MIT Releases Subpoenaed Student's Info

An anonymous reader submits: "MIT has released the name of the alleged infringer whose information was subpoenaed by the RIAA. The student's position? He was (1) not in the country at the time of the infringement, (2) he does not own a computer, and (3) he is not, and has never been, associated with the username in question (crazyface@KaZaA). MIT initially opposed the subpeona, but the RIAA refiled with the proper court."

Let's see..

[MImeKillEr]

.. the RIAA settle this one for $2000.

Re:Let's see..

[macdaddy357]

The RIAA affiliated labels deserve to be boycotted into oblivion. Don't buy CDs.

Re:Let's see..

Obligatory Anti-GoogleBomb: Fair and Balanced

MIT and no computer?

[strider415]

Yeah right..

Re:MIT and no computer?

Hey, I didn't have one for most of my time at MIT. There are computer clusters everywhere - not too much need to have one in your room.

And I was course 6 (EECS).

Re:MIT and no computer?

[the+quick+brown+fox]

Most computer science majors I knew at MIT ('96-'00) didn't have a computer, and yet most business majors (myself included) had the latest ThinkPads. Though come to think of it, the underpowered Sun workstations in the clusters were plenty powerful enough to gcc comp-sci projects, while business majors needed powerful notebooks for their wizzy Powerpoint 2000 presentations.

I'd say the situation was "ironic" but I'm afraid someone will correct me...

Re:MIT and no computer?

[ca1v1n]

Actually, it's a lot easier at a place like MIT to get by without a machine of your own, because they're all over the place. I go to a respectably wired university, and I haven't bothered getting a laptop because there are labs everywhere, and many of the classrooms even have computers. My box probably gets rather lonely, as I spend a lot of my time in labs (like now) ostensibly doing classwork.

On another note, his story is perfectly believable. We have MAC address registration at my university as well, and when the RPC stuff hit, we got several calls at the helpdesk saying "I patched my machine, but I got this e-mail saying I was compromised." In many cases, it was a computer in some shared office that they happened to be the first person to sit down at when we turned on network registration, and their department techs forgot to pre-register them, so they had registered those machines as well.

Er...Dude...

[Oddly_Drac]

"For example, you might have registered a machine, and given that machine, sold that machine to another MIT student," Bruce said. "Unless that person goes to inordinate lengths to re-register the machine, it's still going to have your registration."

This is getting beyond a joke. The 'registration' talked about is the @Kazaa, as far as I can see, and you can change that in seconds

This gets even sillier if they mean the IP.

Re:Er...Dude...

[jtev]

No, it's about registering the MAC address to get an IP address with MIT. the KaZaA registration is a totaly different issue. It was the owner of the IP address that was subpeonaed, and he was out of the country.

Re:Er...Dude...

[Oddly_Drac]

"No, it's about registering the MAC address to get an IP address with MIT. the KaZaA registration is a totaly different issue."

Thanks. I'll be spending the rest of today digging egg out of my assorted facial orifices.

Re:Er...Dude...

[MindStalker]

No apparently at MIT when you bring in a new MAC address when you try to use the web you are automatically redirected to a registration page.
Apparently the ip address of the infinger was the MAC address that got registered as this guy. He says he may have borrowed someones computer but doesn't remember (He probably does but is trying to cover I bet if stuck with being sued he'll probably tell).

Re:Er...Dude...

[solofara]

OK-

Big question -

There are hardware devices (personal firewalls) that allow you to CHANGE the broadcasted MAC address on the fly. If I installed one of those in my dorm at MIT, and kept changing and re-registering my new MAC addresses, I would have, theoretically, obtained multiple IP addresses also. Or, better yet, I could just change my broadcasted MAC address to one that I know is already registered. Viola - I'm now "using someone else's computer" without physically doing so.

Re:Er...Dude...

[kasparov]

Unless their machine is currently plugged in somewhere else, then you get MAC conflicts. Ugliness ensues.

Re:Er...Dude...

[dougmc]

There are hardware devices (personal firewalls) that allow you to CHANGE the broadcasted MAC address on the fly.

You don't need a personal firewall to do this. You can do it with many (most? all?) ethernet cards as well.

I would have, theoretically, obtained multiple IP addresses

Except that the system requires you to `log in' with each new MAC address ...

Or, better yet, I could just change my broadcasted MAC address to one that I know is already registered.

That would certainly do it.

