Slashdot Mirror
RIAA Files 532 Lawsuits
Like2Byte writes "The RIAA is at it again. This time, Yahoo! News is reporting that 532 file sharers' IP addresses are being submitted to the courts instead of their names because ISPs decline to name people and the courts previous blocks. Music lawyers filed the newest cases against 'John Doe' defendants -- identified only by their numeric Internet protocol addresses -- and expected to work through the courts to learn their names and where they live."
I wonder how long most ISPs keep their logs linking usernames to IP addresses.
I suspect there may be some policies written very quickly, to say "not long at all".
identified only by their numeric Internet protocol addresses
TK-421! Why aren't you at your post?
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
This is what they should have been doing from the beginning, instead of trying to weasel their way around the law and demanding proprietary customer information from ISPs so they can bully them with settlement offers. This gets the process into the courts where it belongs.
Sure the RIAA is still evil, but they're improving their tactics, and should be commended for that. Going after P2P sharing services is wrong, demanding proprietary information from ISPs is wrong, filing John Doe copyright infringement suits is NOT WRONG - it's EXACTLY what you should do if you find people sharing binary apps derived from your GPL'd project and you don't have a way to contact them yourself.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Thats irrelevant. ISPs will know who had what IP and at what times.
--- any post that takes longer than 20 seconds to write, isn't worth writing
"Judge, one of my neighbours grabbed an IP from my wireless router and was using KaZaa, not me, I swear..."
how are they going to address that???
there's no place like ~
In point of fact, I know most do. I know several people who work in support or engineering for several ISPs and keeping such logs is not unusual. The existence of a given set of logs can almost be taken for granted, what you can't take for granted is how long such logs might be kept.
"Talk minus action equals nothing" - Joey Shithead, D.O.A.
"Talk minus action equals
Basically, our friends at the RIAA are more than happy if you'll keep buying your CD's at fifteen dollars a pop, then every few years they'll try to make what you already purchased obsolete by offering a new release with better packaging.
Sometimes I wonder if they are deliberately incompetent in issuing their first release. I remember back in 1991, I picked up Miles Davis' "Kind of Blue." Five years later, the record company had re-released it, along with the shocking announcement that one of the original CD's songs had been mastered at the wrong speed -- so the CD I owned had a song that was therefore in the wrong key and at the wrong tempo. And for this incompetence, on their part, I was supposed to shell out another fifteen bucks to get the fixed version.
Understandably, people are tired of this crap, so they've resorted to downloading music. That's where the RIAA's new revenue generating tactic comes in: they're using their legal department to send letters, coercing downloaders to pay up at about seven grand a pop. That's a lot of shiny CD's.
So buy CD's or download illegally -- either way the RIAA wins. Unless you decide to get out of the game.
If you follow the RIAA's tactics at all, you might have decided it's appropriate to not give these bloodsuckers another dime of your money. So here are a couple tips. Don't buy from labels that are affiliated with the RIAA -- and don't buy legally downloaded music from these labels just because they happen to be on the iTunes record store.
Second, check out sites like Magnatune. Read everything you can about their business practices. These people are cool, their artists' music is awesome, and they deserve our support.
I'm generally "Interesting," "Insightful," and even "Funny" here. What the hell happens to me at parties?
Everyone is bringing up the question of how long the logs would be kept for. Remember back when the US govt. was (possibly still is) granting itself the power to check out what books you were reading at the library? Remember how the librarians decided to destroy the records because it was legal? How long until ISPs get the idea and follow suit? No records, no court. Remember, ISPs want to keep customers, one way is to have a strong privacy policy.
The dhcp servier & radius server (PPP) are separate entities. More accurtately the dhcp Ip is linked to a MAC address - Once a dhcp lease expires (connection is terminated) the arp table is refreshed. I don't know how long other ISP's leave thier arp tables up - but my routers refresh every 20 minutes.
In order to tie any specific IP to a particular user the connection has to remain active and the lease on the IP cannot expire.
This is why some macintosh users were accused of running the kazza client - the IP in question was linked to the mac adress currently in the arp tables. I have never encountered an isp that logs thier arp tables. So the customer who gets slapped with the lawsuit may not have been the customer who was originally sharing mp3's.
The only time usernames would be used at all if some sort of radius authentication is required by the isp before a dhcp address is leased (pap - chap, whatever). The most common broadband technologies that use radius is PPPOE & PPP over ATM.
The majority of ISP's used bridged ethernet technologies that don't require radius authentication. The only way of matching an IP in that case is via mac address.
