third, without expedited discovery, Plaintiffs have no way of serving Defendants with the complaint and summons in this case. Plaintiffs do not have Defendants' names or addresses, nor do have an e-mail address for Defendants.

24. Fourth, and perhaps most critically, ISPs have different policies pertaining to the length of time they preserve "logs" which identify their users. ISPs keep log files of their user activities for only limited periods of time -- which can range from as short as a few days, to a few months -- before erasing the data they contain. If an ISP does not respond expeditiously to a discovery request, the identification information in the ISP's logs may be erased, making it impossible for the ISP to determine the identity of the infringer and eliminating the copyright owner's ability to take action to stop the infringement.

8

[This page intentionally left blank.]

9

I declare under penalty of perjury under the laws of the United States that the foregoing is true and correct.

Executed on April 26, 2007 in Washington, D.C.

__[signature]___
Carlos Linares

10


  


A Lawyer Would Like to Pick Your Brain Once Again | 499 comments | Create New Account
Comments belong to whoever posts them. Please notify us of inappropriate comments.
Corrections here
Authored by: MathFox on Monday, July 02 2007 @ 05:11 PM EDT
neatly in one thread

---
If an axiomatic system can be proven to be consistent and complete from within
itself, then it is inconsistent.

[ Reply to This | # ]

Point 8 - P2P is illegal
Authored by: MathFox on Monday, July 02 2007 @ 05:21 PM EDT
the vast majority of the content that is copied and distributed on P2P networks is unauthorized by the copyright owner.
My experience is that especially Bittorrent is very often used for legal distribution of Open Source software... Are there reliable statistics on legal vs. illegal Bittorrent use?

---
If an axiomatic system can be proven to be consistent and complete from within itself, then it is inconsistent.

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 05:26 PM EDT
"Two computers cannot effectively function if are connected to the Internet
with same IP address at the same time"

If two computers are behind a router, don't they effectively have the same IP
address at the same time?

[ Reply to This | # ]

Flawed telephone analogy
Authored by: Anonymous on Monday, July 02 2007 @ 05:27 PM EDT
I'd say that the "Unique IP address is like a telephone number"
analogy is flawed.

1. Unlike telephone numbers, IP number may be changed and re-assigned by the
service provider at any time without the end-user knowing about it. Only the
time synchronization of the logging server(s) and the address assignment
server(s) ensure that the IP address logged to be assigned to John Doe at a
certain moment, actually is.

2. Unlike the explanation, certain IP address ranges can be used multiple times.
When someone uses a home network, the internal network is usually using a
'private' range which is translated to the single ISP-assigned IP address at the
router. There's no way to tell from the outside which internal address is being
used behind the router. There's also no way to prove that someone hasn't tapped
into such an internal network range, most likely through an insecure wireless
access point.

3. There are ISP's who use the same internal/external range translation for all
of their customers. In that case only the ISP has a set of official and unique
IP addresses, their customers get an internal address. The ISP is analogous to a
telephone PBX where the internal 'phones' can not be dialed directly from the
outside.

4. The text claims only one call per phone line is possible. I have ISDN and I
can have two simultaneous calls on the same number, or on one of three alternate
numbers on the same line.

HTH...

[ Reply to This | # ]

Off topic
Authored by: ankylosaurus on Monday, July 02 2007 @ 05:27 PM EDT
Please make links clickable - remembering to post in HTML and follow the
guidelines on the 'Post a Comment' page.

---
The Dinosaur with a Club at the End of its Tail

[ Reply to This | # ]

Ananology of telephone extensions over simplification
Authored by: atheist on Monday, July 02 2007 @ 05:29 PM EDT
There is scope for spoofing,
compromised machines
unsecured wireless connections
etc

Most pc users have little idea of the consequences of, for example, kazaa.

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 05:32 PM EDT
12. Is wrong or at least not accurate.

IP adres doesn't identify the user and not even a unique computer. For example
if multiple computers are connected to the same proxy or gateway they can have
all the same IP adress.

IP address is not allways unique. Only computers directly connected to the
internet must be unique.

But still it doesn't identify the user, but can sometimes identify the computer,
but not the person who is using it.

What is missing is the exact procedure mediasentry has taken to collect the
data. Have they included the downloaded files? Can the procedure be verified?


[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 05:32 PM EDT
"This is analogous to the telephone system where each location
has a unique number"

If we are using analogies, aren't the ip addresses that media sentry collect
analogous to caller id, which can be easily faked, and provide no guarantee that
who ever is calling is actually calling from the number that is being displayed?

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 05:37 PM EDT
MediaSentry got some press here:

http://www.groklaw.net/article.php?story=20070302073736822#c542974

We just turf it out again. Does it need to be attacked.

Basic thing, it does not put a user at a keyboard, the best it can do is match a
mac address (an ethernet card) to an ip maybe, but these can be reprogrammed on
some cards - work it out. It is not a UID (unique identifier), therefore it is
not pointing at one person, more like some finger waving in a general direction,
those people there, rather than that person there.
IANAL, but I do read about terms of art a little. :)

I have gotten a gnu sense of fun.

[ Reply to This | # ]

22 - unpublished records
Authored by: MathFox on Monday, July 02 2007 @ 05:38 PM EDT
Second, infringement often occurs with respect to sound recordings that have not yet been distributed publicly. Such infringement inflicts great harm on the initial market for new works.
At first I wonder why the RIAA members don't take measures against people that leak those songs... Or would the company tactically approve of those leaks? When I see how much new songs are pushed to radio stations (payola was made illegal) I don't think that alternative distribution via P2P must be hurting that much.
The market for electronic music might have been much bigger if the majors signed up with DRM-friendly distributors like Apple much earlier.

---
If an axiomatic system can be proven to be consistent and complete from within itself, then it is inconsistent.

[ Reply to This | # ]

  • 22 - unpublished records - Authored by: Anonymous on Thursday, July 05 2007 @ 11:52 AM EDT
  • Sources - Authored by: Anonymous on Friday, July 06 2007 @ 05:59 PM EDT
Under-estimated vs Over-estimated?
Authored by: ankylosaurus on Monday, July 02 2007 @ 05:39 PM EDT
In paragraph 9, it says:
The scope of online piracy of copyrighted works cannot be underestimated.

Good. I estimate the scope at zero - and this is not an underestimate according to the gentleman submitting the declaration, so the RIAA has no case and should leave the Does alone, their privacy undisturbed.

Presumably, simple inverted logic errors of this sort are actually recognized by the courts and this wouldn't directly invalidate the declaration.

---
The Dinosaur with a Club at the End of its Tail

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 05:40 PM EDT
He doesn't give any indication of the widespread hijacking that occurs on the
internet.
Here is a great press release to throw in their faces:
http://www.fbi.gov/pressrel/pressrel07/botnet061307.htm

I like this in particular:
Most owners of the compromised computers are unknowing and unwitting victims.
They have unintentionally allowed unauthorized access and use of their computers
as a vehicle to facilitate other crimes...

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 05:41 PM EDT
Each routine and computers ip address can be changed at any time. DHCP can
update address at any time. A user can or isp can force the ip to update by
issuing a renew command.
Each time a computer reboots it gets a new lease for up to 24 hours, then the
address automatically changes. If the computer is booted at 2pm one day and
left up 3 months, each day at 2pm the lease will expire and it's ip address will
(or could) change.

Note also that if a use logs onto someone else's machine via telnet, ssh or
Microsoft remote services, another user could download items, which the original
owner would have now knowledge of. Note most spam user, remotely log into other
persons servers or other persons home computer and sent their spam from the
other machines machine. It appears the spam from the users machine but it
really be controlled by the remote user.

Note also most wireless systems are wide open and anyone can connect to home
networks and download info with the knownledge of the owner of the wireless
system.

[ Reply to This | # ]

Two Wrongs Make It Right?
Authored by: Anonymous on Monday, July 02 2007 @ 05:45 PM EDT
According to the declaration, the RIAA, perhaps through an agent such as Media
Sentry, downloads files from a computer they suspect is offering their
copyrighted works illegally. There are two interesting questions:

1) Is this itself an illegal use of (taking of?) computer resources that are not
theirs?

2) If they download files that are *not* copies of RIAA controlled media, as
their declaration implies, who is responsible for that infringement?

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 05:50 PM EDT
The RIAA have paid for a law to be made, and are taking people to court for
infringement of that law.

I'm sorry. I am an engineer. I have nothing useful to say about whether the
people have infringed a law or not.

But I do understand commercial-scale intimidation when I see it, and as such it
prevents me from doing any kind of business with the intimidators.

I will sing my own songs. They are not very good, but they are mine. You are
welcome to distribute them to anyone you choose, if you would like to.

[ Reply to This | # ]

Media Sentry uses the same functionalities that are built into p2p applications.
Authored by: Kilz on Monday, July 02 2007 @ 05:52 PM EDT
I think all of us would love to see the application, and the source code that
Media sentry uses. How can we be 100% sure it is flawless and contains no errors
that would give false or incorrect information?
Secondly, Media sentry downloads a few songs, then gets a list of what else is
on the computer. But unless they download the files how do they know for sure
they are recordings to which they control the copyright on? The p2p networks are
flooded with fake files, files that have the wrong names, even recordings of
others that are not the works they want to believe them to be. In section 15
they go over the fact that they look over this list of files they do not have ,
nore have they downloaded them.

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: aha on Monday, July 02 2007 @ 05:57 PM EDT
An IP address can be stolen at any time from another machine by simply assigning
that IP address through the network configuration settings of the machine (or
other IP capable device that is configurable). Sometimes the connection on a
machine may be erratic, but it is possible to have two machines on the internet
at the same time with the same IP address. The routing tables in the vicinity
of the machine determine where the packets from that machine go. It may be
possible to transmit and receive data successfully on the internet when there
are duplicate IP addresses on the internet.

Duplicate IP addresses is one form of attack that can be used to cause problems
on a network. That does not mean that it cannot happen. There is nobody in
direct control of what is done on every machine in regards to their network
settings.

An IP address does not map to a person. The IP address is usually mapped to a
unique MAC address (which might itself not be unique) in the routers. If the
routing tables get stale, it is possible that the data intended for one machine
might be delivered to another through the mapping to the MAC address of a
device. There is no guarantee that there is a one to one mapping of device to
IP address. Some hardware allows the MAC address to be set manually. Sometimes
this is intentional where many machines work in conjunction with each other to
provide hight availability type services and answer to a single IP address.
Conversely, one machine may have many IP addresses on a single network interface
to present itself as many virtual machines. No one to one mapping in these
situations.

---
You get what you focus on.

[ Reply to This | # ]

Being Pedantic
Authored by: James Wells on Monday, July 02 2007 @ 06:11 PM EDT
Greetings,

Reading through the RIAA's document, I find the following flaws;

The RIAA is a not-for-profit trade association whose member record companies create, manyfacture, and/or distribute approximately ninety percent of all legitimate sound recordings produced and sold in the United States.

Right off the bat, I would have to say "Prove it". I am willing to bet that all of the street hawkers, the bar bands, garage bands, Magnatune, etc comprise greater than 10% of all music created, manufactured, and distributed in the US. Please note that this is not counting music from other countries which probably comprises another 5 - 10%. Then there are the other sound recordings, such things as audio books, online news, podcasts, vidcasts, etc. The RIAA would find it almost impossible to prove this... Yes, I know I am being pedantic.

The major record companies generally have not authorized their copyrighted sound recordings to be copied or distributed in unsecured format by means of P2P networks. Thus, the vast majority of the content that is copied and distributed on P2P networks is unauthorized by the copyright owner - that is, the distribution violates copyright laws.

Please prove it. The problem is that the vast majority of content I see on P2P systems are large files that are being distributed by the authors, such as Linux / BSD CD's / DVD's which are being distributed with the express permission of the authors. From there, a rising trend that I am seeing is a lot of people posting amateur movies/audio books and shows, such as the the Rookie, by Scott Sigler and the 7th Son, by JC Hutchens.

The RIAA member companies lose significant revenues on an annual basis due to the millions of unauthorized downloads and uploads of well-known recordings that are distributed on P2P networks by infringers who, in virtually all cases, have the ability to maintain their anonymity to all but the Internet Service Provider ("ISP") they use to supply them with access to the Internet.

One of the problems with the RIAA is that they have never proven that they are losing money to file sharers, instead they have posted numbers of money loss and stated that it was caused by file sharers. The closest they have come to "proving" it was by hiring some teenagers to download music from one of their servers to prove that the teenagers could pull 600 songs over a three day period of time. Please note that these teenagers were told what server to go to and given accounts on that server. The server was hosted, IIRC, by Sony. Additionally, they have never been asked to explain why the drop in sales coincides with the increase in CD prices and not with the increase in broadband availability. Interestingly enough there is about a 3.5 year gap in the times.

Two computers cannot effectively function if their are connected to the internet with the same IP address at the same time.

Incorrect, through the use of Network Address Translation ("NAT") and various other proxying mechanisms, this is actually fairly common.

First, every day that copyrighted material is disseminated without the authorization of the copyright owner, the copyright owner is economically harmed.

Please prove this. Again, the RIAA has never been able to prove this, and in fact, the opposite has been proven by many other companies / organizations, including Baen Books, who has quite a few articles on this subject, which include comments from other companies who have proven an increase in revenue. Another fact which the RIAA keeps glossing over is that a music file download does not always equal a lost sale. I know many people who will download a couple songs from an album before they decide to buy the album. I am the same way on various books, I will download the first book in a series by a new author, if I like the book, I will buy the entire series.

Second, infringement often occurs with respect to sound recordings that have not yet been distributed publicly

Interesting... So you are saying that there is someone on the inside who is distributing this music? If not where are people getting it to be able to distribute it in to begin with. Based on this statement alone, I would suggest that the RIAA clean it's own house first, then come back after they can prove that they are not the people distributing the content initially.

---
"Individuals are smart, people are stupid" -- Tommy Lee Jones as "K" from Men In Black

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 06:12 PM EDT

If the kids are using bittorrent, many points in the declaration is factually wrong or at least misleading.

Paragraph 6: The RIAA has shut down many of the sites listed in Paragraph 6, and forced them to go legal. As such, they aren't offering illegal music for sale anymore.

Paragraph 7: In the case of bittorrent, paragraph 7 is a very inaccurate description of the network. bittorrent does not allow you to search other user's drives (paragraph 7(2)). Additionally, it tends to prevent one from transferring a file from one computer to another. It only allows the transfer of pieces of files, and one assembles a complete file from data from many computers.

Paragraph 8: Since most P2P users aren't in the U.S. The argument is jumping from international usage of P2P software to "the distribution violates copyright laws" inside the U.S.

Paragraph 11: In the case of bittorrent, I am not sure paragraph 11 is accurate. How do you login to a bittorrent network?

Paragraph 12: All of Paragraph 12 is an incorrect or misleading description of how a router works. Two computers behind a router can connect to the internet simultaneously happily. Many people can't effectively identify computers (let alone people) as described by:

... that organization can identify the P2P network user associated with the specified IP address.
No one can go from IP address to user. Behind a router, it is difficult to go from an external IP address to a computer. If one is lucky, they can go from IP address to account owner. Some of the testimony offered to the Canadian Supreme Court essentially stated that the CRIA was accusing people with certain IP addresses of file sharing, when in fact the associated IP addresses were not in use at the time.

Paragraph 14 and 15: With bittorrent, you can't actually download the file from someones computer. You can only download small pieces of the file. (Not sure if this makes a difference under copyright law.) See Paragraph 15 and Paragraph 14.

Paragraph 14 and 19: Paragraph 14, bittorrent clients don't actually distribute the complete contents of the share directory. How in Paragraph 19 does the RIAA know it contains 1000's of files?

Paragraph 18 does not actually specify which P2P networks the kids are accused of sharing file information on. Some specificity in the allegation would be helpful???

Paragraph 19: Most (all?) of the bittorrent clients only share a few files at a time. Declaration 19 accuses the clients kids of sharing 1000's of files simultaneously.

And that is the end of my list.

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 06:13 PM EDT
There are two questions raised by the declaration:

1. Does an IP address, as seen by sniffing a network (MediaCentry) uniquely
identify a computer

2. Does uniquely identifying a computer identify a person responsible for P2P
activity

Let's look at 1:

Short answer: No.

Longer answer: As many other posts here have pointed out, IP addresses are
not fixed (like the analog drawn in the declaration to telephone numbers).
They may change through DHCP, or even may change manually.

Further, an IP address identifies the endpoint for IP-based communication,
which may be a router or other device, not a PC. As a result, several PCs may
share a single IP address.

Looking at 2:

Short answer: No.

Longer answer: Assuming, for a moment, we definitively know that a specific
IP _is_ assigned to a PC, it is still impossible to know who is responsible for

traffic from or to
that IP address. PCs can be remotely controlled, making it very possible for a
PC to be 'used' by any individual beyond the owner. This is commonplace, and
is used nefariously by SPAM organizations to use PCs to send bulk email not
under the owner's control (zombie PCs).

Or, even more simply. there is no way to tell from an IP who is sitting in the
chair -- owner, child, friend, malicious ex-spouse, babysitter, etc.






[ Reply to This | # ]

Reasons why offenders cannot be identified by IP address
Authored by: EvilJake on Monday, July 02 2007 @ 06:14 PM EDT
1. User computers are almost always behind NAT (network address translation)
devices or Internet proxies which effectively enable multiple machines to access
the Internet simultaneously using a single public IP address. This is almost
certainly the case at the Boston University network. The university may or may
not have sufficient logging in place to identify which internal computer had
which internal (private) IP address at a certain time, and thus perhaps identify
the offending machine.

2. A user's computer may have been compromised any number of ways by an external
attacker from the Internet, or even by another internal user of the university's
network, who then used the compromised computer to share copyrighted files. The
offending machine's "owner" is not necessarily the person responsible
for the copyright infringement, if any. A forensic analysis of the offending
machine would be required to possibly identify evidence that the machine was
compromised.

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 06:23 PM EDT
Not that I know anything about this, but I've always wondered why defendants
don't attack the notion of "distribution" more often. That is, it is
only illegal to disribute copyrighted work, not to possess it.

Did MediaSentry actually download the file to verify that the Does were indeed
distributing it, or were they just "advertising" it? As an analogy, is
a shifty street vendor in violation of copyright law if he's pretending to sell
bootleg videos, but they turn out to be nothing but blank tapes? False
advertising and fraud, yes; but copyright infringement?

Secondly, the RIAA would like to claim that both an uploader and a downloader
are "distributing". How can that be? If you take the point of view
that a downloader is performing an act of distribution by making a digital copy
from another computer to his own, then the holder of the original copy cannot be
considered to be distributing. He can be cosidered lax in his efforts to protect
his property, sure, but not distributing. If you take the opposite approach
where the uploader is distributing, then the downloader is simply in possession
of copyrighted material, but not distributing.

I'm sure there's some law regarding collusion or collaboration that irons this
out in court, but I've always wondered about it anyway.

[ Reply to This | # ]

IP addresses + more
Authored by: Anonymous on Monday, July 02 2007 @ 06:25 PM EDT
As pointed out by other people, IP addresses are not necessarily unique. There
is nothing in the document that suggests that they know that each IP is uniquely
attached to a particular computer.

If an IP address is shared, then each computer behind the IP address uses one or
more ports to communicate. How these ports are allocated depends on the device
providing the IP sharing service, the operating system it uses, and the programs
connecting to it and requesting an outbound or inbound connection. Often port
usage is transient, and only recorded for the duration of the usage. There seems
to be no mention of this in the declaration. Presumably because it is damaging
to RIAAs case.

Secondly, although the declaration says that they checked representative samples
of files from each computer, it gives few details. Did someone listen in full to
each track to make sure it wasn't a permitted use under copyright - for instance
a parody. And how did they check that the download was covered by one of their
copyrights? For instance, how did they check that a download claiming to be
Bruce Springsteen singing Born in the USA, was in fact not a tribute act?

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 06:26 PM EDT
Paragraph 5: Clearly he admits that the Internet has substantial, if not
overwhelming, non-infringing uses. Also, if a digital file is copied in its,
there is no-degradation in sound quality. His comment of "without
significant degradation" is not accurate, and he should be held to account
to specify just what degradation might occur. While this lack of degradation
might strengthen his case, it certainly weakens his credentials as an expert.

Paragraph 6: How does he know that P2P is the source of "Much of the
unlawful distribution...", as compared to other methods of trading files
and CDs, bootleg sales by authentic pirates at swap meets/flea markets etc.?
This sounds like a blowhard attempt to make the this "biggest villain"
of the moment. Perhaps at other times other methods of distribution will be his
biggest villains. One should always challenge vague conclusions like this one.
Also, is "copyright piracy" a legally defined term, as opposed to
filesharing or file copying?

Paragraph 9: Why can't the scope of online piracy (his definition) be
underestimated? It certainly appears to be overestimated at times. Also, this
seems to reiterate the old saw that attempts to equate every file download with
a lost sale. This is clearly not true, yet seldom goes challenged.

Paragraph 10: Equates making available with infringement. This, I believe, is
also shown not to be true. Actual infringement would involve copying files
between one computer and another, and this is something Plaintiffs clearly
CANNOT do, despite the claim that they are observing this infringement occurring
on the Internet. The only copying of files that Plaintiffs can observe are
those to and from their own computers, and under copyright law that does not
constitute infringement. All they can know about other users is the number of
uploads that user might be providing. Not the file names being uploaded.

Paragraph 11: Nobody knows exactly what MediaSentry is doing, except MediaSentry
themselves. Are they using the actual, buggy, ad-ware/spy-ware ridden programs
most often out there, or their own hacked or homebrew solutions? So say that
MediaSentry only does what any P2P user does, and by implication, uses the same
software in the process of doing so, is yet to be demonstrated.

Paragraph 12: IP addresses do not necessarily identify a specific computer, and
cannot at all identify who is sitting at that computer. They are not unique
(many computers behind a single NAT-ing – Network Address Translation – router
will all have the same external IP address), and don't prove what computer you
are actually talking to, since you may be connected to a proxy computer, rather
than the final source or recipient of any data packets. Two computers can most
definitely have the same IP address on the Internet at large, so it's an
outright inaccuracy to have claimed otherwise here. And NAT-ing is very common,
not rare at all.

Paragraph 13: Again is the claim that MediaSentry operates "just as any
other user on the same P2P networks". This is not yet proven at all. Nor
is it proven that the MediaSentry computers might not be contaminated, as many
computers have been, by malware during the course of their investigations. They
should be required to provide a hard drive image of the drive used in their
investigation, said image taken AT THE ACTUAL TIME that the evidence was
gathered, to so that said evidence exists, and isn't subject to contamination
from computer worms, viruses, Trojans, and other malware. Any
"evidence" without this image to back it up should be considered
highly suspect.

Paragraph 14: Who has seen these downloaded files so far, except for
MediaSentry? Do we even know that they match that the file listing says they
should be (length, type, meta data, actual contents)? Also, for any
non-downloaded files, are you claiming that they are also exactly what their
titles claim? What about fakes that your, yourself, as the RIAA have hired
companies to spread as widely as possible. Is downloading and/or sharing a fake
or intentionally damaged music file also actionable infringement?

Paragraph 15: You provide the oversight of MediaSentry and attest to the
veracity of the file name list provided. What are your computer forensic
related credentials? Were you present when the data was collected?

Paragraph 16: How can you identify the "computer" from which the
infringement came by an IP address, with, or without, date, from just an IP
address? Answer: YOU CAN'T! You can no more identify a specific computer
plugged into the Internet at a specific IP address than, to use your telephone
analogy, knowing which model of telephone is plugged into a telephone line.
Over the course of even minutes, many different telephone handsets – or
computers – might be plugged into the same line, and you won't know which one it
is. This inaccurate talk on your part either shows your ignorance of what
you're talking about, or your belief that no one else realizes what you're
saying is simply wrong. Nor does knowing the account holder's name tell you who
actually controls a computer. And we're not even talking about unsecured – as
the majority are – wifi access points that anyone can log into with a wifi
enabled computer and send and receive data on the same IP address.

Paragraph 17: You should not be joining unrelated Doe defendants in your
subpoena process.

Paragraph 18: By this admission, they only "distributed" these
particular files to you, which is legal. There is no indication or evidence
that these files were ever downloaded to any other person. In fact, it's likely
that many files on P2P networks are not ever downloaded by other users, but are
simply file names in a shared directory. Also, you claim here that the files
were offered for distribution by each "Defendant". WRONG! You have
tried to identify the account holder, which may or may not have been accurately
done by the ISP, but that does not get you to whatever person is actually owning
and operating the computer offering up the files in question. ONE OF THE GREAT
WEAKNESSES of all your cases is your attempt to claim that the account holder is
the one doing the file sharing. And if they're not, to scare them in to telling
you who it must be. You too often sue the wrong person, and attempt to put them
under duress to make them incriminate someone else. THIS SHOULD NOT BE THE
PURPUSE OR PROPER USE OF THE LEGAL SYSTEM!
Paragraph 19: You have recently sued students with as few as 100 files allegedly
shared.

Paragraph 20: Why? Is this your justification on why this must all be ex parte,
and not contested at the point where your case is the most fragile of all?

Paragraph 22: Are you willing to admit that the sources of these not yet
publicly distributed works are most often industry insiders?

Paragraph 23: Must discovery be expedited – rushed by with no chance to contest
– in order to discover your victims – er, Defendants? Maybe it does need to be,
before critical eyes can examine your "evidence".

Paragraph 24: And this has happened how often so far? Or are you only being
theoretical here? You're very short on actual facts, Mr. Carlos Linares.

[ Reply to This | # ]

IP addresses
Authored by: bap on Monday, July 02 2007 @ 06:31 PM EDT
As has been mentioned in some of the above posts, the analogies put forward by this affidavit are erroneous on a number of levels.
"Two computers cannot effectively function if are connected to the Internet with same IP address at the same time"
While the basic idea is true, this statement is an oversimplification and demonstrates a lack of true understanding of IP addressing. There is a specific set of IP addresses designated as "public" which must remain unique across the Internet at large. These are the IP's that the above quote refers to. But there are large subnets of IP addresses that have been designated as unroutable or "private" that are for private use as any end-user sees fit. These include the ranges of 192.168.x.y, 10.x.y.z, etc. There are likely large numbers of computers accessing the internet that all have the IP address 192.168.1.10 but that is because they all sit behind different routers that each converts that private IP into a unique public IP.
For example, in a particular home, there may be three or four different telephones, but only one call can be placed at a time from that home.
Non-sequitur. Many people have routers in their homes that split an internet connection (cable modem, DSL router, etc) so that multiple computers can access the internet all at the same time. In my own home I have a Windows workstation, a Windows server, a linux server, and a virtual Windows server running in vmware on the linux server. All these computers can and do access the internet at the exact same time. They all have unique private IP's in the 192.168.x.y range and appear as the same public IP as far as the rest of the internet is concerned. I also have a wireless router so that I can connect my laptop to the internet without having to plug it into anything, and although I keep the router settings well secured there is always the possibility that somebody outside my house could hack the wireless connection and connect their computer to the internet through my connection as well.

On a related note I also have a hosted server at a datacenter that has 8 IP's assigned to it. So one server has 8 unique IP's that it can make use of. It also responds to incoming requests on those 8 IP's (or at least the ones I have configured to do so). So multiple servers can easily share one IP and one server can easily make use of multiple IP's. Neither scenario is uncommon at all.

