Slashdot Mirror
RIAA's 'Expert' Witness Testimony Now Online
NewYorkCountryLawyer writes "The online community now has an opportunity to see the fruits of its labor. Back in December, the Slashdot ('What Questions Would You Ask an RIAA Expert?') and Groklaw ('Another Lawyer Would Like to Pick Your Brain, Please') communities were asked for their input on possible questions to pose to the RIAA's 'expert'. Dr. Doug Jacobson of Iowa State University, was scheduled to be deposed in February in UMG v. Lindor, for the first time in any RIAA case. Ms. Lindor's lawyers were flooded with about 1400 responses. The deposition of Dr. Jacobson went forward on February 23, 2007, and the transcript is now available online (pdf) (ascii). Ray Beckerman, one of Ms. Lindor's attorneys, had this comment: 'We are deeply grateful to the community for reviewing our request, for giving us thoughts and ideas, and for reviewing other readers' responses. Now I ask the tech community to review this all-important transcript, and bear witness to the shoddy investigation and junk science upon which the RIAA has based its litigation war against the people. The computer scientists among you will be astounded that the RIAA has been permitted to burden our court system with cases based upon such arrant and careless nonsense.'"
Oh man, even Chappelle is going over to The Dark Side. That is *not* funny, Dave.
[/humour][17] Leary, T., White, C., Wood, P. R., Bhabha, W. D., and Wirth, N. Lambda calculus considered harmful. In Proceedings
I saw something in the transcript that I wanted to point out before anyone else here criticizes Jacobson on it:
Q. By what body are you certified as an engineer?
A. By no professional society.
Q. No professional society? Is there any organization that has certified you as an engineer?
A. No.
Q. Are you part of any peer regulatory body?
A. I don't quite understand what you mean by --
Q. Are you part of any body the members of which are peer-regulated?
A. Can you give me an example of what you are --
Q. A lawyer, an architect, an accountant. I thought an engineer had to be certified by a peer-regulated body.
A. To be called a professional engineer they do.
Q. So are you not a professional engineer?
A. I do not have a PE license.
Based on his Jacobson's research page. It looks like Jacob's, a professor "on the faculty of Electrical and Computer Engineering", is a computer engineer. Given that, the above statement is totally understandable As a computer engineer myself, I can say that it is *EXTREMELY* rare for a computer engineer to be a licensed PE. (Not a single computer engineering professor in my University is). PE's are common in engineering professions where somebody needs to sign off on the final product - civil engineering especially, and mechanical engineering to a lesser extent.
To make laws that man cannot, and will not obey, serves to bring all law into contempt.
--E.C. Stanton
Respect to you Ray.
I've seen you take a lot of flack for your efforts to keep us all abreast of the proceedings, of issues that should concern us all.
And it's nice to see that the community could have been of help.
All the best.
"There is nothing nice about Steve Jobs and nothing evil about Bill Gates." - Chuck Peddle
God damn ... I kept waiting for Samuel Jackson to pop in there with "DO THEY SPEAK ENGLISH IN WHAT?"
"Q. Are you part of any peer regulatory body?
A. I don't quite understand what you mean by --"
A professor is part of a "peer-regulated" body. He may not be able to call himself an engineer, but that doesn't mean he's not an expert.
As a Software Engineer who does not have a PE, I'm curious as to what areas of software require a PE?
/. to avoid these off-topic subthreads.
About the only ones I can think of are in control systems, particularly where a failure could cause loss of life or serious injury. The computers that control an automobile engine and brakes come to mind. "Secondary" systems which provide life-saving information, such computers in aircraft-control towers, might also require a PE's blessing, but this seems like a stretch.
Are there any software engineers out there who have to have a PE for their current or past SW Engineering job? What job required the PE?
Memo to Cowboyneal: Add a messaging system to
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I wonder why kazzaa includes the computers NIC ip in conversation with other nodes. This strikes me as creepy.
:)
So the gist is, there was no router, yet the kazza requests came from behind a router? Well shoot, aside from oversights in chain-of-evidence and other such idiocy, that about does it, I hope
Man, nothing is sacred to The Chappelle Show!
--Rob
Towards the Singularity.
Does someone want to summarize that deposition before I die of lawyer-speak overdose?
Maybe someone kan point out the juicy tid-bits. I'm up to page 20, and I'm falling asleep.
If you want news from today, you have to come back tomorrow.
This guy comes to the conclusion that it was the defendant's computer, even though there is no evidence from hard drive forensics, and he says there is no wireless router since the IP was registered to the house.
Also, he kept no records of the forensic analysis, and he is always trying to pin the idea that an IP address is a computer, even though it's obvious he's avoiding or twisting questions, even to someone who isn't so technically inclined.
Why is it that Mr. Gabriel is constantly making an objection to form when the judge just keeps denying him with a lack of foundation? Is it a case of throwing enough shit that some will stick?
'Yes, firefox is indeed greater than women. Can women block pops up for you? No. Can Firefox show you naked women? Yes.'
Not to mention that he maintains he can trace the IP address back to a specific ISP account and computer (emphasis mine). Unless he's a Peeping Tom with a web-cam in the defendant's house, the RIAA should be demanding their money back from him.
Oh, and then there's the place where he maintains that at the time the computer was imaged many months afterwards, that there was no wireless router in use at that time Media Sentry "discovered" this "infringer". Is there a log that keeps records of every IP address you've ever connected with?
And I have to laugh at how he refers to "registered" computers. I thought he was talking about gun registration, or some such thing. I've never heard of my own computer being "registered" to anything. Is this another invented RIAA term, like "Media Distribution System"? Has anyone else ever referred to KaZaA, or any other P2P program, as an MDS? Ray, you can't be letting the RIAA frame the terms of the debate to ignorant Judges.
And don't miss the parts where he says he didn't actually document any of his findings because there was nothing to find, however, you should go through your own copy of the disc to verify my Registry findings that no wireless router was in place. He's supposed to be the expert, and he wants the defense to replicate his findings in the Registry??? Are there any registry experts here? Probably a few, but not many. But he assures us it's there.
Biggest thing is that he says that no KaZaA was present, nor any infringing music files. The only way the RIAA can respond is you sent us the wrong hard drive. No question that the person in question might have actually been innocent. RIAA -- You Bastards!
Glad to know that we helped, Ray! Keep fighting the good fight!
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
In all fairness he told the truth as he saw it, but when you make statements like this from page 55:
24 A. If the program was present on the
25 hard drive, a forensic examination would have shown
2 that.
If the program was present but not "installed" and it was present on an encrypted part of the disk that defied decryption, or even an encrypted part the disk that appeared to be unused space filled with random bytes, it would not only be not detectable but you wouldn't even know you didn't know it wasn't there.
To make such a claim without stating this caveat shoots a hole in your expertise.
Don't agree with you at all. After being beaten to death with the word "exculpate" in the Duke Rape Case coverage, as well as enough television lawyer shows, "inculpate" should hardly be unfamiliar to anyone with even a passing interest in the law -- and concept of how words are formed in the English language. There were, IMHO, other more amusing lawyer language in the deposition than this one word.
"It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
programming desperately needs the kind of accountability and professionalism that 'real' engineering has.
So would a PE software engineer lose his license if he made software with numerous bugs? Can software engineers really be held to the same level of accountability as structural engineers? I thought it was near on impossible to write error free software these days. What criteria would you use for standards?
We are all just people.
The RIAA lobbyists have been a busy lot. On Friday, they got the Copyright Review Board to grant them a fee based system that will essentially shut down the majority of small Internet Radio stations. Way to go boys. Bring on that corporate commercial media. http://www.radioparadise.com/ http://www.save-internet-radio.com/2007/03/02/save -internet-radio/
From the transcript:
2 Q. Any other degrees?
3 A. A Doctor of Philosophy, Ph.D., in
4 computer engineering.
5 Q. When was that?
6 A. 1985.
7 Q. And you are associate professor at
8 Iowa State University?
9 A. That is correct.
10 Q. And you do not know what the word
11 "exculpate" means?
12 A. That's correct.
If you have a wireless router, anyone could be sharing files on your network. Even with encryption and MAC filtering, a determined outsider could use your network (they probably would just use one of the "Linksys" SSIDs in the neighborhood instead). The term "war driving" was never brought up, stealing wireless access happens enough to have its own term. Most routers come out of the box without encryption (I don't recall one that does). Non-technical people are just happy their "Internet Explorer works" and don't really think about the configuration.
What I don't get are the hard drive forensics. You would have to have someone very competent to remove a program from Windows and not leave traces. Anyone running Windows knows that program removal tends to leave little bits and pieces behind. Like user settings and registry entries. It shouldn't, but they do anyway. Both McAfee and Norton have removal tools because they don't uninstall properly. Not to mention erasure doesn't actually wipe out data on the drive. The fact that the expert witness states that none of the methods he is using are peer reviewed is a concern.
From pages 65 and 66:
... unless you want to eliminate the best "but it wasn't me, honest" excuse the world has to offer.
10 A. This tells me that there was -- yes.
11 There was no router.
12 Q. How does it tell you that there was
13 no router?
