Slashdot Mirror

← Back to Stories (view on slashdot.org)

Programmer Challenges RIAA Investigators

Posted by CowboyNeal on from the not-so-fast dept.

NewYorkCountryLawyer writes "In court papers filed today in Manhattan federal court, programmer Zi Mei has slammed the investigation on which the 'ex parte' orders obtained in the RIAA's cases against consumers are based. Armed with Mei's affidavit, a midwesterner -- sued in Atlantic v. Does 1-25 in New York City as 'John Doe Number 8' -- has asked the judge to vacate the 'ex parte' order on the ground that the RIAA doesn't have the evidence it needs to get such an order. If Doe wins, the RIAA's subpoenas to the ISP, for its subscriber's identities, will be thrown out."

19 of 238 comments (clear)

  1. ex parte by Black+Parrot · · Score: 5, Informative

    Here is an explanation of "ex parte".

    --
    Sheesh, evil *and* a jerk. -- Jade
    1. Re:ex parte by eatmadust · · Score: 4, Informative

      or here on wikipedia.

    2. Re:ex parte by thebdj · · Score: 3, Informative

      Ok here is the most recent info I found:

      agricultural products (soybeans, fruit, corn) 9.2%, industrial supplies (organic chemicals) 26.8%, capital goods (transistors, aircraft, motor vehicle parts, computers, telecommunications equipment) 49.0%, consumer goods (automobiles, medicines) 15.0% (2003)

      The entertainment industry would fall into that 15% for "consumer goods", which means that over 85% of the US exports have absolutely nothing to do with American entertainment. Don't forget, many countries think our music sucks about as much as we think theirs does. As a side note, by the 2004 numbers the US is the 2nd largest exporter of goods at $795 billion. Germany is the only single country who exports more. The EU exports $1,109 billion, but they are not a single country, but if you did count them that makes the US 3rd.

      Despite what you might think the US still makes a good chunk of change on its exports and not so much of it would be the entertainment industry. I think what you mean is that the US imports more then it exports, which is quite true, but this is largely because we are a huge consumer. I think the only category listed above for which we are considered a "net exporter" is the Agriculture industry.

      --
      "Some days you just can't get rid of a bomb."
  2. Ex Parte by Shadow+Wrought · · Score: 4, Informative
    IANAL, but have been paralegalling for a few years now. Ex parte is the term used when one side in a case speaks with the Judge without the other side being privy to what is said.

    If he can get this tossed it would be a pretty big blow to the RIAA's case.

    --
    If brevity is the soul of wit, then how does one explain Twitter?
  3. Re:Yea that will work by dark404 · · Score: 3, Informative

    except that this is a civil case, not a criminal one, and a motion for discovery not a request for a warrent.

  4. documents by hylander_sb · · Score: 2, Informative

    Any mirrors of these documents? I'm getting empty files on their site.

    --
    Stop the use of force!
  5. Re:what the fuck by BrynM · · Score: 3, Informative
    Right now the RIAA is the only person...
    Never say that.
    --
    US Democracy:The best person for the job (among These pre-selected choices...)
  6. alternate link by Anonymous Coward · · Score: 2, Informative

    http://www.p2pnet.net/stuff/atlantic_does1-25_ziaf fidavit.pdf

  7. Not get picky...but... by redwoodtree · · Score: 2, Informative
    programmer Zi Mei has slammed the investigation on which the 'ex parte'

    No.... actually, progammer Zi Mei's LAYWER has slammed the investigation. Unless he's a lawyer and a programmer of course, in which case it should say "programmer and lawyer..." But I digress.

    What I'm trying to say is, I'm no fan of laywers, but let's give them a little credit here and say that they've come up with a good way to defend this Mei guy. If anything Mei can afford a good lawyer, yay!

    ...........Anyway... back to digging for slugs....

    1. Re:Not get picky...but... by rodentia · · Score: 2, Informative


      No, actually, Zi Mei is a programmer hired by lawyers for John Doe #8, party to Atlantic vs John Does #1-25, to investigate and give expert opinion upon the RIAA's evidence gathering. Mei hasn't been accused of anything.

      Read before you pick.

      --
      illegitimii non ingravare
  8. Anyone able to get at those PDFs? by TheSkyIsPurple · · Score: 2, Informative

    I keep getting 0 bytes files... even from coral cache...

    I really want to read what was filed for this

  9. Re:wrong wrong wrong by Anonymous Coward · · Score: 1, Informative

    Who put them there? are they legal? How many people use that computer?