If I wanted to I could fairly easily set up the routing on one of my computers at home to route through the server at the datacenter (a proxy). This means that, for example, my virtual windows server with one IP, running on a linux server with a different IP, would look to the rest of the internet as if it was a server in a datacenter in another state from where I live.

Another reason why the telephone analogy fails is that telephone numbers remain highly static. A given individual is not likely to have his telephone number changed on a regular basis. A public IP assigned by an internet provider is usually dynamic and can change from day to day or even hour to hour. The length of time that an IP is used by an individual can be configured by an ISP for a period of seconds to years. Usually the time range is in hours or days and may not actually change when a dynamic lease is renewed.

MediaSentry is able to detect the infringement of copyrighted works and identify the users' IP address because the P2P software being used by those individuals has file-sharing features enabled.
This right here is a glaring hole in their argument. As I described above I could easily reconfigure a Windows computer at my home to look like it's actually a linux server in a datacenter in another state by routing the Windows computer through the linux server. If I were unscrupulous and wanted to share copyrighted materials on a P2P network I might search for other servers on the internet that are configured as an open proxy. I might even download a virus (whose source code can easily be found with a little bit of google searching) then modify that virus and release it in the wild. That virus would configure unsuspecting Windows computers as anonymous proxies that I could then hijack. By routing my P2P software through those proxies, MediaSentry or anybody else would think I was connecting from that remote computer rather than my own computer. To use the RIAA's telephone analogy, it's as if I broke into a home that had two telephone lines and taped the handsets of the two phones together. From my house I call one of those lines and cause the second line to dial the number I actually want to call. If the person I was ultimately calling had Caller ID then they would see the call coming from the house I broke into rather than my own home. The FBI recently issued a press release stating that as many as 1 million unsuspecting computers may be compromised in order to send spam. This same compromise could easily allow those infected computers to serve as P2P proxies, leading the RIAA to identify the wrong IP as the source of shared music.

I happen to live in the Boston area and currently have a lot of free time on my hands. I'm a professional sysadmin with a lot of networking experience. If Mr. Beckerman would like to talk to somebody in person (if just to bounce some general questions around, or more) I'd be more than happy to help out.

[ Reply to This | # ]

IP Address and Traceroute
Authored by: Anonymous on Monday, July 02 2007 @ 06:31 PM EDT
If Media Security record down the route at that time as well as the IP address,
then it's pretty solid. If they don't have the routing information then it can
be demonstrated that two machine can have the same IP on the internet.

[ Reply to This | # ]

What this declaration is really saying
Authored by: Anonymous on Monday, July 02 2007 @ 06:35 PM EDT
The RIAA is suing an IP address. IP addresses don’t file share. They are then
trying to attach that IP address to an account owner, and claim that the account
owner is the actual filesharer, and that it's all being done on a specific
computer that they can identify without error. This simply does not follow, as
a growing number of case dismissals will attest to, and no amount of smooth
words on the part of Mr. Linares will ever make it true

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 06:44 PM EDT
Quick question. Do the Universities who provide their students with internet
connections use NAT so each user gets a "private" address on their
machine? If they do then would not Media Sentry or any other P2P user only see
the university's IP address not the specific machine's address? If that is so
then it could have been any one of perhaps several thousand possible users that
they would see at that same IP address? And they would have no actual way to
determine which user might be sharing the music.

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 06:47 PM EDT
There's a particular point which many people have referred to, but no one appears to have stated outright (probably because it's obvious to most of us).

The declaration states that an IP address identifies a computer. It does not and cannot. And IP address is associated with the network device to which it was assigned; in most cases, the network device the ISP assigns the address to is a modem, adaptor, or router owned by the ISP.

Dialup? The public IP is assigned to the modem on the ISP side. Cable? The public IP is assigned to the cable modem, which is most often leased from the ISP. DSL? The public IP is assigned to the DSL adaptor, most often leased from the ISP.

In order to tie these IP addresses to a location, one would have to have high confidence that:

  1. The ISP's records accurately record which specific device is at which location; I have, on more than one occasion, been told that the cable modem I have in my house was registered to someone else. For example, when the ISP forgot to update their records when they swapped out a modem for repair.
  2. The clock on the computer that logged the IP and MAC addresses matches the clock on the computer that logged a given IP offering a file.
  3. The IP and/or MAC had not been spoofed.
  4. The device in question was physically at the location on record at the time the file was transferred; the device could have been at a friend's house (e.g. if one were attempting to diagnose an issue for that friend, one might take one's own modem along)

Even if you have all of that with confidence, you've only identified a location, not a computer, and certainly not an individual.

[ Reply to This | # ]

IP as a unique identifier of the person performing actions on internet
Authored by: Anonymous on Monday, July 02 2007 @ 06:58 PM EDT
This is flawed for several reasons, some mentioned already by others:

1. NATs - The ip of connections coming out from behind a NAT can only identify
the network, not the person who uses the device behind the network
2. Proxies - see above
3. Same IP can indeed be used be more than one person on the internet, and even
on the same network, though this would result in packet collisions, this is a
valid form of network attack
4. Identifying the IP does not identify the person -
4.a Even if IP identifies the device, it doesn't identify the person who
uses the device
4.b Unsecured, or purely secured networks, especially wireless networks can
result in anauthorized usage of the connection
5. Dynamic IP assignment, many (most) ISPs assign IPs dynamically some times
reassigning every several minutes. see below on time sync
6. Time synchronization - this is an important argument that is unfortunately
rarely made - If i go to the network owner, and say - At 5:15 on June 22nd 2007,
a person with IP www.xxx.yyy.zzz has copied file X, I rely on the fact that:
6.a The clock of the person requesting disclosure is completely (up to a
millisecond) synchronized with every device in chain in the ISP clock, that
includes the router to which the connection is made, the log server etc etc...
and that they all are synced together. Unfortunately, for anyone involved in
time synchronization in software, we all know that this is not what happens in
reality.
6.b there is no hardware time skew on any of the devices in chain
6.c The requestor and the ISP have both switched our daylight time savings at
the same time
6.d The time synchronization is accurate (if you have a slow connection, you
will be skewed by the latency of connection)
6.e The request is accurate - that is saying 5:15 is not enough, it has to
specify the exact millisecond, cause in one minute the IP can be switched to
someone else.
6.f The requestor and the ISP have both accounted for time zone differences,
and have their systems (all devices in chain) configured properly for such
accounting).



[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 07:12 PM EDT
I have a suggestion for a fun project. Write a program that will create a mp3
file with a simple computer generated voice saying something like "this is
not the file you are looking for" repeated for a specified period of time.
Then have it generate these files with filenames and exact lengths for a large
number of current popular songs. Then serve them up on the p2p networks and
make the server easy to locate who owns it. That way the RIAA will have a very
easy time filing a suit. Then counter sue based on the fact they did not even
determine if their IP was infringed as every song will not be the actual song.
Of course this would require someone with money to deal with the suits but it
would just be one more loss to counter the RIAA suits with showing they don't
actually know what they are suing over.

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: dwmosman on Monday, July 02 2007 @ 07:16 PM EDT
Minor:

P2. this does not appear to document expertise in explaining how computers or
networks work. In fact, some of the statements in this document re PC's and
routers are simply wrong (see below).

P6. "... similar online systems emerged attempted to capitalize on the
growing market Napster fostered ..."
- Assertion, ascribes motives to other companies actions

P8. "...Thus..."
- Invalid conclusion, does not follow from preceding statements. The fact that
people copy copyrighted material, even large volumes of it, and the fact that
people use P2P networks (as well as ftp sites, CDs, cassette tapes, etc.) are
not together logically sufficient to make the conclusion that "the vast
majority of content" of P2P traffic is unauthorized.

P9. "The scope of online of copyrighted cannot be underestimated..."

- (nitpick) He probably means to say it cannot be overstated. If it cannot be
underestimated, then if I estimate the cost at 0, I'm still too high. (of
course, he's the "expert" :) )

P12. "...the unique IP address of the computer..."
- Almost always incorrect. Virtually all computers on computer networks today
have "dynamic" IP addresses. That is, a network server will
TEMPORARILY assign each PC an IP address. After a set period of time, the PC
must request another IP address and the server will assign a NEW IP address. It
may be the same address or it may be an entirely different address. Thats up to
the server.

P12. "...each computer or network (such as router) that connects to a P2P
network must have a unique IP address within the Internet to deliver files from
one computer or network device to another..."
- Incorrect. Each local computer network (i.e. collection of PC's, printers,
routers, etc.) must have a gateway to the internet. The gateway must have a
temporarily assigned IP address which is either unique to the next higher level
network that the gateway is connected to or unique to the entire internet.
However, at any one time, there are probably millions of PC's, each with the IP
address 192.168.0.1, which are all successfully connected to the internet
(through cable routers).

P12. "...Two computers cannot effectively function if they are connected
to the Internet with the same IP address at the same time...For example, in a
particular home, there may be three or four different telephones, but only one
call can be placed at a time to or from that home...
- Incorrect. All across America, familys are using cable routers, purchasable
in Best Buy and competing stores for $70 or less, to enable two or three or more
PC users to simultaneously access the web.

ex. "The Linksys EtherFast(R) Cable/DSL Router is the perfect option to
connect multiple PCs to a high-speed Broadband Internet connection...acts as the
ONLY externally recognized Internet device on your local area network..." -
Linksys product description for the BEFSR11 Cable Router

Disclaimers:
IANAL (I am not a lawyer, If you want legal advice, hire a lawyer),
IANANA (I am not a network administrator, if you want network advice, hire a
network admin)
MUCoCiW (Making unauthorized copies of copyrighted material is wrong. Don't do
it. Microsoft would still be a little company making home products if millions
of people had not gleefully bootlegged copies of Windows into their
businesses).

[ Reply to This | # ]

IP and MAC addresses can be forged
Authored by: Anonymous on Monday, July 02 2007 @ 07:17 PM EDT
Two points.

1. Computer is not person

In most networks, desktop PCs are assigned IP addresses via DHCP which keeps
logs of which machines are assigned which addresses for which periods. If the
network operator provides this information then that is a strong indication of
which PC was exchanging the data. The address of a PC in such a situation
however does not identify an individual, only a computer.

2. Addresses can be forged

It is also possible to forge the MAC address of a computer and hence make one
computer appear exactly like another on a network.

If I change the MAC address on my PC to that of my neighbour then the network
cannot distinguish between traffic from my PC and traffic from my neighbour. If
both PCs are on then some network malfunction will be obvious, but if the
computer being forged is off the network then the forgery will be undetectable.

As such I do not think that the MediaSentry approach can ever identify more than
the LAN on which data was exchanged. This might be sufficient to cause a judge
to allow experts to examine the machines attached to the network at the time.

--
BbMaj7 (sorry lost password -> anon)

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 07:22 PM EDT
As this lawyer should already know, MediaSentry was acquired by another firm,
SafeNet, Inc.

The deposition is technical and factually incorrect, and the author has knowing
lied at best!

This is another case of a non-Engineer making claims that only a certified
Engineer can make. Lacks both personal knowledge, formal education, experience
and training to make claims the author makes! Should be rejected on this basis
alone.

Second, makes claims about software and procedures that have not been peer
reviewed by any organization whose charter is in these fields of expertise
(telecommunication, network engineering, communications protocols, etc).

Third, he continues to propagate a self serving fallacy. The fallacy consist of
two-parts, 1) that a routable IP address is in fact a end-point, and 2) that the
IP protocol contains routing information.

Dealing with the second part of the fallacy first, and that is the IP protocol
does not and has never conveyed as part of the protocol routing information.
Thus is there is no way to know with certainty that a IP address is an
end-point. If a IP address is not an end-point, then nothing can be attributed
to the IP address.

And IP address identifies a process (software being executed) on some machine
and nothing further. It is impossible using the IP protocol to identify an
individual based solely upon an IP address.

Since IP addresses may not be end-points, it should be noted that ISP's
routinely re-use routable (externally exposed IP addresses) and assign them to
internal IP addresses frequently. Thus date and time may be insufficient to
properly identify an IP address or user because of differences in time on
different machines.

Lastly, because of bots and viruses which Microsoft has been unable to prevent,
rogue processes (executing applications) may be running on a machine without
user knowledge. And this ignores high-jacked servers. Again, since the IP
protocol does capture or convey routing information, application layer relays
appear as end-points even though they function as routers.

Again, because the required instrumentation does not exist on the internet at
large (ignoring the constitutional issues of attempting to do this), it is
impossible for any professional to claim any IP address encountered is an
end-point. There is insufficient information to make that claim, much less be
able to prove it scientifically. Thus the author has already impeached
himself!

Next, a file name is not proof of the contents of a file. Only by downloading
the file and examining its contents, current format, and format derived from can
one make any claims of infringement. There have been a number of cases where
someone was accused of infringement based solely on file name similarities.
Again, not proof of infringement without downloading and examination. This
ignores the whole sampler issue of a snippet being used as advertising
enticement.

In closing, MediaSentry (now part of SafeNet, Inc.) needs to come clean with a
expert who testify about the software and procedures used by MediaSentry to make
claims that are unsupportable scientifically. It would be interesting to learn
whether MediaSentry's software and/or procedures have been reviewed by any
outside peer review organization(s), and what the charter and qualifications of
such organization to perform peer reviews is.

It appears to me, the the author is attempting to make accusation's that can not
be supported by science and using another corporation (entity) to hide this
fact.

I would request that MediaSentry identify a witness who can speak on behave of
MediaSentry to the issues I've raised here.

An engineer who wishes to remain anonymous.

[ Reply to This | # ]

Question of intent?
Authored by: Peter Baker on Monday, July 02 2007 @ 07:24 PM EDT
Is intention relevant in these cases? I'm asking these questions because I would like someone to examine the argument - I am by no means stating I'm right :-)

On the one side, we have end users which run Windows. Not only is that an OS which is easily compromised, the latest version is actually compromised from the inside. All the statements I've seen so far make running P2P proof of the intention to distribute (which, incidentally, also isn't the same as actually doing it).

Leaving the door open of your car does not display an intention to share its use with the rest of the neighborhood or you could never get a carjacker to jail..

On the other side we have MediaSentry who appears to break the Computer Misuse Act (in the UK, forgot what it is in the US) by WILLFULLY entering a system without seeking permission of the owner. Again, the fact that I leave a service available does not constitute a right of access. Going back to basics - I may not even KNOW I'm putting up a service as fighting virus infections is something that even specialists occasionally have a problem with (especially zero day).

It thus strikes me that any MediaSentry driven case starts with an admission in Court of willful invasion/compromise of computer systems. AFAIK MediaSentry nor RIAA have the required legal statue or warrants for that..

In summary, assuming I'm correct, given the incredible (and increasing) amounts of rather pissed off John and Jane Does out there it strikes me that RIAA/MediaSentry are not really navigating a very safe course..

---
= P =

[ Reply to This | # ]

Don't forget port forwarding
Authored by: Anonymous on Monday, July 02 2007 @ 07:31 PM EDT
How many cable modems, wireless routers, or other network devices are installed
in user's homes with default (or well-known) security? An external attacker
need only forward the appropriate port and it could appear that the (hacked)
router was doing something illegal (because it is the destination and port that
matches the sniffer), when it is really relaying frames somewhere else, possibly
with shifted source/destination port numbers (i.e. not P2P). I can
"see" at least seven unsecured wireless networks from my house.
Routers with external management enabled are wide open to abuse and
mis-diagnosis of alleged illegal activities.

[ Reply to This | # ]

_Wireless_ Routers.
Authored by: Anonymous on Monday, July 02 2007 @ 07:37 PM EDT
First, I re-express the bulk of the comments about NAT & DHCP. But one position I did not notice is the use of _wireless_ routers at many homes and schools. Many home wireless routers are simply wide open. Meaning not only that all the computer in the residence are hiding behind the Router's IP, but there could be an insane number of other completely unknown people using the "same IP." At a school, they'll usually hand out userIDs & passwords to use for the wireless access. Perhaps even lock it to a (nominally) unique MAC address internal to the computer's ethernet. At a fair chunk of places, this is about as useful as the lock on a toy jewelry box. It _can_ be pretty secure. Or it can be as secure as storing all your stuff under a tarp in your front yard. The whole 'wireless' argument moves it past "Yeah, but you _let_ your friend sit at the computer and steal from me."

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 07:49 PM EDT
Hopefully, someone can lawyer-ize this, but I think it should help.

#8. Non-sequitur. It has not been shown what portion of peer-to-peer traffic
is authorized or unauthorized, nor what portion of peer-to-peer traffic consists
of audio recordings. In addition, mere lack of authorization by the copyright
holder for the distribution of copyrighted content does not equal a violation of
copyright law. Therefore, one cannot conclude based solely on the lack of
authorization by RIAA member companies that the "vast majority of
content" on peer-to-peer networks is distributed in violation of copyright
law.

#9. There has been no meaningful study of the amount of revenue lost by RIAA
member companies as a result of online piracy. In particular, such a study
would need to show (a) the portion of downloaders who would buy the products of
RIAA member companies, had they not downloaded digital files of those products
via peer-to-peer networks, and (b) the portion of downloaders who do not buy
those products eventually anyway. Since no such study has been produced, it is
impossible to ascertain what damages, if any, RIAA members suffer as a result of
peer-to-peer online music downloads.

#12. IP addresses do not have a one-to-one correspondence to an ISP account
holder. In fact, an account holder's IP address can change at nearly any time
(called a "dynamic IP address", because it is allocated dynamically
and arbitrarily from a pool of IP addresses). At any given moment, an IP
address also does not correspond to the user of a particular computer, nor does
an IP address necessarily correspond to an individual computer (in fact, most
consumer-grade routers employ NAT routing, which causes all computers on the
local area network side of the router to have the same apparent IP address to
machines on the wide area network side of the router).

This _directly_contradicts_ Mr. Linares's affidavit, where he claims, "This
is analogous to the telephone system where each location has a unique number.
For example, in a particular home, there may be three or four different
telephones, but only one call can be placed at a time to or from that
home." In fact, a huge of machines could potentially be attached to the
local area network side of a router, but all will appear to have the same IP
address to machines elsewhere on the Internet. Furthermore, all of those
machines can engage in communications with each other or with machines elsewhere
on the Internet. Finally, there is no way to ascertain solely from the IP
address which of those machines is being spoken to at any given time, since the
determination of which machine on the local area network a particular
transmission is destined for takes place entirely and solely within the router.

An IP address also does not correspond to a particular user. It does not
identify which human being is operating the machine at any given moment, or
which human being has potentially set into motion events which result in the
violation of copyright.

#14. A mere filename is insufficient to prove the violation of copyright. In
order to provide evidence of copyright infringement, MediaSentry would be
required to download a music file, listen to it, and ascertain that a client's
company was (a) the current holder of the copyright for that work, (b) that the
downloaded file was obtained from someone who did not have authorization to
distribute it, and (c) that none of the provisions in copyright law which
abrogate a copyright holder's rights apply to the situation at hand. In
addition, it is not possible to provide in a textual document evidence that a
particular music file is violative of copyright. Filenames, metadata, and other
such content which does not constitute the actual copyrighted data of a music
file can be set arbitrarily by the user, including in a manner which provides
the suggestion that a particular file's copyright is held by one of
MediaSentry's clients, when this is in fact not the case.

For example, a file could be named, "Britney Spears - Oops, I Did It
Again.mp3", but could consist of an amateur vocalist singing that song a
capella. In such a case, not only would royalties not be due to any RIAA member
companies, but the vocalist may have even obtained a compulsory license
permitting them to legally distribute their rendition of the song.

For another example, a file named as such could be an audio news article
discussing that particular song, using short clips of the song in the interest
of completing the news report, and as such would be covered by fair use
provisions in copyright law.

A third example would have the filename and metadata indicating a song whose
copyright is held by an RIAA member company, but with the content of the file
consisting entirely of random data, producing nothing but noise if played. In
fact, such a tactic is frequently used by copyright "protection"
companies to foil the efforts of peer-to-peer downloaders, and could conceivably
be used by private individuals as well.

#15. By downloading files whose copyright they cannot possibly be certain of
until a particular file is examined in more detail, MediaSentry, the RIAA, and
RIAA member companies put themselves in the precarious position of committing
copyright infringement themselves, if they download a file whose copyright they
do not hold, and for which the copyright holder does not wish their file to be
distributed.

#16. An ISP's logs cannot determine the facts which Linares claims:
"...can identify the computer from which the infringement occurred (and the
name and address of the subscriber that controls that computer)". The
"computer" assigned that particular IP address may be a router,
possibly with multiple computers owned and controlled by several different
people. The ISP's logs provide no way to determine whether the machine assigned
an IP address is a router or a computer (or both), nor do those logs indicate,
if a router is present, which machine behind the router participated in
infringing activity. In addition, a machine may be infected with malware - a
computer program placed by a person on another person's computer
surreptitiously, which can allow them to, among other things, participate in
illicit file sharing without revealing their own IP address to the RIAA or
MediaSentry. In such a situation, it would be difficult to claim that the
computer's owner is truly the person "that controls that computer".

However, an ISP's subscriber data can be used by the RIAA to badger individuals
frightened by the prospect of a protracted and expensive lawsuit (perhaps
costing tens of thousands of dollars) to settle out-of-court by paying mere
thousands of dollars, even when no infringement has occurred.

#17. Concession of one company (Verizon) - or even multiple companies or
organizations - to a particular subpoena process does not mean that said
subpoena process supports the public good or is even legal. Many ISPs see
little upside to battling the RIAA in defense of their customers, and therefore
choose not to contest those subpoenas. In most cases, these subpoenas are
executed ex parte, intentionally preventing the target of the subpoena from
having the opportunity to defend their rights.

#18. Neither the RIAA nor MediaSentry can guarantee that the defendants (i.e.,
those who actively participated in the act of distributing files for which RIAA
member companies hold the copyright) are on the Boston University campus or
using Boston University's Internet service. The presence of malware on any
number of the RIAA-targeted machines would allow the true infringer to
participate in peer-to-peer filesharing anonymously, by using the
malware-infected machine as a proxy.

#19. As mentioned before, the mere filename and/or metadata of a file does not
indicate the holder of the file's copyright. The RIAA and/or MediaSentry would
have to demonstrate having listened to the "thousands of files" to
ascertain their individual status in order to ensure that each of those files is
violative of copyright.

#20. The RIAA cannot determine how many times, if any, a particular file has
been downloaded from a particular computer, aside from the time or times that
they have themselves downloaded a file or the number of times MediaSentry has
reported downloading the file from them.

#21. The RIAA cannot demonstrate whether or not a particular file is downloaded
on a particular day, nor can they demonstrate any tangible losses as a result of
any particular download. A downloader may have no intention of purchasing a
work. Said downloader may already own a work, but find downloading the file
more convenient than "ripping" the song from a CD. Said downloader
may have already legally purchased a work, but, having destroyed the CD in some
manner, is downloading the song to restore the work's place in their
legally-purchased collection.

The mere threat of a legal action against unidentified members of a targeted
community such as Boston University is also likely to greatly diminish the
amount of actual violative distribution within that community for the duration
of the threat, thus greatly diminishing any continued economic losses from that
distribution.

#22. The RIAA has not demonstrated that any particular works in this case are
pre-release works.

#23. Service of defendants does not require expedited discovery.

#24. The court can specifically enjoin an ISP to keep records of their logs for
the relevant time period beyond the point that they would normally be deleted as
a routine matter of system maintenance.

In contrast, the privacy rights of a potential defendant are materially and
irreversibly harmed by permitting ex parte discovery to occur.

[ Reply to This | # ]

The exactness requirement, PP3, para 7, sect 3?
Authored by: Anonymous on Monday, July 02 2007 @ 07:57 PM EDT
- How exact is "exact"?
- In paragraph 7 section, paragraph three claim that "exact" copies
are transfered. The copies are unlikely (but may occasionally) be exact. Most of
the time the files won't be exact.
- When a recording is ripped, the ripped file has a specific and exact bit
pattern. However, within the PC data/file transfers have "BER" (or Bit
Error Rate) in the transfer. Meaning the copy to audio codec has a probability
of receiving a slightly different bit stream than was contained in the original
file. If the file is shared across several servers and several networks (each
computer that transfers the file has it's own BER), the destination file will
likely be different than the source file (to a greater or lesser degree). Error
detection and correction reduce, but not eliminate, the errors that creep in.
- Furthermore, the human ear is not the best method for determining how
identical two audio streams are. The brain easily fills in what the hearer wants
to hear. Sorry I don't have the sources, but firmly believe it to be true.
- In addition, from a legal perspective, how exact must exact be? In that, if
the Least significant bit in each (let's assume an 8 bit) word is inverted and
all others are identical, then the file/stream is 87.5% identical to the
original. This type of change is unlikely to call significant attention to
itself, when listened to. On the other hand, if the Most significant bit of each
(8 bit) word is inverted, then the file/stream is also 87.5% identical to the
original. However, the file/stream is totally different, to the ear! One of the
rules of digital hardware, bits have different levels of importance, depending
on their position. in the data words.
- Therefore, how does the law define an "exact" copy, an
"identical" copy, a "close enough" copy or "not close
enough/legally different" (not-)copy when dealing with copyrights?

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 07:57 PM EDT
"12. Users of P2P networks who distribute files over a network can be
identified by using Internet Protocol {"IP") addresses because the
unique IP address of the computer offering the files for distribution can be
captured by another user during a search or a file transfer. Users of P2P
networks can be identified by their IP addresses because each computer or
network device (such as a router) that connects to a P2P network must have a
unique IP address within the Internet to deliver files from one computer or
network device to another. Two computers cannot effectively function if they are
connected to the Internet with the same IP address at the same time. This is
analogous to the telephone system where each location has a unique number. For
example, in a particular home, there may be three or four different telephones,
but only one call can be placed at a time to or from that home. Each computer or
network device is connected to a network that is administered by an organization
like a business, ISP, college, or university. Each network, in turn, is
analogous to an area code. The network provider maintains a log of IP address
allocations. An IP address can be associated with an organization like an ISP,
business, college or university, and that organization can identify the P2P
network user associated with the specified IP address."


This is not correct. I, personally, have 5 computers connected to the internet
through the same IP address. I have a internal network, 192.168.xxx.xxx that is
routed to the internet through a single computer. My internal network includes a
wifi router so that 2 laptops can connect. It is possible (likely) that others
that I don't know use my internet conection from time to time.

[ Reply to This | # ]

Look at recent cases
Authored by: Bill The Cat on Monday, July 02 2007 @ 07:57 PM EDT
Many arguments have already been brought up in Anderson v. Atlantic, RIAA, et al and Lindor v. UMG. As has been covered here already, the MediaSentry/SafeNet, diposition uncovered many flaws with the methods used for gathering so-called evidence. The dialog that followed covered even more analysis and perspective on the subject. I see a lot of that being rehashed here.

Recording Industry vs. the People has a lot of commentary however, I am not sure that a significant amount would stand up to legal scrutiny. The point is that this web site offers a lot to think about but I'd be reluctant to take any advice without consulting a lawyer

The bottom line is that the RIAA and SafeNet's methods are highly questionable and, in some cases suspect of being illegal. I would certainly start here because if you can destroy their foundation, the rest of the case has little to support itself.