So, are MAC addresses about to become as `sensitive' as social sercurity numbers? (of course, just like your SSN, your MAC address is broadcast with every packet you send out, at least to the first router :) )

Re:Er...Dude...

[jmanning]

Yes, but what if you know they're out of the country, as this person was. Free IP address, no downside.

Re:Er...Dude...

[walt-sjc]

Depends. There is only a conflict if you are on the same ethernet segment. MIT has more than one segment. In fact, they probably have hundreds.

Re:Er...Dude...

[scosol]

that's ridiculous- any organization of any small size is going to have everything behind NAT, so nobody is going to be doing any MAC-address *anything*

Re:Er...Dude...

[spence2680]

If the RIAA would just sue more people, more consistantly, this would be a great way to screw over evil people in ones dorm!

Re:Er...Dude...

[dougmc]

any organization of any small size is going to have everything behind NAT

So, do you consider MIT to be an organization of any small size? I'm not aware of any schools that put their dorms behind a NAT. I haven't been paying attention lately, but it used to be that A&M was the only large school that even put their dorms behind a firewall (and it wasn't a NAT)!

Or an ISP? AOL is the only ISP of any size that I'm aware of that puts it's customers behind a NAT.

so nobody is going to be doing any MAC-address *anything*

I don't think you understand much of what was said.

MAC addresses are broadcast -- but they only go as far as the first router. So you'll never see somebody's MAC address over the Internet, NAT or not, because it's going to have to go through some routers.

But at MIT, if a new MAC address is encountered, apparantly the routers send you over to a login screen where you give a MIT login and then it works. The original poster was talking about sniffing the network for somebody else's MAC address (even on a switched network this is easy), and then using it once they turned their computer off. This has nothing to do with a NAT.

With the MIT system, when the RIAA says that IP whatever was being bad at this time, MIT looks at their logs, see what MAC address was using that IP, then looks at their login records to see who logged in with that MAC address. And then they give the RIAA the name (assuming that all the legal procedures are followed.)

This isn't very different from what cable modem providers do -- but instead of looking at a login logs, they look at DHCP logs.

Re:Er...Dude...

[scosol]

Hmmm- so every MIT-Dorm computer is directly accessible from a public IP?

I don't really know the answer to that question but I'm guessing it's "no"

My point being that any organization larger than a fe people is likely to have a firewall doing NAT-
Meaning that *only* the orginization itself will be able to see mac addresses and be able to tie them to individual users.

Contrast to "no nat", and the ISP would be able to see thse things.

Re:Er...Dude...

[dougmc]

Hmmm- so every MIT-Dorm computer is directly accessible from a public IP? I don't really know the answer to that question but I'm guessing it's "no"

I'm not familiar with MIT specifically, but most universites *are* set up that way.

My point being that any organization larger than a fe people is likely to have a firewall doing NAT-

Incorrect. Businesses usually put their users behind a NAT, but ISPs rarely do, and schools rarely do as well. End users do not want usually want to be behind a NAT -- it breaks things.

Meaning that *only* the orginization itself will be able to see mac addresses and be able to tie them to individual users.

And this has *nothing* to do with NAT. As long as you are on the same ethernet segment, you can see MAC addresses of other computers on your segment. Once a packet traverses a router, you cannot see their MAC address anymore (instead, you see that of the most recent router.)

A NAT will (usually) hide IP addresses, but MAC addresses are already hidden by routers, NAT or not. And even a NAT isn't proof against RIAA prosecution -- the NAT should keep logs of the `real' IP that opened a given connection, which could be used to track somebody down.

Perhaps you're confusing IP address with MAC address? A MAC address is of the form 00:01:02:CD:2D:EC, and an IPv4 address is of the form 216.218.248.174, six bytes vs. four bytes.

Re:Er...Dude...

most universities certainly are NOT setup that way.. of course they are using NAT.. what the fuck are you talking about? did you even go to university?

Re:Er...Dude...

[Tony-A]

A managed switch registers MAC-addresses.
A DHCP server knows MAC-addresses.
Almost anything behind the NAT has ready access to the MAC-addresses.

Anybody who actually knows anything about this stuff could expound further.

Re:Er...Dude...

[yuri+benjamin]

Apparently the ip address of the infinger was the MAC address that got registered as this guy. He says he may have borrowed someones computer but doesn't remember (He probably does but is trying to cover I bet if stuck with being sued he'll probably tell).