14 A. Through the two --
15 If you look at the second chunk down,
16 you will see the source address at the top and you
17 will see the KaZaA IP address midway through that,
18 and they match and they are both public IP
19 addresses.
20 Q. You said they match?
21 A. Uh-huh. The 141.155.57.198.
22 Q. That's the source?
23 A. And then down below you see the KaZaA
24 IP?
25 Q. Yes.
2 A. It's those two IP addresses.
3 Q. What does the first number indicate?
4 A. The first number of the IP address?
5 Q. Yes.
6 No. The second line of that chunk
7 that says "source." What does that indicate?
8 A. That is the source address. That is
9 where the packet came from.
10 Q. Now we go down to the next line you
11 referred to, it says "KaZaA IP." What does that
12 refer to?
13 A. That is the IP address that the KaZaA
14 software is running on, the IP address of the
15 computer that the KaZaA software is running on.
Some routers share their IP public addresses with a DMZ computer.
If the defendant's wireless router did that and a attacker across the street took over her router and made his laptop into a DMZ it would lead to this scenario. Kids, always secure your routers
I knew Doug Jacobson when I was an engineering student at ISU. He seemed like a decent and knowledgeable guy, very interested in computer security.
I'm very sorry to see he's come to this.
Kythe
Yes, to you it may seem odd. However, as a juror I would most certainly be questioning this persons educational background. This guy has a Ph.D., and teaches at a well recognized university - he uses his profession and education to qualify himself as an expert. Showing he lacks in a general area of study moves to discredit him as an expert witness.
It's nothing groundbreaking, and doesn't prove anything about him as a CS expert, but in general it makes him look bad. And if the lawyer were really lucky, he would have gotten angry and let it show. Nothing discredits an expert witness like getting them mad.
In general, people try to distance themselves from someone who is aggressive, and having an outburst on a witness stand certainly makes you look aggressive.
From what I read, it certainly looks like the attorney did a very good job, despite the onslaught of objections from opposing council.
I'm currently studying for the spring Fundamentals of Engineering exam (FE). After taking this exam and working in the field of engineering for 5 years, you can take the Professional Engineering (PE) exam. Its not the easiest test in the world, and its a big pain in the arse. That said, I think a computer science student would have a particularly hard time with it. The morning session (general) is composed of several subjects including chemistry, strengths of materials, physics, thermodynamics, fluid mechanics, a small ethics session, etc. Basically all engineering knowledge known up to 1935, updated to the modern day. Everyone has to take the general session, and I think Comp sci students would struggle with it.
The afternoon session is a choice between mechanical, electrical, civil, (chemical?) engineering. I think maybe comp sci students could take the electrical and do fairly well on this half. The PE exams are very similar (identical?) to the FE exams, but it has been 5 years since you have been in a classroom so they are considered harder just for this reason.
As for the term "Computer Engineer"; in the 1800s a group of very smart men began doing different things with Natural Philosophy. They were so different that they thought they needed a new title for what they did to separate themselves from the natural philosophers. Eventually they went with the title "scientists". Perhaps a new title is needed for "computer engineers" because it doesn't seem to fit very well.
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
Dear Mr. Beckerman, It seems that you misunderstood one point about IP addresses and NATs, which led to a lot of time wasted in the deposition. In a situation where the user's computer hides behind a NAT, it will still have an IP address on the local network (the one on which the user's computer and the NAT reside). The NAT will have two IP addresses (one on the local network and one on the global internet). In this setup, the IP address space on the local network is completely independent of the IP address space on the global one. The witness explained that the KaZaa software will determine the address of the computer it's running on and includes it in the data it transmits to the outside world, which data is available to other computers connected to the FastTrack network. The way the data gets to the outside world is by being bundled into TCP/IP packets, which carry on them addressing information for routing. It is this addressing information that gets rewritten by the NAT to implement IP masquerating. Now if the home computer is directly connected to the internet (say via dial-up or DSL) then it acts as its own router, and both the addressing (TCP/IP) information on the packet and the (application-generated) content of the packet will agree on the IP address. If the computer is hiding behind the NAT then the routing information on packets will show the IP address of the NAT (the one that was assigned by the ISP) while the KaZaa data in the packet will include the IP address of the software-running computer on the local network (typically in the address space 192.168.x.x which is reserved for such networks). By comparing these two pieces of information he was able to detect which scenario happened in this particular case. Note that I have no personal knowledge about the FastTrack protocol, so I can't say whether this is the way things actually work, but this is what the witness said and it sounds reasonable to me. (that would be the local, private, IP address in this scenario).
The original Slashdot article asking for questions to pose to the RIAA expert stated that Dr. Jacobson "is the RIAA's expert witness in all of its cases against consumers, relating to alleged copyright infringement by means of a shared files folder on Kazaa," but this time around, it says that he has never testified before in a case, and in the transcription, he confirms that he has never testified as an expert witness.
So, what's the deal?
I would, if I could buy it in a form I could actually use.
In Oregon you have to have a PE to have the word 'Engineer' in your title, or to call yourself one.
The Kruger Dunning explains most post on
In the same vein,
I think you misunderstand what a MAC address is. A MAC address is a physical address used by the wired ethernet (and wireless ethernet) protocols to allow several network cards to communicate on a single physical network. If you are on a computer outside this physical network then you have no way of determining the MAC addresses of any computers inside it (IP packet headers don't record MAC addresse, only IP addresses) -- except if the data payload of the packet included the information -- say if you sent your own MAC address in an e-mail. It is possible, however, that Windows records the MAC address of the network cards in the hardware profile in the registry. This could give an indication (but not a proof) that the hard-drive came from the computer it is claimed to have come from.
Regarding the "internal IP address range". As you can see in this wikipedia table, the address range 192.168.x.x (and a few others) are reserved for "private networks". Computers on the internet-at-large are assigned addresses in other ranges. In particular, if you connect to wireless access point, you will typically be assigned an address in a "private network" for the purposes of the internal network. Thus, if the KaZaa software is claiming to the outside world that it is running on a computer with an address in that range, then probably the computer is hiding behind a NAT -- while if it is claiming to be running on a computer with an IP address outside this range then this computer is probably directly connected to the internet.
PS: apologies about the lack of spacing in the parent post -- should have previewed before submitting.
Not all development is engineering work. Nor should it be.
I have dome Engineering work as a developer, and love the enviroment. However I have also done non engineering work.
I wouldn't want someone who is ont following engineering guidlines to be building in mission critical thing where lives are at stake. OTOH, someone doesn't need to be an engineer to write reports, or web scripts.
I liken it to Civil engineering.
To plan and lay pipe in the ground for public use, you need a civil engineerwho specializes in water.
To put in a private sprinkler system, you just need some guys with pipe and a shovel.
The Kruger Dunning explains most post on
Here is my favourite bit (edited from different sections and removing Gabriel's bloody objections to form)
f uckingwhitespaceseriouslyTacowhatareyouguysdoingit sonlyalargeblockquoteImeancomeontheresnotreallyall thatmuchwhitepsaceandyousortofneeditoryougetsenten cesthatlooklikethisyoubloodymorons
Q. Based upon your examination of the hard drive which you examined in this case, what evidence did you find that supported or would support a conclusion that Marie Lindor had personally uploaded any files?
A. The hard drive that I examined showed no evidence of any peer-to-peer software or MP3 music files.
Q. So when you say it was defendant's computer, you don't actually have any knowledge as to whether it was defendant's computer. All you know is that the defendant's name is associated with the internet access account; is that correct?
A. I know that the - yeah, the computer associated with that user account, an IP address was used.
Q. But you don't know whose computer it actually was, do you?
A. No.
Game Over. Even if all you need in a civil case is preponderance of evidence and not absolute proof. They can't find evidence of p2p file sharing on her computer and they can't actually even say that her computer was associated with the IP address. He also doesn't verify anything given to him by MediaSentry (IP address and files downloaded with times) and Verizon (Account information matching IP at times specified by MediaSentry on Verizon's clock), whether there were any security vulnerabilities on the PC (though a drone for p2p seems a bit out there). He teaches a class that covers spoofing IP address and MAC addresses, but at one point refers to IPv6 and then goes on to talk about reserved ranges like 192.168... . He doesn't care to record any of his findings with EnCase because he found no mp3s or p2p software, and that was all Gabriel asked him to look for. He also works and owns stock in company that sells software to combat p2p. Also Ray that was absolutely beautiful. Wow. I usually try to RTFA fully but damn did that take some work. Totally worth it.
stupidmoroniclamenessfilteranditscomplainingabout
Reality must take precedence over public relations, for nature cannot be fooled.
After reading that all I can see if the guy evading the question, flat out denying truths, agreeing with them in limited fashions, constantly playing dumb. His investigation methods are borderline incompetent, after reading that huge PDF I could only say he should not be allowed to be a whitness in any case I mean I'm a third year computer engineering student most of my course emphasis has been on networking and hardware rather than this sort of thing but I can see huge holes in his logic.