---
Bill The Cat

[ Reply to This | # ]

A Lawyer Would Like to Pick Your Brain Once Again
Authored by: Anonymous on Monday, July 02 2007 @ 08:04 PM EDT
I do not have the expertise to debunk this declaration

But!

What he doing is using weasel words and weasel sentences
to imply things and situations which can just as easily
have the exact opposite meaning and cause.
I do know what he is doing. Nothing he says if blatantly
false.; it CAN all be true AT TIMES.
Likewise nothing he says id really true; all of it can be
false at times.

Examples:

3.The RIAA is a not-for-profit trade organization whose
member record companies create, manufacture, and/or
distribute approximately ninety percent of all legitimate
sound recordings produced and sold in United States
Is the RIAA making a profit from their law suits? If so
where does the money go? If it is returned to its members
then the RIAA is a profit making carte.


6.Much of the unlawful distribution of copyrighted sound
recordings over the Internet occurs via "peer-to-peer"
("P2P") file copying or so-called on line media
distribution systems. The most notorious example of such a
system was Napster, which was enjoined by a federal court.
Notwithstanding the court's decision enjoining Napster,
similar on line media systems emerged and attempted to
capitalize on the growing illegal market that Napster
fostered. These included KaZaA, eDonkey, iMesh, Ares,
BitTorrent, DirectConnect, and Gnutella, among others. To
this day, some P2P networks continue to operate and to
facilitate widespread copyright piracy. At any given
moment, millions of people illegally use on line media
distribution systems to upload or download copyrighted
In Canada a copyright charge which goes to the Canadian
version of the RIAA is charged on recording medium for the
stated purpose of paying the making such downloads legal.
Does that mean that if a server is located in Canada that
the above programs would be being used fro improper means?

Once a sound recording has been transformed into an
unsecured digital format, it can be copied further and
distributed an unlimited of times over the Internet,
without significant degradation in sound quality

Yes. That does not mean that it is and has been copied and
distributed or if distributed that it was done illegal.

Here is some example of legal on line music
http://www.national-anthems.net/

Take especial note of
United States
France
Cuba
http://debian.fmi.uni-sofia.bg/~kalata/docz/National
Anthems/
Soviet Union
http://www.soviet-empire.com/ussr/viewtopic.php?t=28560
The International
http://www.marxists.org/history/ussr/sounds/

Which according to this brief the RIAA owns the copyright
to these - Bull.


8.The major record companies generally have not authorized
their copyrighted sound recordings to be copied or
distributed in unsecured formats by means of P2P networks.
Thus, the vast majority of the content that is copied and
distributed on P2P networks is unauthorized the copyright
owner -- that is, the distribution violates the copyright
law

Sentence 8.1 is completely unrelated to sentence 8.2.

12.Users of P2P networks who distribute files over a
network can be identified by using Internet Protocol
{"IP") addresses because the unique IP address of the
computer offering the files for distribution can be
captured by another user during a search or a file
transfer

If there is 1 in a billion, 1 in a hundred trillion
chances of this happening then the statement is true which
implies that this individual is practicing deceit since
all the other times the event does hot happen.

[ Reply to This | # ]

Some points that may be of interest
Authored by: Stanley Chow on Monday, July 02 2007 @ 08:08 PM EDT
Point 8: As I posted in another thread "Point 8 - P2P is illegal", many bands have given explicite permissions for trading of recordings.

Point 9:

The scope of online piracy of copyrighted works cannot be underestimated. The RIAA member companies lose significant revenues on an annual basis ...

As others have pointed out, this is not proven. In fact, most (if not all) unbiased studies say CD sales is not hurt by P2P sharing. For example, quotes a 2004 study by Felix Oberholzer-Gee of Harvard Business School and Koleman Strumpf of UNC Chapel Hill that concludes "downloads have an effect on sales which is statistically indistingushable from zero." On the other side of the argument, there are new releases that were hyped on the P2P that catapolted to the top of the charts. Indeed, many (new/indie) bands now operate under a new business model where they see P2P as an advertising medium that drives their income from "gigs", from sales of physical CD as well as sales of digital mp3 files.

Point 12 about unique IP addresses - by and large true, with some notable exceptions:

  • NAT (Network Address Translation) is used to hide a private network so that only one IP address is presented to the "public" network. Inside the private network, many machines each with a private IP address not visiable to the outside world. The private IP addresses are usually (but not always) in what are called RFC 1957private addresses. Many enterprises has NAT firewalls, as do many home owners (most "broadband routers" from Linksys, 3com, ... are all NAT firewalls).
  • Proxy firewall is another way that hides private networks (different mechanics, but similar result for this purpose).
  • Address-spoofing is the act of the originator using some other IP address (often done as part of some attack to hide the address of the originator). Un-masking the spoofing is difficult and can only be done close to the originator - i.e., it is unlikely that MediaSentry and other observers have enough information.
  • depending on the LAN topology, it is easy to "sniff" packets that are addressed to another machine on the same subnet. For example, classical ethernet on coax cable presents every packet to every machine on that subnet and depends on each machine to process only the packets destined for it. It is very easy to put machines into "promiscuous" mode to process every packet.
  • This means I could operate as another machine by a combination of spoofing and sniffing. Depending on configurations and so on, the spoofed machine may or may not act strangely.
  • Many cable boardband systems treated a neighbourhood as a subnet and many people could sniff packets destined for other people. This used to be common, but I assume the cable operators have tighened up security. Also, any network segment using a hub (as opposed to a switch) is similar (including cases where a hub is used to allow multiple machines to use a single ADSL account).

    Point 13 - finding IP address means finding the individual. As many of the briefs in many cases have noted, the IP address cannot tell which machine in a private network was used, much less which actual person.

    General point on identification of individuals from the IP address:

  • the RIAA tactic can only map "dynamic" IP address to user account - that is, find out which account was active and assigned that IP address. This assumes clocks are synchronised and ISP records are correct. Quite often, clocks are be off by days, and a mistake of minutes may be enough to misidentify users. At the minimum, the ISP log must show a time interval that matches MediaSentry times as well as when the user would have been theoretically on the computer.
  • given the user account, it is difficult to identify the actual machine in the private subnet created by a broadband router (or Linux firewall, etc.). There are techniques that can probe behind a firewall to discover the toplogy of the private subnet and characteristics of machines inside the private subnet.
  • given the actual machine, it is not necessarily true that the owner of the machine is responsible. Most machines at home (or dorms) operate with no logon security so anyone with physical access can do anything to the machine, including setting up P2P without approval (or knowledge) of the owner.
  • There are millions of machines that have been taken over by malware and turned into "bots". There are many documented instances where bots were used to serve illegal contents of many types (indeed, this usage far predates the term "bot"). The rise of the bot armies is a major concern for many security reason, including botnet-for-hire as a tool for DOS (Denial Of Service).
  • Many people have WiFi access points to allow laptops and so on. It is difficult (at least for the layman) to secure WiFi access points; as a result, many access points are "open" and allows anyone to connect. Most home WiFi access point systems (or even enterprise units) do not keep logs that are sufficient to track usage. Note that WiFi security has a poor history - each fix has been easily cracked. It is only recently that it is even possible to set up WiFi securely, and it depends on interworking between particular brand and model of equipment. It is well beyond the knowledge and ability of the average consumer to secure a WiFi access point.
  • even for a machine that is not infected by malware, it is possible for a friend to have set up P2P (of whatever flavor) and left it running. The owner or some other friend may then unwittingly share content (to which they may or may not have rights).

    Fundamentally, it is very difficult to prove that a particular individual intentionlly shared files. It is somewhat easier to prove that a particular machine was sharing files - by forensic examination of the machine. Traditionally, investigating "anti-social" behaviour has oftern required mapping IP address to user but it is usually an early step in the investigation as opposed to the only step.

    Point 22 - pre-release availability on P2P. The have some many cases where the songd were hyped on P2P and, as least ancedotally, sales of CD were proportional to hype and not propertional to availablity.

    [ Reply to This | # ]

  • A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: PJP on Monday, July 02 2007 @ 08:10 PM EDT
    There are apparently quite a few people here with an imperfect understanding of
    how TCP/IP works.

    The telephone analogy is imperfect, but then so are the arguments about routers,
    network address translation and DHCP.

    Lets look at this in more detail and see how what is required to trace a P2P
    connection back to a specific machine.

    There are two types of IP address, routable and non-routable. Only routable
    addresses can directly communicate across the Internet. These are assigned in
    one of two ways, either statically - and ISP will assign an IP or number of IPs
    to a user, and the user will then use those addresses as he sees fit. These
    addresses are traceable to the user (or organization) to whom they were
    assigned. In this case it would be addresses assigned to the Boston University.

    The second method of assignment is dynamic, usually via DHCP. In this case a
    computer connecting to a network will broadcast a request for an address. The
    DHCP server will receive the request and allocate an address from a pool that it
    maintains. The assigned IP is valid for a specific period of time. This can vary
    from minutes to days or even weeks depending upon how the server is configured.


    Short validity times are typically assigned when it is expected that the system
    will normally only be connected for a short time, and that there are is a large
    turnover of connecting systems. A good example of this might be an airport
    lounge where users would typically connect to check e-mail then leave shortly
    afterwards to catch their plane. If long duration validity was used, the system
    could find itself with all of its pool of IP addresses assigned to laptops now
    on planes, and no addresses to assign to new users.

    Long validity times are typically used where there are a large number of
    relatively static machines. Examples might be desktop systems within a company
    or home users on a domestic ISP. With the very large number of systems, a short
    validity period would cause a large load on the DHCP servers, potentially
    leading to capacity problems.

    Now, on a DHCP network a malicious user could statically assign one of the IP
    addresses in the DHCP pool to his machine. Provided this was not being used by
    another machine the chances are high that this would work. It takes significant
    extra effort to ensure that only currently issued addresses can be routed onto
    the internet. Most domestic ISPs do not make this extra effort, and given the
    static nature of domestic ISP systems an IP used in this way could potentially
    be used for long periods (weeks/months) with no problem.

    Another scenario is that user A is assigned an IP address. It has a validity
    period of (say) 1 week. User A is known to shut down his machine when not in
    use. User B can determine if user A's machine is online with a simple 'ping'
    command. If user A is not online, user B can configure user A's IP statically
    and use it. Again, it is technically possible to ensure that a given IP can only
    be matched to a specific MAC (hardware) address, but the overhead of this is
    such that it is typically not done. Even if it were, it is possible to change
    the MAC address too. So user B could use both the MAC and IP of user A.

    To map one of these pool addresses to a specific user when using DHCP the log
    files of the DHCP server would be required. It would also be necessary to
    establish that the time and date set on the DHCP server matched the time and
    date of the observer making the trace. The DHCP server logs could match a given
    IP address to a specific MAC address to which it issued the IP. However, as we
    have seen, the IP can be obtained by other means, and MAC addresses can be
    spoofed. The DHCP logs are only definitive if:

    * Non issued/valid IP addresses are blocked.
    * IP and MAC must match else the IP is blocked.

    There is no way to determine if MAC address spoofing was used unless a
    username/password is required before an IP is issued. This then raises questions
    about the security of the encryption (if any) used for the login sequence.

    Thus, directly routeable IP addresses can be only be traced back to a specific
    machine at a specific time if unusual precautions are taken by the network.
    otherwise, an element of doubt exists since a reasonably competent individual
    could acquire an address either unissued, or issued to a different individual.

    On the topic of routers, they are used to route packets between networks. They
    typically DO NOT alter any of the address information. So when we are dealing
    with routable IP addresses the address in the packet will almost always be that
    of the originating system.

    This brings us to network address translation (NAT).
    There are a limited number of IP addresses. As a limited resource, they are
    relatively expensive to acquire. For this reason network address translation
    (NAT) was developed.

    NAT allows one (or a small number of) routeable address(es)to be mapped to a
    much larger number of non-routable addresses. Within an organization (or maybe
    even a home) every device has a non-routable address which is unique within that
    network, but may be re-used on any number of other networks. If packets with
    non-routable addresses are presented to the Internet they are recognized as
    invalid (there is, by definition, no way to determine a route to reply to shuch
    a packet) and dropped.

    NAT works by looking for a TCP connection initiation to an address on the
    Internet. It re-writes the packet to remove the non-routable IP address and
    replace it with a routable one, and potentially re-writes the originating port
    number with one it knows to be available. The port number and original
    (non-routable) IP and port are stored in a table with in the NAT device. When a
    packet arrives addressed to that port, NAT re-writes the packet destination with
    the internal (non-routable) address and port, and sends it on to the internal
    network to be delivered to the machine waiting to receive it.

    Although developped to allow mapping of many non-routable addresses to a smaller
    number of routeable ones, it is often used as a security measure since random
    incoming packets are rejected unless they match (IP, port, sequence number) the
    values of an established connection. Thus internal systems are protected against
    probing by external systems.

    If internal systems (with non-routable addresses) need to receive incoming
    connections, specific measures need to be taken at the NAT device to specify
    where to deliver incoming connections on a specific port.

    Because of this, setting up P2P systems on a system behind a NAT device is more
    difficult, since it requires specific configuration of the NAT device. The P2P
    system must also know the external (routable) IP address of the NAT device. This
    when a P2P system advertises itself, it specifies the (routable) IP and the port
    on which it can be contacted. the NAT device must be pre-configured to recognize
    incoming connections to that port and rewrite/forward them to the internal
    system.

    ISPs which issue non-routable (NATed) addresses will almost certainly refuse to
    to set up the appropriate mapping. This means that P2P systems almost invariably
    run either on systems with routable addresses, or on NATed systems where the
    owner of the P2P system has direct control of the NAT device to set up the
    appropriate mapping.

    Because of the amount of configuration required, a P2P system behind NAT device
    will almost invariably have a statically allocated routable IP for the NAT
    device.

    To determine the machine used for P2P when NAT is in use, we have first to
    determine the routable IP and the machine using it. This is already problematic
    as we have seen previously. Beyond that, we need a copy of the NAT configuration
    (port forwarding) which was in force at the time of the supposed infraction in
    order to identify a specific machine (again the internal, non-routeable
    addresses are subject to the same hijacking/spoofing potential as the
    external/routeable addresses.

    Where the routeable IP can be unequivocably linked to a specific NAT device, if
    that NAT device fronts systems all owned by the same person, it may be
    reasonable to assume that that person has some responsibility.

    If the NAT device has a statically allocated IP, and is permanently powered on,
    it would be difficult to see how its owner could deny any responsibility.

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: pajamian on Monday, July 02 2007 @ 08:21 PM EDT

    12. ... the unique IP address of the computer offering the files for distribution can be captured by another user during a search or a file transfer. Users of P2P networks can be identified by their IP addresses because each computer or network device (such as a router) that connects to a P2P network must have a unique IP address within the Internet to deliver files from one computer or network device to another. Two computers cannot effectively function if they are connected to the Internet with the same IP address at the same time.

    This is not true. Two or more computers can function on the internet simultaneously under the same IP address if they are behind what is commonly known as a NAT (which stands for Network Address Translation) router. As an example I have several computers on my home network all connecting to the internet with the same IP and they can all be doing different things on the internet at once. It is even possible, via the use of a VPN (Virtual Private Network) or a proxy server or some sort of tunneling protocol (such as SSH) for computers to share the same IP address even though they are physically distant from each other (they could be on opposite ends of the world). There are even some ISPs (such as AOL) that use a group of proxy servers and run the traffic of several users through one out of many proxy servers such that hundreds of users all located in different parts of the world may share the same IP address at a given point in time.

    This is analogous to the telephone system where each location has a unique number. For example, in a particular home, there may be three or four different telephones, but only one call can be placed at a time to or from that home.

    This is a bad analogy as the point he is trying to make is false.

    Each computer or network device is connected to a network that is administered by an organization like a business, ISP, college, or university. Each network, in turn, is analogous to an area code.

    While it is easily recognizable when looking at a telephone number which portion is the area code, which is the exchange code and which is the individual's telephone number, this is not the case for IP addresses. a 32 bit IP address may be broken down into any number of nets and subnets and may be divided on any bit number. It takes someone with a fair amount of knowledge to understand which portion of an IP address corresponds to what part of the network.

    The above analogy also breaks down in that telephone numbers are static in that once assigned a telephone number you keep that number until you cancel the account. IP addresses, while they can share this static property, may also be dynamic and can change from one user to another over a period of seconds, days or months.

    The network provider maintains a log of IP address allocations.

    There is no technical requirement for a network provider to maintain such a log and while many or possibly even most do, I highly doubt that all network providers maintain such logs. Even among those who do, the life of the log may be relatively short, in the order of days.

    An IP address can be associated with an organization like an ISP, business, college or university, and that organization can identify the P2P network user associated with the specified IP address.

    There are many factors which make this method of identifying users less than fully reliable. The logs (if they exist at all) may not be accurate, computers that log the data could be out of sync timewise, the time reported for an alleged offense could be wrong, or out of sync with the network provider's time, human error could cause the wrong record to be fetched. There have almost certainly been cases in the past where the wrong user has been identified by this process (none have as far as I know been proven because the RIAA always drops the case before it gets to that point).

    16. The RIAA frequently has used the subpoena processes of Federal Rule of Civil Procedure 45 and the Digital Millenium Copyright Act ("DMCA") to obtain the names of infringers from ISPs. The RIAA typically has included in their subpoenas to ISPs an IP address and on which through its agent MediaSentry observed use of the IP address and a date and time on which the RIAA, through its agent, MediaSentry, observed use of the IP address in connection with allegedly infringing activity. In some instances, providing the IP address alone to the ISP has been enough to enable the ISP to identify the infringer. Providing the date and time further assists some ISPs in identifying infringers, especially ISPs that use "dynamic IP addressing" such that a single computer may be assigned different IP addresses at different times, including, for example, each time it logs into the Internet. 1

    Once provided with the IP address, plus the date and time of the infringing activity, the infringer's ISP quickly and easily can identify the computer from which the infringement occurred (and the name and address of the subscriber that controls that computer), sometimes within matter of minutes.

    This is all contingent on, (1) the ISP maintaining accurate records, (2) MediaSentry maintaining accurate records, (3) timestamps being accurate and in sync, (4) no human error. If any of the above fail then the wrong user could be identified by the ISP. Even then, only the account holder can be identified. There are many cases where the person who is using the P2P service might not be the account holder, such as:

    • A second user who shares the same account.
    • A wireless access point that is unsecured and is being used surreptitiously
    • A secured wireless access point that was successfully hacked into anyways
    • Spyware or other malware on one or more of the end user's computers causing it to be used remotely by a third party without that user's knowledge
    • Hijacking of the users account such that another remote user connects directly to the ISP with the user's account access data unbeknown to the user or the ISP

    ---
    Windows is a bonfire, Linux is the sun. Linux only looks smaller if you lack perspective.

    [ Reply to This | # ]

    Piracy?
    Authored by: vonbrand on Monday, July 02 2007 @ 08:30 PM EDT

    AFAIU, "piracy" is not the same as illegal copying, so this is whole is legal nonsense.

    [ Reply to This | # ]

    A NAT box. . .
    Authored by: Anonymous on Monday, July 02 2007 @ 08:32 PM EDT
    I have five PC's hooked to a NAT box via a 10/100 switch. Each PC on the
    internal network has its own *non-routable* IP address.

    The NAT box has, naturally, two NICs. One NIC with a *non-routable* IP address
    and one NIC with a public IP address.

    Between (it's the only way I know how to say it) the two NICs is a software
    firewall (Firestarter).

    All five use the Internet at the same time for a variety of purposes, on a daily
    basis.

    Due to the way a NAT works, no *unsolicited* inbound traffic can get past the
    public IP NIC and into the internal network.

    The RIAA's mouthpiece statement about only one box at a time can access the
    network via a single IP (or however he/she/it worded it) is, at a minimum, sheer
    folly.

    krp

    [ Reply to This | # ]

    TIME!
    Authored by: whoever57 on Monday, July 02 2007 @ 08:40 PM EDT
    There is no mention of what procedures Media Sentry has to ensure that its logs have the correct time and that there was no confusion on time zones. Remember the case of the school kid who spent time in juvie until it was discovered that the clocks at the school had not been changed for the summer time change?

    [ Reply to This | # ]

    To reiterate a point made above: The existance of "hotspots" disproves ISP address == user
    Authored by: PTrenholme on Monday, July 02 2007 @ 08:58 PM EDT

    For example, the public library here in Boulder, Colorado provides four or five free Internet connection "hotspots" for anyone who brings a computer to the library. Each "hotspot" (PAT-2 ... PAT-7, if I recall correctly) can handle scores of "users" with an IP address assigned dynamically by the "hotspot" when the user connects. That address is, of course, assigned to that specific computer when it's connected to the library's network, and the name associated with the assigned IP address is the "name" the user chose to use for their computer when they configured the computer or the connection. In any case, the library has no record of which computer user was using any specific system name at any specific time nor do the library's systems enforce any policy that would preclude having more than one computer with the same "name" connected to the network at the same time. So, even if they kept records of the names of the computers connected to the network, and the IP addresses assigned to that name (and, I believe that, in fact, they do not keep such records) there is no possibility of mapping a "computer name" to a specific computer user.

    P.S.: No library card is required to use the Internet from the library's access points.

    P.P.S: I think, but have never tried it, that one can connect to the library's access points from the park outside the library.

    In other words, these assertions in the declaration are complete rubbish.

    ---
    IANAL, just a retired statistician

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Anonymous on Monday, July 02 2007 @ 09:07 PM EDT
    Hey- Same deal another issue. Just like the last time Media Sentry had an
    *expert* testify, no dice unless they have a MAC address. Also, no evidence said
    MAC address (if they even had one) was not being spoofed, no evidence of butt
    being in seat in front of computer or network device (palm top, lap top, etc)
    being in hand. Could be anyone.

    Wikipedia article on IP spoofing
    http://en.wikipedia.org/wiki/IP_spoofing

    **The basic protocol for sending data over the Internet and many other computer
    networks is the Internet Protocol ("IP"). The header of each IP packet
    contains, among other things, the numerical source and destination address of
    the packet. The source address is normally the address that the packet was sent
    from. By forging the header so it contains a different address, an attacker can
    make it appear that the packet was sent by a different machine. The machine that
    receives spoofed packets will send response back to the forged source address,
    which means that this technique is mainly used when the attacker does not care
    about response or the attacker has some way of guessing the response.

    In certain cases, it might be possible for the attacker to see or redirect the
    response to his own machine. The most usual case is when the attacker is
    spoofing an address on the same LAN.**

    Please make these useless goons go away.

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Anonymous on Monday, July 02 2007 @ 09:15 PM EDT
    11. In order to assist its members in combating copyright piracy, the RIAA retained a third-party investigator, MediaSentry, Inc. ("MediaSentry"), to conduct searches of the Internet, as well as file-copying services, for infringing copies of sound recordings
    How does this read factoring in the countersuit claim from Anderson vs Mediasentry (and friends) in which it is claimed Mediasentry is acting as an investigator without proper licensing in the venue of action? Can you argue that Mr. Linares knowingly (as a result of the other case at least) presented inadmissable evidence? (this would both exclude this witness and the Mediasentry evidence if sucessful) Just a thought Jen

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Anonymous on Monday, July 02 2007 @ 09:24 PM EDT
    Oh yeah - and one more thing - this stuff about 'packet sniffing'?

    http://www.donationcoder.com/Software/Mouser/urlsnooper/

    Url snooper is a neato little piece of sharware that enables you to sniff your
    own packets. It uses:

    http://www.winpcap.org/

    to enable you to sniff your own traffic, and translate it. Why people use this
    is to get links to video off sites that are blocking, or masking addresses with
    java, redirects, etc. Sites that feature streaming content (like youtube).

    Pop those guys a mail. Both of those appliances have active user communities.
    The thing about url snooper is that it *always* lists your specific network
    device. It has to, or else it won't work. You have to *have* a sniffable network
    chip/card in your box/device in order for the thing to configure itself.
    Detailed data - like manufacturer, firmware version - all that stuff is listed
    by ths prog.

    As Media sentry if they have anything even remotely similar to this.

    [ Reply to This | # ]

    Doesn't a lot of law depend upon precise definitions?
    Authored by: Anonymous on Monday, July 02 2007 @ 09:34 PM EDT
    And, thus, If definitions are important in legal circles, isn't there likely to
    be a legally defining meaning of the word "piracy"?

    Isn't that definition likely to involve swabbies, deck apes, navies, drinking
    rum, smoking cigars, and pillaging ocean transport, rather than copying data, in
    some cases perhaps against civil (or even criminal) law?

    Wouldn't calling up the real definition of Piracy in court documents be at least
    a little embarrassing to the lawyers and publicists employed by RIAA?

    Just a thought. I noticed that definitions seem to be important in other issues
    covered here on GL.

    JR without my password...

    [ Reply to This | # ]

    Qustion for the Lawyer:
    Authored by: bigbert on Monday, July 02 2007 @ 09:38 PM EDT
    The police observe a known criminal delivering narcotics at 123 Main street.
    There are five people living at that address. Can they arrest all five without
    any further evidence?

    Same thing.

    ---
    --------------------------
    Surfo, ergo sum.

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Steve Martin on Monday, July 02 2007 @ 09:41 PM EDT

    "2. As Vice President, Anti-Piracy Legal Affairs, I am responsible for evaluating and contributing to online strategies for the RIAA, including oversight of the investigations into online infringement of copyrighted sound recordings. As such, this Declaration is based on my personal knowledge, and if called upon to do so, I would be prepared to testify as to its truth and accuracy."

    Perhaps I missed something, not being a lawyer and all, but didn't he already testify as to its truth and accuracy, by affirming at the bottom "I declare under penalty of perjury under the laws of the United States that the foregoing is true and correct"??

    (Not a major point, but it's one that caught my attention right off the bat.)

    ---
    "When I say something, I put my name next to it." -- Isaac Jaffee, "Sports Night"

    [ Reply to This | # ]

    One At A Time
    Authored by: Steve Martin on Monday, July 02 2007 @ 09:57 PM EDT

    8. The major record companies generally have not authorized their copyrighted sound recordings to be copied or distributed in unsecured formats by means of P2P networks. Thus, the vast majority of the content that is copied and distributed on P2P networks is unauthorized by the copyright owner — that is, the distribution violates the copyright laws.
    This is a non sequitur. This presupposes that the "vast majority of the content that is copied and distributed on P2P networks" is in fact the record companies' "copyrighted sound recordings". There is no foundation for this supposition. The declarant has presented no factual basis supporting his assertion.

    ---
    "When I say something, I put my name next to it." -- Isaac Jaffee, "Sports Night"

    [ Reply to This | # ]

    DHCP log falacy
    Authored by: Anonymous on Monday, July 02 2007 @ 10:08 PM EDT
    A DHCP server's log cannot for certain say that a specific MAC address was using
    a certain IP. The log can certainly list assignment and renewals of IP leases
    to certain MAC addresses, but all "releases" of leases are not
    recorded. For example, a computer may connect to its service provider, request
    an IP address via DHCP, and be granted one, which it subsequently starts using.
    It may later become disconnected without telling the DHCP server that it is
    releasing the lease. Another machine on the network can then (unless certain
    measures are in place, like preventing a MAC address not associated with that IP
    via DHCP lease from communicating over the network) use that IP with no
    difficulty until the IP is reassigned. The time which an IP is reassigned may
    be a CONSIDERABLE time after the lease would have expired.

