Slashdot Mirror
Innocent File-Sharers Could Appear Guilty?
daveo0331 writes " New Scientist has an article about what could be a promising defense strategy for people targeted by the RIAA. Basically, anyone on the Gnutella network can frame other users by making it look like someone is hosting RIAA music, even though they're not. Therefore, the RIAA's "evidence" against file sharers is theoretically unreliable and wouldn't stand as good a chance of holding up in court. No mention of whether this has anything to do with the RIAA's eagerness to settle the lawsuits out of court. The article is based on a research paper (PDF link, HTML version) posted anonymously to a web hosting service in Australia."
How many of the people being sued by the RIAA actually use Gnutella? I would bet few to none. The vast majority are getting nabbed for Kazaa and other more popular, less geeky p2p clients.
It would have been so easy for the RIAA to only go after people who hosted both illegal mp3s and child porn in this first round. Congress would have given them medals. Then they could have quietly expanded their lawsuits.
Just because they've pointed out theoritical weaknesses in P2P apps doesn't necessarily raise a "reasonable doubt" about any defendant's activities. Is there any evidence that these vulnerabilities are actually being exploited out there? If not, I don't think this would hold much weight in court...
Oh yeah, and IANAL.
Stop by my site where I write about ERP systems & more
While it's interesting that apparently Gnutella can in theory be spoofed, I can't believe that this could form much of a legal defense since the spoofs are specific to Gnutella, so this has nothing to do with the vast majority of p2p usage.
Enable 3D printed prosthetics!
This is no "strategy", it's a cop-out. If people are sharing files, and they *really* believe they should be allowed to do so, they should fight on the merits of their position, and live or die on said merits. To cook up a tenuous argument that someone might have framed you, is a tacit admission that the arguments people have mostly been using to justify file-sharing are worthless, and that file-sharing itself is indefensible. Show some backbone, people.
ISPs are required by law to maintain a USERNAME,IP,TIME_USED record for even dynamic IPs.
So if RIAA gives them a IP,TIME_of_infringement, they will have no problem in retrieving a USERNAME and other resulting info to send to the RIAA
If I was ever brought in on copyright infringement charges and there was evidence, I'd feel more secure arguing that I didn't know I was doing anything wrong, not that the evidence was suspect (someone spoofed my clipart search into one for metallica, changed my IP address, hop count, etc. resulting in 10 gigs of copyrighted files on my computer which I somehow didn't notice/delete).
Occam's Razor will cut off the weasel's tail!
err, I have worked at an ISP and know full well that it is more than obvious to log who is connected, when they are connected and most certainly which IP address they were assigned for the duration of their session.
--- If I were a fish, I'd be wet
At least in the ways described in the document. They're describing potential attacks that just don't seem like they'd be worthwhile to pull off. A jury would be silly to use this as the reason to let file sharers off the hook, unless their only concern is getting the file sharers off the hook, regardless of whether they're guilty.
Umm no. The vast majority of user accounts are unmetred - you pay the same price for the month if you are online for 5 minutes or the entire month.
ISPs that are serious about protecting customer privacy will simply quit keeping these records.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
Are you allowed to share all those files though? I was under the impression that all those songs were free to download, but that doesn't mean you are allowed to distribute them.
GMail invites for completed freeipods.com of
Dude, if I had you as a parent, I'd watch your back. How is your lesson any better than a thug breaking a gambler's legs for not paying on time? I hope you don't own any guns... you just may become a statistic.
today is spelling optional day.
So to punish your son for downloading music, which really doesn't have any value anyway, you destroyed a computer worth over 1000 dollars of your son's money? What would you do if he simply shoplifted the cd's, cut off his hands? Would you have destroyed his car for speeding?
I suppose you've never copied a video tape, or a cd, or a casette, or recorded something off the radio or tv.
I don't get why people treat downloading music as worse than stealing the cd. It's not even close to being like physicly stealing, you're not depriving anyone of their property.
You're probably just a troll anyway, no sane person would do that.
Well, the RIAA, in all honesty, has to sink a lot more investment into file-sharing than the MPAA does. After all, a person can download some 3 or 4 meg song over a 56K line without too much heartache. Try doing the same thing with a 700MB DVD rip, and it becomes a lesson in frustration.
As far as monitoring the different networks, I'm sure that they do monitor them, but at this point, it's not worth them drawing more publicity to those networks, and therefore raising utilization of them. Stick with Kazaa, and you can get the majority of the file-swappers, which is, in all honesty, good enough.
There's something that's bothered me about these lawsuits since the beginning: what proof does the RIAA have that a given person shared a file ? They're simply using logs of their software. But how is this being verified ? A log, afterall, is just a textfile; I can make one now that says Lars Ulrich was sharing my copyrighted works.
Not to mention they're also relying on the DHCP logs of the sharer's ISP. These were designed to aid admins, not to be 100% accurate. And, even if we assume that the RIAA's and the ISP's logs are accurate, most people these days have multiple machines on their home networks and often wireless access points. How can could one possibly prove that the internnet account holder did the sharing and not a neighbor sneaking on via wireless or a friend who stopped by with a laptop or a roommate ?