1.Doesn't verify his sources Beckermans point about "are mediasomethigns and verizons clock synchronised" is a good one espeacially when you consider his point about the nature of IP address's, at the very least he should have requested the lease time of that IP (so when did the subscriber start using the IP and for how long) to verify that the information had a chance of being correct.
2.No set method, the lack of reports and the fact he never made print outs suggests he doesn't have a set method of investigating, which personnally would make me question his investigation techniques this results in a whole list of problems:
2a.means no evidence supporting the defendent was kept, in effect his not impartial and also hurts the defense 2b.suggests he makes it up as he goes along, a "what seems a good idea at the time", as you can clearly see he's missed out on some issues which are important, like confirming the MAC address of the machine and its method of connecting to the internet.
3.Deliberate attempts to twist what hes saying or not sticking to the question an example would be towards the end where he starts talking about IPV4 and finishs with IPV6. I don't know how either works exactly but he should have talked about both seperatly, the use of both at once means he could be dilibertly hiding stuff, when was IPV6 rolled out anyways? Anouther example would be his linking IP address's directly to a PC, no matter how many times Beckerman tried to get him to admit that when accessed through a router the IP address given to the outside world is the routers not the individual PC's. 4.Lack of actual investigation, now I'm not sure what he was exactly hired to do but by the looks of it RIAA hired him to prove and be a whitness to say that a person used Kaza to download and share music. Hes not done that, hes investigated the drive he was sent found no traces of Kaza on it, or any MP3's (I think he indirectly said this) rather than investigate possible explanations for this, for example did the person own two pc's, did they connect to the internet through a router, could this router have been compromised (perhaps unsecured), perhaps then look for security vulnerabilities to see if it was a zombie machine, or for other security problems. Then if he couldn't prove any of that attempt to verify that mediashares information was correct, check it and check verizons and then attempt to co-oberate that information somehow, for example attempt to obtain the MAC address from the hard drive and from mediashares packet information in otherwords to link them up. Otherwise all he can actually claim is that "The pc in question when inspected did not have the Kazaa program on it at any time, nor does it appeared to have or have had the media files that mediasomething accuse the computer of having" His conclusions from his investigation lack any form of imparitality and it appears that he was unwilling to give any real unbiased opinion.
personnaly after reading that disposition I would seriously call into credibility as a expert or even as a whitness. I'm sure better people than I could take apart his disposition its 3am here I'm tired but those are the things that come to my mind at least
Why are you trying to take this off topic?
Ray Beckerman +5 Insightful
From p. 88:
Q. But you don't know whose computer it actually was, do you?
A. No.
Q. But your report said it was defendant's computer, so I think you will agree that that's an imprecision in your report.
A few unhelpful observations.
This is my first real-life encounter with a deposition, and I've gotta say it's quite fascinating. I like how the opposing lawyer relentlessly objects to nearly every single question. And how Mr. Beckerman's first goal seems to be to show that the "expert" has a financial interest in what he's been claiming, coupled with that expert's bizarre claims that he doesn't have the foggiest idea about the commercial reality surrounding his work. For example:
I'm not sure how you can have "no idea" whether the RIAA is pleased, furious, or otherwise about the fact that your company is creating anti-P2P products, while being simultaneously "sure" that your company is referring to the RIAA in its press releases to help sell its products.
This is funny, too:
I should buy some cement.
I'm not 100% sure but I think Windows stores a copy of the MAC address for every network card that's ever been connected in the system registry or elsewhere.
From page 118:
2 Q. What is the MAC address of the
3 computer whose hard drive you examined?
4 A. Since I did not have the ethernet
5 card, I don't know.
IANAL, but I understand that there are standards for admissibility of scientific evidence, and the questions quoted below (and several that follow) cover them. The most recent ruling is called "Daubert."
Whatever this witness has to say based on his methods is useless because the methods have not been generally accepted and/or there are no peer reviews or tests of the methods' accuracy/reliability and no known level of accuracy/reliability.
Q. Has your method of determining from
the MediaSentry materials whether a particular
computer has been used for uploading or downloading
copyrighted works been tested by any testing body?
A. Not that I have submitted.
Q. Do you know anyone else that is using
your method, other than you?
A. Not that I'm aware of.
Q. Has your method of determining
through the MediaSentry materials whether a
particular computer has been used for uploading or
downloading copyrighted works been subjected to any
form of peer review?
A. Not that I'm aware of.
Q. Has your method of determining from
the MediaSentry materials whether a computer has
been used for uploading or downloading copyrighted
works been published?
A. No.
Q. Is there a known rate of error for
your method?
A. No.
Q. Is there a potential rate of error?
MR. GABRIEL: Object to the form.
A. I guess there is always a potential
of an error.
Q. Do you know of a rate of error?
A. To my process, no.
Q. Are there any standards and controls
over what you have done?
A. No.
Q. Have your methods been generally
accepted in the scientific community?
A. The process has not been vetted
through the scientific community.
Starting on line 21 of page 97, continuing to page 98. So silly, he calls a DNS a DHCP NS.
Nice.
From page 132-133, the last quoted line makes no sense as an English sentence. Is there a line or page missing? From the looks of it the witness spoke in garbled words or the stenographer make a mistake.
20 Q. Would it have been possible to have
21 more than one router?
22 MR. GABRIEL: Objection to form.
23 A. It's possible to have any number of
24 routers. But given the IP address correlation,
25 given the IP address in the packet in the computer
132
1 Jacobson
2 are both republic.
The lines I put in italics are not part of the testimony.
About tracing an ip back to a particular computer. The IP in itself obviously can't do that, but I'm fairly certain that part of the IP protocol includes the MAC adress of the requestee. So maybe he was being unclear when he used the term "IP address," and he really meant to say logged data. I'm not in anyway on this guys side, and of course in any regard there is no excuse for being unclear in such a fashion in a court case, but I'm curious from a technical side.
So if someone knows the answer, be great if you let me know (what else is slashdot for, anyway).
Cheers.
Relax I just want some peanuts.
OverlyCriticalGuy
You noted your post explicitly OT, so I don't think you're trying to usurp the main thread.
Ray Beckerman - who's postings and efforts I enjoy and admire tremendously - appears to be a little pissed at your post for going OT, but I'm going to take up your question anyway, mainly because I've spent some time talking to musicians, and one musician in particular, about your question.
Off-Topic
My conversational straw poll indicates that the CRIA (the Canadian equivalent of the RIAA) has been successful in getting musicians to believe they need to be partners with CRIA in a fight against music piracy. I think it's an easy place to take musicians to - it's a hot button topic, and nobody wants to feel they're getting ripped of in life.
But a musician's goal in life shouldn't be to minimise piracy, but rather, from a business perspective anyway, to maximise sales of their music. I don't think that the existence of some amount of piracy is causally linked to less sales; rather, piracy *may* be a component of a new distribution model which can help the artist sell *more* material.
So *if* some of an artist's material is pirated, but overall more people are listening to their music and more people are buying their music, do they really give a shit about the piracy that *may* be occurring?
Framed in those terms, musicians I talk to (and I know this is representative of no more than just those musicians) become a lot less uptight. And for those that still feel they're getting ripped off somehow, the Copying Levy in Canada would seem to take even that away (if the dollars collected under the Copying Levy actually got distributed to artists, 'cause I've never met anyone who's seen a penny of it, which is just another instance of the industry ripping them off, but that's another conversation).
So quit worrying about piracy that may or may not be happening, and embrace that new distribution model and sell more stuff.
I'm not an artist making my living off CD and digital copy sales, so I suppose its easy for me to say, but indie artists I know make their sales at live gigs, and I don't think that that is going to change, or that piracy has shinola to do with that. The opportunity to sell digital copies on-line to a much broader audience is an additive element - gravy on existing sales.
This has nothing to do with the sleazy civil suit stuff exposed in the deposition from Ray Beckerman's blog, which is a pretty incredible read. Interestingly, in Canada, the Copying Levy is the basis for the presence of digital music in a shared folder *not* being a problem, as I understand it. Michael Geist's blog is loaded with informative material on this matter from a Canadian perspective. For example, here's a summary of *CRIA* survey material that suggests that those who download the most music via P2P also purchase the most CD's:
n t/task,view/id,1168/Itemid,85/nsub,/
http://michaelgeist.ca/component/option,com_conte
All of which suggests that the sort of RIAA thuggery shown in the article's linked deposition shoots the industry in its own feet, and then shoves said feet into their big mouths.
[17] Leary, T., White, C., Wood, P. R., Bhabha, W. D., and Wirth, N. Lambda calculus considered harmful. In Proceedings
Both 9x and NT-based variants keep information about DHCP address assignments in the registry, so that they can attempt to request their previous IP address after a startup. Specifically, in NT-based systems, you can look under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servi ces\Tcpip\Parameters\Interfaces" to see a list of interfaces that Windows has available, and under each one of those, there exists a REG_SZ value, aptly named "DhcpIPAddress", which includes, in plain ASCII text in dotted-quad notation the last DHCP address handed to the box by the DHCP server at the IP specified by the "DhcpServer" REG_SZ value. Older entries could potentially exist under the "ControlSet001" and "ControlSet002" keys, both of which are backups.