    Simply stated: A DHCP log does NOT identify the MAC address using the IP, with
    the SOLE EXCEPTION of the DHCP Request/ACK/NAK/etc communications interchange.
    The log ONLY lists the MAC addressed ASSIGNED that IP... not the one using it.

    -- signed, a Computer Engineer in law school (mostly because of Groklaw)

    [ Reply to This | # ]

    Specificity!
    Authored by: gdeinsta on Monday, July 02 2007 @ 10:33 PM EDT
    19. The RIAA also has collected for each Defendant a list of the files each Defendant has made available for distribution to the public. These lists often show thousands of files, many of which are sound recording (MP3) files that are owned by, or exclusively licensed to, Plaintiffs. Because of the voluminous nature of the lists, and in an effort not to overburden the Court with paper, I have not attached to this Declaration those lists. Such lists will be made available to the Court upon request. Exhibit A to the Complaint includes the username of the infringer if that was available, the identification number assigned by MediaSentry for that Defendant, and the number of audio files that were being shared by Defendant at the time that the RIAA's agent, MediaSentry, observed the infringing activity.

    So they have not provided the judge with the contents of any of the files, not even the ones they claim to have listened to. (CDROMS are not used by lawyers apparently.) And they have not provided the judge with enough information to identify the allegedly infringed works, for example copyright registration numbers. Never mind any evidence that RIAA members own those copyrights.

    Why does this all seem so familiar?

    [ Reply to This | # ]

    IP Address -> Infringer
    Authored by: urzumph on Monday, July 02 2007 @ 10:37 PM EDT

    Perhaps not lying per say, but very, very misleading.

    Once provided with the IP address, plus the date and time of the infringing activity, the infringer's ISP quickly and easily can identify the computer from which the infringement occurred (and the name and address of the subscriber that controls that computer), sometimes within matter of minutes.

    If the ISP keeps logs, it can identify the subscriber from which the transmission appears to originate

    Anything which alters the IP address of the traffic will change who the traffic appears to originate from. This is a very long list, including VPNs, Routers/NAT devices (including some Wifi access points), Proxies or anonymity systems like Tor.

    The owner might not even know they have a proxy/anonymity system in place if it was installed by a virus/trojan.

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Anonymous on Monday, July 02 2007 @ 10:41 PM EDT
    Even if the lease has expired the computer may still be able to communicate on
    the network using that address if the DHCP server has not handed out that
    address to another computer.

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Anonymous on Monday, July 02 2007 @ 10:42 PM EDT
    Ok I am feeling pissy. Go ahead and use this deconstruction.

    point 9: Can this be quantified? Accurately? The data that I am aware of
    shows *precisely* the opposite affect, in that music companies *gain* customers
    as a result of easier access to product. There may be a perfectly valid
    business reason why the media companies are losing money. Crappy product comes
    to mind.

    point 12: IP addresses do *NOT* need to be unique. You will see some strange
    effects on responses, due to ARP (mapping of ip addresses to hardware MAC
    addresses). IP addresses may be masqueraded behind a firewall/router. This
    could let one of several users send packets out, with an IP address indicating
    the *ROUTER* and not the end users *PC*. More to the point, if you have several
    users behind the router, it is possible that any one of them may be using the
    service. Even more specifically, if one of the machines behind the router has
    been infected by a bot/malware system, it could be acting as a proxy for other
    users, not behind the firewall, leveraging the firewall effectively as a
    "cutout". Similarly for a Wifi connection. All you need is a single
    laptop set up to route packets behind the router, and a point to point network,
    and then you have no possible way to tell where the end user is, other than they
    must be within ~50 meters of the system. Assuming that a mesh net does not
    exist behind the firewall, in which case you get routing from point to point,
    and significant distance. Or a TOR system, which could also convey packets from
    far away, to be re-emitted through the router. Put another way, IP address
    tells you of a possible end point. Not a unique computer/user. Their
    supposition is incorrect. Anything built upon this (most of their efforts) are
    in fact inaccurate at best. C.f. suing grannies who never owned a PC.

    point 14: as IP's are not unique, one-to-one and onto mappings to users,
    logging IPs is of *dubious* value at best.

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Anonymous on Monday, July 02 2007 @ 10:43 PM EDT
    A solution? Ideally, if you could use the Creative Commons License with the
    standardized "digital Meta-Data or machine readable code" see
    http://www.creativecommons.org - and use it for each and every copyrighted
    "digital" work, then the DMCA protection of the Meta-Data code would
    be good, as the DMCA then prevents a change to the Metadata part of the Creative
    Commons Licensed works! Yep - The DMCA could still protect the Creative Commons
    digital work (no need for DRM). The DMCA would prevent the change or removal of
    this Creative Commons Metadata code...! The media content creators could then
    make use of a Creative Commons License (with Meta-data tags/code) that could
    then be machine readable, meaning searchable, AND the content creators could
    then also use the search or filter technology to track or filter the meta-data
    attached content.. IF, it were to travel on the internet as and exceed
    "fair use" limits. ISPs could monitor this traffic and report the
    "commercial only metadata" traffic that is above "fair use"
    quota (?) to a central reporting database where the creator could then thru a
    pseudonym email address (hides ISP provided email address that is real, and
    forwards the email meant for the pseudonym address to the real address) notify
    the INTERNET IP address of the potential for "fair use"violation. A
    series of warnings could proceed the actual reporting of violations directly to
    the content creator. Users would like this better than having a army of RIAA or
    Movie Industry lawyers appear at the door when their kids are downloading who
    knows what? Content Creators could still have financial interests protected!
    Peer to Peer networks could be set up to filtering and audit guidelines, or fair
    use quotas, that are enforcable by the Creative Commons Meta-Data transfer AUDIT
    process (easy to do)! No DRM needed! And no user lockin to technologies that
    prevent proper and legal fair use to happen with legally acquired content. DMCA
    protection of DRM or encrypted content is only going to cause problems by
    restricting access to fair use of content by legal users (and the ability to
    move the content to a format that is usable by the users "machine" or
    software of choice)! A Creative Commons Licensed Meta-data tag would never be
    harmful to users and it would protect the financial interests of the creator!

    View – Library of Congress's CPAN “Digital Future” series
    http://www.c-span.org/congress/digitalfuture.asp
    and view the the segment by Lawrence Lessig, and pay attention when at the end
    when a lawyer brings up a question... in the Q&A. Lawrence Lessig has
    already proposed a solution. The RIAA lawyers might not be telling their client
    about this solution... as then the money they are making working for the RIAA
    would dry up.

    If the industry would just adopt Creative Commons, then they could have a
    solution that would work nicely.

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Anonymous on Monday, July 02 2007 @ 10:44 PM EDT
    Another issue just popped into my head. If you consider what kids in college
    are using these days for computers, I think you will find many of them are
    laptops. We all know laptops are portable. We all know kids take their stuff
    to other kids rooms and do things. So just the fact that you can identify the
    internet port in some students room does not tell you which students were in the
    room at the time, nor which laptop or laptops may have been connected to the
    port at the time.

    Kids know about routers. Unless there is some method in place at the school to
    prevent it, they will take some laptops into someones room, hook them up to the
    internet through a router, and have an all night LAN party. Now try and figure
    out which computer did what behind the router.

    [ Reply to This | # ]

    Chain and reliability of evidence
    Authored by: Anonymous on Monday, July 02 2007 @ 10:46 PM EDT
    If I were defending myself in this type of action the first thing I would want
    to see would be the source code for the ISP's DHCP server, login servers if any
    (PPPOE, etc), and all applicable routers, especially the logging routines. Just
    because an ISP says that customer X was using a specific IP address at a certain
    date and time doesn't mean that it is so.

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: nuthead on Monday, July 02 2007 @ 10:58 PM EDT
    First, if MediaSentry is downloading the allegedly infringing material, then
    THEY are engaging in copyright infringment, are they not? Second, if they have
    some sort of empowerment from the RIAA to download the songs, what are their
    credentials? Are they licensed to do that sort of investigation? Trained to do
    it? Who verifies what they turn over? How hard would it be for MediaSentry to
    lie about what they uncover? How can the RIAA prove MediaSentry didn't just
    "create" or even "help" the evidence along?

    Maybe attacking the chain of evidence, the training and empowerment of
    MediaSentry, their methods, etc. might help out. Also, can a copyright holder
    legally give permission for someone to illegally infringe on those copyrights?
    And if they can, and do, would that protection extend to the other party? Is it
    illegal to share copyrighted works with a party (MediaSentry) that is legally
    allowed to share those files? Maybe going over the MediaSentry contract and
    permissions might prove useful.

    Sorry for rambling, hope this helps. ;)

    [ Reply to This | # ]

    Bridging makes spoofing possible
    Authored by: Anonymous on Monday, July 02 2007 @ 11:15 PM EDT
    Others have pointed out that NAT allows mutiple computers to share a single IP
    address. Anyone can share the IP number assigned to them by setting up a
    NAT-ting router of some sort. And there is also already mention of spoofed MAC
    addresses. As far as I can tell nobody has mentioned bridged networks.

    Many, I'd like to say most but don't know for sure, ISPs do not assign and route
    particular IP addresses to particular customers. Instead, ISPs have entire
    networks from which they hand out IP numbers to customers. This is known as
    bridgeing. The distinction is subtle but important.

    When IP addresses are routed, the ISP is responsible for sending a customer only
    those IP addresses assigned to the customer. Bridged networks work differently.
    The definition of a network is, more or less, that all the packets go
    everywhere in the network. (Switches have "broken" this model, but
    can themselves be convinced to send packets anywhere via MAC address spoofing,
    breaking into the switch, or other means beyond the scope of this note.) When
    an ISP bridges, any customer can see the traffic of, and most significantly,
    impersonate the traffic for, any other customer on the same network. Usually
    the networks are "class C networks" consisting of 255 contiguous IP
    addresses.

    Thus, on a bridged network one customer can use the IP address assigned to
    another. This can be either very easy or relatively complicated depending on
    the equipment involved. I can't say just how easy it is in the typical case,
    but it's always possible or else the network would not be bridged, it'd be
    routed.

    Regards,

    Karl O. Pinc kop at meme com

    [ Reply to This | # ]

    • Paragraph 12 - Authored by: Anonymous on Monday, July 02 2007 @ 11:17 PM EDT
    Examining what files are being offered?
    Authored by: mobrien_12 on Monday, July 02 2007 @ 11:15 PM EDT
    "A search can be as simple as logging onto a P2P network and examining what
    files are being offered to others logged onto the network."

    They need to be called on this.

    The RIAA and MPAA have been known to send faulty DMCA takedown notices from
    their bots. Essentially, they find a file with a name somewhat similar to
    something they own a copyright on, and have their bots send a takedown notice,
    without checking exactly what the content was.

    I would suggest asking the MPAA how many times they have sent faulty takedown
    notices, and exactly what steps they take to make sure they have a legitimate
    claim on these "files."

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Anonymous on Monday, July 02 2007 @ 11:17 PM EDT
    You know, it would be trivial to set up a courtroom demonstration of the flaws
    here. In the courtroom, take a simple, of the shelf, consumer router. Wireless
    would be better, but not strictly needed for this demonstration. Two computers
    (you can't tell me there aren't two suitable computers in a courtroom!).
    Connect the two computers to the router, connect the router to the internet, and
    have mediasentry prove which computer is the one sharing. You wouldn't
    necessarily need a real internet connection, though you'd need at least two
    routers.

    An alternative approach, though probably best used if the defendants are
    actually using the "anonymous hacker" defense would be to set up the
    router and have another computer outside the courtroom breach the security to
    demonstrate how easy it really is. this would not require internet connection
    or mediasentry's participation, which may be difficult to get.

    I'm sure there would be no shortage of qualified volunteers to run such a
    demonstration in any given area; this demonstration could reduce the impact of
    the assertions by proving that while they "may" be true, as Obi-Wan
    Kenobi says "from a certain point of view" (hey, maybe that's SCO's
    problem.."we're not lying, exactly your honor, we just need you to see
    things from our point of view...")... sorry I digress.... while the
    assertions "may" be true from a certain point of view, they are not
    all necessarily universally true (this has been pointed out and commented upon
    previously so I won't further restate those here.)

    The fundamental point would be to prove a plausible alternative that an average
    person with no particular technical expertise could put together. From there,
    you could springboard to the more technical, deliberate hack types of things
    that people who wish to remain anonymous employ, the "IP Spoofing" and
    such that are possible without a degree in computer science. A demonstration of
    this could also be set up, but would be more difficult in a courtroom.

    There's also more advanced techniques that could be employed , techniques that
    could even fool the ISP logs, for example, but those begin to get to the realm
    of requiring specialized training or tools not generally available, which tends
    to make them a lot less plausible to the average person. I think the idea hear
    should be to make it obvious that it isn't difficult to fool or confuse
    medisentry's system.

    m2cw

    [ Reply to This | # ]

    Best Evidence
    Authored by: Anonymous on Monday, July 02 2007 @ 11:18 PM EDT
    This is all moot if I'm wrong about the MAC address always being contained
    within the sent packet transmission. If I am wrong, please correct me.

    It is my understanding that the law usually requires "best evidence" -
    I am not a lawyer. And I am going to assume that these people ARE distributing
    copyrighted music illegally.

    It just seems to me that if the RIAA wants to PROVE that a particular computer
    is sharing these files they say they downloaded, wouldn't best evidence require
    a sniffer trace?

    The reason I say this - isn't the MAC address of the network card the computer
    is using at the time of the infringement located within every transmitted IP
    packet? This would be a hell-of-a-lot more reliable than the hit and miss of
    using an IP address. Granted, you need to identify the IP address of the
    infringer in order to identify the possible infringer. But without the MAC
    address of the network card to tie to the IP address in the transmission the
    data is useless.

    To put it in Star Trek terms - even an encoded Starfleet message is no good
    unless a Starfleet ID is included in the background of the transmission.

    Only junior level technicians can say that directory listings tied to IP
    addresses are sufficient proof of infringement. I've never seen the RIAA attempt
    to use logs off of the captured computer hard drive to prove that the infringing
    computer actually had that IP address at the infringing time. And I've never
    seen them attempt to link the MAC address to an identification of the offending
    computer.

    [ Reply to This | # ]

    The telephone analogy
    Authored by: Anonymous on Monday, July 02 2007 @ 11:36 PM EDT
    "Two computers cannot effectively function if they are connected to the
    Internet with the same IP address at the same time."

    The flaw in this statement can be easily explained by the telephone analogy that
    follows it in the next sentence of the declaration:

    "This is analogous to the telephone system where each location has a unique
    number. For example, in a particular home, there may be three or four different
    telephones, but only one call can be placed at a time to or from that
    home."

    A business PBX can receive many calls to one main business number and route each
    to a different extension telephone. There can be many calls going on
    simultaneously, all under the one business central phone number. Yes, it is true
    that a business phone system can be set up to give everyone their own direct
    dial number. Computer networks at a site can be set up like that, each computer
    having its own externally visible uniqe ip address. But it is also possible for
    phone extensions to be internal only, and NAT causes a similar setup for
    computers in which they have local private ip addresses and all of them share
    one public external ip address on the Internet.

    One big difference between telephone PBXs and computer networks is that setting
    something like that up for computers requires only a small inexpensive
    router/firewall box or WiFi access point which is commonly used when people at a
    residence want to share a single ISP account amongst several computers. That is
    similar to the analogy with three or four phones in a home, except, in flat
    contradiction to the above statement in the declaration, more than one
    "call" can be placed to and from that home.

    The important point here is that the IP address does not identify which computer
    was being used or who was using the computer, and does not indicate whether
    there were multiple computers sharing that IP address at different points in
    time.

    I don't know if this would help or hurt the defendant's case, but the
    information that they want to subpoena could point to one person or could point
    to multiple people, and the RIAA could not know which until they identified what
    account the ip address is associated with and found out just who used that
    account on what computers, including the possibility of visitors and hacked
    machines taken over by outsiders. Are they able to get such a subpoena on the
    possibility that it might get them useful evidence, even though it might only
    bring in innocent people?

    [ Reply to This | # ]

    Alternate Logic
    Authored by: Anonymous on Monday, July 02 2007 @ 11:44 PM EDT
    Alternate logic, but flawed in some cases:

    1) My music collection is stored on a stack of CD.

    2) I live in a dorm on a college campus.

    3) We have a very honest and trustworthy group of people living in this dorm,
    well, to the extent that anyone not returning some thing that was borrowed
    excludes themselves form any social life in the dorm. (perhaps a childless
    future, also)

    4) The CD's are borrow and returned. Some people like my taste in music, others
    have a limited acceptance, the rest think I've waste of media.

    5) How would RIAA know whether the music a computer came from a download, or
    from a CD?

    5a) do they have a court order for the wire tap?

    6) [kicking a dead horse] none of the members of RIAA went to college, they
    never borrowed anyone else's music collection, they never made copies of any of
    the music they borrowed.

    -wb-

    [ Reply to This | # ]

    A non-lawyer's 2 cents
    Authored by: WCTU on Tuesday, July 03 2007 @ 12:41 AM EDT
    From reading Groklaw for some time, I seriously doubt that this 'document' could
    be taken as anything more than one man's opinion. And that opinion seems to
    consist, mostly, of the idea that he sees the conditions for infringement
    present, so there must be infringement. He just needs a warrant to examine the
    contents of everyone's computer/home/whathaveyou to make sure he gets the right
    people.

    My only technical criticism of this is the IP address explanation, which may
    have been somewhat true 10 years ago but today, with home and small office
    networks common (what I do for a living), pinpointing a specific computer and a
    specific person would be very hard indeed.

    What the RIAA is doing is hoping the courts will grant them a fishing license so
    they can find someone, anyone, who might have a copyrighted work with no other
    way to prove they came to have it legally.

    Paragraph #6:

    How many of the files transferred are actually copyrighted works? What
    information is this based on? Does anyone/anything have the ability to know
    whether a file is a copyrighted work as it is being transferred? From personal
    experience, I know that BitTorrent is a system that can be used to download
    legitimate files, which is how I use it (Linux Distros).

    The internet facilitates the exchange of files; should this be banned? How is
    the figure "At any given moment, millions of people..." arrived at?

    Paragraph #8:

    How do they know what is being transferred over P2P networks? Again, is there a
    study or some data somewhere that gives a breakdown on what is being transferred
    via P2P networks? What is the "...vast majority.."?

    Paragraph #9:

    Has the scope of P2P networks or the number of files they transfer ever been
    accurately estimated? Same for revenue. Where are the figures and how were they
    arrived at?

    Paragraph #10:

    How do they know they are observing infringment? How do they know that a
    particular stream of packets going from one IP to another is a copyrighted work
    that they own being transferred illegally? If I see you walk out of Sears with
    a pairs of pants, does that mean I've witnessed a theft? How would I know this?
    I hate plastic bags and often refuse them, so I would be seen walking out the
    door with a pair of pants. But I have paid and have the receipt in my pocket.
    How does anyone know by only observing the internet traffic that a crime is
    being committed?

    Paragraph #11

    They can identify illegally offered works just by viewing a list? How do they
    know that the file "Blue Xmas" by Porky Pig is actually that
    copyrighted work and that it is offered illegally?

    Paragraph #12

    The computer I'm using right now has the IP 192.168.10.10. Since 192.168.xxx.xxx
    is a commonly used private network IP range, I'd hazard a guess that there are a
    lot of computers on the internet at any given time that have the identical IP.
    The IP address explanation is poor at best. Is the man certified in any
    discipline? Even A+?

    Paragraph #13

    How does MediaSentry detect actual infirngment?

    Paragraph #14

    MediaSentry downloaded a file, so they have used the P2P network and they can
    examine that file and tell if it is a copyrighted work or not. How do they tell
    if the traffic from that site to another IP address is also transferring
    copyrighted work?

    Paragraph #20

    Is this a supposition or a fact or what, and how is it backed up?

    Paragraph #21

    Where is the data/study that shows economic damage? Does anyone KNOW what the
    damage is, per song or per 'infringer'? Sears can show, thru tracking
    inventory, damage and sales data, a fairly accurate financial picture as it
    relates to shoplifting. Where are the RIAA figures and how were they compiled?

    Paragraph #22

    If pants are missing from the Levi factory, does it make any sense to target
    everyone who sells Levi's? Should the police investigate at the factory or
    should they stop anyone wearing jeans and make them prove they got them
    legally?

    Paragraph #23

    It would also seem that they had no way of knowing that a crime had been
    committed; that the only way to find out would be to search their belongings
    prior to charging them. Seems to be a bit backward to me, given our justice
    system.

    Tom

    [ Reply to This | # ]

    RIAA admits that P-P users have no relationship?
    Authored by: Anonymous on Tuesday, July 03 2007 @ 12:51 AM EDT
    If the case isn't made that they are sharing the files with each other, then
    there truly isn't a relationship between the defendants and the cases should be
    separated.

    Also, any expert that claims you can identify a person via IP address is not an
    expert.

    The IP address could be:
    1) A router
    2) A proxy
    3) Shared machine.
    4) Any combination of the above.

    The actual source of a message could also be from a wireless connection making
    the identification of the source even tougher.

    For example, I and my family have over 12 machines connected via a proxy to the
    internet. At best you could tell a message passed through my house. I also
    have 3 wireless hubs that in theory would allow a 3rd party to access the
    internet.

    [ Reply to This | # ]

    Point-by-Point Rebuttal
    Authored by: Anonymous on Tuesday, July 03 2007 @ 01:38 AM EDT
    I put the same thing on Slashdot, with a couple of naughtier words I censored
    for PJ (sorry if I missed any! the MAFIAA upsets me) but I'm worried it might
    be buried since I'm posting anonymously there due to MediaSentry DoSing my
    connection because they think I'm sharing a file I'm not just because I clicked
    a torrent I didn't want and deleted it before downloading a single byte.

    ==========

    9) "Can't be underestimated"? It can certainly be OVERestimated.

    11) MediaSentry, or SafeNet as they call themselves now, uses customized
    clients. Even if they use the same features of the client or protocol, they've
    clearly been tampered with in at least the case of BitTorrent where they appear
    to use modified versions of Azerus and LibTorrent, both open source. I know
    that others have looked into this and said that, for BitTorrent, you see ratio
    hackers (people who have "uploaded" far more data than is even
    possible) often sitting at 0%. They also spam the heck out of your connection,
    even if it's disconnected or you block them if your IP was ever once seen by
    them. They like to send batches of 10 connections in a single second, which is
    highly unnatural. This may well be part of a Denial of Service attack. They
    will NOT desist, even if blocked at the firewall and even if the connection is
    down for a long time. In DHCP situations, it is hard to believe they never end
    up attacking innocent people, although the connections won't do much harm unless
    there's a BitTorrent client to process them. They send the batches of
    connections every 30 minutes to 1 hour randomly according to my logs. I wish I
    knew more, but I don't have any idea how to capture and analyze whatever data
    they're sending me, I just block it. In any event, absolutely no normal BT
    clients do that, so it's pretty clearly nefarious and almost certainly intended
    as a DoS attack. The irony is, I think I know what started their attack and I'm
    not even a member of the BT swarm they want nor did I download what they're
    trying to protect.

    12) IPs are NOT unique. Look up NAT (Network Address Translation). Yeah, it
    can lead them back to an ISP who probably has records, but just how good are
    those? It's not like they establish any kind of chain of evidence. And the
    part about "two computers cannot effectively function"? That is
    COMPLETELY wrong! At work we have hundreds of computers on private subnets by
    plant, each one has a unique private IP in the private subnet, but if you look
    at us from the outside, all connections to the internet are through a single
    routable IP (not many are allowed internet access, mind you). That single IP is
    the ONLY thing they'd see from the outside unless the protocol embedded my
    non-routable IP (192.168.x.x) for some reason. Not that it'd do the least bit
    of good, because you can't route anything to it. Our gateway knows that IP, but
    there's no reason for anyone outside the WAN to care about it. Similarly,
    pretty much all WAPs (Wireless Access Points) do a similar thing. You get a
    private non-routable IP and the device itself has a routable IP from your ISP.
    Then many people can connect to the WAP and everyone appears to share the same
    non-routable IP. Yes, two computers on the *same* network cannot share an IP,
    but just how many 192.168.1.1s do you think are out there? The private ranges
    are VERY widely used, ESPECIALLY for anyone with a WAP. Around here, the cable
    company sells Linsys wireless routers to pretty much everyone who gets cable
    access and I can see almost 20 networks likely using the exact same setup.

    Also, they claim that the organization the IP is assigned to can trace it back
    to a single user. This is almost invariably false. They can give you the
    *subscriber* who pays them for the account. They almost never have evidence of
    which *person* was in control of that PC, let alone which *PC* was actually
    connected to them when it goes through NAT or any kind of gateway like the WAPs
    I discussed before. That's not at all a trivial distinction, they're trying to
    pull the wool over people's eyes with that one.

    13) Yeah, they can get IPs, I understand that. But especially on networks like
    Kazaa, I've heard many reports of "noise" killing DSL lines. That is,
    when the DHCP lease renews, they get the IP of someone who used to be sharing
    files, and they get lots of requests for those files even if they're not running
    any file sharing program at all. When the DHCP is renewed, the application
    probably doesn't know it happened at all (or doesn't care), so the old IP is in
    the peer lists, etc. Just because the application says that IP is (or was)
    sharing files is no reason to believe it. In addition, I'm of the understanding
    that they use hacked clients which may well misinterpret or misrepresent the
    network traffic. Unless you can identify specific files or pieces of a file
    that you got from one IP exclusively, I'm not really convinced. And even then,
    the source of the program used should be audited. It's probably some giant
    multi-threadded application given the scale on which they operate, and those are
    VERY non-trivial programs which could very easily present corrupt data even by
    accident. Sure, maybe they did everything right, but they should have to prove
    that. Especially when the networks they connect to are anything but infallible
    given the numerous reports of "noise" I've heard. I mean, when there
    are enough requests to *kill* someone's DSL for a while and enough reports of
    that, it doesn't appear to be uncommon.

    14) That's nice, but they need to ensure that the files are gotten from single
    sources, or that bits can be authenticated against a known file that's
    copyrighted by them. After all, I remember the story of an usher.mp3 that was
    Prof. Usher's lecture, not a song by a musician of the same name. Also, I have
    questions about their incomplete production of files in a few cases. That gives
    me the feeling that their operation is sloppy. And does that mean that those
    files were the *actual* ones they downloaded, or did they find an identical copy
    from elsewhere? Sure, it's the same file, but the file isn't the real evidence,
    because thousands of people have the same damn file. The *evidence* is that
    they downloaded it from such-and-such an IP. Anyone could look up the file
    hashes they list in evidence and provide a complete list of the files assuming
    anyone is still sharing them, even after the fact.

    15) Painstaking!? Hah! "Yup, those look like copyrighted files, let's
    listen to a couple, then send a letter to the ISP!" I can't imagine
    anything more thorough than that going on given the poor cases they've taken to
    trial elsewhere. Also, they claim to identify "individuals" but
    they're really establishing that the *IPs of certain computers* allegedly
    transmitted copyrighted materials without authorization because they don't get
    any information about "individuals" until after the John Doe suits.