    Anonymous ISP here again... funny story to share about the "who put the file there" comment.

    About a year ago summer, the customer service manager referred a customer issue to me (I get all the fun ones that deal with policy issues as CSO). I should mention the process we use - we actually (hold onto your chair) presume our customer is innocent first. The process we developed (and reviewed with counsel) does the following when we get either a DMCA inquiry or an internally-generated incident request from NIDS monitoring (usually from P2P server operation or serious P2P client over a threshold).

    Step 1. Collect basic data and confirm from traffic flows. We're PPPoE throughout our network into an MPLS fabric, so it's pretty easy for us to redirect a stream for analysis from anywhere in the network to an analyzer. We don't go into the traffic other than looking at what it is and confirming/rejecting the information of P2P flows. (Always, always document these processes too - it'll save your ass someday since courts and judges do give a bit of discretion to those who exercise diligence in their practices).

    Step 2. Contact the customer via phone (with followup email for legal requirements - just to CYA). We let the customer know what's going on. Like I said previously, it's almost always a minor child who's installed P2P. Occasionally I have an adult who I have to explain the issues of P2P server mode being like driving 110 MPH in a 45 zone per getting attention. Simply downloading won't get our attention, but they do need to be aware that it can get the RIAA's and if they have good evidence and comply with the notification provisions, we will have to pass along the customer's info. (Hint: Be discrete and don't be a P2P pig! Drive with the flow of traffic!!!)

    So anyway, we had one of the server type incidents and helpdesk called and notified a parent. I got the call back from the mom, demanding to speak with a company officer about our behavior. Figuring we had someone unaware of DMCA and just needing to talk with, I called mom up.

    Mom proceeded to tell me that she had talked with her 15-year-old son after she investigated the PC and found gigabytes of porn on the family hard drive. However, the son explained that the ISP put it there, since that's the "only way it could have gotten there." I was actually being threatened with lawsuits from mom about our allegedly hacking in and forcing her 15-year-old kid to watch all this stuff.

    I kindly (holding back the laughs) told mom that if she really believed this to be the case, we'd need to have authorities immediately take the PC as evidence and conduct a forensic audit on the contents. Of course, if it was determined that her son put it there...

    As always, you can help most people out but occasionally you get a nut!

  10. Re:what the fuck by Krach42 · · Score: 2, Informative

    http://en.wikipedia.org/wiki/Legal_entity

    Courts deal with "persons", which are actually legal entities. It just so happens that in the vast majority of cases, legal entities are confined in squishy tissue boundaries.

    But there are a number of "persons" who can appear before court that aren't confined in squishy tissue boundaries. (btw, that's a real legal term... squishy tissue boundary...)

    sorry, I just got totally sidetracked there...

    --

    I am unamerican, and proud of it!
  11. Gramm Leach Bliley by TubeSteak · · Score: 2, Informative
    http://www.ftc.gov/privacy/privacyinitiatives/glba ct.html

    The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, includes provisions to protect consumers' personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting provisions.

    The GLB Act gives authority to eight federal agencies and the states to administer and enforce the Financial Privacy Rule and the Safeguards Rule. These two regulations apply to "financial institutions," which include not only banks, securities firms, and insurance companies, but also companies providing many other types of financial products and services to consumers. Among these services are lending, brokering or servicing any type of consumer loan, transferring or safeguarding money, preparing individual tax returns, providing financial advice or credit counseling, providing residential real estate settlement services, collecting consumer debts and an array of other activities. Such non-traditional "financial institutions" are regulated by the FTC. ...
    I think the defining part of the above description is: financial products and [financial] services to consumers.

    I'm not sure how this applies to ISPs in any way shape or form.

    My ISP doesn't provide a financial service...
    --
    [Fuck Beta]
    o0t!
    1. Re:Gramm Leach Bliley by jrockway · · Score: 1, Informative

      > My ISP doesn't provide a financial service...

      Your online banking information magically appears on your computer, then? Funny... I thought it went over your ISP's wires.

      --
      My other car is first.
  12. Re:This always happens.... by JesseHathaway · · Score: 2, Informative
    ...the RIAA should have to be forced to show the actual loss in revenue from each song, and where do they come up with the numbers they sue people for.
    This Harvard Business School/UNC-Chapel Hill study tackles this question of whether the RIAA's bellyaching is warranted, and is quite interesting.
    To sum it up, it found that file-sharing actually increased the sales of albums which contained the most popularly downloaded tracks, contrary to the findings of an earlier study.