While this method is by no means bulletproof, it could potentially disclose the last IP address the computer obtained from a particular DHCP server and that would not only be useful, but perhaps even relevant information.
The "ascii" link isn't encoded as ascii, it's encoded as ISO-8859-1.
ISO-8859-1 != ascii
UTF-8 != ascii
"plain text" != ascii (sometimes)
</rant>
Back in the 1990s at least one big company in Texas changed it's employees from programmers to Software Engineers and gave out business cards.
I don't think they would've done it if there would've been a problem.
The testimony from the expert witness acknowledges the fact that he doesn't know how it works. It give him logs to analyse but he doesn't know how it generates the reports. As far as he knows it could be randomly generating output. He treats MediaSentry as blackbox. Data goes in and comes out, but he doesn't know what goes on inside the blackbox. The major weakness in the RIAA case is that it depends on the MediaSentry software, but what the software does is a secret and has not been vetted through a peer process. In other words, its "Trust us we know what we're doing". The primary accusor here is a piece of software that you can't verify the honesty of.
So, one thing no one has commented on, and I wonder if its true or not. Does Kazaa really put your computer's IP address in its packet payload for other nodes on the network to see? If so, why? If not why hasn't anyone pointed this out as the greatest problem with their case?
Obviously the "expert" witness is completely useless at explaining technology to lay people (sorry attorneys, you're lay people in this context). At least 1 hour was wasted with the expert trying to explain the difference between an internal IP address and an external publicly routable address. Of course, the best way to explain it would be to draw it... but anyway, I searched a bit, couldn't find anything about kazaa but if anyone can enlighten us, that would be great.
"If Jacobson describes what he is capable of knowing about P2P filesharing that's not entirely accurate, what exactly does he suffer?"
Perjury
I thought the MAC address didn't survive the first trip through a router.
Your hair look like poop, Bob! - Wanker.
Objection to form. Lack of foundation.
Wanted: witty unique signature. Must be willing to relocate.
This entire case hinges on screenshots, mystery analysis software "encase", a questionable expert, and an IP address obtained from an ISP. The evidence in this case doesn't even make it to the standard of "hearsay" not to mention the fact that the plaintiff lawyer appears to be highly inexperienced with Turets syndrome and keeps blurting "Objection to form."
I suspect that if one were to dig deeper into the so-called evidence, one would learn that information obtained from Verizon is prone to error, and that the procedures for generating the screenshots from KaZaa are based on assumptions which are prone to error and probably performed by monkeys. I want to read the deposition from the "dude/monkey" who took the screenshots, please post that one next.
If I were the lawyer for the defendant, I would already be filing my motion for dismissal "with prejudice" with the award of reasonable lawyer fees for having brought a case without any evidence.
Are there any standards for evidence? Is a printout obtained via supoena really a standard for evidence? If so, I can prove anything you like and as a bonus, I even have a professional certification.
Snoring voraciously... You mean it took all this for people to realize the RIAA lawsuits are Total Bullshit, Draconian in nature, and if perpetrated by anyone else, would have been stopped a long time ago.
Well let me ask you a question. What do you think of the notion that global warming is caused by natural processes rather than by man? Before you topic-nazis jump all over me, I'm just trying to start a meaningful discussion.
Also, are we really reaching peak oil capacity, or is that simply rhetoric? Again, just trying to start a meaningful discussion.
A few years from now, any artist worth anything will stay away from RIAA and DRM.
Swallow that parasites...
"It is the mark of an educated mind to be able to entertain a thought without accepting it."
There seems to be a common misconception, that I noted in the testimony, that you have to use one of the reserved IP address ranges on the LAN side of a NATed router. In fact, you can use any address at all (I do). The only downside to this practice is if you eventually have to move the NATed host(s) to the WAN side, they need to be re-addressed - and of course, that only applies to hosts with statically assigned IPs.
In other words, by looking at the IP address contained in the payload, there's no way to tell that it was behind a NAT router or not simply because the IP address was not in a reserved range.
Secondarily, since the computer interface IP address is in the packet payload, that is data that is being sent by an application. The application (whatever it was that was communicating with the P2P network) may:
- lie. It could be a hacked version of a P2P standard application,
- allow user configuration of the IP address in the payload (if I remember correctly, some seem to),
- be broken. I assume all versions of all applications that communicate on the indicated P2P network were not vetted for their proper functioning.
Can You Say Linux? I Knew That You Could.
I've seen Kazaa mess up our DSL connection quite a few times. Now, did we use Kazaa? Nope. (we prefered WinMX and irc, but thats beside the point :-D).
When a user gets on Kazaa, the Kazaa network perpetuates that External IP address through their network. Your external_IP is linked to your kazaa_username. Now, when people search and get your kazaa_username, they hit that IP address. All is fine and good... until you are knocked off of DSL or your dhcp timer is up.
Then, you reconnect using a new external_IP. Now, you have many users on Kazaa that know your username goes to either your old IP or your new IP.
The network trashing occurs to the person who inhabits your OLD external_IP. You see a LOT of bandwidth from users and Kazaa network towards your new IP address. We had a 768/384 Kb connection, and 200 Kb was ate up with garbage from Kazaa from the previous IP inhabitor. This number of garbage connections approaches 0Kb, but never meets it.
Perhaps they detected a residual connection like that.
I stopped stealing music when I found out you could just copy it!
Software patents delenda est.
23 MR. BECKERMAN: Let's take a short
24 break.
25 (Recess taken.)
146 pages for a break.. Glad I didn't know you in school..
What always amazes me in these cases is the "evidence" in the case is often logs and screenshots which are legal equivalent to eyewitness testimony. It contains no actual proof as they are quite easily faked, but they tend to be represented as absolute proof to general computer fearing people because they are computer generated and "computers cant be wrong". I always wanted to demonstrate the silliness of such "proof" by a small act of civil disobedience - write a simple program that given some basic parameters generates a ton of "evidence" or anything on any date complete with logs and screenshots.
I mean there is nothing wrong with eyewitness testimony as long as it is represented as such. What bugs me is that the "eyewitness" in this case is directly paid by the plaintiff. I mean would you, as a juror believe any "eyewitness" in ANY type of case if you know the "eyewitness" is being paid thousands of dollars to testify. I mean paying expert witnesses is one thing, but eyewitnesses? That just seems wrong.
-Em
RelevantElephants: A Somatic WebComic...
I'll begin by saying I'm not trying to argue here (it's too late on a Saturday evening for that), just clarify for my own sake:
You say "The NAT will have two IP addresses" - but what precisely is "The NAT". I don't think a NATted packet will have two IP addresses in the header. The one and only IP Address in the header is rewritten by the NATing router with the public IP Address of the NATing router on the outbound journey and the reverse happens on the return journey.
The packet received from a NATing router by an IP Address on the Wide Area Network (say the "web") will contain some information, in the header I believe, about which host inside the Local Area Network originated the packet, but not enough to actually identify the IP Address. This information is returned and used by the NATing router via an Address Translation Table to be able to forward the returned packet on to the originating host.
It should be possible therefore by analysing packets from a computer, to determine if it is or is not providing NAT for a Local Area Network, shouldn't it?
If this is possible, it doesn't seem to have been done in this case, as the reliance seems to be on recording the IP Address only, which isn't necessarily the "end of the line".
Once I was a four stone apology. Now I am two separate gorillas.
A scientist, an engineer and a programmer are on a road trip. Their car goes out of control on a steep hill and they barely make it to the bottom alive.
The scientist tries to calculate the distance to the nearest repair shop, the engineer suggests checking the wiring and brake pads, and the programmer suggests driving to the top and seeing if it happens again.
My point? Programmers and engineers are different. The best way to solve their problems is different. I trust this CTO more because he doesn't have engineering certification. In the same way a person with a music degree is less specialized as a programmer.
-- http://thegirlorthecar.com funny dating game for guys
Interesting. The lawyer above you disagrees. Well you both can't be right.
Q. Is it song filtering software?
A. Define what you mean by filtering.
Q. What is filtering? Withdrawn.
Is it your testimony here under oath you do not know what the word "filtering" means?
A. The term has many different uses. I'm trying to -- How can you even think of saying such a stupid comment when you are an "expert" witness?
If i had one dollar for every brain you dont have, i would have $1.
It seems obvious to me he's a friend of the RIAA. He runs an anti-P2P company according to this link http://p2pnet.net/story/10845/ and had some kind of DRM scheme or something...
Just because you get modded "insightful" on Slashdot doesn't mean you actually are in real life.
Comment removed based on user account deletion
I did, and found this page. Very interesting in a scary sort of way.
Once I was a four stone apology. Now I am two separate gorillas.
Perhaps you should go back to stealing. It'll cost you less (jail) time and money if you get caught shoplifting a physical CD than if you are accused of making an unauthorized copy of it.
Schrödinger's cat is not amused—maybe.
PWNED!
Q. Based upon your examination of the hard drive which you examined, what evidence did you find that inculpated Marie Lindor personally?