    16) MOST IPs are dynamic. Yeah, in a FEW cases you have a static IP, but those
    are far and away in the minority (they cost extra, if your ISP even offers
    them... just price DSL sometime, and good luck getting them on cable at all...
    sure, you MIGHT keep getting the same IP a lot from your DHCP server, but that
    doesn't make it static). I note that they fail to mention how they violate FRCP
    45 by joining many unrelated cases, or the fact that they've been ordered not to
    do so again. IANAL, but I wouldn't miss this golden opportunity to dispute that
    they follow FRCP in my answer. Also, they claim the ISPs do this "quickly
    and easily" but this can be turned against them. The ISPs are simply
    handing over a subscriber name associated with that IP and timestamp, not
    verifying anything whatsoever (such as their clocks being correct, synchronized,
    or whether they've got the correct timezone, have DST set properly and properly
    PATCHED with the recent change, etc.). For billing purposes, they only really
    care who was connected for how long. I doubt they take great pains to make sure
    it's accurate for anything beyond that. Also, the ISP can't even identify the
    computer in the case of NAT, WAPs, etc. See response to 12.

    17) Errr, I thought they used only a FEW subpoenas against thousands of people
    by improperly joining the cases into single causes of action that they later
    drop and persue independently. Why no, I'm not going to quit mentioning that.
    I'd love to wave those Texas santions in front of their nose. Continually.
    Even if they don't matter legally in this case, I would very much like to rub
    their noses in it. Does it hurt to let the judge know that the other lawyers
    are slimeballs and that you can prove it? I find it interesting how they
    mention that Verizon conceeded that this. Did they really? Or did they think
    that you could file individual Doe suits? Because while IANAL, I have yet to
    hear of any legal authority upon which they can join unrelated cases in a cause
    of action they never intend to carry past discovery.

    18) How much is a "representative sample"? And how do they
    distinguish these files from the fakes they hire MediaSentry to pollute the
    networks with? Especially when some of their own fakes are supposed to be
    things like the first few minutes of the song, followed by horrible noises,
    swearing at the listener, etc.? They should be required to produce the copies
    actually downloaded from the ISP in question. No substitutions accepted
    whatsoever.

    20) How is it critical? Because money cures any injury, why does it have to be
    sooner rather than later? What's the rush?

    21) Further dissemination means further damages means more money they can
    collect. I mean, they can get thousands of dollars per song from litigation and
    what? A buck or two from iTunes? Twenty bucks from a CD? Well, that's retail,
    even they don't make that much from those.

    22) And such infringements are in the minority I should think.

    23) Well, they can't have non-expedited discovery? They can't allow any
    challenges? Where's the fire? The cases aren't going anywhere.

    24) This is hardly relevant. Once an ISP is served, they have a duty to
    preserve the evidence. Just what ISP is going to go delete the data and what on
    earth would they tell the court if they did? "Oops! Sorry, we deleted all
    the logs that showed me, err, someone downloading stuff!"?

    Well, maybe he believes all that crap to be correct, but I don't think so. I
    think he's full of it, personally!

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: grokker59 on Tuesday, July 03 2007 @ 01:55 AM EDT
    I'll try to post more tomorrow, but the declaration if made under oath can be
    impuned from just the first 10 paragraphs. There are so many factual errors
    stated by the declarant as 'first-hand facts' that if the first 10 paragraphs
    were picked apart, the rest of the document would be be in serious doubt before
    the technical analysis even begins.

    For example, the statement that "most P2P sites transfer copyrighted
    material is accurate in-and-of itself. ALL material is copyrighted by SOMEONE -
    open source software, images, lectures, PDF documents, etc. This does not make
    that material illegal.

    "3. The RIAA is a not-for-profit trade organization whose member record
    companies create, manufacture, and/or distribute approximately ninety percent of
    all legitimate sound recordings produced and sold in United States. The RIAA's
    member record companies comprise the most vibrant national music industry in the
    world. A critical part of the RIAA's mission is to assist its member companies
    in protecting their intellectual property in the United States and in fighting
    against online and other forms of piracy. All of the Plaintiffs in this action
    are members of the RIAA."

    For example, is this person a legal expert that can testify as to the source of
    his numbers and estimates for the '90%' of 'legitimate' sound recordings
    produced and sold in the US ? If so, what is the percentage of 'sound
    recordings' contained in motion pictures ? 'concert recordings ?' radio/tv
    shows that are re-sold as next-day downloads ? Pay-per-view ?

    "4. As part of that process, the RIAA, on behalf of its members, retains a
    variety of services from outside vendors to assist with its investigation of the
    unauthorized reproduction and distribution of copyrighted sound recordings
    online."

    This sounds like an admission to the RICO charges that the RIAA is actually a
    'front' for the recording industry and is using a common pool of lawyers and is
    making a business of these lawsuits. I say that poorly, but check the RICO
    counter-claims of Ms Anderson?? that have been in the news.

    para 5: Most of it is technically true and is background boilerplate with this
    one exception:
    "Unfortunately, the Internet also has afforded opportunities for the
    wide-scale piracy of copyrighted sound recordings and musical
    compositions." 1. Opportunities do not equal facts. Again what are the
    qualifications of this 'expert' witness ? If the RIAA is suing for ANY and ALL
    sound recording, we should find they own the copyrights - not the labels. If
    they do not own the copyrights as a seperate non-profit organization, do they
    have standing to sue ?

    para 6 is nothing more than supposition, bald statements and wishful thinking.
    There are no facts here, and he is pre-supposing the facts that he has to prove
    in this case. There is no evidence of support for most of the statements in
    this paragraph - especially "At any given moment, millions of people
    illegally use online media distribution systems to upload or download
    copyrighted material.". In fact, it's probably this statement that this
    entire case hinges on - the desired perception that there exist millions of
    'pirates'. But look at the statement closer: "online media distribution
    systems" could mean itunes or any on-line music store. "Illegally
    use" could mean 'to use for illegal purpose' or 'to use illegally'. Is he
    saying that the services like itunes are being used illegally ? Again - all
    material on the internet is copyrighted - check copyright law and the Berne
    convention.

    paragraph 7 is correct. There is nothing wrong or illegal with what P2P
    networks do. I see nothing wrong with using P2P neworks to download audio
    recordings - say the GPLv3 speech by Ebon Moglen recently - or any audio
    transcript of any court transcript or a speech or lecture by a prominent
    politician that took place somewhere else.

    paragraph 8: "8. The major record companies generally have not authorized
    their copyrighted sound recordings to be copied or distributed in unsecured
    formats by means of P2P networks." ==> and his point is ???... Perhaps
    the major record companies should not distribute their sound recordings outside
    the walls of their buildings... Other people HAVE authorized their 'sound
    recordings' to be distributed via P2P even if the major record labels have not.
    This could be phrased as a 'free speech' vs 'censorship' issue over the use of
    P2P as a form of communication dialogue.

    "Thus, the vast majority of the content that is copied and distributed on
    P2P networks is unauthorized the copyright owner -- that is, the distribution
    violates the copyright laws." ==> A conclusion totally without
    supporting evidence or any other factual backing.

    paragraph 9: "9. The scope of online piracy of copyrighted works cannot be
    underestimated." ==> but it CAN be over-estimated !

    "The RIAA member companies lose significant revenues on an annual basis due
    to the millions of unauthorized downloads and uploads of well-known recordings
    that are distributed on P2P networks by infringers who, in virtually all cases,
    have the ability to maintain their anonymity to all but the Internet Service
    Provider ("ISP") they use to supply them with access to the
    Internet." ==> several conclusions not proven: 1. the loss of revenues
    has never been shown to be due to piracy. That is simply the RIAA's assumption.
    Another explanation for falling sales is over-priced albums, poor product
    offerings, DRM that prevents consumers from effectively enjoying the music they
    do purchase or that destroys (or renders useless) the music that is purchased,
    thereby discouraging new purchases of DRM-infected content.

    Clearly, given the RIAA's inability to PROVE the user@keyboard relationship for
    file-sharing in past cases, even the ISPs cannot tell who is doing the file
    sharing (or even whether it's 'legal' filesharing) - remember Professor Usher
    that was the target of an RIAA case (mixed up with the group 'Usher') - remember
    the deceased computer users sued by the RIAA - those that don't even own a
    computer ? Another issue is that Plaintiffs have so polluted the file-sharing
    content that they may well be watching their own pollutants being downloaded
    instead of a true copyright infringement. The act of injecting the pollutants
    into the P2P networks constitutes their release of the pollutant files to be
    downloaded by others. Which are 'legal' pollutants and which files are
    'illegal' downloads ? I don't think it's possible to tell anymore by filename
    alone.

    paragraph 10: "10. The persons who commit infringements by using the P2P
    networks are, by and large, anonymous to Plaintiffs." ==> It's called
    'privacy' - get over it.

    "A person who logs on to a P2P network is free to use any alias (or
    computer name) whatsoever, without revealing his or her true identity to other
    users." ==> This concept is called 'privacy' - get over it.

    "Thus, Plaintiffs can observe the infringement occurring on the Internet,
    but do not know the true names or mailing addresses of those individuals who are
    committing the infringement." ==> Plaintiffs are not 'observing the
    infringement occurring on the Internet'. At best they are retroactively
    searching for evidence that a file of a given name MIGHT have once lived on a
    particular victim's hard disk. Their forensics is usually questionable, they
    have a habit of accusing the wrong people, and if they are monitoring the
    transactions between two arbitrary computers, they need a warrant for this
    obvious 'digital wiretap' operation they've got going. If it's not legal for
    the President of the US to authorize illegal wiretaps, where does the RIAA get
    its authority to do so ?

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: richardpitt on Tuesday, July 03 2007 @ 02:28 AM EDT
    IP addresses are unique!?

    Set up a demonstration:

    1 DHCP server

    2 firewall NAT routers (identical, out of the box)

    2 PCs - one behind each firewall/router

    start the systems

    ask the operator of each PC to identify their IP address

    PC-1 "192,168.1.100 your honor"

    PC-2 "192.168.1.100 your honor"

    hmmm... seems that they're the same

    Prosecution: "objection your honor - the routers each have different IP
    addresses"

    Defense council "Yes your honor, maybe they do - but they are not PCs and
    are not themselves sharing files - there can be over 150 different PCs 'behind'
    each router before their default tables run out of individual local IPs so there
    is no definitive public IP address for any of them - they share the single
    one.

    [ Reply to This | # ]

    I take issue with the mischaracterization of Bittorrent
    Authored by: Anonymous on Tuesday, July 03 2007 @ 02:37 AM EDT
    BT was originally designed and created to facilitate speedy transfer of large
    Linux distros. To simply dismiss it as attempting to fill the napster void of
    illegality, is misleading. It had entirely a different purpose.

    Just because I drive a car does not make me a DUI killer of families of 5.

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Anonymous on Tuesday, July 03 2007 @ 03:39 AM EDT
    Ok. Let's suppose that the relevant network works like Stanford's network,
    which assigns fixed IP addresses on a per-computer basis. (That's pretty much
    the best possible situation for the plaintiffs to have a point, I think.)

    First off, there's no enforcement of whether a computer is using the IP address
    that's been assigned to it. For instance, there were several times when I
    wanted to hook up a computer to the network that didn't have an account. So,
    what I did was tell it to use the IP address of a computer that was currently
    turned off. Not a problem.

    And, if that other computer got turned on -- still not a problem for me, but
    they'd have some (probably inexplicable) problems connecting to the network
    until I turned my computer off. This is why I always used IP addresses that
    belonged to computers I knew weren't in use, but there's no reason one would
    have to.

    Ok, so that's the IP address. What about a MAC address? Well ... so I used to
    use VMWare to run a virtual machine, on this network, too. In the config file
    for that virtual machine is a line where one specifies the MAC address for its
    virtual ethernet adaptor. You can set it to whatever you want -- it's just a
    line in a plain text file. The way I had my computer set up back when I was
    doing this (four or five years ago, but I'm sure it's still possible), that
    acted just like an ethernet adaptor directly on the network. I got a second
    account for my virtual computer, and it was quite happy to automatically pull
    down its IP address off the DHCP server. (A DHCP server is a server on the
    network that supplies IP addresses to computers based on their MAC address --
    typically, a computer these days isn't set up to know its own IP address, but to
    ask the local DHCP server for it; this makes changing the IP address a lot
    easier.)

    Anyhow, so there's a pretty trivial little hack here, which I'll sketch out as a
    proof of concept. Suppose I don't like Bob. And suppose I know Bob turns his
    computer off at night. I can poke at his computer (or various local records,
    probably) and find out his MAC address. Then I set up a VMWare virtual machine,
    and set it to connect directly to the local network, with the MAC address on the
    virtual adaptor set to the same as Bob's MAC address.

    So, I turn this virtual machine on, late at night. The local DHCP server thinks
    it's Bob's machine, because of the MAC address, and sends it Bob's IP address.
    As far as the local network is concerned -- and, in particular, as far as any
    logging on that network is concerned -- this is Bob's computer. If I were to
    run some file-sharing software on it and be really blatant about it ... well,
    Bob would get blamed for that, now wouldn't he?

    (And this is not even getting into what might happen if someone sets up wireless
    network-sharing off their computer and leaves it unsecured, or secures it but
    someone finds the password....)

    - Brooks

    [ Reply to This | # ]

    Mr. Linares is guilty of malice!!
    Authored by: el cojo on Tuesday, July 03 2007 @ 04:00 AM EDT
    IANAL so I hope that malice is the right word.
    (PJ may correct me and insert the correct one)

    Mr. Carlos Linares makes the implicit assumption that the user offering and/or
    downloading copyrighted music is in fact the temporary assignee of a certain
    IP.

    As we see in the other comments this is false.

    Here just 3 possible scenarios.

    1. The computer using the IP listed by Media Sentry is infected by malware.

    Lots of computers running MS Windows are infected with Trojans etc.
    Just look at the websites of anti-virus software vendors.

    It even went around the world an was in every newspaper, when a russian group
    started a DDOS (distributed denial of service) attack against a whole country
    (Estonia if I remember correctly) with thousands of computers around the world
    that were controlled by trojans, nearly paralyzing all computer networks in the
    country.

    Mr. Linares has to know about it.

    2. The administrator of the computer gave another person an account.

    Very simple. And this person with an account does not need to be in the room
    or even near the computer. He could connect through the net very easily using
    telnet (ouch!!) or ssh and being physically present in Sydney, Australia or
    wherever on the world.

    I am sure that Mr. Linares knows this.


    3. Wireless Networks

    Very common at university, where students take their laptops to class or for
    working
    with others, but have a desktop in their room (typing multi-page homeworks or
    papers
    on a laptop keyboard is a pain in the ***).

    Just to show that it is not easy to secure a WiFi for non experts:
    When c't (the best german computer magazine) wanted to test some wireless
    equipment,
    they were completely surprised when they found out that they were able to browse
    all the
    data from the medical university across the street.
    So if professional network admins make this sort of blunders, what can you
    expect
    of a, say, sociology student?

    Also I personally know people who use other peoples internet connection just by
    walking around
    in the city with a laptop and a WiFi card. The seldom need more than 15 minutes
    to connect.

    Mr. Linares should know this.


    I'm sure there are more methods of gaining access to a computers IP than the 3 I
    mention.


    But back to Mr. Linares.

    He is Vice-President Anti-Piracy, and if we believe what he writes, quite savvy
    in computer things.

    So either he is a complete incompetent, or he knows about all this.
    He is also a lawyer, so he knows exactly what perjury is. So if he knows that
    he does not know
    enough about computer networks, he should not write such a declaration himself,
    but leave that to a
    network expert.

    Conclusion :
    Mr. Linares is lying, or at least willfully misrepresenting the truth for purely
    commercial reasons,
    namely obtaining some money from people which may not have infringed anyones
    copyright.

    If I make a correct interpretation of PJs article on Slander of Title, this is
    called malice.
    (IANAL).

    IMHO this should have legal consequences for Mr. Linares (but it probably won't,
    he is a lawyer
    and knows how far he can go with his lying/misrepresenting. A pity.)

    [ Reply to This | # ]

    A different spin on IP addressing
    Authored by: EireannX on Tuesday, July 03 2007 @ 04:27 AM EDT
    Many of the comments above have reflected on how you cannot uniquely identify a
    device by IP address. In most cases they make the point that the best you can
    hope to do is uniquely identify a network. This is not true either.

    In the ISP environments I have worked in, traffic accounting is performed at the
    border of the network. This means that you can identify in the records when
    traffic enters and exits the ISP network, but not uniquely where it goes once
    inside the cloud.

    This is important, because from here there is an assumption that because it
    arrived at the ISP it ended up reaching the end user's network, and there is no
    information being gathered that could disprove this.

    Now there are two tools I have used to diagnose user faults. One is when a user
    cannot log in. I can bend the tail circuit going to his ADSL router onto an ATM
    interface in my test network and configure it with their paramaters to ensure
    that it does log in and get the correct IP address. Apart from my knowledge of
    the test I performed there is no real evidence of my action. The radius server
    will show that the user re-authenticated, but it doesn't show that the device
    which logged in changed in any way. Even if the technology is not ADSL, most
    technologies would provide methods which would produce the ability to locally
    terminate user sessions.

    The second tool I used was an address translation. If a user complained that a
    particular protocol was not working for them, I could isolate just that protocol
    on their IP address and terminate it yet again on another device on the network
    to ensure that it wasn't a routing or filtering issue.

    Now while I would use both of these tools with the knowledge and permission of a
    customer, there really wasn't anything other than my own ethics preventing me
    from hijacking an IP address on the network at random and using it for whatever
    purposes I chose. The only way it could have been caught was 'in the act' by
    looking at the actual network configurations.

    While the first tool above would have disconnected the user, the second tool
    would have been completely transparent, unless they were trying to use that
    protocol on their IP address during the time it was redirected to a separate
    device. The only other clue would have been a higher than normal usage level if
    the customer had metered billing, but even then billing records would never have
    pointed out the culprit, they don't generally capture the correct data.

    Now to some extent this is all conjecture, because on the networks I worked on
    this is all possible. It may turn out that on the upstream ISP and carrier
    networks they have more sophisticated tracking tools in place so that such
    redirection of traffic is not possible.

    [ Reply to This | # ]

    Isn't this all moot?
    Authored by: billwww on Tuesday, July 03 2007 @ 06:26 AM EDT
    In a legal case, won't an acknowledged expert in the field have to be deposed
    and/or appear as a witness at the trial? Simply avering that 400 relatively
    anonymous Groklaw-ers believe there are factual errors in an RIAA statement
    won't cut it in court.

    billwww (formerly addicted to logic)

    [ Reply to This | # ]

    Paragraph by paragraph...
    Authored by: mtew on Tuesday, July 03 2007 @ 06:27 AM EDT
    3. Where did that 90% figure come from?

    6. 'so-called'? They are 'online' - that is connected to the internet. The
    work with a number of different information formats - that is 'media' (plural).
    They facilitate the transfer of information - that is they perform a
    'distribution' of the information. The parts are designed to work togeather -
    that is it is a system. The term is an accurate description of these
    facalities. The use of 'so-called' implies that the term is somehow
    misleading. If he thinks the description is inappropriate, he should be asked
    to explain how.

    Napster is ancient history. They got very throughly and (probably) properly
    punished for their conduct. While the other programs mentioned have a similar
    technical function, evidence should be provided that they are, in fact - not
    just in his opinion, doing the reprehensible things that Napster did. There are
    reasonable and legal uses for at least some, if not all, of the programs
    mentioned. IIRC this has been demonstrated in court.

    Where did the 'millions' come from? Have there been millions of convictions?
    While I am not an expert on this, I suspect any such massive amount of proven
    offensive behavior would have been mentioned in common news sources quite
    prominantly.

    7. 'Download' - jargon - it is just another word for 'transfer'. And since
    when is searching for somthing bad?

    8. The 'major' record companies are NOT the only source of music. So what if
    they have not authorized the transfers. They are trying to pretend that they
    own it all. They don't.

    9. There is no right to revenue. They have to earn it. This is the buggy-whip
    manufacturers argument. Support for the 'virtually all' opinion?

    'can not be under-estimated'? Sorry, but that is patently false. An estimate
    of zero would almost certainly be too low. The problem is their over-estimates.
    Weasel words.

    10. So they want to ignore the requirement that they have to prove someone
    guilty? If you believe this, you would expect that there would be no way to
    identify the 'culprits' and there would be practically no cases in the courts.
    There are good reasons for not plastering your name all over the place. Since
    they use 'Public Relations' to increase their sales, they may not be able to
    understand this.

    11. The quality of 'Media Sentry's results have been called into question and
    they have not answered those questions satisfactorily. Has this guy actually
    observed one of their operations? Is he qualified to judge the accuracy of the
    'Media Sentry' results?

    12. His understanding is faulty. Routers often provide Network Address
    Translation (NAT) services. That service changes the effective IP address of
    the network device. Many network devices on internal networks are assigned IP
    addresses in the reserve address ranges. As long as there is no direct
    connection between the internal networks, this does not cause problems. Routers
    routinely map these reserved addresses to different addresses for internet
    communication.

    He is ignoring the fact that heavily loaded ISPs will assign IP addresses to
    network devices for a period of time and later assign that same IP address to
    some other network device. You have to know both the IP address being used and
    the time. In a matter of a minute or less, an IP address can switch from one
    network device to another one hundreds of miles away. One of the most serious
    flaws in the techniques used by 'Media Sentry' in the (third hand) reports that
    I have seen is there failure to provide tracable event times. The accuracy of
    there reports are therefor in question. They have also failed to establish the
    accuracy of the records they have demanded from the ISPs. Without sufficent and
    documentable accuracy, their records would be practicaly useless because they
    might be incorrect with no way to check on there validity.

    The telephone and Area Code analogy is bogus. A major advantage of the Internet
    design is that the same hardware can be used virtually simultaniously to
    establish multiple connections.

    While the mapping from a network device address to an IP address has to be kept
    for the duration of the network device's connection, there is no compelling
    business reason to retain this information beyond that interval. The necessary
    records are only the entity to be billed and the amount of service used so that
    the amount of the bill can be justified. Unless the coustomer has paid for a
    stable IP address, there is no business need to keep the IP assignment
    information.

    13. IIRC 'Media Sentry's ability to perform the identifiaction service has been
    called into serious question. To judge how well they do this task, their 'false
    positive' error rate is needed.

    14. They are assuming that the identification of the individual is not in
    question. The contents of the meta data is not likely to include information
    from the log files. The log files do usually contain extracts of the metadata.

    From the data gathered it is probably possible to show that someone is
    infringing a particular copyright, but establishing who that someone is
    reliably, has not been demonstrated.

    15. One of the important characteristics of digital data is that its integrety
    is regenerated when it is transfered. Simply listening to the music is one of
    the less accurate ways to compare different digital recordings. This can cause
    problems when the RIAA holds a copyright on a particular performance but does
    not hold a copyright on a similar but different performance.

    16. This conflicts with his reasoning in (12) and (14).

    17. Does Verizon's opinion have any weight with respect to anything but
    Verizon?

    18. See (15) and (12). He said 'Media Sentry' recorded the times. Hearsay?
    People do not have IP addresses. Network devices do.

    "The RIAA could not, however, determine the physical location of the users
    or their identities." That just about kills their whole case...

    19. They have not established that the 'defendants' are the infringers. The
    'Media Sentry' identification numbers and, in themselvs, show nothing.

    20-23. INaL - no comment.

    24. How old is the evidence? 8-9 weeks at a minimum. Check with Boston
    University - their request may well be moot.


    ---
    MTEW

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: erikm on Tuesday, July 03 2007 @ 06:35 AM EDT

    I don't know if you're familiar with it, but the Witness statement of Henk Sips and Johan Pouwelse might also be an interesting read (yeah, MS Word format, if you Google a bit you might be able to find PDF). Not all of it might apply to your case, but there are certainly elements you can use.

    Erik (who has worked with Henk Sips and Johan Pouwelse in the past)

    [ Reply to This | # ]

    I may be wrong on this but here goes...
    Authored by: itchytweed on Tuesday, July 03 2007 @ 08:02 AM EDT
    As a birthday present, I put together a computer system for my father to put his
    collection of vinyl LP's onto CD's. He is retired and this was something he
    enjoys doing. Well, in his collection, he also has reel-to-reel mag tape from
    the record companies, one being Capitol Records. Now, both vinyl and mag tape
    were prevalent in the 50's and 60's. There was equipment available to the public
    to record on 1/4" mag tape. Did the RIAA go after and successfully
    prosecute, on a regular, ongoing basis, people who may have been in the
    "business" of making copies of the mag tape recordings for either sale
    or friends. IMNAL, but can it be possibly applied that if there is no
    sustainable history of defense of copyright throughout, that this may be
    selective prosecution or a Latches (sp?) issue?

    -Itchytweed

    [ Reply to This | # ]

    Is Assassination of media sentry employees ok
    Authored by: Anonymous on Tuesday, July 03 2007 @ 08:08 AM EDT
    OH right i play to many video games , can i really blame that also on murdering
    them.

    [ Reply to This | # ]

    Bittorrent
    Authored by: ka1axy on Tuesday, July 03 2007 @ 08:17 AM EDT
    14. For each suspected infringer, MediaSentry downloads a number of the music
    files that the individual is offering to other users on the P2P network. Those
    music files for each such individual are listed in Exhibit A to the Complaint.

    Bittorrent doesn't work this way. The file you are downloading is split up into
    chunks, and you download the individual chunks from any one of multiple IP
    addresses offering the file. Unless MediaSentry is going to great lengths to
    download all the chunks from the same IP, the file they end up with, though
    bit-identical to the file stored on any of the IPs offering it, was not
    downloaded in its entirety from one single IP.

    A log of the network traffic during a bittorrent download will show that data
    transfers are made from many different IPs during the download of a single file.


    It's a small detail, but maybe important.

    [ Reply to This | # ]

    About Torrent Clients
    Authored by: Anonymous on Tuesday, July 03 2007 @ 08:44 AM EDT
    An important point that I have not seen mentioned is the nature of Torrent
    clients. They are designed to be good citizens of the "swarm".

    As soon as you start downloading a file, the client immeadiately starts sharing
    the portion of the file that you have downloaded so far. Other members of the
    swarm can then get a piece of the file from you. Once you stop downloading and
    shut down your client, you stop sharing as well.

    [ Reply to This | # ]

    This whole statement assumes..
    Authored by: Anonymous on Tuesday, July 03 2007 @ 08:48 AM EDT
    This whole statement assumes that this peer-2-peer trolling that Media Sentry
    did was ONLY downloading and not uploading. They could have placed the files on
    the p2p networks and then gone back and "found" them. They have a
    financial interest in "finding" these files, and we have no way of
    proving or disproving how those files were place on thos p2p networks. We also
    have no way of positively determining if the files they claim to have downloaded
    were really downloaded. Have Media Sentry and RIAA "Nifonged" us? are
    they only presenting evidence that seems to help them while making sure all
    other evidence is hidden or destroyed? If there are 1000's of files, how does
    Media Sentry know that the computer owner placed them there and not Media
    Sentry, one of is agents, some malicious outside party or just some other party?
    Planted evidence is not proof of what crime occurred, just proof that a crime
    was created. Media Sentry has a vested interrest in making RIAA happy. To what
    ends will they go/have they gone to provide evidence that supports RIAA's
    claims. And RIAA has always gone after small fish which makes it easy to create
    the appearance of much evil to support their claims that much evil is going on.

    And just who did prime the p2p networks with "pre-release works"?
    Sounds like entrapment to me.

