Slashdot Mirror
RIAA Files 532 Lawsuits
Like2Byte writes "The RIAA is at it again. This time, Yahoo! News is reporting that 532 file sharers' IP addresses are being submitted to the courts instead of their names because ISPs decline to name people and the courts previous blocks. Music lawyers filed the newest cases against 'John Doe' defendants -- identified only by their numeric Internet protocol addresses -- and expected to work through the courts to learn their names and where they live."
people yesterday. They said copying movies from the Internet costs them money and puts people out of a job. The ad was well done and would be understood by most anybody. The music folks are just an order of magnitude stupider than the movie people are. Instead of messaging combined with clear product value propositions and additional rewards for buying more product, we get lawsuits, attempts to fix pricing on CD media, media that does not work, trash artists and on and on and on.... No wonder these dumbasses are having such a hard time. Hope each one of those lawsuits cost them a bundle. Maybe they will think back to the early Napster days and a reasonable offer. If they had only taken it, things would be cast in a far different light today. You reap what you sow.
I work at the my school's computer help desk and just yesterday we got a phone call asking us to shutdown a certain IP address because the user was found to be in violation of copyright law. I have a feeling this is linked to this RIAA lawsuit business.
This is what they should have been doing from the beginning, instead of trying to weasel their way around the law and demanding proprietary customer information from ISPs so they can bully them with settlement offers. This gets the process into the courts where it belongs.
Sure the RIAA is still evil, but they're improving their tactics, and should be commended for that. Going after P2P sharing services is wrong, demanding proprietary information from ISPs is wrong, filing John Doe copyright infringement suits is NOT WRONG - it's EXACTLY what you should do if you find people sharing binary apps derived from your GPL'd project and you don't have a way to contact them yourself.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Of course, then the government will enforce log retention policies for everyone operating any sort of servers anywhere for any reason. Just like companies are legally obligated to retain financial, tax, customer and other business records for three or seven years - they will soon be required by law to retain server logs for as many years, most likely.
I wonder what will happen when your server crashes or you wipe over a hard drive or you go out of business or you have a drive malfunction or something - and it's out of your hands.
"Judge, one of my neighbours grabbed an IP from my wireless router and was using KaZaa, not me, I swear..."
how are they going to address that???
there's no place like ~
Interesting, the ISP's won't give up their names, but try typing in http://128.111.80.86/ which is one of the entries. This leads you to the University of California - Santa Barbara's security we page. So they NAT all their users apparently, how helpful is that? :P
just = (My)Opinion.toCents();
Anyone remember the episode of Law & Order where they had only days to track down a rapist... and tried to use DNA 'fingerprint' to issue a John Doe warrant? Courts rejected it.
s id ebar_dna.html
D NA _John%20Doe_warrants.html
l en t_witness_volume_7_number_1_2002.html
However several new reports allow this and it's still? waiting for supreme court review. I can't find anything about any further challenges- but I don't know what I'm not searching.
http://www.courttv.com/news/hiddentraces/yalem/
https://coldhit.doj.ca.gov/dna/news10.htm
http://www.denverda.org/html_website/denver_da/
http://www.ndaa.org/publications/newsletters/si
You know, at my apt we have a Wireless Network which is shared by 3 other roomies.
Sometimes, my neighbours use it too when their net is slow. All in all, one DSL shared by ateast 5-6 peple.
Now, any one person could have used their system for P2P. Are the going to take all 6 of us to court just because one IP has been logged?
Has anyone had similar experiences? What would the RIAA do in such a situation?
Everyone is bringing up the question of how long the logs would be kept for. Remember back when the US govt. was (possibly still is) granting itself the power to check out what books you were reading at the library? Remember how the librarians decided to destroy the records because it was legal? How long until ISPs get the idea and follow suit? No records, no court. Remember, ISPs want to keep customers, one way is to have a strong privacy policy.
Next hurdle for the RIAA is to PROVE these people were actually offering or distributing actual content the RIAA members own the copyright to. A file name or a list of file names/or mp3 tags is NOT going to stand up in a real court. I would think they should have to prove that person was actually distributing an actual copyrighted file by downloading the whole thing or a major portion of that file from only that one person (not getting it from multiple users either) and have some type of timestamped logs or process of the file transfer to stand behind their evidence gathering. Metallica_-_Ride_the_Lightning_01.mp3 can contain anything. A file name is not a copyright violation and without evidence, you would have to assume what the content was. There is no provision in the DMCA to fall back on that can override actual evidence is there? IANAL but since these RIAA lawsuits are civil and not criminal, I don't believe they can obtain a search warrant to come for your physical equipment either. Who knows.