Only if he's weak/doesn't have a good lawyer.
I'm not in USA, but I would guess that he can't be prosecuted for poor memory. The RIAA would have to prove he can remember and then sub-poena him for the name of the dude he borrowed the PC from.
If he didn't comply, he could only be punished with non-compliance with the sub-poena (contempt of court?), not infringing on copyright.

Re:Er...Dude...

[dougmc]

most universities certainly are NOT setup that way.. of course they are using NAT.. what the fuck are you talking about? did you even go to university?

How very clever of you to question my education!

Here's a few universities that ARE set up this way --

LaTech.edu, albany.edu, bates.edu
brown.edu, buffalo.edu, clemson.edu
colorado.edu, cornell.edu, csulb.edu
cuhk.edu.hk, dordt.edu, drexel.edu
duke.edu, emich.edu, emory.edu
erau.edu, furman.edu, geneseo.edu
gsu.edu, jhu.edu, louisville.edu
middlebury.edu, mtu.edu, nd.edu
neu.edu, newpaltz.edu, nova.edu
oberlin.edu, pdx.edu, pitt.edu
plattsburgh.edu, plymouth.edu, purdue.edu
rochester.edu, sinica.edu.tw, siu.edu
smu.edu, stcloudstate.edu, stonybrook.edu
tamu.edu, temple.edu, tufts.edu
uab.edu, uark.edu, ucla.edu, uconn.edu
ucsb.edu, uic.edu, uky.edu
umbc.edu, unc.edu, unca.edu
uncw.edu, uni.edu, union.edu
upenn.edu, uq.edu.au, ursinus.edu
usf.edu, utah.edu, utexas.edu
uwf.edu, wisc.edu, wiu.edu
wm.edu, wmich.edu, wright.edu
wsu.edu, wvu.edu, ycp.edu
yu.edu

These are the sites that 1) have .edu in their name and 2) have at least three different hostnames that include `.dorm.', `.resenet.' or `.housing.' signed onto the EFnet IRC network right now. This methodology certainly skips those sites that don't have lots of IRC users, and those with non-standard naming conventions (for example, dhcp-whatever might be a dorm network, or might not -- I don't list it) but it's a start.

It should give you an idea of many universities that do NOT hide their dorms behind a single IP address. Many (most?) universities of any size have a class B or even a class A network (like MIT - 18.0.0.0 -> 18.255.255.255, even though they're not in my list) assigned to them, and therefore have *plenty* of IP addresses to work with. It's one of the benefits of having been on the Internet since long before it was `trendy' ...

Also, I did go to and graduate (twice!) from one of the unversities listed, though I never did live in the dorms. Your (minor -- it's not hard!) challenge, should you choose to accept it, `Anonymous Coward', is to determine which one!

It could happen.

[MarkusQ]

MIT and no computer? Yeah right.

Keep in mind how they measure things when they don't have a measuring device. Who says they aren't equally creative when it comes to computing things with out a computing device?

-- MarkusQ

P.S. That's what my wife (an MIT grad) claims to be doing sometimes when she stares off into space. Since the result often conflicts with my pet theory of the moment, I'm not sure how accurate the process is though.

Re:It could happen.

[Zork+the+Almighty]

Better yet, remember how the RIAA measures CD Burners. That zero-computers owned could easily be 30.

Twisted

[4of12]

Sounds like the guy in question had unofficially let someone else use his computer, account, etc.

I kind of like the idea of RIAA making a big fuss and pursuing legal action and then turning out to be wrong.

It helps shine a light on their gestapo tactics.

It may not slow them down too much, but the publicity helps to make them look like ravenous wolves out to get "whoever".

That kind of PR will erode their support from government.

Re:Twisted

[rjw57]

Sounds like the guy in question had unofficially let someone else use his computer, account, etc.

Not quite. From what I can gather MIT have a system whereby as soon as a un-recognised MAC-address hits the network, the machine is DHCP-d a temporary IP and a all web-traffic is relocated to a registration page.

On this page, a valid MIT id and password is entered then the temporary IP becomes 'attached' to that MAC address with the MIT id used stored in a DB somewhere.

Hence just having an IP registered to a particular user is just an indication that that guy/guyess was the first to use the machine, not that its theirs or that they even have an account on it.

In fact, if all MIT students registered their machines under a common id (e.g. riaasuckmyballs) then there would suddenly seem to be one big pirate there :)

The system as it stands will probably just match an IP to a person who once used the machine in question.