    [ Reply to This | # ]

    The RIAA also reviews the other evidence collected by MediaSentry.
    Authored by: Anonymous on Tuesday, July 03 2007 @ 09:06 AM EDT
    Computers, IP and individual users are not even synonyms much less
    interchangeable as if each was labeled "1A,1B,1C"

    "Two computers cannot effectively function if they are connected to the
    Internet with the same IP address at the same time. This is analogous to the
    telephone system where each location has a unique number. For example, in a
    particular home, there may be three or four different telephones, but only one
    call can be placed at a time to or from that home."

    OK, so exactly who dialed the call .... and who is on the phone?

    As for IP's --- others here have remarked networks, etc --- is this not general
    knowledge a reasonably competent expert would know? If so, are these statements
    misrepresentations?

    But of the most important statement is

    "The RIAA also reviews the other evidence collected by MediaSentry."

    What is this, in total and exhaustive detail.

    [ Reply to This | # ]

    Media Sentry - violating any licenses?
    Authored by: tz on Tuesday, July 03 2007 @ 09:14 AM EDT
    I think the problem is this - if I leave a stack of books in my open garage for
    my neighbors to borrow, and some stranger comes in and takes them, it is still
    theft.

    Media Sentry can only prove that "There were books in the Garage".

    It might be a fair use to, say, have my mp3ized CD collection available for my
    cousin in another state to browse through.

    And what of the licenses of both the clients, announcers, and torrent sources?
    If they put up a dialog box requiring the same kind of EULA click-through
    "Only Authorized users should click OK", would it fix things?

    P2P isn't strictly a public performance or access (a broadcast to an anonymous
    crowd), nor is it like a group of known friends listening to my CD player in my
    living room (individual to individual), but a hybrid.

    I would not give Media Sentry permission to access my computer if I knew it was
    them (EULA style click-through again?). I would consider them to be the same as
    any malware author, bot-herder, or malicious hacker trespassing and vandalizing
    my computer.

    Note that even if I knew someone was doing illegal activity on their home
    computer (e.g. bragging at work), it would be illegal for me to hack their
    computer, and I think it is illegal for even the FBI to do so without a
    warrant.

    Just because I have an open port (or don't lock and bolt my physical door)
    doesn't mean there is an open invitation for anyone to enter. Or to pretext
    much like HP.

    They should find out who these people are and throw them in jail at least as
    long as Kevin Mitnick, and with the same restrictions on not using any
    computers.

    [ Reply to This | # ]

    12. IP adresses
    Authored by: seanlynch on Tuesday, July 03 2007 @ 09:26 AM EDT
    The statements in 12 seem mostly accurate, but they have a glaring omission. IP
    addresses are not guaraunteed unique from one internet session to the next.
    These addresses can be assigned dynamically.

    Users who have a unique ID this hour, may be assigned a new address the next
    time they log in.

    Exact timing, as well as logon and logoff records from a network's system logs
    must accompany any identification of a user by IP address. There must also be
    evidence that the computers involved all had their clocks set to the same
    network time, so that a timestamp can be regarded as accurate.

    Saying an IP adress is unique is true, but this does not imply that a given user
    will always have the same unique IP address.

    In order to uniquely identify a user to a given unique IP address, a long chain
    of evidence must be built. None of that guarauntees that someone didn't just
    walk into another student's dorm room and use an already logged in computer to
    download the music without the computer owner's permission.

    [ Reply to This | # ]

    • 12. IP adresses - Authored by: Anonymous on Tuesday, July 03 2007 @ 09:56 AM EDT
    Para 21 is a load of rubbish
    Authored by: globularity on Tuesday, July 03 2007 @ 09:30 AM EDT
    21. First, every day that copyrighted material is disseminated without the authorization of the copyright owner, the copyright owner is economically harmed. Prompt identification of infringers is necessary in order for copyright owners to take quick action to stop unlawful and dissemination of their works and minimize their economic loss.
    Where is the link between the economic effects of authorised and unauthorised distribution. Much authorised distribution is done freely to promote a musical work, how can there be a distinction between the effects of authorised and unauthorised distribution in this context.

    The question to ask is whether there is any proof that the mere act of authorisation of distribution has any material effect on the recipient of the distributed work's desire to give the RIAA money for whatever reason.

    I suspect the author of the statement is talking out of his hat and knows he will not get charged with perjury

    ---
    Windows vista, a marriage between operating system and trojan horse.

    [ Reply to This | # ]

    Ships raided for CD's?
    Authored by: Anonymous on Tuesday, July 03 2007 @ 10:04 AM EDT

    The Declaration has the word "piracy" all over the place. According to Black's Law Dictionary (centennial edition, 1990) piracy is:

    Those acts of robbery and depredation upon the high seas, which if committed on land, would have amounted to a felony. Brigandage committed on the sea or from the sea.

    With this in mind, the declaration is mostly gibberish.

    [ Reply to This | # ]

    Point Five is Incorrect
    Authored by: Anonymous on Tuesday, July 03 2007 @ 10:17 AM EDT
    5. The Internet is a vast collection of interconnected computers and computer networks that communicate with each other. Too vague and technically incorrect. Type in google 'define: internet' and find answer like 'A global network connecting millions of computers'. However, not all computers connected can actual communicate with each other (whatever is meant by 'communicate') for various reasons like incompatible OS'es or firewalls.

    It allows hundreds of millions of people around the world to communicate freely and easily and to exchange ideas and information, including academic research, literary works, financial data, music, movies, graphics, and an unending and ever-changing array of other data.
    I wonder what he means by freely. This is incorrect in any definition of the word 'free' but also means that he admits that you can exchange anything freely!

    Once a sound recording has been transformed into an unsecured digital format, it can be copied further and distributed an unlimited of times over the Internet, without significant degradation in sound quality.
    I believe this is old technology. My limited understanding is that it is the record companies that record in digital format so there is no transformation. Further, what the consumer already buys like a CD is already in a digital format. So if it is a wav format (the CD format) or a lossless format (say Flac) there should not be any loss of sound quality. Depending on the definition of 'significant', all other format do noticeably lose quality. However that is irrelevant to the 'internet' as I can do that on any device like a computer or disc-copier even personal backups or transfer to an music player.

    [ Reply to This | # ]

    Looks like RIAA need to prove a lot
    Authored by: Anonymous on Tuesday, July 03 2007 @ 10:24 AM EDT
    First off, IANaL... Heck, I am not even an American. As a result, my comment
    likely does not have any value in court.

    I will paste my point-by-point comments below, but in short there are three
    things that may need to be proven:
    - File lists don't mean anything.
    It just shows that there are files that have names that sound familiar to the
    RIAA. Even if a downloaded sample from an individual shows that the downloaded
    files contain music that is in line with the file name, it by no means proves
    that this is true for the entire file list of that individual.

    - Is the material really infringing copyright?
    AFAIK, the fact that one can download a music file and play it does not
    automatically mean that the file is infringing copyright. There may have been
    perfectly legal ways to obtain a file that contains the music, without there was
    any requirement for the individual to abstain from distributing the file.
    Examples that come to mind are recordings from (regional, maybe on-line) radio
    stations. If such files were created domestically, I wonder if there's any law
    preventing one from distributing it. What if the file was legally created and
    distributed outside the US. If that file is downloaded in the US does it all of
    a sudden become an infringed file?

    - Time and dates RIAA has seen for activity may not be traceable to an
    individual.
    Only if the devices on the side of the university have been using authoritative
    time servers to time stamp the logs, and the investigators have also ensured
    that their logs are created using the time stamps of an authoritative time
    server one can start to dig deeper into the university.

    Even then (and assuming no spoofing of IP / MAC addresses has occurred), one can
    only establish which PC was used to generate the traffic. Dependant on the
    logging, one potentially can determine what OS user account was used for the
    action. Then one still has to prove that this account was accessed by the
    individual that is being charged. It could very well be that the user account
    has become compromised without the knowledge of the individual (someone may have
    looked over the shoulder to obtain uid/pw or someone may have copied the
    security card, etc). This means that once a user ID has been established, one
    needs to prove that person X was indeed using PC Y at time Z. Furthermore, one
    has to prove that it was not done by someone else in the background from that
    computer without the user knowing it.

    FWIW, below are the details the points I think I can comment on below.


    Point 5
    Define “Unfortunately, the Internet also has afforded opportunities for the
    wide-scale piracy”. The Internet is a global thing. How many songs (not
    guesstimates, but proven numbers) are illegally distributed. Wide scale I
    believe also needs to be put in perspective against a similar metric for legit
    music sales (on- and off-line combined). This will allow a proper assessment of
    the impact. That impact in turn could justify the use of wide-scale. Then... How
    does that relate to these few individuals.

    Point 6
    Justify “Much of the unlawful distribution of copyrighted sound recordings over
    the Internet occurs via P2P”. Wild statement. There are many other ways to
    distribute illegal content. News groups, web sites, radio broadcast, podcast,
    etc. By showing a breakdown of actual proven numbers (not guesstimates) are done
    through P2P.

    Point 8
    “The major record companies generally have not authorized their copyrighted
    sound recordings”. Prove that the music that is allegedly being distributed is
    from an illegal source. A few ways of obtaining legal (or at least as far as the
    consumer can tell legal) digital copies of music are a digitized radio recording
    (in some countries there are no blanket rules in recording from the radio) or
    podcasts that do not explicitly prohibit re-distribution of music. Once such a
    recording has been made legally, it may be distributed legally as well. For a
    consumer it is impossible to easily determine if the file transferred is illegal
    (there’s no copyright notice). One cannot expect a consumer to assume all
    content is illegal until it has been established legal.

    Point 9
    As mentioned in earlier point. Show verifiable numbers. Also, factor in extra
    revenue generated by CDs being bought because someone was introduced to music
    and liked what one has heard through allegedly illegal on-line sources.

    Point 10
    Prove that infringement is taking place. File names that the plaintiff observe
    may not match the actual content of the file. Even if the content matches the
    file name, prove that there has not been a way for the individual to legally
    obtain the material. (See point 8)

    Point 11
    Does this not imply that MediaSentry has been distributing content with
    permission from RIAA. MediaSentry has been logging on, downloading (and
    apparently also distributing due to claimed functionality) content. This means
    that copies of files without copyright notice have been distributed on behalf of
    RIAA. As a result, the content has been made freely available by RIAA and
    therefore these copies are legal to own

    Point 12
    Each IP that MediaSentry can see is only the external IP address of an
    organization. The internal IP addresses are most likely not to be constant. The
    only way to prove that a particular computer was used for something at a given
    point in time requires one to know the exact time that that computer was used.
    Point 13
    MediaSentry is able to detect that from a certain network certain files are
    shared. Still need to prove that content of the files shared is indeed copyright
    protected and that the file could not be legally obtained through other sources
    than RIAA controlled sources. If the file could be legally obtained through
    other sources, prove that one is not allowed to redistribute it.

    Point 14
    Listings of files do not prove infringement. It is the content of the files that
    may constitute infringement. Again, just as in previous points, prove that the
    content of obtained files is really infringing.

    Point 15
    The fact that one can listen to certain music, does not mean it has been
    obtained and (re-) distributed in an illegal fashion. Nor does it need to be
    obvious to the user that the (re-) distribution of the file was illegal.
    Again…. File lists do not constitute infringement.

    Point 16
    Though conceptually possible, one will have to prove that the hardware at the
    ISP, university or other organization is running at exactly the same time as the
    hardware that the investigator is using. Although time zones are less relevant
    (easy to correct for that), two computers will not indicate exactly the same
    time unless certain conditions are met (e.g. synchronization of local time with
    an authoritative time server).
    One will have to prove that the computers are indeed indicating the same time,
    before times/dates become relevant variables.

    Point 18
    Prove that the music could not have been legally (or at least seemingly legally)
    obtained through media that do not indicate that the material is copyright
    protected and then re-distributed.

    Point 19
    File lists do not mean a thing. Even if files are of the type as indicated in
    the file list (say .mp3), the actual content of the recording by no means has to
    match the content indicated by file names or meta tags.

    Point 20
    Only if material indeed is infringing

    Point 21
    Please prove that every day that the content is shared is causing more harm. In
    order to do this one would have to prove that not sharing the information would
    lead to higher sales. Also one would have to prove that dipping sales are a
    direct result of the material shared. One needs to prove that listening to the
    material obtained on-line is not leading to sales. In short, show the economic
    links. Last but not least… Prove that the content is indeed infringing.

    Point 22
    Unreleased material that is hitting the Internet can do so for two reasons:
    1. It is actually an on-line release;
    2. Theft has occurred in the chain that is under control by the copyright
    owners. That is where the loss is generated.

    Unless there are clear statements from these sources, individuals receiving that
    material have no way of knowing that the material is actually copyright
    protected. As a result one could argue that the individual, unless proven that
    the material has gotten into the individuals hands through illegal ways (or with
    the explicit notice that the material may not be redistributed), has the right
    to distribute.

    Point 23
    Is extra discovery allowed even if it has not been established that the material
    made available online is really infringing?

    Point 24
    This is only relevant if one can prove that the ISP or organization is keeping
    logs on a piece of hardware that is ensuring it is keeping time that is exactly
    in line with the time that the hardware of the investigator uses. If there is a
    chance that these two times are not in sync, the logs of the ISP or organization
    are worthless to identify anyone.



    [ Reply to This | # ]

    ISPs Are Not The Same
    Authored by: Anonymous on Tuesday, July 03 2007 @ 11:05 AM EDT
    I work at a mid-sized cable company on the business side of the Internet
    division. As you will see, its better I remain anonymous

    The discussion so-far has revolved around technical and legal analysis. There is
    a far more important point that has to be considered. Each ISP has its own set
    of policies and procedures for running the network. These vary based on the
    different types of network hardware installed, software versions, legacy
    constraints, contractual and regulatory peculiarities, maintenance budgets,
    business strategy and the competence of the employees. No two ISPs run things
    exactly the same way.

    For example, my company is planning to charge customers for some types of usage.
    Implementing has been a nightmare. We found in one area with 350k subscribers
    that 18,000 had given themselves static IPs. 18,000! It wasn't supposed to be
    possible, so we never looked for it. In another case, because accurate assigning
    of use had never been an issue, we had no measures to prevent MAC spoofing. It
    turned out there was a LOT of MAC spoofing going on. We turned on some
    previously unused DOCSIS features that eliminated 99% of the spoofing. But the
    point is we simply hadn't bothered because it was not a problem for us or the
    customers. Until a recent update of a particular platform, the accuracy of the
    IP to MAC match was so shaky we couldn't send anyone a bill.

    My company is actually well run. It does 5,000 things right and 50 things wrong.
    Its a big complicated business. You fix the problems that most impact the
    customers. We do it well and can still turn up stupid things like I described.
    Every ISP or big network has problems. Without specific knowledge of how a
    particular ISP runs its business, there is no way to know how accurate a
    particular bit of remotely captured information may be. The only experts are the
    people who work at the ISP.

    [ Reply to This | # ]

    Point by point rebuttal...
    Authored by: Marc Mengel on Tuesday, July 03 2007 @ 11:09 AM EDT
    This is some serious propaganda here... Alas, he probably believes it.

    So point by point...

    5. He talks about "unsecured" digital formats, as if there were
    "secure" ones -- there aren't, that's a myth.
    He neglects that music CD's, published by the music companies, are
    an unsecured digital format. In any case, secured versus unsecured has
    nothing to do with this discussion.

    6. While some distribution of copyrighted recordings does occur
    using P2P software and protocols. How much of that distribution
    is fair use under copyright law has not, to my knowlege, been
    established, so the claim that such copying is "illegal" is not
    established.

    8. Once again, not all copying not authorized by the copyright holder
    is illegal.

    9. This is false on its face. Anything can be over- or under-estimated.
    Also, people can easily disguise their identity from Internet Service
    Providers, in many cases by illegally using other peoples computers
    withouth their knowlege or consent. So claiming that ISP's neccesarily
    know who is using their services is a fallacy.

    11. MediaSentry is not a licensed investigator in most states, so retaining
    them as a private investigator is not neccesarily a good plan. If P2P
    software is illegally installed on a computer by a 3rd party without
    the owner's knowlege or consent, then MediaSentry's use of that
    installation is equally illegal.

    12. IP addresses are only temporarily unique, and do not uniquely identify
    either a computer nor the person or people using the computer. It is
    NOT analagous to a person having a telephone number which is identified
    with them personally. ISP's, universities, etc. cannot identify the
    person or people who were using a given IP address at a given time, only
    the person who initially registered or paid for that service. They cannot
    tell for certain who is using the computer in question, or if it is even
    the same computer that was used for the initial registration. They can
    at best identify the MAC address of the piece of hardware (i.e. router
    or network card) that was used. MAC addresses are configurable and
    modifiable at any time. So for example, one can register for service
    with a computer with a network card directly connected to a wired
    connection, and then replace that computer hookup with a wireless
    router, and configure that router to present the same MAC address
    as the network card on the computer (so as not to have to re-register
    with the ISP) That wireless router can use Network Address Translation
    (NAT) to allow dozens of computers to share that ISP connection, and
    the ISP will be unaware of this change, except possibly for an
    increase in traffic.

    13. The P2P software only identifies the IP address of the nearest
    access point. Reusing the example above, the IP address gained would
    be the one of the wireless router, which could be being used by
    literally dozens (or even hundereds) of computers.

    14. Once again, if the P2P software is installed without the owners knowlege
    or consent, or is being used on a hijacked network connection without
    the owner/renter's knowlege or consent, then MediaSentry is participating
    in that illegal and unauthorized use. If someone taps into your
    home telephone line, and uses that phone line to sell drugs, that
    doesn't make you guilty of selling drugs, it's the person who tapped into
    your phone line.

    15. The fact that they verify that some person was infringing does not mean
    they have the slightest clue who that person is.

    16. The IP address cannot possibly have identified the INFRINGER. They are
    obtaining IP-address-to-CUSTOMER data on the ASSUMPTION that the customer
    who paid for the IP service is the infringer, or would reasonably know
    who it is. This assumption is, in the current world, unfounded.
    See for example:
    http://www.ciphertrust.com/resources/statistics/zombie.php
    which states that nearly 250,000 'zombie' computers are identified
    EACH DAY. Huge numbers of computers are currently being used for
    all manner of illegal activities without the owners being aware of it.

    17. The RIAA has gotten the names, addresses, etc. of ISP customers who
    may or may not have been infringers. They have no way of knowing
    whether the people whose names, etc. they have obtained are the
    infringers.

    20. Once again, they have not obtained the identity of the infringer, only
    of the customer who paid for the ISP service used by the infringer,
    and even then they have obtained the identity of that customer only
    assuming the clocks on their logging system are set correctly, etc.

    23. Even once they have obtained the data they are asking for, they
    STILL don't have the neccesary data to identify the infringer,
    and they are often serving the complaint and summons to the wrong
    person.

    24. I am quite certain the ISP's do not vouch for the accuracy of those
    logs that are subpoenaed to find customers, nor are they maintained with
    the sort of evidenciary rules sufficient for a court of law.
    Once again, they are not identifying the infringer, only the customer
    paying for the ISP service used by the infringer.




    [ Reply to This | # ]

    User Identity
    Authored by: Anonymous on Tuesday, July 03 2007 @ 11:37 AM EDT
    IP, at its very best, points you to a single computer. UserID on P2P network at
    best, only shows that someone is sharing something he is not suppose to. The key
    here is that there is NO way it tells you who is the person sharing file. Both
    evidence, whether individually or viewed together, does not pinpoint who is the
    infringer.

    Take as an analogy speed camera. It catch a car speeding. Old fashion speed
    camera at times cannot capture a picture of the driver. Without the law
    requiring the car owner to identify the driver or face the penalty himself, a
    lot of driver did get away with speeding.

    As far as I can tell, there is no such law in DMCA that is analogous to
    requiring computer owner identifying the infringer. All I see is computer owner
    served with "take down" notices.

    To use a more sad example, one in the early days of internet and that was
    featured in Reader Digest, a US Police Department had to show the court that the
    pedophile is using a particular username on the net by the painstaking
    surveillance work to demonstrate the computer is at the accused's home, and the
    user is only active when the accused is at home and when he is not, the user is
    not active as well.

    I think this is important because all RIAA is able to prove is someone
    infringing their rights, but they cannot actually pinpoint who.

    ----

    Not really sure whether this amount to anything. On paragraph 18 it says that
    RIAA's agent listen to a "representative" sample of the mp3 they
    downloaded. Surely from an evident point-of-view, they can only litigate on
    those mp3 files they actually downloaded as they do not have proof that the
    other files they have on their "list" are infringing, however
    representative their samples are.

    [ Reply to This | # ]

    Can RIAA determine files are illegal by listening?
    Authored by: Anonymous on Tuesday, July 03 2007 @ 11:58 AM EDT
    No one has yet addressed the question of how RIAA can tell whether files on my
    computer are licensed or unlicensed by listening.

    Lineres' said *** The RIAA
    also listens to the downloaded music files from these users in order to confirm
    that they are, indeed, illegal copies of sound recordings whose copyrights are
    owned RIAA members.*** (para. 15) and ***The RIAA downloaded and listened to a
    representative sample of the music files being offered for download by each
    Defendant and was able to confirm that the files each Defendant was offering for
    distribution were illegal copies of sound recordings whose copyrights are owned
    by RIAA members. *** (para. 18)

    Is there anyone with technical credentials who
    can say that Lineres was lying since it is impossible to distinguish between
    licensed sound files and unlicensed ("illegal") copies by listening?

    [ Reply to This | # ]

    Forensic requirements related to #12
    Authored by: Anonymous on Tuesday, July 03 2007 @ 12:01 PM EDT
    Disclaimer: I'm a security analyst with forensic experience, but most of my
    forensic work as been internal to my organization. I've worked with law
    enforcement on a select few occasions but none of my work has ever gone to court
    as evidence. Naturally I disagree with the RIAA's motivations and methods, but
    I'll try to be as objective as possible.

    The only way to reliably say "this computer right here is the one used for
    infringing activity" is to do a forensic on the hard drive(s) of the
    machine itself. However in order to justify a subpoena of that computer, the
    RIAA will need to be able to cross reference several logs, as other posters have
    pointed out. The declaration does not get into public and private addresses and
    Network Address Translation, but these are technologies employed by most
    enterprise organizations and ISP's. Using NAT, a private IP address, which is
    not globally unique, is translated to a public address. A public address can be
    an individual address or a range of addresses assigned to an organization. These
    addresses are globally unique. Specifically, in a typical enterprise
    environment, to tie a public IP logged by MediaSentry|SafeNet to a physical
    location such as a dorm room, the RIAA would need:

    1. Logs from the router, layer 3 switch, server, or firewall that performs
    Network Address Translation. Specifically, those logs need to tie the public IP
    recorded by MediaSentry to the private IP of the offending computer. It should
    be noted that most devices that perform NAT don't log by default. Enterprise
    grade firewalls will normally log translated addresses that send traffic out,
    however some firewall admins (myself included) configure firewalls to refrain
    from logging traffic from public segments for privacy purposes.

    2. Assuming dynamic addresses are in use, the logs from the DHCP (Dynamic Host
    Configuration Protocol) server would be necessary to indicate what computer was
    assigned the offending private address. A DHCP server can be a physical server
    or it can be a network device. If configured for logging, the DHCP server will
    log the IP address assigned to each computer on the network and the MAC (Media
    Access Control) address of that computer. Some DHCP servers will also log the
    hostname of the connecting machine. A MAC address is assigned to the network
    card in a computer, however it is possible to change the address used by a
    computer on a network. Also it should be noted that DHCP server logging
    configurations vary. For example, a Windows DHCP server by default only retains
    logs for seven days.

    3. In order to tie the MAC address of a computer to a location, one would need
    access to network equipment, specifically the LAN switch the offending computer
    is plugged into, as well as wiring charts. It should be noted that most switches
    do not log where a specific MAC address was at a given time, rather they show
    where a MAC address is "right now".

    So the flow of information would be:
    1. Reference the public IP address acquired by MediaSentry in the NAT logs (if
    any) to get the private IP address in use at the time the offending traffic
    occurred.
    2. Reference the private IP address with the DHCP server logs (again, if any) to
    get the offending MAC address and/or hostname.
    3. Reference the MAC address with the necessary LAN switch and wiring
    schematics. Network admins will normally be able to determine the appropriate
    switch, depending on the type of equipment used and its capabilities.

    The following addtional items may come into play:
    1. Some networks use authentication systems to check a library card, student
    number, or username and password when a user connects to a network. Those logs
    would come into play as well.
    2. Some networks use a proxy server to handle certain types of traffic. Those
    logs could also come into play.

    The following "gotchas" could be used to impeach any of the above
    items as evidence:
    1. Time synchronization is a headache many network admins struggle with (or
    ignore). You may be able to demonstrate that any of the above logs are out of
    sync.
    2. If a computer has been moved, that confuses the issue. Likewise, if multiple
    people use one computer, whom do you prosecute? (IANAL)
    3. Most of the log files involved are stored as plain text files, and therefore
    can be edited. To do a forensically sound data acquisition of those files would
    require either a backup restore (assuming the necessary logs are backed up) or
    it would require the server to be powered down. In a Windows environment, just
    clicking on a file, let alone actually opening it, modifies the date and time
    stamps on that file. So if server admins on site have started looking to see who
    the offending party is, they may have already contaminated the log files as
    evidence.
    4. Most computers running Windows that are used by a young adult, especially a
    young adult male, have some type of spyware or malware on them. Chances are the
    defendants' computers have managed to pick up some malware somewhere along the
    line. While I don't personally approve of the "Hackers broke into my
    machine and did eveil" defense if it doesn't apply, it is true that hacker
    groups have been known to compromise a machine then use it to host copyrighted
    material, and there are viruses that, upon infecting a computer, write data to
    the share directories of common P2P programs.

    Hope this helps.

    [ Reply to This | # ]

    it's all irrelevant
    Authored by: Anonymous on Tuesday, July 03 2007 @ 01:50 PM EDT
    I can fabricate a lot of evidence and the show it to a bunch of people with the
    highest integrety. There is no objective conclusion possible about the validity
    of the evidence if the means of gathering that evidence are not available for
    review and testing. Since mediasentry does not want to let people see how their
    software does what it does their evidence is worth nothing. I'm not from the US
    but I seem to remember even you guys have laws against illegal gathering of
    evidence. If you are not allowed to review the way the mediasentry software does
    what it does.....how can anyone guarantee no illegal means were used?

    The likelyhood of illegal measures here is higher than in any other case because
    mediasentry relies in some way of communicating with other peoples computers. It
    is not presenting itself as a company working for the riaa so they are not doing
    this with the consent of the end user. If the software reads the contents of
    peoples harddrives, I'm not saying it does but who knows, it might very well be
    breaking the law because the owner never gave his consent and mediasentry did
    not apply for a search warrant to do so.

    That's speculating and I admit it. That's the point isn't it? If you do not know
    what the software does and more importantly HOW it does it.....speculating is
    all you can do about the evidence it gathered.

    [ Reply to This | # ]

    Time synchronization.
    Authored by: mtew on Tuesday, July 03 2007 @ 01:55 PM EDT
    It is quite difficult to synchronize clocks.


    The difficulty increases when:

    1) more accuracy is needed.

    2) the distances involved increase.