A. Would you please define the second-to-last word.
Q. "Her"?
A. No, "inculpated." Would you please define that for me.
Q. Do you not know what the word "inculpated" means?
A. That's correct.
Q. Are you familiar with the word "exculpate"?
A. No.
Q. What is your educational background?
A. Computer engineering.
Q. Well, which school did you attend? Did you get a Bachelor's degree?
A. Yes.
Q. What school?
A. Iowa State University, science and technology.
Q. When did you graduate?
A. With which degree?
Q. When did you get your Bachelor's degree?
A. 1980.
Q. Do you have any other degrees?
A. I hold a Master of Science in electrical engineering.
Q. When did you get that?
A. 1982.
Q. Any other degrees?
A. A Doctor of Philosophy, Ph.D., in computer engineering.
Q. When was that?
A. 1985.
Q. And you are associate professor at Iowa State University?
A. That is correct.
Q. And you do not know what the word "exculpate" means?
A. That's correct.
Just add {In Space!} to anything.
You can configure kazaa to present its IP as the public IP (or any other IP for that matter) which makes the whole "The IPs matched" argument rubbish.
I don't think the 'expert' really understands quite all that much about networks.
kazaa could be set to use an external IP.
even so, wouldn't the kazaa packet be NAT'd to the external IP?
didn't he forget about multi-homed IP addresses?
and router MAC masquerading?
what about DHCP timeouts?
and DHCP Lease Locks?
what about IP address Spoofing?
Their case is built upon logs from a well-poisoning company and the 'expert' Dr. Lookie-Loo.
wonder why he's never been before a judge?
you can't conveniently leave out pertinent details in a forensic investigation.
the very nature of a forensic investigation is to cover all angles and get the whole story through ALL the evidence that exists.
Dr. Lookie-Loo never performed a forensic investigation into possible security flaws and/or possible compromises of the hard drive?
That's grounds for dismissal of the case in my book.
They're using their grammar skills there.
A. I do not know the inner works of MediaSentry processes and procedures. As well as this exchange: Q. Do you know what procedures Verizon employed to link Ms. Lindor's name and address to the alleged IP address?
A. No. Now, IANAL but it seems like he's kind of fallen down on the job of being an expert witness.
..I'd sleep pretty well tonight, after reading this. It's apparent that this guy is a shill for the RIAA (wonder what size kickback he's getting?) who hasn't got the ability to b*llsh*t effectively.
The RIAA is making Eugene McCarthy look like an amateur..."I have here a list of 200 P2P users..."
Nitewing '98
Everything works...in theory.
Well, I can feel for the defending lawyer, but the NAT discussion didn't quite succeed IMHO. The expert claims that the fact that the Kazaa packet had the public IP address means that the computer wasn't behind NAT. But the lawyer counters with a paper describing how Kazaa (since version 2.0) uses a technique to determine it's public IP address in order to get around certain NAT problems.
This should have been the killer point. I completely trashes the expert's claim of expertness on the protocol. However, the wording was just too confusing for most people to really understand. I'm not a lawyer so I'm not quite sure what could have been done better, but if possible I certainly wouldn't leave it like this.
In fact, I'd be surprised if Kazaa would operate at all behind NAT if it couldn't determine it's public IP address (although I admit that I don't know why the IP address is there if not to tell other nodes how to route replies). A good question would have been "Have you ever seen anything other than a public IP address
in a Kazaa packet?"
If there is another opportunity it would be a good idea to nail this point home. Really, if the expert can't understand how a p2p program defeats NAT by discovering it's public IP address, then he isn't much of an expert. And if you show that having the public IP in the Kazaa packet does *not* mean it was installed on the computer containing the NIC assigned the address, then really they have no information at all...
None of those questions have to do with the RIAA and the questions this expert was asked. Mine did. Next.
"Sufferin' succotash."
The lawyer Objected to 'form' (the way the question was asked) 147 times by my count. There were areas where he did it several times per question and others where he objected to things that seemed straightforeward. A browse on the net shows that this is considered a 'rambo lawyer' tactic and is frowned upon. It is often used as a distraction tactic (try keeping your train of thought when he keeps that up) and to allow discreditation at a later date. I would like to submit as evidence this networking textbook.
Page 103:
Hahahahahaha!!!
All data is speech. All speech is Free.
Embarassingly far down in the document, there's a funny "hear-o"
A. A search on KaZaA can "prop you will gate" from one supernode to another.
I'm guessing he said "propogate"..
Yes, I've even had an idea about how to accomplish this without the usual unpleasant side-effects.
FATMOUSE + YOU = FATMOUSE
All these people seem to have RTFA before posting comments. What's more confusing is that the comments seem moderately well informed and helpful. Who are you people? Where am I? Am I still me? Who's eating this chicken?!
Don't you find it odd that you've never taken any courses in Latin, given the two stated fields of study?
Perjury involves lying or misrepresentation. Jacobsen could simply be incompetent and have a poor understanding of the topic, even though he's trying to the best of his abilities. An incompetent engineer would be punished, no matter how well-meaning he is.
I hope his department chair at ISU reads the deposition.
but my distinct opinion is Ray Beckerman is a dick.
I am the maverick of Slashdot
This wittness is purported to be an expert wittness in technical matters RELATING TO TRIAL - he is a college proffessor, and supposedly a CTO of a company that purports to find and expunge criminal activity. This is not an unsophisticated wittness. What Mr. Beckerman does here fairly well is push the wittness right from the start into territory where it becomes clear to the reader that the plaintiff's lawyer has briefed him to avoid acknowledging links between RIAA and his own company - then pushes him over into one untennable position after another.
The theme of this deposition is that the wittness is a rubber stamp for the plaintiff's theory, and quite possibly a liar or incompetent to serve as an expert wittness. An expert whose role is to analyz evidence who has never heard the term exculpate, as in "to clear from guilt" is a rather odd image.
Exculpate is NOT a term of art. It is plain english. Read a damn dictionairy.
-GiH
The RIAA isn't an artist organization. Next.
Bleedingly simple. They need to provide a more compelling product than what people can get via P2P.
If J.K.R wrote Windows: Puteulanus fenestra mortalis!
I think I know exculpate and could infer inculpate. However you are quite right that you have to be exact before answering the lawyer.
See my journal, I write things there
Found this gem about Steve Gibson at wirelessforums.org:
While he may be right about this issue, you should be sure to check out GRC Sucks before giving him too much credit.
Another point: this "expert" has no real academic publication record to speak of. Both DBLP and ACM list a single article, published on Communications of the ACM 17 years ago. CACM is a magazine for a general technical audience, rather than a journal on a specific topic (i.e., it doesn't go a long way in proving that the "expert" is actually acknowledged by peers). Google Scholar gives some more references, mostly conferences on Computer Education (hardly a relevant topic).
For an associate professor, this is a pretty meager record.
While this per se doesn't mean he can't be an expert in computer forensic, his academic credentials don't support the claim, either.
The bulk of the testimony seams to indicate that Mrs. Lindor had a Cable Modem. However, Dr. Jacobson testified he wasn't certain if she had a cable modem or a DSL modem. If you look at the tracert log you see the line:
This would lead me to believe that this is likely a DSL address. It is a pretty major detail could really weaken the RIAA case. The exhibit is at: http://www.ilrweb.com/viewILRPDF.asp?filename=umg_ lindor_070223JacobsonEx13
You can run a tracert and find out if you are connected via that router by typing something like this at the Windows XP command line:
or
It would be really interesting to know if any New York customers connecting through a3-0-0-1728.dsl-rtr10.ny325.verizon-gni.net are running DSL or Cable Modems. It might really help the case.
Heck I did not know either: excupate
So what do you think about the etymology and use of the word "inculpate?" Clearly it's latin, but is the common man familiar with this word? What about a university professor? And for that matter, take the word Familiar. It of course means something frequently encountered or known, but isn't it interesting that it shares the same root as the much more specific "Family."
How about words in general? What can we do to broaden our vocabularies? Just trying to start a meaningful discussion.
The hatred for the RIAA here is well-established. Out of genuine curiosity, what do Slashdotters think artists and others who work in the music industry should do to protect themselves from piracy?
First off let us be clear...it is not the artists who are hurt by filesharing....it is the music publishers. The 99% of artists who have not been signed to a profitable music industry contract stand to lose nothing by the free sharing of their music.
Time is what keeps everything from happening all at once.
"Their confidence in their investigative methods is, to say the least, unfounded, as the "expert" upon whom they will call to testify that there was a copyright infringement, admits that (a) he has no clue as to what natural person may have engaged in any uploads or downloads, (b) he has no clue as to what methods the investigators used to get the materials upon which he bases his opinions, (c) he has no clue as to whether the investigator's methods have ever been reviewed or tested by anyone, (d) his own methods are entirely self taught and have never been reviewed or tested by anyone, and (e) there are no standards or controls. (Exhibit F-Excerpts from deposition of Dr. Doug Jacobson, February 23, 2007)."