Re:Twisted

[leviramsey]

I suspect that MIT has a clause in their AUP stating that you're not to let others utilize your machine and that you are responsible for anything that any other person may do with the resources you've been assigned. The RIAA can trot that out and it will probably convince a judge or jury that the someone else was using my account defense is invalid. As I see it, the only real option in this case is to try to show that you were hax0red (in essence that whoever used KaZaa on that system had no permission to use it in any way shape or form).

Re:Twisted

[amcguinn]

I don't see the logic there - the RIAA can't sue a guy for breaking MIT's AUP.

Re:Twisted

[gl4ss]

he didn't even have to break MIT's aup.

as the system works just so that every new mac address to get activated one has to enter user/pass once for that mac.

of course, this doesn't sound like a very good system to me, as you can quite easily end up completely lost on who is using it actually. heck, somebody could be reselling pre-activated cards, or have some driver that allowed changing of mac and go through dozens or just use one he knew to work, but that wasn't in the same segment..

here they'll know pretty well(should know exactly) which apartment the traffic is coming from(of course, creative usage of proxies hides it a bit should one want so, so riaa is fighting a losing battle on technical side of the issue as well, if they actually manage to bring up enough suits to worry the casual users they'll just move to something else, imagine freenet with all kazaa slaves participating).

Re:Twisted

[leviramsey]

Among other things, bringing the violation of a contract into the court (it is germane to the case as the violation is admitted to as part of the defense) would be used to reflect on the character of the defendant. It would also be used to demonstrate that the defendant can't in good faith use that defense.

Re:Twisted

[leviramsey]

Proxies won't matter; the RIAA will simply go after the proxy operator. A strong legal argument could be easily made that the operator of the proxy is responsible for all traffic relayed by the proxy.

As to Freenet, that's what the RIAA wants. If they make it so that it takes a day to get a song, the casual users will disappear.

Re:Twisted

[ealar+dlanvuli]

Except he was out of the country.

Re:Twisted

[gl4ss]

as to freenet, it's main problem is the lack of users, and the public notion that it sucks because it is slow, things like frost and fuqid have made inserting files a lot easier.

all the popular top ten hits would get very well spread i would say, even now you can get selected mp3's at ~10-30kbyte/s easily from freenet, i guess much faster if you run a permanent node with a big datastore(heck, run a big enough datastore and the chances are that those pop songs are in your store mostly already and you'll get them pretty darn fast when you decide to get them).

Re:Twisted

[leviramsey]

That still doesn't change the fact that he violated the AUP by allowing someone else to use resources owned by or registered to) him.

Re:Twisted

[amcguinn]

And that doesn't change the fact that the RIAA isn't suing him for violating MIT's AUP.

If he's got an alibi, then he didn't infringe the plaintiff's copyright. If they say "but you must have broken the AUP!", he can say "I guess I must have, but I didn't download those files."

If MIT then want to have a go at him for breaking the AUP, that's fine, but I imagine they're not in the habit of suing their students.

Re:Twisted

[dirk]

It seems this would be an MIT mistake, not an RIAA mistake. I would assume the subpoena was for the person using the IP address x.x.x.x at X day and time. I am assuming MIT uses some kind of proxy server or NAT (something where every computer doesn't have a routable IP that the RIAA could get). MIT looked at their records and gave them a bogus name, because their tracking system sucks and is bogus. This says less about the RIAAs method of tracking and more about MITs method of tracking.

Re:Twisted

[RevDobbs]

A strong legal argument could be easily made that the operator of the proxy is responsible for all traffic relayed by the proxy.

Really? Then I hope no drug dealers get busted in front of my house, on the sidewalk I am legally obligated to maintain.

Re:Twisted

[jeffkjo1]

I suspect that MIT has a clause in their AUP stating that you're not to let others utilize your machine and that you are responsible for anything that any other person may do with the resources you've been assigned. ,/I>

MIT may have this, but it's more than likely not legal.

Good example, your car... I am not responsible for the damages you cause if I loan it to you and you crash into a gas station. Now, I will have to prove to the cops that it wasn't me driving if you hit and run, but beyond that, balls in your court.
That said, I hope this guy countersues the RIAA for emotional damages or something.

Re:Twisted

[walt-sjc]

MIT has an entire class A block. They have no need to use NAT or private addresses.