    Random errors contribute to the difficulty but not necessarily in a predictable
    fashion. Some of these errors are:

    1) Variations in transmition times for any of a large number of reasons.

    2) Diligence of the people who keep up the end equipments' hardware and
    software.

    3) Diligence of the people who maintain the network hardware and software on all
    the devices that connects the end points.

    4) Environmental variations for all the above including but not limited to
    supplied power quality, temperature, humidity and altitude.


    This means that comparison of time values on different systems will be
    inconsistant to some degree or another. Bacause of this inconsistancy, the size
    of the inconsistancies is needed to establish the accuracy ot the comparision.
    More precicely, the order of two events can only be stated with certainly when
    the time-like seperation between the two is significantly larger than the
    inconsistancy of the time measurements.


    Note that this is the inconsistance of the measurements. There can also be
    systematic errors in the measurements that have to corrected before any
    comparision is meaningful.

    So before you can establish the order of two or more events you have to:

    1) Identify all sources of systematic measurement differences.

    2) Correct for the systematic differences that you can.

    3) Establish limits on the size of the systematic measurement differences you
    can not correct for.

    4) Establish the amount of measurement inconsistancy.

    5) Assure that the differenc in the measured values is significantly larger than
    (3) and (4) combined.


    For example, if you do not correct for the difference due to different time
    zones, the order of two events less than 26 hours appart (maybe more) can not be
    specified. Other errors or inconsistancies would increase that margin.


    ---
    MTEW

    [ Reply to This | # ]

    Any prof of unauthorized downloading ?
    Authored by: Anonymous on Tuesday, July 03 2007 @ 02:30 PM EDT
    From what I can see, MediaSentry was authorized by the RIAA to download the
    files they downloaded.
    They don't appear to provide any evidence that the files in question were
    downloaded by anyone other than Mediasentry.
    Hence, they provide no evidence of unauthorized downloading of these files at
    all.

    Of course they also mention some other files which they only know metadata for,
    and they could be anything at all.

    ISTR that "making available" is itself illegal in the US, but that
    seems to me to be the *only* thing this statement could be used to indicate.

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Anonymous on Tuesday, July 03 2007 @ 02:45 PM EDT
    Not being a lawyer I'm always a bit curious as to why the RIAA is allowed to
    list evidence received from Mediasentry/Safenet when the methods for
    collection of such evidence are undisclosed? If there is no need to show the
    methods of evidence collection then for all we know Mediasentry has only a
    random number generator to name those to be accused and a set of reusable
    screenshots of said transgressions.
    The courts in a number of countries, including Canada's Federal Court of Appeal,
    have found Mediasentry's investigations to be unacceptable by the courts so why
    are US courts still accepting any documentation from these folks without and
    inquiry as to the methods, if any, used?

    [ Reply to This | # ]

    You are missing the forest for the trees.
    Authored by: Anonymous on Tuesday, July 03 2007 @ 02:53 PM EDT
    Yes, there are flaws in the affidavit. Both technical and legal.

    But the facts presented, even allowing for the flaws, do present sufficient
    evidence that people utilizing those IPs may have infringed, assuming the P is
    correct about their cause of action and making available is infringment.
    Whether or not NAT or a wireless router were used... even if a single IP was
    shared by 400 people in one entire dorm, is not relevant at this point. The P
    is not trying to make the account holder liable merely because they are the
    account holder -- they just want to ID them so as to depose them to determine
    who *is* liable. To find those people behind the IP (be they 1 person or 400)
    in order to question them, and to find the devices behind that IP, the P is
    entitled to the subpoena.

    HOWEVER, they are only entitled to question them if the P has a cognizable case
    as pled. *That's* where to attack.

    Assume they are enforcing a valid copyright for song XX. Is having a copy of a
    file called "XX" infringing? No. There are some explanations for
    having file XX that are not infringing. There are some scenarios that having
    file XX would be infringing. To quash the case, you must be able to show that
    in all possible explanations for the existence of file XX, no infringement
    exists. But the existence of the file may be enough (today) to allege possible
    infringement (i.e. that the person possessing the file downloaded that file and
    made an infringing copy).

    But then again, in this day and age of a billion songs sold legally online, and
    a resulting billion legal song files on consumers' hard drives, can the mere
    presence of file XX be enough anymore to be sufficient evidence to get a
    subpoena and invade privacy? 10 years ago, yes. 10 years from now, no. What
    about today?

    HOWEVER, the complaint does not claim the possession of file XX is infringing.
    They make *no* claim that file XX is an illegal copy. The court must limit
    itself to the theory of the case advanced by the party. The court must
    therefore assume then that the copy on the computer is a legal copy, such as
    purchased through iTunes.

    Now the interesting part....

    If I leave a copy of a retail-purchased legal CD on a public table in the park,
    allowing anyone in the public to SEE it, am I guilty of infringement?

    If I leave a copy of a retail-purchased legal CD on a public table in the park,
    allowing anyone in the public to TAKE it, am I guilty of infringement?

    If I leave a copy of a retail-purchased legal CD on a public table in the park,
    but with some chain attached to it such that it can be inserted in a CD player
    and played, but they can't TAKE it, am I guilty of infringement?

    If I leave a copy of a retail-purchased legal CD on a public table in the park,
    but with some chain attached to it such that it can be inserted in a computer
    and COPIED, but they can't TAKE it, am I guilty of infringement?

    If the answer to all is "no" then, as pled in this case by the P,
    there is no case for infringement.

    The P can re-plead, of course, to allege direct infringement, and then they
    clearly CAN get the subpoena, IF MERE EXISTENCE OF FILE XX is still sufficient
    in this day and age. Then the question will be whether the copy of song XX on
    the computer is legitimate (legal) or not. If it is, then the above CD on the
    table scenario should be dispositive. If legality turns on an affirmative
    defense, then the P still gets the subpoena.

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Anonymous on Tuesday, July 03 2007 @ 03:53 PM EDT
    Comments are numbered, the same as the declaration is numbered.

    6) the bittorrent thing: Bittorrent is explicitly designed to be agnostic, used
    for anything. That there are illegal uses doesn't matter as the creator of
    Bittorrent is very careful to never ever promote them. BT never tried to
    "capitalize" on the illegal market created by Napster

    8) "Major record companies" control only sound recordings. P2P
    distributes far more than sound recordings. If, by P2P transfers, he meant
    "transfers of sound recordings", then he would have a point. But he
    seeks to equate using a network with violating recording industry copyrights,
    which is a different matter.

    9) Several studies have found no appreciable impact on CD sales due to P2P file
    exchanges -- that is, they appear to imply people buy what they would have
    bought (or almost the same) -- then download EXTRA.

    11) A search 'can be as simple as'? That's a totally inadequate description
    coming from someone who's supposed to be an expert in antipiracy tactics. And
    what "searches of the Internet, as well as file-copying services"?
    Are there file-copying services that DON'T involve the Internet? (Yes, it's a
    nitpick. He's supposed to be an expert, he's being far too sloppy with the
    details.)
    Further, how can MediaSentry possibly "gather evidence of copyright
    infringement" by "using the same functionalities that are build into
    P2P programs?" Simply seeing that so-and-so's computer comes up as
    advertising "hey, I've got file XYZ" proves nothing -- you need to see
    the contents of that file. Can MediaSentry tell that the defendant uploaded
    that file to anyone OTHER than MediaSentry? As the agent of the copyright
    holders, any copy the defendant gave to MediaSentry cannot possibly violate the
    copyrights -- they were authorized to create that particular copy. Absent a
    showing that the file was uploaded to *others* MediaSentry's shown nothing.
    But they claimed to 'use only the same functionalities built into P2P
    programs'. P2P programs don't let you monitor the activities of third parties.
    Therefore this statement is either vague, or inaccurate.

    12) Look up Network Address Translation. This is totally wrong. It is entirely
    possible for >1 computer to use the same IP address at the same time. In
    fact, it is possible to configure a wireless router to allow anyone who walks up
    to it free access -- many come configured this way out of the box! If that is
    the case, there may be no way to tell which individual machine was using the IP
    address at the time the allegedly illegal activity was supposed to have
    transpired.

    14) "Additional data that track the movement of files through the
    Internet"? Exactly what additional data? Why gloss over this particular
    item?

    14/15) I note that the RIAA never sees the evidence until after MediaSentry
    turns it over. How have MediaSentry's procedures been validated? Have they
    ever made a mistake? If so, how often? If they claim not -- how many thousands
    of these cases have they run? It's inconceivable no mistakes were made,
    especially if they won't talk about how it was gathered. Note they say the RIAA
    "engages in a painstaking process to verify" but they don't mention
    anything about how careful MediaSentry is.
    But basically, there needs to be an examination of MediaSentry's methods and
    some kind of chain of custody.

    15) As Vice-President of Piracy, I'm sure this man is very busy. He has a lot
    of stuff to do. It ought to be pretty trivial to prove that he has not got the
    time to personally inspect *thousands* of these lists. And that's how many
    there are, for that's how many of these suits they've filed. I would inquire as
    to whether he is simply vouching on the basis that the people under him are
    supposed to have checked it, or if he PERSONALLY verified anything -- and if so,
    how he did this verification.

    16) How many times has the ISP given mistaken information as to identity? As
    the VP in charge of this effort, he ought to be able to give you a number. How
    does he know they have accurate data? Would he even notice if they gave
    inaccurate data?

    18) They only checked a "representative sample"? Then they can't
    claim damages for anything they didn't check.

    19) They attached the P2P username "if available"? How could they
    POSSIBLY have evidence someone had been on a P2P network -- and not have their
    (alleged) username? Something smells fishy here. Which P2P network are they
    alleging that this happened on? Most networks require usernames.
    Some work directly off of IP addresses and don't need names, but the ones
    MediaSentry seems to be tracking are the ones that DO require usernames. All of
    the ones I am familiar with that let you "search" the way they're
    describing require usernames. If they claim someone used a network that
    requires a username -- but don't have that username -- that's HIGHLY suspect.

    20) The only "infringing" activity they can prove happened isn't
    actually infringing at all, because it is activity they themselves requested and
    authorized. They have no evidence as to volume of any other kind of activity
    perpetrated by the individual. Furthermore, on a larger scale, their efforts
    have been shown by studies to have had exactly zero effect on the total volume
    of illicit file trading. Therefore the 'expedited discovery is essential'
    argument is specious -- they haven't even shown there's anything to stop (at
    least for this particular individual).

    21) Economic harm is disputed as noted above. Prompt identification or not,
    their efforts at mitigation have been empirically demonstrated to be futile
    anyway.

    22) Have they alleged that happened in this case? If not then this is totally
    irrelvant. If so, then they should have specifically included those works in
    spite of their not wanting to "bury the court in paper". Prerelease
    leaks are a drop in the bucket. First, much more stuff has been 'released' than
    is 'unreleased'. Second, 'unreleased' stuff either a) isn't unreleased' for
    long, or b) is never released -- and therefore cannot possibly cause economic
    loss to the RIAA.

    24) This is boilerplate. You aren't suing "people", you're suing
    specific individuals. Given you have a list of IP addresses, you ought to know
    exactly which ISP owns the IP addresses in question. You should therefore know
    *exactly* what the time window for discovery is. This may turn out to be
    extremely urgent -- or it may be a non-issue. Having failed to determine how
    time-critical it is, you cannot now complain to the court that it's urgent.

    [ Reply to This | # ]

    An outry lie (or serious misunderstanding)
    Authored by: GLJason on Tuesday, July 03 2007 @ 04:16 PM EDT
    Users of P2P networks can be identified by their IP addresses because each computer or network device (such as a router) that connects to a P2P network must have a unique IP address within the Internet to deliver files from one computer or network device to another. Two computers cannot effectively function if they are connected to the Internet with the same IP address at the same time.

    If computers are operating behind a NAT, they will all appear to have the same IP address on the internet. For instance, I have a static IP range on my home DSL. The DSL is connected to a wireless router setup as a NAT (Linksys WRT54GL). My Cisco DSL modem plugs into the 'internet' port on the Linksys and my gigabit switch plugs into one of the ethernet ports. I have a range of IP addresses, but the router itself is assigned to one in particular (let's say that it's 10.45.99.205, I don't want to give it out). If I had a switch in between the DSL modem and the wireless router, I could connect computers to it and assign them IP addresses from 10.45.99.192-10.45.99.204.

    As it is, all of my computers are on the switch inside my local network, and they have internal addresses assigned to them by the Linksys router. These addresses are purposely reserved by the IANA for use such as this. My Linksys router has an IP address of 192.168.0.2. I can assign my computers static IP addresses between 192.168.0.3 and 192.168.0.99. DHCP is enabled and will assign addresses from 192.168.0.100 to 192.168.0.254. Typically I have my main computer connected as 192.168.0.90 and my wife's computer connected as 192.168.0.91. When my laptop connects, it usually gets assigned address 192.168.0.100.

    All three of these computers appear to be coming from IP address 10.45.99.205 when I connect to a site on the internet. If a friend beings his laptop over, he'll get assigned IP address 192.168.0.101, but no site on the internet will ever see that, it will also look like IP address 10.45.99.205 to anyone not on my local network.

    What enables this is that TCP and UDP protocols each have 65535 ports that can be used. When one of my computers goes to groklaw.net for instance, it may be coming from port 9600 on IP address 192.168.0.90. The wireless router sees that this computer wants to make a connection on the internet to groklaw.net, so it reserves an external port, let's say 25000, and changes the packet information to show that it's coming from 10.45.99.205:25000 instead of 192.168.0.90:9600. Groklaw sees only this address, 10.45.99.205:25000. When it sends a reply packet back to 10.45.99.205:25000, my wireless router realizes that it has setup this to go to the internal address and port 192.168.0.90:9600, so it changes the information in the packet and sends it to my computer. This works much the same with UDP and P2P networks. Either it detects an outgoing UDP packet and reserves a port the same way, or Universal Plug-N-Play is used to reserve an external port.

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Anonymous on Tuesday, July 03 2007 @ 04:39 PM EDT
    6. Much of the unlawful distribution of copyrighted sound recordings over the Internet occurs via "peer-to-peer" ("P2P") file copying or so-called online media distribution systems. The most notorious example of such a system was Napster

    Napster was a p2p network but was in significant ways different from most other p2p networks in that it was serverbased.

    12. Users of P2P networks who distribute files over a network can be identified by using Internet Protocol {"IP") addresses because the unique IP address of the computer offering the files for distribution can be captured by another user during a search or a file transfer.

    This statement is not correct.
    1. If the user is behind a NATing firewall/router, you will only see the ip address of the NATing firewall/router. Since most routers for home use are NATing this is often the case.
    2. If the user is using a wireless lan with no or bad (WEP) security anyone could use the network. Since most wireless home routers are also NATing, this means that it is impossible to know the identity based on ip address whithout inspecting the users network.
    3. Anyone with access to the network of the user, and especially with access to gateways etc, could use the users ip address, without the user ever getting to know it.

    Thus it is not possible to connect the ip address to the computer end point for the communication. The ip address in the header is only a tag for a path the information flow in case a NATing firewall or router is used.

    4. The users computer could in some way be hijacked.
    5. There could be multiple users of the same computer.

    Thus, EVEN if you could connect the ip adress and the computer that is the end point for the communication, it is not generally possible to know WHO is sitting at the computer and thus who is commiting the crime.

    Thus users of network can not NOT be identified by the ip address.

    The comparision with telephones is not correct. With a NATing firewall, many users in a home, and even outsiders, can use the network at the same time even though the ip-address seems to be the same for an outside viewer.

    14. [...] such as metadata accompanying each file being disseminated that demonstrates that the user is engaged in copyright infringement.

    Metadata can be changes independently from the "media" content of the file. Metadata content is no proof of copyright infringement.

    16. In some instances, providing the IP address alone to the ISP has been enough to enable the ISP to identify the infringer.

    As stated above, the IP address does not identify an infringer. Firstly, it is possible for an outsider to use an other computers ip address. Secondly, if there is a NATing firewall it is not possible to know which computer is the endpoint for the communication. Thirdly, if there is a wireless access point, with low security, used behind the firewall anyone could use the network and the for an outside viewer the endpoint would seem to be that ip address. Even if no NATing firewalls was used, the ip address is only identifying a computer, and not a person. Thus the ip address ca not identify an infringer.

    The argument that the ip can be used to identify an infringer is used several times, and in all cases it is wrong.

    19. These lists often show thousands of files, many of which are sound recording (MP3) files that are owned by, or exclusively licensed to, Plaintiffs. I don't know american copright law and i'm not lawyer, but I know that in other countries the copyright owner doesn't own for example a record you buy. The copyright owner however has other rights to the material, and those rights are regulated by copyright law.

    21. First, every day that copyrighted material is disseminated without the authorization of the copyright owner, the copyright owner is economically harmed.

    My comment to this is not of technical nature . But the statement is plainly a lie. The copyright owner is only economically harmed by an illegal download if 1) the downloader doesn't buy the product *because* of the download, and 2) the copyright owner, if the downloader had bought the material, would have recieved economically compensation. The number of downloads are ofcourse of significance as well. If all other factors favor an economically loss for the copyright owner, then a limited number of downloads will incur the copyright owner with only a limited loss.

    [ Reply to This | # ]

    "unsecured digital format"
    Authored by: lunkwill on Tuesday, July 03 2007 @ 04:45 PM EDT
    Executive summary: Ties between IP address and humans are very uncertain.
    Proving economic harm is tricky. Speaking of "unsecured digital
    format"s is largely meaningless.

    Paragraph 5: "Once a sound recording has been transformed into an unsecured
    digital format, it can be copied further and distributed an unlimited of times
    over the Internet, without significant degradation in sound quality."

    The notion of an "unsecured digital format" is problematic and
    requires careful definition. Consider CSS, the DVD scrambling format, which
    went to court as a "technological measure which effectively controls access
    to a copyrighted work" per the DMCA. Here's the important bit: even if CSS
    hadn't been broken in numerous ways, a bit-for-bit copy of any DVD will still
    work in any DVD player. CSS encrypts video data using an (insecure) cipher,
    using keys intended to be kept secret in every DVD player. Part of the
    information necessary for decryption is recorded on the disk in a nonstandard
    way, and *that* might make it slightly more difficult for the average user to
    make a complete copy of a DVD. But that nonstandard part is what makes copying
    inconvenient (though not at all impossible) -- software can't help you
    distinguish 2 DVDs with the same bits on them.

    Likewise, all other tricks for creating "secure" digital formats,
    "trusted computing" included, are just that -- tricks. They don't
    have a solid theoretical basis; they're just stumbling blocks companies use to
    try to slow copiers down. But it's a fundamentally losing battle.

    Paragraph 8: "vast majority" needs backing up. Lots of people
    download Linux CD images via, say, BitTorrent, perfectly legally.

    Paragraph 9: "lose significant revenues on an annual basis due to the
    millions of unauthorized downloads". That's a 'what if' and thus
    impossible to prove.

    Paragraph 12/13: "Mediasentry finds individuals". False, due to NAT.
    (Have others already pointed out that people who run open wireless networks may
    not even know who's using their IP address?)

    Paragraph 14: "engaged in copyright infringement". Tricky to prove:
    Mediasentry receives the files, but they're a special case. What if the only
    other computer which receives the file is owned by the same user? (Eg., I
    download a song to my work computer from my home computer via a P2P network).

    Paragraph 17: the computer(s) that own an IP address do not uniquely identify a
    human guilty of infringement. Who was at the keyboard (and which keyboard)?
    And the keyboard may not even be attached to the computer owning the IP address.
    I can use Remote Desktop (VLC, etc.) to control a P2P client from across the
    world.

    Paragraph 18: verifying they were "illegal copies" is very difficult
    and not what they actually did.

    Paragraph 19: "number of audio files being shared": irrelevant. Many
    audio files are perfectly legal to share.

    Paragraph 20: "critical to stopping... piracy". Stopping piracy is
    essentially impossible, and not all means in attempting to stop it are
    justified.

    Paragraph 22: "inflicts great harm". Again, very difficult to prove.
    It might actually increase demand.

    [ Reply to This | # ]

    #15 - Lay Witness Testimony
    Authored by: Anonymous on Tuesday, July 03 2007 @ 05:03 PM EDT
    One item that just occurred to me - In Mr. Linares' declaration he is testifying
    as a lay witness based on personal knowledge. However, if I understand lay
    witness testimony correctly, he doesn't have personal knowledge of the files
    that were identified with MediaSentry and reviewed by staff members. (Keep in
    mind, this is coming from a tech, not a lawyer) According to paragraph 15:

    "The RIAA also listens to the downloaded music files from these users in
    order to confirm that they are, indeed, illegal copies of sound recordings whose
    copyrights are owned RIAA members. Exhibit A to the Complaint lists the details
    of these downloaded music files. In my role as Vice President, Anti-Piracy, I
    provide oversight over the review of the lists contained in Exhibit A to the
    Complaint and hereby attest to the veracity of those lists."

    So, unless I misunderstand the rules of expert vs. lay witnesses, the following
    should be the case:

    1. Mr. Linares does not have personal knowledge that the files identified on the
    Does' computers were in fact downloaded at the dates and times specified in
    Exhibit A. Nor does he have personal knowledge that an RIAA employee in fact
    listened to the audio files and determined them to be infringing.

    2. Mr. Linares does have personal knowledge of his and/or the RIAA's internal
    procedures for using MediaSentry to identify infringing material and for RIAA
    staff downloading the songs and confirming that they're infringing. However, if
    they're written procedures then it would be interesting to see if the published
    written procedures match what Mr. Linares says in his declaration. If there are
    no written procedures, and he verbally instructs his staff on how to do their
    jobs, then how can we be certain that they followed his instructions to the
    letter? Considering that the RIAA's record has a few blemishes when it comes to
    correctly identifying offenders, their track record plus either discrepancies in
    the written procedure, or the lack of a written procedure, could work against
    them.

    3. Unless MediaSentry is already recognized as a forensically sound tool in the
    case's jurisdiction, Mr. Linares' declaration should be accompanied by testimony
    from an expert witness affirming that the methods used by MediaSentry and the
    RIAA are sound. (Considering the stringent requirements for a forensically sound
    analysis tool, I highly doubt this is the case... examples of forensically sound
    analysis tools are Encase and Forensic Tool Kit, and both of those had to
    undergo rigorous testing before they were admitted in many of the jurisdictions
    that recognize them.)

    4. In either case, Mr. Linares' declaration should also be accompanied by lay
    testimony from the actual RIAA staff member who operated MediaSentry and
    downloaded the material, listened to it, and is declaring "Yes, I
    downloaded this song and played it, and recognized it to be infringing."
    Unless I'm mistaken, Mr. Linares can't claim personal knowledge of the actions
    taken by his staff unless he was present and observed the actions taken. That
    lay testimony should include the procedures used, down to "I clicked on the
    icon for application X, then I downloaded file Y, then I opened file Y using
    audio player Z, and I heard the same song as the one referenced by file Y."
    Anything less (as far as I know) is not considered personal knowledge, and any
    conclusions presented without that personal knowledge would be considered expert
    testimony (see above).

    Hope this helps...

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Anonymous on Tuesday, July 03 2007 @ 06:34 PM EDT
    Also consider the lack of talent by current artist. This is a direct result of
    the music idustry practice of not touching an artist till they have had a
    certain amount of airplay. The artist have to pay for this airplay and so
    talented poor artist don't get record deals cause they can't afford to buy the
    airplay. This has drastically reduce the talent pool in record industy. The drop
    in quaility of music has caused a drop in sales. The music industry itself is
    cause of decreased sales.

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Anonymous on Tuesday, July 03 2007 @ 09:11 PM EDT

    Point 3

    Piracy is the crime of robbery of ships or boats. It has no context in law to
    copyright. It would also appear that intellectual property does not feature as
    a legal term and is therefore ambiguous.

    Law.com …

    piracy
    n. the crime of robbery of ships or boats on the oceans. Accusation, trial and
    punishment of pirates may be under international agreement applicable anywhere,
    or under the laws of the particular nation where the accused has been captured.

    Point 5
    “opportunities for the wide-scale piracy of copyrighted sound recordings”

    Very few boats are involved in the Internet. And Piracy is again is not related
    to copyright law.

    “Once a sound recording has been transformed into an unsecured digital format,
    it can be copied further and distributed an unlimited of times over the
    Internet, without significant degradation in sound quality.”

    Since most recordings are sold on Compact Discs which are already an unsecured
    digital format… this sentence seems redundant.

    Point 6

    “or so-called online media distribution systems.”

    So-called seems redundant as the systems distribute media online.

    “These included KaZaA, eDonkey, iMesh, Ares, BitTorrent, DirectConnect, and
    Gnutella, among others.”

    BitTorrent, eDonky and Gnutella are all protocols not networks. An analogy
    would be language in comparison to a book.

    “At any given moment, millions of people illegally use online media distribution
    systems to upload or download copyrighted material.”

    No proof given.

    Point 8
    “The major record companies generally have not authorized their copyrighted
    sound recordings to be copied or distributed in unsecured formats … ”

    However the major record companies distribute their copyrighted sound
    recordings to in unsecured formats.
    Point 9
    “Online Piracy”

    No boats involved.

    “The RIAA member companies lose significant revenues on an annual basis due to
    the millions of unauthorized downloads and uploads of well-known recordings that
    are distributed on P2P networks by infringers”

    No evidence given of loss of revenue as a direct result.

    Point 11

    “…combating copyright piracy, the RIAA retained …”

    No boats involved.

    “Users of P2P networks can be identified by their IP addresses because each
    computer or network device (such as a router) that connects to a P2P network
    must have a unique IP address within the Internet to deliver files from one
    computer or network device to another. Two computers cannot effectively function
    if they are connected to the Internet with the same IP address at the same
    time.”

    Does not take into consideration technologies such as IP spoofing and Network
    address translation where a single IP address can have multiple computers
    attached and Computers from the Internet side cannot determine which computer
    behind the NAT device they are talking to.

    Point 14

    “ For each suspected infringer, MediaSentry downloads a number of the music
    files that the individual is offering to other users on the P2P network.”

    Isn’t that creating an unauthorised copy of a coyrighted work, and therefore
    Illegal? Even if MediaSentry have provisions from the recording companys to do
    this, can they guarentee that the file is not owned by another copyright holder
    who they do not have permission from? Thus a search conducted in this manner,
    may violate other entity’s copyrights.

    Point 16

    “Once provided with the IP address, plus the date and time of the infringing
    activity, the infringer's ISP quickly and easily can identify the computer from
    which the infringement occurred (and the name and address of the subscriber that
    controls that computer), sometimes within matter of minutes.”

    This will only identify the first device attached to the internet. Using NAT
    any number of other devices could be using this device.

    Point 18
    “e RIAA downloaded and listened to a representative sample of the music files
    being offered for download by each Defendant and was able to confirm that the
    files each Defendant was offering for distribution were illegal copies of sound
    recordings whose copyrights are owned by RIAA members.”

    What happens to the files that are not owned by the plantiff?

    Point 20

    “critical to stopping the piracy of the RIAA members' copyrighted works.”

    No boats involved.

    Point 21

    “First, every day that copyrighted material is disseminated without the
    authorization of the copyright owner, the copyright owner is economically
    harmed. Prompt identification of infringers is necessary in order for copyright
    owners to take quick action to stop unlawful and dissemination of their works
    and minimize their economic loss.”

    No evidence of economic loss.