I've had some limited experience with them and I have to say that they generally fail to explain anything, and what they do explain they explain in an efficient way. Because the nature of the proceeding is that they are getting information from this one guy, and most people involved don't really understand the issues involved, there generally are a lot of concepts to explain. However you cannot let the person being deposed, or an independent expert, come and give a briefing on say, the OSI model or how packet transmission and routing is done. As a result the attorney asks a question the expert they hired came up with, but doesn't really understand what the question itself means. Them the person being deposed has to explain the question, and then answer it. Since from the enquirer's perspective this is all part of the answer they can easily get bogged down questioning the facts and not the testimony. Or just fail to perceive the difference between them. From an attorney's persective the problem with experts is that only experts actually understand them. As a result, a bunch of enquiries that most of us could have made conversationally in the course of about 20 minutes were filtered through a bunch of interrogatory lawyer talk and confusion and revealed much less in more time. Overall I think the expert held his own pretty well, since he was only really being deposed on the individual reports, and each one seemed internally consistent as far as I could see.
Seriously, I had never heard of that word either. It was kind of lame that the lawyer spent so much time drilling him on it.
He's a professional expert witness. Expert witnesses, among other things, are generally expected to have at least some knowledge of legal terminology.
Comment removed based on user account deletion
u shd watch the fox reality quiz show, r u smarter then a 5 th grader. one constestatn, ID as an amer hist grad from usc, did not know the 1st american prez to be impeached.
/. coulnt see the forest if the trees were all cut down and turned into paper billboards of forests...
and u r proud of your status.
unbeleivable.
and , u will probably object to my spelling errors, typical
There seems to be a lot of mis conceptions on /. about how the legal system works. read "A civil action" and pay particular attention to the evil smart harvard lawyer (I forget his name, starts with an F i think)
This guy is clearly a rent a genius, and one of the tricks he uses to completely foils the opposition is the psychological effect of objections...
also pay attention to the two experts in the case; both are international renowned academics and total jerks.
remember OJ and the glove ?
the point is, that in these legal cases where 10s of millions of dollars are at stake, it is the norm, not the exception to have totally incompetent witnesses, and totally lazy defense lawyers; after all, if the RIAA is paying you 500 buck s an hour plus exspenses, u gonna work hard or cruise ? It may sound surprising, but in a lot of cases large companies get taken to the cleaners by their law firms
This right here is exactly how to attack his testimony.
:]
From this, you have that this testimony is not based on any sort of science, no one has any clue how reliable it is, and it (should) be totally inadmissible in court.
And if he tries to say "well, but how could we connect to someone who wasn't sharing a file?" or something like that, I'd go down the route of just how you identify who is behind any given IP.
I mean, if you traced the IP I'm on right now, I guarantee that you'd find someone else entirely
If you do not already know, Verizon is a phone company. As such, it does not offer a cable internet service. This would conclude that she was using DSL. There address information collaborates that.
6 Q. What type of internet service was
7 used by the computer that MediaSentry was
8 interacting with?
9 A. There wasn't enough information from
10 Verizon to indicate whether it was a cable modem or
11 a DSL.
12 Q. So you don't know?
13 A. No.
The fact that he does not even know something as simple as whether a major company such as Verizon does not even offer a cable internet service and therefore does not use cable modems, pretty much discredits him.
Interesting thought. Thanks.
Ray Beckerman +5 Insightful
I'd say that's the wrong question. The real question is "do you have any information suggesting that it IS correct?"
A reasonable expert!? I doubt that I qualify as an expert, even if I probably know as much about the technology as he does, but there's no way I'd rely on some letter that gave no more information than "that IP belonged to that subscriber at that time"
In other words, while I don't think I'm an expert, there's no way in hell I could rely on information like this.
That said, I really don't understand this line of questioning:
Private IPs like that wouldn't show up in anyone's logs, unless the logs were taken from the same LAN. Instead, whatever router you were connected through would likely have a public IP. So the setup would be something like:
[ PC | Internal 192.168.1.100 ] [ Router | Internal 192.168.1.1 | External 1.2.3.4 ] [ Internet ]
As you can see, the PC has a hidden internal IP, while the router has two IPs. Anyone on the internet will see all connections originating on the PC as coming from the router. A more interesting thing is that ALL connections through said router will come from that same external IP (1.2.3.4 in my example). This is especially true if you have an open wireless connection--to the outside, ALL the people connected through the router look the same.
If you need more information on such addresses, here's a good article on Wikipedia with the basics, and RFC 1918 if you need the technical details. There are also Zeroconf addresses, too (see RFC 3330 and RFC 3927), but those don't appear to be at issue here.
"We need to let the tech community do its work."*
Except for the fact that the "tech community" isn't an "expert witness" in this case. Until such a time that the "tech community" is willing to undergo the same standards that they accuse Jacobsen of not following, their opinion is just that. IANA...and all that.
*You're aware this is the same "tech community" that practices "IANAL, but", don't you?
This is flat-out wrong. Yes, you CAN find the OUI that might well give you enough information to find out who made the hardware. The problem is that you can change the whole damn MAC address. Conveniently, Wikipedia even has instructions on how to change your MAC on many OSes, although there's an illustrated guide on changing your MAC, elsewhere.
This guy may know a bit of programming, but this kind of stuff makes it pretty clear to me that he has no idea how people can and do manipulate information. It's pretty clear to me that he's done little more than investigate only those things which might support their case and has completely ignored anything which might cast doubt upon it.
"That said, there is still plenty of reason to believe an IP address in a Kazaa packet could have been forged."
There's one thing that doesn't seem to be mentioned in this discussion. Kazaa uses it's own version of the FastTrack protocol. A semi-proprietary one at that. Some of it has been reversed-engineered, but not all.
Is this the new word for "lie"?
Why is he not already IN JAIL for PERJURY?
Don't thank God, thank a doctor!
Someone could also pull the dialup info out of someone's trash and use it for free internet. This is common. It can also be guessed. A computer with a modem can be configured to dial up the server and try permutations repeatedly until it gets a correct username and password.
Any other kind of connection can be wireless, using the "DMZ" configuration option of the wireless router to specify which computer gets the world visible ip address. It is often possible using the default account and password of the wireless router to configure this remotely. The other hosts connected to the router would get NAT translated addresses, but the DMZ host would use the real IP address. A person who is using your wireless access point to share files might do this to improve the network performance. A novice would not even begin to know whether any of these things had been done to their account, and I saw no information that the expert looked for any of them.
If I trade cable modems with my neighbor (or they were switched accidentally) I believe we would each also be logged as the other. The cable company cannot and does not identify which signal comes down the wire to my house. They use serial numbers embedded in the products to identify which user can access the service and when to disconnect it.
In short, an ip address signifies nothing, even which device on the network is talking. It does not mean what this "expert" seems to think it means. The logs of the service provider, even if they were as accurate as physically possible, do not rise to the level certainty required of evidence.
If this is all the RIAA has to go on, it's time to go for their assets.
Help stamp out iliturcy.
I'm not an English major either. I have a BS in mathematics, in fact. But even I know what inculpated and exculpated mean.
That said, it probably would've been faster to explain it to him. But it's not like he was playing the game that TV crew did for Leno or someone when they went around asking people what they thought about when they masticated (mastication == chewing, BTW).
Thanks.
-Em
RelevantElephants: A Somatic WebComic...
So, you're done with your first year of law school. You must have seen the word 'witness' a million times by now, but you repeatedly spell it "wittness". That's not to mention your attempts on professor, untenable, analyse, and (most amusingly of all) dictionary.
Exculpate is an uncommon word outside of law, get used to it and get off your damn high horse (or at least learn to spell while you mock others for their vocabulary).
I have used Encase 5, and I am astounded that no reports were generated.
It's absurdly easy to set the thing to record everything that you look at
and generate that as a report, even if you are too lazy to click on any
specific files and have them included. That's the whole idea of the software,
to make it so that any schlub can generate a report that can be submitted
as evidence. "Mounted drive image, MD5 hash blah, examined registry,
searched for 'kaz', searched for '141.155...' etc.
It's very strange that Jacobsen didn't do it. It would be harder to find
a more inept Encase user.
12 Q. Do you have any idea why the case
13 hasn't been dropped by now?