Re:Twisted

[kalany]

Not true. Most of the time, a certain group or building gets the block 18.y.x.z (where y is fixed). The static IPs usually get a certain amount of that (e.g. x = 0-8) and the DHCP server gives out IPs out of another block (e.g. x = 9-12). In my dorm (I'm a course 18 undergrad), for example, the statics come out of x = 0 or 1, and the dynamics come out of x = 5 or 6. (this is sort of sick, given that my dorm has only 93 residents).

Sometimes, if a "community" computer needs renewing, or if you're using it on a network on which it hasn't previously been used, you'll just throw in your information to get it working again. This may well be what happened to the person in question, although I'll certainly think twice before doing it again myself.

Really, they ought to tell them who is using it now, as they just forced all computers who use DHCP to re-register (and wouldn't let them register before they closed certain ports -- a response to the security holes).

Bound to happen

[redelm]

With the RIAAs gill-net fishing technique, they're bound to catch some innocents.

The real question is how long this sort of trawling will be allowed. The student could get the case dismissed on summary judgement, and the RIAA seriously admonished about bringing frivolous lawsuits.

Re:Bound to happen

[MrPink2U]

With the RIAAs gill-net fishing technique, they're bound to catch some innocents.

Looks like they got themselves a dolphin here.

aha!

[Joe+the+Lesser]

"In particular, on June 27, at the time of the alleged infringement, I was in Romania."

So that means he's actually under the authority of the Romanian Industry and Art Association right?

Re:aha!

Informative? How the fuck is this possibly informative? Funny, yes, but fucking not informative.

Misleading title

[IM6100]

It says right in the body text beneath the misleading title that the student's NAME has been released.

So why does the title say that the student's 'INFO' has been released, which implies that everything about the student, and all the info subpoenaed, has been released.

Far too often, alarmist but inaccurate titles detract from the credibility of this website.

Re:Misleading title

[Andy_R]

Because they also released his location at the time, the number of computers in his posession and the extent of his association with the username in question (crazyface@KaZaA). This is "Info".

Perhaps if the RIAA *pays* $2000

[redelm]

Why would the guy settle? The RIAA may need to abandon the case to avoid an adverse ruling. IANAL, in some states they might not be able to simply abandon without Respondant consent.

Re:Perhaps if the RIAA *pays* $2000

[MImeKillEr]

I was being sarcastic.

I can see the RIAA coming back and saying 'Well, MIT says it was you. Cough up some dough. $2000 will do' and then leaving without so much as giving him a reach-around.

Personally, I hope that the RIAA tries to persue this guy and that MIT gets involved on his behalf. Let the two of them duke it out.

Re:Perhaps if the RIAA *pays* $2000

[redelm]

I saw the sarcasm, but also thought there was a legitimate point. The RIAA certainly will take $2000 if they can get it. Suing your customers is a going-out-of-business model.

MIT will have to get involved because how else can anyone hope to tie an IP to meatspace? Not that there's much hope anyways, depending on the network model and logging.

Re:Perhaps if the RIAA *pays* $2000

Obligatory Anti-GoogleBomb: Fair and Balanced

MAC address can be changed

[narratorDan]

The problem with using the MAC address is that it can be changed or covered up, and since this is MIT how many folks do you think now how to change it?

And according to the article, he was out of town (way out, like Romania) and therefor could not be the person who set up the computer. Since he can prove that he was out of the US I don't think that he will have to make any deals to save his ass.

NarratorDan

Re:MAC address can be changed

[calabs]

You would be surpised how many people don't even know what a MAC addy is. Even at MIT!

Re:MAC address can be changed

Don't worry, rest assured the RIAA won't let little
things like the person was in another country get
in the way of their witchhunt^H^H^H^H^H^H^H^H^H case.
They will find a way to make sure the person pays them
no matter how guilty or innocent the person is.
That's our RIAA.

MIT w/o Computer? Black golfer, white rapper

[bandy]

MIT student w/o a computer. Riiiiight.

Now I bet you expect me to believe that the best golfer is Black and the best rapper is White.

His name was Claudiu Prisnel.

[Discoflamingo13]

His name was Claudiu Prisnel.
His name was Claudiu Prisnel.

A Setup??

[bluesangria]

What happens if the student does win this case? Doesn't that mean that the method the RIAA uses to subpoena users comes into question? Is this something MIT planned (maybe just a little) knowing that courts cannot hold accountable a person who has a solid alibi?? After all, even a civil lawsuit has to show the person was responsible for copyright infringement. Just wondering....