Many firewall / router products allow for mac address cloning - which essentially allows a user to change his or her mac adress. IANAL but if the corresponding mac adress was not found on an offenders network then the RIAA would have no case.
In either way - due to the fact that most residental broadband services only offer DHCP addresses - the method that the RIAA is using to identify thier victims is highly unreliable.
___________________________
I'm not a geek, but I play one on TV.
These are in the list twice
2 12.198.251.665 3.197.275 3.94
12.100.15.167
204.201.220.33
208.150.224.18
216.136.13.252
216.38.33.66
216.
38.201.184.162
63.199.63.218
64.132.1
64.242.223.111
65.105.125.126
66.250.69.1
210.73.74.200 is in 3 times
I count 518 uniques
As a former ISP manager, I know that by the time a lawsuit would have come about our DHCP assignment logs would have been rotated out of storage. Any reasonable sized ISP would have far too much data to keep on hand to store something like that.
Yes! Stop producing anything! That'll show those nasty pirates!
Sorry, but being denied something that hasn't been created is less of a problem for me than being denied something that was created but is now inaccessable because of draconian copyright laws.
because people break the social contract that is copyright and steal. It's a shame really.
The social contract was broken a long time ago... by the content producers. When copyright was extended long past absurd lengths the writing was on the wall. The present day piracy was predicted way back in 1841. Here's a quote from that link (Thomas Macaulay speaking against copyright extension): Seems to sum it up quite nicely.
As for "university property" and whatnot, you clearly have the situation reversed. Universities exist for the benefit of the students, and not vice versa. Networks are student resources, not a Pavlovian carrot to teach them your personal idea of right and wrong. The RIAA is clearly using terrorist tactics, using P2P as sleight-of-hand fake to scare people off even "fair use" applications.
You seem to have a real "God complex". Us and Them. My guess is that you, for the moment, find yourself on the priveledged side of that divide. If justice prevails, you'll find yourself victimized by someone just like you. Hopefully soon.
Actually, that is a far worse plan than dealing with the RIAA.
An ISP can be held responsible in situations where it does not keep records like radius logs. Since the ISP would be unable to prove they didn't do it (they being the ISP), presented with evidence that shows the illegal activity came from their network, it would almost be an automatic loss for them in court. Don't expect any compassion from the court, once the judge points out that your irrisponsibility is borderline deceptive and unethical business practice, you'll probably get either a maximum fine or harsher term.
This is much like loaning your car to a drunk stranger. You automatically become legally liable for anything he does behind the wheel due to your own irrisponsibility.
People forget that the Internet is a communications service. It's not like the phone company doesn't keep a log of all the phone numbers you dial, times dialed, duration of call, the date/time in GMT, etc.
IANAL, of course, but I'm not sure this is right. As far as I know, under common law principles, ISPs cannot be presumamptively liable for the actions of their users...and I doubt the DMCA changes things in this regard.
Is there someone who actually knows with certainty the answer to this point? It is important for how this whole story will play out, methinks.
I see a lot of confusion over the way files are identified and whether this will stand up in court or not.
If you think they are using a method as trivial as "they responded to a search for name label_muzak.mp3" you are mistaken. This would definitely not be credible evidence in court (anything could be in the file) and it's not how the RIAA is going about tracking illegal uploads.
The method they are using has been described in some of the articles concerning the subpoenas issued to users of the networks and it works as follows:
1. The RIAA employs modified nodes in the various networks (KaZaa and Morpheous seem to be the big two) to search for known song names or groups.
2. When they find a match, they attempt to download the entire file from the user. This point is important: if they can't prove you actually uploaded a copyrighted file in its entirety, they don't have a case.
3. When the upload is complete they perform an MD5 sum on the content and verify that it matches a database of known copyrighted files. If they didn't do this step, they would have to have someone listen to it to be sure its actually what they think it is.
Given the nature of peer networks, there are a number of common rips (i.e. identical) of songs widely shared among many users. Thus the MD5 sums will match for the same file among many users.
This is all the information they need to bring a suit against your. They have an IP address and time/date associated with the upload, they have a verified MD5 sum for the upload that matches known copyrighted files.
This information was covered in a previous article here: Innocent File-Sharers Could Appear Guilty? and the techniques they use are explicitly designed to withstand the scrutiny of a legal proceeding.
All of the cases of mistaken identity to date (the mac user sent a nasty gram, the grandmother, etc) appear to be mistakes by the ISP correlating a given IP + date into the right account holder, and not a flaw in their methods associated with identifying infringing content traded over the networks.