Bad boys rape our young girls but Violet gives willingly.
Like I said, what a joke.
(If you're interested, I've got the e-mail chain between my buddy and EMI.)
It is not our abilities that show what we truly are... it is our choices.
These are in the list twice
2 12.198.251.665 3.197.275 3.94
12.100.15.167
204.201.220.33
208.150.224.18
216.136.13.252
216.38.33.66
216.
38.201.184.162
63.199.63.218
64.132.1
64.242.223.111
65.105.125.126
66.250.69.1
210.73.74.200 is in 3 times
I count 518 uniques
I'm currently developing a new management system for our university network of ~4000 nodes. It has the ability not only to track every single IP address ever used by any student, but also what hub port/wireless AP they were connected to at the time.
As an internal debugging/security tool, this is *great* information. We can make sure that people aren't abusing the network. We can find and disable compromised machines with very simple tools. We can easily do tons of other useful administrative tasks.
However, I *really* worry that the information could be subpoenad and used against individual students by the likes of the RIAA/MPAA. I've been harping on upper management to let us purge the history after roughly a week (tops), which would give us plenty of debugging time, and at the same time not give the legal system enough time to issue a subpoena before the information is gone.
It's really a wierd situation for me. The tools I'm working on are extremely powerful, and will definitely save our network guys a lot of time. But there's a distinct possibility that the information we gather could be used in ways that I, personally, find abhorrent.
It makes me wonder about other developers working on software that's used for security: it's a fascinating job, and has tons of really good applications. But at the same time each piece moves us one step closer an Orwellian society becoming possible. Is this something I/we should really be persuing, given the potential outcome?
--Jeremy
Jesus was a liberal
Not keeping certain logs would put the ISP in violation of certain federal laws, of which the DMCA may be one, but most notably the PATRIOT Act, I believe.
Actually, that is a far worse plan than dealing with the RIAA.
An ISP can be held responsible in situations where it does not keep records like radius logs. Since the ISP would be unable to prove they didn't do it (they being the ISP), presented with evidence that shows the illegal activity came from their network, it would almost be an automatic loss for them in court. Don't expect any compassion from the court, once the judge points out that your irrisponsibility is borderline deceptive and unethical business practice, you'll probably get either a maximum fine or harsher term.
This is much like loaning your car to a drunk stranger. You automatically become legally liable for anything he does behind the wheel due to your own irrisponsibility.
People forget that the Internet is a communications service. It's not like the phone company doesn't keep a log of all the phone numbers you dial, times dialed, duration of call, the date/time in GMT, etc.
I see a lot of confusion over the way files are identified and whether this will stand up in court or not.
If you think they are using a method as trivial as "they responded to a search for name label_muzak.mp3" you are mistaken. This would definitely not be credible evidence in court (anything could be in the file) and it's not how the RIAA is going about tracking illegal uploads.
The method they are using has been described in some of the articles concerning the subpoenas issued to users of the networks and it works as follows:
1. The RIAA employs modified nodes in the various networks (KaZaa and Morpheous seem to be the big two) to search for known song names or groups.
2. When they find a match, they attempt to download the entire file from the user. This point is important: if they can't prove you actually uploaded a copyrighted file in its entirety, they don't have a case.
3. When the upload is complete they perform an MD5 sum on the content and verify that it matches a database of known copyrighted files. If they didn't do this step, they would have to have someone listen to it to be sure its actually what they think it is.
Given the nature of peer networks, there are a number of common rips (i.e. identical) of songs widely shared among many users. Thus the MD5 sums will match for the same file among many users.
This is all the information they need to bring a suit against your. They have an IP address and time/date associated with the upload, they have a verified MD5 sum for the upload that matches known copyrighted files.
This information was covered in a previous article here: Innocent File-Sharers Could Appear Guilty? and the techniques they use are explicitly designed to withstand the scrutiny of a legal proceeding.
All of the cases of mistaken identity to date (the mac user sent a nasty gram, the grandmother, etc) appear to be mistakes by the ISP correlating a given IP + date into the right account holder, and not a flaw in their methods associated with identifying infringing content traded over the networks.
Microsoft is not an ISP.
In a relatively static corporate network, you're going to keep renewing the same IP address over and over and over. That's how DHCP works. (After your lease is 50% up, your 'puter asks the DHCP server if it can renew the lease on that IP addy again.) There are people on the LAN at work whose IP hasn't changed in years, despite being DHCP clients.
I don't know why ISPs mix up the pool of IP addresses, but sure enough I have a new one (though my subnet hasn't chagned) every week or so.