Re:A Setup??

[Purificator]

i doubt it means much of anything if the student wins, except that the student doesn't have to pay. the flaw isn't so much in the RIAA's methods as with MIT's ability to track a user down based on the information they had.

i suppose that could mean MIT has to face legal trouble for record-keeping negligence, but since some ISPs offer lack of records as a privacy service, i imagine not.

i'm not a lawyer, but don't get your hopes up that a loss here would mean anything big or in any way stop or slow the RIAA.

The RIAA is on a roll

[LastToKnow]

"Lets sue some little girl with no money! Oops, maybe that wasn't such a hot idea. I know, I know! Lets get some student who doesn't have a computer at all! That'll learn 'em!"

When?

[www.sorehands.com]

When was that? Before they wired all the dorms with ethernet? You mentioned clusters so I am guessing you were there after they moved the computer center out of building 39 and into the builidng fishbowl on the infinete corridor and the Athena cluster in the SCC.

I think MIT when downhill after students were not encouraged to sleep in the SCC library.

Re:When?

They really started going downhill when the alumni started substituting the word "when" for "went".

That doesn't follow

[Spamalamadingdong]

Except he may not have done that. Using someone else's computer is unlikely to be a violation of the AUP, and that appears to have been sufficient to "register" that computer to the defendant in MIT's database (bad idea). What the computer owner does before and after is not under the control of the person who happened to be borrowing it, and cannot be their responsibility in any moral or even legal sense; they would have to at least have had knowledge of the act.

MIT would probably have handled this best by purging records after a period of non-use. Eliminate the problem of false associations by eliminating the incomplete and error-prone data behind them.

A modest proposal

[rworne]

What we have here is the same need to swap identifying info that those who are members of grocery-store "club cards" are doing:

Get a bunch of fellow college students together (the more, the merrier) and organize a group buy of a bunch of NICs.

Everyone registers their NIC with the university, and then swap the cards amongst yourselves in a double-blind fashion. When questioned about it later, just call it an administrative screw-up or just say you sold the card to another university student and you no longer remember who it is.

If this activity is rampant enough, we can regain anonymity on college campus networks.

Re:A modest proposal

[FurryFeet]

I like your idea, except for the fact that you run a high risk of getting subpoenaed for something you didn't do. And you will probably not have such a good alibi. While the dust clears, your life might be a pretty ugly turmoil.

Every time you share on a P2P network, RIAA kills a kitten.
Please think of the kittens.

Oh, but I do.
I hate kittens.

YANAL

1) Copyright != Patents
2) Infringment != Theft

So what's RIAA Strategy here?

[cmdrwhitewolf]

Capture some Kazaa usernames, perform a tracert to follow the usernames traffic back to it's origin so they can shotgun subpoena the the infringers?

Hey Martha - Get out the Nachos. This s**t's gonna be /REAL/ finger pointing comedy as soon as they hit a company that's using one of those simpleminded ISP "gateway" routers with NAT & DHCP!

RIAA: {looks at list of IP #'s) There's the Perp's PC with IP Address we're looking for! Seize it!

Company: Nope, that's just a Dos Print Server.

RIAA: {looks at list again} ok than, how about that thing over there? It's Ip address is also on the list.

Company: Umm sorry, that's the Router.

RIAA: {points to the nearby tower} That's our infriger than!

Company: {sighs} That's the Novell 3.12 server, Mr pointy hair. It couldn't play a tune even you reformated it and installed windows server on it because it doesn't even have a sound card!

You don't know how true this is

[linefeed0]

I'm an officer in a student computing organization at a major american university. We have a netblock (/26) that we partially administer, and we were forwarded a complaint from the security dude here made by the BSA about a copy of Norton AV... on an IP address that had not been in any use at all for several months, and which had a barely-used VMS VAX before that, certainly not a common target for breakins and warez.

These organizations really do sometimes have bad information.

scheduling files

[Gryftir]

Technically it is possible to schedule files to download while you aren't at your computer.

The MIT student could have scheduled the files to download at a certain time, though I'm not aware of a specific program that does this.

Of course it would be damn hard to prove that he did so, especially if they haven't gotten a chance to look at the computer.

It is possible

[ScottyB]

MIT's IP numbers in living groups (like fraternities, where the guy revealed lived) are assigned typically by a network admin at the house who registers the person's machine on the network.