14 MR. GABRIEL: Objection to form.
15 Lack of foundation.
16 A. I don't get involved with -- so no.
If we take for granted that the evidence offered by expert testimony is not persuasive to most who understand the technology at stake, I can only imagine the RIAA thinks judge and jury will find it persuasive that the kazaa username on the mediasentry screenshot is "jrlindor." Does anyone else worry that the RIAA can win without providing technical evidence of infringement, but still achieving preponderance of the evidence?
the weakest point in any action against a file-sharer that's based upon an ip address capture is the fact that an ip number - leaving aside for the moment whether or not the isp got it right initially - in no way shape or form indicates if the defendant was operating the computer at such time as the ip capture was made. it's somewhat analogous to the robo-cop radar detector slash cameras communities increasingly use to prosecute alleged traffic violators, in that they provide a picture of a car and a license plate number but precious little else of importance - i.e. who's actually behind the wheel. using the hacker analogy for instance one could mock up a phony plate, put it on a rental vehicle similar say to a car the govenor's wife drives and blast through a red-light at three am just to cause mischief - and if she happened to have actually been near that area at that moment the mischief might be considerable - especially if the outline of an "interesting passenger" was resolved by the traffic cam. automatic traffic cops leave a lot to be desired in other words, and so do programs that purport to show by proxy who's doing what and when with a computer. i wouldn't predict the leanings of judges (who seem to either accept too much at face value or too little) or the sentiments of juries, but it would seem to me that the vein you mined with dr. jacobsen as seen in pages 22 forward, "have you formed an opinion as to whether marie lindor personally uploaded any copyrighted files to anyone," and to which the dr. clearly and continuously waffled, is an area of massive vulnerability for the riaa and a point upon which you should continue applying pressure. this to me is the issue that may resonate the most among people with common sense. - js.
Yeah, so no private IP address was found in the KAZA packet, that is because the user knew he was behind a NAT gateway and knew to configure the the KAZA program to say its IP was the public IP. Anybody who uses or knows about P2P knows this is very important to do when behind NAT.
Thus, making the argument that it was NOT on a wireless router or NOT on from a 'private ip' is total false. Showing that it could have been ANYBODY using KAZA from that internet connection. Without having actual packets sniffed on the internal wired network, or wireless network the KAZA upload could have been from a friend with a laptop on the wireless network, or connected directly to the wired network. It could have been a creepy guy sitting out in his car next to the house downloading / uploading music and other things. It could have even been the RIAA its self using the wireless connection to upload / download its own files using her network. But nobody can prove this with the information that was gathered.
I feel bad that this expert chose to do such a sloppy job in investigating this issue as that a guy who just made the grade to get his high school diploma could point out in seconds.
-Zeek Lancer
...I really don't intend this to be a flame, but I have got to tell you, if you're going to be a pretentious bastard about the meaning of a word, you have got to at least spell dictionary right. Yes, my spelling sucks. And now you know why Mr. Beckerman beat the witness up for failing to know the meaning of a common term. Taken on its own, it's petty.. lumped in with a series of more substantive attacks, it's just one more grain of sand on the scale. Yes, he's splitting hairs. That's what lawyers do. If one of your Profs puts 12 issues into a final exam, and you discuss 10 of them masterfully while dismissing the other two as (in your opinion) "petty".. does that help or hinder your pursuit of A's?If Mr. Beckerman were to draw this out at length in court, the judge would probably side with you.. but there is NO reason not to explore everything the witness says carefully and thoroughly during a deposition.
By the way, what IS the meaning of "is"?
-GiH
4 with fake content?
6 A. I don't have any firsthand experience
7 with that. Either he is not an expert on Kazaa or this is deliberate lie.
Given the proportion of deliberately mis-labelled (fake) files on kazaa the probability that an expert or even a casual user might never encounter any is virtually zero.
I see a couple of potentially significant details that got left out here, or that, after reading the deposition, I missed in other people's comments. (Disclaimer: I have no certifications, nor am I a lawyer, so there is no more validity to my comments than those of the RIAA's expert)
1. There seemed to be an assumption that the only type of wireless access point in use must be a router or NAT device. There is no basis for that assumption. A wireless access point need not act as a router or as a NAT device. It could merely change wireline Ethernet to 802.11 physical layers. In that way, an "unauthorized" wireless connection could get the DHCP address provided directly by the ISP, and connect with that IP.
2. I'm not sure how far down the distinction I would go with the cable modem vs. DSL argument. In some cases, connection via DSL requires PPP tunneling software install/configuration on the actual computer. That argument could actually more closely tie the defendant's computer to the records captured. That can be circumvented by configuring the PPP tunnel on a router/firewall/NAT device, allowing the computer to be left unmolested. However, on general principles, Verizon also offers a cellular modem option for connecting to the Internet. That's at least 3 "broadband" methods of connecting.
3. I really appreciated the thrust of the the questions that looked to establish if there was any evidence that directly tied the actions of the defendant as an individual person, to the actual act of file sharing from that IP address. Can those questions be repeated for "yes or no" answers in court? Could the RIAA shift their argument to suggest that the defendant, as "owner" of that Internet connection is responsible for the use of that connection? I believe that holds for companies and corporations does it also for individuals?
4. My goodness, the "clarification" questions from the expert's lawyer (RIAA/Plaintiff's lawyer?) were entertaining. There are industry recognized certifications for computer security and forensics personnel. GIAC comes to mind. Perhaps they have some documented standards of forensics that might be appropriate for refuting this "expert's" claims that his methods were reasonable and would be accepted by other professionals in the industry. Just from talking to the IT Security department within my own company I get the impression they'd document their investigation of a single virus on one computer more carefully than this guy did with a legal case.
All of that said, I'd like to pass on a big THANK YOU to NewYorkCountyLawyer and the other lawyers involved for the defendant for actually fighting this one. I have this dream that the defendant winning a lawsuit like this will open the floodgates and pave the way for not only ending this tactic, but to provide the fodder for a slew of suits against the RIAA that eventually bankrupts the cartel and serves notice to the MPAA, etc. that this kind of crap just won't fly, and DRM will suddenly go away, and the heavens will open, and...OK, but a guy can dream, can't he?
----- Connection reset by beer
Darn, you stole my point. But to add to that for those that want to see this in action (hey, the RIAA likes screenshots, right):
See Here, or here, or just here
You've got one card allowing you to set or clone (copy from the connecting machine) a MAC address, another allow to type in the MAC segments, and then a bunch of google results in general for the interfaces to this.
And this is just for routers, mind. It's also quite easy to spoof MAC using windows, easy on linux/BSD using ifconfig, or see here for info on all the common OS's.
So what can you do with this?
Well with a router it makes it easy (as mentioned in the parent) to configure so that the ISP thinks a given PC is connected... thus skipping the issues when you have either the computer or the router plugged directly to the DSL/cable modem.
With a PC you can test various DHCP settings, pretend to be somebody else and nab their IP (the dhcp serving machine will generally assume you are whomever your MAC states you are), get onto MAC-secured wireless, and many other things. There are plenty of legit uses, but certainly many other cases where one an online "identity" could be easily misrepresented.
Well, a NAT is a physical device. When functioning as such it will have two IP addresses -- one on the local network and one on the outside one. Contrary to your beliefs, TCP/IP packets only have one "source address" and one "destination address" fields. As an outgoing packet transits the NAT, the device overwrites the source address with its own (global internet-) address. When an incoming packet arrives, the NAT replaces the destination address (which is the NAT's global Internet address) with the correct local address and forwards the packet to the local network. In particular just by looking at the TCP/IP headers of a packet on the internet there's no way to tell if it was modified by a NAT or not.
What you need to understand is that the NAT does not use any addressing information in the packet header to tell which local computer the packet should go to. Rather, all this decision-making is internal to the NAT. The device keeps track of the connections the local computers have to the outside world (via port number etc). Depending on the port and the connection the packet belongs to it knows which local computer it is representing for the purposes of this particular packet.
I have two issues with this bit. The first is small, it seems that the real question used "her" instead of "Marie Lindor" which was edited in afterwards, that is forgivable as a transcription issue. The second is more important. He says "second-to-last" but the word being discussed is not "her", it is the preceding word "inculpated". This tells me either there is a serious transcription error here, or both Q and A are using/taking "second-to-last" to mean the word third from the end of the question, which is almost certainly wrong.
"I have a B.A. in Philosophy...poking fun at someone who doesn't understand a word that has no practical value in everday speech... seems pretty unfair."
You're one of those postmodern relativists aren't you?
Agreed. There's some valid points being made, but there is also a lot of "writing the conclusion first, then looking for the evidence to back it up" happening as well. That's just one of the many reasons I don't use slashdot for advice; technical, legal, medical, economic, or otherwise.
Not only does the comments about MAC addresses leave something to be desired, but he uses "Save the children" campaign to fund his lab?
8 Q. Apart from your work on the RIAA
9 cases, have you engaged in any research on methods
10 of determining whether specific individual computer
11 users engaged in copyright infringement through the
12 use of P2P file sharing?
13 A. Yes.
14 Q. And what kind of research was that?
15 A. Obviously there was some research
16 done through Palisade as part of its product rollout
17 dealing with how to identify the individuals within
18 an organization. One of my grad students also
19 worked on the project to identify users of
20 peer-to-peer software, although that was focused
21 more on child pornography than it was copyright
22 material.
...but I have to call bullshit.
Beckerman wants to paint Jacobson as an RIAA whore but Jacobson flat out stated that the computer whose hard drive he examined was not used to share MP3s, which blows a huge hole in the RIAA's case. He didn't have to say that. He could have said he didn't find any evidence, but it's possible that *yada yada yada*, and no doubt the RIAA pushed him to say just that. I can see why he doesn't get much work as an expert witness. When I pay good money for a whore I expect her to suck and swallow.