    Point 22

    “New recordings generally earn a significant portion of their revenue when they
    are first released, and copyright piracy during a recording's pre-release or
    early release period deprives copyright owners of an important opportunity to
    reap the benefits of their labor.”

    No boats involved.

    If a document has not been released publicly then this is not a copyright issue,
    but one of trade secrets. Please use the correct laws.

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Anonymous on Tuesday, July 03 2007 @ 09:35 PM EDT
    8.What method did you use to the reach the conclusion that the vast majority of content that is copied and distributed on P2P networks is unauthorized? What percentage total data exchange is a vast majority?

    What percentage of the total data exchange via P2p is valid content such as Ubuntu, RedHat and other major Linux vendors using P2P or other legal content such as home movies for distribution?

    How did you measure the total amount of data exchanged on P2P networks? How did you measure the total number of copyright violating distributions?

    How can you tell that a file is illegal copies of your clients works, or other legal files with the similar names?

    Has the RIAA or it's investigators posted files named like they are copyrighted music files that are in fact just noise and are not copyrighted works?

    How much "fake" content has been distributed into the P2P networks by the RIAA, it's member companies and it's agents?

    What percentage of the total exchange of works on the P2P systems is made up of these "fake" files?

    That was a hell of an assertion he made in saying that "the vast majority of P2P content is unauthorized". In fact it an out and out lie.

    11.What method does your investigator use to verify that ALL the files names listed are in fact copyrighted works for which your member companies are the copyright holder and not files with similar names or in fact bogus files?

    Does the RIAA conduct quality assurance checks of their independent investigator to ensure they are validating every file claimed as infringing?

    What kind of failure rate has the RIAA had in identifying the correct individuals?

    How many times has the RIAA admitted in court or in settlement discussions that the wrong person was identified?

    How many suits has the RIAA dropped before a verdict could be reached.

    In these cases what was the reason the case was dropped?

    12.In fact two computers with the same IP can connect to the internet, traffic routing will be essentially random as to which computer receives with response and lots of lost packets will be transmitted but in fact the internet doesn't break or crash or refuse to function if two people with the same IP are connected at the same time. This doesn't even take into account hacking measures like IP spoofing.

    It's also possible to use someone else's IP address that is not currently using their assigned address without any of the network problems two simultaneous users will encounter. In fact without direct and hard coded assignment of IP address (and routers that won't route improperly assigned IP addresses) to a single fixed hardware point the IP is easy to spoof and instructions for doing so are contained on numerous public websites and are a weakness of TCP/IP protocol that is likely documented in the RFC's (detailed technical publications on the specifications of the internet so that different programs/os's can communicate).

    Two computers cannot effectively function if they are connected to the Internet with the same IP address at the same time.

    This would depend on your definition of effective, but if both computers are trying to exchange large amounts of network traffic while having the same IP the result would make it nearly impossible to receive anything or might not even be noticed as it depends on the network configuration and routing tables in between. If one computer is exchanging very little data the problem would be almost unnoticed to both individuals operating the computers.

    This is analogous to the telephone system where each location has a unique number.

    Except that the telephone number can change at almost any time without the user or the person the user is serving noticing. That the user can hard code a different IP address into their system unless the operator of the network hard-codes IP addresses to physical ports on the network. And the fact that if the owner of the IP is in fact operating an open wireless network access point that anyone can connect to, he is in essence sharing his phone number (intentionally or unintentionally, because most routers come configured to be open) with everyone who wants to use it.

    The network provider may or may not log allocation of IP addresses, but assuming they do, if they don't have a central time server, that is synced to an atomic clock or other reliable source of time information, that ensures that the DHCP servers are operating on the same time as every other server then the logs would be inaccurate and essentially worthless in identifying the correct account holder of the IP.

    Does the RIAA or it's investigators verify that the organization they are subpoenaing is in fact running a central time server that maintains accurate time/date stamps on all transactions, and that the time server is verified periodically and was in fact guaranteed accurate during the time the RIAA logged their alleged instance of violation?

    13.This is providing that they actually verified the files by means other than name (as the are assert initially), and that the IP address being used is being used by the actual person the network provider says is using it (ie someone else isn't using the IP address and that the owner of the IP has not been hacked, or had their computer compromised, or is not running an open wireless network). Otherwise the infringer is someone other than the owner of the IP.

    14.In essence they are saying they downloaded only a couple, so in fact they only have proof of at most a couple of files and claim the rest of the list is owned by them (based only on title). This is completely unethical and likely a violation of federal civil procedures as the RIAA cannot attest other than by circumstantial evidence to ownership of the rest of the file names.

    16.As with above, how are they verifying that the IP address wasn't occupied by another user on the network or that there weren't two people using the same IP? Although an ISP may log the DHCP transactions, the logs are meaningless if the user hard codes an IP in or the time/date stamp is wrong. This also makes their "investigation" rely totally on the input of an outsider that the RIAA cannot verify and for which the RIAA cannot assert is correct as it was provided by a third party. They would in fact need a sworn affidavit from someone at the ISP that can affirm that no one else could have been using the IP and that their system doesn't allow the user to change their IP to something else and it automatically prevents open wireless routers (ie. if they borrow the neighbors IP while they are on vacation it won't work). This proof has to be 100% in my opinion (the court might not agree) and an IP address isn't a divers license number or a telephone number. It can be dynamically changed, shared and compromised and because of that no evidence based on IP alone should be admissible without much much more tangible evidence (such as inspection of the computer in question that provides real proof). Maybe the suit provides that opportunity to analyze the computer, but without that analysis their evidence is at best hearsay, at worst openly false.

    17. What Verizon agrees to isn't necessarily what is legal and sets no legal precedent without a court ruling (which I don't believe occurred in the Verizon suit).

    19. The number of SUSPECTED files, not the number of actual files in violation. And once owner information is obtained they seek to sue an individual based on hearsay (unless the ISP or network provider swears that no other PERSON could have possibly been using the IP address other than the on record account holder. This is impossible for the network provider to assert as they are not aware of the status of the computer of the user in question (or even if they have an open wireless access point, compromised system, etc..)

    20. Considering this campaign has been ongoing for over 3 years there appears to be no expediency otherwise everyone would have been sued at the same time, in fact the legal action that could result would be far more damaging to the individual rather than the RIAA and would in fact be so highly prejudicial as in fact to make it impossible for the defendant to mount an adequate defense. To avoid prejudicial damage to the individuals the court must be certain that information obtained will in fact confirm with 100% certainty that the individual that is identified was in fact the individual that the RIAA's independent investigator purportedly identified.

    22. What files are newly released are contained in the list of files? They don't provide the list but make the blanket claim that they need expediency to ensure new works don't lose money. So the question is what are the new works, what is the artist, title and release date, and did the independent investigator verify these new releases are accurate with the file names on the computer or is it just a list of names that might be, or might not be owned by the copyright holder? I don't see how they claim this requires expediency without identifying actual songs they feel are threatened especially when they claim so many people are involved.

    23. As said above, the potential defendants are registered students at a public University, and whether the information is provided now or a year from now it's not going to change the knowledge that the university has about the person using the IP address. To make a point, the university is almost unique in it's ability to identify an individual right down to their social security number, such that even if a student graduates they will be easy to locate. And as I said it's all hearsay anyway without a means to verify that the exact computer offering files is the one owned by the person allegedly assigned the IP address in question.

    24. A much less prejudicial ruling to the defendants would be to order the university to retain the information until the RIAA can prove that the information they will obtain will be 100% accurate in identification. As a large civil lawsuit against a college student with limited financial resources could in fact force the student to drop out of school and ruin their earning potential for the rest of their lives. At the very least it has the potential to delay graduation and cost the student upwards of 100's of thousands of dollars of lost earning potential. The judge could also order the suspension of the internet access to the person's identified, which if they are in fact hosting the files would eliminate the problem while the suit is settled (but I personally believe that action is also highly prejudicial against the students. The only reason to provide the information without proper verification would be to catch the students while they are still financially vulnerable and more likely to settle to avoid an expensive trial.

    "I declare under penalty of perjury under the laws of the United States that the foregoing is true and correct.

    Executed on April 26, 2007 in Washington, D.C.

    __[signature]___ Carlos Linares"


    He perjured himself with his statements about IP addresses only working on one computer, either that or her perjured himself by swearing he has the technical expertise to manage this campaign.

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: LaurenceTux on Tuesday, July 03 2007 @ 09:42 PM EDT
    what i would like to see is them doing an RDNS on the ips WHEN THEY HAVE A
    "VIOLATION" (of course this assumes the RDNS info would map to a
    person/computer)

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: LaurenceTux on Tuesday, July 03 2007 @ 10:00 PM EDT
    oh a trick with RDNS
    cpe-xxx-xxx-xxx-xxx.triad.res.rr.com this is (my btw) an RDNS showing a home
    cable modem (note the CPE part that = Customer Premises Equipment and the
    res-idental bit) bonus points if you can figure out where and what company
    (side note the xxx parts are actually the ip address)

    [ Reply to This | # ]

    Real hearsay masquerading as psuedo-expert testimony
    Authored by: Anonymous on Wednesday, July 04 2007 @ 12:59 AM EDT

    Unless Mr. Linares is 1) a lawyer and 2) an expert in most of the technical subjects he discusses, the entire document should be challenged (and stricken), piece by piece, as hearsay. Why is it not Media Sentry that is describing their techniques [ah, there it is, hide the questionable techniques behind hearsay]? Why is not a real networking/Internet expert describing the technical details used for the Media Sentry "investigations" [oh, probably the techniques are known to be questionable at best, maybe]? Why is Mr. Linares justifying the legal aspects of the approach [Anything is worth a try when you might lose]?

    The arguments, thinly veiled as narrative, proceed from a number of questionable technical statements, that are not backed up by (any) sufficiently accurate facts, to a description of a second party's "methods" for investigation, and then to a justification of those methods -- based on allegedly similar approaches with wiretaps and other fixed-address investigative techniques. The analogies between phone numbers and IP addresses are a false basis for the remainder of the arguments, er, narrative. This also goes for the description of the Internet and P2P technology.

    In short, this is not direct knowledge on the part of Mr. Linares, and any sufficiently qualified (read: real) technical expert will tell you that the narration of the technical details is over-simplified and just plain inaccurate. In reality, this doesn't even qualify as good quality second-hand narration of technical details, it appears to border on intentional obfuscation. As I understand it, narration by a non expert, such as Mr. Linares, does not qualify as anything but second-hand mumblings put to paper and filed with the court (are you listening MOG?). This particular set of second-hand mumblings should not qualify under FRCP as evidence for anything but the desperation of the mumblers, and an attempt at justifying the psuedo-technical basis for the investigative methods, the details of which they are trying to hide.

    Honestly, this RIAA stuff is a little slicker than the "normal" tSCOG pleadings (stallings?), but not by much -- but they are just as evil. Do these guys go to the same dark-side tactical law classes, where they learn to play fast-and-loose with selective shadings of near truth? I personally would subpoena Media Sentry, their "experts", and their "methods" and have them examined by real experts first hand. Drag the whole faulty, intellectually dishonest mess into the light of day, and beat it repeatedly with expert clue sticks until it succumbs. Don't accept Mr. Linares' word for anything -- and certainly avoid letting him and his lawyers get this load of tripe onto the record.

    To summarize: this is just a poorly disguised attempt to enter psuedo-legal and psuedo-technical psuedo-expert testimony onto the real court record, no doubt to be used later in support of the allegedly valid investigative techniques used by Media Sentry [without needing to disclose those methods or address real technical issues with them]. Get it stricken before it is (improperly) used against you and your clients. In the alternative, it might be fun to preserve minimal portions of the document, in order to put Mr. Linares on the stand and dissect his technical and legal qualifications in front of a jury -- particularly if the defendant is an out-of-work, disabled, single mother or a 10 year-old emotionally handicapped child.

    I am not now, nor have I ever been a lawyer. I am, however, sick to death of seeing legal and standards processes subverted by people who would better serve society by finding another career at the local used car lot or at the local dump (apologies to good used-car sales professionals and sanitary engineers). This kind of stuff just frosts my cookies. Remember, my advice is worth what you paid for it. . .(-;]>

    [ Reply to This | # ]

    P2P, e.g., BitTorrent, is used to build HPC clusters
    Authored by: Anonymous on Wednesday, July 04 2007 @ 01:52 AM EDT
    Application-level multicast, like BitTorrent, is increasingly used to distribute files in HPC clusters.

    See this paper on the "Rocks Avalanche Installer" and the OSCAR Installation Manual as two examples.

    --
    dnl

    [ Reply to This | # ]

    Point 9 -- conclusory and false
    Authored by: Anonymous on Wednesday, July 04 2007 @ 04:56 AM EDT
    <blockquote>9. The scope of online piracy of copyrighted works cannot be
    underestimated.</blockquote>

    True. It seems very easy to overestimate it. The RIAA has in fact vastly
    overestimated the scope of online piracy. They said the opposite of what they
    meant. :-)

    <blockquote>The RIAA member companies lose significant revenues on an
    annual basis</blockquote>
    Conclusory and false. Papers have been written showing that that most downloads
    do not replace sales by the RIAA.

    <blockquote> due to the millions of unauthorized downloads and uploads of
    well-known recordings that are distributed on P2P networks by infringers who, in
    virtually all cases, have the ability to maintain their anonymity to all but the
    Internet Service Provider ("ISP") they use to supply them with access
    to the Internet.</blockquote>

    [ Reply to This | # ]

    Entrapment - MPAA site OFFERS free movie downloads
    Authored by: Anonymous on Wednesday, July 04 2007 @ 10:15 AM EDT
    http://www.zeropaid.com/ne ws/story.php?id=8877

    "MediaDefender Inc, the 'leading provider of anti-piracy solutions in the emerging Internet-Piracy-Prevention (IPP) industry' has launched a website called 'MiiVi' dedicated to busting those who both like to download copyrighted content as well as those who already have."

    [ Reply to This | # ]

    Telling individaul machines apart
    Authored by: Anonymous on Wednesday, July 04 2007 @ 11:04 AM EDT
    Here's another thought: if the campus residential network had more than one
    student machine exchanging data with MediaSentry at the same time, it would be
    difficult (at best) for someone to determine which machine was which, even if
    they had the necessary logs. Say you have StudentA and StudentB, both using
    Gnutella as their peer to peer software. The RIAA has communication going on
    with both students, but infringing material is only downloaded from StudentA.
    The logs would show both students communicating with MEdiaSentry, but they
    wouldn't show which one was involved in the data transfer.

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Anonymous on Wednesday, July 04 2007 @ 03:43 PM EDT
    8...The RIAA downloadedand listened to a representative sample of the music files being offered for download by each Defendant...
    With regard to sampling, consider the 1936 US Presidential election. In a "poll" of a magazine's subscribers - that same group who had accurately predicted the 1932 election - the result was predicted as Landon 370, Roosevelt 161. However, Roosevelt was elected US President![1][2]

    What means was used to ensure it is a representative sample and what confidence level is given to the sample results?

    [1] "How to lie with Statistics" by Darrell Huff, ISBN 0-14-021300-7. An excellent book for making anyone weary of any statistic that isn't properly stated.
    [2] The reasons behind that error are not applicable here, but it is an example that shows that a sample may not be all it's cracked up to be.[3]
    [3] Elsewhere in the book a possible example is given whereby "A recent trial of ..." means "We did the trial repeatedly until we got a result we could show to be true and was the result we wanted; all the previous, non-fitting, trials were discarded"

    [ Reply to This | # ]

    A Lawyer Would Like to Pick Your Brain Once Again
    Authored by: Anonymous on Wednesday, July 04 2007 @ 08:44 PM EDT
    The lack of ability to prove a particular person was using a computer is
    probably not relevant. Has anybody actually read the fine print in their
    contract with their ISP? It almost certainly contains wording such as "the
    account holder is responsible for all use and misuse of the facility".
    Period. Doesn't matter if your kid or neighbor did it -- you almost certainly
    signed something that says you are legally responsible.

    I agree that ISP logs may not be in time sync, but they all have to keep them
    for the DHS (spying on americans by americans).

    [ Reply to This | # ]

    The super simple, plain words, analysis.
    Authored by: BitOBear on Friday, July 06 2007 @ 07:46 PM EDT
    The key to understanding why all the _technical_ assertions of this declaration
    is bunk can be summed up in one word. "Addresses". Internet Protocol
    _Addresses_ are _Addresses_ and are not analogous to phone numbers nor
    identities, because computers are _originations_ and _destinations_ for data as
    far as the internet is concerned.

    Lets do the exercise till it makes sense...

    Item: How many pieces of mail out in the world may simultaneously be en-route to
    my home _address_? My business _address_? The number of simultaneous, discrete
    operations on "my address" in the postal system, and the legal system,
    are largely bounded by the ability of the paper manufacturers to make paper.
    No. In practice, at any given moment, it is unlikely that more that a couple of
    hundred pieces of mail are coming my way at any one time, and the system works
    because even if hundreds of things are coming, they will likely not arrive all
    at once, so my mailbox and mail carrier is/are typically sufficient.

    Item: is every piece of mail that has my address as the source (return) address
    actually coming from my house? No. Anybody can put my address in the return
    address spot on an envelope and send it. I can also put my address on an
    envelope but then mail it from my car or office. So the "source
    address" of any one item isn't necessarily an honest indication of the
    actual point where the item entered the system.

    Item: Does an _address_ map to a person? No. There may be more than one person
    at an address and I constantly get mail for people who previously had my
    address, and I regularly get mail for people who have _never_ had my address.
    The LAW _already_ knows that addresses do not map to people, which is why
    lawyers pay out hefty sums to process servers and such.

    Item: does the address on a package uniquely identify the real world location of
    a recipient? No. Again, the law knows this already, but let us complete the
    exercise. If you send something to "BitOBear, His Employer,Some Building,
    Renton, WA" it _could_ land right in my lap if I pick up the mail. More
    likely it will land in the lap of His Employer's mail room staff at Some
    Building. They will recognize BitOBear and internally re-address the item to me
    even though I may be in another building or even another state, but at that
    point the burden of getting the item to me is on the Employer and not the postal
    service. The item may even be put in a box with other items and re-mailed to
    the other building.

    It's even more clear if my address is obviously a P.O.Box where _nobody_
    possibly could be, and so on.

    So in your head, forgetting computers completely, the idea of what can and
    cannot be known from "an address" is a complete idea.

    Now put "internet protocol" back in front of "address".
    Nothing about "address" inherently changes. This is why the word
    "address" was chosen in the first place. It accurately describes the
    transaction.

    Each Internet Protocol Address uniquely defines a logical point of presence on
    (or a connection to) the internet. Because of the way things are organized by
    "network and subnetwork" (a la state and zip/postal-code etc) the
    outer bits tell where the item is going "in general" and as you work
    your way in through the bits you get more and more specific. An IP address like
    10.24.118.6 might as well (by imperfect analogy) be
    "USA.Washington.Third_Avenue.2600". It is more correct to use
    business names like
    MCI_Worldcom.East_Coast_Businesses.Some_Customer.Some_Apparent_Device".
    (I'm still over-simplifying there, but it is close enough for this analysis.)

    Its even messier than that because the address of Some_Device may not be the
    _only_ address of Some_Device. Any one device may have multiple addresses.
    Further, any address may be fronting for a number of different devices. That
    sounds wrong, but it isn't, nor is it that confusing. This is _exactly_ like
    the corporate mail room. One mail room may serve to reprocess mail for many
    entities. In the case of something like a Mailboxes Etc store, that address and
    service may service large numbers of wholly unrelated entities (which is part of
    how some Internet Service Providers operate).

    Concrete example: My singular IP address, which may change at any time in
    theory, but which tends to stay the same because of the "always on"
    nature of my broadband connection, services four other permenantly connected
    desktop computers representing myself and my four tenants (two of whom are
    married and share one computer). It also services my wireless network which is
    used near-full-time by two laptops (my living room laptop and the
    "spare" computer used by the married couple), it also services two
    SlimDevices media players (the main stereo in the common room and my bedroom
    speakers). It also semi-regularly services guests to my home. I havent seen
    any drive-bys but they are possible too.

    This multi-use is facilitated by my firewall device. My mail room. It
    _rewrites_ the packets going through it to replace the "private
    addresses" (e.g. internal addresses) with the "public address" as
    packets leave, and reverses that action as recognizable responses return. So
    one IP address is servicing many people and devices. This isn't magic because,
    as you use a name like BitOBear to find me at my company, you use "port
    numbers" along with source and destination addresses on the internet to
    tell which thing/conversation/whatever the data is _really_ for. So the
    firewall/router/gateway thing that answers to my Internet Protocol Address
    _deliberately_ _lies_ to the internet so that data can flow to and from it as if
    it were one machine, but only it knows what the real machine is behind the lie,
    and it doesn't _save_ that information after the conversation is over. The
    thing is designed to work that way.

    Additionally, one of my room mates wants us to get another IP address so he can
    put up a web site for his World Of Warcraft clan. (I know, someone kill me...
    8-) If I were to assent to that my very same firewall would use both addresses
    at the same time, but it would "know" to send incoming web requests
    (e.g. those asking for that address and port 80) directly to his computer. It
    would still be one public device on the internet, but it would be doing its
    lying for two IP addresses in front and still the 9+ computers on the back
    side.

    It's all very mix and match, since that is part of how the internet "routes
    around damage and censorship by design".

    ====

    All the stuff about "lots of phones but only one call at a time" are
    insufferably and unaddressably wrong. Every time you are using your computer
    with more than one browser open (or when outlook or whatever checks for new mail
    while you are on the web or whatever) you put the obvious lie to that clueless
    assertion. In fact, web pages with more than simple text on them (like Groklaw
    here) typically cause a whole bunch of discrete simultaneous connections between
    the server and client. To see this use slow dialup to surf the web. You will
    see your browser "slowly but simultaneously filling" graphics and
    buttons as complex pages load. This happens because your computer, in response
    to your one click, will make several "simultaneous calls" to the web
    server.

    Really, the declaration is _that_ wrong in its technical analysis.

    ====

    So, the internet works by ports at addresses, the same way the postal mail works
    by names at addresses. All the same foibles and possibilities. If the
    assertions made about "analizing a packet" wouldn't work for
    "analyzing an envelope" then they are just as false. Names and
    Addresses only identify people in the abstract but not to any legal certainty,
    and _anyone_ can send a packet/envelope that claims to be from me, and _anyone_
    can send unsolicited packets to me without my knowledge or consent.

    In the land of computers we have put together Public Key Signing for the same
    reason that in the land of paper we have Signed Documents and Notary Publics.
    Just because a packet appears to be to or from someone doesn't mean it
    legitimately is. Hackers spoof and lie and people just plain screw up, just
    like in life.

    When a school says "at such and such a time, according to our records, we
    _meant_ to map external IP address this-or-that to the internal address we
    normally give to student Bob" doesn't mean that at the actual moment of
    event, Bob's computer (which _still_ isn't Bob) was the one using the internal
    address. Achieving that level of certainty on a nontrivial internal network is
    prohibitively expensive, and even if you do it, Bob might _still_ be using his
    internal address with a wireless router with it's own set of more-internal
    addresses that his friend from across the hall might then be using (and so
    forth).

    The deposition is bunk.

    Just focus on the word address, and what you know about addresses in the real
    world, and it will all remain clear.

    [ Reply to This | # ]

    A better analogy
    Authored by: Anonymous on Saturday, July 07 2007 @ 02:49 PM EDT
    A much better analogy to computers and IP address is cars and license plates.
    Basically what we have here is testimony that MediaSentry pointed a radar gun at
    a car, recorded the speed of the car along with the time, date and license
    plate, and claim it was speeding. Even if we assume that their methods are
    accurate (the radar gun is calibrated, they pointed it at the right car, they
    didn't mess up copying down the license plate, etc) it only establishes that the
    car they saw was speeding. It's a much bigger step to claim that the owner of
    the car actually registered with that plate was speeding. Maybe a friend or
    family member was using the car at the time (friends and family use your
    computer too). Maybe the car was stolen (Trojans and worms). Maybe the plates
    were stolen (insecure wifi). Maybe the DMV screwed up and issued 2 cars the
    same plates (DHCP issues perhaps, rather unlikely I admit). Maybe someone made
    fake plates to cover up their real ones (IP spoofing). Maybe it's a company car
    that many people use regularly (NAT). Maybe the plates were issued from another
    state/country and just happened to have the same number (Some countries don't
    honor how the current IPv4 address space is assigned). In short, while it may
    be likely that it was indeed the owner who was speeding, it is certainly not
    definitive proof.

    [ Reply to This | # ]

    Paragraph 16 - Major errors
    Authored by: afruss on Monday, July 09 2007 @ 07:44 AM EDT
    Others have already pointed out some of the flaws in Paragraph 16, but I want to emphasise some of the points. The ISP may be able to identify the subscriber to the IP address that was used, but:

    All traffic passes through a number of routers in the literal 'web' of the internet, Every one of those routers may corrupt and lie about where those packets came from (a common instance of this lying is the NAT technology identified in Paragraph 12, another is the secure Virtual Private Network technology).

    The endpoint computer that holds the files identified is not necessarily on the subscribers premises, the internet can route the packets to another location using the same internet that brought the data in the first place.

    For instance in a chapter of the book Stealin g The Network: How To Own The Box the author, FX a security researcher tells the story of how the protagonist hacked a HP printer and used the printer to re-route the networks traffic to the internet before returning it and forwarding it onwards to the correct destination. This is a technically feasible, although explaining it in a courtroom would take courage ;). Do you own a HP printer, do you have anti-virus software on it?

    An important scenario as mentioned in comments above is that the subscriber could have a 'freeloader' using their internet connection over a 'Wi-Fi Router' shared insecurely to the neighbours. This could even be a voluntary and legal choice by the subscriber, there are even networks that specialise in it. All of these WiFi Routers automatically make allowance for multiple computers behind their NAT software and can easily allow 2 or more computers to share independently and in parallel via P2P software.

    A cracker/hacker/bot-herder may be controlling the computer for the purposes of this P2P software such that the owner may not know what software is installed and what their internet connection is being used for.

    As others have mentioned, Mesia-sentry's and ISPs logs must be accurate, especially for time and date recording. Their routers must not be compromised, ask if there was any identified hacks into *any* of their systems especially routers during the time involved. Also ask if anyone could hijack an IP address without the ISP knowledge, some networks might not detect an IP address that isn't oficially allocated, but is sort of stolen by another person on the network. Although it is 5yr or more since I have heard of that problem.

    So succinctly, the IP address and time is only a tenuous indication of where the packets were routed. Only a guess of the endpoint computer, which may not be owned by the subscriber, controlled by the subscriber even if it was notionally in the subscribers possession.

    It also seems as if they cannot prove copyright infringement from only file-names of mp3's. There is an implication that they listen to some of them, but I would think that unless each file is verified by ear or sophisticated music comparer with a copy of the actual file (or start thereof) stored for evidentiary purposes, the claim of copyright infringement should be impossible. Song names have lots of ambiguity, and it is conceivable that a legitimate derivative work such as satire might use the same song names.

    [ Reply to This | # ]

    Groklaw © Copyright 2003-2013 Pamela Jones.
    All trademarks and copyrights on this page are owned by their respective owners.
    Comments are owned by the individual posters.

    PJ's articles are licensed under a Creative Commons License. ( Details )