It is very possible, especially over the summer, for one of the temporary residents (females from other schools typically at the fraternities) to just pick an IP from the block assigned to the house and end up looking like the user who originally registered the IP. There are no network checks to verify a MAC address unless you are using DHCP.

And if you registered a computer you borrowed under your account with DHCP, unless you specifically unregister it someone else could continue using the computer even though it's IP entries are registered to you (I even don't know how to do that on MIT's network, and I go to school there).

So, long story short, this guy's claims are very possible, especially if he has people that back up his claim that he borrowed the computer. If this guy really was in Romania, I imagine someone else actually committed the infringement, but those records would be impossible to find since you don't have to log in with your MIT account every time you use MIT's Internet access.

More info from The Tech

[ScottyB]

http://www-tech.mit.edu/V123/N38/38riaa.38n.html

Just use Athena

[ScottyB]

There are ridiculous amounts of public computer clusters (well, accessable with an MIT account) all over campus, including in the dormitories. Everywhere you turn there is either a Quickstation for checking e-mail (using Sunblades to do so, no less...talk about overkill). The main cluster in the Student Center must have at least 150 to 200 systems, including Sunblades and new Dell PCs running Linux.

It is very, very easy to make it through MIT without your own computer.

You're all missing a very big point

[scosol]

The RIAA is suing people who are *sharing* files, not *downloading* files.

Get that through your head.

It's entirely conceivable that this guy left Kazaa running while going away to Romania, with all his stuff shared.
I dunno- that's kinda how the shit works when you've got a permanent connection.
To give back, you leave the stuff running even while you're not there.

Re:You're all missing a very big point

[kannibal_klown]

There are 2 things wrong with what you said though. First, he claims that he doesn't own a computer. Granted, that could be total BS, but I believe him. Second, you can download files from Kazaa WITHOUT sharing anything. Simply set the download directory to a directory you are not sharing, and make sure that you are not share ANY directories.

Re:You're all missing a very big point

[onomatomania]

Except that he doesn't own a PC. If he did that with someone else's PC then it's that person's problem, not his. As an analogy, if I let a friend borrow my car and he forgets to put on the parking brake and it rolls into somebody's front window, I am responsible since it was my car. (If you don't believe this, then realize that the insurance YOU pay for is what covers accidents when you let someone driver YOUR car -- in other words, the car is your responsibility.)

You ARE responsible if they crash your car

[arete]

IANAL, but you're quite wrong about that. In Illinois at least, and I believe most of the US, you are often responsible for things someone does when you loan them a car.

If some extremely unpredictable act happens your insurance will be liable before theirs, if your insurance covers that person driving (most do) In that way you're being fiscally responsible.

More importantly, if the plaintiff can show that you knew or should have known they were a poor driver, you then can be liable for having put a weapon into dangerous hands. I believe this has been used to achieve manslaughter charges in extreme cases.

*You're* missing a very big point

[achurch]

It's entirely conceivable that this guy left Kazaa running while going away to Romania, with all his stuff shared.

With what computer? RTFA: "Prisnel says he has never owned a computer in the United States, a fact to which 20 other students signed a statement attesting on his behalf."

Re:*You're* missing a very big point

[scosol]

MIT student doesnt have a computer... right.

Myabe he doesnt "own" it.
Maybe he rented it, leased it, or maybe it's "owned" by his parents, and he just uses it while at school.
I don't fucking know- the point of my post is that just because hes away in romania doesnt mean he couldnt have been sharing files.

Open post to whomever modded parent

[bettiwettiwoo]

Dear Moderator,

Two questions:
1. Have you ever heard of Tiger Woods or Eminem?
2. Did you lose your sense of humour or did you just never have one in the first place?

DOPE SMOKER ALERT

WHOOP WHOOP WHOOP WHOOP

RIAA motives

[AndreyF]

The RIAA is not out there suing people for the $. Neither are they doing it to stop the people the people they are suing from sharing. They cannot sue all 30 million people that share, but what they do accomplish is scaring people into not sharing. When most of my laymen friends heard that "people are getting sued", they did not care that it was 300 people out of 30 million, they took down their files because they could get sued next. As a matter of fact, I don't know anyone but myself at the moment that is sharing files on Kazaa. The RIAA is winning: Kazaa is starting to degrade at its roots: the users that had no idea how it worked or what exactly it did, the "you type the song name in here, and you play it in there" people are stopping to share.