IANAL, but I don't see how any of these cases could possibly stand up in court, with or without security holes.
The "law" is no longer about the "truth", but who can spin the best "half-truths" (read: lies). And the best "lawyers" (read: lairs) cost $$$, so in short, he with the most money gets "justice" (read: their way). So anything the "little guy" (read: not much $$$) can win is to come up with a nice "open-source" "half-truth", of which this seems to be. That and all that framing stuff others mentioned ;)
"1984" was ment to be a warning, not a guidebook. You hear that Kim Jong-il!? BushCo?!
It really makes no difference if these arguments can be used a a defense or not. THESE ARE NOT CRIMINAL CASES. There is NO JURY.
Basically, you can go before a Federal Judge and try to convince him you shouldn't pay $150,000 per song, or you can settle with the RIAA for ~$2000. To do the former, you'll need to hire a lawyer and be out more than $2000 anyway.
That's why it's so scary. These aren't criminal cases. Hardly anyone even goes to court to try and make a case at all.
"We shall show mercy, but we shall not ask for it" -- Winston Churchill
To publish something that relies on reverse engineering puts you open to charges under the DMCA. Reverse engineering PD software is easy (you have the source). Reverse engineering a closed source program isn't exactly impossible, look at Kazaa-lite, for example. However there are other PD clients to more popular networks such as eMule for ed2k (no disassembly required).
So you can still say that the RIAA's IP address is sharing movies and the MPAA's IP address is sharing MP3s for other networks.
Not to mention that most home wireless networks are still running on their out-of-the-box (read no security) settings. How many people may have their IP hacked for filesharing through their wireless router?
Even the best security settings on most 802.11b boxes are hackable, often in 24 hours or less.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
Downloading mp3 of music that you do not own is illegal. I taught my son a lesson by destroying his iBook. The lesson is that if you work hard and save your money to buy something, once you break the law with it, it will be taken away. By the time he saves enough to buy another laptop (which will be around two years based on his after school pay check) he will have learned that he was doing something bad and wont do it again.
So it's pretty obvious that you are a troll but you do inadvertently raise a good point about authoritarianism.
Destroying your son's personal property was an immature act. He knows it was a childish thing to do, and it caused him to lose respect for you as an authority figure and role model. You have eroded your ability to make moral judgments that he will respect.
If your child does not respect you, he will not listen to you. Because of the power you wield he will simply give the appearance of respect and obedience, but in reality will go behind your back and do whatever he wants. This is the behavior you are reinforcing. Why would he do any differently?
So in a way you are like the RIAA. The RIAA is destroying any respect the public had for it by suing its own customers for large damages, much like you destroyed your son's iBook. Now even if they had a valid moral position (e.g. sharing music is stealing from artists) people are disinclined to believe it, regardless of its veracity. Music sharing will go on - just behind the RIAA's back.
You and the RIAA both need to act like adults here and build trust by acting maturely. Then maybe you both will get the respect you desire.
Yes the RIAA has to make a good case for who they prosecute, but I think in order to use "someone could have framed me" as a defense, they'd have to provide a motive for why this person would have wanted to frame them.
In civil cases (for damages) I *think* judgement is by proponderance of the evidence which means this will probably not be a good defense at all. A lot of things in court are decided on which cannot be proven 100%.
"he drew his sword Ringil that glittered like ice... and he wounded Morgoth with seven wounds..."
On of the obvious ways to scale-up Gnutella was caching of search results, this would mean that even without framing there could be responses which are already irrelevant because the IP address was since reassigned, this could potentially produce the same effect. Without actually successfully starting the download, there is no way to know if the response is correct. Additionally, the original Gnutella protocol does not provide checksums, so even a correct response could point to the wrong file.
http://www.gnu.org/philosophy/words-to-avoid.html
This is a digital world. Evidence is easy to fake and destroy. Picture a scenario where I download a BO (back orifice) client to my machine. Then it's up to the attorney to prove that someone didn't use that BO client to download things, first to my computer and then FTP:ing them to their own.
Does everything include nothing?
Depending on how the RIAA is getting their lists, the article is at best fallacious and at worst deceptive.
Supposedly the RIAA is going after people who've been sharing more than a thousand titles. It is highly unlikely the RIAA would've gotten this information by sniffing the network or by putting out queries; it would just be too impractical. Gnutella hosts will very often put a list of what they're sharing up in the form of a web page, and if the RIAA were reading the page, they'd be retrieving it directly from the user's verifiable IP.
Similarly, other networks have the option to "browse this person's list". From what I understand none of these networks route the results of such requests through any sort of indirection; the data is also transferred via a direct connection to the "offender's" machine.
I'm surprised nobody considered this before. If the RIAA is hunting you down for FILENAMES, then who knows. I could take a 3 meg text file full of 1's and 0's and name it metallica-unforgiven.mp3, and get sued. I say they have to download every file, and listen to it. Lets see how many lawsuits they have then.