    From the Oberholzer/Strumpf study (March 2004):

    We consider the specific case of file sharing and its effect on the legal sales of music. A dataset containing 0.01% of the world's downloads is matched to U.S. sales data for a large number of albums. To establish causality, downloads are instrumented using technical features related to file sharing, such as network congestion or song length, as well as international school holidays. Downloads have an effect on sales which is statistically indistinguishable from zero, despite rather precise estimates. Moreover, these estimates are of moderate economic significance and are inconsistent with claims that file sharing is the primary reason for the recent decline in music sales.

    TFA:
    http://www.nber.org/~confer/2004/URCs04/felix.pdf
    For those who wish to read it in a non-annoying format:
    http://scholar.google.com/scholar?hl=en&lr=&q=cach e:u2jUjTCu3-0J:www.nber.org/~confer/2004/URCs04/fe lix.pdf+author:%22Oberholzer%22+intitle:%22The+Eff ect+of+file+sharing+on+record+sales:+an+empirical+ ...%22
  13. Re:down with Media Sentry by Sancho · · Score: 5, Informative

    Exposition: I am a network security analyst for a university. We have a group that solely handles "incidents" such as copyright infringement, spam notices, etc. That team delivers (and probably filters) incidents to the security group, who then scan the firewall logs for any evidence of network activity with the intersection of the timestamps, IP, and ports reported. We then return that information plus the name of the alleged infringer to the incident team.

    I don't know if the RIAA uses multiple firms or if the incident team filters out the infringement notices, but I have never once received a notice without a timestamp. The notices I receive have the IP, timestamp, ports, p2p network, and infringing filename. We occasionally get the IP address that detected the infringement, too.

    This tells me one of two things: 1) You're exaggerating or outright lying, because every notice I receive has the appropriate information.
    or
    2) The incident team returns notices which do not include the necessary information, in which case your ISP could do the exact same thing.

  14. Re:This always happens.... by Anonymous Coward · · Score: 1, Informative

    Its called a citizens arrest and in most states it is quite legal and depending on what state you live in it is your legal obligation to arrest that neighbor.

    http://www.constitution.org/grossack/arrest.htm
    http://www.ou.edu/oupd/selfarr2.htm

  15. Re:down with Media Sentry by Anonymous Coward · · Score: 1, Informative

    That's because your incident team probably bins the ones which don't follow the basic rules, otherwise as a university you'd be dealing with something like 100-500 notices a day. (But yeah, none of the notices I've seen actually follow the DMCA to the letter.)

    There are several different contractors handling this. For example, BayTSP and MediaSentry both handle automated (yes, they're automated or at the very most click-monkeyed with no verification) takedowns. But so far, only "evidence" from MediaSentry has been used to file lawsuits.

    It's worth pointing out that if you look at the connection logs, you will almost certainly NOT see a connection from the mentioned IP address, to the accused IP address, or indeed, any attempt to download the file. This behaviour is relatively consistent for some scanning bots. (Be aware, however, your network, as a university subnet, will be specifically targeted by one or two distinct scanning bots which may have different behaviour; it depends on if your university is being specifically targeted by the RIAA or MPAA. They are very aggressive against universities, because they want to make examples of students to frighten the rest, and to possibly weasel in an ill-conceived business deal in the process.)

    Upstream nodes are "believed" by most of the RIAA's contractors' sniffers, and they make no attempt to verify the information; they believe the server, or the nodes to which they are contacted.

    This is well-known among some circles. You will see the occasional confused netadmin on Full-Disclosure wondering about it, for example.

    Not all the fake files out there are RIAA/etc (MediaDefender, Titan Media Group, and formerly Overpeer but no longer) fakes. Some individuals are running honeypots with which to identify the sniffers' IP addresses and trap the sniffers by posing as legitimate supernodes/servers/DHT peers and feeding them false information about other IP addresses, which might not even be running a file-sharing application. By and large this doesn't affect normal users, because normal users don't keep hopping between a limited group of IP addresses, joining and rejoining the network and doing nothing but issue searches... but it's like a minefield of fakes for the scanning bots to wade through.

    Given this active targeting and poisoning of the evidence along with virtually no human oversight of the scanning bots, you might be surprised to learn that the false-positive ratio of the takedowns could be much higher than you might expect.

    Even if they do connect, I've never seen them download the whole file; typically 64KB from the beginning. (Probably a holdover from when the scanning bots exclusively did Kazaa.)