Jacobson made a good argument that NAT wasn't used which Beckerman failed to rebut and then Beckerman continued to talk about NAT as a red herring. Some here claim to have rebutted Jacobson's argument but it's really beside the point. If Lindor had a wide open wireless router she can take the stand and say that. If she won't then any NAT-related arguments are just an attempt to baffle the judge/jury with bullshit.
As for the clock skew claim, Lindor's lawyers could subpeona Verizon for information about when the IP address was assigned and for how long. If they haven't done so it's because they already know the answer and it won't help their client.
Belittling Jacobson for not knowing what "inculpate" means was childish. My SATs were over 1400 under the old system and I attended an ivy league school, but I have never seen or heard the word "inculpate" before today. I was able to guess what it meant from the similarity to "exculpate" (before Beckerman mentioned it), but you can be damn sure that if had to answer a question under oath that contained a word I never heard before I would ask what it meant and not rely on guesswork.
Here's what I think: Lindor is innocent but she allowed the guilty party to use her internet connection and is covering for him/her. The RIAA is leaning on her to get her to cough up a name.
AT&T is a phone company, but they did offer a cable internet service before 2003 when Comcast bought it. You didn't know that? Well then I guess you just discredited yourself.
Something you might want to look into: the expert claimed that the hard drive he examined was NOT the one involved in the infringing. How can he tell? The entire hard drive could've been overwritten many times either through ordinary use or by an intentional effort to remove previously recorded and deleted data. There are consumer software products designed to securely erase data, along the lines of Norton Wipe, but better, as I think Wipe (at least, old versions of Wipe) merely overwrite with 0's. A user might use such software as part of an effort to remove malware in hopes of avoiding having to reinstall Windows. (Wiping the free space probably won't solve a problem with an infection, but users have been known to try many a thing in hope that it will.) A user might have reason to do so because of P2P-- might've received a virus through P2P and accidentally ran it. Didn't the expert say that hard drive had a fresh install of Windows? Seems he could've been examining the correct hard drive, but thanks to significant alterations of the contents, it wasn't possible to tell for sure. However, sounds like this expert didn't even try! He made no mention of having used anything more than a hex dump of the current contents.
Typically, data is never actually erased. Instead, data is left intact until overwritten (if ever) with fresh data. Suppose some file "F" is deleted. All that really happens is that the parts of the disk containing the file system's information about F are updated to indicate that the part of the disk where F resided is now free. The contents of F are not actually erased. The part of the disk where F was may eventually be overwritten at some future time with some other file's data, but that's a matter of chance. This expert's method of dumping the contents is hardly better than the old MSDOS undelete command! He would find F if it hadn't been overwritten but not otherwise. Anyone who remembers using undelete will know that if you undelete right away before you do any act that writes something to the disk, you'll get your file back. But the more writing activity that happens before attempting an undelete, the greater the odds the spot where a deleted file was will be overwritten, making undelete impossible. I've heard there are ways to read data that has been overwritten, and that if you want to really securely erase data, you should overwrite it at least 10 times, and overwrite with different random garbage each time, not all 0's. But it doesn't sound as if this expert employed any forensic technique to read overwritten data. All he did was examine the current contents. The only deleted data he will see with such an examination is only that which escaped being overwritten. If so, then he could not tell for sure whether free space on that drive had been cleaned up with Norton Wipe. This expert couldn't even say whether Windows had been installed more than once on that hard drive!
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
AT&T is not just a phone company, it has offered a variety of services for years including satellite. Before that, cable tv and internet services allowed by acquisitions of other companies.
Probably an A.
Do you think he does a better job for his regular employers than he does for the RIAA for a MUCH higher hourly rate?
Tech Public Policy stuff
"Ethics in information assurance" is one of the topics covered in CprE 532 - Information Warfare class. I'd love to see the lecture notes and reference list for that!
I attend Iowa State, and it's embarassing to see the school's name associated with the RIAA.
Could anyone clarify what the incessant "objection[s] to form" are, and what the purpose is in raising them so often? Is it a very literal objection to the structural form of the question, or something more arcane?
--- "No matter who or what, a box of flowers is better than a smack in the belly with a wet fish." --RAH
The fact that MediaSentry performed the traceroute over a year and a half later should be noted. The RIAA alleges that infringement occurred on Aug 7, 04, but the traceroute is dated Mar 13, 2006. Given that ISP's assign IP's dynamically, there would be very little to no chance that Ms Lindor would still be assigned this IP. IT infrastructure and equipment also changes, given that almost 2 years have passed in the interim.
It looks like a significant problem exists here. Specifically, I just looked up the DHCP addresses from the computer present on a handwritten note (Exhibit 17) http://www.ilrweb.com/viewILRPDF.asp?filename=umg_ lindor_070223JacobsonEx17. Those DHCP servers are from CableVision. I am assuming that CableVision is a New York cable company???
It looks like Mrs. Lindor's computer was configured for cable modem access. Accusing her of downloading files over Verizon DSL with a cable modem is a bit of a stretch ...
... I would often be assigned the same IP address multiple times, sometimes consistently for several days running. (I kept logs, and sometimes I'd check.) Might have been because I was in an area that had relatively few users. Also, I generally used a leased POP (not one owned by my ISP), so my IP address would come from the backbone's pool, not the ISP's own pool. AOL, Earthlink, Juno, NetZero, and a bunch of smaller ISPs all used these same leased POPs, and relied on the user's login prefix to tell which ISP the user belonged to. (Frex, an Earthlink user would log in as "ELN/username", not just "username".)
Dunno if that's useful info to you (and it's everything I know about it) but there ya go anyway.
~REZ~ #43301. Who'd fake being me anyway?
Incompleteness (programming)
Every physical engineering discipline uses mathematics to prove the correctness of a design. The "rules" of engineering is Physics. The verification tool is Mathematics.
Computing is functionally set theory, which is mathematics.
Paraphrasing Godel, you can't prove the rules using themselves.
Therefore, Computing cannot be verified with mathematics, and is fundamentally different from engineering.
Chaos (systems)
If a brick in a bridge is damaged, the structural integrity of the bridge is degraded.
If a bit in a computer's memory is damaged, the data integrity of the computer is degraded.
A typical computer has 8 billion bits (1GB x 8). Find me a bridge with 8 billion bricks.
Uncertainty (systems)
Examining a bridge is an out-of-band process. Bridge don't change when you examine them.
Examining a computer system is [usually] an in-band process. Computer systems [memory] change up to a billion times per second (1GHz)
Complexity (programming, systems)
How many paths through a complicated solid state circuit (treating ICs as black boxes)?
How many paths through a computer program (read: the Halting Problem)
Data (programming, systems)
Engineering is defined in terms of limits and tolerance, which are known in advance.
Computing is defined in terms of data, which is not known in advance.
Probability (programming)
Engineered process and devices fail in known, predictable ways.
Computing processes and devices fail in unpredictable ways.
Conclusion: while the above comments are simplistic in the extreme, you can't even _begin_ to compare computing with engineering.
p.s.
Despite the above, I think the engineering mindset and approach is superior by far than anything which currently exists in the computer world, but it is at best a model; be aware of its limitations.
In my opinion, the closest discipline to computing is medicine. Sometimes, despite all the procedures, tools and knowledge, things just don't work as expected.
...quicker, easier, more seductive the darkside is...but more powerful, it is not.
He is an expert in his non-legal field and an expert witness in this single case. He is not a professional expert witness generally. He testified that he has never even been deposed before much less testified in a trial. His education, qualifications, and experience (or lack thereof) in his field would in no way make him knowledgeable regarding legal matters. In terms of legal knowledge he is a layman and inculpate is simply a word that is almost never used outside of legal proceedings, nor is it something taught in any non-legal curriculum.
When the concept is discussed amoungst laymen it seems the word, incriminate, is invariably used in place of inculpate, regardless of the context (ex: criminal versus civil, specific versus general, etc..)
In short, Mr. Beckerman made his point but it was a low blow.
yeah, IANAL and all that jazz, don't believe me, look it up for yourself.
As I recall from watching too much courtTV, a court reporter types up the transcript using a specialized device that loosely resembles a typewriter. It's been a while since I've looked for modern versions, so please let the forums hordes correct me if I'm wrong, but I remember a 'keyboard' layout that was based on phonics, NOT individual letters as most computer users are used to. One of the transcript 'errors' that someone pointed out above was a phonetic spelling of the intended word, the court transcriber was likely in a hurry and didn't know that particular word.
Try this at home, kiddies: have a friend read an excerpt from your favorite book, and try to type what your friend is reading into your computer. Now to make it like a courtroom, you must have a rule that you cannot let your friend pause or slow down while he is reading so that you can catch up with your typing. The fact that you can't keep up with your friend is why court transcribers use a phonics based entry system.
Oh, yeah, for 'on-topic'.. I think NewYorkLawyer just swiss-cheesed some 90% of all RIAA suits. All the RIAA can prove with their 'evidence' is that some IP address was associated with a P2P network data-packet.
They have consistantly failed to prove that a specific individual delibrately and with malicious intent did violate copywrite laws by 'making available' copywrite infringing work.